r39271 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r39270‎ \| r39271 \| r39272 >
Date:	03:12, 13 August 2008
Author:	dale
Status:	old
Tags:
Comment:	security updates, database refactoring to use mediaWiki db_wrappers, style updates, lazy loading of special pages
Modified paths:	/branches/MetavidWiki-exp/MetavidWiki/includes/MV_AutoCompleteCache.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/MV_EditStreamPage.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/MV_GlobalFunctions.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/MV_Hooks.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/MV_ImageGallery.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/MV_Index.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/MV_MagicWords.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/MV_MetavidInterface/MV_EditPageAjax.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/MV_MetavidInterface/MV_MetavidInterface.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/MV_MetavidInterface/MV_Overlay.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/MV_MetavidInterface/MV_PageHistoryAjax.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/MV_MetavidInterface/MV_SequencePlayer.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/MV_MetavidInterface/MV_SequenceTimeline.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/MV_MetavidInterface/MV_SequenceTools.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/MV_MetavidInterface/MV_StreamMeta.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/MV_MetavidInterface/MV_Tools.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/MV_MetavidInterface/MV_VideoPlayer.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/MV_Title.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/articlepages/MV_CategoryPage.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/articlepages/MV_SequencePage.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/specials/MV_SpecialCRUDStream.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/specials/MV_SpecialExport.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/specials/MV_SpecialListStreams.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/specials/MV_SpecialMVAdmin.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/includes/specials/MV_SpecialMediaSearch.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/maintenance/download_from_archive_org.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/maintenance/metavid2mvWiki.inc.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/maintenance/metavid_gov_templates.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/maintenance/mv_update.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/maintenance/ogg_thumb_insert.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/maintenance/scrape_and_insert.inc.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/skins/images/add.png (added) (history) /branches/MetavidWiki-exp/MetavidWiki/skins/mv_embed/cortado_iframe.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/skins/mv_embed/mv_data_proxy.php (modified) (history) /branches/MetavidWiki-exp/MetavidWiki/skins/mv_stream.js (modified) (history)

Diff [purge]

Index: branches/MetavidWiki-exp/MetavidWiki/maintenance/download_from_archive_org.php
—	—	@@ -6,7 +6,10 @@
7	7	define('MV_DOWNLOAD_DIR', '/metavid/video_archive/');
8	8	define('MV_ARCHIVE_ORG_DL', 'http://www.archive.org/download/mv_');
9	9
	10	+define('ARCHIVE_ORG_SKIP_LIST', '/metavid/ao_skip_list.txt');
10	11
	12	+define('MV_BASE_MEDIA_SERVER_PATH', 'http://mvbox2.cse.ucsc.edu/mvFlvServer.php/');
	13	+
11	14	//for gennerate flv metadata:
12	15	include_once('../skins/mv_embed/flvServer/MvFlv.php');
13	16
—	—	@@ -30,13 +33,49 @@
31	34	$sql = "SELECT * FROM `mv_streams` WHERE `name` ={$stream_name}";
32	35	}
33	36	$dbr = wfGetDB(DB_READ);
	37	+ $dbw = wfGetDB(DB_WRITE);
34	38	$result = $dbr->query($sql);
	39	+ $skip_list = unserialize(file_get_contents(ARCHIVE_ORG_SKIP_LIST));
35	40	while($stream = $dbr->fetchObject($result) ){
36	41	$local_fl = MV_DOWNLOAD_DIR . $stream->name.'.flv';
37	42	$remote_fl = MV_ARCHIVE_ORG_DL . $stream->name.'/'.$stream->name.'.flv';
	43	+
	44	+ if(is_file($local_fl). META_DATA_EXT && is_file($local_fl) ){
	45	+ //check db table for updated mv_flash_low_quality ref
	46	+ $sql = " SELECT * FROM `mv_stream_files` WHERE `stream_id`='".$stream->id."' " .
	47	+ " AND `file_desc_msg`='mv_flash_low_quality'";
	48	+ $resFcheck = $dbr->query($sql);
	49	+ if($dbr->numRows($resFcheck)==0){
	50	+ //grab duration from mv_ogg_low_quality
	51	+ $sql = " SELECT * FROM `mv_stream_files` WHERE `stream_id`='".$stream->id."' " .
	52	+ " AND `file_desc_msg`='mv_ogg_low_quality'";
	53	+ $rdur = $dbr->query($sql);
	54	+ $dur_val =0;
	55	+ if($dbr->numRows($rdur)){
	56	+ $ogg_file = $dbr->fetchObject($rdur);
	57	+ $dur_val = $ogg_file->duration;
	58	+ }
	59	+ $sql="INSERT INTO `mv_stream_files`
	60	+ (`id`,`base_offset`,`duration`,`file_desc_msg`,`path_type`,`path`)
	61	+ VALUES('',0,'{$dur_val}','mv_flash_low_quality','','".
	62	+ MV_BASE_MEDIA_SERVER_PATH . $stream->name .".flv');";
	63	+ print "insert {$stream->name}.flv\n";
	64	+ $dbw->query($sql);
	65	+ }else{
	66	+ $file = $dbr->fetchObject($resFcheck);
	67	+ $sql="UPDATE `mv_stream_files` WHERE `id` = '".$file->id."'
	68	+ SET `path`=".MV_BASE_MEDIA_SERVER_PATH . $stream->name .'.flv';
	69	+ print "update {$stream->name}.flv\n";
	70	+ $dbw->query($sql);
	71	+ }
	72	+ }
	73	+
38	74	//lets just skip local files for now and try to remove incomplete mannually
	75	+ if(isset($skip_list[$stream->name])){
	76	+ print "skipping:".$stream->name."\n";
	77	+ continue;
	78	+ }
39	79
40		-
41	80	//senate_proceeding_08-01-07/senate_proceeding_08-01-07.flv
42	81	//check local file size matches remote:
43	82	if(is_file($local_fl)){
—	—	@@ -50,18 +89,19 @@
51	90	echo ' sizes match: ' . hr_bytes(filesize($local_fl)) .'='.
52	91	hr_bytes(remotefsize($remote_fl))."\n";
53	92	}*/
54		~~- }else{~~
	93	+ }else{
55	94	//check if flash file exists:
56	95	//$sql ="SELECT * FROM `mv_stream_files` WHERE `stream_id`=" .$stream->id
57	96	//ao_file_flash_flv
58	97
59	98	if(remotefsize($remote_fl)<100000){
60	99	print "remote file: $remote_fl < 100k (skipping) \n";
	100	+ $skip_list[$stream->name]=true;
61	101	continue;
62	102	}
63	103	echo "DL it: $remote_fl \n";
64	104	if(curldownload($remote_fl, $local_fl)){
65		~~- echo 'succesfully grabed '.$remote_fl."\n";~~
	105	+ echo 'succesfully grabed '.$remote_fl."\n";
66	106	};
67	107	}
68	108	if(!is_file($local_fl). META_DATA_EXT){
—	—	@@ -75,6 +115,11 @@
76	116	$flv->getMetaData();
77	117	echo "done with .meta (" . filesize($local_fl.META_DATA_EXT).") \n";
78	118	}
	119	+ //add to skip list
	120	+ if(is_file($local_fl). META_DATA_EXT && is_file($local_fl) ){
	121	+ $skip_list[$stream->name]=true;
	122	+ }
	123	+ file_put_contents(ARCHIVE_ORG_SKIP_LIST,serialize($skip_list));
79	124	}
80	125
81	126	}
Index: branches/MetavidWiki-exp/MetavidWiki/maintenance/metavid_gov_templates.php
—	—	@@ -1,5 +1,5 @@
2	2	<?
3		-
	3	+require_once ('../../../maintenance/commandLine.inc');
4	4	function upTemplates($force=false){
5	5	/***************************************************
6	6	* Transcripts:
Index: branches/MetavidWiki-exp/MetavidWiki/maintenance/mv_update.php
—	—	@@ -113,7 +113,7 @@
114	114	$i=0;
115	115	}
116	116	$i++;
117		~~- $j++;~~
	117	+ $j++;
118	118	}
119	119	//now we can drop id and add PRIMARY to mv_page_id
120	120	print "DROP id COLUMN from $mvIndexTableName ...";
Index: branches/MetavidWiki-exp/MetavidWiki/maintenance/metavid2mvWiki.inc.php
—	—	@@ -13,7 +13,7 @@
14	14	/*
15	15	* Templates:
16	16	*/
17		-
	17	+require_once ('../../../maintenance/commandLine.inc');
18	18	//$i=0;
19	19	function do_stream_attr_check($old_stream) {
20	20	global $i;
—	—	@@ -233,7 +233,7 @@
234	234	if($mvStream->doesStreamExist()){
235	235	$dbr =& wfGetDB(DB_SLAVE);
236	236	//get all meta in range (up 10k)
237		~~- $mvd_res = MV_Index::getMVDInRange($mvStream->getStreamId(), null, null, 'Ht_en',false, 'Spoken_by', 'LIMIT 0, 10000');~~
	237	+ $mvd_res = MV_Index::getMVDInRange($mvStream->getStreamId(), null, null, 'Ht_en',false, 'Spoken_by', '10000');
238	238	if(count($dbr->numRows($mvd_res))!=0){
239	239	$prev_person ='';
240	240	$prev_st=$prev_et=0;
Index: branches/MetavidWiki-exp/MetavidWiki/maintenance/scrape_and_insert.inc.php
—	—	@@ -9,7 +9,7 @@
10	10	* @email dale@ucsc.edu
11	11	* @url http://metavid.ucsc.edu
12	12	*/
13		-
	13	+require_once ('../../../maintenance/commandLine.inc');
14	14	class MV_BillScraper extends MV_BaseScraper{
15	15	var $base_url = 'http://www.c-spanarchives.org/congress/';
16	16	var $base_query = '?q=node/69850';
Index: branches/MetavidWiki-exp/MetavidWiki/maintenance/ogg_thumb_insert.php
—	—	@@ -9,7 +9,7 @@
10	10	* @email dale@ucsc.edu
11	11	* @url http://metavid.ucsc.edu
12	12	*/
13		-
	13	+
14	14	$cur_path = $IP = dirname(__FILE__);
15	15	//include commandLine.inc from the mediaWiki maintance dir:
16	16	require_once ('../../../maintenance/commandLine.inc');
Index: branches/MetavidWiki-exp/MetavidWiki/includes/MV_Hooks.php
—	—	@@ -13,332 +13,329 @@
14	14	*/
15	15	if ( !defined( 'MEDIAWIKI' ) ) die( 1 );
16	16
17		- /*
18		~~- * This method will be called after an article is saved~~
19		~~- * to update the metavid data index~~
20		~~- */~~
21		~~- function mvSaveHook(&$article, &$user, &$text, &$summary, $minor, $watch, $sectionanchor, &$flags){~~
22		~~- global $mvgIP;~~
23		-
24		~~- //confirm we are in the metavid data Namespace (where data indexes are updated)~~
25		~~- if($article->mTitle->getNamespace()==MV_NS_MVD){~~
26		~~- MV_Index::update_index_page($article,$text);~~
27		~~- }~~
28		~~- return true; // always return true, in order not to stop MW's hook processing!~~
	17	+/*
	18	+* This method will be called after an article is saved
	19	+* to update the metavid data index
	20	+*/
	21	+ function mvSaveHook(&$article, &$user, &$text, &$summary, $minor, $watch, $sectionanchor, &$flags){
	22	+ global $mvgIP;
	23	+
	24	+ //confirm we are in the metavid data Namespace (where data indexes are updated)
	25	+ if($article->mTitle->getNamespace()==MV_NS_MVD){
	26	+ MV_Index::update_index_page($article,$text);
	27	+ }
	28	+ return true; // always return true, in order not to stop MW's hook processing!
	29	+ }
	30	+ /*
	31	+ * mvisValidMoveOperation
	32	+ */
	33	+ function mvisValidMoveOperation( &$new_title){
	34	+ $mvTitle = new MV_Title( $new_title->getDBkey() );
	35	+ if( $mvTitle->validRequestTitle() ){
	36	+ return true;
	37	+ }else{
	38	+ return 'mvMVDFormat';
29	39	}
30		- /*
31		~~- * mvisValidMoveOperation~~
32		~~- */~~
33		~~- function mvisValidMoveOperation( &$new_title){~~
34		~~- $mvTitle = new MV_Title( $new_title->getDBkey() );~~
35		~~- if( $mvTitle->validRequestTitle() ){~~
36		~~- return true;~~
37		~~- }else{~~
38		~~- return 'mvMVDFormat';~~
39		~~- }~~
40		~~- }~~
41		- /*
42		~~- * handles general parse and replace functions for sequences and internal embedding setup~~
43		- *
44		~~- * in sequence pages: replace <playlist> with sequence formatted <playlist>~~
45		~~- * all pages: replace [[Sequence:SeqName]] with embed formatted playlist from that seq page~~
46		~~- * replace [[MvStream:StreamName/ss:ss:ss/ee:ee:ee]] with clip segment~~
47		~~- */~~
48		~~- function mvParserAfterTidy(&$parser, &$text) {~~
49		~~- // find markers in $text~~
50		~~- // replace markers with actual output~~
51		~~- global $markerList;~~
52		~~- for ($i=0;$i<count($markerList);$i++)~~
53		~~- $text = preg_replace('/xx-marker'.$i.'-xx/',$markerList[$i],$text);~~
54		~~- return true;~~
	40	+ }
	41	+ /*
	42	+ * handles general parse and replace functions for sequences and internal embedding setup
	43	+ *
	44	+ * in sequence pages: replace <playlist> with sequence formatted <playlist>
	45	+ * all pages: replace [[Sequence:SeqName]] with embed formatted playlist from that seq page
	46	+ * replace [[MvStream:StreamName/ss:ss:ss/ee:ee:ee]] with clip segment
	47	+ */
	48	+ function mvParserAfterTidy(&$parser, &$text) {
	49	+ // find markers in $text
	50	+ // replace markers with actual output
	51	+ global $markerList;
	52	+ for ($i=0;$i<count($markerList);$i++)
	53	+ $text = preg_replace('/xx-marker'.$i.'-xx/',$markerList[$i],$text);
	54	+ return true;
	55	+}
	56	+//load the sequence page
	57	+function mvSeqTag(&$input, &$argv, &$parser){
	58	+ global $wgTitle;
	59	+ //print "cur title: " . $wgTitle->getDBkey() . ' ns: ' . $wgTitle->getNamespace();
	60	+ //check namespace (seq only show up via <tag> when in mvSequence namespace
	61	+ if( !$wgTitle instanceof Title ) {
	62	+ wfDebugLog( 'mvSeqTag', "wgTitle not instance of Title`" );
	63	+ return true;
55	64	}
56		~~- //load the sequence page~~
57		~~- function mvSeqTag(&$input, &$argv, &$parser){~~
58		~~- global $wgTitle;~~
59		~~- //print "cur title: " . $wgTitle->getDBkey() . ' ns: ' . $wgTitle->getNamespace();~~
60		~~- //check namespace (seq only show up via <tag> when in mvSequence namespace~~
61		~~- if( !$wgTitle instanceof Title ) {~~
62		~~- wfDebugLog( 'mvSeqTag', "wgTitle not instance of Title`" );~~
63		~~- return true;~~
64		~~- }~~
65		~~- if($wgTitle->getNamespace() == MV_NS_SEQUENCE ){~~
66		~~- $marker = MV_SequencePage::doSeqReplace($input, $argv, $parser);~~
67		~~- return $marker;~~
68		~~- }~~
69		~~- return true;~~
	65	+ if($wgTitle->getNamespace() == MV_NS_SEQUENCE ){
	66	+ $marker = MV_SequencePage::doSeqReplace($input, $argv, $parser);
	67	+ return $marker;
70	68	}
71		- /*
72		~~- * This method will be called whenever an article is moved so that~~
73		~~- * updates the time stamps when an article is moved~~
74		~~- */~~
75		~~- function mvMoveHook(&$old_title, &$new_title, &$user, $pageid, $redirid){~~
76		~~- global $mvgIP;~~
77		~~- //die;~~
78		~~- //confirm we are in the mvd Namespace & update the wiki_title~~
79		~~- if($old_title->getNamespace()==MV_NS_MVD){~~
80		~~- MV_Index::update_index_title($old_title->getDBkey() , $new_title->getDBkey());~~
81		~~- }~~
82		~~- return true;// always return true, in order not to stop MW's hook processing!~~
83		~~- }~~
84		- /*
85		~~- * This method will be called whenever an article is deleted so that~~
86		~~- * the metavid index is updated accordingly~~
87		~~- */~~
88		~~- function mvDeleteHook(&$article, &$user, &$reason) {~~
89		~~- global $mvgIP;~~
90		~~- //print 'mvDeleteHook'."\n";~~
91		~~- //only need to update the mvd index when in the mvd namespace:~~
92		~~- if($article->mTitle->getNamespace()==MV_NS_MVD){~~
93		~~- //remove article with that title:~~
94		~~- MV_Index::remove_by_wiki_title($article->mTitle->getDBkey());~~
95		~~- }else if($article->mTitle->getNamespace()==MV_NS_STREAM){~~
96		~~- MV_Index::remove_by_stream_id($article->mvTitle->mvStream->getStreamId());~~
97		~~- $article->mvTitle->mvStream->deleteDB();~~
98		~~- }~~
99		~~- return true; // always return true, in order not to stop MW's hook processing!~~
	69	+ return true;
	70	+}
	71	+ /*
	72	+ * This method will be called whenever an article is moved so that
	73	+ * updates the time stamps when an article is moved
	74	+ */
	75	+ function mvMoveHook(&$old_title, &$new_title, &$user, $pageid, $redirid){
	76	+ global $mvgIP;
	77	+ //die;
	78	+ //confirm we are in the mvd Namespace & update the wiki_title
	79	+ if($old_title->getNamespace()==MV_NS_MVD){
	80	+ MV_Index::update_index_title($old_title->getDBkey() , $new_title->getDBkey());
	81	+ }
	82	+ return true;// always return true, in order not to stop MW's hook processing!
	83	+ }
	84	+ /*
	85	+* This method will be called whenever an article is deleted so that
	86	+* the metavid index is updated accordingly
	87	+*/
	88	+function mvDeleteHook(&$article, &$user, &$reason) {
	89	+ global $mvgIP;
	90	+ //print 'mvDeleteHook'."\n";
	91	+ //only need to update the mvd index when in the mvd namespace:
	92	+ if($article->mTitle->getNamespace()==MV_NS_MVD){
	93	+ //remove article with that title:
	94	+ MV_Index::remove_by_wiki_title($article->mTitle->getDBkey());
	95	+ }else if($article->mTitle->getNamespace()==MV_NS_STREAM){
	96	+ MV_Index::remove_by_stream_id($article->mvTitle->mvStream->getStreamId());
	97	+ $article->mvTitle->mvStream->deleteDB();
100	98	}
101		~~- function mvCustomEditor(&$article, &$user){~~
102		~~- global $wgTitle, $wgRequest;~~
103		~~- switch($wgTitle->getNamespace()){~~
104		~~- case MV_NS_SEQUENCE:~~
105		~~- $MvInterface = new MV_MetavidInterface('edit_sequence', $article);~~
106		~~- $MvInterface->render_full();~~
107		~~- return false;~~
108		~~- break;~~
109		~~- case MV_NS_STREAM:~~
110		~~- $editor = new MV_EditStreamPage($article);~~
111		~~- $editor->edit();~~
112		~~- return false;~~
113		~~- break;~~
114		~~- case MV_NS_MVD:~~
115		~~- $editor = new MV_EditDataPage( $article );~~
116		~~- $editor->edit();~~
117		~~- return false;~~
118		~~- break;~~
119		~~- default:~~
120		~~- // continue proccessing (use default editor)~~
121		~~- return true;~~
122		~~- break;~~
123		~~- }~~
124		- /*
125		~~- //@@todo how will 'external' editors work?~~
126		~~- if( !$wgRequest->getVal( 'UseExternalEditor' ) \|\| $action=='submit' \|\| $internal \|\|~~
127		~~- $section \|\| $oldid \|\| ( !$user->getOption( 'externaleditor' ) && !$external ) ) {~~
128		~~- $editor = new MvEditSequence( $article );~~
129		~~- $editor->submit();~~
130		~~- } elseif( $wgRequest->getVal( 'UseExternalEditor' ) && ( $external \|\| $user->getOption( 'externaleditor' ) ) ) {~~
131		~~- $mode = $wgRequest->getVal( 'mode' );~~
132		~~- $extedit = new ExternalEdit( $article, $mode );~~
133		~~- $extedit->edit();~~
134		~~- }*/~~
135		-
136		~~- }~~
137		~~- /*function mvArticleViewOpts(&$out, &$sk){~~
138		-
	99	+ return true; // always return true, in order not to stop MW's hook processing!
	100	+}
	101	+function mvCustomEditor(&$article, &$user){
	102	+ global $wgTitle, $wgRequest;
	103	+ switch($wgTitle->getNamespace()){
	104	+ case MV_NS_SEQUENCE:
	105	+ $MvInterface = new MV_MetavidInterface('edit_sequence', $article);
	106	+ $MvInterface->render_full();
	107	+ return false;
	108	+ break;
	109	+ case MV_NS_STREAM:
	110	+ $editor = new MV_EditStreamPage($article);
	111	+ $editor->edit();
	112	+ return false;
	113	+ break;
	114	+ case MV_NS_MVD:
	115	+ $editor = new MV_EditDataPage( $article );
	116	+ $editor->edit();
	117	+ return false;
	118	+ break;
	119	+ default:
	120	+ // continue proccessing (use default editor)
	121	+ return true;
	122	+ break;
	123	+ }
	124	+ /*
	125	+ //@@todo how will 'external' editors work?
