EDUCATIC/h5p-php-library
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
171 commits 28 branches 133 tags 3.5 MiB
Commit graph

121 commits

Author SHA1 Message Date
Frank Ronny Larsen
67cfc1d333 OPPG-470: More potential threats in validator 2013-07-17 12:55:51 +02:00
Svein-Tore Griff With
db388d9a14 OPPG-470: Fixed several (potential) security problems 
The biggest problem was that no filtering was done on lists because list values wasn't passed by referende through foreach
Also made sure lists where lists and keys where numbers
Made sure libraries only have library and semantics properties
 2013-07-17 11:41:23 +02:00
Frank Ronny Larsen
46e4d67c06 Merge branch 'master' of b.amendor.com:h5p 2013-07-16 08:56:10 +02:00
Svein-Tore Griff With
b69ee7c2e3 OPPG-436: Rewrote logic so that the entire library processing is skipped if the user doesn't have access to update libraries 2013-07-15 17:36:56 +02:00
Frank Ronny Larsen
6d231499e3 OPPG-459: "multiple" option for semantic type "select" 
Specifies that the select shall handle multiple options.
Used by dynamicCheckboxes widget.
 2013-07-15 16:25:10 +02:00
Frank Ronny Larsen
fcc9ed4e24 Merge branch 'master' of b.amendor.com:h5p 2013-07-15 15:12:51 +02:00
Frank Ronny Larsen
ca8aca2678 Validator fixes... 
Added better handling of select widget for multiple selects:
 - Test for array, checks each element if found.
 - Tests if valid options are set in semantics, enters "strict" mode if set (allows only said options)
 - Non strict mode allows any option.
 - All set values are htmlspecialcharred, even if strict.
 2013-07-15 15:07:53 +02:00
Svein-Tore Griff With
4dfb80a8d9 Move whitelist logic out of drupal and into H5P core 2013-07-13 22:25:18 +02:00
Frank Ronny Larsen
706c61bfe8 Replaced PHP strip_tags with D7 filter_xss. Good thing we cache this.. 2013-07-12 14:49:37 +02:00
Frank Ronny Larsen
7af599ae0d OPPG-413: Merge file handlers, better htmlspecialchars 
Filelike objects are now handled by the same code, not 4 copies of it.
htmlspecialchars are now specified as UTF-8 and will encode ALL quotes.
 2013-07-11 15:17:26 +02:00
Frank Ronny Larsen
fb1b9fc719 OPPG-413: Fixed security hole inserted by validator itself.. 2013-07-11 15:13:15 +02:00
Frank Ronny Larsen
4509626a0d OPPG-413: Changed how HTML is handled for text. Any text widget with tags specified will now be treated as HTML 2013-07-11 14:36:31 +02:00
Frank Ronny Larsen
27345e22f8 BUGFIX: Use , not semantics tags after preprocessing tags, fixes in_array bugs 2013-07-11 13:12:17 +02:00
Frank Ronny Larsen
b487f452d6 BUGFIX: Regexp from semantics does not contain delimiters. Add in PHP 2013-07-10 11:02:17 +02:00
Frank Ronny Larsen
ec5c3ae1d5 BUGFIX: -> 2013-07-10 10:34:41 +02:00
Frank Ronny Larsen
7ab0309d0c OPPG-413: If using defaults, add extra tags for table etc. too. + Extra validation for image/video/audio 2013-07-10 09:59:35 +02:00
Frank Ronny Larsen
ca1e84293a OPPG-413: Use default tag list if no tags are set. 2013-07-09 15:42:30 +02:00
Frank Ronny Larsen
d57f4cb109 Merge branch 'master' of b.amendor.com:h5p 
Conflicts:
	library/h5p.classes.php
 2013-07-09 15:16:36 +02:00
Frank Ronny Larsen
ab316a163c OPPG-425: Add hook_alter_h5p_semantics 
Also re-adds getLibrarySemantics in core, used by the validator to fetch decoded semantics.
This function is also responsible for calling the hook.
