From 0a0d2dcf2209ee28728e816a7b20856f45e3c99a Mon Sep 17 00:00:00 2001
From: Tomasz Muras <tm@enovation.ie>
Date: Tue, 14 Jul 2020 17:08:44 +0200
Subject: [PATCH 1/2] Prevent uninitialized $tmpPath when executing unlink().

---
 h5p.classes.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/h5p.classes.php b/h5p.classes.php
index a6104313..6e5164a2 100644
--- a/h5p.classes.php
+++ b/h5p.classes.php
@@ -752,6 +752,10 @@ public function __construct($H5PFramework, $H5PCore) {
    * TRUE if the .h5p file is valid
    */
   public function isValidPackage($skipContent = FALSE, $upgradeOnly = FALSE) {
+    // Create a temporary dir to extract package in.
+    $tmpDir = $this->h5pF->getUploadedH5pFolderPath();
+    $tmpPath = $this->h5pF->getUploadedH5pPath();
+
     // Check dependencies, make sure Zip is present
     if (!class_exists('ZipArchive')) {
       $this->h5pF->setErrorMessage($this->h5pF->t('Your PHP version does not support ZipArchive.'), 'zip-archive-unsupported');
@@ -764,10 +768,6 @@ public function isValidPackage($skipContent = FALSE, $upgradeOnly = FALSE) {
       return FALSE;
     }
 
-    // Create a temporary dir to extract package in.
-    $tmpDir = $this->h5pF->getUploadedH5pFolderPath();
-    $tmpPath = $this->h5pF->getUploadedH5pPath();
-
     // Only allow files with the .h5p extension:
     if (strtolower(substr($tmpPath, -3)) !== 'h5p') {
       $this->h5pF->setErrorMessage($this->h5pF->t('The file you uploaded is not a valid HTML5 Package (It does not have the .h5p file extension)'), 'missing-h5p-extension');

From f6931c26913a89e2eb095625eafa73a9937c98ec Mon Sep 17 00:00:00 2001
From: Tomasz Muras <tm@enovation.ie>
Date: Tue, 14 Jul 2020 17:14:51 +0200
Subject: [PATCH 2/2] Use correct variable instead of uninitialized $path.

---
 h5p.classes.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/h5p.classes.php b/h5p.classes.php
index 6e5164a2..7af439c7 100644
--- a/h5p.classes.php
+++ b/h5p.classes.php
@@ -911,7 +911,7 @@ public function isValidPackage($skipContent = FALSE, $upgradeOnly = FALSE) {
         // This is a breaking error, there's no need to continue. (the rest of the files will fail as well)
         $this->h5pF->setErrorMessage($this->h5pF->t('Unable to read file from the package: %fileName', array('%fileName' => $fileName)), 'unable-to-read-package-file');
         $zip->close();
-        unlink($path);
+        unlink($tmpPath);
         H5PCore::deleteFileTree($tmpDir);
         return FALSE;
       }