From 630b8fdaea0ce1d0f263c29212fffbd137ca49e6 Mon Sep 17 00:00:00 2001 From: "Eloy Lafuente (stronk7)" Date: Mon, 29 Jun 2015 17:12:55 +0200 Subject: [PATCH] MDL-50688 lib: small cleanup + http/https coverage. --- lib/tests/moodlelib_test.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/tests/moodlelib_test.php b/lib/tests/moodlelib_test.php index 85b449616ee..9797ba70fe9 100644 --- a/lib/tests/moodlelib_test.php +++ b/lib/tests/moodlelib_test.php @@ -583,6 +583,9 @@ class core_moodlelib_testcase extends advanced_testcase { public function test_clean_param_localurl() { global $CFG; + + $this->resetAfterTest(); + // External, invalid. $this->assertSame('', clean_param('funny:thing', PARAM_LOCALURL)); $this->assertSame('', clean_param('http://google.com/', PARAM_LOCALURL)); @@ -600,7 +603,6 @@ class core_moodlelib_testcase extends advanced_testcase { // Local absolute HTTPS. $httpsroot = str_replace('http:', 'https:', $CFG->wwwroot); - $initialloginhttps = $CFG->loginhttps; $CFG->loginhttps = false; $this->assertSame('', clean_param($httpsroot, PARAM_LOCALURL)); $this->assertSame('', clean_param($httpsroot . '/with/something?else=true', PARAM_LOCALURL)); @@ -608,7 +610,13 @@ class core_moodlelib_testcase extends advanced_testcase { $this->assertSame($httpsroot, clean_param($httpsroot, PARAM_LOCALURL)); $this->assertSame($httpsroot . '/with/something?else=true', clean_param($httpsroot . '/with/something?else=true', PARAM_LOCALURL)); - $CFG->loginhttps = $initialloginhttps; + + // Test open redirects are not possible. + $CFG->loginhttps = false; + $CFG->wwwroot = 'http://www.example.com'; + $this->assertSame('', clean_param('http://www.example.com.evil.net/hack.php', PARAM_LOCALURL)); + $CFG->loginhttps = true; + $this->assertSame('', clean_param('https://www.example.com.evil.net/hack.php', PARAM_LOCALURL)); } public function test_clean_param_file() { -- 2.11.4.GIT