Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-58057

Config values not properly cleaned in curl_security_helper

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 3.2.2
    • 3.2.1
    • Files API
    • MOODLE_32_STABLE
    • MOODLE_32_STABLE
    • MDL-58057-master
    • Hide

      Testing instructions:

      1. Make sure developer mode is enabled
      2. Under http security, set the allowed ports to:
        80
        443
      3. Add a var_dump after this line here:
        https://github.com/moodle/moodle/blob/master/lib/classes/files/curl_security_helper.php#L169
      4. Now, add a file resource to a course and select the file using URL downloader.
      5. Pick an existing file, for example 'http://localhost/xxx.png'
      6. Look at the var dump in the dialogue, and confirm that you only see strings like this "80" and "443", i.e. with no gaps after the numbers like "443 " or "80 ".
      Show
      Testing instructions: Make sure developer mode is enabled Under http security, set the allowed ports to: 80 443 Add a var_dump after this line here: https://github.com/moodle/moodle/blob/master/lib/classes/files/curl_security_helper.php#L169 Now, add a file resource to a course and select the file using URL downloader. Pick an existing file, for example 'http://localhost/xxx.png' Look at the var dump in the dialogue, and confirm that you only see strings like this "80" and "443", i.e. with no gaps after the numbers like "443 " or "80 ".

      Must have missed this one during development given the unit tests were passing. It doesn't even pop up when testing using the UI, but still should be addressed.

      Basically, there are left over carriage returns in the array elements of get_whitelisted_ports because I exploded on newline and forgot to trim. This function should behave the same exact way as get_blacklisted_hosts, which as you can see has the necessary array_map('trim',... already.

        1. screenshot-1.png
          screenshot-1.png
          11 kB
        2. screenshot-2.png
          screenshot-2.png
          14 kB
        3. screenshot-3.png
          screenshot-3.png
          15 kB

            jaked Jake Dallimore
            jaked Jake Dallimore
            cameron1729 cameron1729
            David Monllaó David Monllaó
            David Mudrák (@mudrd8mz) David Mudrák (@mudrd8mz)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.