EDUCATIC
/
h5p-php-library
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

OPPG-413: If using defaults, add extra tags for table etc. too. + Extra validation for image/video/audio

namespaces
Frank Ronny Larsen 2013-07-10 09:59:35 +02:00
parent ca1e84293a
commit 7ab0309d0c
1 changed files with 84 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
h5p.classes.php
View File

@ -1152,6 +1152,7 @@ class H5PContentValidator {
'boolean' => 'validateBoolean', 'boolean' => 'validateBoolean',
'list' => 'validateList', 'list' => 'validateList',
'group' => 'validateGroup', 'group' => 'validateGroup',
'file' => 'validateFile',
'image' => 'validateImage', 'image' => 'validateImage',
'video' => 'validateVideo', 'video' => 'validateVideo',
'audio' => 'validateAudio', 'audio' => 'validateAudio',
@ -1193,26 +1194,27 @@ class H5PContentValidator {
// Build allowed tag list, based in $semantics->tags and known defaults. // Build allowed tag list, based in $semantics->tags and known defaults.
// These four are always allowed. // These four are always allowed.
$tags = array('div', 'span', 'p', 'br'); $tags = array('div', 'span', 'p', 'br');
if (isset($semantics->tags)) { if (! isset($semantics->tags)) {
$tags = array_merge($tags, $semantics->tags);
// Add related tags for table etc.
if (in_array('table', $semantics->tags)) {
$tags = array_merge($tags, array('tr', 'td', 'th', 'colgroup', 'thead', 'tbody', 'tfoot'));
}
if (in_array('b', $semantics->tags)) {
$tags[] = 'strong';
}
if (in_array('i', $semantics->tags)) {
$tags[] = 'em';
}
if (in_array('ul', $semantics->tags) || in_array('ol', $semantics->tags)) {
$tags[] = 'li';
}
}
else {
// Add defaults used in javascript. // Add defaults used in javascript.
$tags = array_merge($tags, array('strong', 'em', 'del', 'h2', 'h3', 'a', 'ul', 'ol', 'table', 'hr')); $tags = array_merge($tags, array('strong', 'em', 'del', 'h2', 'h3', 'a', 'ul', 'ol', 'table', 'hr'));
} }
else {
$tags = array_merge($tags, $semantics->tags);
}
// Add related tags for table etc.
if (in_array('table', $semantics->tags)) {
$tags = array_merge($tags, array('tr', 'td', 'th', 'colgroup', 'thead', 'tbody', 'tfoot'));
}
if (in_array('b', $semantics->tags)) {
$tags[] = 'strong';
}
if (in_array('i', $semantics->tags)) {
$tags[] = 'em';
}
if (in_array('ul', $semantics->tags) || in_array('ol', $semantics->tags)) {
$tags[] = 'li';
}
$allowedtags = implode('', array_map(array($this, 'bracketTags'), $tags)); $allowedtags = implode('', array_map(array($this, 'bracketTags'), $tags));
// Strip invalid HTML tags. // Strip invalid HTML tags.
@ -1322,6 +1324,26 @@ class H5PContentValidator {
} }
} }
/**
* Validate given file data
*/
public function validateFile(&$file, $semantics) {
$file->path = htmlspecialchars($file->path);
$file->mime = htmlspecialchars($file->mime);
// Remove attributes that should not exist, they may contain JSON escape
// code.
$validkeys = array('path', 'mime');
if (isset($semantics->extraAttributes)) {
$validkeys = array_merge($validkeys, $semantics->extraAttributes);
}
foreach ($image as $key => $value) {
if (!in_array($key, $validkeys)) {
unset($image->$key);
}
}
}
/** /**
* Validate given image data * Validate given image data
*/ */
@ -1330,6 +1352,21 @@ class H5PContentValidator {
if (isset($image->mime) && substr($image->mime, 0, 5) !== 'image') { if (isset($image->mime) && substr($image->mime, 0, 5) !== 'image') {
unset($image->mime); unset($image->mime);
} }
else {
$file->mime = htmlspecialchars($file->mime);
}
// Remove attributes that should not exist, they may contain JSON escape
// code.
$validkeys = array('path', 'mime', 'width', 'height');
if (isset($semantics->extraAttributes)) {
$validkeys = array_merge($validkeys, $semantics->extraAttributes);
}
foreach ($image as $key => $value) {
if (!in_array($key, $validkeys)) {
unset($image->$key);
}
}
} }
/** /**
@ -1341,6 +1378,21 @@ class H5PContentValidator {
if (isset($variant->mime) && substr($variant->mime, 0, 5) !== 'video') { if (isset($variant->mime) && substr($variant->mime, 0, 5) !== 'video') {
unset($variant->mime); unset($variant->mime);
} }
else {
$variant->mime = htmlspecialchars($variant->mime);
}
// Remove attributes that should not exist, they may contain JSON escape
// code.
$validkeys = array('path', 'mime', 'width', 'height');
if (isset($semantics->extraAttributes)) {
$validkeys = array_merge($validkeys, $semantics->extraAttributes);
}
foreach ($variant as $key => $value) {
if (!in_array($key, $validkeys)) {
unset($variant->$key);
}
}
} }
} }
@ -1353,6 +1405,21 @@ class H5PContentValidator {
if (isset($variant->mime) && substr($variant->mime, 0, 5) !== 'audio') { if (isset($variant->mime) && substr($variant->mime, 0, 5) !== 'audio') {
unset($variant->mime); unset($variant->mime);
} }
else {
$variant->mime = htmlspecialchars($variant->mime);
}
// Remove attributes that should not exist, they may contain JSON escape
// code.
$validkeys = array('path', 'mime');
if (isset($semantics->extraAttributes)) {
$validkeys = array_merge($validkeys, $semantics->extraAttributes);
}
foreach ($variant as $key => $value) {
if (!in_array($key, $validkeys)) {
unset($variant->$key);
}
}
} }
} }