r55822 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r55821‎ | r55822 | r55823 >
Date:14:50, 4 September 2009
Author:dale
Status:deferred
Tags:
Comment:
* added some file checks
* removed depreciated cortado_iframe.php
* added init values for wgJSAutoloadClasses and wgJSAutoloadLocalClasses
Modified paths:
  • /trunk/phase3/js2/mwEmbed/jsScriptLoader.php (modified) (history)
  • /trunk/phase3/js2/mwEmbed/php/cortado_iframe.php (deleted) (history)
  • /trunk/phase3/js2/mwEmbed/php/noMediaWikiConfig.php (modified) (history)

Diff [purge]

Index: trunk/phase3/js2/mwEmbed/php/cortado_iframe.php
@@ -1,222 +0,0 @@
2 -<?php
3 -/*
4 -cortado_embed.php
5 -all file checks and conditions should be checked prior to loading this page.
6 -this page serves as a wrapper for the cortado java applet
7 -
8 -@@this may be deprecated in favor of a central hosted java applet
9 -*/
10 -
11 -cortado_iframe();
12 -
13 -function cortado_iframe() {
14 - if( !function_exists( 'filter_input' ) ){
15 - die( 'your version of PHP lacks <b>filter_input()</b> function<br />' );
16 - }
17 -
18 - // load the http GETS:
19 - // set the parent domain if provided
20 - $parent_domain = isset( $_GET['parent_domain'] ) ? $_GET['parent_domain'] : false;
21 -
22 - // default to null media in not provided:
23 - $media_url = isset( $_GET['media_url'] ) ? $_GET['media_url'] : false;
24 - if( strval( $media_url ) === '' ){
25 - error_out( 'invalid or missing media URL' );
26 - }
27 -
28 - // default duration to 30 seconds if not provided. (ideally cortado would read this from the video file)
29 - //$duration = ( isset( $_GET['duration'] ) ) ? $_GET['duration'] : 0;
30 - $duration = filter_input( INPUT_GET, 'duration', FILTER_SANITIZE_NUMBER_INT );
31 - if( is_null( $duration ) || $duration === false ){
32 - $duration = 0;
33 - }
34 -
35 - // id (set to random if none provided)
36 - //$id = ( isset( $_GET['id'] ) ) ? $_GET['id'] : 'vid_' . rand( '10000000' );
37 - $id = isset( $_GET['id'] ) ? $_GET['id'] : false;
38 - if( is_null( $id ) || $id === false ){
39 - $id = 'vid_' . rand( 0, 10000000 );
40 - }
41 -
42 - $width = filter_input( INPUT_GET, 'width', FILTER_SANITIZE_NUMBER_INT );
43 - if( is_null( $width ) || $width === false ){
44 - $width = 320;
45 - }
46 - $height = filter_input( INPUT_GET, 'height', FILTER_SANITIZE_NUMBER_INT );
47 - // default to video:
48 - $stream_type = ( isset( $_GET['stream_type'] ) ) ? $_GET['stream_type'] : 'video';
49 - if( $stream_type == 'video' ){
50 - $audio = $video = 'true';
51 - if( is_null( $height ) || $height === false )
52 - $height = 240;
53 - } else { // if( $stream_type == 'audio' )
54 - $audio = 'true';
55 - $video = 'false';
56 - if( is_null( $height ) || $height === false )
57 - $height = 20;
58 - }
59 -
60 - // everything good output page:
61 - output_page(array(
62 - 'id' => $id,
63 - 'media_url' => $media_url,
64 - 'audio' => $audio,
65 - 'video' => $video,
66 - 'duration' => $duration,
67 - 'width' => $width,
68 - 'height' => $height,
69 - 'parent_domain' => $parent_domain
70 - ));
71 -}
72 -
73 -/**
74 - * JS escape function copied from MediaWiki's Xml::escapeJsString()
75 - */
76 -function escapeJsString( $string ) {
77 - // See ECMA 262 section 7.8.4 for string literal format
78 - $pairs = array(
79 - "\\" => "\\\\",
80 - "\"" => "\\\"",
81 - '\'' => '\\\'',
82 - "\n" => "\\n",
83 - "\r" => "\\r",
84 -
85 - # To avoid closing the element or CDATA section
86 - "<" => "\\x3c",
87 - ">" => "\\x3e",
88 -
89 - # To avoid any complaints about bad entity refs
90 - "&" => "\\x26",
91 -
92 - # Work around https://bugzilla.mozilla.org/show_bug.cgi?id=274152
93 - # Encode certain Unicode formatting chars so affected
94 - # versions of Gecko don't misinterpret our strings;
95 - # this is a common problem with Farsi text.
