public function save()
{
$input = JFactory::getApplication()->input;
$contentId = $input->getVar('cid');
// Cannot use input->get() here. It eats all HTML, with no option to
// tell it not to... H5P does its own XSS filtering of HTML fields,
// but it does so when returning it from the database.
$h5p_params = $_POST['edit-h5p-params'];
$library = $input->get('edit-h5p-library', '', 'string');
$h5p_core = H5PJoomla::getInstance('core');
$h5p_joomla = H5PJoomla::getInstance('interface');
$library_data = $h5p_core->libraryFromString($library);
$libraryId = $h5p_joomla->getLibraryId($library_data['machineName'], $library_data['majorVersion'], $library_data['minorVersion']);
$db = JFactory::getDbo();
$jsonQuoted = $db->quote($h5p_params);
$title = $input->get('h5p-title', 'My H5P', 'string');
if (!$title) {
$title = 'Untitled ' . $library_data['machineName'];
}
$titleQuoted = $db->quote($title);
$db->setQuery(sprintf("INSERT INTO #__h5p (h5p_id, title, json_content, embed_type, main_library_id)\n\t\t\t VALUES (%s, %s, %s, 'div, iframe', %d)\n\t\t\t ON DUPLICATE KEY UPDATE title=%s, json_content=%s, main_library_id=%d", $db->quote($contentId), $titleQuoted, $jsonQuoted, $libraryId, $titleQuoted, $jsonQuoted, $libraryId));
$db->query();
$storage = H5PJoomla::getInstance('editorstorage');
$h5pStorage = H5PJoomla::getInstance('storage');
$editor = new H5peditor($storage, JPATH_ROOT . DIRECTORY_SEPARATOR . 'media', JURI::root(true), $h5pStorage);
if (!$editor->createDirectories($contentId)) {
print "<p>Unable to create content directories on the server. Please contact the system administrator.</p>";
return;
}
// Move files.
$editor->processParameters($contentId, $library_data, json_decode($h5p_params), NULL, NULL);
// Response HTML
header('Content-Type: text/html');
print "\n\t\t\t<script type=\"text/javascript\">\n\t\t\t\twindow.parent.insertH5P('{$contentId}', '{$title}');\n\t\t\t</script>\n\t\t";
}
