mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-22 17:02:03 +02:00
Code Issues Projects Releases Wiki Activity

MDL-67110 filter_h5p: Removing wildcard characters

Browse Source
This commit is contained in:
Amaia Anabitarte 2019-11-04 15:32:51 +01:00 committed by Sara Arjona
parent b57e1c9590
commit 21cb97560a
4 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
filter/displayh5p/filter.php
View File

@ -63,7 +63,7 @@ class filter_displayh5p extends moodle_text_filter {
$allowedsources = get_config('filter_displayh5p', 'allowedsources');
$allowedsources = array_filter(array_map('trim', explode("\n", $allowedsources)));
$localsource = '('.preg_quote($CFG->wwwroot).'/[^ &<]*\.h5p([?][^ <]*)?[^ &<]*)';
$localsource = '('.preg_quote($CFG->wwwroot).'/[^ &\#"\'<]*\.h5p([?][^ "\'<]*)?[^ \#"\'<]*)';
$allowedsources[] = $localsource;
$params = array(
@ -71,8 +71,8 @@ class filter_displayh5p extends moodle_text_filter {
'tagend' => '</iframe>'
);
$specialchars = ['*', '?', '&', '[^<]'];
$escapedspecialchars = ['[^.]+', '\?', '&amp;', '[^<]*'];
$specialchars = ['?', '&'];
$escapedspecialchars = ['\?', '&amp;'];
$h5pcontents = array();
// Check all allowed sources.

4
filter/displayh5p/lang/en/filter_displayh5p.php
View File

@ -27,8 +27,6 @@ defined('MOODLE_INTERNAL') || die;
$string['allowedsourceslist'] = 'Allowed sources';
$string['allowedsourceslistdesc'] = 'A list of URLs from which users can embed H5P content. If none are specified, all URLs will remain as links and not be displayed as embedded H5P content.
\'[id]\' is a placeholder for the H5P content ID in the external source.
The wildcard character \'*\' may be used to specify subdomains. For example, *.example.com will allow embedded H5P content from any subdomain of example.com, but not from the example.com domain.';
\'[id]\' is a placeholder for the H5P content ID in the external source.';
$string['filtername'] = 'Display H5P';
$string['privacy:metadata'] = 'The display H5P filter does not store any personal data.';

2
filter/displayh5p/settings.php
View File

@ -30,5 +30,5 @@ if ($ADMIN->fulltree) {
get_string('allowedsourceslist',
'filter_displayh5p'),
get_string('allowedsourceslistdesc', 'filter_displayh5p'),
"https://h5p.org/h5p/embed/[id]\nhttps://*.h5p.com/content/[id]/embed\nhttps://*.h5p.com/content/[id]"));
"https://h5p.org/h5p/embed/[id]"));
}

2
filter/displayh5p/tests/filter_test.php
View File

@ -42,7 +42,7 @@ class filter_displayh5p_testcase extends advanced_testcase {
$this->resetAfterTest(true);
set_config('allowedsources',
"https://h5p.org/h5p/embed/[id]\nhttps://*.h5p.com/content/[id]/embed\nhttps://*.h5p.com/content/[id]
"https://h5p.org/h5p/embed/[id]\nhttps://moodle.h5p.com/content/[id]/embed\nhttps://moodle.h5p.com/content/[id]
\nhttps://generic.wordpress.soton.ac.uk/altc/wp-admin/admin-ajax.php?action=h5p_embed&id=[id]",
'filter_displayh5p');
}