OPPG-413: Validation fixes
parent
fca2d6924a
commit
1ca9eff064
103
h5p.classes.php
103
h5p.classes.php
|
@ -1157,29 +1157,30 @@ class H5PContentValidator {
|
||||||
* found within the value data.
|
* found within the value data.
|
||||||
*/
|
*/
|
||||||
public function validateBySemantics(&$value, $semantics) {
|
public function validateBySemantics(&$value, $semantics) {
|
||||||
// dd('validateBySemantics');
|
|
||||||
$fakebaseobject = (object) array(
|
$fakebaseobject = (object) array(
|
||||||
'type' => 'group',
|
'type' => 'group',
|
||||||
'fields' => $semantics,
|
'fields' => $semantics,
|
||||||
);
|
);
|
||||||
$this->validateGroup($value, $fakebaseobject);
|
$this->validateGroup($value, $fakebaseobject, FALSE);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Validate given text value against text semantics.
|
* Validate given text value against text semantics.
|
||||||
*/
|
*/
|
||||||
public function validateText(&$text, $semantics) {
|
public function validateText(&$text, $semantics) {
|
||||||
// dd('validateText');
|
|
||||||
if ($semantics->widget && $semantics->widget == 'html') {
|
if ($semantics->widget && $semantics->widget == 'html') {
|
||||||
// FIXME: Implicit tags added in javascript are NOT vissible in
|
// FIXME: Implicit tags added in javascript are NOT vissible in
|
||||||
// $semantics->tags (such as mathml etc)
|
// $semantics->tags (such as mathml etc). Need to include defaults.
|
||||||
$allowedtags = implode('', array_map(array($this, 'bracketTags'), $semantics->tags));
|
$allowedtags = '<div>';
|
||||||
|
if ($semantics->tags) {
|
||||||
|
$allowedtags = implode('', array_map(array($this, 'bracketTags'), $semantics->tags));
|
||||||
|
}
|
||||||
// Strip invalid HTML tags.
|
// Strip invalid HTML tags.
|
||||||
$text = strip_tags($text, $allowedtags);
|
$text = strip_tags($text, $allowedtags);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// Filter text to plain text.
|
// Filter text to plain text.
|
||||||
$text = htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
|
$text = htmlspecialchars($text);
|
||||||
}
|
}
|
||||||
// TODO: Check if string is within allowed length
|
// TODO: Check if string is within allowed length
|
||||||
// TODO: Check if string is according to optional regexp in semantics
|
// TODO: Check if string is according to optional regexp in semantics
|
||||||
|
@ -1214,7 +1215,16 @@ class H5PContentValidator {
|
||||||
* Validate select values
|
* Validate select values
|
||||||
*/
|
*/
|
||||||
public function validateSelect(&$select, $semantics) {
|
public function validateSelect(&$select, $semantics) {
|
||||||
if (!in_array($select, array_map(array($this, 'map_object_value'), $semantics->options))) {
|
// Special case for dynamicCheckboxes (valid options are generated live)
|
||||||
|
if ($semantics->widget == 'dynamicCheckboxes') {
|
||||||
|
// No practical way to guess valid parameters. Just make sure we don't
|
||||||
|
// have special chars here. Also, dynamicCheckboxes will insert an
|
||||||
|
// array, so iterate it.
|
||||||
|
foreach ($select as $key => $value) {
|
||||||
|
$select[$key] = htmlspecialchars($value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if (!in_array($select, array_map(array($this, 'map_object_value'), $semantics->options))) {
|
||||||
$this->h5pF->setErrorMessage($this->h5pF->t('Invalid selected option in select.'));
|
$this->h5pF->setErrorMessage($this->h5pF->t('Invalid selected option in select.'));
|
||||||
$select = $semantics->options[0]->value;
|
$select = $semantics->options[0]->value;
|
||||||
}
|
}
|
||||||
|
@ -1228,13 +1238,7 @@ class H5PContentValidator {
|
||||||
* Will recurse into validating each item in the list according to the type.
|
* Will recurse into validating each item in the list according to the type.
|
||||||
*/
|
*/
|
||||||
public function validateList(&$list, $semantics) {
|
public function validateList(&$list, $semantics) {
|
||||||
// dd('validateList');
|
|
||||||
$field = $semantics->field;
|
$field = $semantics->field;
|
||||||
// WTF happens in content with lists of libraries?