	126	+ if( !$wgRequest->getVal( 'UseExternalEditor' ) \|\| $action=='submit' \|\| $internal \|\|
	127	+ $section \|\| $oldid \|\| ( !$user->getOption( 'externaleditor' ) && !$external ) ) {
	128	+ $editor = new MvEditSequence( $article );
	129	+ $editor->submit();
	130	+ } elseif( $wgRequest->getVal( 'UseExternalEditor' ) && ( $external \|\| $user->getOption( 'externaleditor' ) ) ) {
	131	+ $mode = $wgRequest->getVal( 'mode' );
	132	+ $extedit = new ExternalEdit( $article, $mode );
	133	+ $extedit->edit();
139	134	}*/
140		- /*
141		~~- * mvDoMvPage handles the article rewriting~~
142		~~- * by processing the given title request/namespace~~
143		~~- */~~
144		~~- function mvDoMvPage (&$title, &$article, $doOutput=true){~~
145		~~- global $wgOut;~~
146		~~- if($title->getNamespace() == NS_CATEGORY){~~
147		~~- $article = new MV_CategoryPage($title);~~
148		~~- } elseif ($title->getNamespace() == MV_NS_SEQUENCE){~~
149		~~- $article = new MV_SequencePage($title);~~
150		~~- } elseif ($title->getNamespace() == MV_NS_STREAM){~~
151		~~- mvDoMetavidStreamPage($title, $article);~~
152		~~- } elseif ( $title->getNamespace() == MV_NS_MVD ) {~~
153		~~- $mvTitle = new MV_Title( $title->getDBkey() );~~
154		~~- //check if mvd type exist~~
155		~~- if( $mvTitle->validRequestTitle() ){~~
156		~~- //this page can be edited seen the MVD page:~~
157		~~- $article = new MV_DataPage($title, $mvTitle);~~
158		~~- //$title = 'Stream: ' . $mvTitle['type_marker'] . $mvTitle['stream_name'];~~
159		~~- //$body = 'body content';~~
160		~~- //mvOutputSpecialPage($title,$body);~~
161		~~- }else{~~
162		~~- //@@TODO get type of error: & put this in the language file~~
163		~~- //$title = 'missing type, stream missing, or not valid time format';~~
164		~~- if($doOutput)mvOutputSpecialPage(wfMsg('mvBadMVDtitle'), wfMsg('mvMVDFormat'));~~
165		~~- return false;~~
166		~~- }~~
	135	+
	136	+}
	137	+ /*
	138	+ * mvDoMvPage handles the article rewriting
	139	+ * by processing the given title request/namespace
	140	+ */
	141	+function mvDoMvPage (&$title, &$article, $doOutput=true){
	142	+ global $wgOut;
	143	+ if($title->getNamespace() == NS_CATEGORY){
	144	+ $article = new MV_CategoryPage($title);
	145	+ } elseif ($title->getNamespace() == MV_NS_SEQUENCE){
	146	+ $article = new MV_SequencePage($title);
	147	+ } elseif ($title->getNamespace() == MV_NS_STREAM){
	148	+ mvDoMetavidStreamPage($title, $article);
	149	+ } elseif ( $title->getNamespace() == MV_NS_MVD ) {
	150	+ $mvTitle = new MV_Title( $title->getDBkey() );
	151	+ //check if mvd type exist
	152	+ if( $mvTitle->validRequestTitle() ){
	153	+ //this page can be edited seen the MVD page:
	154	+ $article = new MV_DataPage($title, $mvTitle);
	155	+ //$title = 'Stream: ' . $mvTitle['type_marker'] . $mvTitle['stream_name'];
	156	+ //$body = 'body content';
	157	+ //mvOutputSpecialPage($title,$body);
	158	+ }else{
	159	+ //@@TODO get type of error: & put this in the language file
	160	+ //$title = 'missing type, stream missing, or not valid time format';
	161	+ if($doOutput)mvOutputSpecialPage(wfMsg('mvBadMVDtitle'), wfMsg('mvMVDFormat'));
	162	+ return false;
167	163	}
168		~~- return true;~~
169	164	}
170		~~- function mvCatHook(&$catArticle){~~
171		~~- global $mvgIP;~~
172		~~- $catArticle = new MV_CategoryPage($catArticle);~~
173		~~- return true;~~
174		~~- }~~
175		~~- function mvMissingStreamPage($missing_stream_name){~~
176		~~- $streamListTitle = Title::newFromText(wfMsg('mv_list_streams_page'), NS_SPECIAL);~~
177		~~- $streamAddTitle = Title::newFromText(wfMsg('mv_add_stream_page'), NS_SPECIAL);~~
	165	+ return true;
	166	+}
	167	+function mvCatHook(&$catArticle){
	168	+ global $mvgIP;
	169	+ $catArticle = new MV_CategoryPage($catArticle);
	170	+ return true;
	171	+}
	172	+function mvMissingStreamPage($missing_stream_name){
	173	+ $streamListTitle = Title::newFromText(wfMsg('mv_list_streams_page'), NS_SPECIAL);
	174	+ $streamAddTitle = Title::newFromText(wfMsg('mv_add_stream_page'), NS_SPECIAL);
	175	+
	176	+ $html = wfMsg('mv_missing_stream_text',
	177	+ $missing_stream_name,
	178	+ $streamListTitle->getFullURL(),
	179	+ $streamAddTitle->getFullURL() . '/'.$missing_stream_name
	180	+ );
	181	+ $title = wfMsg( 'mv_missing_stream' , $missing_stream_name);
178	182
179		~~- $html = wfMsg('mv_missing_stream_text',~~
180		~~- $missing_stream_name,~~
181		~~- $streamListTitle->getFullURL(),~~
182		~~- $streamAddTitle->getFullURL() . '/'.$missing_stream_name~~
183		~~- );~~
184		~~- $title = wfMsg( 'mv_missing_stream' , $missing_stream_name);~~
185		-
186		~~- mvOutputSpecialPage($title, $html );~~
	183	+ mvOutputSpecialPage($title, $html );
	184	+}
	185	+/* ajax Entry points:
	186	+ * as entered in global functions: $wgAjaxExportList[]
	187	+ *
	188	+ * @@todo we could probably do a cleaner abstraction for ajax calls
	189	+*/
	190	+function mv_add_disp($baseTitle, $mvdType, $time_range){
	191	+ $MV_Overlay = new MV_Overlay();
	192	+ return $MV_Overlay->get_add_disp(strtolower($baseTitle), $mvdType, $time_range);
	193	+}
	194	+function mv_disp_mvd($titleKey, $mvd_id){
	195	+ $MV_Overlay = new MV_Overlay();
	196	+ return $MV_Overlay->get_fd_mvd_request($titleKey, $mvd_id);
	197	+}
	198	+function mv_disp_remove_mvd($titleKey, $mvd_id){
	199	+ $MV_Overlay = new MV_Overlay();
	200	+ return $MV_Overlay->get_disp_remove_mvd($titleKey, $mvd_id);
	201	+}
	202	+function mv_remove_mvd(){
	203	+ $MV_Overlay = new MV_Overlay();
	204	+ return $MV_Overlay->do_remove_mvd($_REQUEST['title'], $_REQUEST['mvd_id']);
	205	+}
	206	+function mv_edit_disp($titleKey, $mvd_id){
	207	+ $MV_Overlay = new MV_Overlay();
	208	+ return $MV_Overlay->get_edit_disp($titleKey, $mvd_id);
	209	+}
	210	+/* genneral autocomplete */
	211	+function mv_helpers_auto_complete($val=null){
	212	+ global $mvMetaDataHelpers,$wgRequest;
	213	+ $property = $wgRequest->getVal('prop_name');
	214	+ switch($property){
	215	+ case 'smw_Speech_by':
	216	+ return MV_SpecialMediaSearch::auto_complete_person($val);
	217	+ break;
	218	+ case 'smw_Bill':
	219	+ return MV_SpecialMediaSearch::auto_complete_category('Bill', $val);
	220	+ break;
	221	+ case 'category':
	222	+ return MV_SpecialMediaSearch::auto_complete_search_categories($val);
	223	+ break;
187	224	}
188		~~- /* ajax Entry points:~~
189		~~- * as entered in global functions: $wgAjaxExportList[]~~
190		- *
191		~~- * @@todo we could probably do a cleaner abstraction for ajax calls~~
192		~~- */~~
193		~~- function mv_add_disp($baseTitle, $mvdType, $time_range){~~
194		~~- $MV_Overlay = new MV_Overlay();~~
195		~~- return $MV_Overlay->get_add_disp(strtolower($baseTitle), $mvdType, $time_range);~~
	225	+}
	226	+function mv_auto_complete_person($val=null){
	227	+ return MV_SpecialMediaSearch::auto_complete_person($val);
	228	+}
	229	+function mv_auto_complete_all($val=null){
	230	+ return MV_SpecialMediaSearch::auto_complete_all($val);
	231	+}
	232	+function mv_auto_complete_stream_name($val=null){
	233	+ return MV_SequenceTools::auto_complete_stream_name($val);
	234	+}
	235	+function mv_edit_sequence_submit(){
	236	+ $MV_SequenceTools = new MV_SequenceTools();
	237	+ return $MV_SequenceTools->do_edit_submit();
	238	+}
	239	+function mv_edit_submit(){
	240	+ global $wgOut, $wgRequest;
	241	+ //@@todo more input scrubbing value checks
	242	+ $title = $wgRequest->getVal('title');
	243	+ $mvd_id = $wgRequest->getVal('mvd_id');
	244	+ if($title=='' \|\| $mvd_id=='')
	245	+ return 'error missing title or id';
	246	+
	247	+ $MV_Overlay = new MV_Overlay();
	248	+ $do_adjust = $wgRequest->getVal('do_adjust');
	249	+ if($do_adjust=='true'){
	250	+ //first edit then move
	251	+ $outputMVD = $MV_Overlay->do_edit_submit($title, $mvd_id);
	252	+ //clear the wgOut var:
	253	+ $wgOut->clearHTML();
	254	+ //do move and display output page
	255	+ return $MV_Overlay->do_adjust_submit($wgRequest->getVal('titleKey'), $mvd_id, $wgRequest->getVal('newTitle'), $wgRequest->getVal('wgTitle'), $outputMVD);
	256	+ }else{
	257	+ return $MV_Overlay->do_edit_submit($_POST['title'], $_POST['mvd_id']);
196	258	}
197		~~- function mv_disp_mvd($titleKey, $mvd_id){~~
198		~~- $MV_Overlay = new MV_Overlay();~~
199		~~- return $MV_Overlay->get_fd_mvd_request($titleKey, $mvd_id);~~
	259	+}
	260	+function mv_history_disp($titleKey, $mvd_id){
	261	+ global $wgOut;
	262	+ $MV_Overlay = new MV_Overlay();
	263	+ return $MV_Overlay->get_history_disp($titleKey, $mvd_id);
	264	+}
	265	+/*function mv_adjust_disp($titleKey, $mvd_id){
	266	+ global $mvgIP;
	267	+ include_once($mvgIP . '/includes/MV_MetavidInterface/MV_Overlay.php');
	268	+ $MV_Overlay = new MV_Overlay();
	269	+ return $MV_Overlay->get_adjust_disp($titleKey, $mvd_id);
	270	+}*/
	271	+/*function mv_adjust_submit(){
	272	+ $MV_Overlay = new MV_Overlay();
	273	+ if(!isset($_POST['titleKey']) \|\| !isset($_POST['newTitle']))
	274	+ return 'error: missing titleKey or newTitle';
	275	+ return $MV_Overlay->do_adjust_submit($_POST['titleKey'], $_POST['newTitle']);
	276	+}*/
	277	+function mv_seqtool_disp($tool_id){
	278	+ $MV_SequenceTools = new MV_SequenceTools();
	279	+ return $MV_SequenceTools->get_tool_html($tool_id);
	280	+}
	281	+function mv_tool_disp($tool_id, $ns='', $title_str=''){
	282	+ $MV_Tools = new MV_Tools();
	283	+ return $MV_Tools->get_tool_html($tool_id, $ns, $title_str);
	284	+}
	285	+function mv_expand_wt($mvd_id){
	286	+ global $wgRequest;
	287	+ $search_terms = explode('\|',$wgRequest->getVal('st'));
	288	+ $mvSearch = new MV_SpecialMediaSearch();
	289	+ return $mvSearch->expand_wt($mvd_id, $search_terms);
	290	+}
	291	+function mv_pl_wt($mvd_id){
	292	+ global $wgRequest;
	293	+ $mvd = MV_Index::getMVDbyId($mvd_id);
	294	+ $mvTitle = new MV_Title($mvd->wiki_title);
	295	+ return $mvTitle->getEmbedVideoHtml('vid_'.$mvd_id, $wgRequest->getVal('size'), '', true);
	296	+}
	297	+function mv_date_obj(){
	298	+ //returns the date object for existing stream set
	299	+ //@@todo this is very cacheable since it only changes when a streams change date or a new stream is added.
	300	+ return MV_SpecialMediaSearch::getJsonDateObj();
	301	+}
	302	+function mv_frame_server($stream_name='',$req_time='', $req_size=''){
	303	+ global $wgRequest;
	304	+ $stream_id='';
	305	+ //try loading vals from $wgRequest if not set
	306	+ $stream_name=($stream_name=='')?$wgRequest->getVal('stream_name'):$stream_name;
	307	+ if($stream_name==null)$stream_id=$wgRequest->getVal('stream_id');
	308	+ $req_time=($req_time=='')?$wgRequest->getVal('t'):$req_time;
	309	+ $req_size=($req_size=='')?$wgRequest->getVal('size'):$req_size;
	310	+ $redirect_req=($wgRequest->getVal('redirect')=='true')?true:false;
	311	+
	312	+ if($stream_id==''){
	313	+ $mvStream = mvGetMVStream($stream_name);
	314	+ $stream_id=$mvStream->getStreamId();
	315	+ }else{
	316	+ $mvStream = new MV_Stream(array('id'=>$stream_id));
200	317	}
201		~~- function mv_disp_remove_mvd($titleKey, $mvd_id){~~
202		~~- $MV_Overlay = new MV_Overlay();~~
203		~~- return $MV_Overlay->get_disp_remove_mvd($titleKey, $mvd_id);~~
204		~~- }~~
205		~~- function mv_remove_mvd(){~~
206		~~- $MV_Overlay = new MV_Overlay();~~
207		~~- return $MV_Overlay->do_remove_mvd($_REQUEST['title'], $_REQUEST['mvd_id']);~~
208		~~- }~~
209		~~- function mv_edit_disp($titleKey, $mvd_id){~~
210		~~- $MV_Overlay = new MV_Overlay();~~
211		~~- return $MV_Overlay->get_edit_disp($titleKey, $mvd_id);~~
212		~~- }~~
213		~~- /* genneral autocomplete */~~
214		~~- function mv_helpers_auto_complete($val=null){~~
215		~~- global $mvMetaDataHelpers,$wgRequest;~~
216		~~- $property = $wgRequest->getVal('prop_name');~~
217		~~- switch($property){~~
218		~~- case 'smw_Speech_by':~~
219		~~- return MV_SpecialMediaSearch::auto_complete_person($val);~~
220		~~- break;~~
221		~~- case 'smw_Bill':~~
222		~~- return MV_SpecialMediaSearch::auto_complete_category('Bill', $val);~~
223		~~- break;~~
224		~~- case 'category':~~
225		~~- return MV_SpecialMediaSearch::auto_complete_search_categories($val);~~
226		~~- break;~~
	318	+
	319	+ if($mvStream->db_load_stream()){
	320	+ global $mvServeImageRedirect, $mvExternalImages;
	321	+ if($mvServeImageRedirect \|\| $redirect_req \|\| $mvExternalImages){
	322	+ header("Location:" . MV_StreamImage::getStreamImageURL($stream_id, $req_time, $req_size, true));
	323	+ }else{
	324	+ //serve up the image directly
	325	+ MV_StreamImage::getStreamImageRaw($stream_id, $req_time, $req_size, true);
227	326	}
	327	+ exit();
	328	+ }else{
	329	+ return 'error: invalid stream name';
228	330	}
229		~~- function mv_auto_complete_person($val=null){~~
230		~~- return MV_SpecialMediaSearch::auto_complete_person($val);~~
231		~~- }~~
232		~~- function mv_auto_complete_all($val=null){~~
233		~~- return MV_SpecialMediaSearch::auto_complete_all($val);~~
234		~~- }~~
235		~~- function mv_auto_complete_stream_name($val=null){~~
236		~~- return MV_SequenceTools::auto_complete_stream_name($val);~~
237		~~- }~~
238		~~- function mv_edit_sequence_submit(){~~
239		~~- $MV_SequenceTools = new MV_SequenceTools();~~
240		~~- return $MV_SequenceTools->do_edit_submit();~~
241		~~- }~~
242		~~- function mv_edit_submit(){~~
243		~~- global $wgOut, $wgRequest;~~
244		~~- //@@todo more input scrubbing value checks~~
245		~~- $title = $wgRequest->getVal('title');~~
246		~~- $mvd_id = $wgRequest->getVal('mvd_id');~~
247		~~- if($title=='' \|\| $mvd_id=='')~~
248		~~- return 'error missing title or id';~~
249		-
250		~~- $MV_Overlay = new MV_Overlay();~~
251		~~- $do_adjust = $wgRequest->getVal('do_adjust');~~
252		~~- if($do_adjust=='true'){~~
253		~~- //first edit then move~~
254		~~- $outputMVD = $MV_Overlay->do_edit_submit($title, $mvd_id);~~
255		~~- //clear the wgOut var:~~
256		~~- $wgOut->clearHTML();~~
257		~~- //do move and display output page~~
258		~~- return $MV_Overlay->do_adjust_submit($wgRequest->getVal('titleKey'), $mvd_id, $wgRequest->getVal('newTitle'), $wgRequest->getVal('wgTitle'), $outputMVD);~~
259		~~- }else{~~
260		~~- return $MV_Overlay->do_edit_submit($_POST['title'], $_POST['mvd_id']);~~
261		~~- }~~
262		~~- }~~
263		~~- function mv_history_disp($titleKey, $mvd_id){~~
264		~~- global $wgOut;~~
265		~~- $MV_Overlay = new MV_Overlay();~~
266		~~- return $MV_Overlay->get_history_disp($titleKey, $mvd_id);~~
267		~~- }~~
268		~~- /*function mv_adjust_disp($titleKey, $mvd_id){~~
269		~~- global $mvgIP;~~
270		~~- include_once($mvgIP . '/includes/MV_MetavidInterface/MV_Overlay.php');~~
271		~~- $MV_Overlay = new MV_Overlay();~~
272		~~- return $MV_Overlay->get_adjust_disp($titleKey, $mvd_id);~~
273		~~- }*/~~
274		~~- /*function mv_adjust_submit(){~~
275		~~- $MV_Overlay = new MV_Overlay();~~
276		~~- if(!isset($_POST['titleKey']) \|\| !isset($_POST['newTitle']))~~
277		~~- return 'error: missing titleKey or newTitle';~~
278		~~- return $MV_Overlay->do_adjust_submit($_POST['titleKey'], $_POST['newTitle']);~~
279		~~- }*/~~
280		~~- function mv_seqtool_disp($tool_id){~~
281		~~- $MV_SequenceTools = new MV_SequenceTools();~~
282		~~- return $MV_SequenceTools->get_tool_html($tool_id);~~
283		~~- }~~
284		~~- function mv_tool_disp($tool_id, $ns='', $title_str=''){~~
285		~~- $MV_Tools = new MV_Tools();~~
286		~~- return $MV_Tools->get_tool_html($tool_id, $ns, $title_str);~~
287		~~- }~~
288		~~- function mv_expand_wt($mvd_id){~~
289		~~- global $wgRequest;~~
290		~~- $search_terms = explode('\|',$wgRequest->getVal('st'));~~
291		~~- $mvSearch = new MV_SpecialMediaSearch();~~
292		~~- return $mvSearch->expand_wt($mvd_id, $search_terms);~~
293		~~- }~~
294		~~- function mv_pl_wt($mvd_id){~~
295		~~- global $wgRequest;~~
296		~~- $mvd = MV_Index::getMVDbyId($mvd_id);~~
297		~~- $mvTitle = new MV_Title($mvd->wiki_title);~~
298		~~- return $mvTitle->getEmbedVideoHtml('vid_'.$mvd_id, $wgRequest->getVal('size'), '', true);~~
299		~~- }~~
300		~~- function mv_date_obj(){~~
301		~~- //returns the date object for existing stream set~~
302		~~- //@@todo this is very cacheable since it only changes when a streams change date or a new stream is added.~~
303		~~- return MV_SpecialMediaSearch::getJsonDateObj();~~
304		~~- }~~
305		~~- function mv_frame_server($stream_name='',$req_time='', $req_size=''){~~
306		~~- global $wgRequest;~~
307		~~- $stream_id='';~~
308		~~- //try loading vals from $wgRequest if not set~~
309		~~- $stream_name=($stream_name=='')?$wgRequest->getVal('stream_name'):$stream_name;~~
310		~~- if($stream_name==null)$stream_id=$wgRequest->getVal('stream_id');~~
311		~~- $req_time=($req_time=='')?$wgRequest->getVal('t'):$req_time;~~
312		~~- $req_size=($req_size=='')?$wgRequest->getVal('size'):$req_size;~~
313		~~- $redirect_req=($wgRequest->getVal('redirect')=='true')?true:false;~~
314		-
315		~~- if($stream_id==''){~~
316		~~- $mvStream = mvGetMVStream($stream_name);~~
317		~~- $stream_id=$mvStream->getStreamId();~~
318		~~- }else{~~
319		~~- $mvStream = new MV_Stream(array('id'=>$stream_id));~~
320		~~- }~~
321		-
322		~~- if($mvStream->db_load_stream()){~~
323		~~- global $mvServeImageRedirect, $mvExternalImages;~~
324		~~- if($mvServeImageRedirect \|\| $redirect_req \|\| $mvExternalImages){~~
325		~~- header("Location:" . MV_StreamImage::getStreamImageURL($stream_id, $req_time, $req_size, true));~~
326		~~- }else{~~
327		~~- //serve up the image directly~~
328		~~- MV_StreamImage::getStreamImageRaw($stream_id, $req_time, $req_size, true);~~
329		~~- }~~
330		~~- exit();~~
331		~~- }else{~~
332		~~- return 'error: invalid stream name';~~
333		~~- }~~
334		~~- }~~
335		~~- /*function mv_edit_preview(){~~
336		~~- global $mvgIP;~~
337		~~- include_once($mvgIP . '/includes/MV_MetavidInterface/MV_Overlay.php');~~
338		~~- if(!isset($_POST['title']) \|\| !isset($_POST['mvd_id']))~~
339		~~- return 'error missing title or id';~~
340		~~- $MV_Overlay = new MV_Overlay();~~
341		~~- return $MV_Overlay->edit_preview_form_html($_POST['title'], $_POST['mvd_id']);~~
342		~~- }*/~~
	331	+}
	332	+/*function mv_edit_preview(){
	333	+ global $mvgIP;
	334	+ include_once($mvgIP . '/includes/MV_MetavidInterface/MV_Overlay.php');
	335	+ if(!isset($_POST['title']) \|\| !isset($_POST['mvd_id']))
	336	+ return 'error missing title or id';
	337	+ $MV_Overlay = new MV_Overlay();
	338	+ return $MV_Overlay->edit_preview_form_html($_POST['title'], $_POST['mvd_id']);
	339	+}*/
343	340
344	341
345	342	?>
Index: branches/MetavidWiki-exp/MetavidWiki/includes/MV_MetavidInterface/MV_SequenceTools.php
—	—	@@ -94,7 +94,7 @@
95	95	list($iw, $ih) = explode('x',$mvDefaultSearchVideoPlaybackRes);
96	96	$wgOut->addHTML('<h3>'.wfMsg('mv_add_clip_by_name').':</h3>' .
97	97	'<form id="mv_add_to_seq_form" action="">' .
98		~~- '<div id="mv_seq_manual_embed" style="display:none;position:relative;border:solid thin black;width:'.$iw.'px;height:'.$ih.'px;"> </div><br />'.~~
	98	+ '<div id="mv_seq_manual_embed" style="display:none;position:relative;border:solid thin black;width:'.htmlspecialchars($iw).'px;height:'.htmlspecialchars($ih).'px;"> </div><br />'.
99	99	wfMsg('mv_label_stream_name') . ': <input id="mv_add_stream_name" name="mv_add_stream_name" ' .
100	100	' size="25" maxlength="65" ' .
101	101	'value="">');
—	—	@@ -150,9 +150,9 @@
151	151	}
152	152	function render_menu(){
153	153	return
154		~~- '<a title="'.wfMsg('mv_sequence_page_desc').'" href="javascript:mv_seqtool_disp(\'sequence_page\')">'.wfMsg('mv_save_sequence').'</a>' .~~
155		~~- ' \| ' . '<a title="'.wfMsg('mv_sequence_add_manual_desc').'" href="javascript:mv_seqtool_disp(\'add_clips_manual\')">'.wfMsg('mv_sequence_add_manual').'</a>' .~~
156		~~- ' \| ' . '<a title="'.wfMsg('mv_sequence_add_search_desc').'" href="javascript:mv_seqtool_disp(\'add_clips_search\')">'.wfMsg('mv_sequence_add_search').'</a>' ;~~
	154	+ '<a title="'.htmlspecialchars(wfMsg('mv_sequence_page_desc')).'" href="javascript:mv_seqtool_disp(\'sequence_page\')">'.wfMsg('mv_save_sequence').'</a>' .
	155	+ ' \| ' . '<a title="'.htmlspecialchars(wfMsg('mv_sequence_add_manual_desc')).'" href="javascript:mv_seqtool_disp(\'add_clips_manual\')">'.wfMsg('mv_sequence_add_manual').'</a>' .
	156	+ ' \| ' . '<a title="'.htmlspecialchars(wfMsg('mv_sequence_add_search_desc')).'" href="javascript:mv_seqtool_disp(\'add_clips_search\')">'.wfMsg('mv_sequence_add_search').'</a>' ;
157	157	}
158	158	}
159	159	?>
Index: branches/MetavidWiki-exp/MetavidWiki/includes/MV_MetavidInterface/MV_MetavidInterface.php
—	—	@@ -81,17 +81,17 @@
82	82	$this->components['MV_Overlay']->procMVDReqSet();
83	83	//add in title & tracks var:
84	84	global $mvgScriptPath;
85		~~- $wgOut->addScript('<script type="text/javascript">/<![CDATA[/'."~~
86		~~- var mvTitle = '{$this->article->mvTitle->getWikiTitle()}';~~
87		~~- var mvTracks = '".$this->components['MV_Overlay']->getMVDReqString(). "';~~
88		~~- var mvgScriptPath = '".$mvgScriptPath."';~~
89		~~- /]]>/</script>\n");~~
	85	+ $wgOut->addScript('<script type="text/javascript">/<![CDATA[/'.'
