MDL-63834 core_message: validate conversation type before creating
authorMark Nelson <markn@moodle.com>
Tue, 13 Nov 2018 00:37:09 +0000 (08:37 +0800)
committerMark Nelson <markn@moodle.com>
Tue, 13 Nov 2018 00:41:26 +0000 (08:41 +0800)
message/classes/api.php
message/tests/api_test.php

index b732e03..c7ccff4 100644 (file)
@@ -1681,6 +1681,15 @@ class api {
 
         global $DB;
 
 
         global $DB;
 
+        $validtypes = [
+            self::MESSAGE_CONVERSATION_TYPE_INDIVIDUAL,
+            self::MESSAGE_CONVERSATION_TYPE_GROUP
+        ];
+
+        if (!in_array($type, $validtypes)) {
+            throw new \moodle_exception('An invalid conversation type was specified.');
+        }
+
         // Sanity check.
         if ($type == self::MESSAGE_CONVERSATION_TYPE_INDIVIDUAL) {
             if (count($userids) > 2) {
         // Sanity check.
         if ($type == self::MESSAGE_CONVERSATION_TYPE_INDIVIDUAL) {
             if (count($userids) > 2) {
index 89567e2..f18009d 100644 (file)
@@ -3945,6 +3945,14 @@ class core_message_api_testcase extends core_message_messagelib_testcase {
         $this->assertEquals($conversation->id, $member3->conversationid);
     }
 
         $this->assertEquals($conversation->id, $member3->conversationid);
     }
 
+    /**
+     * Test creating an invalid conversation.
+     */
+    public function test_create_conversation_invalid() {
+        $this->expectException('moodle_exception');
+        \core_message\api::create_conversation(3, [1, 2, 3]);
+    }
+
     /**
      * Test creating an individual conversation with too many members.
      */
     /**
      * Test creating an individual conversation with too many members.
      */