Merge branch 'MDL-72042-master' of git://github.com/sarjona/moodle

emp7eror · Sep 22, 2021 · 0e979b8 · 0e979b8
2 parents f4a730e + a0d3e32
commit 0e979b8
Show file tree

Hide file tree

Showing 23 changed files with 46 additions and 473 deletions.
diff --git a/filter/mediaplugin/dev/perftest.php b/filter/mediaplugin/dev/perftest.php
@@ -42,7 +42,7 @@
 
 // Enable all players.
 $enabledmediaplugins = \core\plugininfo\media::get_enabled_plugins();
-\core\plugininfo\media::set_enabled_plugins('vimeo,youtube,videojs,html5audio,html5video,swf');
+\core\plugininfo\media::set_enabled_plugins('vimeo,youtube,videojs,html5audio,html5video');
 
 // Create plugin.
 $filterplugin = new filter_mediaplugin(null, array());
@@ -153,4 +153,4 @@ function filter_mediaplugin_perf_stop($name) {
 
 // End page.
 echo html_writer::end_tag('ul');
-print $OUTPUT->footer();
+print $OUTPUT->footer();
diff --git a/filter/mediaplugin/filter.php b/filter/mediaplugin/filter.php
@@ -74,7 +74,7 @@ public function filter($text, array $options = array()) {
             return $text;
         }
 
-        // Check SWF permissions.
+        // Check permissions.
         $this->trusted = !empty($options['noclean']) or !empty($CFG->allowobjectembed);
 
         // Looking for tags.
@@ -177,7 +177,7 @@ private function callback(array $matches) {
      */
     protected function embed_alternatives($urls, $name, $width, $height, $options) {
 
-        // Allow SWF (or not).
+        // Allow trusted content (or not).
         if ($this->trusted) {
             $options[core_media_manager::OPTION_TRUSTED] = true;
         }

diff --git a/filter/mediaplugin/tests/filter_test.php b/filter/mediaplugin/tests/filter_test.php
@@ -34,8 +34,8 @@ class filter_mediaplugin_testcase extends advanced_testcase {
     function test_filter_mediaplugin_link() {
         $this->resetAfterTest(true);
 
-        // we need to enable the plugins somehow and the flash fallback.
-        \core\plugininfo\media::set_enabled_plugins('vimeo,youtube,videojs,html5video,swf,html5audio');
+        // We need to enable the media plugins.
+        \core\plugininfo\media::set_enabled_plugins('vimeo,youtube,videojs,html5video,html5audio');
         set_config('useflash', true, 'media_videojs');
 
         $filterplugin = new filter_mediaplugin(null, array());

diff --git a/lang/en/admin.php b/lang/en/admin.php
@@ -828,8 +828,6 @@
 $string['mediapluginram'] = 'Enable .ram filter';
 $string['mediapluginrm'] = 'Enable .rm filter';
 $string['mediapluginrpm'] = 'Enable .rpm filter';
-$string['mediapluginswf'] = 'Enable .swf filter';
-$string['mediapluginswfnote'] = 'As a default security measure, normal users should not be allowed to embed swf flash files.';
 $string['mediapluginwmv'] = 'Enable .wmv filter';
 $string['mediapluginyoutube'] = 'Enable YouTube links filter';
 $string['messaging'] = 'Enable messaging system';
@@ -1554,3 +1552,6 @@
 
 // Deprecated since Moodle 4.0.
 $string['coursepage'] = 'Course page';
+$string['mediapluginswf'] = 'Enable .swf filter';
+$string['mediapluginswfnote'] = 'As a default security measure, normal users should not be allowed to embed swf flash files.';
+
diff --git a/lang/en/deprecated.txt b/lang/en/deprecated.txt
@@ -159,3 +159,5 @@ importfrominstructions,core_calendar
 proceedtocourse,core_enrol
 coursepage,core_admin
 invalidpersistenterror,core_competency
+mediapluginswf,core_admin
+mediapluginswfnote,core_admin
diff --git a/lib/classes/check/manager.php b/lib/classes/check/manager.php
@@ -126,7 +126,6 @@ public static function get_security_checks(): array {
             new environment\publicpaths(),
             new environment\configrw(),
             new environment\preventexecpath(),
-            new security\mediafilterswf(),
             new security\embed(),
             new security\openprofiles(),
             new security\crawlers(),
@@ -156,4 +155,3 @@ public static function get_security_checks(): array {
         return $checks;
     }
 }
-
diff --git a/lib/classes/check/security/mediafilterswf.php b/lib/classes/check/security/mediafilterswf.php
diff --git a/lib/classes/filetypes.php b/lib/classes/filetypes.php
@@ -260,8 +260,8 @@ protected static function get_default_types() {
             'svgz' => array('type' => 'image/svg+xml', 'icon' => 'image',
                     'groups' => array('image', 'web_image'), 'string' => 'image'),
             'swa' => array('type' => 'application/x-director', 'icon' => 'flash'),
-            'swf' => array('type' => 'application/x-shockwave-flash', 'icon' => 'flash', 'groups' => array('video', 'web_video')),
-            'swfl' => array('type' => 'application/x-shockwave-flash', 'icon' => 'flash', 'groups' => array('video', 'web_video')),
+            'swf' => array('type' => 'application/x-shockwave-flash', 'icon' => 'flash'),
+            'swfl' => array('type' => 'application/x-shockwave-flash', 'icon' => 'flash'),
 
             'sxw' => array('type' => 'application/vnd.sun.xml.writer', 'icon' => 'writer'),
             'stw' => array('type' => 'application/vnd.sun.xml.writer.template', 'icon' => 'writer'),

diff --git a/lib/classes/plugin_manager.php b/lib/classes/plugin_manager.php
@@ -1726,6 +1726,7 @@ public static function is_deleted_standard_plugin($type, $name) {
             'cachestore' => array('memcache'),
             'enrol' => array('authorize'),
             'portfolio' => array('picasa'),
+            'media' => array('swf'),
             'qformat' => array('webct'),
             'message' => array('jabber'),
             'quizaccess' => array('safebrowser'),
@@ -1909,7 +1910,7 @@ public static function standard_plugins_list($type) {
             ),
 
             'media' => array(
-                'html5audio', 'html5video', 'swf', 'videojs', 'vimeo', 'youtube'
+                'html5audio', 'html5video', 'videojs', 'vimeo', 'youtube'
             ),
 
             'message' => array(

diff --git a/lib/db/install.php b/lib/db/install.php
@@ -131,7 +131,7 @@ function xmldb_main_install() {
         'filterall'             => 0, // setting page, so have to be initialised here.
         'texteditors'           => 'atto,tinymce,textarea',
         'antiviruses'           => '',
-        'media_plugins_sortorder' => 'videojs,youtube,swf',
+        'media_plugins_sortorder' => 'videojs,youtube',
         'upgrade_extracreditweightsstepignored' => 1, // New installs should not run this upgrade step.
         'upgrade_calculatedgradeitemsignored' => 1, // New installs should not run this upgrade step.
         'upgrade_letterboundarycourses' => 1, // New installs should not run this upgrade step.

diff --git a/lib/db/upgrade.php b/lib/db/upgrade.php
@@ -2833,5 +2833,14 @@ function xmldb_main_upgrade($oldversion) {
         upgrade_main_savepoint(true, 2021091700.03);
     }
 
+    if ($oldversion < 2021091700.04) {
+        // Remove media_swf (unless it has manually been added back).
+        if (!file_exists($CFG->dirroot . '/media/player/swf/classes/plugin.php')) {
+            unset_all_config_for_plugin('media_swf');
+        }
+
+        upgrade_main_savepoint(true, 2021091700.04);
+    }
+
     return true;
 }
diff --git a/lib/tests/medialib_test.php b/lib/tests/medialib_test.php
@@ -142,10 +142,10 @@ public function test_get_players() {
         $manager = core_media_manager::instance();
         $this->assertSame('youtube, html5audio', $this->get_players_test($manager));
 
-        // Test SWF and HTML5 media order.
-        \core\plugininfo\media::set_enabled_plugins('html5video,html5audio,swf');
+        // Test HTML5 media order.
+        \core\plugininfo\media::set_enabled_plugins('html5video,html5audio');
         $manager = core_media_manager::instance();
-        $this->assertSame('html5video, html5audio, swf', $this->get_players_test($manager));
+        $this->assertSame('html5video, html5audio', $this->get_players_test($manager));
 
         // Make sure that our test plugin is considered installed.
         \core\plugininfo\media::set_enabled_plugins('test,html5video');
@@ -181,11 +181,6 @@ public function test_can_embed_url() {
         \core\plugininfo\media::set_enabled_plugins('html5video');
         $manager = core_media_manager::instance();
         $this->assertTrue($manager->can_embed_url($url));
-
-        // Only SWF.
-        \core\plugininfo\media::set_enabled_plugins('swf');
-        $manager = core_media_manager::instance();
-        $this->assertFalse($manager->can_embed_url($url));
     }
 
