Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 3.11.x will end 14 Nov 2022 (12 months plus 6 months extension).
  • Bug fixes for security issues in 3.11.x will end 13 Nov 2023 (18 months plus 12 months extension).
  • PHP version: minimum PHP 7.3.0 Note: minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is supported too.

Differences Between: [Versions 310 and 311] [Versions 39 and 311]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * HTTPS find and replace Tests
  19   *
  20   * @package   tool_httpsreplace
  21   * @copyright Copyright (c) 2016 Blackboard Inc. (http://www.blackboard.com)
  22   * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23   */
  24  
  25  namespace tool_httpsreplace;
  26  
  27  defined('MOODLE_INTERNAL') || die();
  28  
  29  /**
  30   * Tests the httpsreplace tool.
  31   *
  32   * @package   tool_httpsreplace
  33   * @copyright Copyright (c) 2016 Blackboard Inc. (http://www.blackboard.com)
  34   * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  35   */
  36  class httpsreplace_test extends \advanced_testcase {
  37  
  38      /**
  39       * Data provider for test_upgrade_http_links
  40       */
  41      public function upgrade_http_links_provider() {
  42          global $CFG;
  43          // Get the http url, since the default test wwwroot is https.
  44          $wwwroothttp = preg_replace('/^https:/', 'http:', $CFG->wwwroot);
  45          return [
  46              "Test image from another site should be replaced" => [
  47                  "content" => '<img src="' . $this->getExternalTestFileUrl('/test.jpg', false) . '">',
  48                  "outputregex" => '/UPDATE/',
  49                  "expectedcontent" => '<img src="' . $this->get_converted_http_link('/test.jpg') . '">',
  50              ],
  51              "Test object from another site should be replaced" => [
  52                  "content" => '<object data="' . $this->getExternalTestFileUrl('/test.swf', false) . '">',
  53                  "outputregex" => '/UPDATE/',
  54                  "expectedcontent" => '<object data="' . $this->get_converted_http_link('/test.swf') . '">',
  55              ],
  56              "Test image from a site with international name should be replaced" => [
  57                  "content" => '<img src="http://中国互联网络信息中心.中国/logosy/201706/W01.png">',
  58                  "outputregex" => '/UPDATE/',
  59                  "expectedcontent" => '<img src="https://中国互联网络信息中心.中国/logosy/201706/W01.png">',
  60              ],
  61              "Link that is from this site should be replaced" => [
  62                  "content" => '<img src="' . $wwwroothttp . '/logo.png">',
  63                  "outputregex" => '/UPDATE/',
  64                  "expectedcontent" => '<img src="' . $CFG->wwwroot . '/logo.png">',
  65              ],
  66              "Link that is from this site, https new so doesn't need replacing" => [
  67                  "content" => '<img src="' . $CFG->wwwroot . '/logo.png">',
  68                  "outputregex" => '/^$/',
  69                  "expectedcontent" => '<img src="' . $CFG->wwwroot . '/logo.png">',
  70              ],
  71              "Unavailable image should be replaced" => [
  72                  "content" => '<img src="http://intentionally.unavailable/link1.jpg">',
  73                  "outputregex" => '/UPDATE/',
  74                  "expectedcontent" => '<img src="https://intentionally.unavailable/link1.jpg">',
  75              ],
  76              "Https content that has an http url as a param should not be replaced" => [
  77                  "content" => '<img src="https://anothersite.com?param=http://asdf.com">',
  78                  "outputregex" => '/^$/',
  79                  "expectedcontent" => '<img src="https://anothersite.com?param=http://asdf.com">',
  80              ],
  81              "Search for params should be case insensitive" => [
  82                  "content" => '<object DATA="' . $this->getExternalTestFileUrl('/test.swf', false) . '">',
  83                  "outputregex" => '/UPDATE/',
  84                  "expectedcontent" => '<object DATA="' . $this->get_converted_http_link('/test.swf') . '">',
  85              ],
  86              "URL should be case insensitive" => [
  87                  "content" => '<object data="HTTP://some.site/path?query">',
  88                  "outputregex" => '/UPDATE/',
  89                  "expectedcontent" => '<object data="https://some.site/path?query">',
  90              ],
  91              "More params should not interfere" => [
  92                  "content" => '<img alt="A picture" src="' . $this->getExternalTestFileUrl('/test.png', false) .
  93                      '" width="1”><p style="font-size: \'20px\'"></p>',
  94                  "outputregex" => '/UPDATE/',
  95                  "expectedcontent" => '<img alt="A picture" src="' . $this->get_converted_http_link('/test.png') .
  96                      '" width="1”><p style="font-size: \'20px\'"></p>',
  97              ],
  98              "Broken URL should not be changed" => [
  99                  "content" => '<img src="broken.' . $this->getExternalTestFileUrl('/test.png', false) . '">',
 100                  "outputregex" => '/^$/',
 101                  "expectedcontent" => '<img src="broken.' . $this->getExternalTestFileUrl('/test.png', false) . '">',
 102              ],
 103              "Link URL should not be changed" => [
 104                  "content" => '<a href="' . $this->getExternalTestFileUrl('/test.png', false) . '">' .
 105                      $this->getExternalTestFileUrl('/test.png', false) . '</a>',
 106                  "outputregex" => '/^$/',
 107                  "expectedcontent" => '<a href="' . $this->getExternalTestFileUrl('/test.png', false) . '">' .
 108                      $this->getExternalTestFileUrl('/test.png', false) . '</a>',
 109              ],
 110              "Test image from another site should be replaced but link should not" => [
 111                  "content" => '<a href="' . $this->getExternalTestFileUrl('/test.png', false) . '"><img src="' .
 112                      $this->getExternalTestFileUrl('/test.jpg', false) . '"></a>',
 113                  "outputregex" => '/UPDATE/',
 114                  "expectedcontent" => '<a href="' . $this->getExternalTestFileUrl('/test.png', false) . '"><img src="' .
 115                      $this->get_converted_http_link('/test.jpg') . '"></a>',
 116              ],
 117          ];
 118      }
 119  
 120      /**
 121       * Convert the HTTP external test file URL to use HTTPS.
 122       *
 123       * Note: We *must not* use getExternalTestFileUrl with the True option
 124       * here, becase it is reasonable to have only one of these set due to
 125       * issues with SSL certificates.
 126       *
 127       * @param   string  $path Path to be rewritten
 128       * @return  string
 129       */
 130      protected function get_converted_http_link($path) {
 131          return preg_replace('/^http:/', 'https:', $this->getExternalTestFileUrl($path, false));
 132      }
 133  
 134      /**
 135       * Test upgrade_http_links
 136       * @param string $content Example content that we'll attempt to replace.
 137       * @param string $ouputregex Regex for what output we expect.
 138       * @param string $expectedcontent What content we are expecting afterwards.
 139       * @dataProvider upgrade_http_links_provider
 140       */
 141      public function test_upgrade_http_links($content, $ouputregex, $expectedcontent) {
 142          global $DB;
 143  
 144          $this->resetAfterTest();
 145          $this->expectOutputRegex($ouputregex);
 146  
 147          $finder = new tool_httpreplace_url_finder_mock();
 148  
 149          $generator = $this->getDataGenerator();
 150          $course = $generator->create_course((object) [
 151              'summary' => $content,
 152          ]);
 153  
 154          $finder->upgrade_http_links();
 155  
 156          $summary = $DB->get_field('course', 'summary', ['id' => $course->id]);
 157          $this->assertStringContainsString($expectedcontent, $summary);
 158      }
 159  
 160      /**
 161       * Data provider for test_http_link_stats
 162       */
 163      public function http_link_stats_provider() {
 164          global $CFG;
 165          // Get the http url, since the default test wwwroot is https.
 166          $wwwrootdomain = 'www.example.com';
 167          $wwwroothttp = preg_replace('/^https:/', 'http:', $CFG->wwwroot);
 168          $testdomain = $this->get_converted_http_link('');
 169          return [
 170              "Test image from an available site so shouldn't be reported" => [
 171                  "content" => '<img src="' . $this->getExternalTestFileUrl('/test.jpg', false) . '">',
 172                  "domain" => $testdomain,
 173                  "expectedcount" => 0,
 174              ],
 175              "Link that is from this site shouldn't be reported" => [
 176                  "content" => '<img src="' . $wwwroothttp . '/logo.png">',
 177                  "domain" => $wwwrootdomain,
 178                  "expectedcount" => 0,
 179              ],
 180              "Unavailable, but https shouldn't be reported" => [
 181                  "content" => '<img src="https://intentionally.unavailable/logo.png">',
 182                  "domain" => 'intentionally.unavailable',
 183                  "expectedcount" => 0,
 184              ],
 185              "Unavailable image should be reported" => [
 186                  "content" => '<img src="http://intentionally.unavailable/link1.jpg">',
 187                  "domain" => 'intentionally.unavailable',
 188                  "expectedcount" => 1,
 189              ],
 190              "Unavailable object should be reported" => [
 191                  "content" => '<object data="http://intentionally.unavailable/file.swf">',
 192                  "domain" => 'intentionally.unavailable',
 193                  "expectedcount" => 1,
 194              ],
 195              "Link should not be reported" => [
 196                  "content" => '<a href="http://intentionally.unavailable/page.php">Link</a>',
 197                  "domain" => 'intentionally.unavailable',
 198                  "expectedcount" => 0,
 199              ],
 200              "Text should not be reported" => [
 201                  "content" => 'http://intentionally.unavailable/page.php',
 202                  "domain" => 'intentionally.unavailable',
 203                  "expectedcount" => 0,
 204              ],
 205          ];
 206      }
 207  
 208      /**
 209       * Test http_link_stats
 210       * @param string $content Example content that we'll attempt to replace.
