From 0e8f56103c3f0372177170d237e1c556dc387a84 Mon Sep 17 00:00:00 2001 From: Frederic Massart Date: Mon, 29 Jul 2013 11:42:04 +0800 Subject: [PATCH 1/2] MDL-40737 tool_uploadcourse: Prevent update of frontpage --- admin/tool/uploadcourse/classes/course.php | 15 ++++++- .../lang/en/tool_uploadcourse.php | 1 + admin/tool/uploadcourse/tests/course_test.php | 43 +++++++++++++++++++ 3 files changed, 58 insertions(+), 1 deletion(-) diff --git a/admin/tool/uploadcourse/classes/course.php b/admin/tool/uploadcourse/classes/course.php index faa404d347f..782e1e843b6 100644 --- a/admin/tool/uploadcourse/classes/course.php +++ b/admin/tool/uploadcourse/classes/course.php @@ -399,7 +399,7 @@ class tool_uploadcourse_course { * @return bool false is any error occured. */ public function prepare() { - global $DB; + global $DB, $SITE; $this->prepared = true; // Validate the shortname. @@ -432,6 +432,12 @@ class tool_uploadcourse_course { $this->error('courseexistsanduploadnotallowed', new lang_string('courseexistsanduploadnotallowed', 'tool_uploadcourse')); return false; + } else if ($this->can_update()) { + // We can never allow for any front page changes! + if ($this->shortname == $SITE->shortname) { + $this->error('cannotupdatefrontpage', new lang_string('cannotupdatefrontpage', 'tool_uploadcourse')); + return false; + } } } else { if (!$this->can_create()) { @@ -608,6 +614,13 @@ class tool_uploadcourse_course { if ($exists) { $missingonly = ($updatemode === tool_uploadcourse_processor::UPDATE_MISSING_WITH_DATA_OR_DEFAUTLS); $coursedata = $this->get_final_update_data($coursedata, $usedefaults, $missingonly); + + // Make sure we are not trying to mess with the front page, though we should never get here! + if ($coursedata['id'] == $SITE->id) { + $this->error('cannotupdatefrontpage', new lang_string('cannotupdatefrontpage', 'tool_uploadcourse')); + return false; + } + $this->do = self::DO_UPDATE; } else { $coursedata = $this->get_final_create_data($coursedata); diff --git a/admin/tool/uploadcourse/lang/en/tool_uploadcourse.php b/admin/tool/uploadcourse/lang/en/tool_uploadcourse.php index 83138d36a49..3be7ec4eff7 100644 --- a/admin/tool/uploadcourse/lang/en/tool_uploadcourse.php +++ b/admin/tool/uploadcourse/lang/en/tool_uploadcourse.php @@ -32,6 +32,7 @@ $string['cannotreadbackupfile'] = 'Cannot read the backup file'; $string['cannotrenamecoursenotexist'] = 'Cannot rename a course that does not exist'; $string['cannotrenameidnumberconflict'] = 'Cannot rename the course, the ID number conflicts with an existing course'; $string['cannotrenameshortnamealreadyinuse'] = 'Cannot rename the course, the shortname is already used'; +$string['cannotupdatefrontpage'] = 'It is forbidden to modify the front page'; $string['canonlyrenameinupdatemode'] = 'Can only rename a course when update is allowed'; $string['canonlyresetcourseinupdatemode'] = 'Can only reset a course in update mode'; $string['couldnotresolvecatgorybyid'] = 'Could not resolve category by ID'; diff --git a/admin/tool/uploadcourse/tests/course_test.php b/admin/tool/uploadcourse/tests/course_test.php index f04a2eae104..8f047c20709 100644 --- a/admin/tool/uploadcourse/tests/course_test.php +++ b/admin/tool/uploadcourse/tests/course_test.php @@ -920,4 +920,47 @@ class tool_uploadcourse_course_testcase extends advanced_testcase { $this->assertArrayHasKey('courseshortnameincremented', $co->get_statuses()); } + public function test_mess_with_frontpage() { + global $SITE; + $this->resetAfterTest(true); + + // Updating the front page. + $mode = tool_uploadcourse_processor::MODE_UPDATE_ONLY; + $updatemode = tool_uploadcourse_processor::UPDATE_ALL_WITH_DATA_ONLY; + $data = array('shortname' => $SITE->shortname, 'idnumber' => 'NewIDN'); + $importoptions = array(); + $co = new tool_uploadcourse_course($mode, $updatemode, $data, array(), $importoptions); + $this->assertFalse($co->prepare()); + $this->assertArrayHasKey('cannotupdatefrontpage', $co->get_errors()); + + // Updating the front page. + $mode = tool_uploadcourse_processor::MODE_CREATE_OR_UPDATE; + $updatemode = tool_uploadcourse_processor::UPDATE_ALL_WITH_DATA_ONLY; + $data = array('shortname' => $SITE->shortname, 'idnumber' => 'NewIDN'); + $importoptions = array(); + $co = new tool_uploadcourse_course($mode, $updatemode, $data, array(), $importoptions); + $this->assertFalse($co->prepare()); + $this->assertArrayHasKey('cannotupdatefrontpage', $co->get_errors()); + + // Generating