	86	+ var mvTitle = \''.htmlspecialchars($this->article->mvTitle->getWikiTitle()).'\';
	87	+ var mvTracks = \''.htmlspecialchars($this->components['MV_Overlay']->getMVDReqString()). '\';
	88	+ var mvgScriptPath = \''.htmlspecialchars($mvgScriptPath).'\';
	89	+ /]]>/</script>\n');
90	90
91	91	//also add prev next paging
92	92	$this->page_header ='<h1 class="videoHeader">'.
93	93	$this->article->mvTitle->getStreamNameText().' :: '.
94	94	$this->components['MV_Tools']->stream_paging_links('prev') .
95		~~- ' <span title="'.wfMsg('mv_click_to_edit').'" id="mv_stream_time">'.$this->article->mvTitle->getTimeDesc($span_separated=true) . '</span>'.~~
	95	+ ' <span title="'.htmlspecialchars(wfMsg('mv_click_to_edit')).'" id="mv_stream_time">'.$this->article->mvTitle->getTimeDesc($span_separated=true) . '</span>'.
96	96	$this->components['MV_Tools']->stream_paging_links('next') .
97	97	wfMsg('mv_of') . seconds2ntp($this->article->mvTitle->getDuration()) .
98	98	'</h1>';
—	—	@@ -101,9 +101,9 @@
102	102	$sTitle = Title::makeTitle(NS_SPECIAL, 'MvExportStream');
103	103	$sk = $wgUser->getSkin();
104	104	$this->page_header.= $sk->makeKnownLinkObj($sTitle,
105		~~- '<img style="width:28px;height:28px;" src="'.$mvgScriptPath . '/skins/images/Feed-icon_cmml_28x28.png">',~~
106		~~- 'feed_format=roe&stream_name='.$this->article->mvTitle->getStreamName().'&t='.$this->article->mvTitle->getTimeRequest(),~~
107		~~- '','','title="'.wfMsg('mv_export_cmml').'"');~~
	105	+ '<img style="width:28px;height:28px;" src="'.htmlspecialchars($mvgScriptPath) . '/skins/images/Feed-icon_cmml_28x28.png">',
	106	+ 'feed_format=roe&stream_name='.htmlspecialchars($this->article->mvTitle->getStreamName()).'&t='.htmlspecialchars($this->article->mvTitle->getTimeRequest()),
	107	+ '','','title="'.htmlspecialchars(wfMsg('mv_export_cmml')).'"');
108	108	$this->page_header.='</span>';
109	109	$this->page_title = $this->article->mvTitle->getStreamNameText().' '.$this->article->mvTitle->getTimeDesc();
110	110	}
—	—	@@ -135,7 +135,7 @@
136	136	$wgOut->setHTMLTitle($this->page_title);
137	137
138	138	if($this->page_header=='')$this->page_header = '<span style="position:relative;top:-12px;font-weight:bold">' .
139		~~- $this->page_title . '</span>';~~
	139	+ htmlspecialchars($this->page_title) . '</span>';
140	140	$wgOut->addHTML($this->page_header);
141	141
142	142	//@@todo dynamic re-size page_spacer:
Index: branches/MetavidWiki-exp/MetavidWiki/includes/MV_MetavidInterface/MV_SequenceTimeline.php
—	—	@@ -9,9 +9,7 @@
10	10	* @email dale@ucsc.edu
11	11	* @url http://metavid.ucsc.edu
12	12	*/
13		~~- if ( !defined( 'MEDIAWIKI' ) ) die( 1 );~~
14		~~- //make sure the parent class mv_component is included~~
15		-
	13	+ if ( !defined( 'MEDIAWIKI' ) ) die( 1 );
16	14	class MV_SequenceTimeline extends MV_Component{
17	15	function render_menu(){
18	16	return wfMsg('mv_sequence_timeline');
Index: branches/MetavidWiki-exp/MetavidWiki/includes/MV_MetavidInterface/MV_Tools.php
—	—	@@ -92,7 +92,7 @@
93	93	case 'search':
94	94	$title = Title::newFromText($title_str, MV_NS_STREAM);
95	95	//render search box
96		~~- $this->innerHTML = '<h3>Search Stream: '. $title_str . '</h3>';~~
	96	+ $this->innerHTML = '<h3>Search Stream: '. htmlspecialchars($title_str) . '</h3>';
97	97	$MvSearch = new MV_SpecialMediaSearch();
98	98	$MvSearch->setupFilters('stream', array('stream_name'=>$title->getDBkey() ));
99	99	$this->innerHTML.= $MvSearch->dynamicSearchControl();
—	—	@@ -150,7 +150,7 @@
151	151	if($prev_time_end < $mvDefaultStreamViewLength)$prev_time_end =$mvDefaultStreamViewLength;
152	152	$newTitle = Title::MakeTitle(MV_NS_STREAM, $mvTitle->getStreamName().'/'.seconds2ntp($prev_time_start).'/'.seconds2ntp($prev_time_end));
153	153	$prev_link = $sk->makeKnownLinkObj($newTitle,
154		~~- '<img style="index:5" border="0" src="'.$mvgScriptPath.'/skins/images/results_previous.png">',~~
	154	+ '<img style="index:5" border="0" src="'.htmlspecialchars($mvgScriptPath).'/skins/images/results_previous.png">',
155	155	$this->getStateReq() );
156	156	}
157	157	}
—	—	@@ -163,7 +163,7 @@
164	164	if($next_time_end > $mvTitle->getDuration())$next_time_end=$mvTitle->getDuration();
165	165	$newTitle =Title::MakeTitle(MV_NS_STREAM, $mvTitle->getStreamName().'/'.seconds2ntp($next_time_start).'/'.seconds2ntp($next_time_end));
166	166	$next_link= $sk->makeKnownLinkObj($newTitle,
167		~~- '<img style="index:5" border="0" src="'.$mvgScriptPath.'/skins/images/results_next.png">',~~
	167	+ '<img style="index:5" border="0" src="'.htmlspecialchars($mvgScriptPath).'/skins/images/results_next.png">',
168	168	$this->getStateReq() );
169	169	}
170	170	}
—	—	@@ -180,7 +180,8 @@
181	181	$out='';
182	182	$heading=wfMsg('mv_stream_tool_heading') . ':';
183	183	$out.='<ul>';
184		~~- foreach($this->mv_valid_tools as $tool_id){~~
	184	+ foreach($this->mv_valid_tools as $tool_id){
	185	+ $tool_id = htmlspecialchars($tool_id);
185	186	$out.='<li><a title="'.wfMsg('mv_tool_'.$tool_id.'_title').
186	187	'" href="javascript:mv_tool_disp(\''.$tool_id.'\')">' .
187	188	wfMsg('mv_tool_'.$tool_id) . '</li>'."\n";
—	—	@@ -195,18 +196,19 @@
196	197	//grab the current track set:
197	198	$this->procMVDReqSet();
198	199	foreach($mvMVDTypeAllAvailable as $type_key){
	200	+ $type_key = htmlspecialchars($type_key);
199	201	//@@todo use something better than "title" for type_key description
200	202	$checked = (in_array($type_key, $this->mvd_tracks))?' checked':'';
201	203	$out.='<input type="checkbox" name="option_'.$type_key.'" id="option_'.$type_key.'" value="'.$type_key.'" '.$checked.'/> '.
202	204	'<a class="mv_mang_layers" id="a_'.$type_key.'" title="'.wfMsg($type_key.'_desc').'" href="#">'.wfMsg($type_key).'</a><br />';
203	205	}
204		~~- $out.='<input id="submit_mang_layers" type="submit" value="'.wfMsg('mv_update_layers').'">';~~
	206	+ $out.='<input id="submit_mang_layers" type="submit" value="'.htmlspecialchars(wfMsg('mv_update_layers')).'">';
205	207	return $out;
206	208	}
207	209	function get_nav_page($stream_title){
208	210	global $mvgIP;
209	211	//output sliders for stream navigation:
210		~~- $out = '<h3>'.wfMsg('mv_tool_navigate').' '.ucfirst($stream_title).'</h3>';~~
	212	+ $out = '<h3>'.wfMsg('mv_tool_navigate').' '.htmlspecialchars(ucfirst($stream_title)).'</h3>';
211	213	//normalize stream title:
212	214	$stream_title = str_replace(' ', '_', strtolower($stream_title));
213	215
—	—	@@ -221,7 +223,7 @@
222	224	$out.= $MvOverlay->get_adjust_disp($titleKey, 'nav');
223	225	$out.='<input type="button" id="mv_go_nav" value="Go">';
224	226	//set range:
225		~~- $this->js_eval = "var end_time = {$duration};";~~
	227	+ $this->js_eval = 'var end_time = \''.htmlspecialchars($duration).'\';';
226	228	return $out;
227	229	}
228	230	function get_export_page($stream_title){
—	—	@@ -247,7 +249,7 @@
248	250	$width+=2;
249	251	$height+=30;
250	252	$top = $height+30+12;
251		~~- return "style=\"top:{$top}px;width:{$width}px;\"";~~
	253	+ return 'style="top:'.htmlspecialchars($top).'px;width:'.htmlspecialchars($width).'px;"';
252	254	}
253	255	}
254	256	}
Index: branches/MetavidWiki-exp/MetavidWiki/includes/MV_MetavidInterface/MV_Overlay.php
—	—	@@ -67,8 +67,8 @@
68	68	$base_title = $this->mv_interface->article->mvTitle->getStreamName();
69	69	}
70	70	//'<a title="'.wfMsg('mv_search_stream_title').'" href="javascript:mv_tool_disp(\'search\')">'.wfMsg('mv_search_stream').'</a>'
71		~~- return '<a title="'.wfMsg('mv_mang_layers_title').'" href="javascript:mv_tool_disp(\'mang_layers\')">'.wfMsg('mv_mang_layers').'</a>' .~~
72		~~- ' \| ' . '<a title="'.wfMsg('mv_new_ht_en').'" href="javascript:mv_disp_add_mvd(\'ht_en\')">'.wfMsg('mv_new_ht_en').'</a>' .~~
	71	+ return '<a title="'.htmlspecialchars(wfMsg('mv_mang_layers_title')).'" href="javascript:mv_tool_disp(\'mang_layers\')">'.wfMsg('mv_mang_layers').'</a>' .
	72	+ ' \| ' . '<a title="'.htmlspecialchars(wfMsg('mv_new_ht_en')).'" href="javascript:mv_disp_add_mvd(\'ht_en\')">'.wfMsg('mv_new_ht_en').'</a>' .
73	73	' \| ' . '<a href="javascript:mv_disp_add_mvd(\'anno_en\')">'.wfMsg('mv_new_anno_en').'</a>';
74	74	}
75	75	/* output caption div links */
—	—	@@ -122,7 +122,7 @@
123	123
124	124	$out='';
125	125	if(count($this->mvd_pages)==0){
126		~~- $out= 'no mvd rows found';~~
	126	+ $out= 'no mvd rows found';
127	127	}else{
128	128	foreach($this->mvd_pages as $mvd_id => $mvd_page){
129	129	$this->get_fd_mvd_page($mvd_page);
—	—	@@ -140,8 +140,9 @@
141	141	$img_url = MV_StreamImage::getStreamImageURL($mvd_page->stream_id, $mvd_page->start_time, 'medium', true);
142	142	}
143	143	//style=\"background:#".$this->getMvdBgColor($mvd_page)."\" "
144		~~- $wgOut->addHTML("<fieldset class=\"mv_fd_mvd\" id=\"mv_fd_mvd_{$mvd_page->id}\" name=\"{$mvd_page->wiki_title}\" " .~~
145		~~- "image_url=\"{$img_url}\" >" );~~
	144	+ $wgOut->addHTML('<fieldset class="mv_fd_mvd" id="mv_fd_mvd_'.htmlspecialchars($mvd_page->id).'" '.
	145	+ 'name="'.htmlspecialchars($mvd_page->wiki_title).'" ' .
	146	+ 'image_url="'.htmlspecialchars($img_url).'" >' );
146	147
147	148	/*$wgOut->addHTML("<legend id=\"mv_ld_{$mvd_page->id}\">" .
148	149	$this->get_mvd_menu($mvd_page) .
—	—	@@ -291,10 +292,11 @@
292	293	if(is_object($mvdTile))$template_key = $mvdTile->getMvdTypeKey();
293	294	//$wgOut->addHTML('looking at: ' . strtolower($template_key));
294	295
295		~~- //slow... don't use templates.. just hard code here:~~
	296	+
296	297	$img_float ='';
297	298	switch(strtolower($template_key)){
298	299	case 'ht_en':
	300	+ //slow... don't use templates.. just hard code here:
299	301	/*$smwStore =& smwfGetStore();
300	302	$title = $mvdTile->getMwTitle();
301	303	//print "Title: ".$title->getDBKey() . "\n";
—	—	@@ -305,8 +307,6 @@
306	308	$pimg = mv_get_person_img($smwProps['Spoken_By'].'.jpg');
307	309	$img_float='<img src="'.$pimg.'">';
308	310	}*/
309		-
310		-
311	311	global $wgParser, $wgUser, $wgContLang;
312	312	$templetTitle = Title::makeTitle(NS_TEMPLATE, $template_key );
313	313	if($templetTitle->exists()){
—	—	@@ -314,15 +314,21 @@
315	315	$template_wiki_text = '{{'.$template_key."\|\n";
316	316
317	317	//@@todo lookup with attributes
318		~~- if(isset($smw_attr['Spoken By'])){~~
319		~~- $template_wiki_text.= '\|PersonName='.$smw_attr['Spoken By']."\n";~~
	318	+ if(isset($smw_attr['spoken_by'])){
	319	+ $template_wiki_text.= '\|PersonName='.$smw_attr['spoken_by']."\n";
320	320	}
321	321	$template_wiki_text.='\|BodyText='.$text."\n".
322	322	'}}';
323	323	$text = $template_wiki_text;
324	324	}
325	325	break;
326		~~- case 'anno_en':~~
	326	+ case 'anno_en':
	327	+ $text='';
	328	+ //format anno_en:
	329	+ $smw_attr = $this->get_and_strip_semantic_tags($text);
	330	+ if(isset($smw_attr['speech_by'])){
	331	+ $text.=wfMsg('mv_speech_by').$smw_attr['speech_by'];
	332	+ }
327	333	break;
328	334	default:
329	335	break;
—	—	@@ -394,7 +400,7 @@
395	401	$out='';
396	402	//set up links:
397	403	$plink = '';
398		~~- $elink = '<a title="'.wfMsg('mv_edit_adjust_title').'" href="javascript:mv_edit_disp(\''.$mvd_page->wiki_title.'\', \''.$mvd_page->id.'\')">'.wfMsg('mv_edit').'</a>';~~
	404	+ $elink = '<a title="'.htmlspecialchars(wfMsg('mv_edit_adjust_title')).'" href="javascript:mv_edit_disp(\''.htmlspecialchars($mvd_page->wiki_title).'\', \''.htmlspecialchars($mvd_page->id).'\')">'.wfMsg('mv_edit').'</a>';
399	405	//$alink = '<a title="'.wfMsg('mv_adjust_title').'" href="javascript:mv_adjust_disp(\''.$mvd_page->wiki_title.'\', \''.$mvd_page->id.'\')">'.wfMsg('mv_adjust').'</a>';
400	406
401	407	//print "wiki title: " . $mvd_page->wiki_title;
—	—	@@ -405,17 +411,17 @@
406	412	$dlink = $sk->makeKnownLinkObj($dTitle, wfMsg('talk') );
407	413
408	414	//{s:\''.seconds2ntp($mvd_page->start_time).'\',e:\''.seconds2ntp($mvd_page->end_time).'\'}
409		~~- $plink='<a title="'.wfMsg('mv_play').' '.seconds2ntp($mvd_page->start_time) . ' to ' . seconds2ntp($mvd_page->end_time).' " ' .~~
	415	+ $plink='<a title="'.htmlspecialchars(wfMsg('mv_play').' '.seconds2ntp($mvd_page->start_time) . ' to ' . seconds2ntp($mvd_page->end_time)).' " ' .
410	416	'style="text-decoration:none;" ' .
411		~~- 'href="javascript:mv_do_play('.$mvd_page->id.');">' .~~
412		~~- '<span style="width:44px"><img src="'.$mvgScriptPath.'/skins/images/control_play_blue.png"></span>'.~~
413		~~- seconds2ntp($mvd_page->start_time) . ' to ' . seconds2ntp($mvd_page->end_time).'</a>';~~
	417	+ 'href="javascript:mv_do_play('.htmlspecialchars($mvd_page->id).');">' .
	418	+ '<span style="width:44px"><img src="'.htmlspecialchars($mvgScriptPath).'/skins/images/control_play_blue.png"></span>'.
	419	+ htmlspecialchars(seconds2ntp($mvd_page->start_time) . ' to ' . seconds2ntp($mvd_page->end_time)).'</a>';
414	420
415	421	//@@TODO set up conditional display: (view source if not logged on, protect, remove if given permission)
416	422	$out.=$plink;
417	423	$out.="- $elink - $hlink - $dlink ";
418	424	if($wgUser->isAllowed('mv_delete_mvd')){
419		~~- $rlink = '<a title="'.wfMsg('mv_remove_title').'" href="javascript:mv_disp_remove_mvd(\''.$mvd_page->wiki_title.'\', \''.$mvd_page->id.'\')">'.wfMsg('mv_remove').'</a>';~~
	425	+ $rlink = '<a title="'.htmlspecialchars(wfMsg('mv_remove_title')).'" href="javascript:mv_disp_remove_mvd(\''.htmlspecialchars($mvd_page->wiki_title).'\', \''.htmlspecialchars($mvd_page->id).'\')">'.wfMsg('mv_remove').'</a>';
420	426	$out.=' - ' . $rlink;
421	427	}
422	428	return $out;
—	—	@@ -446,7 +452,11 @@
447	453	$semanticLinkPattern = '(\[\[(([^:][^]]):[=\|:])+((?:[^\|\[\]]\|\[\[[^]]\]\]\|\[[^]]\]))(\\|([^]]*))?\]\])';
448	454	$mv_smw_tag_arry = array();
449	455	$text = preg_replace_callback($semanticLinkPattern, 'mvParsePropertiesCallback',$text);
450		~~- return $mv_smw_tag_arry;~~
	456	+ $ret_ary = array();
	457	+ foreach($mv_smw_tag_arry as $k=>$v){
	458	+ $ret_ary[strtolower(str_replace(' ','_',$k))]=$v;
	459	+ }
	460	+ return $ret_ary;
451	461	}
452	462	/*
453	463	* @@todo in the future dataHelpers could accommodate more.. (but lets avoid recreating the halo semantic mediaWiki extension).).
—	—	@@ -462,11 +472,11 @@
463	473	$metaData=array('prop'=>array(), 'categories'=>array());
464	474	//just get msg and basic div layout: \
465	475	//css layout of forms was F*@#!!! withing me for some reason so yay table :P
466		~~- $o.='<span class="mv_basic_edit"><a href="#" onClick="mv_mvd_advs_toggle('.$mvd_id.');return false;">'.wfMsg('mv_advanced_edit').'</a></span>~~
467		~~- <span style="display:none" class="mv_advanced_edit"><a href="#" onClick="mv_mvd_advs_toggle('.$mvd_id.');return false;">'.wfMsg('mv_basic_edit').'</a></span>';~~
	476	+ $o.='<span class="mv_basic_edit"><a href="#" onClick="mv_mvd_advs_toggle('.htmlspecialchars($mvd_id).');return false;">'.wfMsg('mv_advanced_edit').'</a></span>
	477	+ <span style="display:none" class="mv_advanced_edit"><a href="#" onClick="mv_mvd_advs_toggle('.htmlspecialchars($mvd_id).');return false;">'.wfMsg('mv_basic_edit').'</a></span>';
468	478
469		~~- $o.='<input type="hidden" id="adv_basic_'.$mvd_id.'" name="adv_basic" value="basic">';~~
470		~~- $o.='<table class="mv_basic_edit mv_dataHelpers" id="mv_dataHelpers_'.$mvd_id.'">';~~
	479	+ $o.='<input type="hidden" id="adv_basic_'.htmlspecialchars($mvd_id).'" name="adv_basic" value="basic">';
	480	+ $o.='<table class="mv_basic_edit mv_dataHelpers" id="mv_dataHelpers_'.htmlspecialchars($mvd_id).'">';
471	481	if(isset($mvMetaDataHelpers[strtolower($mvd_type)])){
472	482	//get existing metadata
473	483	if($mvd_id!='new' && $mvd_id!='seq'){
—	—	@@ -489,29 +499,32 @@
490	500	$swmTitle = Title::newFromText((string)$prop, SMW_NS_PROPERTY);
491	501	$smwImageHTML='';
492	502	if($swmTitle->exists()){
493		~~- $help_img =$sk->makeKnownLinkObj($swmTitle, '<img src="'.$mvgScriptPath.'/skins/images/help_icon.png">');~~
	503	+ $help_img =$sk->makeKnownLinkObj($swmTitle, '<img src="'.htmlspecialchars($mvgScriptPath).'/skins/images/help_icon.png">');
494	504	//special case for person image: (would be good to generalize but kind of complicated)
495	505	if($swmTitle->getText()=='Speech_by'){
496	506	$img = mv_get_person_img($val);
497		~~- $smwImageHTML="<img id=\"smw_{$prop}_img\" style=\"display: block;margin-left: auto;margin-right: auto;\" src=\"{$img->getURL()}\" width=\"44\">";~~
	507	+ $smwImageHTML='<img id="smw_'.htmlspecialchars($prop).'_img" style="display: block;margin-left: auto;margin-right: auto;" src="'.htmlspecialchars($img->getURL()).'" width=\"44\">';
498	508	}
499	509
500		~~- $o.= "<tr><td><label>".$swmTitle->getText().$help_img.":</label></td><td>{$smwImageHTML}<input class=\"mv_anno_ac_{$mvd_id}\" size=\"40\" name=\"smw_{$prop}\" type=\"text\" value=\"$val\">~~
501		~~- <div class=\"autocomplete\" id=\"smw_{$prop}_choices_{$mvd_id}\" style=\"display: none;\"/>~~
502		~~- </td></tr>";~~
	510	+ $o.= "<tr><td><label>".htmlspecialchars($swmTitle->getText()).$help_img.
	511	+ ':</label></td><td>'.$smwImageHTML.'<input class="mv_anno_ac_'.htmlspecialchars($mvd_id).'" '.
	512	+ 'size="40" name="smw_'.htmlspecialchars($prop).'" type="text" value="'.htmlspecialchars($val).'"> '.
	513	+ '<div class="autocomplete" id="smw_'.htmlspecialchars($prop).'_choices_'.htmlspecialchars($mvd_id).'" style="display: none;"/>
	514	+ </td></tr>';
503	515	}else{
504	516	print '<span class="error">Error:</span>'.$sk->makeKnownLinkObj($swmTitle, $swmTitle->getText()) . ' does not exist<br>' ;
505	517	}
506	518	}
507		-
	519	+ $mvgScriptPath = htmlspecialchars($mvgScriptPath);
	520	+ $mvd_id = htmlspecialchars($mvd_id);
508	521	if($mvMetaCategoryHelper){
509	522	//list each category with a little - next to it that removes its respective hidden field.
