From bdf60a943d61e08ed6382ecc298d3ba5998e22a9 Mon Sep 17 00:00:00 2001 From: Frode Petterson Date: Wed, 22 Feb 2017 11:25:05 +0100 Subject: [PATCH 1/3] Use realpath() instead of document root = safer Document root might be rewritten or incorrect for some sites(observed on multiple WP) HFP-784 --- h5p.classes.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/h5p.classes.php b/h5p.classes.php index b0ad889..e04a0e9 100644 --- a/h5p.classes.php +++ b/h5p.classes.php @@ -1589,15 +1589,11 @@ Class H5PExport { $zip = new ZipArchive(); $zip->open($tmpFile, ZipArchive::CREATE | ZipArchive::OVERWRITE); - // Some system needs the root prefix for ZipArchive's addFile() - $rootPrefix = (empty($_SERVER['DOCUMENT_ROOT']) ? '' : $_SERVER['DOCUMENT_ROOT'] . '/'); - // Add all the files from the tmp dir. foreach ($files as $file) { // Please note that the zip format has no concept of folders, we must // use forward slashes to separate our directories. - $zip->addFile($file->absolutePath, $file->relativePath); - $zip->addFile($rootPrefix . $file->absolutePath, $file->relativePath); + $zip->addFile(realpath($file->absolutePath), $file->relativePath); } // Close zip and remove tmp dir From 179601657c8f7b2a61fa16cbee6d5227360cd020 Mon Sep 17 00:00:00 2001 From: Frode Petterson Date: Thu, 2 Mar 2017 10:17:16 +0100 Subject: [PATCH 2/3] Remove prefix from file path Should already be complete at this point. JI-92 --- h5p-default-storage.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/h5p-default-storage.class.php b/h5p-default-storage.class.php index 0c67341..5bb1495 100644 --- a/h5p-default-storage.class.php +++ b/h5p-default-storage.class.php @@ -285,7 +285,7 @@ class H5PDefaultStorage implements \H5PFileStorage { * @return string */ public function getContent($file_path) { - return file_get_contents($this->path . $file_path); + return file_get_contents($file_path); } /** From 3dbb8fae705df8ae31ba58b97812f007b9213d8b Mon Sep 17 00:00:00 2001 From: Paal Joergensen Date: Thu, 2 Mar 2017 11:43:45 +0100 Subject: [PATCH 3/3] Added check for icon.svg [HFP-806] --- h5p.classes.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/h5p.classes.php b/h5p.classes.php index 4ef02b1..8483bda 100644 --- a/h5p.classes.php +++ b/h5p.classes.php @@ -721,7 +721,7 @@ class H5PValidator { $mainH5pData = null; $libraryJsonData = null; $contentJsonData = null; - $mainH5pExists = $imageExists = $contentExists = FALSE; + $mainH5pExists = $contentExists = FALSE; foreach ($files as $file) { if (in_array(substr($file, 0, 1), array('.', '_'))) { continue; @@ -749,10 +749,6 @@ class H5PValidator { } } } - // Check for h5p.jpg? - elseif (strtolower($file) == 'h5p.jpg') { - $imageExists = TRUE; - } // Content directory holds content. elseif ($file == 'content') { // We do a separate skipContent check to avoid having the content folder being treated as a library @@ -937,6 +933,9 @@ class H5PValidator { } } + // Check for icon: + $h5pData['hasIcon'] = file_exists($filePath . DIRECTORY_SEPARATOR . 'icon.svg'); + $validLibrary = $this->isValidH5pData($h5pData, $file, $this->libraryRequired, $this->libraryOptional); $validLibrary = $this->h5pCV->validateContentFiles($filePath, TRUE) && $validLibrary;