ADDED : EMBEC Codes

Fixed : Little Bugs... FIXED : Search Page XSS Ready to release the next stable version
2010-04-29 13:46:06 +00:00 · 2010-04-29 13:46:06 +00:00 · abd4ec7cf7
commit abd4ec7cf7
parent a942bb4899
11 changed files with 131 additions and 14 deletions
--- a/upload/includes/classes/video.class.php
+++ b/upload/includes/classes/video.class.php
@ -667,7 +667,7 @@ class CBvideo extends CBCategory
 		
 		$embed_code = false;
 		
-		$funcs = $this->embed_func_listl;
+		$funcs = $this->embed_func_list;
 		if(is_array($funcs))
 		{
 			foreach($funcs as $func)
--- a/upload/includes/common.php
+++ b/upload/includes/common.php
@ -280,6 +280,9 @@ if(phpversion() < '5.2.0')
 	//Enable youtube videos
 	define("YOUTUBE_ENABLED",$row['youtube_enabled']);
 	
+	define("EMBED_VDO_WIDTH","480");
+	define("EMBED_VDO_HEIGHT","385");
+	
 	include 'plugin.functions.php';
 	include 'plugins_functions.php';
 	require BASEDIR.'/includes/templatelib/Template.class.php';
@ -307,6 +310,7 @@ if(phpversion() < '5.2.0')
 	define('ALLOWED_VDO_CATS',$row['video_categories']);
 	define('ALLOWED_CATEGORIES',3);
 	
+	
 	//Assigning Smarty Tags & Values
    Assign('CB_VERSION',CB_VERSION);
    Assign('FFMPEG_FLVTOOLS_BINARY',FFMPEG_FLVTOOLS_BINARY);
--- a/upload/includes/functions.php
+++ b/upload/includes/functions.php
@ -2362,7 +2362,7 @@
 	 * Function used to display
 	 * Blank Screen
 	 * if there is nothing to play or to show
-	 * then who a blank screen
+	 * then show a blank screen
 	 */
 	function blank_screen($data)
 	{
@ -4150,4 +4150,23 @@
        return $filename;
    }    
 	
+	/**
+	 * Function used to generate
+	 * embed code of embedded video
+	 */
+	function embeded_code($vdetails)
+	{
+		$code = '';
+		$code .= '<object width="'.EMBED_VDO_WIDTH.'" height="'.EMBED_VDO_HEIGHT.'">';
+		$code .= '<param name="allowFullScreen" value="true">';
+		$code .= '</param><param name="allowscriptaccess" value="always"></param>';
+		//Replacing Height And Width
+		$h_w_p = array("{Width}","{Height}");
+		$h_w_r = array(EMBED_VDO_WIDTH,EMBED_VDO_HEIGHT);	
+		$embed_code = str_replace($h_w_p,$h_w_r,$vdetails['embed_code']);
+		$code .= unhtmlentities($embed_code);
+		$code .= '</object>';
+		return $code;
+	}
+	
 ?>
--- a/upload/includes/plugin.functions.php
+++ b/upload/includes/plugin.functions.php
@ -349,4 +349,13 @@
 		}
 	}
 	
