.github/workflows/main.yml

@@ -1,17 +0,0 @@
-name: Workflow
-
-on: [push]
-
-jobs:
-  mirror:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-      with:
-        fetch-depth: 0
-
-    - uses: yesolutions/mirror-action@master
-      with:
-        REMOTE: 'https://git.popov.link/moodle/auth_link.git'
-        GIT_USERNAME: ${{ secrets.GIT_USERNAME }}
-        GIT_PASSWORD: ${{ secrets.GIT_PASSWORD }}

README.md

@@ -7,8 +7,9 @@
 Authorization plugin for Moodle.
 Adds the ability to authorize a user by a direct link.
 
-## Installation
+<a name="installation">
-
+    <h2>Installation</h2>
+</a>
 Get the installation package in any of the available methods:
 
 * [GitHub Releases](https://github.com/valentineus/auth-link/releases).
@@ -16,8 +17,9 @@ Get the installation package in any of the available methods:
 
 In Moodle in the administration panel go to the "Plugins" section and make a standard installation of the plug-in.
 
-## Using
+<a name="using">
-
+    <h2>Using</h2>
+</a>
 Pass the variables `username` and `password` in any standard way.
 Variables are read from a file `$ _REQUEST`, which guarantees GET and POST requests performance, as well as support for the cookie.
 
@@ -26,8 +28,9 @@ Example of a link that authorizes a user on the course:
 https://yourwebserver.org/course/view.php?id=2&username=guest&password=qwerty
 ```
 
-## Build
+<a name="build">
-
+    <h2>Build</h2>
+</a>
 Self-assembly package is as follows:
 
 * Clone the repository:
@@ -41,7 +44,9 @@ cd ./auth-link
 /bin/sh build.sh
 ```
 
-## License
+<a name="license">
+    <h2>License</h2>
+</a>
 
 <img height="256px" alt="GNU Banner" src="https://www.gnu.org/graphics/runfreegnu.png" />
 

auth.php

@@ -67,7 +67,7 @@ class auth_plugin_link extends auth_plugin_base {
     /**
      * No password updates.
      */
-    public function user_update_password($user, $newpassword) {
+    public function user_update_password() {
         return false;
     }
 
@@ -127,11 +127,13 @@ class auth_plugin_link extends auth_plugin_base {
     public function loginpage_hook() {
         global $DB;
 
-        $username = optional_param('username', '', PARAM_RAW);
-        $password = optional_param('password', '', PARAM_RAW);
-
         if (!isloggedin()) {
-            if (!empty($username) && !empty($password)) {
+            if (isset($_REQUEST['username']) &&
+                isset($_REQUEST['password'])) {
+
+                $username = htmlspecialchars($_REQUEST['username']);
+                $password = htmlspecialchars($_REQUEST['password']);
+
                 // User existence check.
                 if ($user = $DB->get_record('user', array('username' => $username) )) {
                     // Verification of authorization data.
@@ -150,13 +152,12 @@ class auth_plugin_link extends auth_plugin_base {
     public function redirect_user() {
         global $CFG, $SESSION;
 
-        $wantsurl = optional_param('wantsurl', '', PARAM_URL);
+        $redirect = $CFG->wwwroot;
-        $redirect = new moodle_url($CFG->wwwroot, $_GET);
 
         if (isset($SESSION->wantsurl)) {
-            $redirect = new moodle_url($SESSION->wantsurl, $_GET);
+            $redirect = $SESSION->wantsurl;
-        } else if (!empty($wantsurl)) {
+        } else if (isset($_GET['wantsurl'])) {
-            $redirect = new moodle_url($wantsurl);
+            $redirect = htmlspecialchars($_GET['wantsurl']);
         }
 
         redirect($redirect);

build.sh

@@ -11,7 +11,6 @@ export PATH="$PATH:/usr/local/scripts"
 
 # Build the package
 cd ..
-mv "./moodle_auth-link" "./auth-link"
 zip -9 -r "auth-link.zip" "auth-link"  \
         -x "auth-link/.git*"       \
         -x "auth-link/.travis.yml" \

version.php

@@ -23,8 +23,8 @@
  */
 
 defined('MOODLE_INTERNAL') || die();
-$plugin->release   = '1.1.1 (Build: 2018061010)';
+$plugin->release   = '1.0.0 (Build: 2017101701)';
-$plugin->version   = 2018061010;
+$plugin->version   = 2017101701;
 $plugin->requires  = 2016112900;
 $plugin->component = 'auth_link';
 $plugin->maturity  = MATURITY_STABLE;