Commit Graph

324 Commits (c9914966f334c4e3f23270e11b0f24acd643f0fe)

Author SHA1 Message Date
Svein-Tore Griff With 9a4f57fa7d Make sure that texts are texts 2013-07-24 18:01:07 +02:00
Frank Ronny Larsen bd1f25448b OPPG-473: Safari now use fake fullscreen.
Which is better than real fullscreen IMNSVHO...
2013-07-18 15:58:52 +02:00
Frank Ronny Larsen 7736506b39 Avoid double encoding of htmlspecialchars, we get them encoded from editor 2013-07-17 15:11:37 +02:00
Frank Ronny Larsen 67cfc1d333 OPPG-470: More potential threats in validator 2013-07-17 12:55:51 +02:00
Svein-Tore Griff With db388d9a14 OPPG-470: Fixed several (potential) security problems
The biggest problem was that no filtering was done on lists because list values wasn't passed by referende through foreach
Also made sure lists where lists and keys where numbers
Made sure libraries only have library and semantics properties
2013-07-17 11:41:23 +02:00
Frank Ronny Larsen 46e4d67c06 Merge branch 'master' of b.amendor.com:h5p 2013-07-16 08:56:10 +02:00
Svein-Tore Griff With b69ee7c2e3 OPPG-436: Rewrote logic so that the entire library processing is skipped if the user doesn't have access to update libraries 2013-07-15 17:36:56 +02:00
Frank Ronny Larsen 6d231499e3 OPPG-459: "multiple" option for semantic type "select"
Specifies that the select shall handle multiple options.
Used by dynamicCheckboxes widget.
2013-07-15 16:25:10 +02:00
Frank Ronny Larsen fcc9ed4e24 Merge branch 'master' of b.amendor.com:h5p 2013-07-15 15:12:51 +02:00
Frank Ronny Larsen ca8aca2678 Validator fixes...
Added better handling of select widget for multiple selects:
 - Test for array, checks each element if found.
 - Tests if valid options are set in semantics, enters "strict" mode if set (allows only said options)
 - Non strict mode allows any option.
 - All set values are htmlspecialcharred, even if strict.
2013-07-15 15:07:53 +02:00
Svein-Tore Griff With 4dfb80a8d9 Move whitelist logic out of drupal and into H5P core 2013-07-13 22:25:18 +02:00
Frank Ronny Larsen 706c61bfe8 Replaced PHP strip_tags with D7 filter_xss. Good thing we cache this.. 2013-07-12 14:49:37 +02:00
Frank Ronny Larsen 7af599ae0d OPPG-413: Merge file handlers, better htmlspecialchars
Filelike objects are now handled by the same code, not 4 copies of it.
htmlspecialchars are now specified as UTF-8 and will encode ALL quotes.
2013-07-11 15:17:26 +02:00
Frank Ronny Larsen fb1b9fc719 OPPG-413: Fixed security hole inserted by validator itself.. 2013-07-11 15:13:15 +02:00
Frank Ronny Larsen 4509626a0d OPPG-413: Changed how HTML is handled for text. Any text widget with tags specified will now be treated as HTML 2013-07-11 14:36:31 +02:00
Frank Ronny Larsen 27345e22f8 BUGFIX: Use , not semantics tags after preprocessing tags, fixes in_array bugs 2013-07-11 13:12:17 +02:00
Frank Ronny Larsen b487f452d6 BUGFIX: Regexp from semantics does not contain delimiters. Add in PHP 2013-07-10 11:02:17 +02:00
Frank Ronny Larsen ec5c3ae1d5 BUGFIX: -> 2013-07-10 10:34:41 +02:00
Frank Ronny Larsen 7ab0309d0c OPPG-413: If using defaults, add extra tags for table etc. too. + Extra validation for image/video/audio 2013-07-10 09:59:35 +02:00
Frank Ronny Larsen ca1e84293a OPPG-413: Use default tag list if no tags are set. 2013-07-09 15:42:30 +02:00
Frank Ronny Larsen d57f4cb109 Merge branch 'master' of b.amendor.com:h5p
Conflicts:
	library/h5p.classes.php
2013-07-09 15:16:36 +02:00
Frank Ronny Larsen ab316a163c OPPG-425: Add hook_alter_h5p_semantics
Also re-adds getLibrarySemantics in core, used by the validator to fetch decoded semantics.
This function is also responsible for calling the hook.