 211       * @param string $domain The domain we will check was replaced.
 212       * @param string $expectedcount Number of urls from that domain that we expect to be replaced.
 213       * @dataProvider http_link_stats_provider
 214       */
 215      public function test_http_link_stats($content, $domain, $expectedcount) {
 216          $this->resetAfterTest();
 217  
 218          $finder = new tool_httpreplace_url_finder_mock();
 219  
 220          $generator = $this->getDataGenerator();
 221          $course = $generator->create_course((object) [
 222              'summary' => $content,
 223          ]);
 224  
 225          $results = $finder->http_link_stats();
 226  
 227          $this->assertEquals($expectedcount, $results[$domain] ?? 0);
 228      }
 229  
 230      /**
 231       * Test links and text are not changed
 232       */
 233      public function test_links_and_text() {
 234          global $DB;
 235  
 236          $this->resetAfterTest();
 237          $this->expectOutputRegex('/^$/');
 238  
 239          $finder = new tool_httpreplace_url_finder_mock();
 240  
 241          $generator = $this->getDataGenerator();
 242          $course = $generator->create_course((object) [
 243              'summary' => '<a href="http://intentionally.unavailable/page.php">Link</a> http://other.unavailable/page.php',
 244          ]);
 245  
 246          $results = $finder->http_link_stats();
 247          $this->assertCount(0, $results);
 248  
 249          $finder->upgrade_http_links();
 250  
 251          $results = $finder->http_link_stats();
 252          $this->assertCount(0, $results);
 253  
 254          $summary = $DB->get_field('course', 'summary', ['id' => $course->id]);
 255          $this->assertStringContainsString('http://intentionally.unavailable/page.php', $summary);
 256          $this->assertStringContainsString('http://other.unavailable/page.php', $summary);
 257          $this->assertStringNotContainsString('https://intentionally.unavailable', $summary);
 258          $this->assertStringNotContainsString('https://other.unavailable', $summary);
 259      }
 260  
 261      /**
 262       * If we have an http wwwroot then we shouldn't report it.
 263       */
 264      public function test_httpwwwroot() {
 265          global $DB, $CFG;
 266  
 267          $this->resetAfterTest();
 268          $CFG->wwwroot = preg_replace('/^https:/', 'http:', $CFG->wwwroot);
 269          $this->expectOutputRegex('/^$/');
 270  
 271          $finder = new tool_httpreplace_url_finder_mock();
 272  
 273          $generator = $this->getDataGenerator();
 274          $course = $generator->create_course((object) [
 275              'summary' => '<img src="' . $CFG->wwwroot . '/image.png">',
 276          ]);
 277  
 278          $results = $finder->http_link_stats();
 279          $this->assertCount(0, $results);
 280  
 281          $finder->upgrade_http_links();
 282          $summary = $DB->get_field('course', 'summary', ['id' => $course->id]);
 283          $this->assertStringContainsString($CFG->wwwroot, $summary);
 284      }
 285  
 286      /**
 287       * Test that links in excluded tables are not replaced
 288       */
 289      public function test_upgrade_http_links_excluded_tables() {
 290          $this->resetAfterTest();
 291  
 292          set_config('test_upgrade_http_links', '<img src="http://somesite/someimage.png" />');
 293  
 294          $finder = new tool_httpreplace_url_finder_mock();
 295          ob_start();
 296          $results = $finder->upgrade_http_links();
 297          $output = ob_get_contents();
 298          ob_end_clean();
 299          $this->assertTrue($results);
 300          $this->assertStringNotContainsString('https://somesite', $output);
 301          $testconf = get_config('core', 'test_upgrade_http_links');
 302          $this->assertStringContainsString('http://somesite', $testconf);
 303          $this->assertStringNotContainsString('https://somesite', $testconf);
 304      }
 305  
 306      /**
 307       * Test renamed domains
 308       */
 309      public function test_renames() {
 310          global $DB, $CFG;
 311          $this->resetAfterTest();
 312          $this->expectOutputRegex('/UPDATE/');
 313  
 314          $renames = [
 315              'example.com' => 'secure.example.com',
 316          ];
 317  
 318          set_config('renames', json_encode($renames), 'tool_httpsreplace');
 319  
 320          $finder = new tool_httpreplace_url_finder_mock();
 321  
 322          $generator = $this->getDataGenerator();
 323          $course = $generator->create_course((object) [
 324              'summary' => '<script src="http://example.com/test.js"><img src="http://EXAMPLE.COM/someimage.png">',
 325          ]);
 326  
 327          $results = $finder->http_link_stats();
 328          $this->assertCount(0, $results);
 329  
 330          $finder->upgrade_http_links();
 331  
 332          $summary = $DB->get_field('course', 'summary', ['id' => $course->id]);
 333          $this->assertStringContainsString('https://secure.example.com', $summary);
 334          $this->assertStringNotContainsString('http://example.com', $summary);
 335          $this->assertEquals('<script src="https://secure.example.com/test.js">' .
 336              '<img src="https://secure.example.com/someimage.png">', $summary);
 337      }
 338  
 339      /**
 340       * When there are many different pieces of contents from the same site, we should only run replace once
 341       */
 342      public function test_multiple() {
 343          global $DB;
 344          $this->resetAfterTest();
 345          $original1 = '';
 346          $expected1 = '';
 347          $original2 = '';
 348          $expected2 = '';
 349          for ($i = 0; $i < 15; $i++) {
 350              $original1 .= '<img src="http://example.com/image' . $i . '.png">';
 351              $expected1 .= '<img src="https://example.com/image' . $i . '.png">';
 352              $original2 .= '<img src="http://example.com/image' . ($i + 15 ) . '.png">';
 353              $expected2 .= '<img src="https://example.com/image' . ($i + 15) . '.png">';
 354          }
 355          $finder = new tool_httpreplace_url_finder_mock();
 356  
 357          $generator = $this->getDataGenerator();
 358          $course1 = $generator->create_course((object) ['summary' => $original1]);
 359          $course2 = $generator->create_course((object) ['summary' => $original2]);
 360  
 361          ob_start();
 362          $finder->upgrade_http_links();
 363          $output = ob_get_contents();
 364          ob_end_clean();
 365  
 366          // Make sure everything is replaced.
 367          $summary1 = $DB->get_field('course', 'summary', ['id' => $course1->id]);
 368          $this->assertEquals($expected1, $summary1);
 369          $summary2 = $DB->get_field('course', 'summary', ['id' => $course2->id]);
 370          $this->assertEquals($expected2, $summary2);
 371  
 372          // Make sure only one UPDATE statment was called.
 373          $this->assertEquals(1, preg_match_all('/UPDATE/', $output));
 374      }
 375  
 376      /**
 377       * Test the tool when the column name is a reserved word in SQL (in this case 'where')
 378       */
 379      public function test_reserved_words() {
 380          global $DB;
 381  
 382          $this->resetAfterTest();
 383          $this->expectOutputRegex('/UPDATE/');
 384  
 385          // Create a table with a field that is a reserved SQL word.
 386          $dbman = $DB->get_manager();
 387          $table = new \xmldb_table('reserved_words_temp');
 388          $table->add_field('id', XMLDB_TYPE_INTEGER, '10', null, XMLDB_NOTNULL, XMLDB_SEQUENCE, null);
 389          $table->add_field('where', XMLDB_TYPE_TEXT, null, null, null, null, null);
 390          $table->add_key('primary', XMLDB_KEY_PRIMARY, array('id'));
 391          $dbman->create_table($table);
 392  
 393          // Insert a record with an <img> in this table and run tool.
 394          $content = '<img src="http://example.com/image.png">';
 395          $expectedcontent = '<img src="https://example.com/image.png">';
 396          $columnamequoted = $dbman->generator->getEncQuoted('where');
 397          $DB->execute("INSERT INTO {reserved_words_temp} ($columnamequoted) VALUES (?)", [$content]);
 398  
 399          $finder = new tool_httpreplace_url_finder_mock();
 400          $finder->upgrade_http_links();
 401  
 402          $record = $DB->get_record('reserved_words_temp', []);
 403          $this->assertStringContainsString($expectedcontent, $record->where);
 404  
 405          $dbman->drop_table($table);
 406      }
 407  }
 408  
 409  /**
 410   * Class tool_httpreplace_url_finder_mock for testing replace tool without calling curl
 411   *
 412   * @package   tool_httpsreplace
 413   * @copyright 2017 Marina Glancy
 414   * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 415   */
 416  class tool_httpreplace_url_finder_mock extends \tool_httpsreplace\url_finder {
 417      /**
 418       * Check if url is available (check hardcoded for unittests)
 419       *
 420       * @param string $url
 421       * @return bool
 422       */
 423      protected function check_domain_availability($url) {
 424          return !preg_match('|\.unavailable/$|', $url);
 425      }
 426  }