From 7fca1d100d57710be4d37ffb87c5523ca4fe56dc Mon Sep 17 00:00:00 2001 From: Frode Petterson Date: Thu, 8 Sep 2016 13:32:57 +0200 Subject: [PATCH] Added content ID to export handlers This is to enable for proper access control. h5p/h5p-moodle-plugin#112 --- h5p-default-storage.class.php | 4 ++-- h5p-file-storage.interface.php | 6 ++++-- h5p.classes.php | 8 ++++---- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/h5p-default-storage.class.php b/h5p-default-storage.class.php index e019990..75bfde0 100644 --- a/h5p-default-storage.class.php +++ b/h5p-default-storage.class.php @@ -144,7 +144,7 @@ class H5PDefaultStorage implements \H5PFileStorage { * @param string $filename * Name of export file. */ - public function saveExport($source, $filename) { + public function saveExport($source, $filename, $contentId) { $this->deleteExport($filename); self::dirReady("{$this->path}/exports"); copy($source, "{$this->path}/exports/{$filename}"); @@ -155,7 +155,7 @@ class H5PDefaultStorage implements \H5PFileStorage { * * @param string $filename */ - public function deleteExport($filename) { + public function deleteExport($filename, $contentId) { $target = "{$this->path}/exports/{$filename}"; if (file_exists($target)) { unlink($target); diff --git a/h5p-file-storage.interface.php b/h5p-file-storage.interface.php index a003256..0aea9fc 100644 --- a/h5p-file-storage.interface.php +++ b/h5p-file-storage.interface.php @@ -80,15 +80,17 @@ interface H5PFileStorage { * Path on file system to temporary export file. * @param string $filename * Name of export file. + * @param int $contentId */ - public function saveExport($source, $filename); + public function saveExport($source, $filename, $contentId); /** * Removes given export file * * @param string $filename + * @param int $contentId */ - public function deleteExport($filename); + public function deleteExport($filename, $contentId); /** * Will concatenate all JavaScrips and Stylesheets into two files in order diff --git a/h5p.classes.php b/h5p.classes.php index 64c2ab5..6cdfb18 100644 --- a/h5p.classes.php +++ b/h5p.classes.php @@ -1434,7 +1434,7 @@ class H5PStorage { */ public function deletePackage($content) { $this->h5pC->fs->deleteContent($content['id']); - $this->h5pC->fs->deleteExport(($content['slug'] ? $content['slug'] . '-' : '') . $content['id'] . '.h5p'); + $this->h5pC->fs->deleteExport(($content['slug'] ? $content['slug'] . '-' : '') . $content['id'] . '.h5p', $content['id']); $this->h5pF->deleteContentData($content['id']); } @@ -1587,7 +1587,7 @@ Class H5PExport { try { // Save export - $this->h5pC->fs->saveExport($tmpFile, $content['slug'] . '-' . $content['id'] . '.h5p'); + $this->h5pC->fs->saveExport($tmpFile, $content['slug'] . '-' . $content['id'] . '.h5p', $content['id']); } catch (Exception $e) { $this->h5pF->setErrorMessage($this->h5pF->t($e->getMessage())); @@ -1633,7 +1633,7 @@ Class H5PExport { * @param array $content object */ public function deleteExport($content) { - $this->h5pC->fs->deleteExport(($content['slug'] ? $content['slug'] . '-' : '') . $content['id'] . '.h5p'); + $this->h5pC->fs->deleteExport(($content['slug'] ? $content['slug'] . '-' : '') . $content['id'] . '.h5p', $content['id']); } /** @@ -1837,7 +1837,7 @@ class H5PCore { $content['slug'] = $this->generateContentSlug($content); // Remove old export file - $this->fs->deleteExport($content['id'] . '.h5p'); + $this->fs->deleteExport($content['id'] . '.h5p', $content['id']); } if ($this->exportEnabled) {