| Index: branches/REL1_13/extensions/MetavidWiki/skins/mv_embed/cortado_iframe.php |
| — | — | @@ -4,57 +4,67 @@ |
| 5 | 5 | all file checks and conditions should be checked prior to loading this page. |
| 6 | 6 | this page serves as a wrapper for the cortado java applet |
| 7 | 7 | */ |
| 8 | | -//load the http GETS: |
| 9 | 8 | |
| 10 | | -// set the parent domain if provided |
| 11 | | -// needed before error_out can be called |
| 12 | | -$parent_domain = isset( $_GET['parent_domain'] ) ? wfEscapeJsString( $_GET['parent_domain'] ) : false; |
| | 9 | +cortado_iframe(); |
| 13 | 10 | |
| 14 | | -$error=''; |
| 15 | | -if(!function_exists('filter_input')){ |
| 16 | | - error_out('you version of php lacks <b>filter_input()</b> function</br>'); |
| 17 | | -} |
| 18 | | -//default to null media in not provided: |
| 19 | | -$media_url = isset( $_GET['media_url'] ) ? htmlspecialchars( $_GET['media_url'] ) : false; |
| 20 | | -if( is_null($media_url) || $media_url===false || $media_url==''){ |
| 21 | | - error_out('not valid or missing media url'); |
| 22 | | -} |
| 23 | | -//default duration to 30 seconds if not provided. (ideally cortado would read this from the video file) |
| 24 | | -//$duration = (isset($_GET['duration']))?$_GET['duration']:0; |
| 25 | | -$duration = filter_input(INPUT_GET, 'duration', FILTER_SANITIZE_NUMBER_INT); |
| 26 | | -if( is_null($duration) || $duration===false){ |
| 27 | | - $duration=0; |
| 28 | | -} |
| | 11 | +function cortado_iframe() { |
| | 12 | + if(!function_exists('filter_input')){ |
| | 13 | + error_out('your version of php lacks <b>filter_input()</b> function</br>'); |
| | 14 | + } |
| | 15 | + //load the http GETS: |
| | 16 | + // set the parent domain if provided |
| | 17 | + $parent_domain = isset( $_GET['parent_domain'] ) ? $_GET['parent_domain'] : false; |
| 29 | 18 | |
| 30 | | -//id (set to random if none provided) |
| 31 | | -//$id = (isset($_GET['id']))?$_GET['id']:'vid_'.rand('10000000'); |
| 32 | | -$id = isset($_GET['id']) ? htmlspecialchars( $_GET['id'] ) : false; |
| 33 | | -if( is_null($id) || $id===false){ |
| 34 | | - $id = 'vid_'.rand(0,10000000); |
| 35 | | -} |
| | 19 | + //default to null media in not provided: |
| | 20 | + $media_url = isset( $_GET['media_url'] ) ? $_GET['media_url'] : false; |
| | 21 | + if( strval($media_url) === ''){ |
| | 22 | + error_out('not valid or missing media url'); |
| | 23 | + } |
| | 24 | + //default duration to 30 seconds if not provided. (ideally cortado would read this from the video file) |
| | 25 | + //$duration = (isset($_GET['duration']))?$_GET['duration']:0; |
| | 26 | + $duration = filter_input(INPUT_GET, 'duration', FILTER_SANITIZE_NUMBER_INT); |
| | 27 | + if( is_null($duration) || $duration===false){ |
| | 28 | + $duration=0; |
| | 29 | + } |
| 36 | 30 | |
| 37 | | -$width = filter_input(INPUT_GET, 'width', FILTER_SANITIZE_NUMBER_INT); |
| 38 | | -if( is_null($width) || $width===false){ |
| 39 | | - $width=320; |
| | 31 | + //id (set to random if none provided) |
| | 32 | + //$id = (isset($_GET['id']))?$_GET['id']:'vid_'.rand('10000000'); |
| | 33 | + $id = isset($_GET['id']) ? $_GET['id'] : false; |
| | 34 | + if( is_null($id) || $id===false){ |
| | 35 | + $id = 'vid_'.rand(0,10000000); |
| | 36 | + } |
| | 37 | + |
| | 38 | + $width = filter_input(INPUT_GET, 'width', FILTER_SANITIZE_NUMBER_INT); |
| | 39 | + if( is_null($width) || $width===false){ |
| | 40 | + $width=320; |
| | 41 | + } |
| | 42 | + $height = filter_input(INPUT_GET, 'height', FILTER_SANITIZE_NUMBER_INT); |
| | 43 | + //default to video: |
| | 44 | + $stream_type = (isset($_GET['stream_type']))?$_GET['stream_type']:'video'; |
| | 45 | + if($stream_type=='video'){ |
| | 46 | + $audio=$video='true'; |
| | 47 | + if(is_null($height) || $height===false) |
| | 48 | + $height = 240; |
| | 49 | + } else { // if($stream_type=='audio') |
| | 50 | + $audio='true'; |
| | 51 | + $video='false'; |
| | 52 | + if(is_null($height) || $height===false) |
| | 53 | + $height = 20; |
