OPPG-413: Validation fixes

namespaces
Frank Ronny Larsen 2013-07-08 14:56:48 +02:00
parent fca2d6924a
commit 1ca9eff064
1 changed files with 56 additions and 47 deletions

View File

@ -1157,29 +1157,30 @@ class H5PContentValidator {
* found within the value data. * found within the value data.
*/ */
public function validateBySemantics(&$value, $semantics) { public function validateBySemantics(&$value, $semantics) {
// dd('validateBySemantics');
$fakebaseobject = (object) array( $fakebaseobject = (object) array(
'type' => 'group', 'type' => 'group',
'fields' => $semantics, 'fields' => $semantics,
); );
$this->validateGroup($value, $fakebaseobject); $this->validateGroup($value, $fakebaseobject, FALSE);
} }
/** /**
* Validate given text value against text semantics. * Validate given text value against text semantics.
*/ */
public function validateText(&$text, $semantics) { public function validateText(&$text, $semantics) {
// dd('validateText');
if ($semantics->widget && $semantics->widget == 'html') { if ($semantics->widget && $semantics->widget == 'html') {
// FIXME: Implicit tags added in javascript are NOT vissible in // FIXME: Implicit tags added in javascript are NOT vissible in
// $semantics->tags (such as mathml etc) // $semantics->tags (such as mathml etc). Need to include defaults.
$allowedtags = implode('', array_map(array($this, 'bracketTags'), $semantics->tags)); $allowedtags = '<div>';
if ($semantics->tags) {
$allowedtags = implode('', array_map(array($this, 'bracketTags'), $semantics->tags));
}
// Strip invalid HTML tags. // Strip invalid HTML tags.
$text = strip_tags($text, $allowedtags); $text = strip_tags($text, $allowedtags);
} }
else { else {
// Filter text to plain text. // Filter text to plain text.
$text = htmlspecialchars($text, ENT_QUOTES, 'UTF-8'); $text = htmlspecialchars($text);
} }
// TODO: Check if string is within allowed length // TODO: Check if string is within allowed length
// TODO: Check if string is according to optional regexp in semantics // TODO: Check if string is according to optional regexp in semantics
@ -1214,7 +1215,16 @@ class H5PContentValidator {
* Validate select values * Validate select values
*/ */
public function validateSelect(&$select, $semantics) { public function validateSelect(&$select, $semantics) {
if (!in_array($select, array_map(array($this, 'map_object_value'), $semantics->options))) { // Special case for dynamicCheckboxes (valid options are generated live)
if ($semantics->widget == 'dynamicCheckboxes') {
// No practical way to guess valid parameters. Just make sure we don't
// have special chars here. Also, dynamicCheckboxes will insert an
// array, so iterate it.
foreach ($select as $key => $value) {
$select[$key] = htmlspecialchars($value);
}
}
else if (!in_array($select, array_map(array($this, 'map_object_value'), $semantics->options))) {
$this->h5pF->setErrorMessage($this->h5pF->t('Invalid selected option in select.')); $this->h5pF->setErrorMessage($this->h5pF->t('Invalid selected option in select.'));
$select = $semantics->options[0]->value; $select = $semantics->options[0]->value;
} }
@ -1228,13 +1238,7 @@ class H5PContentValidator {
* Will recurse into validating each item in the list according to the type. * Will recurse into validating each item in the list according to the type.
*/ */
public function validateList(&$list, $semantics) { public function validateList(&$list, $semantics) {
// dd('validateList');
$field = $semantics->field; $field = $semantics->field;
// WTF happens in content with lists of libraries?
if ($semantics->field->type == 'group'
&& $semantics->field->fields[0]->type == 'library') {
$field = $semantics->field->fields[0];
}
$function = $this->typeMap[$field->type]; $function = $this->typeMap[$field->type];
@ -1258,9 +1262,11 @@ class H5PContentValidator {
* Validate given video data * Validate given video data
*/ */
public function validateVideo(&$video, $semantics) { public function validateVideo(&$video, $semantics) {
$video->path = htmlspecialchars($video->path); foreach ($video as $variant) {
