MDL-46269 tool_httpsreplace: Make tool ready for core

Remove known domains add config for renames Fix coding style Add capability checks Add page setters Match moodle string style Disable form change checker for form Add todo issue Fix docs Bump version
moodle · Oct 16, 2017 · 7821d93 · 7821d93
1 parent 836226c
commit 7821d93
Show file tree

Hide file tree

Showing 9 changed files with 109 additions and 75 deletions.
diff --git a/admin/tool/httpsreplace/README.md b/admin/tool/httpsreplace/README.md
diff --git a/admin/tool/httpsreplace/classes/form.php b/admin/tool/httpsreplace/classes/form.php
@@ -30,16 +30,22 @@
 
 /**
  * Site wide http -> https search-replace form.
+ * @copyright Copyright (c) 2016 Blackboard Inc. (http://www.blackboard.com)
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
 class form extends \moodleform {
 
+    /**
+     * Define the form.
+     */
     public function definition() {
         $mform = $this->_form;
 
         $mform->addElement('header', 'confirmhdr', get_string('confirm'));
         $mform->setExpanded('confirmhdr', true);
         $mform->addElement('checkbox', 'sure', get_string('disclaimer', 'tool_httpsreplace'));
         $mform->addRule('sure', get_string('required'), 'required', null, 'client');
+        $mform->disable_form_change_checker();
 
         $this->add_action_buttons(false, get_string('doit', 'tool_httpsreplace'));
     }

diff --git a/admin/tool/httpsreplace/classes/url_finder.php b/admin/tool/httpsreplace/classes/url_finder.php
@@ -14,33 +14,42 @@
 // You should have received a copy of the GNU General Public License
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
+/**
+ * url_finder class definition.
+ *
+ * @package    tool_httpsreplace
+ * @copyright Copyright (c) 2016 Blackboard Inc. (http://www.blackboard.com)
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
 namespace tool_httpsreplace;
 
 defined('MOODLE_INTERNAL') || die();
 
 /**
- * Examines DB for non-https src or data links that will cause trouble
- * when embedded in HTTPS sites.
+ * Examines DB for non-https src or data links
  *
  * @package tool_httpsreplace
  * @copyright Copyright (c) 2016 Blackboard Inc. (http://www.blackboard.com)
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
 class url_finder {
 
+
     /**
-     * Domains that need replaced when using https links.
+     * Returns a hash of what hosts are referred to over http and would need to be changed.
      *
-     * @var array
-     * @access private
+     * @return array Hash of domains with number of references as the value.
      */
-    private $exceptions = [
-        'cdnapi.kaltura.com' => 'cdnapisec.kaltura.com',
-    ];
-
     public function http_link_stats() {
         return $this->process(false);
     }
 
+    /**
+     * Changes all resources referred to over http to https.
+     *
+     * @return bool True upon success
+     */
     public function upgrade_http_links() {
         return $this->process(true);
     }
@@ -52,23 +61,17 @@ public function upgrade_http_links() {
      * @param string $table
      * @param string $column
      * @param string $domain
-     * @access private
      * @return void
      */
     private function domain_swap($table, $column, $domain) {
         global $DB;
 
+        $renames = (array)json_decode(get_config('tool_httpsreplace', 'renames'));
+
         $search = "http://$domain";
         $replace = "https://$domain";
-        if (isset($this->exceptions[$domain])) {
-            $replace = 'https://' . $this->exceptions[$domain];
-        }
-        if (preg_match('/rackcdn.com$/', $domain)) {
-            // Regexes adapted from
-            // https://www.eff.org/https-everywhere/atlas/domains/rackcdn.com.html ruleset.
-            $pattern = '/^([\w-]+)\.(?:r\d+|ssl)\.cf(\d)\.rackcdn\.com$/';
-            $replacement = 'https://$1.ssl.cf$2.rackcdn.com';
-            $replace = preg_replace($pattern, $replacement, $domain);
+        if (isset($renames[$domain])) {
+            $replace = 'https://' . $renames[$domain];
         }
         $DB->set_debug(true);
         // Note, this search is case sensitive.
@@ -78,6 +81,8 @@ private function domain_swap($table, $column, $domain) {
 
     /**
      * Originally forked from core function db_search().
+     * @param bool $replacing Whether or not to replace the found urls.
+     * @return bool|array If $replacing, return true on success. If not, return hash of http urls to number of times used.
      */
     private function process($replacing = false) {
         global $DB, $CFG;
@@ -87,7 +92,7 @@ private function process($replacing = false) {
         $httpurls  = "(src|data)\ *=\ *[\\\"\']http://";
 
         // TODO: block_instances have HTML content as base64, need to decode then
-        // search, currently just skipped.
+        // search, currently just skipped. See MDL-60024.
         $skiptables = array(
             'block_instances',
             'config',
@@ -186,19 +191,8 @@ private function process($replacing = false) {
         $uniquedomains = array_unique($domains);
 
