mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-19 06:18:28 +01:00
Code Issues Projects Releases Wiki Activity

MDL-23979 PARAM_CLEAN should not be used in new code at all ,there is nothing like universal cleaning, sorry

Browse Source
This commit is contained in:
Petr Skoda 2010-08-28 12:25:14 +00:00
parent 1dadfe15f2
commit 04b32359bf
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/simpletest/testmoodlelib.php
View File

@ -231,13 +231,13 @@ class moodlelib_test extends UnitTestCase {
function test_optional_param() {
$_POST['username'] = 'post_user';
$_GET['username'] = 'get_user';
$this->assertEqual(optional_param('username', 'default_user', PARAM_CLEAN), 'post_user');
$this->assertEqual(optional_param('username', 'default_user', PARAM_RAW), 'post_user');
unset($_POST['username']);
$this->assertEqual(optional_param('username', 'default_user', PARAM_CLEAN), 'get_user');
$this->assertEqual(optional_param('username', 'default_user', PARAM_RAW), 'get_user');
unset($_GET['username']);
$this->assertEqual(optional_param('username', 'default_user', PARAM_CLEAN), 'default_user');
$this->assertEqual(optional_param('username', 'default_user', PARAM_RAW), 'default_user');
}
function test_clean_param_raw() {
@ -246,8 +246,8 @@ class moodlelib_test extends UnitTestCase {
}
function test_clean_param_clean() {
$this->assertEqual(clean_param('#()*#,9789\'".,<42897></?$(*DSFMO#$*)(SDJ)($*)', PARAM_CLEAN),
'#()*#,9789\'".,');
//TODO: param clean is an ugly hack, do not use in new code (skodak)
$this->assertEqual(clean_param('xx<script>', PARAM_CLEAN), 'xx');
}
function test_clean_param_alpha() {
@ -319,7 +319,7 @@ class moodlelib_test extends UnitTestCase {
$this->assertEqual(clean_param('john#$%&() ', PARAM_USERNAME), 'john');
$this->assertEqual(clean_param('JOHNdóé ', PARAM_USERNAME), 'johnd');
$this->assertEqual(clean_param('john.,:;-_/|\ñÑ[]A_X-,D {} ~!@#$%^&*()_+ ?><[] ščřžžý ?ýáž?žý??šdoe ', PARAM_USERNAME), 'john.-_a_x-d@_doe');
// Test success condition, if extendedusernamechars == ENABLE;
$CFG->extendedusernamechars = TRUE;
@ -330,7 +330,7 @@ class moodlelib_test extends UnitTestCase {
$this->assertEqual(clean_param('joHN´doe', PARAM_USERNAME), 'john´doe');
$this->assertEqual(clean_param('johnDOE', PARAM_USERNAME), 'johndoe');
$this->assertEqual(clean_param('johndóé ', PARAM_USERNAME), 'johndóé');
$CFG->extendedusernamechars = $currentstatus;
}