/** * Validate the equations in the some question content. * @param array $errors where errors are being accumulated. * @param string $field the field being validated. * @param string $text the content of that field. * @return array the updated $errors array. */ protected function validate_text($errors, $field, $text) { $problems = qtype_calculated_find_formula_errors_in_text($text); if ($problems) { $errors[$field] = $problems; } return $errors; }
/** * Verify that the equations in part of the question are OK. * We throw an exception here because this should have already been validated * by the form. This is just a last line of defence to prevent a question * being stored in the database if it has bad formulas. This saves us from, * for example, malicious imports. * @param string $text containing equations. */ protected function validate_text($text) { $error = qtype_calculated_find_formula_errors_in_text($text); if ($error) { throw new coding_exception($error); } }
public function test_validation_of_formulas_in_text_bad_function() { $this->assert_nonempty_string(qtype_calculated_find_formula_errors_in_text('<p>This is an equation: {=eval(1)}.</p>')); $this->assert_nonempty_string(qtype_calculated_find_formula_errors_in_text('<p>Good: {=1+1}, bad: {=eval(1)}, good: {={x}+{y}}.</p>')); $this->assert_nonempty_string(qtype_calculated_find_formula_errors_in_text('<p>Bad: {=eval(1)}, bad: {=system(1)}.</p>')); }