WebSVN – Moodle – Diff – /lib/tests/core_renderer_template_exploit_test.php



 * @package core
 * @category test
 * @copyright 2019 Ryan Wyllie <ryan@moodle.com>
 * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */
final class core_renderer_template_exploit_test extends \advanced_testcase {
    /**
     * Test cases to confirm that blacklisted helpers are stripped from the source
     * text by the helper before being passed to other another helper. This prevents
     * nested calls to helpers.
     */
    public static function get_template_testcases(): array {
        // Different helper implementations to test various combinations of nested
        // calls to render the templates.
        $norender = function($text) {
            return $text;
        };

        ];
    }

 
    /**
     * Test that the mustache_helper_collection class correctly strips
     * @dataProvider get_template_testcases
     * @param array $templates The template to add
     * @param string $torender The name of the template to render
     * @param array $context The template context
     * @param array $helpers Mustache helpers to add

Rev 11	Rev 1441
Línea 22...	Línea 22...
22	`* @package core`	22	`* @package core`
23	`* @category test`	23	`* @category test`
24	`* @copyright 2019 Ryan Wyllie <ryan@moodle.com>`	24	`* @copyright 2019 Ryan Wyllie <ryan@moodle.com>`
25	`* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later`	25	`* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later`
26	`*/`	26	`*/`
27	`class core_renderer_template_exploit_test extends \advanced_testcase {`	27	`final class core_renderer_template_exploit_test extends \advanced_testcase {`
28	`/**`	28	`/**`
29	`* Test cases to confirm that blacklisted helpers are stripped from the source`	29	`* Test cases to confirm that blacklisted helpers are stripped from the source`
30	`* text by the helper before being passed to other another helper. This prevents`	30	`* text by the helper before being passed to other another helper. This prevents`
31	`* nested calls to helpers.`	31	`* nested calls to helpers.`
32	`*/`	32	`*/`
33	`public function get_template_testcases() {`	33	`public static function get_template_testcases(): array {`
34	`// Different helper implementations to test various combinations of nested`	34	`// Different helper implementations to test various combinations of nested`
35	`// calls to render the templates.`	35	`// calls to render the templates.`
36	`$norender = function($text) {`	36	`$norender = function($text) {`
37	`return $text;`	37	`return $text;`
38	`};`	38	`};`
Línea 385...	Línea 385...
385	`];`	385	`];`
386	`}`	386	`}`
Línea 387...	Línea 387...
387		387
388	`/**`	388	`/**`
389	`* Test that the mustache_helper_collection class correctly strips`	389	`* Test that the mustache_helper_collection class correctly strips`
390	`* @dataProvider get_template_testcases()`	390	`* @dataProvider get_template_testcases`
391	`* @param array $templates The template to add`	391	`* @param array $templates The template to add`
392	`* @param string $torender The name of the template to render`	392	`* @param string $torender The name of the template to render`
393	`* @param array $context The template context`	393	`* @param array $context The template context`
394	`* @param array $helpers Mustache helpers to add`	394	`* @param array $helpers Mustache helpers to add`

Proyectos de Subversion Moodle

(root)/lib/tests/core_renderer_template_exploit_test.php – Rev 11 → 1441