EDUCATIC
/
h5p-php-library
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'release'

redesign-copyrights
Frode Petterson 2015-05-18 09:41:07 +02:00
parent a8b465adb7 3f6abd722d
commit ac96408bc9
2 changed files with 47 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
h5p.classes.php
View File

@ -1649,6 +1649,7 @@ class H5PCore {
const DISABLE_EMBED = 4; const DISABLE_EMBED = 4;
const DISABLE_COPYRIGHT = 8; const DISABLE_COPYRIGHT = 8;
const DISABLE_ABOUT = 16; const DISABLE_ABOUT = 16;
const DISABLE_ALL = 31;
// Map flags to string // Map flags to string
public static $disable = array( public static $disable = array(
@ -2560,8 +2561,26 @@ class H5PContentValidator {
if (in_array('del', $tags) || in_array('strike', $tags) && ! in_array('s', $tags)) { if (in_array('del', $tags) || in_array('strike', $tags) && ! in_array('s', $tags)) {
$tags[] = 's'; $tags[] = 's';
} }
// Determine allowed style tags
$stylePatterns = array();
if (isset($semantics->font)) {
if (isset($semantics->font->size) && $semantics->font->size) {
$stylePatterns[] = '/^font-size: *[0-9.]+(em|px|%) *;?$/i';
}
if (isset($semantics->font->family) && $semantics->font->family) {
$stylePatterns[] = '/^font-family: *[a-z0-9," ]+;?$/i';
}
if (isset($semantics->font->color) && $semantics->font->color) {
$stylePatterns[] = '/^color: *(#[a-f0-9]{3}[a-f0-9]{3}?|rgba?\([0-9, ]+\)) *;?$/i';
}
if (isset($semantics->font->background) && $semantics->font->background) {
$stylePatterns[] = '/^background-color: *(#[a-f0-9]{3}[a-f0-9]{3}?|rgba?\([0-9, ]+\)) *;?$/i';
}
}
// Strip invalid HTML tags. // Strip invalid HTML tags.
$text = $this->filter_xss($text, $tags); $text = $this->filter_xss($text, $tags, $stylePatterns);
} }
else { else {
// Filter text to plain text. // Filter text to plain text.
@ -2984,7 +3003,7 @@ class H5PContentValidator {
* *
* @ingroup sanitization * @ingroup sanitization
*/ */
private function filter_xss($string, $allowed_tags = array('a', 'em', 'strong', 'cite', 'blockquote', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd')) { private function filter_xss($string, $allowed_tags = array('a', 'em', 'strong', 'cite', 'blockquote', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd'), $allowedStyles = FALSE) {
if (strlen($string) == 0) { if (strlen($string) == 0) {
return $string; return $string;
} }
@ -2995,6 +3014,8 @@ class H5PContentValidator {
return ''; return '';
} }
$this->allowedStyles = $allowedStyles;
// Store the text format. // Store the text format.
$this->_filter_xss_split($allowed_tags, TRUE); $this->_filter_xss_split($allowed_tags, TRUE);
// Remove NULL characters (ignored by some browsers). // Remove NULL characters (ignored by some browsers).
@ -3088,7 +3109,7 @@ class H5PContentValidator {
$xhtml_slash = $count ? ' /' : ''; $xhtml_slash = $count ? ' /' : '';
// Clean up attributes. // Clean up attributes.
$attr2 = implode(' ', $this->_filter_xss_attributes($attrlist)); $attr2 = implode(' ', $this->_filter_xss_attributes($attrlist, ($elem === 'span' ? $this->allowedStyles : FALSE)));
$attr2 = preg_replace('/[<>]/', '', $attr2); $attr2 = preg_replace('/[<>]/', '', $attr2);
$attr2 = strlen($attr2) ? ' ' . $attr2 : ''; $attr2 = strlen($attr2) ? ' ' . $attr2 : '';
@ -3101,7 +3122,7 @@ class H5PContentValidator {
* @return * @return
* Cleaned up version of the HTML attributes. * Cleaned up version of the HTML attributes.
*/ */
private function _filter_xss_attributes($attr) { private function _filter_xss_attributes($attr, $allowedStyles = FALSE) {
$attrarr = array(); $attrarr = array();
$mode = 0; $mode = 0;
$attrname = ''; $attrname = '';
@ -3141,6 +3162,17 @@ class H5PContentValidator {
case 2: case 2:
// Attribute value, a URL after href= for instance. // Attribute value, a URL after href= for instance.
if (preg_match('/^"([^"]*)"(\s+|$)/', $attr, $match)) { if (preg_match('/^"([^"]*)"(\s+|$)/', $attr, $match)) {
if ($allowedStyles && $attrname === 'style') {
// Allow certain styles
foreach ($allowedStyles as $pattern) {
if (preg_match($pattern, $match[1])) {
$attrarr[] = 'style="' . $match[1] . '"';
break;
}
}
break;
}
$thisval = $this->filter_xss_bad_protocol($match[1]); $thisval = $this->filter_xss_bad_protocol($match[1]);
if (!$skip) { if (!$skip) {

15
js/h5p.js
View File

@ -774,7 +774,7 @@ H5P.newRunnable = function (library, contentId, $attachTo, skipResize, extras) {
*/ */
H5P.error = function (err) { H5P.error = function (err) {
if (window.console !== undefined && console.error !== undefined) { if (window.console !== undefined && console.error !== undefined) {
console.error(err); console.error(err.stack ? err.stack : err);
} }
}; };
@ -883,10 +883,17 @@ H5P.getCopyrights = function (instance, parameters, contentId) {
var copyrights; var copyrights;
if (instance.getCopyrights !== undefined) { if (instance.getCopyrights !== undefined) {
// Use the instance's own copyright generator try {
copyrights = instance.getCopyrights(); // Use the instance's own copyright generator
copyrights = instance.getCopyrights();
}
catch (err) {
// Failed, prevent crashing page.
H5P.error(err);
}
} }
else {
if (copyrights === undefined) {
// Create a generic flat copyright list // Create a generic flat copyright list
copyrights = new H5P.ContentCopyrights(); copyrights = new H5P.ContentCopyrights();
H5P.findCopyrights(copyrights, parameters, contentId); H5P.findCopyrights(copyrights, parameters, contentId);