Prevent use of files that belongs to other content.
parent
742339ba8f
commit
8e3d78a2f6
|
@ -2823,6 +2823,12 @@ class H5PContentValidator {
|
||||||
|
|
||||||
// Validate a filelike object, such as video, image, audio and file.
|
// Validate a filelike object, such as video, image, audio and file.
|
||||||
private function _validateFilelike(&$file, $semantics, $typevalidkeys = array()) {
|
private function _validateFilelike(&$file, $semantics, $typevalidkeys = array()) {
|
||||||
|
// Do not allow to use files from other content folders.
|
||||||
|
$matches = array();
|
||||||
|
if (preg_match('/^(\.\.\/){1,2}(\d+|editor)\/(.+)$/', $file->path, $matches)) {
|
||||||
|
$file->path = $matches[3];
|
||||||
|
}
|
||||||
|
|
||||||
// Make sure path and mime does not have any special chars
|
// Make sure path and mime does not have any special chars
|
||||||
$file->path = htmlspecialchars($file->path, ENT_QUOTES, 'UTF-8', FALSE);
|
$file->path = htmlspecialchars($file->path, ENT_QUOTES, 'UTF-8', FALSE);
|
||||||
if (isset($file->mime)) {
|
if (isset($file->mime)) {
|
||||||
|
|
Loading…
Reference in New Issue