Merge branch 'MDL-59273-master' of https://github.com/lucisgit/moodle

This commit is contained in:
Eloy Lafuente (stronk7) 2017-10-03 22:38:13 +02:00
commit 4536f3084d
2 changed files with 6 additions and 2 deletions

View File

@ -1034,10 +1034,11 @@ function clean_param($param, $type) {
}
return $param;
case PARAM_URL: // Allow safe ftp, http, mailto urls.
case PARAM_URL:
// Allow safe urls.
$param = fix_utf8($param);
include_once($CFG->dirroot . '/lib/validateurlsyntax.php');
if (!empty($param) && validateUrlSyntax($param, 's?H?S?F?E?u-P-a?I?p?f?q?r?')) {
if (!empty($param) && validateUrlSyntax($param, 's?H?S?F?E-u-P-a?I?p?f?q?r?')) {
// All is ok, param is respected.
} else {
// Not really ok.

View File

@ -615,6 +615,9 @@ class core_moodlelib_testcase extends advanced_testcase {
$this->assertSame('', clean_param('rtmp://example.com/livestream', PARAM_URL));
$this->assertSame('', clean_param('rtmp://example.com/live&foo', PARAM_URL));
$this->assertSame('', clean_param('rtmp://example.com/fms&mp4:path/to/file.mp4', PARAM_URL));
$this->assertSame('', clean_param('mailto:support@moodle.org', PARAM_URL));
$this->assertSame('', clean_param('mailto:support@moodle.org?subject=Hello%20Moodle', PARAM_URL));
$this->assertSame('', clean_param('mailto:support@moodle.org?subject=Hello%20Moodle&cc=feedback@moodle.org', PARAM_URL));
}
public function test_clean_param_localurl() {