mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-21 08:22:07 +02:00
Code Issues Projects Releases Wiki Activity

MDL-49059 medialib: Add test cases for invalid Youtube URL param values

Browse Source 
Tests to ensure that we're not allowing injection via invalid values of
the Youtube start time and playlist parameters.
This commit is contained in:
Paul Nicholls 2015-02-12 16:57:09 +13:00
parent 8fcb99bc88
commit 408a41bd35
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/tests/medialib_test.php
View File

@ -366,6 +366,16 @@ class core_medialib_testcase extends advanced_testcase {
$this->assertContains('list=PLxcO_MFWQBDcyn9xpbmx601YSDlDcTcr0', $t);
$this->assertContains('start=65', $t);
// Format: youtube video with invalid parameter values (injection attempts).
$url = new moodle_url('https://www.youtube.com/watch?v=dv2f_xfmbD8&index=4&list=PLxcO_">');
$t = $renderer->embed_url($url);
$this->assertContains('</iframe>', $t);
$this->assertNotContains('list=PLxcO_', $t); // We shouldn't get a list param as input was invalid.
$url = new moodle_url('https://www.youtube.com/watch?v=JNJMF1l3udM&t=">');
$t = $renderer->embed_url($url);
$this->assertContains('</iframe>', $t);
$this->assertNotContains('start=', $t); // We shouldn't get a start param as input was invalid.
// Format: youtube playlist.
$url = new moodle_url('http://www.youtube.com/view_play_list?p=PL6E18E2927047B662');
$t = $renderer->embed_url($url);