Merge branch '71093-moodle310-backup-honor-formatstringstriptags' of h…

…ttps://github.com/DSI-Universite-Rennes2/moodle into MOODLE_310_STABLE
moodle · Sep 14, 2021 · 8cadc4d · 8cadc4d
2 parents 248c791 + 6c661ed
commit 8cadc4d
Show file tree

Hide file tree

Showing 2 changed files with 75 additions and 3 deletions.
diff --git a/backup/util/ui/backup_ui_setting.class.php b/backup/util/ui/backup_ui_setting.class.php
@@ -146,11 +146,13 @@ public function get_param_validation() {
      * @throws base_setting_ui_exception when the label is not valid.
      * @param string $label
      */
-    public function set_label($label) {
-        $label = (string)$label;
-        if ($label === '' || $label !== clean_param($label, PARAM_TEXT)) {
+    public function set_label(string $label) :void {
+        $label = clean_param($label, PARAM_CLEANHTML);
+
+        if ($label === '') {
             throw new base_setting_ui_exception('setting_invalid_ui_label');
         }
+
         $this->label = $label;
     }
 

diff --git a/backup/util/ui/tests/base_setting_ui_test.php b/backup/util/ui/tests/base_setting_ui_test.php
@@ -0,0 +1,70 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Tests for base_setting_ui class.
+ *
+ * @package   core_backup
+ * @copyright 2021 Université Rennes 2 {@link https://www.univ-rennes2.fr}
+ * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+defined('MOODLE_INTERNAL') || die();
+
+global $CFG;
+
+require_once($CFG->dirroot.'/backup/util/settings/tests/settings_test.php');
+
+/**
+ * Tests for base_setting_ui class.
+ *
+ * @copyright 2021 Université Rennes 2 {@link https://www.univ-rennes2.fr}
+ * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class base_setting_ui_test extends advanced_testcase {
+    /**
+     * Tests set_label().
+     *
+     * @return void
+     */
+    public function test_set_label() {
+        $this->resetAfterTest();
+
+        $bs = new mock_base_setting('test', base_setting::IS_BOOLEAN);
+        $bsui = new base_setting_ui($bs);
+
+        // Should keep original text string.
+        $bsui->set_label('Section name');
+        $this->assertEquals('Section name', $bsui->get_label());
+
+        // Should keep original HTML string.
+        $bsui->set_label('<b>Section name</b>');
+        $this->assertEquals('<b>Section name</b>', $bsui->get_label());
+
+        // Should be converted to text string.
+        $bsui->set_label(123);
+        $this->assertSame('123', $bsui->get_label());
+
+        // Should raise an exception when label is empty.
+        try {
+            $bsui->set_label('');
+            $this->assertTrue(false, 'base_setting_ui_exception');
+        } catch (Exception $exception) {
+            $this->assertTrue($exception instanceof base_setting_ui_exception);
+            $this->assertEquals($exception->errorcode, 'setting_invalid_ui_label');
+        }
+    }
+}