510	523	$i=0;
511	524	$o.='<tr><td>'.wfMsg('mv_existing_categories').'</td><td>';
512		~~- $o.='<div id="mv_ext_cat_container_'.$mvd_id.'"></div>';~~
	525	+ $o.='<div id="mv_ext_cat_container_'.htmlspecialchars($mvd_id).'"></div>';
513	526	foreach($metaData['categories'] as $cat=>$page){
514	527	$catTitle = Title::newFromText($cat, NS_CATEGORY);
515		~~- $o.='<span id="ext_cat_'.$i.'"><input value="'. $catTitle->getDBKey().'" type="hidden" style="display:none;" name="ext_cat[]" class="mv_ext_cat">'.~~
	528	+ $o.='<span id="ext_cat_'.htmlspecialchars($i).'"><input value="'. $catTitle->getDBKey().'" type="hidden" style="display:none;" name="ext_cat_'.$i.'" class="mv_ext_cat">'.
516	529	$catTitle->getText().
517	530	'<a href="#" onclick="$j(\'#ext_cat_'.$i.'\').fadeOut(\'fast\').remove();return false;">
518	531	<img border="0" src="'.$mvgScriptPath.'/skins/images/delete.png">
—	—	@@ -519,18 +532,17 @@
520	533	</span><br>';
521	534	$i++;
522	535	}
523		~~- $o.='</tr>';~~
	536	+ $o.='</tr>';
524	537	$o.= "<tr><td><label for=\"category\">".wfMsg('mv_add_category').":</label></td><td><input id=\"mv_add_cat_ext_{$mvd_id}\" maxlength=\"255\" size=\"20\" class=\"mv_anno_ac_{$mvd_id}\" name=\"category\" type=\"text\">
525		~~- <img onClick=\"mv_add_category('{$mvd_id}', \$j('#mv_add_cat_ext_{$mvd_id}').val())\" border=\"0\" src=\"{$mvgScriptPath}/skins/images/add.png\">~~
	538	+ <img onClick=\"mv_add_category('{$mvd_id}', \$j('#mv_add_cat_ext_{$mvd_id}').val());\$j('#mv_add_cat_ext_{$mvd_id}').val('');\" border=\"0\" src=\"{$mvgScriptPath}/skins/images/add.png\">
526	539	<div class=\"autocomplete\" id=\"category_choices_{$mvd_id}\" style=\"display: none;\"/></td></tr>";
527	540	}
528	541	//output a short desc field (the text with striped semantic values)...
529	542	$o.='<tr><td>'.wfMsg("mv_basic_text_desc").'</td></td><textarea name="basic_wpTextbox" rows="2" cols="40">';
530		~~- if(isset($metaData['striped_text']))$o.=$metaData['striped_text'];~~
531		~~- $o.='</textarea></td></tr>';~~
532		-
	543	+ if(isset($metaData['striped_text']))
	544	+ $o.=htmlspecialchars($metaData['striped_text']);
	545	+ $o.='</textarea></td></tr>';
533	546	}
534		~~- //foreach($mvMetaDataHelpers[~~
535	547	$o.='</table>';
536	548	return $o;
537	549	}
—	—	@@ -554,7 +566,9 @@
555	567
556	568	/*
557	569	* @@todo move some of this to CSS
558		~~- */~~
	570	+ */
	571	+ $mvd_id = htmlspecialchars( $mvd_id );
	572	+ $mvgScriptPath = htmlspecialchars( $mvgScriptPath );
559	573	$out.= '
560	574	<span id="mv_adjust_msg_'.$mvd_id.'"></span>
561	575	<table style="background:transparent;position:relative" width="94%" border="0"><tr><td width="40">
—	—	@@ -584,11 +598,11 @@
585	599	<br />';
586	600
587	601	$out.='<span style="float:left;"><label class="mv_css_form" for="mv_start_hr_'.$mvd_id.'"><i>'.wfMsg('mv_start_desc').':</i></label> ' .
588		~~- '<input class="mv_adj_hr" size="8" maxlength="8" value="'.$start_time.'" id="mv_start_hr_'.$mvd_id.'" name="mv_start_hr_'.$mvd_id.'">' .~~
	602	+ '<input class="mv_adj_hr" size="8" maxlength="8" value="'.htmlspecialchars($start_time).'" id="mv_start_hr_'.$mvd_id.'" name="mv_start_hr_'.$mvd_id.'">' .
589	603	'</span>';
590	604
591	605	$out.='<span style="float:left;"><label class="mv_css_form" for="mv_end_hr_'.$mvd_id.'"><i>'.wfMsg('mv_end_desc').':</i></label> ' .
592		~~- '<input class="mv_adj_hr" size="8" maxlength="8" value="'.$end_time.'" id="mv_end_hr_'.$mvd_id.'" name="mv_end_hr_'.$mvd_id.'">' .~~
	606	+ '<input class="mv_adj_hr" size="8" maxlength="8" value="'.htmlspecialchars($end_time).'" id="mv_end_hr_'.$mvd_id.'" name="mv_end_hr_'.$mvd_id.'">' .
593	607	'</span>';
594	608
595	609	//output page text (if not "new")
—	—	@@ -658,8 +672,10 @@
659	673	}
660	674	//add all categorizations:
661	675	$catNStxt = $wgContLang->getNsText(NS_CATEGORY);
662		~~- foreach($_POST['ext_cat'] as $k=>$v){~~
663		~~- $wpTextbox1.="\n\n[[".$catNStxt.":".$v."]]";~~
	676	+ foreach($_POST as $k=>$v){
	677	+ if(strpos($k, 'ext_cat_')!==false){
	678	+ $wpTextbox1.="\n[[".$catNStxt.":".$v."]]";
	679	+ }
664	680	}
665	681	//add the text to the end after a line break to not confuse mannual editors
666	682	$editPageAjax = new MV_EditPageAjax( $Article);
—	—	@@ -872,7 +888,7 @@
873	889
874	890	//add custom data helpers if editing annotative layer:
875	891	if($mvd_type=='anno_en'){
876		~~- $customPreEditHtml.=$this->get_dataHelpers($titleKey, $mvd_id);~~
	892	+ $editPageAjax->setBasicHtml($this->get_dataHelpers($titleKey, $mvd_id));
877	893	//don't display "advanced" edit
878	894	$editPageAjax->display_advanced_edit='none';
879	895	}
—	—	@@ -931,7 +947,7 @@
932	948	$width+=2;
933	949	$height+=30;
934	950	$left = $width+10+30;
935		~~- return "style=\"left:{$left}px;\"";~~
	951	+ return 'style=\"left:'.htmlspecialchars($left).'px;"';
936	952	}
937	953	}
938	954	}
Index: branches/MetavidWiki-exp/MetavidWiki/includes/MV_MetavidInterface/MV_PageHistoryAjax.php
—	—	@@ -9,7 +9,7 @@
10	10	* @email dale@ucsc.edu
11	11	* @url http://metavid.ucsc.edu
12	12	*/
13		~~-class MV_PageHistoryAjax extends PageHistory{~~
14		-
	13	+ if ( !defined( 'MEDIAWIKI' ) ) die( 1 );
	14	+class MV_PageHistoryAjax extends PageHistory{
15	15	}
16	16	?>
Index: branches/MetavidWiki-exp/MetavidWiki/includes/MV_MetavidInterface/MV_StreamMeta.php
—	—	@@ -9,6 +9,7 @@
10	10	* @email dale@ucsc.edu
11	11	* @url http://metavid.ucsc.edu
12	12	*/
	13	+ if ( !defined( 'MEDIAWIKI' ) ) die( 1 );
13	14	class MV_StreamMeta extends MV_Component{
14	15	function getHTML(){
15	16	global $wgOut;
Index: branches/MetavidWiki-exp/MetavidWiki/includes/MV_MetavidInterface/MV_VideoPlayer.php
—	—	@@ -8,7 +8,7 @@
9	9	/*
10	10	* stores all the html for the video player and its associated ajax functions
11	11	*/
12		~~- if ( !defined( 'MEDIAWIKI' ) ) die( 1 );~~
	12	+if ( !defined( 'MEDIAWIKI' ) ) die( 1 );
13	13	class MV_VideoPlayer extends MV_Component{
14	14	var $name = 'MV_VideoPlayer';
15	15	function getHTML(){
Index: branches/MetavidWiki-exp/MetavidWiki/includes/MV_MetavidInterface/MV_SequencePlayer.php
—	—	@@ -34,7 +34,7 @@
35	35	$wgOut->addHTML(''.
36	36	'<div style="position:absolute;width:320px;height:270px;" id="mv_video_container">'.
37	37	//'<div style="display:none;" id="mv_inline_pl_txt">'.$article->getSequenceText().'</div>'.
38		~~- '<div style="display:none;" id="mv_pl_url">'.$title_url.'</div>'.~~
	38	+ '<div style="display:none;" id="mv_pl_url">'.htmlspecialchars($title_url).'</div>'.
39	39	'</div>' ."\n");
40	40	}
41	41	}
Index: branches/MetavidWiki-exp/MetavidWiki/includes/MV_MetavidInterface/MV_EditPageAjax.php
—	—	@@ -20,6 +20,7 @@
21	21
22	22	class MV_EditPageAjax extends EditPage{
23	23	var $adj_html='';
	24	+ var $basic_html='';
24	25
25	26	function __construct( $article ) {
26	27	$this->mArticle =& $article;
—	—	@@ -73,23 +74,23 @@
74	75
75	76	//add in adjust html if present:
76	77	$wgOut->addHTML($this->adj_html);
77		-
	78	+
78	79	//structure layout via tables (@@todo switch to class based css layout)
79	80	$wgOut->addHTML('<table style="background: transparent;" width="100%"><tr><td valign="top" width="90">');
80	81	//output the person selector:
81		~~- if (!isset ($semantic_data['Spoken By']))$semantic_data['Spoken By'] = '';~~
82		~~- $img = mv_get_person_img($semantic_data['Spoken By']);~~
83		~~- $wgOut->addHTML("<img id=\"mv_edit_im_{$this->mvd_id}\" style=\"display: block;margin-left: auto;margin-right: auto;\" src=\"{$img->getURL()}\" width=\"44\">");~~
	82	+ if (!isset ($semantic_data['spoken_by']))$semantic_data['spoken_by'] = '';
	83	+ $img = mv_get_person_img($semantic_data['spoken_by']);
	84	+ $wgOut->addHTML('<img id=\"mv_edit_im_'.htmlspecialchars($this->mvd_id).'" style="display: block;margin-left: auto;margin-right: auto;" src="'.htmlspecialchars($img->getURL()).'" width="44">');
84	85	$wgOut->addHTML('<input style="font-size:x-small"
85		~~- value="'.$semantic_data['Spoken By'].'"~~
	86	+ value="'.htmlspecialchars($semantic_data['spoken_by']).'"
86	87	name="smw_Spoken_By"
87	88	onClick="this.value=\'\';"
88		~~- type="text" id="auto_comp_'.$this->mvd_id.'" size="12"~~
	89	+ type="text" id="auto_comp_'.htmlspecialchars($this->mvd_id).'" size="12"
89	90	maxlength="125" autocomplete="off"/>');
90	91	//only add one auto_comp_choices_ per object/request pass
91	92	if(!isset($this->auto_comp_choices)){
92	93	$this->auto_comp_choices = true;
93		~~- $wgOut->addHTML('<div id="auto_comp_choices_'.$this->mvd_id.'" class="autocomplete"></div>');~~
	94	+ $wgOut->addHTML('<div id="auto_comp_choices_'.htmlspecialchars($this->mvd_id).'" class="autocomplete"></div>');
94	95	}
95	96	//add container formatting for MV_Overlay
96	97	$wgOut->addHTML('</td>' .
—	—	@@ -333,7 +334,9 @@
334	335	$this->showDeletionLog( $wgOut );
335	336	}
336	337	}
337		-
	338	+ function setBasicHtml($basic_html){
	339	+ $this->basic_html = $basic_html;
	340	+ }
338	341	function setAdjustHtml($adj_html){
339	342	$this->adj_html = $adj_html;
340	343	}
—	—	@@ -522,10 +525,24 @@
523	526
524	527	#need to parse the preview early so that we know which templates are used,
525	528	#otherwise users with "show preview after edit box" will get a blank list
	529	+
526	530	if ( $this->formtype == 'preview' ) {
527	531	$previewOutput = $this->getPreviewText();
528	532	}
529	533
	534	+ if ( $wgUser->getOption( 'previewontop' ) ) {
	535	+
	536	+ if ( 'preview' == $this->formtype ) {
	537	+ $this->showPreview( $previewOutput );
	538	+ } else {
	539	+ $wgOut->addHTML( '<div id="wikiPreview_'.htmlspecialchars($this->mvd_id).'"></div>' );
	540	+ }
	541	+
	542	+ if ( 'diff' == $this->formtype ) {
	543	+ $this->showDiff();
	544	+ }
	545	+ }
	546	+ $wgOut->addHTML($this->basic_html);
530	547	$wgOut->addHTML('<div style="display:inline" class="mv_advanced_edit"><br>');
531	548
532	549	//$rows = $wgUser->getIntOption( 'rows' );
—	—	@@ -595,21 +612,8 @@
596	613	if( $wgUser->getOption( 'minordefault' ) ) $this->minoredit = true;
597	614	}
598	615
599		~~- $wgOut->addHTML( $this->editFormPageTop );~~
	616	+ $wgOut->addHTML( $this->editFormPageTop );
600	617
601		~~- if ( $wgUser->getOption( 'previewontop' ) ) {~~
602		-
603		~~- if ( 'preview' == $this->formtype ) {~~
604		~~- $this->showPreview( $previewOutput );~~
605		~~- } else {~~
606		~~- $wgOut->addHTML( '<div id="wikiPreview_'.$this->mvd_id.'"></div>' );~~
607		~~- }~~
608		-
609		~~- if ( 'diff' == $this->formtype ) {~~
610		~~- $this->showDiff();~~
611		~~- }~~
612		~~- }~~
613		-
614	618	$wgOut->addHTML( $this->editFormTextTop );
615	619
616	620	# if this is a comment, show a subject line at the top, which is also the edit summary.
Index: branches/MetavidWiki-exp/MetavidWiki/includes/MV_AutoCompleteCache.php
—	—	@@ -9,7 +9,6 @@
10	10	* @email dale@ucsc.edu
11	11	* @url http://metavid.ucsc.edu
12	12	*/
13		~~- //@@todo populate this stub (use to store auto-complete stuff for a bit)~~
14	13	class MV_AutoCompleteCache{
15	14	}
16	15	?>
Index: branches/MetavidWiki-exp/MetavidWiki/includes/MV_GlobalFunctions.php
—	—	@@ -21,39 +21,9 @@
22	22	if ( !function_exists( 'extAddSpecialPage' ) ) {
23	23	require_once( dirname(__FILE__) . '/../ExtensionFunctions.php' );
24	24	}
25		-
	25	+//add language:
26	26	$wgExtensionMessagesFiles['MetavidWiki'] =$mvgIP . '/languages/MV_Messages.php';
27	27	require_once($mvgIP . '/languages/MV_Language.php');
28		-
29		-
30		~~-//setup autoload classes:~~
31		~~-$wgAutoloadClasses['MV_Overlay'] = dirname(__FILE__) . '/MV_MetavidInterface/MV_Overlay.php';~~
32		~~-$wgAutoloadClasses['MV_Component'] = dirname(__FILE__) . '/MV_MetavidInterface/MV_Component.php';~~
33		-
34		~~-$wgAutoloadClasses['MV_MetavidInterface']= dirname(__FILE__) .'/MV_MetavidInterface/MV_MetavidInterface.php';~~
35		~~-$wgAutoloadClasses['MV_SequencePlayer']= dirname(__FILE__) .'/MV_MetavidInterface/MV_SequencePlayer.php';~~
36		~~-$wgAutoloadClasses['MV_SequenceTools']= dirname(__FILE__) .'/MV_MetavidInterface/MV_SequenceTools.php';~~
37		~~-$wgAutoloadClasses['MV_SequenceTimeline']= dirname(__FILE__) .'/MV_MetavidInterface/MV_SequenceTimeline.php';~~
38		~~-$wgAutoloadClasses['MV_VideoPlayer']= dirname(__FILE__) .'/MV_MetavidInterface/MV_VideoPlayer.php';~~
39		~~-$wgAutoloadClasses['MV_Tools']= dirname(__FILE__) .'/MV_MetavidInterface/MV_Tools.php';~~
40		~~-$wgAutoloadClasses['MV_EditPageAjax'] = dirname(__FILE__) .'/MV_MetavidInterface/MV_EditPageAjax.php';~~
41		-
42		~~-$wgAutoloadClasses['MV_CategoryPage']= dirname(__FILE__) .'/articlepages/MV_CategoryPage.php';~~
43		~~-$wgAutoloadClasses['MV_SequencePage'] = dirname(__FILE__) .'/articlepages/MV_SequencePage.php';~~
44		~~-$wgAutoloadClasses['MV_StreamPage'] = dirname(__FILE__) .'/articlepages/MV_StreamPage.php';~~
45		~~-$wgAutoloadClasses['MV_EditDataPage'] = $wgAutoloadClasses['MV_DataPage'] = dirname(__FILE__) . '/articlepages/MV_DataPage.php';~~
46		~~-$wgAutoloadClasses['MV_EditStreamPage']=dirname(__FILE__) .'/MV_EditStreamPage.php';~~
47		-
48		-
49		~~-$wgAutoloadClasses['MV_Title'] = dirname(__FILE__) . '/MV_Title.php';~~
50		~~-$wgAutoloadClasses['MV_Index'] = dirname(__FILE__) . '/MV_Index.php';~~
51		~~-$wgAutoloadClasses['MV_ImageGallery']=dirname(__FILE__) . '/MV_ImageGallery.php';~~
52		~~-$wgAutoloadClasses['MV_Image'] = dirname(__FILE__) . '/MV_Image.php';~~
53		~~-$wgAutoloadClasses['MV_Stream'] = dirname(__FILE__) .'/MV_Stream.php';~~
54		~~-$wgAutoloadClasses['MV_StreamFile']=dirname(__FILE__) . '/MV_StreamFile.php';~~
55		~~-$wgAutoloadClasses['MV_StreamImage'] = dirname(__FILE__) . '/MV_StreamImage.php';~~
56		~~-$wgAutoloadClasses['MV_ParserCache'] = dirname(__FILE__) . '/MV_ParserCache.php';~~
57		~~-$wgAutoloadClasses['MV_MagicWords'] = dirname(__FILE__) . '/MV_MagicWords.php';~~
58	28
59	29	$markerList = array();
60	30
—	—	@@ -70,32 +40,121 @@
71	41	$smwgNamespacesWithSemanticLinks[MV_NS_SEQUENCE] = true;
72	42	$smwgNamespacesWithSemanticLinks[MV_NS_SEQUENCE_TALK] = false;
73	43	$smwgNamespacesWithSemanticLinks[MV_NS_MVD] = true;
74		~~- $smwgNamespacesWithSemanticLinks[MV_NS_MVD_TALK] = false;~~
	44	+ $smwgNamespacesWithSemanticLinks[MV_NS_MVD_TALK] = false;
	45	+
75	46	return true;
76	47	}
77	48	function mvSetupExtension(){
78	49	global $mvVersion, $mvNamespace, $mvgIP, $wgHooks, $wgExtensionCredits, $mvMasterStore,
79	50	$wgParser, $mvArticlePath, $mvgScriptPath, $wgServer, $wgExtensionFunctions,$markerList,
80		~~- $mvEnableAutoComplete, $mvEnableJSLinkBack, $mvEnableJSMVDrewrite;~~
	51	+ $mvEnableAutoComplete, $mvEnableJSLinkBack, $mvEnableJSMVDrewrite, $wgAutoloadClasses, $wgSpecialPages;
81	52
82	53
83	54	mvfInitMessages();
84	55	//add header for autoComplete if enabled:
85	56	if($mvEnableAutoComplete \|\| $mvEnableJSLinkBack \|\| $mvEnableJSMVDrewrite ){
86	57	mvfAutoAllPageHeader();
87		~~- }~~
	58	+ }
88	59
	60	+ /********************************
	61	+ * Ajax Hooks
	62	+ *********************************/
	63	+ $wgAjaxExportList[] = 'mv_auto_complete_all';
	64	+ $wgAjaxExportList[] = 'mv_auto_complete_person';
	65	+ $wgAjaxExportList[] = 'mv_auto_complete_stream_name';
	66	+ $wgAjaxExportList[] = 'mv_helpers_auto_complete';
	67	+
	68	+ $wgAjaxExportList[] = 'mv_disp_mvd';
	69	+
	70	+ $wgAjaxExportList[] = 'mv_add_disp';
	71	+ $wgAjaxExportList[] = 'mv_remove_mvd';
	72	+ $wgAjaxExportList[] = 'mv_disp_remove_mvd';
	73	+
	74	+ $wgAjaxExportList[] = 'mv_edit_disp';
	75	+ $wgAjaxExportList[] = 'mv_edit_preview';
	76	+ $wgAjaxExportList[] = 'mv_edit_submit';
	77	+ $wgAjaxExportList[] = 'mv_edit_sequence_submit';
	78	+ $wgAjaxExportList[] = 'mv_seqtool_disp';
	79	+
	80	+ $wgAjaxExportList[] = 'mv_history_disp';
	81	+ $wgAjaxExportList[] = 'mv_adjust_disp';
	82	+ $wgAjaxExportList[] = 'mv_adjust_submit';
	83	+
	84	+ //search interface exported functions:
	85	+ $wgAjaxExportList[] = 'mv_expand_wt';
	86	+ $wgAjaxExportList[] = 'mv_pl_wt';
	87	+ $wgAjaxExportList[] = 'mv_submit_remove';
	88	+ $wgAjaxExportList[] = 'mv_tool_disp';
	89	+ $wgAjaxExportList[] = 'mv_date_obj';
	90	+
	91	+ //media serving
	92	+ $wgAjaxExportList[] = 'mv_frame_server';
	93	+
89	94	/**********************************************/
	95	+ /*** register autoLoad Classes: ***/
	96	+ /**********************************************/
	97	+ //setup autoload classes:
	98	+ $wgAutoloadClasses['MV_Overlay'] = dirname(__FILE__) . '/MV_MetavidInterface/MV_Overlay.php';
	99	+ $wgAutoloadClasses['MV_Component'] = dirname(__FILE__) . '/MV_MetavidInterface/MV_Component.php';
	100	+
	101	+ $wgAutoloadClasses['MV_MetavidInterface'] = dirname(__FILE__) .'/MV_MetavidInterface/MV_MetavidInterface.php';
	102	+ $wgAutoloadClasses['MV_SequencePlayer'] = dirname(__FILE__) .'/MV_MetavidInterface/MV_SequencePlayer.php';
	103	+ $wgAutoloadClasses['MV_SequenceTools'] = dirname(__FILE__) .'/MV_MetavidInterface/MV_SequenceTools.php';
	104	+ $wgAutoloadClasses['MV_SequenceTimeline'] = dirname(__FILE__) .'/MV_MetavidInterface/MV_SequenceTimeline.php';
	105	+ $wgAutoloadClasses['MV_VideoPlayer'] = dirname(__FILE__) .'/MV_MetavidInterface/MV_VideoPlayer.php';
	106	+ $wgAutoloadClasses['MV_Tools'] = dirname(__FILE__) .'/MV_MetavidInterface/MV_Tools.php';
	107	+ $wgAutoloadClasses['MV_EditPageAjax'] = dirname(__FILE__) .'/MV_MetavidInterface/MV_EditPageAjax.php';
	108	+
	109	+ $wgAutoloadClasses['MV_CategoryPage'] = dirname(__FILE__) .'/articlepages/MV_CategoryPage.php';
	110	+ $wgAutoloadClasses['MV_SequencePage'] = dirname(__FILE__) .'/articlepages/MV_SequencePage.php';
	111	+ $wgAutoloadClasses['MV_StreamPage'] = dirname(__FILE__) .'/articlepages/MV_StreamPage.php';
	112	+ $wgAutoloadClasses['MV_EditDataPage'] = $wgAutoloadClasses['MV_DataPage'] = dirname(__FILE__) . '/articlepages/MV_DataPage.php';
	113	+ $wgAutoloadClasses['MV_EditStreamPage'] = dirname(__FILE__) .'/MV_EditStreamPage.php';
	114	+
	115	+
	116	+ $wgAutoloadClasses['MV_Title'] = dirname(__FILE__) . '/MV_Title.php';
