MDL-69257 H5P: Check size of uploaded files and virus scan
[moodle.git] / h5p / ajax.php
CommitLineData
6da050d7
VDF
1<?php
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * Responsible for handling AJAX requests related to H5P.
19 *
20 * @package core_h5p
21 * @copyright 2020 Victor Deniz <victor@moodle.com>, based on code by Joubel AS
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23 */
24
25use core_h5p\factory;
26use core_h5p\framework;
6157f593 27use core_h5p\local\library\autoloader;
6da050d7
VDF
28
29define('AJAX_SCRIPT', true);
30
31require(__DIR__ . '/../config.php');
32require_once($CFG->libdir . '/filelib.php');
33
6157f593
AA
34if (!confirm_sesskey()) {
35 autoloader::register();
36 H5PCore::ajaxError(get_string('invalidsesskey', 'error'));
6da050d7
VDF
37 header('HTTP/1.1 403 Forbidden');
38 return;
39}
6157f593
AA
40require_login();
41
42$action = required_param('action', PARAM_ALPHA);
6da050d7
VDF
43
44$factory = new factory();
45$editor = $factory->get_editor();
46
d23f0582
SA
47// Set context to default system context.
48$PAGE->set_context(null);
49
6da050d7
VDF
50switch ($action) {
51 // Load list of libraries or details for library.
52 case 'libraries':
53 // Get parameters.
54 $name = optional_param('machineName', '', PARAM_TEXT);
55 $major = optional_param('majorVersion', 0, PARAM_INT);
56 $minor = optional_param('minorVersion', 0, PARAM_INT);
57
58 $language = optional_param('default-language', null, PARAM_ALPHA);
59
60 if (!empty($name)) {
61 $editor->ajax->action(H5PEditorEndpoints::SINGLE_LIBRARY, $name,
62 $major, $minor, framework::get_language(), '', '', $language);
63 } else {
64 $editor->ajax->action(H5PEditorEndpoints::LIBRARIES);
65 }
66
67 break;
68
69 // Load content type cache list to display available libraries in hub.
70 case 'contenttypecache':
71 $editor->ajax->action(H5PEditorEndpoints::CONTENT_TYPE_CACHE);
72 break;
73
74 // Handle file upload through the editor.
6157f593
AA
75 // This endpoint needs a token that only users with H5P editor access could get.
76 // TODO: MDL-68907 to check capabilities.
6da050d7
VDF
77 case 'files':
78 $token = required_param('token', PARAM_RAW);
79 $contentid = required_param('contentId', PARAM_INT);
80
1a804270
MG
81 // Check size of each uploaded file and scan for viruses.
82 foreach ($_FILES as $uploadedfile) {
83 $filename = clean_param($uploadedfile['name'], PARAM_FILE);
84 $maxsize = get_max_upload_file_size($CFG->maxbytes);
85 if ($uploadedfile['size'] > $maxsize) {
86 H5PCore::ajaxError(get_string('maxbytesfile', 'error', ['file' => $filename, 'size' => display_size($maxsize)]));
87 return;
88 }
89 \core\antivirus\manager::scan_file($uploadedfile['tmp_name'], $filename, true);
90 }
91
6da050d7
VDF
92 $editor->ajax->action(H5PEditorEndpoints::FILES, $token, $contentid);
93 break;
94
6da050d7
VDF
95 // Get the $language libraries translations.
96 case 'translations':
97 $language = required_param('language', PARAM_RAW);
98 $editor->ajax->action(H5PEditorEndpoints::TRANSLATIONS, $language);
99 break;
100
101 // Handle filtering of parameters through AJAX.
102 case 'filter':
103 $token = required_param('token', PARAM_RAW);
104 $libraryparameters = required_param('libraryParameters', PARAM_RAW);
105
106 $editor->ajax->action(H5PEditorEndpoints::FILTER, $token, $libraryparameters);
107 break;
108
109 // Throw error if AJAX action is not handled.
110 default:
111 throw new coding_exception('Unhandled AJAX');
112 break;
113}