|
|
||||||
if ($semantics->field->type == 'group'
|
|
||||||
&& $semantics->field->fields[0]->type == 'library') {
|
|
||||||
$field = $semantics->field->fields[0];
|
|
||||||
}
|
|
||||||
|
|
||||||
$function = $this->typeMap[$field->type];
|
$function = $this->typeMap[$field->type];
|
||||||
|
|
||||||
|
@ -1258,9 +1262,11 @@ class H5PContentValidator {
|
||||||
* Validate given video data
|
* Validate given video data
|
||||||
*/
|
*/
|
||||||
public function validateVideo(&$video, $semantics) {
|
public function validateVideo(&$video, $semantics) {
|
||||||
$video->path = htmlspecialchars($video->path);
|
foreach ($video as $variant) {
|
||||||
if ($video->mime && substr($video->mime, 0, 5) !== 'video') {
|
$variant->path = htmlspecialchars($variant->path);
|
||||||
unset($video->mime);
|
if ($variant->mime && substr($variant->mime, 0, 5) !== 'video') {
|
||||||
|
unset($variant->mime);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1268,9 +1274,11 @@ class H5PContentValidator {
|
||||||
* Validate given audio data
|
* Validate given audio data
|
||||||
*/
|
*/
|
||||||
public function validateAudio(&$audio, $semantics) {
|
public function validateAudio(&$audio, $semantics) {
|
||||||
$audio->path = htmlspecialchars($audio->path);
|
foreach ($audio as $variant) {
|
||||||
if ($audio->mime && substr($audio->mime, 0, 5) !== 'audio') {
|
$variant->path = htmlspecialchars($variant->path);
|
||||||
unset($audio->mime);
|
if ($variant->mime && substr($variant->mime, 0, 5) !== 'audio') {
|
||||||
|
unset($variant->mime);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1278,30 +1286,35 @@ class H5PContentValidator {
|
||||||
* Validate given group value against group semantics.
|
* Validate given group value against group semantics.
|
||||||
* Will recurse into validating each group member.
|
* Will recurse into validating each group member.
|
||||||
*/
|
*/
|
||||||
public function validateGroup(&$group, $semantics) {
|
public function validateGroup(&$group, $semantics, $flatten = TRUE) {
|
||||||
// dd('validateGroup');
|
// Groups with just one field are compressed in the editor to only output
|
||||||
// dd(print_r($group, TRUE));
|
// the child content. (Exemption for fake groups created by
|
||||||
// dd(print_r($semantics, TRUE));
|
// "validateBySemantics" above)
|
||||||
foreach ($group as $key => &$value) {
|
if (count($semantics->fields) == 1 && $flatten) {
|
||||||
// dd("time for $key");
|
$field = $semantics->fields[0];
|
||||||
// Find semantics for name=$key
|
$function = $this->typeMap[$field->type];
|
||||||
$found = FALSE;
|
$this->$function($group, $field);
|
||||||
foreach ($semantics->fields as $field) {
|
}
|
||||||
if ($field->name == $key) {
|
else {
|
||||||
$function = $this->typeMap[$field->type];
|
foreach ($group as $key => &$value) {
|
||||||
$found = TRUE;
|
// Find semantics for name=$key
|
||||||
// dd(print_r($field, TRUE));
|
$found = FALSE;
|
||||||
// dd("calling dr. $function");
|
foreach ($semantics->fields as $field) {
|
||||||
break;
|
if ($field->name == $key) {
|
||||||
|
$function = $this->typeMap[$field->type];
|
||||||
|
$found = TRUE;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ($found) {
|
||||||
|
$this->$function($value, $field);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// If validator is not found, something exists in content that does
|
||||||
|
// not have a corresponding semantics field. Remove it.
|
||||||
|
$this->h5pF->setErrorMessage($this->h5pF->t('H5P internal error: no validator exists for ' . $key));
|
||||||
|
unset($group->$key);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
if ($found) {
|
|
||||||
$this->$function($value, $field);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$this->h5pF->setErrorMessage($this->h5pF->t('H5P internal error: no validator exists for ' . $key));
|
|
||||||
// dd('WTF!?');
|
|
||||||
// dd(print_r($group, TRUE));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1312,7 +1325,6 @@ class H5PContentValidator {
|
||||||
* Will recurse into validating the library's semantics too.
|
* Will recurse into validating the library's semantics too.
|
||||||
*/
|
*/
|
||||||
public function validateLibrary(&$value, $semantics) {
|
public function validateLibrary(&$value, $semantics) {
|
||||||
// dd('validLibrary');
|
|
||||||
// Check if provided library is within allowed options
|
// Check if provided library is within allowed options
|
||||||
if (in_array($value->library, $semantics->options)) {
|
if (in_array($value->library, $semantics->options)) {
|
||||||
if (isset($semanticsCache[$value->library])) {
|
if (isset($semanticsCache[$value->library])) {
|
||||||
|
@ -1324,14 +1336,11 @@ class H5PContentValidator {
|
||||||
$librarySemantics = json_decode($library['semantics']);
|
$librarySemantics = json_decode($library['semantics']);
|
||||||
$semanticsCache[$value->library] = $librarySemantics;
|
$semanticsCache[$value->library] = $librarySemantics;
|
||||||
}
|
}
|
||||||
return $this->validateBySemantics($value->params, $librarySemantics);
|
$this->validateBySemantics($value->params, $librarySemantics);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$this->h5pF->setErrorMessage($this->h5pF->t('Library used in content is not a valid library according to semantics'));
|
$this->h5pF->setErrorMessage($this->h5pF->t('Library used in content is not a valid library according to semantics'));
|
||||||
// dd('Value: '.print_r($value, TRUE));
|
|
||||||
// dd('Semantics: '.print_r($semantics, TRUE));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
Loading…
Reference in New Issue