Commit 7315358e authored by jun's avatar jun
Browse files

Merge branch 'MDL-46768-master' of git://github.com/sarjona/moodle

parents 081ac915 d77a6026
......@@ -42,6 +42,7 @@ $badge = new issued_badge($id);
if (!empty($badge->recipient->id)) {
if ($bake && ($badge->recipient->id == $USER->id)) {
$name = str_replace(' ', '_', $badge->badgeclass['name']) . '.png';
$name = clean_param($name, PARAM_FILE);
$filehash = badges_bake($id, $badge->badgeid, $USER->id, true);
$fs = get_file_storage();
$file = $fs->get_file_by_hash($filehash);
......
......@@ -159,7 +159,7 @@ class core_badges_external extends external_api {
new external_single_structure(
array(
'id' => new external_value(PARAM_INT, 'Badge id.', VALUE_OPTIONAL),
'name' => new external_value(PARAM_FILE, 'Badge name.'),
'name' => new external_value(PARAM_TEXT, 'Badge name.'),
'description' => new external_value(PARAM_NOTAGS, 'Badge description.'),
'badgeurl' => new external_value(PARAM_URL, 'Badge URL.'),
'timecreated' => new external_value(PARAM_INT, 'Time created.', VALUE_OPTIONAL),
......
......@@ -48,8 +48,8 @@ class edit_details_form extends moodleform {
$mform->addElement('header', 'badgedetails', get_string('badgedetails', 'badges'));
$mform->addElement('text', 'name', get_string('name'), array('size' => '70'));
// Using PARAM_FILE to avoid problems later when downloading badge files.
$mform->setType('name', PARAM_FILE);
// When downloading badge, it will be necessary to clean the name as PARAM_FILE.
$mform->setType('name', PARAM_TEXT);
$mform->addRule('name', null, 'required');
$mform->addRule('name', get_string('maximumchars', '', 255), 'maxlength', 255, 'client');
......
......@@ -72,6 +72,7 @@ if ($hide) {
require_sesskey();
$badge = new badge($download);
$name = str_replace(' ', '_', $badge->name) . '.png';
$name = clean_param($name, PARAM_FILE);
$filehash = badges_bake($hash, $download, $USER->id, true);
$fs = get_file_storage();
$file = $fs->get_file_by_hash($filehash);
......
......@@ -48,7 +48,7 @@ class core_badges_badgeslib_testcase extends advanced_testcase {
$fordb = new stdClass();
$fordb->id = null;
$fordb->name = "Test badge";
$fordb->name = "Test badge with 'apostrophe' and other friends (<>&@#)";
$fordb->description = "Testing badges";
$fordb->timecreated = time();
$fordb->timemodified = time();
......
......@@ -31,14 +31,14 @@ Feature: Add badges to the system
Scenario: Add a badge
Given I navigate to "Add a new badge" node in "Site administration > Badges"
And I set the following fields to these values:
| Name | Test Badge |
| Name | Test badge with 'apostrophe' and other friends (<>&@#) |
| Description | Test badge description |
| issuername | Test Badge Site |
| issuercontact | testuser@example.com |
And I upload "badges/tests/behat/badge.png" file to "Image" filemanager
When I press "Create badge"
Then I should see "Edit details"
And I should see "Test Badge"
And I should see "Test badge with 'apostrophe' and other friends (&@#)"
And I should not see "Create badge"
And I follow "Manage badges"
And I should see "Number of badges available: 1"
......
......@@ -1161,6 +1161,7 @@ function badges_download($userid) {
// Need to make image name user-readable and unique using filename safe characters.
$name = $badge->name . ' ' . userdate($issued->dateissued, '%d %b %Y') . ' ' . hash('crc32', $badge->id);
$name = str_replace(' ', '_', $name);
$name = clean_param($name, PARAM_FILE);
if ($file = $fs->get_file($context->id, 'badges', 'userbadge', $issued->badgeid, '/', $issued->uniquehash . '.png')) {
$filelist[$name . '.png'] = $file;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment