added file type migration; updated readme

alex40724 · alex40724 · commit 7455876d244c · 2024-01-25T16:35:24.000+01:00
diff --git a/Services/MediaObjects/README.md b/Services/MediaObjects/README.md
@@ -11,7 +11,7 @@
 - ILIAS 8 supports external youtube and vimeo references. Since it uses mediaelement.js for rendering, not all features of youtube and vimeo are supported. On the other hand mediaelement.js is not able to fully deactivate/hide all features of the native youtube or vimeo presentation.
 - Please note that uploaded svg files will be processed by a sanitizer to eliminate potential insecure parts. This might even lead to non-working svg files, if they rely on these features.
 - PDF rendering support is limited. You might get different results, depending on server configuration and browser version. ILIAS renders the PDF as iframe with a src attribute pointing to the PDF file. The server must be configured to sent PDF files as application/pdf. The browser has to include a builtin PDF viewer. You should at least specify a height either directly or through content CSS rules.
-- HTML media objects need to be activated in the admininistration under "Repository and Objects > Allowed File Types". Please note that this is a potential security risk since this allows to upload HTML/Javascript, e.g. in page editor content. This content is rendered in iframes and since all media objects are located in a special folder, you might try to configure your webserver in a sub-domain isolation manner (currently untested). Since iframes are used you should at least specify a height either directly or through content CSS rules.
+- HTML media objects need to be activated in the admininistration under "Repository and Objects > Allowed File Types" (file suffixes up to ILIAS 8, mime types since ILIAS 9). Please note that this is a potential security risk since this allows to upload HTML/Javascript, e.g. in page editor content. This content is rendered in iframes and since all media objects are located in a special folder, you might try to configure your webserver in a sub-domain isolation manner (currently untested). Since iframes are used you should at least specify a height either directly or through content CSS rules.
 - Using the content style editor allows to define heights especially for PDF/HTML objects (keep the width empty to get a 100% width default behaviour.) e.g.
   - in px
   - relative to the viewport (e.g. setting "height: 80vh" as custom parameter)
diff --git a/Services/MediaObjects/classes/Setup/class.ilMediaObjectsDBUpdateSteps.php b/Services/MediaObjects/classes/Setup/class.ilMediaObjectsDBUpdateSteps.php
@@ -42,4 +42,65 @@ public function step_1(): void
             ));
         }
     }
+
+    public function step_2(): void
+    {
+        $db = $this->db;
+        $set = $db->queryF(
+            "SELECT * FROM settings " .
+            " WHERE module = %s AND keyword = %s ",
+            ["text", "text"],
+            ["mobs", "black_list_file_types"]
+        );
+        $black_list_str = "";
+        while ($rec = $db->fetchAssoc($set)) {
+            $black_list_str = $rec["value"] ?? "";
+        }
+        $black_list = explode(",", $black_list_str);
+        $new_black_list = [];
+        foreach ($black_list as $type) {
+            $type = strtolower(trim($type));
+            switch ($type) {
+                case "html": $type = "text/html";
+                    break;
+                case "mp4": $type = "video/mp4";
+                    break;
+                case "webm": $type = "video/webm";
+                    break;
+                case "mp3": $type = "audio/mpeg";
+                    break;
+                case "png": $type = "image/png";
+                    break;
+                case "jpeg":
+                case "jpg": $type = "image/jpeg";
+                    break;
+                case "gif": $type = "image/gif";
+                    break;
+                case "webp": $type = "image/webp";
+                    break;
+                case "svg": $type = "image/svg+xml";
+                    break;
+                case "pdf": $type = "application/pdf";
+                    break;
+            }
+            if (in_array($type, ["video/vimeo", "video/youtube", "video/mp4", "video/webm", "audio/mpeg",
+                                 "image/png", "image/jpeg", "image/gif", "image/webp", "image/svg+xml",
+                                 "text/html", "application/pdf"])) {
+                if (!in_array($type, $new_black_list)) {
+                    $new_black_list[] = $type;
+                }
+            }
+        }
+        $db->update(
+            "settings",
+            [
+            "value" => ["text", implode(",", $new_black_list)]
+        ],
+            [    // where
+                "module" => ["text", "mobs"],
+                "keyword" => ["text", "black_list_file_types"]
+            ]
+        );
+    }
+
 }