         $sslfailures = array();
-        $knownsupported = array(
-            'amazon.com',
-            'www.amazon.com',
-            'dropbox.com',
-            'www.dropbox.com',
-            'cdnapi.kaltura.com',
-            'fe8be92ac963979368eca.r38.cf1.rackcdn.com', // Not actually a real domain, but used for testing.
-        );
 
         foreach ($uniquedomains as $domain) {
-            if (in_array($domain, $knownsupported)) {
-                continue;
-            }
             $url = "https://$domain/";
             $curl = new \curl();
             $curl->head($url);

diff --git a/admin/tool/httpsreplace/cli/url_finder.php b/admin/tool/httpsreplace/cli/url_finder.php
@@ -14,6 +14,14 @@
 // You should have received a copy of the GNU General Public License
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
+/**
+ * url_finder cli script. Examines DB for non-https src or data links, and lists them.
+ *
+ * @package    tool_httpsreplace
+ * @copyright Copyright (c) 2016 Blackboard Inc. (http://www.blackboard.com)
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
 define('CLI_SCRIPT', true);
 require(__DIR__ . '/../../../../config.php');
 require_once($CFG->libdir.'/clilib.php');

diff --git a/admin/tool/httpsreplace/cli/url_replace.php b/admin/tool/httpsreplace/cli/url_replace.php
@@ -14,6 +14,14 @@
 // You should have received a copy of the GNU General Public License
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
+/**
+ * url_finder cli script. Examines DB for non-https src or data links, and replaces them.
+ *
+ * @package    tool_httpsreplace
+ * @copyright Copyright (c) 2016 Blackboard Inc. (http://www.blackboard.com)
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
 define('CLI_SCRIPT', true);
 require(__DIR__ . '/../../../../config.php');
 require_once($CFG->libdir.'/clilib.php');

diff --git a/admin/tool/httpsreplace/index.php b/admin/tool/httpsreplace/index.php
@@ -24,12 +24,22 @@
 
 define('NO_OUTPUT_BUFFERING', true);
 
-require_once('../../../config.php');
-require_once($CFG->dirroot.'/course/lib.php');
-require_once($CFG->libdir.'/adminlib.php');
+require_once(__DIR__ . '/../../../config.php');
+require_once($CFG->dirroot . '/course/lib.php');
+require_once($CFG->libdir . '/adminlib.php');
 
 admin_externalpage_setup('toolhttpsreplace');
 
+$context = context_system::instance();
+
+require_login();
+require_capability('moodle/site:config', $context);
+
+$PAGE->set_context($context);
+$PAGE->set_url(new moodle_url('/admin/tool/httpsreplace/index.php'));
+$PAGE->set_title(get_string('pageheader', 'tool_httpsreplace'));
+$PAGE->set_pagelayout('admin');
+
 echo $OUTPUT->header();
 
 echo $OUTPUT->heading(get_string('pageheader', 'tool_httpsreplace'));

diff --git a/admin/tool/httpsreplace/lang/en/tool_httpsreplace.php b/admin/tool/httpsreplace/lang/en/tool_httpsreplace.php
@@ -17,25 +17,21 @@
 /**
  * Strings for component 'tool_httpsreplace'
  *
- * @package    tool
- * @subpackage httpsreplace
+ * @package    tool_httpsreplace
  * @copyright Copyright (c) 2016 Blackboard Inc. (http://www.blackboard.com)
  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
 
-$string['count'] = 'Number of links';
+$string['count'] = 'Number of embeded content items';
 $string['disclaimer'] = 'I understand the risks of this operation';
 $string['doclink'] = 'Read more documentation on the wiki';
-$string['doit'] = 'Yes, do it!';
+$string['doit'] = 'Perform replacement';
 $string['domain'] = 'Problematic domain';
-$string['domainexplain'] = 'This tool locates embedded content that may not work when upgrading a site to use https. It also allows you to fix the problems automatically.';
-$string['domainexplainhelp'] = 'These domains are found in your content, but do not appear to support https links. After switching to https, the content included from these sites will no longer display within Moodle for users with secure modern browsers. It is possible that these sites are temporarily or permanently unavailable and will not work with either security setting. Proceed only after reviewing these results and determining if this externally hosted content is non-essential.';
-$string['invalidcharacter'] = 'Invalid characters were found in the search or replace text.';
-$string['notifyfinished'] = '...finished';
-$string['notifyrebuilding'] = 'Rebuilding course cache...';
+$string['domainexplain'] = 'When an instance is moved from http to https, all embeded http content will stop working. This tool always you to automatically convert the http content to https. Below is a report of content that may not work once you run this script. You may want to check each one has https available or find alternative resources.';
+$string['domainexplainhelp'] = 'These domains are found in your content, but do not appear to support https content. After switching to https, the content included from these sites will no longer display within Moodle for users with secure modern browsers. It is possible that these sites are temporarily or permanently unavailable and will not work with either security setting. Proceed only after reviewing these results and determining if this externally hosted content is non-essential.';
 $string['notimplemented'] = 'Sorry, this feature is not implemented in your database driver.';
-$string['oktoprocede'] = 'The scan finds no issues with your content. You can proceed to upgrade any http links to use https.';
+$string['oktoprocede'] = 'The scan finds no issues with your content. You can proceed to upgrade any http content to use https.';
 $string['pageheader'] = 'Upgrade externally hosted content urls to https';
-$string['pluginname'] = 'HTTPS Replace';
-$string['replacing'] = 'Replacing http links with https...';
-$string['takeabackupwarning'] = 'Changes made can\'t be reverted. A complete backup should be made before running this script!';
+$string['pluginname'] = 'HTTPS conversion tool';
+$string['replacing'] = 'Replacing http content with https...';
+$string['takeabackupwarning'] = 'Once this tool run, changes made can\'t be reverted. A complete backup should be made before running this script! There is a low risk that the wrong content will be replaced, introducing problems.';
diff --git a/admin/tool/httpsreplace/tests/httpsreplace_test.php b/admin/tool/httpsreplace/tests/httpsreplace_test.php
@@ -27,6 +27,13 @@
 
