From bdf60a943d61e08ed6382ecc298d3ba5998e22a9 Mon Sep 17 00:00:00 2001 From: Frode Petterson Date: Wed, 22 Feb 2017 11:25:05 +0100 Subject: [PATCH 1/2] Use realpath() instead of document root = safer Document root might be rewritten or incorrect for some sites(observed on multiple WP) HFP-784 --- h5p.classes.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/h5p.classes.php b/h5p.classes.php index b0ad889..e04a0e9 100644 --- a/h5p.classes.php +++ b/h5p.classes.php @@ -1589,15 +1589,11 @@ Class H5PExport { $zip = new ZipArchive(); $zip->open($tmpFile, ZipArchive::CREATE | ZipArchive::OVERWRITE); - // Some system needs the root prefix for ZipArchive's addFile() - $rootPrefix = (empty($_SERVER['DOCUMENT_ROOT']) ? '' : $_SERVER['DOCUMENT_ROOT'] . '/'); - // Add all the files from the tmp dir. foreach ($files as $file) { // Please note that the zip format has no concept of folders, we must // use forward slashes to separate our directories. - $zip->addFile($file->absolutePath, $file->relativePath); - $zip->addFile($rootPrefix . $file->absolutePath, $file->relativePath); + $zip->addFile(realpath($file->absolutePath), $file->relativePath); } // Close zip and remove tmp dir From 179601657c8f7b2a61fa16cbee6d5227360cd020 Mon Sep 17 00:00:00 2001 From: Frode Petterson Date: Thu, 2 Mar 2017 10:17:16 +0100 Subject: [PATCH 2/2] Remove prefix from file path Should already be complete at this point. JI-92 --- h5p-default-storage.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/h5p-default-storage.class.php b/h5p-default-storage.class.php index 0c67341..5bb1495 100644 --- a/h5p-default-storage.class.php +++ b/h5p-default-storage.class.php @@ -285,7 +285,7 @@ class H5PDefaultStorage implements \H5PFileStorage { * @return string */ public function getContent($file_path) { - return file_get_contents($this->path . $file_path); + return file_get_contents($file_path); } /**