mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-18 22:08:20 +01:00
Code Issues Projects Releases Wiki Activity

Merge branch 'MDL-59443-master-filetypesvalidation' of git://github.com/mudrd8mz/moodle

Browse Source
This commit is contained in:
Dan Poltawski 2017-07-11 10:16:40 +01:00
commit 229c5ec14f
7 changed files with 93 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lang/en/form.php
View File

@ -42,8 +42,10 @@ $string['err_numeric'] = 'You must enter a number here.';
$string['err_rangelength'] = 'You must enter between {$a->format[0]} and {$a->format[1]} characters here.';
$string['err_required'] = 'You must supply a value here.';
$string['filetypesany'] = 'All file types';
$string['filetypesnotall'] = 'It is not allowed to select \'All file types\' here';
$string['filetypesnotwhitelisted'] = 'These file types are not allowed here: {$a}';
$string['filetypesothers'] = 'Other files';
$string['filetypesunknown'] = 'Unknown file types: {$a}';
$string['general'] = 'General';
$string['hideadvanced'] = 'Hide advanced';
$string['hour'] = 'Hour';

5
lib/form/classes/filetypes_util.php
View File

@ -493,7 +493,10 @@ class filetypes_util {
$unknown = [];
foreach ($this->normalize_file_types($types) as $type) {
if ($this->is_filetype_group($type)) {
if ($type === '*') {
// Any file is considered as a known type.
continue;
} else if ($this->is_filetype_group($type)) {
// The type is a group that exists.
continue;
} else if ($this->looks_like_mimetype($type)) {

49
lib/form/filetypes.php
View File

@ -45,6 +45,9 @@ class MoodleQuickForm_filetypes extends MoodleQuickForm_group {
/** @var bool Allow selection of 'All file types' (will be stored as '*'). */
protected $allowall = true;
/** @var bool Skip implicit validation against known file types. */
protected $allowunknown = false;
/** @var core_form\filetypes_util instance to use as a helper. */
protected $util = null;
@ -56,6 +59,7 @@ class MoodleQuickForm_filetypes extends MoodleQuickForm_group {
* @param array $options element options:
* 'onlytypes': Allow selection from these file types only; for example ['onlytypes' => ['web_image']].
* 'allowall': Allow to select 'All file types', defaults to true. Does not apply with onlytypes are set.
* 'allowunknown': Skip implicit validation against the list of known file types.
* @param array|string $attributes Either a typical HTML attribute string or an associative array
*/
public function __construct($elementname = null, $elementlabel = null, $options = null, $attributes = null) {
@ -75,6 +79,9 @@ class MoodleQuickForm_filetypes extends MoodleQuickForm_group {
if (!$this->onlytypes && array_key_exists('allowall', $options)) {
$this->allowall = (bool)$options['allowall'];
}
if (array_key_exists('allowunknown', $options)) {
$this->allowunknown = (bool)$options['allowunknown'];
}
}
$this->util = new filetypes_util();
@ -196,8 +203,50 @@ class MoodleQuickForm_filetypes extends MoodleQuickForm_group {
}
$this->setValue($value);
return true;
break;
}
return parent::onQuickFormEvent($event, $arg, $caller);
}
/**
* Check that the submitted list contains only known and allowed file types.
*
* The validation obeys the element options 'allowall', 'allowunknown' and
* 'onlytypes' passed when creating the element.
*
* @param array $value Submitted value.
* @return string|null Validation error message or null.
*/
public function validateSubmitValue($value) {
if (!$this->allowall) {
// Assert that there is an actual list provided.
$normalized = $this->util->normalize_file_types($value['filetypes']);
if (empty($normalized) || $normalized == ['*']) {
return get_string('filetypesnotall', 'core_form');
}
}
if (!$this->allowunknown) {
// Assert that all file types are known.
$unknown = $this->util->get_unknown_file_types($value['filetypes']);
if ($unknown) {
return get_string('filetypesunknown', 'core_form', implode(', ', $unknown));
}
}
if ($this->onlytypes) {
// Assert that all file types are allowed here.
$notwhitelisted = $this->util->get_not_whitelisted($value['filetypes'], $this->onlytypes);
if ($notwhitelisted) {
return get_string('filetypesnotwhitelisted', 'core_form', implode(', ', $notwhitelisted));
}
}
return;
}
}

12
lib/form/tests/behat/filetypes.feature
View File

@ -24,4 +24,14 @@ Feature: There is a form element allowing to select filetypes
Scenario: File types can be provided via direct input with JavaScript enabled
Given I set the field "Choose from all file types" to ".png .gif .jpg"
When I press "Save changes"
Then the field "Choose from all file types" matches value ".png .gif .jpg"
Then the field "Choose from all file types" matches value ".png .gif .jpg"
Scenario: File types are validated to be known, unless the field allows unknown be provided
Given I set the field "Choose from all file types" to ".pdf .doesnoexist"
And I set the field "Choose from a limited set" to "doc docx pdf rtf"
And I set the field "Unknown file types are allowed here" to ".neverminditdoesnotexist"
When I press "Save changes"
Then I should see "Unknown file types: .doesnoexist"
And I should see "These file types are not allowed here: .doc, .docx, .rtf"
And I should see "It is not allowed to select 'All file types' here"
And I should not see "Unknown file types: .neverminditdoesnotexist"

8
lib/form/tests/filetypes_util_test.php
View File

@ -412,6 +412,14 @@ class filetypes_util_testcase extends advanced_testcase {
*/
public function get_unknown_file_types_provider() {
return [
'Empty list' => [
'filetypes' => '',
'expected' => [],
],
'Any file type' => [
'filetypes' => '*',
'expected' => [],
],
'Unknown extension' => [
'filetypes' => '.rat',
'expected' => ['.rat']

16
lib/formslib.php
View File

@ -572,6 +572,20 @@ abstract class moodleform {
$file_val = false;
}
// Give the elements a chance to perform an implicit validation.
$element_val = true;
foreach ($mform->_elements as $element) {
if (method_exists($element, 'validateSubmitValue')) {
$value = $mform->getSubmitValue($element->getName());
$result = $element->validateSubmitValue($value);
if (!empty($result) && is_string($result)) {
$element_val = false;
$mform->setElementError($element->getName(), $result);
}
}
}
// Let the form instance validate the submitted values.
$data = $mform->exportValues();
$moodle_val = $this->validation($data, $files);
if ((is_array($moodle_val) && count($moodle_val)!==0)) {
@ -586,7 +600,7 @@ abstract class moodleform {
$moodle_val = true;
}
$this->_validated = ($internal_val and $moodle_val and $file_val);
$this->_validated = ($internal_val and $element_val and $moodle_val and $file_val);
}
return $this->_validated;
}

4
lib/upgrade.txt
View File

@ -20,6 +20,10 @@ information provided here is intended especially for developers.
* External function core_group_external::get_activity_allowed_groups now returns an additional field: canaccessallgroups.
It indicates whether the user will be able to access all the activity groups.
* file_get_draft_area_info does not sum the root folder anymore when calculating the foldercount.
* The moodleform element classes can now optionally provide a public function validateSubmitValue(). This method can be
used to perform implicit validation of submitted values - without the need to explicitly add the validation rules to
every form. The method should accept a single parameter with the submitted value. It should return a string with the
eventual validation error, or an empty value if the validation passes.
=== 3.3.1 ===