mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-03-21 08:00:37 +01:00
Code Issues Projects Releases Wiki Activity

Merge branch 'MDL-65025-master' of git://github.com/jleyva/moodle

Browse Source
This commit is contained in:
Eloy Lafuente (stronk7) 2019-09-17 00:01:51 +02:00
commit 37b017af3d
2 changed files with 133 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
mod/forum/externallib.php
View File

@ -413,8 +413,10 @@ class mod_forum_external extends external_api {
$post->subject = external_format_string($post->subject, $modcontext->id);
// Rewrite embedded images URLs.
$options = array('trusted' => $post->messagetrust);
list($post->message, $post->messageformat) =
external_format_text($post->message, $post->messageformat, $modcontext->id, 'mod_forum', 'post', $post->id);
external_format_text($post->message, $post->messageformat, $modcontext->id, 'mod_forum', 'post', $post->id,
$options);
// List attachments.
if (!empty($post->attachment)) {
@ -626,9 +628,10 @@ class mod_forum_external extends external_api {
$discussion->name = external_format_string($discussion->name, $modcontext->id);
$discussion->subject = external_format_string($discussion->subject, $modcontext->id);
// Rewrite embedded images URLs.
$options = array('trusted' => $discussion->messagetrust);
list($discussion->message, $discussion->messageformat) =
external_format_text($discussion->message, $discussion->messageformat,
$modcontext->id, 'mod_forum', 'post', $discussion->id);
$modcontext->id, 'mod_forum', 'post', $discussion->id, $options);
// List attachments.
if (!empty($discussion->attachment)) {
@ -925,9 +928,10 @@ class mod_forum_external extends external_api {
$discussionobject->name = external_format_string($discussion->get_name(), $modcontext->id);
$discussionobject->subject = external_format_string($discussionobject->subject, $modcontext->id);
// Rewrite embedded images URLs.
$options = array('trusted' => $discussionobject->messagetrust);
list($discussionobject->message, $discussionobject->messageformat) =
external_format_text($discussionobject->message, $discussionobject->messageformat,
$modcontext->id, 'mod_forum', 'post', $discussionobject->id);
$modcontext->id, 'mod_forum', 'post', $discussionobject->id, $options);
// List attachments.
if (!empty($discussionobject->attachment)) {