96 - "\xe2\x80\x8c" => "\\u200c", // ZERO WIDTH NON-JOINER
97 - "\xe2\x80\x8d" => "\\u200d", // ZERO WIDTH JOINER
98 - );
99 - return strtr( $string, $pairs );
100 -}
101 -
102 -function error_out( $error = '' ){
103 - output_page( array( 'error' => $error ) );
104 - exit();
105 -}
106 -
107 -function output_page( $params ){
108 - extract( $params );
109 -?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
110 - <html xmlns="http://www.w3.org/1999/xhtml">
111 - <head>
112 - <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
113 - <title>cortado_embed</title>
114 - <script type="text/javascript">
115 - <?php //set the parent domain:
116 - if( $parent_domain ){?>
117 - try {
118 - document.domain = '<?php echo htmlspecialchars( $parent_domain ) ?>';
119 - } catch ( e ) {
120 - if( window.console )
121 - console.log('could not set domain to <?php echo htmlspecialchars( $parent_domain ) ?>');
122 - }
123 - <?php
124 - } ?>
125 - var jPlayer = null;
126 - function setGlobalJplayer(){
127 - jPlayer = document.getElementById('<?php echo htmlspecialchars( $id ) ?>');
128 - }
129 - </script>
130 - <style type="text/css">
131 - <!--
132 - body {
133 - margin-left: 0px;
134 - margin-top: 0px;
135 - margin-right: 0px;
136 - margin-bottom: 0px;
137 - }
138 - -->
139 - </style></head>
140 - <body onload="setGlobalJplayer()" >
141 - <?php
142 - $appid = ( preg_match( "/MSIE/i", getenv( "HTTP_USER_AGENT" ) ) ) ? '' : 'classid="java:com.fluendo.player.Cortado.class"';
143 - if( empty( $error ) ){ ?>
144 - <div id="jPlayer"></div>
145 - <OBJECT id="<?php echo htmlspecialchars( $id ) ?>"
146 - code="com.fluendo.player.Cortado.class"
147 - <?php echo $appid ?>
148 - archive="binPlayers/cortado/cortado-wmf-r46643.jar"
149 - width="<?php echo htmlspecialchars( $width ) ?>"
150 - height="<?php echo htmlspecialchars( $height ) ?>" >
151 - <param name="url" value="<?php echo htmlspecialchars( $media_url ) ?>" />
152 - <param name="local" value="false"/>
153 - <param name="keepaspect" value="true" />
154 - <param name="video" value="<?php echo htmlspecialchars( $video ) ?>" />
155 - <param name="audio" value="<?php echo htmlspecialchars( $audio ) ?>" />
156 - <param name="seekable" value="false" />
157 - <?php if( $duration != 0 ){ ?>
158 - <param name="duration" value="<?php echo htmlspecialchars( $duration ) ?>" />
159 - <?php } ?>
160 - <param name="showStatus" value="hide" />
161 - <param name="autoPlay" value="true" />
162 - <param name="BufferSize" value="8192" />
163 - <param name="BufferHigh" value="30" />
164 - <param name="BufferLow" value="5" />
165 - </OBJECT>
166 - <?php } else { ?>
167 - <b>Error:</b> <?php echo htmlspecialchars( $error ) ?>
168 - <?php
169 - }
170 - ?>
171 - </body>
172 - </html>
173 -<?php
174 -}
175 -/*
176 -javascript envoked version:
177 - function doPlayer(){
178 - jPlayer = document.createElement('OBJECT');
179 - jPlayer.setAttribute('classid', 'java:com.fluendo.player.Cortado.class');
180 - jPlayer.type = 'application/x-java-applet';