+	/**
+	 * Regiseter Embed Function
+	 */
+	function register_embed_function($name)
+	{
+		global $cbvid;
+		$cbvid->embed_func_list [] = $name;
+	}
+	
 ?>
--- a/upload/install/cb_v2.sql
+++ b/upload/install/cb_v2.sql
@ -227,7 +227,7 @@ INSERT INTO `{tbl_prefix}config` (`configid`, `name`, `value`) VALUES
 (56, 'allow_language_change', '1'),
 (57, 'default_site_lang', ''),
 (58, 'video_require_login', ''),
-(59, 'audio_codec', 'mp3'),
+(59, 'audio_codec', 'libmp3lame'),
 (60, 'con_modules_type', ''),
 (61, 'remoteUpload', ''),
 (62, 'embedUpload', ''),
--- a/upload/player/cbplayer/cbplayer.plug.php
+++ b/upload/player/cbplayer/cbplayer.plug.php
@ -38,9 +38,9 @@ if(!function_exists('cbplayer'))
 				$code 	 = "var flashvars = {\n";
 				$code	.= " htmlPage: document.location,\n";
 				if($data['hq'])
-				$code	.= "settingsFile: \"".PLAYER_URL."/cbplayer/settings.php?hqid=".$vdata['videoid']."&autplay=".$data['autoplay']."\"\n";
+				$code	.= "settingsFile: \"".PLAYER_URL."/cbplayer/settings.php?hqid=".$vdata['videoid']."&autoplay=".$data['autoplay']."\"\n";
 				else
-				$code	.= "settingsFile: \"".PLAYER_URL."/cbplayer/settings.php?vid=".$vdata['videoid']."&autplay=".$data['autoplay']."\"\n";
+				$code	.= "settingsFile: \"".PLAYER_URL."/cbplayer/settings.php?vid=".$vdata['videoid']."&autoplay=".$data['autoplay']."\"\n";
 				$code	.= "};\n";
 				$code	.= "var params = {\n";
 				$code	.= "  allowFullScreen: \"true\"\n";
@ -55,14 +55,22 @@ if(!function_exists('cbplayer'))
 	}
 	
 	function default_embed_code($vdetails)
+	{
+		
+		$vid_file = get_video_file($vdata,$no_video,false);
+		if($vid_file)
 		{
 		$code = '';
-		$code .= '<object width="300" height="250">';
+		$code .= '<object width="'.EMBED_VDO_WIDTH.'" height="'.EMBED_VDO_HEIGHT.'">';
 		$code .= '<param name="movie" value="'.PLAYER_URL.'/cbplayer/videoPlayer.swf?settingsFile='.PLAYER_URL.'/cbplayer/settings.php?vid='.$vdetails['videoid'].'"></param>';
 		$code .= '<param name="allowFullScreen" value="true"></param>';
 		$code .= '<param name="allowscriptaccess" value="always"></param>';
 		$code .= '<embed src="'.PLAYER_URL.'/cbplayer/videoPlayer.swf?settingsFile='.PLAYER_URL.'/cbplayer/settings.php?vid='.$vdetails['videoid'].'" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="300" height="250"></embed>';
 		$code .= '</object>';
+		}else
+		{
+			return embeded_code($vdetails);
+		}
 		
 		return $code;
 	}
--- a/upload/player/cbplayer/settings.php
+++ b/upload/player/cbplayer/settings.php
@ -36,7 +36,7 @@ echo '<?xml version="1.0" encoding="UTF-8"?>';
 		<showMiddlePlayBtn value="true"/>
 		
 		<showWatermark value="true"/>
-		<watermarkPos value="BR"/>
+		<watermarkPos value="<?=strtoupper(config('logo_placement'))?>"/>
 	
 		<spaceKeyListener value="true"/>
 		<clickListener value="true"/>
--- a/upload/player/hdflvplayer/hdflvplayer.plug.php
+++ b/upload/player/hdflvplayer/hdflvplayer.plug.php
@ -1,7 +1,7 @@
 <?php

 /*
-Player Name: HD FLV Player
+Player Name: HD FLV Player Smart
 Description: HDFLV Player from BALA - hdflvplayer.nte
 Author: Arslan Hassan
 Author Website: http://clip-bucket.com/
@ -114,7 +114,39 @@ if(!function_exists('hdflvplayer'))
 			return false;
 	}
 	