	117	+ $wgAutoloadClasses['MV_Index'] = dirname(__FILE__) . '/MV_Index.php';
	118	+ $wgAutoloadClasses['MV_ImageGallery'] = dirname(__FILE__) . '/MV_ImageGallery.php';
	119	+ $wgAutoloadClasses['MV_Image'] = dirname(__FILE__) . '/MV_Image.php';
	120	+ $wgAutoloadClasses['MV_Stream'] = dirname(__FILE__) .'/MV_Stream.php';
	121	+ $wgAutoloadClasses['MV_StreamFile'] = dirname(__FILE__) . '/MV_StreamFile.php';
	122	+ $wgAutoloadClasses['MV_StreamImage'] = dirname(__FILE__) . '/MV_StreamImage.php';
	123	+ $wgAutoloadClasses['MV_ParserCache'] = dirname(__FILE__) . '/MV_ParserCache.php';
	124	+ $wgAutoloadClasses['MV_MagicWords'] = dirname(__FILE__) . '/MV_MagicWords.php';
	125	+
	126	+ /**********************************************/
90	127	/*** register special pages hooks ***/
91	128	/**********************************************/
92		~~- //@@todo shift over to extAddSpecial page (to avoid loading every time)~~
93		~~- require_once( dirname(__FILE__) . '/specials/MV_SpecialCRUDStream.php');~~
94		~~- require_once( dirname(__FILE__) . '/specials/MV_SpecialListStreams.php');~~
95		~~- require_once( dirname(__FILE__) . '/specials/MV_SpecialExport.php');~~
	129	+ $wgAutoloadClasses['MV_SpecialCRUDStream'] = dirname(__FILE__) . '/specials/MV_SpecialCRUDStream.php';
	130	+ $wgSpecialPages['Mv_Add_Stream'] = array('MV_SpecialCRUDStream');
	131	+
	132	+ $wgAutoloadClasses['MV_SpecialListStreams'] = dirname(__FILE__) . '/specials/MV_SpecialListStreams.php';
	133	+ $wgSpecialPages['Mv_List_Streams'] = array('MV_SpecialListStreams');
	134	+
	135	+ /* special export views */
	136	+ $wgAutoloadClasses['MV_SpecialExport'] = dirname(__FILE__) . '/specials/MV_SpecialExport.php';
	137	+
	138	+ $wgAutoloadClasses['MvVideoFeed'] = dirname(__FILE__) . '/specials/MV_SpecialExport.php';
	139	+ $wgAutoloadClasses['MvExportStream'] = dirname(__FILE__) . '/specials/MV_SpecialExport.php';
	140	+ $wgAutoloadClasses['MvExportSequence'] = dirname(__FILE__) . '/specials/MV_SpecialExport.php';
	141	+ $wgAutoloadClasses['MvExportSearch'] = dirname(__FILE__) . '/specials/MV_SpecialExport.php';
	142	+ $wgAutoloadClasses['MvExportAsk'] = dirname(__FILE__) . '/specials/MV_SpecialExport.php';
	143	+
	144	+ $wgSpecialPages['MvVideoFeed'] = array('MvVideoFeed');
	145	+ $wgSpecialPages['MvExportStream'] = array('MvExportStream');
	146	+ $wgSpecialPages['MvExportSequence'] = array('MvExportSequence');
	147	+ $wgSpecialPages['MvExportSearch'] = array('MvExportSearch');
	148	+ $wgSpecialPages['MvExportAsk'] = array('MvExportAsk');
	149	+
	150	+ $wgAutoloadClasses['MV_SpecialMediaSearch'] = dirname(__FILE__) . '/specials/MV_SpecialMediaSearch.php';
	151	+ $wgSpecialPages['Mv_List_Streams'] = array('MV_SpecialListStreams');
	152	+
	153	+ //require_once( dirname(__FILE__) . '/specials/MV_SpecialCRUDStream.php');
	154	+ //require_once( dirname(__FILE__) . '/specials/MV_SpecialListStreams.php');
	155	+ //require_once( dirname(__FILE__) . '/specials/MV_SpecialExport.php');
96	156	require_once( dirname(__FILE__) . '/specials/MV_SpecialMediaSearch.php');
97	157	require_once( dirname(__FILE__) . '/specials/MV_SpecialMVAdmin.php');
98		-
99		-
	158	+
100	159	/**********************************************/
101	160	/*** register hooks ***/
102	161	/**********************************************/
—	—	@@ -148,20 +207,6 @@
149	208	$mvMagicWords = new MV_MagicWords($arg_list);
150	209	return array($mvMagicWords->renderMagic(), 'noparse'=>true, 'isHTML'=>true);
151	210	}
152		~~-/*function mvMagicParserFunction_Magic( &$magicWords, $langCode ) {~~
153		~~- # Add the magic word~~
154		~~- # The first array element is case sensitive, in this case it is not case sensitive~~
155		~~- # All remaining elements are synonyms for our parser function~~
156		~~- $magicWords['example'] = array( 0, 'example' );~~
157		~~- # unless we return true, other parser functions extensions won't get loaded.~~
158		~~- return true;~~
159		-}
160		-
161		~~-function mvMagicParserFunction_Render( &$parser, $param1 = '', $param2 = '' ) {~~
162		~~- $arg_list = func_get_args();~~
163		~~- $mvMagic = new MV_MagicWords($arg_list);~~
164		~~- return $mvMagic->renderMagic();~~
165		~~-}*/~~
166	211
167	212	/**********************************************/
168	213	/*** Header modifications ***/
—	—	@@ -170,24 +215,26 @@
171	216	* header script to be added to all pages:
172	217	* enables linkback and autocomplete for search
173	218	*/
174		~~- function mvfAutoAllPageHeader(){~~
175		~~- global $mvgScriptPath, $wgJsMimeType, $wgOut;~~
176		~~- /* (moved to on_dom ready) but here as well*/~~
177		~~- $wgOut->addScript("<script type=\"{$wgJsMimeType}\" src=\"{$mvgScriptPath}/skins/mv_embed/jquery/jquery-1.2.1.js\"></script>");~~
178		~~- $wgOut->addScript("<script type=\"{$wgJsMimeType}\" src=\"{$mvgScriptPath}/skins/mv_embed/jquery/plugins/jquery.autocomplete.js\"></script>");~~
179		~~- $wgOut->addScript("<script type=\"{$wgJsMimeType}\" src=\"{$mvgScriptPath}/skins/mv_embed/jquery/plugins/jquery.hoverIntent.js\"></script>");~~
180		-
181		~~- $wgOut->addScript("<script type=\"{$wgJsMimeType}\" src=\"{$mvgScriptPath}/skins/mv_embed/mv_embed.js\"></script>");~~
182		~~- $wgOut->addScript("<script type=\"{$wgJsMimeType}\" src=\"{$mvgScriptPath}/skins/mv_allpages.js\"></script>");~~
183		-
184		~~- $mvCssUrl = $mvgScriptPath . '/skins/mv_custom.css';~~
185		~~- $wgOut->addLink(array(~~
186		~~- 'rel' => 'stylesheet',~~
187		~~- 'type' => 'text/css',~~
188		~~- 'media' => 'all',~~
189		~~- 'href' => $mvCssUrl~~
190		~~- ));~~
191		~~- }~~
	219	+function mvfAutoAllPageHeader(){
	220	+ global $mvgScriptPath, $wgJsMimeType, $wgOut;
	221	+ $mvgScriptPath = htmlspecialchars( $mvgScriptPath );
	222	+ $wgJsMimeType = htmlspecialchars( $wgJsMimeType) ;
	223	+ /* (moved to on_dom ready) but here as well*/
	224	+ $wgOut->addScript("<script type=\"{$wgJsMimeType}\" src=\"{$mvgScriptPath}/skins/mv_embed/jquery/jquery-1.2.1.js\"></script>");
	225	+ $wgOut->addScript("<script type=\"{$wgJsMimeType}\" src=\"{$mvgScriptPath}/skins/mv_embed/jquery/plugins/jquery.autocomplete.js\"></script>");
	226	+ $wgOut->addScript("<script type=\"{$wgJsMimeType}\" src=\"{$mvgScriptPath}/skins/mv_embed/jquery/plugins/jquery.hoverIntent.js\"></script>");
	227	+
	228	+ $wgOut->addScript("<script type=\"{$wgJsMimeType}\" src=\"{$mvgScriptPath}/skins/mv_embed/mv_embed.js\"></script>");
	229	+ $wgOut->addScript("<script type=\"{$wgJsMimeType}\" src=\"{$mvgScriptPath}/skins/mv_allpages.js\"></script>");
	230	+
	231	+ $mvCssUrl = $mvgScriptPath . '/skins/mv_custom.css';
	232	+ $wgOut->addLink(array(
	233	+ 'rel' => 'stylesheet',
	234	+ 'type' => 'text/css',
	235	+ 'media' => 'all',
	236	+ 'href' => $mvCssUrl
	237	+ ));
	238	+}
192	239	/**
193	240	* This method is in charge of inserting additional CSS, JScript, and meta tags
194	241	* into the html header of each page. It is called by pages
—	—	@@ -376,40 +423,8 @@
377	424	$wgMessageCache->addMessages($messages[$key], $key);
378	425	}
379	426	}
380		-/*
381		~~- * Ajax Hooks~~
382		~~- */~~
383		~~-$wgAjaxExportList[] = 'mv_auto_complete_all';~~
384		~~-$wgAjaxExportList[] = 'mv_auto_complete_person';~~
385		~~-$wgAjaxExportList[] = 'mv_auto_complete_stream_name';~~
386		~~-$wgAjaxExportList[] = 'mv_helpers_auto_complete';~~
387	427
388		~~-$wgAjaxExportList[] = 'mv_disp_mvd';~~
389	428
390		~~-$wgAjaxExportList[] = 'mv_add_disp';~~
391		~~-$wgAjaxExportList[] = 'mv_remove_mvd';~~
392		~~-$wgAjaxExportList[] = 'mv_disp_remove_mvd';~~
393		-
394		~~-$wgAjaxExportList[] = 'mv_edit_disp';~~
395		~~-$wgAjaxExportList[] = 'mv_edit_preview';~~
396		~~-$wgAjaxExportList[] = 'mv_edit_submit';~~
397		~~-$wgAjaxExportList[] = 'mv_edit_sequence_submit';~~
398		~~-$wgAjaxExportList[] = 'mv_seqtool_disp';~~
399		-
400		~~-$wgAjaxExportList[] = 'mv_history_disp';~~
401		~~-$wgAjaxExportList[] = 'mv_adjust_disp';~~
402		~~-$wgAjaxExportList[] = 'mv_adjust_submit';~~
403		-
404		~~-//search interface exported functions:~~
405		~~-$wgAjaxExportList[] = 'mv_expand_wt';~~
406		~~-$wgAjaxExportList[] = 'mv_pl_wt';~~
407		~~-$wgAjaxExportList[] = 'mv_submit_remove';~~
408		~~-$wgAjaxExportList[] = 'mv_tool_disp';~~
409		~~-$wgAjaxExportList[] = 'mv_date_obj';~~
410		-
411		~~-//media serving~~
412		~~-$wgAjaxExportList[] = 'mv_frame_server';~~
413		-
414	429	/*
415	430	* Utility functions:
416	431	*/
Index: branches/MetavidWiki-exp/MetavidWiki/includes/MV_EditStreamPage.php
—	—	@@ -38,20 +38,23 @@
39	39	}
40	40	/put thrown together quickly... could clean up/simplify/
41	41	function displayEditStreamFiles(){
42		~~- global $wgOut, $wgTitle,$wgScriptPath,$wgRequest;~~
	42	+ global $wgOut, $wgTitle,$wgScriptPath,$wgRequest, $wgUser;
43	43	$html='';
44	44
45	45	$streamFiles = $this->mArticle->mvTitle->mvStream->getFileList();
46	46	//proccess the requested changes
47	47	$this->proccessReq($streamFiles);
48		~~- if($this->status_error!='')$html.='<span class="error">'.$this->status_error.'</span><br />';~~
	48	+ if($this->status_error!='')$html.='<span class="error">'.htmlspecialchars($this->status_error).'</span><br />';
49	49	if($this->status_ok!='')$html.=$this->status_ok . '<br />';
50	50
51	51	if(count($streamFiles)==0){
52	52	$html.='<b>'.wfMsg('mv_no_stream_files').'</b>';
53	53	}else{
54		~~- $html.='<form action="'.$wgRequest->getRequestURL().'" method="POST">';~~
	54	+ $html.='<form action="'.htmlspecialchars($wgRequest->getRequestURL()).'" method="POST">';
55	55	$html.='<input type="hidden" name="mv_action" value="edit_stream_files">';
	56	+
	57	+ $html.='<input type="hidden" name="wpEditToken" value="'.htmlspecialchars($wgUser->editToken()).'"';
	58	+
56	59	$html.= '<fieldset><legend>'.wfMsg('mv_file_list').'</legend>' . "\n";
57	60	$html.= '<table width="600" border="0">';
58	61	$html.='</tr><tr>';
—	—	@@ -62,19 +65,19 @@
63	66	$outHeader=false;
64	67	}
65	68	$html.='<tr><td colspan=4>';
66		~~- $html.='<input type="submit" value="'.wfMsg('mv_save_changes').'">';~~
	69	+ $html.='<input type="submit" value="'. htmlspecialchars(wfMsg('mv_save_changes')).'">';
67	70	$html.='</td></tr>';
68	71	$html .='</table></fieldset>';
69	72	$html.='</form>';
70	73	}
71	74	//add new stream:
72		~~- $html.='<form action="'.$wgRequest->getRequestURL().'" method="POST">';~~
	75	+ $html.='<form action="'.htmlspecialchars($wgRequest->getRequestURL()).'" method="POST">';
73	76	$html.='<input type="hidden" name="mv_action" value="new_stream_file">';
74	77	$html.= '<fieldset><legend>'.wfMsg('mv_add_stream_file').'</legend>' . "\n";
75	78	$html.= '<table width="600" border="0">';
76	79	$html.= $this->getStreamFileForm(array('id'=>'new'));
77	80	$html.='<tr><td>';
78		~~- $html.='<input type="submit" value="'.wfMsg('mv_add_stream_file').'">';~~
	81	+ $html.='<input type="submit" value="'.htmlspecialchars(wfMsg('mv_add_stream_file')).'">';
79	82	$html.='</td></tr>';
80	83	$html .='</table></fieldset>';
81	84	$html .='</form>';
—	—	@@ -83,9 +86,14 @@
84	87	}
85	88	function proccessReq(& $streamFiles){
86	89	global $wgRequest, $wgUser;
	90	+
87	91	//make sure the user can edit streams:
88	92	if(!$wgUser->isAllowed('mv_edit_stream'))return ;
89		-
	93	+
	94	+ //confirm the edit token:
	95	+ if(!$wgUser->matchEditToken($wgRequest->getVal('wpEditToken')))return ;
	96	+
	97	+
90	98	$this->mv_action = $wgRequest->getVal('mv_action');
91	99	if($this->mv_action=='new_stream_file'){
92	100	//@@todo a bit more input scrubbing:
—	—	@@ -148,19 +156,19 @@
149	157	if($remove_link){
150	158	global $wgRequest;
151	159	$html.='<td><a title="'.wfMsg('mv_delete_stream_file').'"' .
152		~~- ' href="'.$wgRequest->getRequestURL().'&mv_action=rm_stream_file&rid='.$sf['id'].'"><img src="'.$mvgScriptPath.'/skins/images/delete.png"></a></td>';~~
	160	+ ' href="'.$wgRequest->getRequestURL().'&mv_action=rm_stream_file&rid='.htmlspecialchars($sf['id']).'"><img src="'.htmlspecialchars($mvgScriptPath).'/skins/images/delete.png"></a></td>';
153	161	}
154		~~- $html.='<td><input type="text" name="sf_'.$sf['id'].'[file_desc_msg]" value="'.$sf['file_desc_msg'].'" maxlength="60" size="20" /></td>';~~
155		~~- $html.='<td><input type="text" name="sf_'.$sf['id'].'[duration]" value="'.$sf['duration'].'" maxlength="11" size="7" /></td>';~~
156		~~- $html.='<td><input type="text" name="sf_'.$sf['id'].'[base_offset]" value="'.$sf['base_offset'].'" maxlength="11" size="7" /></td>';~~
157		~~- $html.='<td><select name="sf_'.$sf['id'].'[path_type]">';~~
	162	+ $html.='<td><input type="text" name="sf_'.htmlspecialchars($sf['id']).'[file_desc_msg]" value="'.htmlspecialchars($sf['file_desc_msg']).'" maxlength="60" size="20" /></td>';
	163	+ $html.='<td><input type="text" name="sf_'.htmlspecialchars($sf['id']).'[duration]" value="'.htmlspecialchars($sf['duration']).'" maxlength="11" size="7" /></td>';
	164	+ $html.='<td><input type="text" name="sf_'.htmlspecialchars($sf['id']).'[base_offset]" value="'.htmlspecialchars($sf['base_offset']).'" maxlength="11" size="7" /></td>';
	165	+ $html.='<td><select name="sf_'.htmlspecialchars($sf['id']).'[path_type]">';
158	166	$sel=($sf['path_type']=='url_anx')?' selected':'';
159	167	$html.='<option value="url_anx"'.$sel.'>'.wfMsg('mv_path_type_url_anx').'</option>' .
160	168	$sel=($sf['path_type']=='wiki_title')?' selected':'';
161	169	$html.='<option value="wiki_title"'.$sel.'>'.wfMsg('mv_path_type_wiki_title').'</option>' .
162	170	'</select></td>';
163		~~- $html.='<td><input type="text" name="sf_'.$sf['id'].'[path]" value="'.$sf['path'].'" maxlength="250" size="50" />' .~~
164		~~- '<input type="hidden" name="sf_'.$sf['id'].'[stream_id]" value="'.$sf['stream_id'].'">'.~~
	171	+ $html.='<td><input type="text" name="sf_'.htmlspecialchars($sf['id']).'[path]" value="'.htmlspecialchars($sf['path']).'" maxlength="250" size="50" />' .
	172	+ '<input type="hidden" name="sf_'.htmlspecialchars($sf['id']).'[stream_id]" value="'.htmlspecialchars($sf['stream_id']).'">'.
165	173	'</td>';
166	174	$html.='</tr>';
167	175	return $html;
Index: branches/MetavidWiki-exp/MetavidWiki/includes/MV_MagicWords.php
—	—	@@ -29,8 +29,12 @@
30	30	if(strpos($arg,'=')===false){
31	31	//get param via index order (not as reliable as param=value mode)
32	32	switch($inx){
33		~~- case '0':$this->params['format']=$arg;break;~~
34		~~- case '1':$this->params['num_results']=$arg;break;~~
	33	+ case '0':
	34	+ $this->params['format']=$arg;
	35	+ break;
	36	+ case '1':
	37	+ $this->params['num_results']=$arg;
	38	+ break;
35	39	}
36	40	}else{
37	41	list($arg_type, $arg_value) = split('=',$arg);
—	—	@@ -138,7 +142,6 @@
139	143	$title_span,
140	144	'tl=1') .
141	145	'</span>';
142		-
143	146	//try to get metadata from anno_en first.
144	147	//@@todo maybe the following metadata grabbing could be abstracted to a single function in mv_index
145	148	$mvd_result = MV_Index::getMVDInRange(
—	—	@@ -148,7 +151,7 @@
149	152	$mvd_type='anno_en',
150	153	$getText=true,
151	154	$smw_properties=array('Speech_by', 'Bill'),
152		~~- $limit='LIMIT 0,1'~~
	155	+ $limit='1'
153	156	);
154	157	if($dbr->numRows($mvd_result)!=0){
155	158	$mvd_row = $dbr->fetchObject($mvd_result);
—	—	@@ -180,11 +183,9 @@
181	184	$coma=', ';
182	185	}
183	186	$o.='</span>';
184		~~- }~~
185		-
	187	+ }
186	188	}
187		~~- $o.='</li>';~~
188		-
	189	+ $o.='</li>';
189	190	}
190	191	$o.='</ul><div style="clear:both"></div>';
191	192	}
Index: branches/MetavidWiki-exp/MetavidWiki/includes/MV_ImageGallery.php
—	—	@@ -29,7 +29,7 @@
30	30	$this->mAttribs );
31	31	$s = Xml::openElement( 'table', $attribs );
32	32	if( $this->mCaption )
33		~~- $s .= "\n\t<caption>{$this->mCaption}</caption>";~~
	33	+ $s .= "\n\t<caption>".htmlspecialchars($this->mCaption)."</caption>";
34	34
35	35	$params = array( 'width' => $this->mWidths, 'height' => $this->mHeights );
36	36	$i = 0;
—	—	@@ -61,24 +61,23 @@
62	62	mvfAddHTMLHeader('embed');
63	63	//print "img url: " . $mvTitle->getStreamImageURL();
64	64	$thumbhtml = "\n\t\t\t".
65		~~- '<div class="thumb" style="padding: 4px 0; width: ' .($this->mWidths+5).'px;">'~~
	65	+ '<div class="thumb" style="padding: 4px 0; width: ' .htmlspecialchars($this->mWidths+5).'px;">'
66	66	# Auto-margin centering for block-level elements. Needed now that we have video
67	67	# handlers since they may emit block-level elements as opposed to simple <img> tags.
68	68	# ref http://css-discuss.incutio.com/?page=CenteringBlockElement
69		~~- . '<div style="margin-left: auto; margin-right: auto; width: ' .$this->mWidths.'px;">'~~
	69	+ . '<div style="margin-left: auto; margin-right: auto; width: ' .htmlspecialchars($this->mWidths).'px;">'
70	70	. $mvTitle->getEmbedVideoHtml('', $vidRes)
71	71	//. '<img width="'.$this->mWidths.'" src="'.$mvTitle->getStreamImageURL() . '">'
72	72	. '</div>' .
73		~~- '<span style="clear:both"></div>'.~~
	73	+ '</div>'.
	74	+ '<div style="clear:both;"></div>'.
74	75	//@@todo clean up link
75	76	'<span class="gallerytext" style="float:left">'.
76	77	$sk->makeKnownLinkObj( $nt, $mvTitle->getStreamNameText().' '. $mvTitle->getTimeDesc() ) .
77	78	'</span>'.
78		~~- '</div>';~~
79		-
	79	+ '</div>';
80	80	$nb = '';
81		~~- $textlink='';~~
82		-
	81	+ $textlink='';
83	82	}else{
84	83
85	84	if( $nt->getNamespace() != NS_IMAGE \|\| !$img ) {
—	—	@@ -97,11 +96,11 @@
98	97	$vpad = floor( ( 1.25*$this->mHeights - $thumb->height ) /2 ) - 2;
99	98
100	99	$thumbhtml = "\n\t\t\t".
101		~~- '<div class="thumb" style="padding: ' . $vpad . 'px 0; width: ' .($this->mWidths+30).'px;">'~~
	100	+ '<div class="thumb" style="padding: ' . htmlspecialchars($vpad) . 'px 0; width: ' .htmlspecialchars($this->mWidths+30).'px;">'
102	101	# Auto-margin centering for block-level elements. Needed now that we have video
103	102	# handlers since they may emit block-level elements as opposed to simple <img> tags.
