JI-942 Add restict save when a higher version is available

content-upgrade-on-upload
Frode Petterson 2019-01-22 15:27:27 +01:00
parent bee7c550d9
commit 9cf3f4aa7f
5 changed files with 94 additions and 13 deletions

View File

@ -0,0 +1,3 @@
<?php
class H5PSaveContentOutdatedLibraryException extends Exception { }

View File

@ -458,6 +458,24 @@ class H5PDefaultStorage implements \H5PFileStorage {
return file_exists($filePath);
}
/**
* Check if upgrades script exist for library.
*
* @param string $machineName
* @param int $majorVersion
* @param int $minorVersion
* @return string Relative path
*/
public function getUpgradeScript($machineName, $majorVersion, $minorVersion) {
$upgrades = "/libraries/{$machineName}-{$majorVersion}.{$minorVersion}/upgrades.js";
if (file_exists($this->path . $upgrades)) {
return $upgrades;
}
else {
return NULL;
}
}
/**
* Recursive function for copying directories.
*

View File

@ -199,4 +199,14 @@ interface H5PFileStorage {
* @return bool
*/
public function hasPresave($libraryName, $developmentPath = null);
/**
* Check if upgrades script exist for library.
*
* @param string $machineName
* @param int $majorVersion
* @param int $minorVersion
* @return string Relative path
*/
public function getUpgradeScript($machineName, $majorVersion, $minorVersion);
}

View File

@ -614,6 +614,14 @@ interface H5PFrameworkInterface {
* containing the new content type cache that should replace the old one.
*/
public function replaceContentTypeCache($contentTypeCache);
/**
* Checks if the given library has a higher version.
*
* @param array $library
* @return boolean
*/
public function libraryHasUpgrade($library);
}
/**
@ -919,11 +927,27 @@ class H5PValidator {
}
if (!empty($missingLibraries)) {
foreach ($missingLibraries as $libString => $library) {
$this->h5pF->setErrorMessage($this->h5pF->t('Missing required library @library', array('@library' => $libString)), 'missing-required-library');
// We still have missing libraries, check if our main library has an upgrade (BUT only if we has content)
$mainDependency = NULL;
if (!$skipContent) {
foreach ($mainH5PData['preloadedDependencies'] as $dep) {
if ($dep['machineName'] === $mainH5PData['mainLibrary']) {
$mainDependency = $dep;
}
}
}
if (!$this->h5pC->mayUpdateLibraries()) {
$this->h5pF->setInfoMessage($this->h5pF->t("Note that the libraries may exist in the file you uploaded, but you're not allowed to upload new libraries. Contact the site administrator about this."));
if ($skipContent || !$mainDependency || !$this->h5pF->libraryHasUpgrade(array(
'machineName' => $mainDependency['mainLibrary'],
'majorVersion' => $mainDependency['majorVersion'],
'minorVersion' => $mainDependency['minorVersion']
))) {
foreach ($missingLibraries as $libString => $library) {
$this->h5pF->setErrorMessage($this->h5pF->t('Missing required library @library', array('@library' => $libString)), 'missing-required-library');
}
if (!$this->h5pC->mayUpdateLibraries()) {
$this->h5pF->setInfoMessage($this->h5pF->t("Note that the libraries may exist in the file you uploaded, but you're not allowed to upload new libraries. Contact the site administrator about this."));
}
}
}
$valid = empty($missingLibraries) && $valid;
@ -1394,15 +1418,23 @@ class H5PStorage {
if (isset($options['disable'])) {
$content['disable'] = $options['disable'];
}
$content['id'] = $this->h5pC->saveContent($content, $contentMainId);
$this->contentId = $content['id'];
try {
// Store content in database
$content['id'] = $this->h5pC->saveContent($content, $contentMainId);
$this->contentId = $content['id'];
// Save content folder contents
$this->h5pC->fs->saveContent($current_path, $content);
}
catch (Exception $e) {
$this->h5pF->setErrorMessage($e->getMessage(), 'save-content-failed');
if ($e instanceof H5PSaveContentOutdatedLibraryException) {
$message = $this->h5pF->t("You're trying to upload content of an older version of H5P. Please upgrade the content on the server it originated from and try to upload again or turn on the H5P Hub to have this server upgrade it for your automaticall.");
}
else {
$message = $e->getMessage();
}
$this->h5pF->setErrorMessage($message, 'save-content-failed');
}
// Remove temp content folder
@ -1922,8 +1954,6 @@ class H5PCore {
$this->relativePathRegExp = '/^((\.\.\/){1,2})(.*content\/)?(\d+|editor)\/(.+)$/';
}
/**
* Save content and clear cache.
*
@ -1932,6 +1962,13 @@ class H5PCore {
* @return int Content ID
*/
public function saveContent($content, $contentMainId = NULL) {
// Check that this is the latest version of the content type we have
if ($this->h5pF->libraryHasUpgrade($content['library'])) {
// We do not allow storing old content due to security concerns
throw new \H5PSaveContentOutdatedLibraryException($this->h5pF->t('Something unexpected happened. We were unable to save this content.'));
}
if (isset($content['id'])) {
$this->h5pF->updateContent($content, $contentMainId);
}

View File

@ -7,11 +7,24 @@ H5P.Version = (function () {
* @param {String} version
*/
function Version(version) {
var versionSplit = version.split('.', 3);
// Public
this.major =+ versionSplit[0];
this.minor =+ versionSplit[1];
if (typeof version === 'string') {
// Name version string (used by content upgrade)
var versionSplit = version.split('.', 3);
this.major =+ versionSplit[0];
this.minor =+ versionSplit[1];
}
else {
// Library objects (used by editor)
if (version.localMajorVersion !== undefined) {
this.major =+ version.localMajorVersion;
this.minor =+ version.localMinorVersion;
}
else {
this.major =+ version.majorVersion;
this.minor =+ version.minorVersion;
}
}
/**
* Public. Custom string for this object.