EDUCATIC
/
h5p-php-library
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

OPPG-413: If using defaults, add extra tags for table etc. too. + Extra validation for image/video/audio

namespaces
Frank Ronny Larsen 2013-07-10 09:59:35 +02:00
parent ca1e84293a
commit 7ab0309d0c
1 changed files with 84 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
h5p.classes.php
View File

@ -1152,6 +1152,7 @@ class H5PContentValidator {
'boolean' => 'validateBoolean',
'list' => 'validateList',
'group' => 'validateGroup',
'file' => 'validateFile',
'image' => 'validateImage',
'video' => 'validateVideo',
'audio' => 'validateAudio',
@ -1193,8 +1194,14 @@ class H5PContentValidator {
// Build allowed tag list, based in $semantics->tags and known defaults.
// These four are always allowed.
$tags = array('div', 'span', 'p', 'br');
if (isset($semantics->tags)) {
if (! isset($semantics->tags)) {
// Add defaults used in javascript.
$tags = array_merge($tags, array('strong', 'em', 'del', 'h2', 'h3', 'a', 'ul', 'ol', 'table', 'hr'));
}
else {
$tags = array_merge($tags, $semantics->tags);
}
// Add related tags for table etc.
if (in_array('table', $semantics->tags)) {
$tags = array_merge($tags, array('tr', 'td', 'th', 'colgroup', 'thead', 'tbody', 'tfoot'));
@ -1208,11 +1215,6 @@ class H5PContentValidator {
if (in_array('ul', $semantics->tags) || in_array('ol', $semantics->tags)) {
$tags[] = 'li';
}
}
else {
// Add defaults used in javascript.
$tags = array_merge($tags, array('strong', 'em', 'del', 'h2', 'h3', 'a', 'ul', 'ol', 'table', 'hr'));
}
$allowedtags = implode('', array_map(array($this, 'bracketTags'), $tags));
// Strip invalid HTML tags.
@ -1322,6 +1324,26 @@ class H5PContentValidator {
}
}
/**
* Validate given file data
*/
public function validateFile(&$file, $semantics) {
$file->path = htmlspecialchars($file->path);
$file->mime = htmlspecialchars($file->mime);
// Remove attributes that should not exist, they may contain JSON escape
// code.
$validkeys = array('path', 'mime');
if (isset($semantics->extraAttributes)) {
$validkeys = array_merge($validkeys, $semantics->extraAttributes);
}
foreach ($image as $key => $value) {
if (!in_array($key, $validkeys)) {
unset($image->$key);
}
}
}
/**
* Validate given image data
*/
@ -1330,6 +1352,21 @@ class H5PContentValidator {
if (isset($image->mime) && substr($image->mime, 0, 5) !== 'image') {
unset($image->mime);
}
else {
$file->mime = htmlspecialchars($file->mime);
}
// Remove attributes that should not exist, they may contain JSON escape
// code.
$validkeys = array('path', 'mime', 'width', 'height');
if (isset($semantics->extraAttributes)) {
$validkeys = array_merge($validkeys, $semantics->extraAttributes);
}
foreach ($image as $key => $value) {
if (!in_array($key, $validkeys)) {
unset($image->$key);
}
}
}
/**
@ -1341,6 +1378,21 @@ class H5PContentValidator {
if (isset($variant->mime) && substr($variant->mime, 0, 5) !== 'video') {
unset($variant->mime);
}
else {
$variant->mime = htmlspecialchars($variant->mime);
}
// Remove attributes that should not exist, they may contain JSON escape
// code.
$validkeys = array('path', 'mime', 'width', 'height');
if (isset($semantics->extraAttributes)) {
$validkeys = array_merge($validkeys, $semantics->extraAttributes);
}
foreach ($variant as $key => $value) {
if (!in_array($key, $validkeys)) {
unset($variant->$key);
}
}
}
}
@ -1353,6 +1405,21 @@ class H5PContentValidator {
if (isset($variant->mime) && substr($variant->mime, 0, 5) !== 'audio') {
unset($variant->mime);
}
else {
$variant->mime = htmlspecialchars($variant->mime);
}
// Remove attributes that should not exist, they may contain JSON escape
// code.
$validkeys = array('path', 'mime');
if (isset($semantics->extraAttributes)) {
$validkeys = array_merge($validkeys, $semantics->extraAttributes);
}
foreach ($variant as $key => $value) {
if (!in_array($key, $validkeys)) {
unset($variant->$key);
}
}
}
}