From d1036e9a5a22117f4935d0986e7da444be37d464 Mon Sep 17 00:00:00 2001
From: Frank Ronny Larsen <frank.larsen@amendor.no>
Date: Sun, 30 Jun 2013 22:14:16 +0200
Subject: [PATCH] OPPG-172: Added File extentension white list for content

Scan content files to ensure all files comply with the configured
set of valid extensions.
Disallows adding htaccess or php to allowed extension too.
---
 h5p.classes.php | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/h5p.classes.php b/h5p.classes.php
index aef31fa..36dc3b3 100644
--- a/h5p.classes.php
+++ b/h5p.classes.php
@@ -114,7 +114,18 @@ interface H5PFrameworkInterface {
    *  Any contentMainId defined by the framework, for instance to support revisioning
    */
   public function saveContentData($contentId, $contentJson, $mainJsonData, $mainLibraryId, $contentMainId = NULL);
-  
+
+  /**
+   * Validates content files
+   *
+   * @param string $contentPath
+   *  The path containg content files to validate.
+   * @return boolean
+   *  TRUE if all files are valid
+   *  FALSE if one or more files fail validation. Error message should be set accordingly by validator.
+   */
+  public function validateContentFiles($contentPath);
+
   /**
    * Save what libraries a library is dependending on
    * 
@@ -355,7 +366,11 @@ class H5PValidator {
         }
         else {
           $contentExists = TRUE;
-          // In the future we might let the librarys provide validation functions for content.json
+          // In the future we might let the libraries provide validation functions for content.json
+        }
+        if (!$this->h5pF->validateContentFiles($filePath)) {
+          $valid = FALSE;
+          continue;
         }
       }