mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-17 21:49:15 +01:00
Code Issues Projects Releases Wiki Activity

MDL-80088 mod_imscp: better uploaded package filetype validation.

Browse Source
This commit is contained in:
Paul Holden 2023-11-13 09:27:06 +00:00
parent d3ad77e476
commit 6446714305
No known key found for this signature in database
GPG Key ID: A81A96D6045F6164
2 changed files with 5 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/classes/filetypes.php
View File

@ -127,6 +127,7 @@ abstract class core_filetypes {
'ico' => array('type' => 'image/vnd.microsoft.icon', 'icon' => 'image',
'groups' => array('image'), 'string' => 'image'),
'ics' => array('type' => 'text/calendar', 'icon' => 'text'),
'imscc' => array('type' => 'application/zip', 'icon' => 'archive', 'string' => 'archive'),
'isf' => array('type' => 'application/inspiration', 'icon' => 'isf'),
'ist' => array('type' => 'application/inspiration.template', 'icon' => 'isf'),
'java' => array('type' => 'text/plain', 'icon' => 'sourcecode'),

18
mod/imscp/mod_form.php
View File

@ -59,7 +59,9 @@ class mod_imscp_mod_form extends moodleform_mod {
// IMS-CP file upload.
$mform->addElement('header', 'content', get_string('contentheader', 'imscp'));
$mform->setExpanded('content', true);
$mform->addElement('filepicker', 'package', get_string('packagefile', 'imscp'));
$mform->addElement('filepicker', 'package', get_string('packagefile', 'imscp'), null,
['accepted_types' => ['application/zip', '.imscc']]);
$options = array('-1' => get_string('all'), '0' => get_string('no'),
'1' => '1', '2' => '2', '5' => '5', '10' => '10', '20' => '20');
@ -78,27 +80,15 @@ class mod_imscp_mod_form extends moodleform_mod {
* @param array $files
*/
public function validation($data, $files) {
global $USER;
if ($errors = parent::validation($data, $files)) {
return $errors;
}
$usercontext = context_user::instance($USER->id);
$fs = get_file_storage();
if (!$files = $fs->get_area_files($usercontext->id, 'user', 'draft', $data['package'], 'id', false)) {
if (!$this->get_draft_files('package')) {
if (!$this->current->instance) {
$errors['package'] = get_string('required');
return $errors;
}
} else {
$file = reset($files);
if ($file->get_mimetype() != 'application/zip') {
$errors['package'] = get_string('invalidfiletype', 'error', '', $file);
// Better delete current file, it is not usable anyway.
$fs->delete_area_files($usercontext->id, 'user', 'draft', $data['package']);
}
}
return $errors;