     /**
@@ -195,7 +190,6 @@ public function test_can_embed_url() {
     public function test_embed_url_fallbacks() {
 
         // Key strings in the embed code that identify with the media formats being tested.
-        $swf = '</object>';
         $html5video = '</video>';
         $html5audio = '</audio>';
         $link = 'mediafallbacklink';
@@ -218,7 +212,7 @@ public function test_embed_url_fallbacks() {
         $this->assertStringContainsString($link, $t);
 
         // Enable media players that can play the same media formats. (ie. test & html5audio for mp3 files, etc.)
-        \core\plugininfo\media::set_enabled_plugins('test,html5video,html5audio,swf');
+        \core\plugininfo\media::set_enabled_plugins('test,html5video,html5audio');
         $manager = core_media_manager::instance();
 
         // Test media formats that can be played by 2 or more players.
@@ -234,27 +228,23 @@ public function test_embed_url_fallbacks() {
                     $this->assertStringContainsString($test, $textwithlink);
                     $this->assertStringNotContainsString($html5video, $textwithlink);
                     $this->assertStringContainsString($html5audio, $textwithlink);
-                    $this->assertStringNotContainsString($swf, $textwithlink);
                     $this->assertStringContainsString($link, $textwithlink);
 
                     $this->assertStringContainsString($test, $textwithoutlink);
                     $this->assertStringNotContainsString($html5video, $textwithoutlink);
                     $this->assertStringContainsString($html5audio, $textwithoutlink);
-                    $this->assertStringNotContainsString($swf, $textwithoutlink);
                     $this->assertStringNotContainsString($link, $textwithoutlink);
                     break;
 
                 case 'mp4':
                     $this->assertStringContainsString($test, $textwithlink);
                     $this->assertStringContainsString($html5video, $textwithlink);
                     $this->assertStringNotContainsString($html5audio, $textwithlink);
-                    $this->assertStringNotContainsString($swf, $textwithlink);
                     $this->assertStringContainsString($link, $textwithlink);
 
                     $this->assertStringContainsString($test, $textwithoutlink);
                     $this->assertStringContainsString($html5video, $textwithoutlink);
                     $this->assertStringNotContainsString($html5audio, $textwithoutlink);
-                    $this->assertStringNotContainsString($swf, $textwithoutlink);
                     $this->assertStringNotContainsString($link, $textwithoutlink);
                     break;
 
@@ -266,10 +256,9 @@ public function test_embed_url_fallbacks() {
 
     /**
      * Test for embed_url.
-     * Check SWF works including the special option required to enable it
+     * SWF shouldn't be converted to objects because media_swf has been removed.
      */
     public function test_embed_url_swf() {
-        \core\plugininfo\media::set_enabled_plugins('swf');
         $manager = core_media_manager::instance();
 
         // Without any options...
@@ -280,7 +269,7 @@ public function test_embed_url_swf() {
         // ...and with the 'no it's safe, I checked it' option.
         $url = new moodle_url('http://example.org/test.swf');
         $t = $manager->embed_url($url, '', 0, 0, array(core_media_manager::OPTION_TRUSTED => true));
-        $this->assertStringContainsString('</object>', $t);
+        $this->assertStringNotContainsString('</object>', $t);
     }
 
     /**

diff --git a/lib/upgrade.txt b/lib/upgrade.txt
@@ -89,6 +89,8 @@ information provided here is intended especially for developers.
   DB call on every request.
 * As the message_jabber notification plugin has been moved to the plugins database, the XMPPHP library (aka Jabber) has been
 completely removed from Moodle core too.
+* The SWF media player has been completely removed (The Flash Player was deprecated in 2017 and officially discontinued
+on 31 December 2020).
 
 === 3.11.2 ===
 * For security reasons, filelib has been updated so all requests now use emulated redirects.

diff --git a/media/classes/manager.php b/media/classes/manager.php
@@ -66,7 +66,8 @@ final class core_media_manager {
      * Option: Enable players which are only suitable for use when we trust the
      * user who embedded the content.
      *
-     * At present, this option enables the SWF player.
+     * In the past, this option enabled the SWF player (which was removed).
+     * However, this setting will remain because it might be used by third-party plugins.
      *
      * To enable, set value to true.
      */