MDL-49179 setuplib: print_error() uses local URLs exclusively

This commit is contained in:
Frederic Massart 2015-03-05 15:00:24 +01:00 committed by Mr. Jenkins (CiBoT)
parent b2687a055d
commit db200a8e9f
2 changed files with 119 additions and 4 deletions

View File

@ -557,10 +557,16 @@ function get_exception_info($ex) {
}
}
// when printing an error the continue button should never link offsite
if (stripos($link, $CFG->wwwroot) === false &&
stripos($link, $CFG->httpswwwroot) === false) {
$link = $CFG->wwwroot.'/';
// When printing an error the continue button should never link offsite.
// We cannot use clean_param() here as it is not guaranteed that it has been loaded yet.
$httpswwwroot = str_replace('http:', 'https:', $CFG->wwwroot);
if (stripos($link, $CFG->wwwroot) === 0) {
// Internal HTTP, all good.
} else if (!empty($CFG->loginhttps) && stripos($link, $httpswwwroot) === 0) {
// Internal HTTPS, all good.
} else {
// External link spotted!
$link = $CFG->wwwroot . '/';
}
$info = new stdClass();

View File

@ -398,4 +398,113 @@ class core_setuplib_testcase extends advanced_testcase {
// Prove that we cannot use array_merge_recursive() instead.
$this->assertNotSame($expected, array_merge_recursive($original, $chunk));
}
/**
* Test the link processed by get_exception_info().
*/
public function test_get_exception_info_link() {
global $CFG, $SESSION;
$initialloginhttps = $CFG->loginhttps;
$httpswwwroot = str_replace('http:', 'https:', $CFG->wwwroot);
$CFG->loginhttps = false;
// Simple local URL.
$url = $CFG->wwwroot . '/something/here?really=yes';
$exception = new moodle_exception('none', 'error', $url);
$infos = $this->get_exception_info($exception);
$this->assertSame($url, $infos->link);
// Relative local URL.
$url = '/something/here?really=yes';
$exception = new moodle_exception('none', 'error', $url);
$infos = $this->get_exception_info($exception);
$this->assertSame($CFG->wwwroot . '/', $infos->link);
// HTTPS URL when login HTTPS is not enabled.
$url = $httpswwwroot . '/something/here?really=yes';
$exception = new moodle_exception('none', 'error', $url);
$infos = $this->get_exception_info($exception);
$this->assertSame($CFG->wwwroot . '/', $infos->link);
// HTTPS URL with login HTTPS.
$CFG->loginhttps = true;
$url = $httpswwwroot . '/something/here?really=yes';
$exception = new moodle_exception('none', 'error', $url);
$infos = $this->get_exception_info($exception);
$this->assertSame($url, $infos->link);
// External HTTP URL.
$url = 'http://moodle.org/something/here?really=yes';
$exception = new moodle_exception('none', 'error', $url);
$infos = $this->get_exception_info($exception);
$this->assertSame($CFG->wwwroot . '/', $infos->link);
// External HTTPS URL.
$url = 'https://moodle.org/something/here?really=yes';
$exception = new moodle_exception('none', 'error', $url);
$infos = $this->get_exception_info($exception);
$this->assertSame($CFG->wwwroot . '/', $infos->link);
// External URL containing local URL.
$url = 'http://moodle.org/something/here?' . $CFG->wwwroot;
$exception = new moodle_exception('none', 'error', $url);
$infos = $this->get_exception_info($exception);
$this->assertSame($CFG->wwwroot . '/', $infos->link);
// Internal link from fromurl.
$SESSION->fromurl = $url = $CFG->wwwroot . '/something/here?really=yes';
$exception = new moodle_exception('none');
$infos = $this->get_exception_info($exception);
$this->assertSame($url, $infos->link);
// Internal HTTPS link from fromurl.
$SESSION->fromurl = $url = $httpswwwroot . '/something/here?really=yes';
$exception = new moodle_exception('none');
$infos = $this->get_exception_info($exception);
$this->assertSame($url, $infos->link);
// Internal HTTPS link from fromurl without login HTTPS.
$CFG->loginhttps = false;
$SESSION->fromurl = $httpswwwroot . '/something/here?really=yes';
$exception = new moodle_exception('none');
$infos = $this->get_exception_info($exception);
$this->assertSame($CFG->wwwroot . '/', $infos->link);
// External link from fromurl.
$SESSION->fromurl = 'http://moodle.org/something/here?really=yes';
$exception = new moodle_exception('none');
$infos = $this->get_exception_info($exception);
$this->assertSame($CFG->wwwroot . '/', $infos->link);
// External HTTPS link from fromurl.
$SESSION->fromurl = 'https://moodle.org/something/here?really=yes';
$exception = new moodle_exception('none');
$infos = $this->get_exception_info($exception);
$this->assertSame($CFG->wwwroot . '/', $infos->link);
// External HTTPS link from fromurl with login HTTPS.
$CFG->loginhttps = true;
$SESSION->fromurl = 'https://moodle.org/something/here?really=yes';
$exception = new moodle_exception('none');
$infos = $this->get_exception_info($exception);
$this->assertSame($CFG->wwwroot . '/', $infos->link);
$CFG->loginhttps = $initialloginhttps;
$SESSION->fromurl = '';
}
/**
* Wrapper to call {@link get_exception_info()}.
*
* @param Exception $ex An exception.
* @return stdClass of information.
*/
public function get_exception_info($ex) {
try {
throw $ex;
} catch (moodle_exception $e) {
return get_exception_info($e);
}
}
}