a shortname should not be allowed in update mode, and so we cannot update the front page. + $mode = tool_uploadcourse_processor::MODE_CREATE_OR_UPDATE; + $updatemode = tool_uploadcourse_processor::UPDATE_ALL_WITH_DATA_ONLY; + $data = array('idnumber' => 'NewIDN', 'fullname' => 'FN', 'category' => 1); + $importoptions = array('shortnametemplate' => $SITE->shortname); + $co = new tool_uploadcourse_course($mode, $updatemode, $data, array(), $importoptions); + $this->assertFalse($co->prepare()); + $this->assertArrayHasKey('cannotgenerateshortnameupdatemode', $co->get_errors()); + + // Renaming to the front page should not be allowed. + $c1 = $this->getDataGenerator()->create_course(); + $mode = tool_uploadcourse_processor::MODE_CREATE_OR_UPDATE; + $updatemode = tool_uploadcourse_processor::UPDATE_ALL_WITH_DATA_ONLY; + $data = array('shortname' => $c1->shortname, 'fullname' => 'FN', 'idnumber' => 'NewIDN', 'rename' => $SITE->shortname); + $importoptions = array('canrename' => true); + $co = new tool_uploadcourse_course($mode, $updatemode, $data, array(), $importoptions); + $this->assertFalse($co->prepare()); + $this->assertArrayHasKey('cannotrenameshortnamealreadyinuse', $co->get_errors()); + + } + } From 42f4ba9b65fdeb2254ad94e8043665a1c783869f Mon Sep 17 00:00:00 2001 From: Frederic Massart Date: Mon, 5 Aug 2013 15:32:43 +0800 Subject: [PATCH 2/2] MDL-40737 tool_uploadcourse: Prove that category equals to 0 is handled --- admin/tool/uploadcourse/tests/course_test.php | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/admin/tool/uploadcourse/tests/course_test.php b/admin/tool/uploadcourse/tests/course_test.php index 8f047c20709..ee979b42ea8 100644 --- a/admin/tool/uploadcourse/tests/course_test.php +++ b/admin/tool/uploadcourse/tests/course_test.php @@ -768,6 +768,7 @@ class tool_uploadcourse_course_testcase extends advanced_testcase { } public function test_create_bad_category() { + global $DB; $this->resetAfterTest(true); // Ensure fails when category cannot be resolved upon creation. @@ -778,6 +779,14 @@ class tool_uploadcourse_course_testcase extends advanced_testcase { $this->assertFalse($co->prepare()); $this->assertArrayHasKey('couldnotresolvecatgorybyid', $co->get_errors()); + // Ensure fails when category is 0 on create. + $mode = tool_uploadcourse_processor::MODE_CREATE_NEW; + $updatemode = tool_uploadcourse_processor::UPDATE_ALL_WITH_DATA_ONLY; + $data = array('shortname' => 'c1', 'summary' => 'summary', 'fullname' => 'FN', 'category' => '0'); + $co = new tool_uploadcourse_course($mode, $updatemode, $data); + $this->assertFalse($co->prepare()); + $this->assertArrayHasKey('missingmandatoryfields', $co->get_errors()); + // Ensure fails when category cannot be resolved upon update. $c1 = $this->getDataGenerator()->create_course(); $mode = tool_uploadcourse_processor::MODE_UPDATE_ONLY; @@ -786,6 +795,31 @@ class tool_uploadcourse_course_testcase extends advanced_testcase { $co = new tool_uploadcourse_course($mode, $updatemode, $data); $this->assertFalse($co->prepare()); $this->assertArrayHasKey('couldnotresolvecatgorybyid', $co->get_errors()); + + // Ensure does not update the category when it is 0. + $c1 = $this->getDataGenerator()->create_course(); + $mode = tool_uploadcourse_processor::MODE_UPDATE_ONLY; + $updatemode = tool_uploadcourse_processor::UPDATE_ALL_WITH_DATA_ONLY; + $data = array('shortname' => $c1->shortname, 'category' => '0'); + $co = new tool_uploadcourse_course($mode, $updatemode, $data); + $this->assertTrue($co->prepare()); + $this->assertEmpty($co->get_errors()); + $this->assertEmpty($co->get_statuses()); + $co->proceed(); + $this->assertEquals($c1->category, $DB->get_field('course', 'category', array('id' => $c1->id))); + + // Ensure does not update the category when it is set to 0 in the defaults. + $c1 = $this->getDataGenerator()->create_course(); + $mode = tool_uploadcourse_processor::MODE_UPDATE_ONLY; + $updatemode = tool_uploadcourse_processor::UPDATE_ALL_WITH_DATA_OR_DEFAUTLS; + $data = array('shortname' => $c1->shortname); + $defaults = array('category' => '0'); + $co = new tool_uploadcourse_course($mode, $updatemode, $data, $defaults); + $this->assertTrue($co->prepare()); + $this->assertEmpty($co->get_errors()); + $this->assertEmpty($co->get_statuses()); + $co->proceed(); + $this->assertEquals($c1->category, $DB->get_field('course', 'category', array('id' => $c1->id))); } public function test_enrolment_data() {