| | 54 | + } |
| | 55 | + |
| | 56 | + //everything good output page: |
| | 57 | + output_page(array( |
| | 58 | + 'id' => $id, |
| | 59 | + 'media_url' => $media_url, |
| | 60 | + 'audio' => $audio, |
| | 61 | + 'video' => $video, |
| | 62 | + 'duration' => $duration, |
| | 63 | + 'width' => $width, |
| | 64 | + 'height' => $height, |
| | 65 | + 'parent_domain' => $parent_domain |
| | 66 | + )); |
| 40 | 67 | } |
| 41 | | -$height = filter_input(INPUT_GET, 'height', FILTER_SANITIZE_NUMBER_INT); |
| 42 | | -//default to video: |
| 43 | | -$stream_type = (isset($_GET['stream_type']))?$_GET['stream_type']:'video'; |
| 44 | | -if($stream_type=='video'){ |
| 45 | | - $audio=$video='true'; |
| 46 | | - if(is_null($height) || $height===false) |
| 47 | | - $height = 240; |
| 48 | | -} |
| 49 | | -if($stream_type=='audio'){ |
| 50 | | - $audio='true'; |
| 51 | | - $video='false'; |
| 52 | | - if(is_null($height) || $height===false) |
| 53 | | - $height = 20; |
| 54 | | -} |
| 55 | 68 | |
| 56 | | -//everything good output page: |
| 57 | | -output_page(); |
| 58 | | - |
| 59 | 69 | /** |
| 60 | 70 | * JS escape function copied from MediaWiki's Xml::escapeJsString() |
| 61 | 71 | */ |
| — | — | @@ -85,20 +95,20 @@ |
| 86 | 96 | } |
| 87 | 97 | |
| 88 | 98 | function error_out($error=''){ |
| 89 | | - output_page($error); |
| | 99 | + output_page(array('error' => $error)); |
| 90 | 100 | exit(); |
| 91 | 101 | } |
| 92 | | -function output_page($error=''){ |
| 93 | | - global $id, $media_url, $audio, $video, $duration, $width, $height, $parent_domain; |
| | 102 | +function output_page($params){ |
| | 103 | + extract( $params ); |
| 94 | 104 | ?> |
| 95 | 105 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| 96 | 106 | <html xmlns="http://www.w3.org/1999/xhtml"> |
| 97 | 107 | <head> |
| 98 | 108 | <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> |
| 99 | 109 | <title>cortado_embed</title> |
| 100 | | - <?if($parent_domain){?> |
| | 110 | + <?if( !empty( $parent_domain ) ){?> |
| 101 | 111 | <script type="text/javascript"> |
| 102 | | - window.DOMAIN = '<?=$parent_domain; ?>'; |
| | 112 | + window.DOMAIN = '<?= wfEscapeJsString( $parent_domain ); ?>'; |
| 103 | 113 | </script> |
| 104 | 114 | <?}?> |
| 105 | 115 | <style type="text/css"> |
| — | — | @@ -112,23 +122,28 @@ |
| 113 | 123 | --> |
| 114 | 124 | </style></head> |
| 115 | 125 | <body> |
| 116 | | - <?if ($error==''){ ?> |
| 117 | | - <applet id="<?=$id?>" code="com.fluendo.player.Cortado.class" archive="cortado-ovt-stripped_r34336.jar" width="<?=$width?>" height="<?=$height?>"> |
| 118 | | - <param name="url" value="<?=$media_url?>" /> |
| | 126 | + <?if (empty($error)){ ?> |
| | 127 | + <applet id="<?= htmlspecialchars( $id ) ?>" |
| | 128 | + code="com.fluendo.player.Cortado.class" |
| | 129 | + archive="cortado-ovt-stripped_r34336.jar" |
| | 130 | + width="<?= htmlspecialchars( $width )?>" |
| | 131 | + height="<?=htmlspecialchars( $height )?>" |
| | 132 | + > |
| | 133 | + <param name="url" value="<?= htmlspecialchars( $media_url )?>" /> |
| 119 | 134 | <param name="local" value="false"/> |
| 120 | 135 | <param name="keepaspect" value="true" /> |
| 121 | | - <param name="video" value="<?=$audio?>" /> |
| 122 | | - <param name="audio" value="<?=$video?>" /> |
| | 136 | + <param name="video" value="<?= htmlspecialchars( $video )?>" /> |
| | 137 | + <param name="audio" value="<?= htmlspecialchars( $audio )?>" /> |
| 123 | 138 | <param name="seekable" value="true" /> |
| 124 | 139 | <? if($duration!=0){ |
| 125 | 140 | ?> |
| 126 | | - <param name="duration" value="<?=$duration?>" /> |
| | 141 | + <param name="duration" value="<?= htmlspecialchars( $duration )?>" /> |
| 127 | 142 | <? |
| 128 | 143 | } ?> |
| 129 | 144 | <param name="bufferSize" value="200" /> |
| 130 | 145 | </applet> |
| 131 | 146 | <? }else{ ?> |
| 132 | | - <b>Error:</b> <?=$error?> |
| | 147 | + <b>Error:</b> <?= htmlspecialchars( $error )?> |
| 133 | 148 | <? |
| 134 | 149 | } |
| 135 | 150 | ?> |