Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-44061

ajax_check_captured_output should log to error log on invalid content

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.5.5, 2.6.2
    • Fix Version/s: 2.5.6, 2.6.3
    • Component/s: JavaScript
    • Labels:
    • Testing Instructions:
      Hide
      • Run phpunit tests for lib/tests/ajaxlib_test.php

      With debug_developer disabled

      • Open the profile editing page
      • Open the file picker for account images
      • Select the Wikimedia plugin, search for, and select an image
        • Confirm no errors were shown at any stage
        • Confirm that no warnings related to whitespace were found in your error log
      • Repeat with debug_developer = true;
      • Disable debug_developer again
      • Edit repositories/wikimedia/wikimedia.php
      • Add some whitespace and a new line before the <?php tag
      • Repeat the test
        • Confirm that warnings related to whitespace were found in your error log
      • Repeat with debug_developer = true;
        • Confirm that warnings related to whitespace were found in your error log and displayed on screen
      Show
      Run phpunit tests for lib/tests/ajaxlib_test.php With debug_developer disabled Open the profile editing page Open the file picker for account images Select the Wikimedia plugin, search for, and select an image Confirm no errors were shown at any stage Confirm that no warnings related to whitespace were found in your error log Repeat with debug_developer = true; Disable debug_developer again Edit repositories/wikimedia/wikimedia.php Add some whitespace and a new line before the <?php tag Repeat the test Confirm that warnings related to whitespace were found in your error log Repeat with debug_developer = true; Confirm that warnings related to whitespace were found in your error log and displayed on screen
    • Affected Branches:
      MOODLE_25_STABLE, MOODLE_26_STABLE
    • Fixed Branches:
      MOODLE_25_STABLE, MOODLE_26_STABLE
    • Pull Master Branch:
      MDL-44061-master

      Description

      Technically, JSON can have a number of whitespace characters. At present, ajax_check_captured_output() complains about all of these, but perhaps it should not.

      JSON technically only allows the following whitespace characters[1]:

      • tabulation (U+0009);
      • linefeed (U+000A);
      • carriage return (U+000D); and
      • space (U+0020).

      However, outputting whitespace has other consequences which need to be considered. Although most of the content that we return for AJAX_SCRIPTs is JSON, the path where these whitespace characters is seen is not always limited to JSON. For example, any repository library which contains whitespace will be caught by this check but will also have an impact on non AJAX Scripts - for example it will prevent header changes and/or redirects which will have a negative impact on other parts of the code.

      That said, catching things in JS handling script is perhaps not the most obvious thing.

      If we do decide to do this, we would need to pass the list of acceptable parameters to trim as PHP's trim function removes:

      • tabulation (U+0009) - fine;
      • linefeed (U+000A) - fine;
      • carriage return (U+000D) - fine;
      • space (U+0020) - fine;
      • the NUL-byte (U+0000) - not in agreement; and
      • the vertical tab (U+000B) - not in agreement.

      [1] See the bottom of section 4 (JSON Text) of http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-404.pdf. At the top of page 8 of the PDF / 2 of the document.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  12/May/14