Commit af88973e authored by Son Nguyen's avatar Son Nguyen Committed by Robert Lyon

Bug 1550519. Fix HTMLPurifier disable external resource setting.

Add behat tests

Change-Id: I905af729d2cda76d5c6ff31b29b9d21c3dc67505
parent afc56624
......@@ -433,6 +433,10 @@ if (!defined('INSTALLER')) {
}
}
}
if (get_config('disableexternalresources')) {
$CFG->wwwhost = parse_url($CFG->wwwroot, PHP_URL_HOST);
}
/*
* Initializes our performance info early.
*
......
......@@ -3597,6 +3597,7 @@ function clean_html($text, $xhtml=false) {
if (get_config('disableexternalresources')) {
$config->set('URI.DisableExternalResources', true);
$config->set('URI.Host', get_config('wwwhost'));
}
// Permit embedding contents from other sites
......
@javascript @core @core_administration
Feature: Enable/disable external resources to display in pages
In order to control external resources displayed in mahara pages
As an admin
For security reason, I can enable/disable the setting "Disable external resources" in
"Site configuration" page
Background:
Given the following "users" exist:
| username | password | email | firstname | lastname | institution | authname | role |
| userA | Kupuhipa1 | test01@example.com | Pete | Mc | mahara | internal | member |
And the following "pages" exist:
| title | description| ownertype | ownername |
| Page 1 | This is the page | user | userA |
Scenario: Enable/disable external resources in mahara pages
# By default external resources are allowed in a page
When I log in as "userA" with password "Kupuhipa1"
# Upload an image
And I choose "Files" in "Content"
And I attach the file "Image2.png" to "files_filebrowser_userfile"
And I choose "Pages" in "Portfolio"
And I follow "Page 1"
And I follow "Edit this page"
# Add a "Text" block with an image from file area
And I follow "Text"
And I press "Add"
And I set the following fields to these values:
| Block title | Text block with an internal image |
And I click the "Insert/edit image" button in the editor
And I expand the section "Image"
And I follow "Image2.png"
And I press "Submit"
And I press "Save"
# Add a "Text" block with an embedded external image
And I follow "Text"
And I press "Add"
And I set the following fields to these values:
| Block title | Text block with an external image |
| Block content | <p><img title="Open source logo" src="https://upload.wikimedia.org/wikipedia/commons/thumb/4/42/Opensource.svg/744px-Opensource.svg.png" alt="" width="300" /></p> |
And I press "Save"
And I scroll to the id "main-nav"
And I follow "Display page"
Then I should see images in the block "Text block with an internal image"
And I should see images in the block "Text block with an external image"
And I log out
# Disable external resources and check if external images are displayed in pages
When I log in as "admin" with password "Kupuhipa1"
And I choose "Administration"
And I choose "Site options" in "Configure site"
And I expand the section "Security settings"
And I enable the switch "Disable external resources in user HTML"
And I press "Update site options"
And I log out
And I log in as "userA" with password "Kupuhipa1"
And I choose "Pages" in "Portfolio"
And I follow "Page 1"
Then I should see images in the block "Text block with an internal image"
And I should not see images in the block "Text block with an external image"
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment