diff --git a/h5p.classes.php b/h5p.classes.php index 619cbc4..c291c2d 100644 --- a/h5p.classes.php +++ b/h5p.classes.php @@ -640,10 +640,31 @@ class H5PValidator { * TRUE if the .h5p file is valid */ public function isValidPackage($skipContent = FALSE, $upgradeOnly = FALSE) { + // Check that directories are writable + if (!H5PCore::dirReady($this->h5pC->path . DIRECTORY_SEPARATOR . 'content')) { + $this->h5pF->setErrorMessage($this->h5pF->t('Unable to write to the content directory.')); + return FALSE; + } + if (!H5PCore::dirReady($this->h5pC->path . DIRECTORY_SEPARATOR . 'libraries')) { + $this->h5pF->setErrorMessage($this->h5pF->t('Unable to write to the libraries directory.')); + return FALSE; + } + + // Make sure Zip is present. + if (!class_exists('ZipArchive')) { + $this->h5pF->setErrorMessage($this->h5pF->t('Your PHP version does not support ZipArchive.')); + return FALSE; + } + // Create a temporary dir to extract package in. $tmpDir = $this->h5pF->getUploadedH5pFolderPath(); $tmpPath = $this->h5pF->getUploadedH5pPath(); + if (!H5PCore::dirReady($tmpDir)) { + $this->h5pF->setErrorMessage($this->h5pF->t('Unable to write to the temporary directory.')); + return FALSE; + } + $valid = TRUE; // Extract and then remove the package file. @@ -1283,12 +1304,8 @@ class H5PStorage { $contentId = $this->h5pC->saveContent($content, $contentMainId); $this->contentId = $contentId; - $contents_path = $this->h5pC->path . DIRECTORY_SEPARATOR . 'content'; - if (!is_dir($contents_path)) { - mkdir($contents_path, 0777, true); - } - // Move the content folder + $contents_path = $this->h5pC->path . DIRECTORY_SEPARATOR . 'content'; $destination_path = $contents_path . DIRECTORY_SEPARATOR . $contentId; $this->h5pC->copyFileTree($current_path, $destination_path); @@ -1310,12 +1327,6 @@ class H5PStorage { $newOnes = 0; $oldOnes = 0; - // Find libraries directory and make sure it exists - $libraries_path = $this->h5pC->path . DIRECTORY_SEPARATOR . 'libraries'; - if (!is_dir($libraries_path)) { - mkdir($libraries_path, 0777, true); - } - // Go through libraries that came with this package foreach ($this->h5pC->librariesJsonData as $libString => &$library) { // Find local library identifier @@ -1345,6 +1356,7 @@ class H5PStorage { $this->h5pF->saveLibraryData($library, $new); // Make sure destination dir is free + $libraries_path = $this->h5pC->path . DIRECTORY_SEPARATOR . 'libraries'; $destination_path = $libraries_path . DIRECTORY_SEPARATOR . H5PCore::libraryToString($library, TRUE); H5PCore::deleteFileTree($destination_path); @@ -1485,9 +1497,11 @@ Class H5PExport { $tempPath = $h5pDir . 'temp' . DIRECTORY_SEPARATOR . $content['id']; $zipPath = $h5pDir . 'exports' . DIRECTORY_SEPARATOR . $content['slug'] . '-' . $content['id'] . '.h5p'; - // Temp dir to put the h5p files in - @mkdir($tempPath, 0777, TRUE); - @mkdir($h5pDir . 'exports', 0777, TRUE); + // Make sure the exports dir is ready + if (!H5PCore::dirReady($h5pDir . 'exports')) { + $this->h5pF->setErrorMessage($this->h5pF->t('Unable to write to the exports directory.')); + return FALSE; + } // Create content folder if ($this->h5pC->copyFileTree($h5pDir . 'content' . DIRECTORY_SEPARATOR . $content['id'], $tempPath . DIRECTORY_SEPARATOR . 'content') === FALSE) { @@ -1495,6 +1509,7 @@ Class H5PExport { } file_put_contents($tempPath . DIRECTORY_SEPARATOR . 'content' . DIRECTORY_SEPARATOR . 'content.json', $content['params']); + // Make embedTypes into an array $embedTypes = explode(', ', $content['embedType']); // Won't content always be embedded in one way? @@ -1756,6 +1771,9 @@ class H5PCore { 'library' => H5PCore::libraryToString($content['library']), 'params' => json_decode($content['params']) ); + if (!$params->params) { + return NULL; + } $validator->validateLibrary($params, (object) array('options' => array($params->library))); $params = json_encode($params->params); @@ -2084,14 +2102,17 @@ class H5PCore { * Indicates if the directory existed. */ public function copyFileTree($source, $destination) { - $dir = opendir($source); - - if ($dir === FALSE) { - $this->h5pF->setErrorMessage($this->h5pF->t('Unable to copy tree, no such directory: @dir', array('@dir' => $source))); + if (!H5PCore::dirReady($destination)) { + $this->h5pF->setErrorMessage($this->h5pF->t('Unable to copy file tree.')); + return FALSE; + } + + $dir = opendir($source); + if ($dir === FALSE) { + $this->h5pF->setErrorMessage($this->h5pF->t('Unable to copy file tree.')); return FALSE; } - @mkdir($destination); while (false !== ($file = readdir($dir))) { if (($file != '.') && ($file != '..') && $file != '.git' && $file != '.gitignore') { if (is_dir($source . DIRECTORY_SEPARATOR . $file)) { @@ -2475,6 +2496,36 @@ class H5PCore { return $input; } + + /** + * Recursive function that makes sure the specified directory exists and + * is writable. + * + * @param string $path + * @return bool + */ + public static function dirReady($path) { + if (!file_exists($path)) { + $parent = preg_replace("/\/[^\/]+\/?$/", '', $path); + if (!H5PCore::dirReady($parent)) { + return FALSE; + } + + mkdir($path, 0777, true); + } + + if (!is_dir($path)) { + trigger_error('Path is not a directory ' . $path, E_USER_WARNING); + return FALSE; + } + + if (!is_writable($path)) { + trigger_error('Unable to write to ' . $path . ' – check directory permissions –', E_USER_WARNING); + return FALSE; + } + + return TRUE; + } } /** diff --git a/js/h5p.js b/js/h5p.js index 2137da4..04acfe1 100644 --- a/js/h5p.js +++ b/js/h5p.js @@ -1692,6 +1692,12 @@ H5P.createTitle = function (rawTitle, maxLength) { * @param {boolean} [async=true] */ function contentUserDataAjax(contentId, dataType, subContentId, done, data, preload, invalidate, async) { + if (H5PIntegration.user === undefined) { + // Not logged in, no use in saving. + done('Not signed in.'); + return; + } + var options = { url: H5PIntegration.ajax.contentUserData.replace(':contentId', contentId).replace(':dataType', dataType).replace(':subContentId', subContentId ? subContentId : 0), dataType: 'json',