104	103	# ref http://css-discuss.incutio.com/?page=CenteringBlockElement
105		~~- . '<div style="margin-left: auto; margin-right: auto; width: ' .$this->mWidths.'px;">'~~
	104	+ . '<div style="margin-left: auto; margin-right: auto; width: ' .htmlspecialchars($this->mWidths).'px;">'
106	105	. $thumb->toHtml( array( 'desc-link' => true ) ) . '</div></div>';
107	106
108	107	// Call parser transform hook
—	—	@@ -140,7 +139,7 @@
141	140	"\n\t\t" . '<td><div class="gallerybox" style="width: '.($this->mWidths+10).'px;">'
142	141	. $thumbhtml
143	142	. "\n\t\t\t" . '<div class="gallerytext">' . "\n"
144		~~- . $textlink . $text . $nb~~
	143	+ . $textlink . htmlspecialchars($text) . $nb
145	144	. "\n\t\t\t</div>"
146	145	. "\n\t\t</div></td>";
147	146	if ( $i % $this->mPerRow == $this->mPerRow - 1 ) {
Index: branches/MetavidWiki-exp/MetavidWiki/includes/MV_Index.php
—	—	@@ -43,10 +43,9 @@
44	44	* contained_in_range ...include only meta that are contained in the given range
45	45	* start_or_end_in_range ...include only meta that start or end in the given range
46	46	*/
47		~~- function getNearCount($range_offset='', $options=array()){~~
	47	+ /*function getNearCount($range_offset='', $options=array()){
48	48	global $mvDefaultClipLength, $mvIndexTableName;
49		~~- if($range_offset=='')$range_offset=$mvDefaultClipLength;~~
50		-
	49	+ if($range_offset=='')$range_offset=$mvDefaultClipLength;
51	50	$dbr =& wfGetDB(DB_SLAVE);
52	51	//set up the count sql query:
53	52	$sql = "SELECT COUNT(1) as `count` FROM {$dbr->tableName($mvIndexTableName)} " .
—	—	@@ -83,87 +82,106 @@
84	83	$row = $dbr->fetchObject( $result );
85	84	//print_r($row);
86	85	return $row->count;
87		~~- }~~
	86	+ }*/
88	87	function countMVDInRange($stream_id, $start_time=null, $end_time=null, $mvd_type='all'){
89		~~- global $mvIndexTableName, $mvDefaultClipLength;~~
	88	+ global $mvDefaultClipLength;
90	89	$dbr =& wfGetDB(DB_SLAVE);
91		~~- $sql = "SELECT COUNT(1) as `count` " .~~
92		~~- "FROM {$dbr->tableName($mvIndexTableName)} " .~~
93		~~- "WHERE `stream_id`={$stream_id} ";~~
94		~~- if($mvd_type!='all'){~~
95		~~- $sql.="AND `mvd_type`='{$mvd_type}' ";~~
96		~~- }~~
97		~~- //get any data in rage:~~
98		~~- if($end_time)$sql.=" AND `start_time` <= " . $end_time;~~
99		~~- if($start_time)$sql.=" AND `end_time` >= " . $start_time;~~
100		~~- $result =& $dbr->query( $sql, 'MV_Index:countMVDInRange');~~
101		~~- $row = $dbr->fetchObject($result);~~
102		~~- return $row->count;~~
	90	+
	91	+ $cond=array('stream_id'=>$stream_id);
	92	+ if($end_time)
	93	+ $cond[]='AND start_time <= '. $dbr->addQuotes($end_time);
	94	+ if($start_time)
	95	+ $cond[]='AND end_time >= '. $dbr->addQuotes($start_time);
	96	+ return $dbr->selectField('mv_mvd_index', 'COUNT(*)', $cond, __METHOD__ );
103	97	}
104	98	/*
105	99	* getMVDInRange returns the mvd titles that are in the given range
106	100	* param list got kind of crazy long... @@todo re-factor int a request object or something cleaner
107	101	*/
108		~~- function getMVDInRange($stream_id, $start_time=null, $end_time=null, $mvd_type='all',$getText=false,$smw_properties='', $limit='LIMIT 0, 200'){~~
	102	+ function getMVDInRange($stream_id, $start_time=null, $end_time=null, $mvd_type='all',$getText=false,$smw_properties='', $limit='200'){
109	103	global $mvIndexTableName, $mvDefaultClipLength;
110		~~- $dbr =& wfGetDB(DB_SLAVE);~~
	104	+ $dbr =& wfGetDB(DB_SLAVE);
	105	+ //set up select vars:
	106	+ $conds=$options=$vars=array();
	107	+ $from_tables ='';
	108	+ //
111	109	//set mvd_type if empty:
112	110	if($mvd_type==null)$mvd_type='all';
113	111	if($start_time<0)$start_time=0;
	112	+ //add base select vars:
	113	+ $vars= array('mv_page_id as id', 'mvd_type', 'wiki_title', 'stream_id', 'start_time', 'end_time');
	114	+ //add in base from:
	115	+ $from_tables.= $dbr->tableName('mv_mvd_index');
	116	+ if($smw_properties!=''){
	117	+ if(!isset($options['STRAIGHT_JOIN']))
	118	+ $options['STRAIGHT_JOIN']='';
	119	+ if(!is_array($smw_properties))
	120	+ $smw_properties = explode(',',$smw_properties);
	121	+ foreach($smw_properties as $prop_name){
	122	+ $vars[] = mysql_escape_string($prop_name).'.object_title as '.mysql_escape_string($prop_name);
	123	+ $from_tables.=' LEFT JOIN '. $dbr->tableName('smw_relations') .
	124	+ ' as ' . mysql_escape_string($prop_name) .
	125	+ ' ON (' . $dbr->tableName('mv_mvd_index') . '.mv_page_id'.
	126	+ ' = ' . mysql_escape_string($prop_name) . '.subject_id'.
	127	+ ' AND '. mysql_escape_string($prop_name).'.relation_title'.
	128	+ ' = ' . mysql_escape_string($prop_name) . ')';
	129	+ }
	130	+ }
	131	+ $conds = array('stream_id'=>$stream_id);
	132	+ if($mvd_type!='all'){
	133	+ $mvd_type=(is_object($mvd_type))?get_object_vars($mvd_type):$mvd_type;
	134	+ if(is_array($mvd_type)){
	135	+ $mvd_type_cond = '';
	136	+ foreach($mvd_type as $mtype){
	137	+ //@@todo confirm its a valid mvd_type:
	138	+ $mvd_type_cond.= $or."mvd_type=".$dbr->addQuotes($mtype);
	139	+ $or=' OR ';
	140	+ }
	141	+ }else if(is_string($mvd_type)){
	142	+ $mvd_type_cond = $mvd_type;
	143	+ }
	144	+ $conds[] = $mvd_type_cond;
	145	+ }
	146	+ if($end_time)
	147	+ $cond[]='AND start_time <= '. $dbr->addQuotes($end_time);
	148	+ if($start_time)
	149	+ $cond[]='AND end_time >= '. $dbr->addQuotes($start_time);
114	150
115		~~- $sql_sel = "SELECT `mv_page_id` as `id`, `mvd_type`, `wiki_title`, `stream_id`, `start_time`, `end_time` ";~~
116		~~- $sql_from=" FROM {$dbr->tableName($mvIndexTableName)} ";~~
117		~~- if($smw_properties!=''){~~
118		~~- $smw_properties = (is_string($smw_properties))?array($smw_properties):$smw_properties;~~
119		~~- foreach($smw_properties as $prop_name){~~
120		~~- $sql_sel.=", `$prop_name`.`object_title` as `$prop_name`";~~
121		~~- $sql_from.="LEFT JOIN `smw_relations` as `$prop_name` ON (`mv_mvd_index`.`mv_page_id`=`$prop_name`.`subject_id` " .~~
122		~~- "AND `$prop_name`.`relation_title`='$prop_name') ";~~
123		~~- }~~
124		~~- }~~
125		~~- $sql = $sql_sel . $sql_from;~~
126		~~- $sql.= "WHERE `stream_id`={$stream_id} ";~~
127		~~- if($mvd_type!='all'){~~
128		~~- $mvd_type=(is_object($mvd_type))?get_object_vars($mvd_type):$mvd_type;~~
129		~~- //check if mvd_type is array:~~
130		~~- if(is_array($mvd_type)){~~
131		~~- $sql.=' AND (';~~
132		~~- $or='';~~
133		~~- foreach($mvd_type as $mtype){~~
134		~~- //@@todo confirm its a valid mvd_type:~~
135		~~- $sql.=$or."`mvd_type`='{$mtype}' ";~~
136		~~- $or='OR ';~~
137		~~- }~~
138		~~- $sql.=')';~~
139		~~- }else{~~
140		~~- //@@todo confirm its a valid mvd_type:~~
141		~~- $sql.="AND `mvd_type`='{$mvd_type}' ";~~
142		~~- }~~
143		~~- }~~
144		~~- //print $sql;~~
145		~~- //get any data that covers this rage:~~
146		~~- if($end_time)$sql.=" AND `start_time` <= " . $end_time;~~
147		~~- if($start_time)$sql.=" AND `end_time` >= " . $start_time;~~
148		~~- //add in ordering~~
149		~~- $sql.=' ORDER BY `start_time` ASC ';~~
150		~~- //add in limit of 200 by default for now~~
151		~~- $sql.=$limit;~~
	151	+ //add in ordering
	152	+ $options['ORDER BY']= 'start_time ASC';
	153	+ //add in limit
	154	+ $options['LIMIT'] = $limit;
	155	+ //run query:
	156	+ $result = $dbr->select( $from_tables,
	157	+ $vars,
	158	+ $conds,
	159	+ __METHOD__,
	160	+ $options);
	161	+ /*print $dbr->lastQuery();
	162	+ die;*/
152	163	//echo $sql;
153		~~- $result =& $dbr->query( $sql, 'MV_Index:time_index_query');~~
	164	+ //$result =& $dbr->query( $sql, 'MV_Index:time_index_query');
154	165	return $result;
155	166	}
156	167	/@@todo figure another way to get at this data...this is not a very fast query: /
157	168	function getMVDTypeInRange($stream_id, $start_time=null, $end_time=null){
158		~~- global $mvIndexTableName;~~
159		~~- $dbr =& wfGetDB(DB_SLAVE);~~
160		~~- $sql = "SELECT COUNT(*) as `count`, `mvd_type`";~~
161		~~- $sql.= " FROM {$dbr->tableName($mvIndexTableName)} " .~~
162		~~- " WHERE `stream_id` =".$stream_id;~~
163		~~- if($end_time)$sql.=" AND `start_time` <= " . $end_time;~~
164		~~- if($start_time)$sql.=" AND `end_time` >= " . $start_time;~~
165		~~- $sql.= " GROUP BY `mvd_type`";~~
166		~~- $result = & $dbr->query( $sql, 'MV_Index:time_mvd_type_query');~~
167		~~- return $result;~~
	169	+ $dbr =& wfGetDB(DB_SLAVE);
	170	+ //init vars
	171	+ $from_tables=$vars= $conds= $options=array();
	172	+
	173	+ $from_tables = $dbr->tableName('mv_mvd_index');
	174	+ $vars = 'COUNT(*) as count, mvd_type';
	175	+ $conds = array('stream_id'=>$stream_id);
	176	+ if($end_time)
	177	+ $cond[] = ' AND start_time <= '. $dbr->addQuotes($end_time);
	178	+ if($start_time)
	179	+ $cond[] = ' AND end_time >= '. $dbr->addQuotes($start_time);
	180	+ $options['GROUP BY'] = 'mvd_type';
	181	+ return $dbr->select( $from_tables,
	182	+ $vars,
	183	+ $conds,
	184	+ __METHOD__,
	185	+ $options); ;
168	186	}
169	187	function remove_by_stream_id($stream_id){
170	188	global $mvIndexTableName;
—	—	@@ -185,25 +203,30 @@
186	204	$wgRequest, $mvDo_SQL_CALC_FOUND_ROWS, $mvMediaSearchResultsLimit;
187	205
188	206	global $mvSpokenByInSearchResult, $mvCategoryInSearchResult, $mvBillInSearchResult;
189		-
	207	+
	208	+ //init vars
	209	+ $from_tables=$vars= $conds= $options=array();
190	210	$dbr =& wfGetDB(DB_SLAVE);
191	211	//organize the queries (group full-text searches and category/attributes)
192	212	//if the attribute is not a numerical just add it to the fulltext query
193		~~- $ftq_match_asql=$last_person_aon=$ftq_match=$ftq=$snq=$toplq_cat=$date_range_join=$date_range_where=$asql=''; //top query and full text query =''~~
	213	+ //$ftq_match_asql=$last_person_aon=$ftq_match=$ftq=$snq=$toplq_cat=$date_range_join=$date_range_where=$asql=''; //top query and full text query =''
194	214	if($filters=='')return array();
195	215
196		~~- $selOpt = ($mvDo_SQL_CALC_FOUND_ROWS)?'SQL_CALC_FOUND_ROWS':'';~~
	216	+ //$selOpt = ($mvDo_SQL_CALC_FOUND_ROWS)?'SQL_CALC_FOUND_ROWS':'';
	217	+ if( $mvDo_SQL_CALC_FOUND_ROWS)
	218	+ $options['SQL_CALC_FOUND_ROWS']=true;
197	219
198		~~- list( $this->limit, $this->offset ) = $wgRequest->getLimitOffset( 20, 'searchlimit' );~~
	220	+ //set limit offset:
	221	+ list( $this->limit, $this->offset ) = $wgRequest->getLimitOffset( 20, 'searchlimit' );
199	222	if($this->limit > $mvMediaSearchResultsLimit)$this->limit = $mvMediaSearchResultsLimit;
200	223
201		~~- $this->order = strtolower($wgRequest->getVal('order'));~~
	224	+ $this->order = strtolower($wgRequest->getVal('order'));
202	225	//force order type:
203	226	if( !($this->order=='relevent' \|\| $this->order=='recent' \|\| $this->order=='viewed') )$this->order='relevent';
204	227
205	228
206	229	$group_spoken=true;
207		~~- $categoryTable = $dbr->tableName( 'categorylinks');~~
	230	+ //$categoryTable = ;
208	231	foreach($filters as $f){
209	232	//proocc and or for fulltext:
210	233	if(!isset($f['a']))$f['a']='and';
—	—	@@ -221,12 +244,13 @@
222	245	$group_spoken=false;
223	246	}
224	247	//full text based semantic query:
225		~~- $ftq.=' '.$aon.'"spoken by '.mysql_escape_string($f['v']).'"';~~
	248	+ $ftq.=' '.$aon. $dbr->addQuotes('spoken by '. $f['v']);
226	249	//table based query:
227	250	$last_person_aon=$aon;
	251	+ //$conds[]=
228	252	break;
229	253	case 'match':
230		~~- $ftq_match.=' '.$aon.'"'.mysql_escape_string($f['v']).'"';~~
	254	+ $ftq_match.=' '.$aon.'"'.$dbr->addQuotes($f['v']).'"';
231	255	//only need to split out ftq match if spoken by is more than one
232	256	if($ftq_match_asql!='')
233	257	$ftq_match_asql = $asql;
—	—	@@ -234,7 +258,7 @@
235	259	//top level queries (sets up time ranges )
236	260	case 'category':
237	261	//full text based category query:
238		~~- $toplq.=' '.$aon.'"category '.mysql_escape_string($f['v']).'" ';~~
	262	+ $toplq.=' '.$aon.'"category '.$dbr->addQuotes($f['v']).'" ';
239	263	//$ftq.=' '.$aon.'category:'.mysql_escape_string($f['v']);
240	264
241	265	//table based query:
—	—	@@ -243,19 +267,19 @@
244	268	case 'or':$toplq_cat='OR';break;
245	269	case 'not':$toplq_cat='NOT';break;
246	270	}
247		~~- $toplq_cat.=" $categoryTable.`cl_to`='".mysql_escape_string($f['v'])."'";~~
	271	+ $toplq_cat.=$dbr->tableName( 'categorylinks').'.cl_to='.$dbr->addQuotes($f['v']);
248	272	break;
249	273	case 'date_range':
250	274	$date_range_join = ' JOIN `mv_streams` ' .
251		~~- 'ON `'.$mvIndexTableName.'`.`stream_id` =`mv_streams`.`id` ';~~
	275	+ 'ON mv_mvd_index.stream_id =mv_streams.id ';
252	276
253	277	list($month, $day, $year) = explode('/',$f['vs']);
254	278	$sts = mktime(0,0,0,$month, $day, $year);
255	279	list($month, $day, $year) = explode('/',$f['ve']);
256	280	$ets = mktime(0,0,0,$month, $day+1, $year); //(the start of the next day)
257	281	$date_range_where.= '( `mv_streams`.`date_start_time` > '
258		~~- . mysql_escape_string($sts) .~~
259		~~- ' AND `mv_streams`.`date_start_time` < '. mysql_escape_string($ets) .~~
	282	+ . $dbr->addQuotes($sts) .
	283	+ ' AND `mv_streams`.`date_start_time` < '. $dbr->addQuotes($ets) .
260	284	')';
261	285	$date_range_andor = ' '.$asql.' ';
262	286	break;
—	—	@@ -270,38 +294,76 @@
271	295	//get stream name:
272	296	//print "f: " . $f['v'];
273	297	$stream =& mvGetMVStream($f['v']);
274		~~- $snq.=" `stream_id` = {$stream->getStreamId()} ";~~
	298	+ $snq.=" stream_id = ". $dbr->addQuotes($stream->getStreamId());
275	299	break;
276	300	case 'smw_property':
277		~~- //more complicated query work needed ;)~~
	301	+ //more complicated query work needed
278	302	break;
279	303	}
280	304	}
281		~~- $searchindexTable = $dbr->tableName( 'searchindex' );~~
	305	+ //$searchindexTable = $dbr->tableName( 'searchindex' );
282	306
283	307	//a join operation to restrict search results to streams with files
284		- $join_streams_with_low_ogg_sql = "JOIN `$mvStreamFilesTable` ON (`$mvIndexTableName`.`stream_id` = `$mvStreamFilesTable`.`stream_id` AND `$mvStreamFilesTable`.`file_desc_msg`='mv_ogg_low_quality') ";
	308	+ //$join_streams_with_low_ogg_sql = "JOIN `$mvStreamFilesTable` ON (`$mvIndexTableName`.`stream_id` = `$mvStreamFilesTable`.`stream_id` AND `$mvStreamFilesTable`.`file_desc_msg`='mv_ogg_low_quality') ";
285	309
286	310	//add the top query to the base query:
287	311	$ftq.=$toplq;
288		~~- $sql = "SELECT $selOpt `mv_page_id` as `id`,`$mvIndexTableName`.`stream_id`,~~
	312	+ /*$sql = "SELECT $selOpt `mv_page_id` as `id`,`$mvIndexTableName`.`stream_id`,
289	313	(`$mvStreamTable`.`date_start_time`+`start_time`) AS `mvd_date_start_time`,
290	314	`start_time`,`end_time`, `view_count`,`wiki_title`, $searchindexTable.`si_text` AS `text` ";
291		~~- if($mvSpokenByInSearchResult)$sql.=",`smw_relations`.`object_title` as `spoken_by` ";~~
292		~~- $sql.="FROM `$mvIndexTableName`~~
	315	+ */
	316	+ $vars = "mv_page_id as id,". $dbr->tableName('mv_mvd_index').'.stream_id,
	317	+ ('.$dbr->tableName('mv_streams').'.date_start_time+'.$dbr->tableName('mv_mvd_index').
	318	+ '.start_time) AS mvd_date_start_time, '.
	319	+ 'start_time, end_time, view_count, wiki_title,'.
	320	+ $dbr->tableName( 'searchindex' ).'.si_text AS text ';
	321	+
	322	+ if($mvSpokenByInSearchResult)
	323	+ $vars.=', smw_relations.object_title as spoken_by ';
	324	+
	325	+ /*$sql.="FROM `$mvIndexTableName`
293	326	JOIN $searchindexTable ON `$mvIndexTableName`.`mv_page_id` = $searchindexTable.`si_page`
294	327	LEFT JOIN $mvStreamTable ON `$mvIndexTableName`.`stream_id`=$mvStreamTable.`id`
295	328	$join_streams_with_low_ogg_sql
296		~~- $date_range_join ";~~
	329	+ $date_range_join ";*/
	330	+ $from_table[]=$dbr->tableName('mv_mvd_index') ;
	331	+ $from_table[]='JOIN '.$dbr->tableName( 'searchindex' ).
	332	+ ' ON ' .
	333	+ $dbr->tableName('mv_mvd_index').'.mv_page_id = '.
	334	+ $dbr->tableName( 'searchindex' ).'.si_page';
	335	+
	336	+ $from_table[]='LEFT JOIN '. $dbr->tableName('mv_streams').
	337	+ ' ON ' .
	338	+ $dbr->tableName('mv_mvd_index').'.stream_id = ' .
	339	+ $dbr->tableName('mv_streams').'.id';
	340	+ //restrict to streams with valid $mvDefaultVideoQualityKey files:
	341	+ global $mvDefaultVideoQualityKey;
	342	+ $from_table[]= 'JOIN '. $dbr->tableName('mv_stream_files').
	343	+ ' ON ' .
	344	+ '( '.$dbr->tableName('mv_mvd_index').'.stream_id = '.
	345	+ $dbr->tableName('mv_streams').'.stream_id '.
	346	+ ' AND '. $dbr->tableName('mv_stream_files').'.file_desc_msg = '.
	347	+ $dbr->addQuotes($mvDefaultVideoQualityKey).
	348	+ ') ';
297	349
298	350	//include spoken by relation in results (LEFT JOIN should not be that costly )
299	351	if($mvSpokenByInSearchResult){
300		~~- $sql.="LEFT JOIN `smw_relations` ON (`mv_mvd_index`.`mv_page_id`=`smw_relations`.`subject_id` " .~~
301		~~- "AND `smw_relations`.`relation_title`='Spoken_By') ";~~
	352	+ /*$sql.="LEFT JOIN `smw_relations` ON (`mv_mvd_index`.`mv_page_id`=`smw_relations`.`subject_id` " .
	353	+ "AND `smw_relations`.`relation_title`='Spoken_By') ";*/
	354	+ $from_table[]='LEFT JOIN '.$dbr->tableName('smw_relations').
	355	+ ' ON ' .
	356	+ '( '.$dbr->tableName('mv_mvd_index').'.mv_page_id = '.
	357	+ $dbr->tableName('smw_relations').'.subject_id '.
	358	+ ' AND '.$dbr->tableName('smw_relations').'.relation_title = \'Spoken_By\''.
	359	+ ')';
302	360	}
303		~~- $sql.="WHERE ";~~
304		~~- $sql.=" ( `{$mvIndexTableName}`.`mvd_type`='ht_en' OR `{$mvIndexTableName}`.`mvd_type`='anno_en') AND" ;~~
305		~~- $sql.=" $snq ";~~
	361	+ //$sql.="WHERE ";
	362	+ //$sql.=" ( `{$mvIndexTableName}`.`mvd_type`='ht_en' OR `{$mvIndexTableName}`.`mvd_type`='anno_en') AND" ;
	363	+ $conds[]= '( '.$dbr->tableName('mv_mvd_index') . '.mvd_type = \'ht_en\' '.
	364	+ ' OR '. $dbr->tableName('mv_mvd_index') . 'mvd_type=\'anno_en\' )';
	365	+
	366	+ //$sql.=" $snq ";
	367	+ $conds[]= $snq;
306	368	//limit to ht_en & anno_en (for now) (future allow selection
307	369
308	370	$two_part_anor='';
—	—	@@ -338,6 +400,13 @@
339	401	//echo $this->order;
340	402	$sql.="LIMIT {$this->offset}, {$this->limit} ";
341	403
	404	+
	405	+ $result = $dbr->select( $from_tables,
	406	+ $vars,
	407	+ $conds,
	408	+ __METHOD__,
	409	+ $options);
	410	+
342	411	//echo "SQL:".$sql." \n";
343	412	//die;
344	413	$result = $dbr->query($sql, 'MV_Index:doFiltersQuery_base');
—	—	@@ -701,7 +770,7 @@
702	771	$sql.=" AND `end_time` >= '" . $range['e'] . '\' ) ';
703	772	$or = ' OR ';
704	773	}
705		~~- }~~
	774	+ }
706	775	$sql.=') LIMIT 0, 200';
707	776	//merge category info back into base results:
708	777	$result = $dbr->query($sql, 'MV_Index:doCategorySearchResult');
Index: branches/MetavidWiki-exp/MetavidWiki/includes/specials/MV_SpecialCRUDStream.php
—	—	@@ -17,7 +17,7 @@
18	18	//global $IP;
19	19	//require_once( "$IP/includes/SpecialPage.php" );
20	20
21		~~-function doSpecialAddStream() {~~
	21	+/*function doSpecialAddStream() {
22	22	$MV_SpecialAddStream = new MV_SpecialCRUDStream('add');
23	23	$MV_SpecialAddStream->execute();
24	24	}
—	—	@@ -28,10 +28,12 @@
29	29
30	30	SpecialPage::addPage( new SpecialPage('Mv_Add_Stream','',true,'doSpecialAddStream',false) );
31	31	SpecialPage::addPage( new SpecialPage('Mv_Edit_Stream','',true,'doSpecialEditStream',false) );
32		-
33		~~-class MV_SpecialCRUDStream {~~
34		~~- function __construct($mode){~~
35		~~- $this->mode = $mode;~~
	32	+*/
	33	+/* @@TODO depreciate in favor of oggFile -> stream setup */
	34	+class MV_SpecialCRUDStream extends SpecialPage{
	35	+ function __construct($mode='add'){
	36	+ parent::__construct('Mv_Add_Stream');
	37	+ $this->mode='add';
36	38	}
37	39	function execute() {
38	40	global $wgRequest, $wgOut, $wgUser, $mvStream_name, $mvgIP;
—	—	@@ -103,9 +105,9 @@
104	106	}else{
105	107	$html.= wfMsg('mv_add_stream_docu', $docutitle->getFullURL()) . "\n";
106	108	}
107		~~- $html.= '<form name="add_stream" action="' . $spectitle->escapeLocalURL() . '" method="post" enctype="multipart/form-data">';~~
	109	+ $html.= '<form name="add_stream" action="' . htmlspecialchars($spectitle->escapeLocalURL()) . '" method="post" enctype="multipart/form-data">';
108	110	$html.= '<fieldset><legend>'.wfMsg('mv_add_stream').'</legend>' . "\n" .