2013-07-09 15:13:09 +02:00
Frode Petterson 9a12f49aea OPPG-413: Added this. 2013-07-09 14:43:22 +02:00
Frank Ronny Larsen b5990bff8e Merge branch 'master' of b.amendor.com:h5p 2013-07-09 11:01:38 +02:00
Frank Ronny Larsen 938b38c6f6 Comment fix 2013-07-09 11:01:29 +02:00
Pål Jørgensen 54040c273e Implemented String.prototype.trim if not defined to support IE8 2013-07-09 10:36:27 +02:00
Frank Ronny Larsen d3953475f0 Whitespace 2013-07-09 10:14:42 +02:00
Frank Ronny Larsen a247ca470c OPPG-413: Validator just got a little more annoying. Gives warning if mandatory fields are missing in group 2013-07-09 10:10:32 +02:00
Frank Ronny Larsen 6e99a052e2 OPPG-413: BUGFIX: Use isset() to check for existence 2013-07-09 09:41:57 +02:00
Frank Ronny Larsen 1548ebaf94 OPPG-172: Added library whitelist extension
Adds js and css as allowed extensions for library.
Manually add swf if wanted.
2013-07-08 18:22:38 +02:00
Pål Jørgensen 112e1e1108 Merge branch 'master' of b.amendor.com:h5p 2013-07-08 17:12:48 +02:00
Pål Jørgensen 118024d479 Only clearing cache if at least one library was created or updated 2013-07-08 17:12:40 +02:00
Frank Ronny Larsen a7aeefc367 OPPG-414: Removed just in case-code. 2013-07-08 17:02:05 +02:00
Frank Ronny Larsen b76f1395f3 Merge branch 'OPPG-413' 2013-07-08 16:24:24 +02:00
Frank Ronny Larsen d2e3558927 OPPG-413: Enable caching, fill default tag list for HTML validation 2013-07-08 16:15:54 +02:00
Frank Ronny Larsen 35e2623e1b OPPG-413: Validation of specific limitations from semantics. 2013-07-08 15:28:45 +02:00
Frank Ronny Larsen 1ca9eff064 OPPG-413: Validation fixes 2013-07-08 14:59:15 +02:00
Pål Jørgensen aba62d5b48 Merge branch 'master' of b.amendor.com:h5p
Conflicts:
	example_content/coursepresentation/H5P.CoursePresentation/library.json
	example_content/coursepresentation/H5P.CoursePresentation/styles/cp.css
2013-07-08 09:39:39 +02:00
Pål Jørgensen 38d8269a76 Added new element type in coursepresentation: ExportableTextArea 2013-07-08 08:59:14 +02:00
Frank Ronny Larsen fca2d6924a Merge branch 'master' into OPPG-413
Conflicts:
	h5p.module
2013-07-08 08:56:08 +02:00
Frank Ronny Larsen 5f0ba2f2a0 OPPG-413: Validator mostly ready. Huge problems with lists. 2013-07-05 17:35:59 +02:00
Frode Petterson 4d5741c47a Merge branch 'ndla2' 2013-07-04 13:45:17 +02:00
Svein-Tore Griff With 8c46294dcd OPPG-376: Added comment about the getContentPath function beeing deprecated 2013-07-04 10:38:52 +02:00
Svein-Tore Griff With 9a2e77a069 OPPG-376: Added api function that was removed in previous commit by Frode Petterson 2013-07-04 10:38:17 +02:00
Svein-Tore Griff With 59025c8e68 OPPG-376: Added comment about the getContentPath function beeing deprecated 2013-07-03 14:24:09 +02:00
Svein-Tore Griff With 9d9b3bbc51 OPPG-376: Added api function that was removed in previous commit by Frode Petterson 2013-07-03 14:22:00 +02:00
Frank Ronny Larsen d1036e9a5a OPPG-172: Added File extentension white list for content
Scan content files to ensure all files comply with the configured
set of valid extensions.
Disallows adding htaccess or php to allowed extension too.
2013-06-30 22:14:16 +02:00
Frank Ronny Larsen 312bd0f8b5 OPPG-414: Specific permission for updating libraries
Added a permission.
Added a new function to H5PFrameworkInterface for testing if allowed to update library
Added apropriate tests.
2013-06-30 16:39:17 +02:00
Frank Ronny Larsen a34d0ea3e7 BUGFIX: Use DIRECTORY_SEPARATOR instead of '/' 2013-06-30 15:32:38 +02:00
Frode Petterson b21d129d2c OPPG-376: The forgotten code! 2013-06-27 14:29:56 +02:00