OPPG-172: Added File extentension white list for content
Scan content files to ensure all files comply with the configured set of valid extensions. Disallows adding htaccess or php to allowed extension too.namespaces
parent
312bd0f8b5
commit
d1036e9a5a
|
@ -115,6 +115,17 @@ interface H5PFrameworkInterface {
|
||||||
*/
|
*/
|
||||||
public function saveContentData($contentId, $contentJson, $mainJsonData, $mainLibraryId, $contentMainId = NULL);
|
public function saveContentData($contentId, $contentJson, $mainJsonData, $mainLibraryId, $contentMainId = NULL);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Validates content files
|
||||||
|
*
|
||||||
|
* @param string $contentPath
|
||||||
|
* The path containg content files to validate.
|
||||||
|
* @return boolean
|
||||||
|
* TRUE if all files are valid
|
||||||
|
* FALSE if one or more files fail validation. Error message should be set accordingly by validator.
|
||||||
|
*/
|
||||||
|
public function validateContentFiles($contentPath);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Save what libraries a library is dependending on
|
* Save what libraries a library is dependending on
|
||||||
*
|
*
|
||||||
|
@ -355,7 +366,11 @@ class H5PValidator {
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$contentExists = TRUE;
|
$contentExists = TRUE;
|
||||||
// In the future we might let the librarys provide validation functions for content.json
|
// In the future we might let the libraries provide validation functions for content.json
|
||||||
|
}
|
||||||
|
if (!$this->h5pF->validateContentFiles($filePath)) {
|
||||||
|
$valid = FALSE;
|
||||||
|
continue;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue