Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-58057

Config values not properly cleaned in curl_security_helper

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • 3.2.2
    • 3.2.1
    • Files API
    • MOODLE_32_STABLE
    • MOODLE_32_STABLE
    • MDL-58057-master
    • Hide

      Testing instructions:

      1. Make sure developer mode is enabled
      2. Under http security, set the allowed ports to:
        80
        443
      3. Add a var_dump after this line here:
        https://github.com/moodle/moodle/blob/master/lib/classes/files/curl_security_helper.php#L169
      4. Now, add a file resource to a course and select the file using URL downloader.
      5. Pick an existing file, for example 'http://localhost/xxx.png'
      6. Look at the var dump in the dialogue, and confirm that you only see strings like this "80" and "443", i.e. with no gaps after the numbers like "443 " or "80 ".
      Show
      Testing instructions: Make sure developer mode is enabled Under http security, set the allowed ports to: 80 443 Add a var_dump after this line here: https://github.com/moodle/moodle/blob/master/lib/classes/files/curl_security_helper.php#L169 Now, add a file resource to a course and select the file using URL downloader. Pick an existing file, for example 'http://localhost/xxx.png' Look at the var dump in the dialogue, and confirm that you only see strings like this "80" and "443", i.e. with no gaps after the numbers like "443 " or "80 ".

    Description

      Must have missed this one during development given the unit tests were passing. It doesn't even pop up when testing using the UI, but still should be addressed.

      Basically, there are left over carriage returns in the array elements of get_whitelisted_ports because I exploded on newline and forgot to trim. This function should behave the same exact way as get_blacklisted_hosts, which as you can see has the necessary array_map('trim',... already.

      Attachments

        1. screenshot-1.png
          11 kB
          David Mudrák (@mudrd8mz)
        2. screenshot-2.png
          14 kB
          David Mudrák (@mudrd8mz)
        3. screenshot-3.png
          15 kB
          David Mudrák (@mudrd8mz)

        Issue Links

          Activity

            People

              jaked Jake Dallimore
              jaked Jake Dallimore
              cameron1729 cameron1729
              David Monllaó David Monllaó
              David Mudrák (@mudrd8mz) David Mudrák (@mudrd8mz)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Clockify

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.