Updating libraries (automatically)
I noticed that you can upload h5p-files to moodle that may contain libraries with a newer version than the moodle system. It seems that the moodle plugin then automatically updates the corresponding libraries on the moodle system. Did I observe this correctly?
If yes, isn't that a security issue? Wouldn't that allow me to screw up other systems if someone uploads a rigged h5p file to his/her system ingenuously? I think it's a great idea that the h5p files contain everything that's necessary for using them, and maybe I just misconfigured something, but wouldn't it be wise to at least offer some options to choose from (beforehand) for handling that situation, e. g.
- update libraries automatically,
- ask if the libraries should be updated,
- temporarily use the newer library version from the h5p file for using this file only,
- or rigorously ignore libraries that are not installed on the system.