 defined('MOODLE_INTERNAL') || die();
 
+/**
+ * Tests the httpsreplace tool.
+ *
+ * @package   tool_httpsreplace
+ * @copyright Copyright (c) 2016 Blackboard Inc. (http://www.blackboard.com)
+ * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
 class httpsreplace_test extends \advanced_testcase {
 
     /**
@@ -67,16 +74,6 @@ public function upgrade_http_links_provider() {
                 "outputregex" => '/^$/',
                 "expectedcontent" => '<img src="https://anothersite.com?param=http://asdf.com">',
             ],
-            "Known supported domain should be replaced" => [
-                "content" => '<iframe src="http://fe8be92ac963979368eca.r38.cf1.rackcdn.com/Helpful_ET_Websites_Apps_Resources.pdf">',
-                "domain" => 'fe8be92ac963979368eca.ssl.cf1.rackcdn.com',
-                "outputregex" => '/UPDATE/',
-            ],
-            "Exception is replaced with new domain" => [
-                "content" => '<script src="http://cdnapi.kaltura.com/p/730212/sp/73021200/embedIframeJs">',
-                "domain" => 'cdnapisec.kaltura.com',
-                "outputregex" => '/UPDATE/',
-            ],
             "More params should not interfere" => [
                 "content" => '<img alt="A picture" src="' . $this->getExternalTestFileUrl('/test.png', false) . '" width="1”><p style="font-size: \'20px\'"></p>',
                 "outputregex" => '/UPDATE/',
@@ -156,11 +153,6 @@ public function http_link_stats_provider() {
                 "domain" => 'intentionally.unavailable',
                 "expectedcount" => 1,
             ],
-            "Known supported domain should not be reported" => [
-                "content" => '<iframe src="http://fe8be92ac963979368eca.r38.cf1.rackcdn.com/Helpful_ET_Websites_Apps_Resources.pdf">',
-                "domain" => 'fe8be92ac963979368eca.r38.cf1.rackcdn.com',
-                "expectedcount" => 0,
-            ],
             "Link should not be reported" => [
                 "content" => '<a href="http://intentionally.unavailable/page.php">Link</a>',
                 "domain" => 'intentionally.unavailable',
@@ -272,4 +264,35 @@ public function test_upgrade_http_links_excluded_tables() {
         $this->assertNotContains('https://somesite', $testconf);
     }
 
+    /**
+     * Test renamed domains
+     */
+    public function test_renames() {
+        global $DB, $CFG;
+        $this->resetAfterTest();
+        $this->expectOutputRegex('/UPDATE/');
+
+        $renames = [
+            'example.com' => 'secure.example.com',
+        ];
+
+        set_config('renames', json_encode($renames), 'tool_httpsreplace');
+
+        $finder = new \tool_httpsreplace\url_finder();
+
+        $generator = $this->getDataGenerator();
+        $course = $generator->create_course((object) [
+            'summary' => '<script src="http://example.com/test.js">',
+        ]);
+
+        $results = $finder->http_link_stats();
+        $this->assertCount(0, $results);
+
+        $finder->upgrade_http_links();
+
+        $summary = $DB->get_field('course', 'summary', ['id' => $course->id]);
+        $this->assertContains('https://secure.example.com', $summary);
+        $this->assertNotContains('http://example.com', $summary);
+    }
+
 }
diff --git a/admin/tool/httpsreplace/version.php b/admin/tool/httpsreplace/version.php
@@ -24,9 +24,6 @@
 
 defined('MOODLE_INTERNAL') || die();
 
-$plugin->version   = 2017063000; // The current plugin version (Date: YYYYMMDDXX).
-$plugin->requires  = 2016120500; // Requires this Moodle version.
-$plugin->release   = '3.2.3';
+$plugin->version   = 2017082500; // The current plugin version (Date: YYYYMMDDXX).
+$plugin->requires  = 2017082400; // Requires this Moodle version.
 $plugin->component = 'tool_httpsreplace'; // Full name of the plugin (used for diagnostics).
-
-$plugin->maturity  = MATURITY_STABLE; // This version's maturity level.