181 - jPlayer.setAttribute('archive', this.CortadoLocation);
182 - jPlayer.id = '<?php echo htmlspecialchars( $id ) ?>';
183 - jPlayer.width = '<?php echo htmlspecialchars( $width )?>';
184 - jPlayer.height = '<?php echo htmlspecialchars( $height )?>';
185 -
186 - var params = {
187 - 'code': 'com.fluendo.player.Cortado',
188 - 'archive': 'cortado-wmf-r46643.jar',
189 - 'url': '<?php echo htmlspecialchars( $media_url )?>',
190 - 'local': 'false',
191 - 'keepAspect': 'true',
192 - 'video': '<?php echo htmlspecialchars( $video )?>',
193 - 'audio': '<?php echo htmlspecialchars( $audio )?>',
194 - 'seekable': 'false',
195 - 'showStatus': 'hide',
196 - 'autoPlay': 'true',
197 - 'bufferSize': '8192',
198 - 'BufferHigh':'30',
199 - 'BufferLow' : '5',
200 - <? if($duration!=0){
201 - ?>
202 - 'duration':'<?php echo htmlspecialchars( $duration )?>',
203 - <?
204 - } ?>
205 - 'debug': 0
206 - }
207 - for(name in params){
208 - var p = document.createElement('param');
209 - p.name = name;
210 - p.value = params[name];
211 - jPlayer.appendChild(p);
212 - }
213 - var pHolder = document.getElementById('jPlayer');
214 - if(pHolder)
215 - pHolder.appendChild( jPlayer );
216 - }
217 - doPlayer();
218 -//then in the page:
219 -<script type="text/javascript">
220 - doPlayer();
221 - </script>
222 - *
223 -*/
\ No newline at end of file
Index: trunk/phase3/js2/mwEmbed/php/noMediaWikiConfig.php
@@ -19,6 +19,9 @@
2020
2121 $wgEnableScriptLoaderJsFile = false;
2222
 23+//init our wg Globals
 24+$wgJSAutoloadClasses = array();
 25+$wgJSAutoloadLocalClasses = array();
2326
2427 /*Localization:*/
2528 $wgEnableScriptLocalization = true;
Index: trunk/phase3/js2/mwEmbed/jsScriptLoader.php
@@ -52,6 +52,7 @@
5353 // Build the output:
5454 // swap in the appropriate language per js_file
5555 foreach( $this->jsFileList as $classKey => $file_name ){
 56+
5657 // special case: - title classes:
5758 if( substr( $classKey, 0, 3 ) == 'WT:' ){
5859 global $wgUser;
@@ -88,16 +89,27 @@
8990 continue;
9091 }
9192 }
 93+ //dealing with files::
 94+ //check that the filename ends with .js and does not include ../ traversing
 95+ if( substr( $file_name, -3 ) != '.js'){
 96+ $this->jsout .= "\nError file name must end with .js: ". htmlspecialchars( $file_name ) . " \n ";
 97+ continue;
 98+ }
 99+ if( strpos($file_name, '../') !== false ){
 100+ $this->jsout .= "\nError file name must not traverse paths: ". htmlspecialchars( $file_name ) . " \n ";
 101+ continue;
 102+ }
92103
93104 if( trim( $file_name ) != '' ){
94105 // if in debug add a comment with the file name:
95106 if( $this->debug )
96107 $this->jsout .= "\n/**
97 -* File: $file_name
 108+* File: ". htmlspecialchars( $file_name ) ."
98109 */\n";
99110 $this->jsout .= ( $this->doProccessJsFile( $file_name ) ) . "\n";
100111 }
101112 }
 113+
102114 // check if we should minify :
103115 if( $wgEnableScriptMinify && !$this->debug ){
104116 // do the minification and output

Status & tagging log