109		~~- '<input type="hidden" name="title" value="' . $spectitle->getPrefixedText() . '"/>' ;~~
	111	+ '<input type="hidden" name="title" value="' . htmlspecialchars($spectitle->getPrefixedText()) . '"/>' ;
110	112	$html.= '<table width="600" border="0">'.
111	113	'<tr>';
112	114
—	—	@@ -120,7 +122,7 @@
121	123	'<option value="">Select Stream Type</option>'. "\n";
122	124	foreach($this->_allowedStreamTypeArray as $type=>$na){
123	125	$sel= ($type==$this->stream_type)?'selected':'';
124		~~- $html.='<option value="'.$type.'" ' .$sel . '>'.wfMsg('mv_'.$type).'</option>'."\n";~~
	126	+ $html.='<option value="'.htmlspecialchars($type).'" ' . htmlspecialchars($sel) . '>'.wfMsg('mv_'.$type).'</option>'."\n";
125	127	}
126	128	$html.= '</select></tr>'."\n";
127	129	$html.= '<tr><td valign="top"><i>' .wfMsg('mv_label_stream_desc') .'</i>:</td><td>';
—	—	@@ -130,10 +132,10 @@
131	133	}else{
132	134	$token = EDIT_TOKEN_SUFFIX;
133	135	}
134		~~- $html .= "\n<input type='hidden' value=\"$token\"$docutitle name=\"wpEditToken\" />\n";~~
	136	+ $html .= "\n<input type='hidden' value=\"$token\" name=\"wpEditToken\" />\n";
135	137	//output the text area:
136		~~- $html .= '<textarea tabindex="1" accesskey="," name="stream_desc" id="stream_desc" rows=6 cols=5>'.$this->stream_desc .'</textarea>' . "\n";~~
137		~~- $html .= '<br /><input type="submit" value="' . wfMsg('mv_add_stream_submit') . "\"/>\n</form>";~~
	138	+ $html .= '<textarea tabindex="1" accesskey="," name="stream_desc" id="stream_desc" rows=6 cols=40>'.htmlspecialchars($this->stream_desc) .'</textarea>' . "\n";
	139	+ $html .= '<br /><input type="submit" value="' . htmlspecialchars(wfMsg('mv_add_stream_submit')) . "\"/>\n</form>";
138	140
139	141	$html .= '</td></tr></table>';
140	142	$html .='</fieldset>';
—	—	@@ -166,8 +168,8 @@
167	169	$html.= '<table width="600" border="0">';
168	170	foreach($stream_files as $sf){
169	171	$html.='<tr>';
170		~~- $html.='<td width="150">'.$sf->getFullURL().'</td>';~~
171		~~- $html.='<td>'.$sf->get_desc().'</td>';~~
	172	+ $html.='<td width="150">'.htmlspecialchars($sf->getFullURL()).'</td>';
	173	+ $html.='<td>'.htmlspecialchars($sf->get_desc()).'</td>';
172	174	$html.='</tr>';
173	175	}
174	176	$html .='</table></fieldset>';
—	—	@@ -199,7 +201,7 @@
200	202	if ( $success ) {
201	203	//stream inserted succesfully report to output
202	204	$streamLink = $sk->makeLinkObj( $streamTitle, $this->stream_name );
203		~~- $out='stream '.$streamLink.' added';~~
	205	+ $out='stream '.htmlspecialchars($streamLink).' added';
204	206
205	207	} else {
206	208	$out=wfMsg('mv_error_stream_insert');
—	—	@@ -235,7 +237,7 @@
236	238	}
237	239
238	240	}
239		~~- }~~
	241	+ }
240	242	return $this->_allowedStreamTypeArray;
241	243	}
242	244
Index: branches/MetavidWiki-exp/MetavidWiki/includes/specials/MV_SpecialListStreams.php
—	—	@@ -13,16 +13,25 @@
14	14	if (!defined('MEDIAWIKI')) die();
15	15
16	16
17		~~-function doSpecialListStreams($par = null) {~~
	17	+/*function doSpecialListStreams($par = null) {
18	18	list( $limit, $offset ) = wfCheckLimits();
19	19	$rep = new MV_SpecialListStreams();
20	20	return $rep->doQuery( $offset, $limit );
21	21	}
22		-
23	22	SpecialPage::addPage( new SpecialPage('Mv_List_Streams','',true,'doSpecialListStreams',false) );
	23	+*/
	24	+class MV_SpecialListStreams extends SpecialPage {
	25	+ public function __construct() {
	26	+ parent::__construct('Mv_List_Streams');
	27	+ }
	28	+ function execute() {
	29	+ list( $limit, $offset ) = wfCheckLimits();
	30	+ $rep = new MV_SpecialQueryStreams();
	31	+ return $rep->doQuery( $offset, $limit );
	32	+ }
	33	+}
	34	+class MV_SpecialQueryStreams extends QueryPage {
24	35
25		~~-class MV_SpecialListStreams extends QueryPage {~~
26		-
27	36	function getName() {
28	37	return "MV_List_Streams";
29	38	}
—	—	@@ -78,7 +87,7 @@
79	88	$result->title = strtoupper($result->title[0]) . substr($result->title, 1);
80	89	$img_url = $mvImageArchive . $result->title . '?size=icon&time=0:00:00';
81	90	$img_url = MV_StreamImage::getStreamImageURL($result->stream_id, '0:00:00', 'icon', true);
82		~~- $img_html = '<img src="'.$img_url . '" width="80" height="60">';~~
	91	+ $img_html = '<img src="'. htmlspecialchars($img_url) . '" width="80" height="60">';
83	92
84	93
85	94	$title = Title::makeTitle( MV_NS_STREAM, $result->title );
Index: branches/MetavidWiki-exp/MetavidWiki/includes/specials/MV_SpecialMVAdmin.php
—	—	@@ -63,7 +63,8 @@
64	64	ob_start();
65	65	print "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\" dir=\"ltr\">\n<head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" /><title>Setting up Storage for Metavid Wiki</title></head><body>";
66	66	header( "Content-type: text/html; charset=UTF-8" );
67		-
	67	+
	68	+ //@@TODOD broken since not valid entry points for web scripts:
68	69	global $botUserName, $valid_attributes, $states_ary;
69	70	require_once("$mvgIP/maintenance/metavid2mvWiki.inc.php");
70	71	require_once("$mvgIP/maintenance/maintenance_util.inc.php");
Index: branches/MetavidWiki-exp/MetavidWiki/includes/specials/MV_SpecialExport.php
—	—	@@ -19,26 +19,48 @@
20	20	if (!defined('MEDIAWIKI')) die();
21	21
22	22	global $IP, $smwgIP;
23		~~-//export types:~~
24		~~-function doExportStream($par = null){$MvSpecialExport = new MV_SpecialExport('stream',$par);}~~
25		~~-function doExportCat($par = null){$MvSpecialExport = new MV_SpecialExport('category',$par);}~~
26		~~-function doExportSeq($par = null){$MvSpecialExport = new MV_SpecialExport('sequence',$par);}~~
27		~~-function doExportSearch($par = null){$MvSpecialExport = new MV_SpecialExport('search',$par);}~~
28		~~-function doExportAsk($par =null){$MvSpecialExport = new MV_SpecialExport('ask',$par);}~~
	23	+//all the special pages handled by this master Special Export (could reactor into individual classes if we want to)
	24	+class MvVideoFeed extends SpecialPage{
	25	+ function __construct(){
	26	+ parent::__construct('MvVideoFeed');
	27	+ $MvSpecialExport = new MV_SpecialExport('category');
	28	+ }
	29	+}
	30	+class MvExportStream extends SpecialPage{
	31	+ function __construct(){
	32	+ parent::__construct('MvExportStream');
	33	+ $MvSpecialExport = new MV_SpecialExport('stream');
	34	+ }
	35	+}
	36	+class MvExportSequence extends SpecialPage{
	37	+ function __construct(){
	38	+ parent::__construct('MvExportSequence');
	39	+ $MvSpecialExport = new MV_SpecialExport('sequence');
	40	+ }
	41	+}
	42	+class MvExportSearch extends SpecialPage{
	43	+ function __construct(){
	44	+ parent::__construct('MvExportSearch');
	45	+ $MvSpecialExport = new MV_SpecialExport('search');
	46	+ }
	47	+}
	48	+class MvExportAsk extends SpecialPage{
	49	+ function __construct(){
	50	+ parent::__construct('MvExportSearch');
	51	+ $MvSpecialExport = new MvExportAsk('ask');
	52	+ }
	53	+}
	54	+function wfSpecialMvExportStream(){
	55	+ return true;
	56	+}
29	57
30		~~-SpecialPage::addPage( new SpecialPage('MvVideoFeed','',true,'doExportCat',false) );~~
31		~~-SpecialPage::addPage( new SpecialPage('MvExportStream','',true,'doExportStream',false) );~~
32		~~-SpecialPage::addPage( new SpecialPage('MvExportSequence','',true,'doExportSeq',false) );~~
33		~~-SpecialPage::addPage( new SpecialPage('MvExportSearch','',true,'doExportSearch',false) );~~
34		~~-SpecialPage::addPage( new SpecialPage('MvExportAsk','',true,'doExportAsk',false) );~~
35		-
36	58	//extend supported feed types:
37	59	$wgFeedClasses['cmml']='CmmlFeed';
38	60	$wgFeedClasses['podcast']='PodcastFeed';
39	61
40	62	class MV_SpecialExport {
41	63	var $feed = null;
42		~~- function __construct($export_type, $par){~~
	64	+ function __construct($export_type, $par=''){
43	65	$this->export_type=$export_type;
44	66	$this->par = $par;
45	67	$this->execute();
—	—	@@ -52,8 +74,11 @@
53	75	$error_page = '';
54	76	switch($this->export_type){
55	77	case 'stream':
56		~~- $this->stream_name = $wgRequest->getVal('stream_name');~~
57		~~- if($this->stream_name=='')$error_page.=wfMsg('edit_stream_missing').", ";~~
	78	+ $this->stream_name = $wgRequest->getVal('stream_name');
	79	+
	80	+ if($this->stream_name=='')
	81	+ $error_page.=wfMsg('edit_stream_missing').", ";
	82	+
58	83	$this->req_time = $wgRequest->getVal('t');
59	84
60	85	switch($this->feed_format ){
—	—	@@ -102,8 +127,8 @@
103	128	header('Content-Type: text/xml');
104	129	$o='<?xml version="1.0" encoding="UTF-8"?>'."\n";
105	130	$o.='<playlist version="1" xmlns="http://xspf.org/ns/0/">'."\n";
106		~~- $o.=' <title>'.$seqTitle->getText().'</title>'."\n";~~
107		~~- $o.=' <info>'.$seqTitle->getFullURL().'</info>'."\n";~~
	131	+ $o.=' <title>'.htmlentities($seqTitle->getText()).'</title>'."\n";
	132	+ $o.=' <info>'.htmlentities($seqTitle->getFullURL()).'</info>'."\n";
108	133	$o.=' <trackList>'."\n";
109	134	$seqArticle->parsePlaylist();
110	135	foreach($seqArticle->clips as $clip){
—	—	@@ -174,7 +199,6 @@
175	200	xmlns:html="http://www.w3.org/1999/xhtml"
176	201	elementFormDefault="qualified"
177	202	attributeFormDefault="unqualified">
178		-
179	203	</xs:schema>
180	204	*/
181	205	?>
—	—	@@ -196,7 +220,7 @@
197	221	'start="npt:'.htmlentities($this->mvTitle->getStartTime()).'"'.
198	222	' end="npt:'.htmlentities($this->mvTitle->getEndTime()).'"':'';
199	223	?>
200		- <mediaSource id="<?php echo htmlentities($file->getNameKey())?>"<?php echo $dAttr?> src="<?php echo $dSrc?>" title="<?php echo htmlentities($file->get_desc())?>" content-type="<?php echo htmlentities($file->getContentType())?>" <?php echo $startendattr?>/>
	224	+ <mediaSource id="<?php echo htmlentities($file->getNameKey())?>"<?php echo $dAttr?> src="<?php echo htmlentities($dSrc)?>" title="<?php echo htmlentities($file->get_desc())?>" content-type="<?php echo htmlentities($file->getContentType())?>" <?php echo $startendattr?>/>
201	225	<?}?>
202	226	</switch>
203	227	</track>
—	—	@@ -212,7 +236,7 @@
213	237	//for now make ht_en the default layer
214	238	$default_attr = (strtolower($row->mvd_type)=='ht_en')?'default="true"':'';
215	239	?>
216		- <mediaSource id="<?php echo $row->mvd_type?>" title="<?php echo wfMsg($row->mvd_type)?>" <?php echo $default_attr?> inline="<?php echo $inline?>" lang="en" content-type="text/cmml" src="<?php echo htmlentities($clink)?>">
	240	+ <mediaSource id="<?php echo htmlentities($row->mvd_type)?>" title="<?php echo wfMsg($row->mvd_type)?>" <?php echo $default_attr?> inline="<?php echo htmlentities($inline)?>" lang="en" content-type="text/cmml" src="<?php echo htmlentities($clink)?>">
217	241	<? //output inline cmml (if requested):
218	242	if($inline=='true'){
219	243	$this->get_stream_cmml(true, $row->mvd_type);
—	—	@@ -268,7 +292,7 @@
269	293
270	294	if(!isset($tracks[$mvd->mvd_type]))$tracks[$mvd->mvd_type]='';
271	295	$tracks[$mvd->mvd_type].='
272		~~- <'.$ns.'clip id="mvd_'.$mvd->id.'" start="npt:'.seconds2ntp($mvd->start_time).'" end="npt:'.seconds2ntp($mvd->end_time).'">~~
	296	+ <'.$ns.'clip id="mvd_'.htmlentities($mvd->id).'" start="npt:'.htmlentities(seconds2ntp($mvd->start_time)).'" end="npt:'.htmlentities(seconds2ntp($mvd->end_time)).'">
273	297	<'.$ns.'img src="'.htmlentities($streamTitle->getFullStreamImageURL(null, seconds2ntp($mvd->start_time))).'"/>
274	298	<'.$ns.'body><![CDATA[
275	299	'. $MV_Overlay->getMVDhtml($mvd, $absolute_links=true).'
—	—	@@ -279,8 +303,10 @@
280	304	}
281	305	if($encap)print '<cmml_set>';
282	306	//based on: http://trac.annodex.net/wiki/CmmlChanges
283		~~- foreach($tracks as $role=>$body_string){ ?>~~
284		~~- <cmml lang="en" id="<?php echo $role?>" role="<?php echo wfMsg($role)?>" xmlns="http://svn.annodex.net/standards/cmml_2_0.dtd">~~
	307	+ foreach($tracks as $role=>$body_string){
	308	+ $ns = htmlentities($ns);
	309	+ ?>
	310	+ <cmml lang="en" id="<?php echo htmlentities($role)?>" role="<?php echo wfMsg($role)?>" xmlns="http://svn.annodex.net/standards/cmml_2_0.dtd">
285	311	<<?php echo $ns?>head>
286	312	<<?php echo $ns?>title><?php echo wfMsg($role)?></<?php echo $ns?>title>
287	313	<<?php echo $ns?>meta name="description" content="<?php echo htmlentities(wfMsg($role.'_desc'))?>"></<?php echo $ns?>meta>
—	—	@@ -460,7 +486,7 @@
461	487	}
462	488	$desc_xml ='<![CDATA[
463	489	<center class="mv_rss_view_only">
464		~~- <a href="'.$mStreamTitle->getFullUrl().'"><img src="'.$thumb_ref.'" border="0" /></a>~~
	490	+ <a href="'.htmlspecialchars($mStreamTitle->getFullUrl()).'"><img src="'.htmlspecialchars($thumb_ref).'" border="0" /></a>
465	491	</center>
466	492	<br />'.
467	493	$desc_html.
Index: branches/MetavidWiki-exp/MetavidWiki/includes/specials/MV_SpecialMediaSearch.php
—	—	@@ -1,5 +1,4 @@
2	2	<?php
3		-
4	3	/*
5	4	* Created on Jul 26, 2007
6	5	*
—	—	@@ -252,7 +251,7 @@
253	252	'query_key' => $this->getFilterDesc($query_key = true
254	253	), 'time' => time()), 'Database::searchDigestInsert');
255	254	//make sure the query key exists and is updated
256		~~- //@@todo I think we can do a INSERT IF non found here?~~
	255	+ //@@todo I think we can do a INSERT IF not found here?
257	256	$res = $dbr->select('mv_query_key_lookup', array (
258	257	'filters'
259	258	), array (
—	—	@@ -316,6 +315,7 @@
317	316	wfMsg('mv_results_found', $rs, $re, number_format($this->numResultsFound)) .
318	317	'</li>';
319	318	}
	319	+ $prevnext='';
320	320	//pagging
321	321	if ($this->numResultsFound > $this->limit) {
322	322	$prevnext = mvViewPrevNext($this->offset, $this->limit, SpecialPage :: getTitleFor('MediaSearch'), $this->get_httpd_filters_query(), ($this->num < $this->limit));
—	—	@@ -354,10 +354,8 @@
355	355
356	356	//output results:
357	357	//collect categories and people for sidebarbucket
358		~~- //@@todo a better version would collect~~
359	358	$sideBarLinkBucket = array ();
360		~~- $o .= '~~
361		~~- <ul id="results">';~~
	359	+ $o .= ' <ul id="results">';
362	360	foreach ($this->results as $inx => & $mvd) {
363	361	$mvTitle = new MV_Title($mvd->wiki_title);
364	362	$mvd_cnt_links = '';
—	—	@@ -394,32 +392,37 @@
395	393	}
396	394	//link directly to the current range:
397	395	$mvStreamTitle = Title :: MakeTitle(MV_NS_STREAM, $mvTitle->getNearStreamName($extra_range = '0'));
398		~~- //$mvTitle->getStreamName() .'/'.$mvTitle->getStartTime() .'/'. $mvTitle->getEndTime() );~~
399		~~- $head_link = $sk->makeKnownLinkObj($mvStreamTitle, $mvTitle->getStreamNameText() . ' :: ' . $mvTitle->getTimeDesc());~~
400		- $img_link = $sk->makeKnownLinkObj($mvStreamTitle, '<img alt="image for ' . $mvTitle->getStreamNameText() . ' ' . $mvTitle->getTimeDesc() . '" src="' . $mvTitle->getStreamImageURL('small') . '"/>');
	396	+ //$mvTitle->getStreamName() .'/'.$mvTitle->getStartTime() .'/'. $mvTitle->getEndTime() );
401	397	$mvd_text = $mvd->text;
402	398
403	399	$o .= '<li class="result">
404		~~- <span class="vid_img" id="mvimg_' . $mvd->id . '">~~
405		~~- ' . $img_link . '~~
406		~~- </span>~~
407		~~- <div class="result_description">~~
408		~~- <h4>' . $head_link . '</h4>~~
409		~~- <p>Matching Phrase:' . $this->termHighlight($mvd->text, implode('\|', $this->getTerms()), 1, 100) . ' </p>~~
410		~~- <span class="by">' . $mvd_cnt_links . '</span>~~
411		~~- <span class="by">' . $mvd_cat_links . '</span>~~
412		~~- <span class="by">' . $mvd_bill_links . '</span>~~
413		~~- </div>~~
414		~~- <div class="result_meta">~~
415		~~- <span class="views">Views: ' . $mvd->view_count . '</span>~~
416		~~- <span class="duration">' . wfMsg('mv_duration_label') . ':' . $mvTitle->getSegmentDurationNTP($short_time = true) . '</span>~~
417		~~- <span class="comments">Comments: NYA</span>~~
418		~~- <span class="playinline"><a href="javascript:mv_pl(\'' . $mvd->id . '\')">' .~~
	400	+ <span class="vid_img" id="mvimg_' . htmlspecialchars($mvd->id) . '">
	401	+ ' . $sk->makeKnownLinkObj($mvStreamTitle,
	402	+ '<img alt="image for ' . htmlspecialchars($mvTitle->getStreamNameText()) .
	403	+ ' ' . $mvTitle->getTimeDesc() . '" src="' . $mvTitle->getStreamImageURL('small') .
	404	+ '"/>') . '
	405	+ </span>
	406	+ <div class="result_description">
	407	+ <h4>' .
	408	+ $sk->makeKnownLinkObj($mvStreamTitle, $mvTitle->getStreamNameText() .
	409	+ ' :: ' . $mvTitle->getTimeDesc()) .
	410	+ '</h4>
	411	+ <p>Matching Phrase:' . $this->termHighlight($mvd->text, implode('\|', $this->getTerms()), 1, 100) . ' </p>
	412	+ <span class="by">' . $mvd_cnt_links . '</span>
	413	+ <span class="by">' . $mvd_cat_links . '</span>
	414	+ <span class="by">' . $mvd_bill_links . '</span>
	415	+ </div>
	416	+ <div class="result_meta">
	417	+ <span class="views">Views: ' . htmlspecialchars($mvd->view_count) . '</span>
	418	+ <span class="duration">' . wfMsg('mv_duration_label') . ':' . htmlspecialchars($mvTitle->getSegmentDurationNTP($short_time = true)) . '</span>
	419	+ <span class="comments">Comments: NYA</span>
	420	+ <span class="playinline"><a href="javascript:mv_pl(\'' . htmlspecialchars($mvd->id) . '\')">' .
