From a757e87eff085f758ef5773ded67a722fc18a319 Mon Sep 17 00:00:00 2001 From: Kumi Date: Tue, 25 Jun 2024 22:00:16 +0200 Subject: [PATCH] fix(auth): relax parameter validation in JWT login Changed the validation for the 'key' parameter from ALPHANUM to RAW in the JWT login method. This allows more flexible key formats, accommodating a wider range of authentication schemes. Ensure existing keys are compatible with the broader validation. --- auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth.php b/auth.php index c891d3d..8563cbf 100644 --- a/auth.php +++ b/auth.php @@ -139,7 +139,7 @@ class auth_plugin_jwt extends auth_plugin_base { public function user_login_jwt() { global $SESSION, $CFG, $USER; - $keyvalue = required_param('key', PARAM_ALPHANUM); + $keyvalue = required_param('key', PARAM_RAW); $wantsurl = optional_param('wantsurl', '', PARAM_URL); if (!empty($wantsurl)) {