From 5fb44e70c02b312f8a212d0351f1e5eba1baf0ed Mon Sep 17 00:00:00 2001 From: Amaia Anabitarte Date: Mon, 4 Nov 2019 15:32:51 +0100 Subject: [PATCH] MDL-67110 filter_h5p: Removing wildcard characters --- filter/displayh5p/filter.php | 6 +++--- filter/displayh5p/lang/en/filter_displayh5p.php | 4 +--- filter/displayh5p/settings.php | 2 +- filter/displayh5p/tests/filter_test.php | 2 +- 4 files changed, 6 insertions(+), 8 deletions(-) diff --git a/filter/displayh5p/filter.php b/filter/displayh5p/filter.php index d13ff33da1a..59c06865b76 100644 --- a/filter/displayh5p/filter.php +++ b/filter/displayh5p/filter.php @@ -63,7 +63,7 @@ class filter_displayh5p extends moodle_text_filter { $allowedsources = get_config('filter_displayh5p', 'allowedsources'); $allowedsources = array_filter(array_map('trim', explode("\n", $allowedsources))); - $localsource = '('.preg_quote($CFG->wwwroot).'/[^ &<]*\.h5p([?][^ <]*)?[^ &<]*)'; + $localsource = '('.preg_quote($CFG->wwwroot).'/[^ &\#"\'<]*\.h5p([?][^ "\'<]*)?[^ \#"\'<]*)'; $allowedsources[] = $localsource; $params = array( @@ -71,8 +71,8 @@ class filter_displayh5p extends moodle_text_filter { 'tagend' => '' ); - $specialchars = ['*', '?', '&', '[^<]']; - $escapedspecialchars = ['[^.]+', '\?', '&', '[^<]*']; + $specialchars = ['?', '&']; + $escapedspecialchars = ['\?', '&']; $h5pcontents = array(); // Check all allowed sources. diff --git a/filter/displayh5p/lang/en/filter_displayh5p.php b/filter/displayh5p/lang/en/filter_displayh5p.php index 950324dfbd0..dfb1f12c938 100644 --- a/filter/displayh5p/lang/en/filter_displayh5p.php +++ b/filter/displayh5p/lang/en/filter_displayh5p.php @@ -27,8 +27,6 @@ defined('MOODLE_INTERNAL') || die; $string['allowedsourceslist'] = 'Allowed sources'; $string['allowedsourceslistdesc'] = 'A list of URLs from which users can embed H5P content. If none are specified, all URLs will remain as links and not be displayed as embedded H5P content. -\'[id]\' is a placeholder for the H5P content ID in the external source. - -The wildcard character \'*\' may be used to specify subdomains. For example, *.example.com will allow embedded H5P content from any subdomain of example.com, but not from the example.com domain.'; +\'[id]\' is a placeholder for the H5P content ID in the external source.'; $string['filtername'] = 'Display H5P'; $string['privacy:metadata'] = 'The display H5P filter does not store any personal data.'; diff --git a/filter/displayh5p/settings.php b/filter/displayh5p/settings.php index ca5199009cd..3bed622ac2e 100644 --- a/filter/displayh5p/settings.php +++ b/filter/displayh5p/settings.php @@ -30,5 +30,5 @@ if ($ADMIN->fulltree) { get_string('allowedsourceslist', 'filter_displayh5p'), get_string('allowedsourceslistdesc', 'filter_displayh5p'), - "https://h5p.org/h5p/embed/[id]\nhttps://*.h5p.com/content/[id]/embed\nhttps://*.h5p.com/content/[id]")); + "https://h5p.org/h5p/embed/[id]")); } diff --git a/filter/displayh5p/tests/filter_test.php b/filter/displayh5p/tests/filter_test.php index a8313c8b345..8ace0931a14 100644 --- a/filter/displayh5p/tests/filter_test.php +++ b/filter/displayh5p/tests/filter_test.php @@ -42,7 +42,7 @@ class filter_displayh5p_testcase extends advanced_testcase { $this->resetAfterTest(true); set_config('allowedsources', - "https://h5p.org/h5p/embed/[id]\nhttps://*.h5p.com/content/[id]/embed\nhttps://*.h5p.com/content/[id] + "https://h5p.org/h5p/embed/[id]\nhttps://moodle.h5p.com/content/[id]/embed\nhttps://moodle.h5p.com/content/[id] \nhttps://generic.wordpress.soton.ac.uk/altc/wp-admin/admin-ajax.php?action=h5p_embed&id=[id]", 'filter_displayh5p'); } -- 2.17.1