Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 3.10.x will end 8 November 2021 (12 months).
  • Bug fixes for security issues in 3.10.x will end 9 May 2022 (18 months).
  • PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.

Differences Between: [Versions 310 and 311] [Versions 310 and 400] [Versions 310 and 401] [Versions 310 and 402] [Versions 310 and 403] [Versions 39 and 310]

Unit tests for core renderer render template exploit.

Copyright: 2019 Ryan Wyllie <ryan@moodle.com>
License: http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
File Size: 462 lines (18 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 1 class

core_renderer_template_exploit_testcase:: (2 methods):
  get_template_testcases()
  test_core_mustache_engine_strips_js_helper()


Class: core_renderer_template_exploit_testcase  - X-Ref

Unit tests for core renderer render template exploit.

get_template_testcases()   X-Ref
Test cases to confirm that blacklisted helpers are stripped from the source
text by the helper before being passed to other another helper. This prevents
nested calls to helpers.


test_core_mustache_engine_strips_js_helper($templates,$torender,$context,$helpers,$js,$expected,$include)   X-Ref
Test that the mustache_helper_collection class correctly strips

param: string $templates The template to add
param: string $torender The name of the template to render
param: array $context The template context
param: array $helpers Mustache helpers to add
param: string $js The JS string from the template
param: string $expected The expected output of the string after stripping JS
param: bool $include If the JS should be added to the page or not