if ($video->mime && substr($video->mime, 0, 5) !== 'video') { $variant->path = htmlspecialchars($variant->path);
unset($video->mime); if ($variant->mime && substr($variant->mime, 0, 5) !== 'video') {
unset($variant->mime);
}
} }
} }
@ -1268,9 +1274,11 @@ class H5PContentValidator {
* Validate given audio data * Validate given audio data
*/ */
public function validateAudio(&$audio, $semantics) { public function validateAudio(&$audio, $semantics) {
$audio->path = htmlspecialchars($audio->path); foreach ($audio as $variant) {
if ($audio->mime && substr($audio->mime, 0, 5) !== 'audio') { $variant->path = htmlspecialchars($variant->path);
unset($audio->mime); if ($variant->mime && substr($variant->mime, 0, 5) !== 'audio') {
unset($variant->mime);
}
} }
} }
@ -1278,30 +1286,35 @@ class H5PContentValidator {
* Validate given group value against group semantics. * Validate given group value against group semantics.
* Will recurse into validating each group member. * Will recurse into validating each group member.
*/ */
public function validateGroup(&$group, $semantics) { public function validateGroup(&$group, $semantics, $flatten = TRUE) {
// dd('validateGroup'); // Groups with just one field are compressed in the editor to only output
// dd(print_r($group, TRUE)); // the child content. (Exemption for fake groups created by
// dd(print_r($semantics, TRUE)); // "validateBySemantics" above)
foreach ($group as $key => &$value) { if (count($semantics->fields) == 1 && $flatten) {
// dd("time for $key"); $field = $semantics->fields[0];
// Find semantics for name=$key $function = $this->typeMap[$field->type];
$found = FALSE; $this->$function($group, $field);
foreach ($semantics->fields as $field) { }
if ($field->name == $key) { else {
$function = $this->typeMap[$field->type]; foreach ($group as $key => &$value) {
$found = TRUE; // Find semantics for name=$key
// dd(print_r($field, TRUE)); $found = FALSE;
// dd("calling dr. $function"); foreach ($semantics->fields as $field) {
break; if ($field->name == $key) {
$function = $this->typeMap[$field->type];
$found = TRUE;
break;
}
}
if ($found) {
$this->$function($value, $field);
}
else {
// If validator is not found, something exists in content that does
// not have a corresponding semantics field. Remove it.
$this->h5pF->setErrorMessage($this->h5pF->t('H5P internal error: no validator exists for ' . $key));
unset($group->$key);
} }
}
if ($found) {
$this->$function($value, $field);
}
else {
$this->h5pF->setErrorMessage($this->h5pF->t('H5P internal error: no validator exists for ' . $key));
// dd('WTF!?');
// dd(print_r($group, TRUE));
} }
} }
} }
@ -1312,7 +1325,6 @@ class H5PContentValidator {
* Will recurse into validating the library's semantics too. * Will recurse into validating the library's semantics too.
*/ */
public function validateLibrary(&$value, $semantics) { public function validateLibrary(&$value, $semantics) {
// dd('validLibrary');
// Check if provided library is within allowed options // Check if provided library is within allowed options
if (in_array($value->library, $semantics->options)) { if (in_array($value->library, $semantics->options)) {
if (isset($semanticsCache[$value->library])) { if (isset($semanticsCache[$value->library])) {
@ -1324,14 +1336,11 @@ class H5PContentValidator {
$librarySemantics = json_decode($library['semantics']); $librarySemantics = json_decode($library['semantics']);
$semanticsCache[$value->library] = $librarySemantics; $semanticsCache[$value->library] = $librarySemantics;
} }
return $this->validateBySemantics($value->params, $librarySemantics); $this->validateBySemantics($value->params, $librarySemantics);
} }
else { else {
$this->h5pF->setErrorMessage($this->h5pF->t('Library used in content is not a valid library according to semantics')); $this->h5pF->setErrorMessage($this->h5pF->t('Library used in content is not a valid library according to semantics'));
// dd('Value: '.print_r($value, TRUE));
// dd('Semantics: '.print_r($semantics, TRUE));
} }
} }
} }
?> ?>