419	421	wfMsg('mv_play_inline') . '</a></span>
420	422	</div>
421	423	</li>';
422	424	}
423	425	$o .= '</ul>';
	426	+ //add in prev-next at bottom too:
424	427	$o .= '<li class="prevnext">' . $prevnext . '</li>';
425	428	$o .= '</div>';
426	429	if(!$show_sidebar)return $o;
—	—	@@ -429,7 +432,6 @@
430	433	<div id="searchSideBarTop">
431	434	</div>
432	435	<div class="suggestionsBox" id="searchSideBarInner">';
433		-
434	436	//look for people matches max of 3
435	437	$first_block = ' first_block';
436	438	$matches = 0;
—	—	@@ -458,9 +460,9 @@
459	461	//get categories
460	462	$category_out = MV_SpecialMediaSearch :: auto_complete_search_categories($this->unified_term_search, 3, 'block_html', $matches);
461	463	if ($category_out != '' \|\| count($sideBarLinkBucket['category']) != 0) {
462		~~- $o .= "<div class=\"block{$first_block}\">~~
463		~~- <h6>" . wfMsg('mv_category_results') . "</h6>~~
464		~~- </div>";~~
	464	+ $o .= '<div class="block'.htmlspecialchars($first_block).'\">
	465	+ <h6>' . wfMsg('mv_category_results') . '</h6>
	466	+ </div>';
465	467	$o .= '<div class="block wide_block">' . $category_out;
466	468	if (isset ($sideBarLinkBucket['category'])) {
467	469	$cAry = & $sideBarLinkBucket['category'];
—	—	@@ -481,9 +483,9 @@
482	484	$bill_out = MV_SpecialMediaSearch :: auto_complete_category('Bill', $this->unified_term_search, 3, 'block_html', $matches);
483	485	if ($bill_out != '' \|\| count($sideBarLinkBucket['bill']) != 0) {
484	486	global $wgContLang;
485		~~- $o .= "<div class=\"block{$first_block}\">~~
486		~~- <h6>" . wfMsg('mv_bill_results') . "</h6>~~
487		~~- </div>";~~
	487	+ $o .= '<div class=\"block '.htmlspecialchars($first_block).'">
	488	+ <h6>' . wfMsg('mv_bill_results') . '</h6>
	489	+ </div>';
488	490	$o .= '<div class="block wide_block">' . $bill_out;
489	491	if ($sideBarLinkBucket['bill']) {
490	492	$bAry = & $sideBarLinkBucket['bill'];
—	—	@@ -528,8 +530,8 @@
529	531	} else {
530	532	if ($this->outputInlineHeader) {
531	533	$o .= '<h2>
532		~~- <span class="mw-headline">' . wfMsg('mv_media_matches') . '</span>~~
533		~~- </h2>';~~
	534	+ <span class="mw-headline">' . wfMsg('mv_media_matches') . '</span>
	535	+ </h2>';
534	536	$title = Title :: MakeTitle(NS_SPECIAL, 'MediaSearch');
535	537	$o .= $sk->makeKnownLinkObj($title, wfMsg('mv_advaced_search'), $this->get_httpd_filters_query());
536	538	}
—	—	@@ -566,10 +568,10 @@
567	569	//'<img src="'. $mvgScriptPath . '/skins/images/film.png">'
568	570	//$mvd_out .= '<div class="mv_rtdesc" title="' . wfMsg('mv_expand_play') . '" '.
569	571	// '> ';
570		~~- $mvd_out .= '<img style="float:left;width:84px;cursor:pointer;border:solid #' . $bgcolor . '" ' .~~
571		~~- ' onclick="mv_ex(\'' . $mvd->id . '\')" width="80" height="60" src="' . $mvTitle->getStreamImageURL('icon') . '">';~~
	572	+ $mvd_out .= '<img style="float:left;width:84px;cursor:pointer;border:solid #' .htmlspecialchars($bgcolor) . '" ' .
	573	+ ' onclick="mv_ex(\'' . htmlspecialchars($mvd->id) . '\')" width="80" height="60" src="' . htmlspecialchars($mvTitle->getStreamImageURL('icon')) . '">';
572	574	$mvd_out .= '</div>';
573		~~- $mvd_out .= '<b>' . $mvTitle->getTimeDesc() . '</b> ';~~
	575	+ $mvd_out .= '<b>' . htmlspecialchars($mvTitle->getTimeDesc()) . '</b> ';
574	576	$mvd_cnt_links = '';
575	577	if (isset ($mvd->spoken_by)) {
576	578	$ptitle = Title :: MakeTitle(NS_MAIN, $mvd->spoken_by);
—	—	@@ -578,24 +580,24 @@
579	581	}
580	582	if ($this->outputSeqLinks == true) {
581	583	$mvd_cnt_links .= ' <a href="javascript:mv_add_to_seq({mvclip:\'' .
582		~~- $mvTitle->getStreamName() . '/' . $mvTitle->getTimeRequest() . '\',' .~~
583		~~- 'src:\'' . $mvTitle->getWebStreamURL() . '\',' .~~
584		~~- 'img_url:\'' . $mvTitle->getStreamImageURL() . '\'})">' .~~
	584	+ htmlspecialchars($mvTitle->getStreamName()) . '/' . htmlspecialchars($mvTitle->getTimeRequest()) . '\',' .
	585	+ 'src:\'' .htmlspecialchars($mvTitle->getWebStreamURL()) . '\',' .
	586	+ 'img_url:\'' . htmlspecialchars($mvTitle->getStreamImageURL()) . '\'})">' .
585	587	'<img style="cursor:pointer;" ' .
586	588	'title="' . wfMsg('mv_seq_add_end') . '" ' .
587	589	'src="' . $mvgScriptPath . '/skins/mv_embed/images/application_side_expand.png">' . wfMsg('mv_seq_add_end') . '</a>';
588	590	}
589		~~- $mvd_cnt_links .= '<a title="' . wfMsg('mv_expand_play') . '" href="javascript:mv_ex(\'' . $mvd->id . '\')">' .~~
590		~~- '<img id="mv_img_ex_' . $mvd->id . '" src="' . $mvgScriptPath . '/skins/images/closed.png">' .~~
591		~~- '<span id="mv_watch_clip_' . $mvd->id . '">' . wfMsg('mv_watch_clip') . '</span>' .~~
592		~~- '<span style="display:none;" id="mv_close_clip_' . $mvd->id . '">' . wfMsg('mv_close_clip') . '</span>' .~~
	591	+ $mvd_cnt_links .= '<a title="' . htmlspecialchars(wfMsg('mv_expand_play')) . '" href="javascript:mv_ex(\'' . $mvd->id . '\')">' .
	592	+ '<img id="mv_img_ex_' . htmlspecialchars($mvd->id) . '" src="' . htmlspecialchars($mvgScriptPath) . '/skins/images/closed.png">' .
	593	+ '<span id="mv_watch_clip_' . htmlspecialchars($mvd->id) . '">' . wfMsg('mv_watch_clip') . '</span>' .
	594	+ '<span style="display:none;" id="mv_close_clip_' . htmlspecialchars($mvd->id) . '">' . wfMsg('mv_close_clip') . '</span>' .
593	595	'</a>' .
594	596	'  ';
595	597	//output control links:
596	598	//make stream title link:
597	599	$mvStreamTitle = Title :: MakeTitle(MV_NS_STREAM, $mvTitle->getNearStreamName());
598	600	//$mvTitle->getStreamName() .'/'.$mvTitle->getStartTime() .'/'. $mvTitle->getEndTime() );
599		- $mvd_cnt_links .= $sk->makeKnownLinkObj($mvStreamTitle, '<img border="1" src="' . $mvgScriptPath . '/skins/images/run_mv_stream.png"> ' . wfMsg('mv_improve_transcript'), '', '', '', '', ' title="' . wfMsg('mv_view_in_stream_interface') . '" ');
	601	+ $mvd_cnt_links .= $sk->makeKnownLinkObj($mvStreamTitle, '<img border="1" src="' . $mvgScriptPath . '/skins/images/run_mv_stream.png"> ' . wfMsg('mv_improve_transcript'), '', '', '', '', ' title="' . htmlspecialchars(wfMsg('mv_view_in_stream_interface')) . '" ');
600	602	$mvd_cnt_links .= '<br>';
601	603	//$title = MakeTitle::()
602	604	//don't inclue link to wiki page (too confusing)
—	—	@@ -603,7 +605,7 @@
604	606	$mvdTitle = Title :: MakeTitle(MV_NS_MVD, $mvd->wiki_title);
605	607	//$mvd_out .= $sk->makeKnownLinkObj($mvdTitle, '<img border="0" src="' . $mvgScriptPath . '/skins/images/run_mediawiki.png">', '', '', '', '', ' title="' . wfMsg('mv_view_wiki_page') . '" ');
606	608
607		~~- $mvd_out .= '<span id="mvr_desc_' . $mvd->id . '">';~~
	609	+ $mvd_out .= '<span id="mvr_desc_' . htmlspecialchars($mvd->id) . '">';
608	610
609	611	if (!isset ($mvd->toplq))
610	612	$mvd->toplq = false;
—	—	@@ -645,7 +647,7 @@
646	648	$mvd_out .= '</span>';
647	649	$mvd_out .= '<br>' . $mvd_cnt_links;
648	650	$mvd_out .= '<div style="display:block;clear:both;padding-top:4px;padding-bottom:4px;"/>';
649		~~- $mvd_out .= '<div id="mvr_' . $mvd->id . '" style="display:none;background:#' . $bgcolor . ';" ></div>';~~
	651	+ $mvd_out .= '<div id="mvr_' . htmlspecialchars($mvd->id) . '" style="display:none;background:#' . htmlspecialchars($bgcolor) . ';" ></div>';
650	652	}
651	653	$stream_out .= $mvd_out;
652	654	/*if(count($srange['rows'])!=1){
—	—	@@ -663,10 +665,10 @@
664	666	$mvTitle->getStreamName() .
665	667	'" align="left" src="'.$mvgScriptPath.'/skins/mv_embed/images/vid_play_sm.png">';
666	668	*/
667		~~- $o .= '<h3>' . $mvTitle->getStreamNameText();~~
	669	+ $o .= '<h3>' . htmlspecialchars($mvTitle->getStreamNameText());
668	670	$o .= ($matches == 1) ? wfMsg('mv_match_text_one') : wfMsg('mv_match_text', $matches);
669	671	$o .= '</h3>';
670		~~- $o .= '<div id="mv_stream_' . $stream_id . '">' . $stream_out . '</div>';~~
	672	+ $o .= '<div id="mv_stream_' . htmlspecialchars($stream_id) . '">' . $stream_out . '</div>';
671	673	}
672	674	if ($this->outputContainer)
673	675	$o .= '</div>';
—	—	@@ -772,7 +774,7 @@
773	775	//validate title and load stream ref:
774	776	if ($mvTitle->validRequestTitle()) {
775	777	list ($vWidth, $vHeight) = explode('x', $mvDefaultSearchVideoPlaybackRes);
776		~~- $embedHTML = '<span style="float:left;width:' . ($vWidth +20) . 'px">' .~~
	778	+ $embedHTML = '<span style="float:left;width:' . htmlspecialchars($vWidth +20) . 'px">' .
777	779	$mvTitle->getEmbedVideoHtml('vid_' . $mvd_id, $mvDefaultSearchVideoPlaybackRes, '', $autoplay = true) .
778	780	'</span>';
779	781	$wgOut->clearHTML();
—	—	@@ -816,12 +818,12 @@
817	819	$filter['a'] = '';
818	820
819	821	//output the master selecter per line:
820		~~- $s .= '<span id="mvs_' . $i . '"><p>';~~
	822	+ $s .= '<span id="mvs_' . htmlspecialchars($i) . '">';
821	823	$s .= '  ';
822	824	//selctor (don't display if i==0')
823	825	$s .= $this->selector($i, 'a', $filter['a'], ($i == 0) ? false : true);
824	826	$s .= $this->selector($i, 't', $filter['t']); //type selector
825		~~- $s .= '<span id="mvs_' . $i . '_tc">';~~
	827	+ $s .= '<span id="mvs_' . htmlspecialchars($i) . '_tc">';
826	828	switch ($filter['t']) {
827	829	case 'match' :
828	830	$s .= $this->text_entry($i, 'v', $filter['v'], 'mv_hl_text');
—	—	@@ -831,11 +833,13 @@
832	834	$s .= $this->text_entry($i, 'v', $filter['v']);
833	835	break;
834	836	case 'date_range' :
835		- $s .= wfMsg('mv_time_separator', $this->text_entry($i, 'vs', $filter['vs'], 'date-pick_' . $i, 'id="vs_' . $i . '"'), $this->text_entry($i, 've', $filter['ve'], 'date-pick_' . $i, 'id="ve_' . $i . '"'));
	837	+ $s .= wfMsg('mv_time_separator', $this->text_entry($i, 'vs', $filter['vs'], 'date-pick_' . $i, array('id'=>'vs_' . $i )),
	838	+ $this->text_entry($i, 've', $filter['ve'], 'date-pick_' . $i, array('id'=>'ve_' . $i )));
836	839	//also output dateObj (if not already output):
837	840	if (!$dateObjOut) {
838	841	global $wgOut;
839	842	//add all date scripts:
	843	+ $mvgScriptPath = htmlspecialchars($mvgScriptPath);
840	844	$wgOut->addScript("\n" .
841	845	'<!-- required plugins -->
842	846	<script type="text/javascript" src="' . $mvgScriptPath . '/skins/mv_embed/jquery/plugins/date.js"></script>
—	—	@@ -871,16 +875,16 @@
872	876	//reference remove
873	877	$s .= '<a id="mv_ref_remove" style="display:none;" ' .
874	878	'href="">' .
875		~~- '<img title="' . wfMsg('mv_remove_filter') . '" ' .~~
	879	+ '<img title="' . htmlspecialchars( wfMsg('mv_remove_filter') ) . '" ' .
876	880	'src="' . $mvgScriptPath . '/skins/images/cog_delete.png"></a>';
877	881
878	882	//ref missing person image ref:
879	883	$s .= $this->get_ref_person();
880	884
881	885	//add link:
882		~~- $s .= '<a style="text-decoration:none;" href="javascript:mv_add_filter();">' .~~
883		~~- '<img border="0" title="' . wfMsg('mv_add_filter') . '" ' .~~
884		~~- 'src="' . $mvgScriptPath . '/skins/images/cog_add.png"> '.wfMsg('mv_add_filter').'</a> ';~~
	886	+ $s .= '<a href="javascript:mv_add_filter();">' .
	887	+ '<img border="0" title="' . htmlspecialchars( wfMsg('mv_add_filter') ) . '" ' .
	888	+ 'src="' . $mvgScriptPath . '/skins/images/cog_add.png"></a> ';
885	889
886	890	/*$s .= '<input id="mv_do_search" type="submit" ' .
887	891	' value="' . wfMsg('mv_run_search') . '">';*/
—	—	@@ -912,11 +916,11 @@
913	917	foreach ($this->filters as $inx => $f) {
914	918	if ($inx != 0)
915	919	$a = ' ' . wfMsg('mv_search_' . $f['a']) . ' ';
916		~~- $o .= ($query_key) ? $a : $a . wfMsg('mv_' . $f['t']) . ' ';~~
	920	+ $o .= ($query_key) ? $a : $a . wfMsg('mv_' . $f['t']) . ' ';
917	921	if ($f['t'] == 'date_range') { //handle special case of date range:
918		~~- $o .= wfMsg('mv_time_separator', $bo . $f['vs'] . $bc, $bo . $f['ve'] . $bc);~~
	922	+ $o .= wfMsg('mv_time_separator', $bo . htmlspecialchars($f['vs']) . $bc, $bo . htmlspecialchars($f['ve']) . $bc);
919	923	} else {
920		~~- $o .= $bo . str_replace('_', ' ', $f['v']) . $bc;~~
	924	+ $o .= $bo . str_replace('_', ' ', htmlspecialchars($f['v'])) . $bc;
921	925	}
922	926	}
923	927	return $o;
—	—	@@ -943,17 +947,20 @@
944	948	$img = wfLocalFile($imgTitle);
945	949	}
946	950	//print "title is: " .$imgTitle->getDBkey() ."IMAGE IS: " . $img->getURL();
947		-
948		~~- return '<span class="mv_person_ac" id="mv_person' . $inx . '" style="display:' . $disp . ';width:90px;">' .~~
949		~~- '<img id="mv_person_img' . $inx . '" style="padding:2px;" src="' . $img->getURL() . '" width="44">' .~~
	951	+ $inx = htmlspecialchars($inx);
	952	+ return '<span class="mv_person_ac" id="mv_person' . $inx . '" style="display:' . htmlspecialchars($disp) . ';width:90px;">' .
	953	+ '<img id="mv_person_img' . $inx . '" style="padding:2px;" src="' . htmlspecialchars($img->getURL()) . '" width="44">' .
950	954	'<input id="mv_person_input' . $inx . '" class="mv_search_text" style="font-size: 12px;" size="9" ' .
951		~~- 'type="text" name="' . $tname . '" value="' . $person_name . '" autocomplete="off">' .~~
	955	+ 'type="text" name="' . htmlspecialchars($tname) . '" value="' . htmlspecialchars($person_name) . '" autocomplete="off">' .
952	956	'<div id="mv_person_choices' . $inx . '" class="autocomplete"></div>' .
953	957	'</span>';
954	958	}
955	959	function selector($i, $key, $selected = '', $display = true) {
956	960	$disp = ($display) ? '' : 'display:none;';
957		~~- $s = '<select id="mvsel_' . $key . '_' . $i . '" class="mv_search_select" style="font-size: 12px;' . $disp . '" name="f[' . $i . '][' . $key . ']" >' . "\n";~~
	961	+ $s = '<select id="mvsel_' . htmlspecialchars($key) . '_' .
	962	+ htmlspecialchars($i) . '" class="mv_search_select" style="font-size: 12px;' .
	963	+ htmlspecialchars($disp) . '" name="f[' . htmlspecialchars($i) . '][' .
	964	+ htmlspecialchars($key) . ']" >' . "\n";
958	965	$items = ($key == 't') ? $this->sel_filter_types : $this->sel_filter_andor;
959	966	if ($key == 'a' && $selected == '')
960	967	$selected = 'and';
—	—	@@ -963,17 +970,20 @@
964	971	$s .= '<option value="na" ' . $sel . '>' . wfMsg('mv_search_sel_' . $key) . '</option>' . "\n";
965	972	foreach ($items as $item) {
966	973	$sel = ($selected == $item) ? $sel = 'selected' : '';
967		~~- $s .= '<option value="' . $item . '" ' . $sel . '>' . wfMsg('mv_search_' . $item) . '</option>' . "\n";~~
	974	+ $s .= '<option value="' . htmlspecialchars($item) . '" ' . $sel . '>' . wfMsg('mv_search_' . $item) . '</option>' . "\n";
968	975	}
969	976	$s .= '</select>';
970	977	return $s;
971	978	}
972	979	//could be a suggest:
973		~~- function text_entry($i, $key, $val = '', $more_class = '', $more_attr = '') {~~
	980	+ function text_entry($i, $key, $val = '', $more_class = '', $more_attr = array()) {
974	981	if ($more_class != '')
975	982	$more_class = ' ' . $more_class;
976		~~- $s = '<input ' . $more_attr . ' class="mv_search_text' . $more_class . '" style="font-size: 12px;" onchange=""~~
977		~~- size="9" type="text" name="f[' . $i . '][' . $key . ']" value="' . $val . '">';~~
	983	+ foreach($more_attr as $k=>$v){
	984	+ $more_attr_out.=' '.htmlspecialchars($k).'="'.$v.'"';
	985	+ }
	986	+ $s = '<input ' . $more_attr_out . ' class="mv_search_text' . htmlspecialchars($more_class) . '" style="font-size: 12px;" onchange=""
	987	+ size="9" type="text" name="f[' . htmlspecialchars($i) . '][' . htmlspecialchars($key) . ']" value="' . htmlspecialchars($val) . '">';
978	988	return $s;
979	989	}
980	990	/again here is some possibly metavid congress archive specific stuff:/
Index: branches/MetavidWiki-exp/MetavidWiki/includes/articlepages/MV_CategoryPage.php
—	—	@@ -12,6 +12,9 @@
13	13	//$wgHooks['CategoryPageView'][] = 'fnMyHook';
14	14	//display all MVD category members as thumbnails...
15	15	//display link to rss/playlist
	16	+
	17	+if ( !defined( 'MEDIAWIKI' ) ) die( 1 );
	18	+
16	19	class MV_CategoryPage extends CategoryPage{
17	20	function closeShowCategory() {
18	21	global $wgOut, $wgRequest;
Index: branches/MetavidWiki-exp/MetavidWiki/includes/articlepages/MV_SequencePage.php
—	—	@@ -12,12 +12,11 @@
13	13	* redirects the user to the sequence interface.
14	14	*/
15	15	//sequence just adds some sequence hooks:
16		-
	16	+if ( !defined( 'MEDIAWIKI' ) ) die( 1 );
	17	+
17	18	define('SEQUENCE_TAG', 'sequence');
18		-
19	19
20		-
21		~~- class MV_SequencePage extends Article{~~
	20	+class MV_SequencePage extends Article{
22	21	var $outMode='page';
23	22	var $clips=array();
24	23	function __construct($title){
—	—	@@ -127,7 +126,7 @@
128	127	}
129	128
130	129	$vidtag = '<div id="file" class="fullImageLink"><playlist';
131		~~- $vidtag.=' width="400" height="300" src="'.$title_url.'">';~~
	130	+ $vidtag.=' width="400" height="300" src="'.htmlspecialchars($title_url).'">';
132	131	$vidtag.='</playlist></div><hr>';
133	132
134	133	$marker = "xx-marker".count($markerList)."-xx";
Index: branches/MetavidWiki-exp/MetavidWiki/includes/MV_Title.php
—	—	@@ -202,8 +202,8 @@
203	203	if($this->getStartTime() && $this->getEndTime()){
204	204	if($span_separated){
205	205	return wfMsg('mv_time_separator',
206		~~- '<span class="mv_start_time">'.$this->getStartTime().'</span>',~~
207		~~- '<span class="mv_end_time">'.$this->getEndTime()).'</span>';~~
	206	+ '<span class="mv_start_time">'.htmlspecialchars($this->getStartTime()).'</span>',
	207	+ '<span class="mv_end_time">'.htmlspecialchars($this->getEndTime())).'</span>';
208	208	}else{
209	209	return wfMsg('mv_time_separator', $this->getStartTime(), $this->getEndTime());
210	210	}
Index: branches/MetavidWiki-exp/MetavidWiki/skins/images/add.png
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes on: branches/MetavidWiki-exp/MetavidWiki/skins/images/add.png
___________________________________________________________________
Added: svn:mime-type
211	211	+ application/octet-stream
Index: branches/MetavidWiki-exp/MetavidWiki/skins/mv_stream.js
—	—	@@ -478,7 +478,7 @@
479	479	}
480	480	//add category and empty input (@@todo make cat_ns multi-lengual friendly
481	481	var cat_ns="Category:"
482		~~- if($j(input_item).val().indexOf(cat_ns==0)){~~
	482	+ if($j(input_item).val().indexOf(cat_ns)==0){
483	483	mv_add_category(mvd_id, $j(input_item).val().substr(cat_ns.length));
484	484	$j(input_item).val('');
485	485	}
—	—	@@ -502,7 +502,7 @@
503	503	if(cat_name=='')return false;
504	504	var currentDate = new Date()
505	505	var unique_inx = currentDate.getUTCMilliseconds();
506		~~- $j('#mv_ext_cat_container_'+mvd_id).append('<span id="ext_cat_'+unique_inx+'"><input value="'+cat_name+'" type="hidden" style="display:none;" name="ext_cat[]" class="mv_ext_cat">'+~~
	506	+ $j('#mv_ext_cat_container_'+mvd_id).append('<span id="ext_cat_'+unique_inx+'"><input value="'+cat_name+'" type="hidden" style="display:none;" name="ext_cat_'+unique_inx+'" class="mv_ext_cat">'+
507	507	cat_name.replace(/_/g," ") +
508	508	'<a href="#" onclick="$j(\'#ext_cat_'+unique_inx+'\').fadeOut(\'fast\').remove();return false;">'+
509	509	'<img border="0" src="'+mvgScriptPath+'/skins/images/delete.png">'+
Index: branches/MetavidWiki-exp/MetavidWiki/skins/mv_embed/cortado_iframe.php
—	—	@@ -6,7 +6,7 @@
7	7	*/
8	8	//load the http GETS:
9	9
10		-
	10	+$video='';
11	11	$error='';
12	12	if(!function_exists('filter_input')){
13	13	error_out('you version of php lacks <b>filter_input()</b> function</br>');
Index: branches/MetavidWiki-exp/MetavidWiki/skins/mv_embed/mv_data_proxy.php
—	—	@@ -8,7 +8,7 @@
9	9	*/
10	10
11	11	//NOTE THIS IS DISABLED BY DEFAULT simply comment out the line below to enable;
12		~~-//die('note mv_data_proxy is disabled by default');~~
	12	+die('note mv_data_proxy is disabled by default');
13	13	if(isset($_POST['url'])){
14	14	$req_url = $_POST['url'];
15	15	}else{

Status & tagging log

15:30, 12 September 2011 Meno25 (talk | contribs) changed the status of r39271 [removed: ok added: old]