MDL-51700 ajax: Clean the external function return values

author Frederic Massart <fred@moodle.com>

Thu, 8 Oct 2015 09:51:05 +0000 (17:51 +0800)

committer Frederic Massart <fred@moodle.com>

Wed, 2 Dec 2015 02:30:01 +0000 (10:30 +0800)
author Frederic Massart <fred@moodle.com>
Thu, 8 Oct 2015 09:51:05 +0000 (17:51 +0800)
committer Frederic Massart <fred@moodle.com>
Wed, 2 Dec 2015 02:30:01 +0000 (10:30 +0800)
diff --git a/lib/ajax/service.php b/lib/ajax/service.php

index ce58f01..e72f165 100644 (file)
--- a/lib/ajax/service.php
+++ b/lib/ajax/service.php
@@ -82,6 +82,12 @@ foreach ($requests as $request) {
          $result = call_user_func_array($callable,
                                         array_values($params));
  
+        // Validate the return parameters.
+        if ($externalfunctioninfo->returns_desc !== null) {
+            $callable = array($externalfunctioninfo->classname, 'clean_returnvalue');
+            $result = call_user_func($callable, $externalfunctioninfo->returns_desc, $result);
+        }
+
          $response['error'] = false;
          $response['data'] = $result;
          $responses[$index] = $response;
diff --git a/lib/upgrade.txt b/lib/upgrade.txt

index c38064a..aa16374 100644 (file)
--- a/lib/upgrade.txt
+++ b/lib/upgrade.txt
@@ -1,6 +1,10 @@
  This files describes API changes in core libraries and APIs,
  information provided here is intended especially for developers.
  
+=== 3.1 ===
+
+* Ajax calls going through lib/ajax/* now validate the return values before sending the response. If the validation does not pass an exception is raised. This behaviour is consistent with web services.
+
  === 3.0 ===
  
  * Minify updated to 2.2.1
author	Frederic Massart <fred@moodle.com>
	Thu, 8 Oct 2015 09:51:05 +0000 (17:51 +0800)
committer	Frederic Massart <fred@moodle.com>
	Wed, 2 Dec 2015 02:30:01 +0000 (10:30 +0800)
lib/ajax/service.php		patch \| blob \| blame \| history
lib/upgrade.txt		patch \| blob \| blame \| history