Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.

Differences Between: [Versions 310 and 401] [Versions 39 and 401] [Versions 401 and 402] [Versions 401 and 403]

(no description)

File Size: 443 lines (17 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 1 class

core_renderer_template_exploit_test:: (2 methods):
  get_template_testcases()
  test_core_mustache_engine_strips_js_helper()


Class: core_renderer_template_exploit_test  - X-Ref

Unit tests for core renderer render template exploit.

get_template_testcases()   X-Ref
Test cases to confirm that blacklisted helpers are stripped from the source
text by the helper before being passed to other another helper. This prevents
nested calls to helpers.


test_core_mustache_engine_strips_js_helper($templates,$torender,$context,$helpers,$js,$expected,$include)   X-Ref
Test that the mustache_helper_collection class correctly strips

param: string $templates The template to add
param: string $torender The name of the template to render
param: array $context The template context
param: array $helpers Mustache helpers to add
param: string $js The JS string from the template
param: string $expected The expected output of the string after stripping JS
param: bool $include If the JS should be added to the page or not