Moodle 4.2 XRef and Diffs

Search moodle.org's
Developer Documentation

Bug fixes for general core bugs in 4.2.x will end 22 April 2024 (12 months).
Bug fixes for security issues in 4.2.x will end 7 October 2024 (18 months).
PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.1.x is supported too.

Moodle 4.2 Database Schema (by Marcus Green)

/lib/ltiprovider/src/OAuth/ -> OAuthSignatureMethod.php (source)

   1  <?php
   2  
   3  namespace IMSGlobal\LTI\OAuth;
   4  
   5  /**
   6   * Class to represent an %OAuth Signature Method
   7   *
   8   * @copyright  Andy Smith
   9   * @version 2008-08-04
  10   * @license https://opensource.org/licenses/MIT The MIT License
  11   */
  12  /**
  13   * A class for implementing a Signature Method
  14   * See section 9 ("Signing Requests") in the spec
  15   */
  16  abstract class OAuthSignatureMethod {
  17      /**
  18       * Needs to return the name of the Signature Method (ie HMAC-SHA1)
  19       * @return string
  20       */
  21      abstract public function get_name();
  22  
  23      /**
  24       * Build up the signature
  25       * NOTE: The output of this function MUST NOT be urlencoded.
  26       * the encoding is handled in OAuthRequest when the final
  27       * request is serialized
  28       * @param OAuthRequest $request
  29       * @param OAuthConsumer $consumer
  30       * @param OAuthToken $token
  31       * @return string
  32       */
  33      abstract public function build_signature($request, $consumer, $token);
  34  
  35      /**
  36       * Verifies that a given signature is correct
  37       * @param OAuthRequest $request
  38       * @param OAuthConsumer $consumer
  39       * @param OAuthToken $token
  40       * @param string $signature
  41       * @return bool
  42       */
  43      public function check_signature($request, $consumer, $token, $signature) {
  44  
  45          $built = $this->build_signature($request, $consumer, $token);
  46  
  47          // Check for zero length, although unlikely here
  48          if (strlen($built) == 0 || strlen($signature) == 0) {
  49              return false;
  50          }
  51  
  52          if (strlen($built) != strlen($signature)) {
  53              return false;
  54          }
  55  
  56          // Avoid a timing leak with a (hopefully) time insensitive compare
  57          $result = 0;
  58          for ($i = 0; $i < strlen($signature); $i++) {
  59              $result |= ord($built[$i]) ^ ord($signature[$i]);
  60          }
  61  
  62          return $result == 0;
  63  
  64      }
  65  
  66  }