 2013-07-09 15:13:09 +02:00
Frode Petterson
9a12f49aea OPPG-413: Added this. 2013-07-09 14:43:22 +02:00
Frank Ronny Larsen
938b38c6f6 Comment fix 2013-07-09 11:01:29 +02:00
Frank Ronny Larsen
d3953475f0 Whitespace 2013-07-09 10:14:42 +02:00
Frank Ronny Larsen
a247ca470c OPPG-413: Validator just got a little more annoying. Gives warning if mandatory fields are missing in group 2013-07-09 10:10:32 +02:00
Frank Ronny Larsen
6e99a052e2 OPPG-413: BUGFIX: Use isset() to check for existence 2013-07-09 09:41:57 +02:00
Frank Ronny Larsen
1548ebaf94 OPPG-172: Added library whitelist extension 
Adds js and css as allowed extensions for library.
Manually add swf if wanted.
 2013-07-08 18:22:38 +02:00
Pål Jørgensen
112e1e1108 Merge branch 'master' of b.amendor.com:h5p 2013-07-08 17:12:48 +02:00
Pål Jørgensen
118024d479 Only clearing cache if at least one library was created or updated 2013-07-08 17:12:40 +02:00
Frank Ronny Larsen
a7aeefc367 OPPG-414: Removed just in case-code. 2013-07-08 17:02:05 +02:00
Frank Ronny Larsen
d2e3558927 OPPG-413: Enable caching, fill default tag list for HTML validation 2013-07-08 16:15:54 +02:00
Frank Ronny Larsen
35e2623e1b OPPG-413: Validation of specific limitations from semantics. 2013-07-08 15:28:45 +02:00
Frank Ronny Larsen
1ca9eff064 OPPG-413: Validation fixes 2013-07-08 14:59:15 +02:00
Frank Ronny Larsen
5f0ba2f2a0 OPPG-413: Validator mostly ready. Huge problems with lists. 2013-07-05 17:35:59 +02:00
Frank Ronny Larsen
d1036e9a5a OPPG-172: Added File extentension white list for content 
Scan content files to ensure all files comply with the configured
set of valid extensions.
Disallows adding htaccess or php to allowed extension too.
 2013-06-30 22:14:16 +02:00
Frank Ronny Larsen
312bd0f8b5 OPPG-414: Specific permission for updating libraries 
Added a permission.
Added a new function to H5PFrameworkInterface for testing if allowed to update library
Added apropriate tests.
 2013-06-30 16:39:17 +02:00
Frank Ronny Larsen
a34d0ea3e7 BUGFIX: Use DIRECTORY_SEPARATOR instead of '/' 2013-06-30 15:32:38 +02:00
Svein-Tore Griff With
0eb3051ca2 Add storage for the extra h5p.json data 2013-05-07 20:55:44 +02:00
Svein-Tore Griff With
8a94973852 Removing external resources 2013-05-07 19:38:52 +02:00
Svein-Tore Griff With
da99000fe8 Translation of semantics now working 2013-05-03 11:21:08 +02:00
Svein-Tore Griff With
1a9a9b8b0b Add code for supporting language files. The code doesn't work but doesn't seem to break anything either. 2013-05-02 17:09:48 +02:00
Svein-Tore Griff With
7d25f28a6d Fix bugs after refactoring library validation. Also added camelcase on a variable. 2013-05-01 23:24:58 +02:00
Svein-Tore Griff With
252cb01573 refactoring, not stable 2013-05-01 17:22:09 +02:00
Svein-Tore Griff With
0ab794f67b Allow dots in filenames 2013-04-14 15:31:29 +02:00
Svein-Tore Griff With
1cb36af66e Use '-' instead of '_' in folder names 2013-04-13 15:03:04 +02:00
Svein-Tore Griff With
995e56cf60 Save h5p libraries in folders with understandable names 2013-04-13 14:55:33 +02:00
Svein-Tore Griff With
18b2475918 Do not attempt to save library dependencies for libraries that have already been saved, and also remove previous dependencies for libraries that are beeing patched 2013-04-13 14:11:25 +02:00
Svein-Tore Griff With
d51e6e8d01 Fix dependency checking 2013-04-13 13:28:48 +02:00
Frode Petterson
57cc64f28c Added checking for fullscreen. 2013-04-11 14:59:33 +02:00
Frode Petterson
16767e690d Added responsive design to CP. 
Added fullscreen option to H5P module.
 2013-04-10 17:08:57 +02:00
Frode Petterson
64eda45a14 Added autoload so other modules easily may use our classes. 
Moved H5P scripts to library array.
Fixed editor dependencies.
 2013-04-03 15:39:59 +02:00
Svein-Tore Griff With
526b2f4042 Add documentation 2013-03-29 16:35:54 +01:00