@@ -748,11 +748,11 @@ public function addSignature($endpoint, $data, $method = 'POST', $type = null, $
748748 */
749749 public function checkMessage ()
750750 {
751- $ this -> ok = $ _SERVER 'REQUEST_METHOD ' ] === 'POST ' ;
752- if (!$ this -> ok ) {
751+ $ ok$ _SERVER 'REQUEST_METHOD ' ] === 'POST ' ;
752+ if (!$ ok
753753 $ this reason = 'LTI messages must use HTTP POST ' ;
754754 } elseif (!empty ($ this jwt ) && !empty ($ this jwt ->hasJwt ())) {
755- $ this -> ok = false ;
755+ $ okfalse ;
756756 if (is_null ($ this messageParameters ['oauth_consumer_key ' ]) || (strlen ($ this messageParameters ['oauth_consumer_key ' ]) <= 0 )) {
757757 $ this reason = 'Missing iss claim ' ;
758758 } elseif (empty ($ this jwt ->getClaim ('iat ' , '' ))) {
@@ -764,7 +764,7 @@ public function checkMessage()
764764 } elseif (empty ($ this jwt ->getClaim ('nonce ' , '' ))) {
765765 $ this reason = 'Missing nonce claim ' ;
766766 } else {
767- $ this -> ok = true ;
767+ $ oktrue ;
768768 }
769769 }
770770// Set signature method from request
@@ -775,21 +775,21 @@ public function checkMessage()
775775 }
776776 }
777777// Check all required launch parameters
778- if ($ this -> ok ) {
779- $ this -> ok = isset ($ this messageParameters ['lti_message_type ' ]);
780- if (!$ this -> ok ) {
778+ if ($ ok
779+ $ okisset ($ this messageParameters ['lti_message_type ' ]);
780+ if (!$ ok
781781 $ this reason = 'Missing lti_message_type parameter. ' ;
782782 }
783783 }
784- if ($ this -> ok ) {
785- $ this -> ok = isset ($ this messageParameters ['lti_version ' ]) && in_array ($ this messageParameters ['lti_version ' ],
784+ if ($ ok
785+ $ okisset ($ this messageParameters ['lti_version ' ]) && in_array ($ this messageParameters ['lti_version ' ],
786786 Util::$ LTI_VERSIONS
787- if (!$ this -> ok ) {
787+ if (!$ ok
788788 $ this reason = 'Invalid or missing lti_version parameter. ' ;
789789 }
790790 }
791791
792- return $ this -> ok ;
792+ return $ ok
793793 }
794794
795795 /**
@@ -839,6 +839,9 @@ public function verifySignature()
839839 $ methodnew OAuth \OAuthSignatureMethod_HMAC_SHA1 ();
840840 $ serveradd_signature_method ($ method
841841 $ requestOAuth \OAuthRequest::from_request ();
842+ if (isset ($ requestget_parameters ()['_new_window ' ]) && !isset ($ this messageParameters ['_new_window ' ])) {
843+ $ requestunset_parameter ('_new_window ' );
844+ }
842845 $ serververify_request ($ request
843846 $ oktrue ;
844847 } catch (\Exception $ e
@@ -884,9 +887,13 @@ public function verifySignature()
884887###
885888
886889 /**
887- * Parse the message
890+ * Parse the message.
891+ *
892+ * @param bool $strictMode True if full compliance with the LTI specification is required
893+ * @param bool $disableCookieCheck True if no cookie check should be made
894+ * @param bool $generateWarnings True if warning messages should be generated
888895 */
889- private function parseMessage ()
896+ private function parseMessage ($ strictMode , $ disableCookieCheck , $ generateWarnings
890897 {
891898 if (is_null ($ this messageParameters )) {
892899 $ this getRawParameters ();
@@ -943,16 +950,32 @@ private function parseMessage()
943950 if (isset ($ this rawParameters ['id_token ' ])) {
944951 $ this ok = !empty ($ this rawParameters ['state ' ]);
945952 if ($ this ok ) {
946- $ noncenew PlatformNonce ($ this platform , $ this rawParameters ['state ' ]);
953+ $ state$ this rawParameters ['state ' ];
954+ if (!$ disableCookieCheck
955+ $ partsexplode ('. ' , $ state
956+ if (empty ($ _COOKIE isset ($ _POST '_new_window ' ])) { // Reopen in a new window
957+ Util::setTestCookie ();
958+ $ _POST '_new_window ' ] = '' ;
959+ echo Util::sendForm ($ _SERVER 'REQUEST_URI ' ], $ _POST '_blank ' );
960+ exit ;
961+ } elseif (!empty (session_id ()) && (count ($ parts1 ) && (session_id () !== $ parts1 ])) { // Reset to original session
962+ session_abort ();
963+ session_id ($ parts1 ]);
964+ session_start ();
965+ $ this onResetSessionId ();
966+ }
967+ Util::setTestCookie (true );
968+ }
969+ $ noncenew PlatformNonce ($ this platform , $ state
947970 $ this ok = $ nonceload ();
948971 if (!$ this ok ) {
949972 $ platformfromPlatformId ($ iss$ audnull , $ this dataConnector );
950- $ noncenew PlatformNonce ($ platform$ this -> rawParameters [ ' state ' ] );
973+ $ noncenew PlatformNonce ($ platform$ state
951974 $ this ok = $ nonceload ();
952975 }
953976 if (!$ this ok ) {
954977 $ platformfromPlatformId ($ issnull , null , $ this dataConnector );
955- $ noncenew PlatformNonce ($ platform$ this -> rawParameters [ ' state ' ] );
978+ $ noncenew PlatformNonce ($ platform$ state
956979 $ this ok = $ nonceload ();
957980 }
958981 if ($ this ok ) {
@@ -965,7 +988,7 @@ private function parseMessage()
965988 $ this messageParameters = array ();
966989 $ this messageParameters ['oauth_consumer_key ' ] = $ aud
967990 $ this messageParameters ['oauth_signature_method ' ] = $ this jwt ->getHeader ('alg ' );
968- $ this parseClaims ();
991+ $ this parseClaims ($ strictMode , $ generateWarnings
969992 } else {
970993 $ this reason = 'state parameter is invalid or missing ' ;
971994 }
@@ -985,8 +1008,34 @@ private function parseMessage()
9851008 $ this reason .= ": {$ this rawParameters ['error_description ' ]}" ;
9861009 }
9871010 } else { // OAuth
988- if (isset ($ this rawParameters ['oauth_consumer_key ' ]) && ($ this instanceof Tool)) {
989- $ this platform = Platform::fromConsumerKey ($ this rawParameters ['oauth_consumer_key ' ], $ this dataConnector );
1011+ if ($ this instanceof Tool) {
1012+ if (isset ($ this rawParameters ['oauth_consumer_key ' ])) {
1013+ $ this platform = Platform::fromConsumerKey ($ this rawParameters ['oauth_consumer_key ' ], $ this dataConnector );
1014+ }
1015+ if (isset ($ this rawParameters ['tool_state ' ])) { // Relaunch?
1016+ $ state$ this rawParameters ['tool_state ' ];
1017+ if (!$ disableCookieCheck
1018+ $ partsexplode ('. ' , $ state
1019+ if (empty ($ _COOKIE isset ($ _POST '_new_window ' ])) { // Reopen in a new window
1020+ Util::setTestCookie ();
1021+ $ _POST '_new_window ' ] = '' ;
1022+ echo Util::sendForm ($ _SERVER 'REQUEST_URI ' ], $ _POST '_blank ' );
1023+ exit ;
1024+ } elseif (!empty (session_id ()) && (count ($ parts1 ) && (session_id () !== $ parts1 ])) { // Reset to original session
1025+ session_abort ();
1026+ session_id ($ parts1 ]);
1027+ session_start ();
1028+ $ this onResetSessionId ();
1029+ }
1030+ unset($ this rawParameters ['_new_window ' ]);
1031+ Util::setTestCookie (true );
1032+ }
1033+ $ noncenew PlatformNonce ($ this platform , $ state
1034+ $ this ok = $ nonceload ();
1035+ if (!$ this ok ) {
1036+ $ this reason = "Invalid tool_state parameter: ' {$ state' " ;
1037+ }
1038+ }
9901039 }
9911040 $ this messageParameters = $ this rawParameters ;
9921041 }
@@ -995,8 +1044,11 @@ private function parseMessage()
9951044
9961045 /**
9971046 * Parse the claims
1047+ *
1048+ * @param bool $strictMode True if full compliance with the LTI specification is required
1049+ * @param bool $generateWarnings True if warning messages should be generated
9981050 */
999- private function parseClaims ()
1051+ private function parseClaims ($ strictMode , $ generateWarnings
10001052 {
10011053 $ payloadcloneObject ($ this jwt ->getPayload ());
10021054 $ errorsarray ();
@@ -1041,6 +1093,13 @@ private function parseClaims()
10411093 $ value$ value'true ' : 'false ' ;
10421094 } elseif (isset ($ mapping'isInteger ' ]) && $ mapping'isInteger ' ]) {
10431095 $ valuestrval ($ value
1096+ } elseif (!is_string ($ value
1097+ if ($ generateWarnings
1098+ $ this warnings [] = "Value of claim ' {$ claim' is not a string: ' {$ value' " ;
1099+ }
1100+ if (!$ strictMode
1101+ $ valuestrval ($ value
1102+ }
10441103 }
10451104 }
10461105 if (!is_null ($ valueis_string ($ value
0 commit comments