Index: moodle/mod/lamslesson/userinfo.php
===================================================================
diff -u -r82b05bec226a5e8a2e57f35727aefe8b8a3d2fad -r458edcd7121d8676f627e7f74a06952a54423bf6
--- moodle/mod/lamslesson/userinfo.php	(.../userinfo.php)	(revision 82b05bec226a5e8a2e57f35727aefe8b8a3d2fad)
+++ moodle/mod/lamslesson/userinfo.php	(.../userinfo.php)	(revision 458edcd7121d8676f627e7f74a06952a54423bf6)
@@ -16,14 +16,19 @@
     include_once($CFG->libdir.'/datalib.php');
     global $DB;
 
+    $hs = required_param('hs', PARAM_ALPHANUM);
+    $ts = required_param('ts', PARAM_RAW);
+    $un = required_param('un', PARAM_ALPHANUM);
+    $lsid = optional_param('lsid', '', PARAM_INT);
+
     if(!isset($CFG->lamslesson_serverid)||!isset($CFG->lamslesson_serverkey))
     {
         header('HTTP/1.1 401 Unauthenticated');
         exit(1);
     }
-    $plaintext = trim($_GET['ts']).trim($_GET['un']).trim($CFG->lamslesson_serverid).trim($CFG->lamslesson_serverkey);
+    $plaintext = trim($ts).trim($un).trim($CFG->lamslesson_serverid).trim($CFG->lamslesson_serverkey);
     $hash = sha1(strtolower($plaintext));
-    if($hash!=$_GET['hs']){
+    if($hash != $hs){
         header('HTTP/1.1 401 Unauthenticated');
         exit(1);
     }
@@ -32,7 +37,7 @@
     //What it needs is user info in CSV format. It should be like this:
     //username,first name,last name,job title, department, organisation,
     //address,phone,fax,mobile,email
-    $user = $DB->get_record('user', array('username'=>$_GET['un']));
+    $user = $DB->get_record('user', array('username'=>$un));
 
     //return false if none found
     if(!$user){
@@ -43,4 +48,4 @@
     $comma_separated = implode(",", $array);//need more sophiscated algorithm to generate CSV formatted string
     echo $comma_separated;
 
-?>
\ No newline at end of file
+?>