126
mod/forum/tests/externallib_test.php
View File

@ -2354,4 +2354,130 @@ class mod_forum_external_testcase extends externallib_advanced_testcase {
],
]);
}
/**
* Test trusted text enabled.
*/
public function test_trusted_text_enabled() {
global $USER, $CFG;
$this->resetAfterTest(true);
$CFG->enabletrusttext = 1;
$dangeroustext = '<button>Untrusted text</button>';
$cleantext = 'Untrusted text';
// Create courses to add the modules.
$course = self::getDataGenerator()->create_course();
$user1 = self::getDataGenerator()->create_user();
// First forum with tracking off.
$record = new stdClass();
$record->course = $course->id;
$record->type = 'qanda';
$forum = self::getDataGenerator()->create_module('forum', $record);
$context = context_module::instance($forum->cmid);
// Add discussions to the forums.
$discussionrecord = new stdClass();
$discussionrecord->course = $course->id;
$discussionrecord->userid = $user1->id;
$discussionrecord->forum = $forum->id;
$discussionrecord->message = $dangeroustext;
$discussionrecord->messagetrust = trusttext_trusted($context);
$discussion1 = self::getDataGenerator()->get_plugin_generator('mod_forum')->create_discussion($discussionrecord);
self::setAdminUser();
$discussionrecord->userid = $USER->id;
$discussionrecord->messagetrust = trusttext_trusted($context);
$discussion2 = self::getDataGenerator()->get_plugin_generator('mod_forum')->create_discussion($discussionrecord);
$discussions = mod_forum_external::get_forum_discussions_paginated($forum->id);
$discussions = external_api::clean_returnvalue(mod_forum_external::get_forum_discussions_paginated_returns(), $discussions);
$this->assertCount(2, $discussions['discussions']);
$this->assertCount(0, $discussions['warnings']);
// Admin message is fully trusted.
$this->assertEquals(1, $discussions['discussions'][0]['messagetrust']);
$this->assertEquals($dangeroustext, $discussions['discussions'][0]['message']);
// Student message is not trusted.
$this->assertEquals(0, $discussions['discussions'][1]['messagetrust']);
$this->assertEquals($cleantext, $discussions['discussions'][1]['message']);
// Get posts now.
$posts = mod_forum_external::get_forum_discussion_posts($discussion2->id);
$posts = external_api::clean_returnvalue(mod_forum_external::get_forum_discussion_posts_returns(), $posts);
// Admin message is fully trusted.
$this->assertEquals(1, $posts['posts'][0]['messagetrust']);
$this->assertEquals($dangeroustext, $posts['posts'][0]['message']);
$posts = mod_forum_external::get_forum_discussion_posts($discussion1->id);
$posts = external_api::clean_returnvalue(mod_forum_external::get_forum_discussion_posts_returns(), $posts);
// Student message is not trusted.
$this->assertEquals(0, $posts['posts'][0]['messagetrust']);
$this->assertEquals($cleantext, $posts['posts'][0]['message']);
}
/**
* Test trusted text disabled.
*/
public function test_trusted_text_disabled() {
global $USER, $CFG;
$this->resetAfterTest(true);
$CFG->enabletrusttext = 0;
$dangeroustext = '<button>Untrusted text</button>';
$cleantext = 'Untrusted text';
// Create courses to add the modules.
$course = self::getDataGenerator()->create_course();
$user1 = self::getDataGenerator()->create_user();
// First forum with tracking off.
$record = new stdClass();
$record->course = $course->id;
$record->type = 'qanda';
$forum = self::getDataGenerator()->create_module('forum', $record);
$context = context_module::instance($forum->cmid);
// Add discussions to the forums.
$discussionrecord = new stdClass();
$discussionrecord->course = $course->id;
$discussionrecord->userid = $user1->id;
$discussionrecord->forum = $forum->id;
$discussionrecord->message = $dangeroustext;
$discussionrecord->messagetrust = trusttext_trusted($context);
$discussion1 = self::getDataGenerator()->get_plugin_generator('mod_forum')->create_discussion($discussionrecord);
self::setAdminUser();
$discussionrecord->userid = $USER->id;
$discussionrecord->messagetrust = trusttext_trusted($context);
$discussion2 = self::getDataGenerator()->get_plugin_generator('mod_forum')->create_discussion($discussionrecord);
$discussions = mod_forum_external::get_forum_discussions($forum->id);
$discussions = external_api::clean_returnvalue(mod_forum_external::get_forum_discussions_returns(), $discussions);
$this->assertCount(2, $discussions['discussions']);
$this->assertCount(0, $discussions['warnings']);
// Admin message is not trusted because enabletrusttext is disabled.
$this->assertEquals(0, $discussions['discussions'][0]['messagetrust']);
$this->assertEquals($cleantext, $discussions['discussions'][0]['message']);
// Student message is not trusted.
$this->assertEquals(0, $discussions['discussions'][1]['messagetrust']);
$this->assertEquals($cleantext, $discussions['discussions'][1]['message']);
// Get posts now.
$posts = mod_forum_external::get_forum_discussion_posts($discussion2->id);
$posts = external_api::clean_returnvalue(mod_forum_external::get_forum_discussion_posts_returns(), $posts);
// Admin message is not trusted because enabletrusttext is disabled.
$this->assertEquals(0, $posts['posts'][0]['messagetrust']);
$this->assertEquals($cleantext, $posts['posts'][0]['message']);
$posts = mod_forum_external::get_forum_discussion_posts($discussion1->id);
$posts = external_api::clean_returnvalue(mod_forum_external::get_forum_discussion_posts_returns(), $posts);
// Student message is not trusted.
$this->assertEquals(0, $posts['posts'][0]['messagetrust']);
$this->assertEquals($cleantext, $posts['posts'][0]['message']);
}
}