Skip to content
Browse files

MDL-38509 Fix the communication protocol with Moodle plugins directory

Implements the behaviour currently specified at
http://docs.moodle.org/dev/On-click_add-on_installation
  • Loading branch information...
1 parent 59a2cc8 commit b7f6442670ac074fe6edd951ec48f190282ece2d @mudrd8mz mudrd8mz committed Mar 22, 2013
View
4 admin/tool/installaddon/classes/installer.php
@@ -68,7 +68,7 @@ public function get_addons_repository_url() {
$site = array(
'fullname' => $this->get_site_fullname(),
'url' => $this->get_site_url(),
- 'major_version' => $this->get_site_major_version(),
+ 'majorversion' => $this->get_site_major_version(),
);
$site = $this->encode_site_information($site);
@@ -228,7 +228,7 @@ protected function __construct() {
protected function get_site_fullname() {
global $SITE;
- return $SITE->fullname;
+ return strip_tags($SITE->fullname);
}
/**
View
8 admin/tool/installaddon/tests/installer_test.php
@@ -47,9 +47,9 @@ public function test_get_addons_repository_url() {
$site = json_decode(base64_decode($site), true);
$this->assertEquals('array', gettype($site));
$this->assertEquals(3, count($site));
- $this->assertSame($installer->get_site_fullname(), $site['fullname']);
- $this->assertSame($installer->get_site_url(), $site['url']);
- $this->assertSame($installer->get_site_major_version(), $site['major_version']);
+ $this->assertSame('Nasty site', $site['fullname']);
+ $this->assertSame('file:///etc/passwd', $site['url']);
+ $this->assertSame("2.5'; DROP TABLE mdl_user; --", $site['majorversion']);
}
public function test_extract_installfromzip_file() {
@@ -86,7 +86,7 @@ public function test_extract_installfromzip_file() {
class testable_tool_installaddon_installer extends tool_installaddon_installer {
public function get_site_fullname() {
- return '<h1 onmouseover="alert(\'Hello Moodle.org!\');">Nasty site</h1>';
+ return strip_tags('<h1 onmouseover="alert(\'Hello Moodle.org!\');">Nasty site</h1>');
}
public function get_site_url() {

0 comments on commit b7f6442

Please sign in to comment.
Something went wrong with that request. Please try again.