+	function hdflv_embed_code($vdetails)
+	{
+		
+		$vid_file = get_video_file($vdetails,false,true);
+		if($vid_file )
+		{
+
+			$code = '';
+			$code .= "<object classid='clsid:D27CDB6E-AE6D-11cf-96B8-444553540000' width='".EMBED_VDO_WIDTH."' height='".EMBED_VDO_HEIGHT."'
+			id='cb_embed_player1' name='cb_embed_player1'>";
+			$code .= "<param name='movie' value='".PLAYER_URL.'/hdflvplayer/hdplayer.swf'."'>";
+			$code .= "<param name='allowfullscreen' value='true'>";
+			$code .= "<param name='allowscriptaccess' value='always'>";
+			$code .= "<param name='flashvars' value='file=".$vid_file."'>";
+			$code .= "<embed id='cb_embed_player1'";
+			$code .= "		  name='cb_embed_player1'";
+			$code .= "		  src='".PLAYER_URL."/hdflvplayer/hdplayer.swf'";
+			$code .= "		  width='".EMBED_VDO_WIDTH."'";
+			$code .= "		  height='".EMBED_VDO_HEIGHT."'";
+			$code .= "		  allowscriptaccess='always'";
+			$code .= "		  allowfullscreen='true'";
+			$code .= "		  flashvars='file=".$vid_file."&showPlaylist=false'";
+			$code .= "   />";
+			$code .= "</object>";
+			return $code;
+		}else
+		{
+			return embeded_code($vdetails);
+		}
+	}
+	
 	register_actions_play_video('hdflvplayer');
+	register_embed_function('hdflv_embed_code');
 }

 ?>
--- a/upload/player/jw_smart/jw_smart.php
+++ b/upload/player/jw_smart/jw_smart.php
@ -109,7 +109,52 @@ if(!function_exists("jw_smart"))
 			return false;
 	}
 	
+	function jw_embed_code($vdetails)
+	{
+		
+		$vid_file = get_video_file($vdetails,false,true);
+		//Checking for YT Referal
+		$ref = $vdetails['refer_url'];
+		//Checking for youtube
+		if(function_exists('is_ref_youtube'))
+			$ytcom = is_ref_youtube($ref);
+		if($ytcom)
+			$is_youtube = true;
+		else
+			$is_youtube = false;
+			
+		if($vid_file || $is_youtube)
+		{
+			if(!$vid_file)
+				$vid_file = urlencode($ref);
+			$code = '';
+			$code .= "<object classid='clsid:D27CDB6E-AE6D-11cf-96B8-444553540000' width='".EMBED_VDO_WIDTH."' height='".EMBED_VDO_HEIGHT."'
+			id='cb_embed_player1' name='cb_embed_player1'>";
+			$code .= "<param name='movie' value='".PLAYER_URL.'/jw_smart/player-viral.swf'."'>";
+			$code .= "<param name='allowfullscreen' value='true'>";
+			$code .= "<param name='allowscriptaccess' value='always'>";
+			$code .= "<param name='flashvars' value='file=".$vid_file."'>";
+			$code .= "<embed id='cb_embed_player1'";
+			$code .= "		  name='cb_embed_player1'";
+			$code .= "		  src='".PLAYER_URL."/jw_smart/player-viral.swf'";
+			$code .= "		  width='".EMBED_VDO_WIDTH."'";
+			$code .= "		  height='".EMBED_VDO_HEIGHT."'";
+			$code .= "		  allowscriptaccess='always'";
+			$code .= "		  allowfullscreen='true'";
+			$code .= "		  flashvars='file=".$vid_file."'";
+			$code .= "   />";
+			$code .= "</object>";
+			return $code;
+		}else
+		{
+			return embeded_code($vdetails);
+		}
+	}
+	
 	add_js(array('swfobject.obj.js'=>'global'));
 	register_actions_play_video('jw_smart');
+	register_embed_function('jw_embed_code');
+	//Adding Embed Function 
+	
 }
 ?>
--- a/upload/plugins/embed_video_mod/embed_video_mod.php
+++ b/upload/plugins/embed_video_mod/embed_video_mod.php
@ -217,7 +217,7 @@ if(!function_exists('validate_embed_code'))
 		if(!empty($vdetails['embed_code']) && $vdetails['embed_code'] !=' ' && $vdetails['embed_code'] !='none')
 		{
 			//Parsing Emebd Codek, Getting Referal URL if possible and add AUTPLAY on of option 
-			$ref_url = get_refer_url_from_embed_code(unhtmlentities($vdetails['embed_code']));
+			$ref_url = get_refer_url_from_embed_code(unhtmlentities(stripslashes($vdetails['embed_code'])));
 			$ref_url = $ref_url['url'];
 			$db->update(tbl("video"),array("status","refer_url"),array('Successful',$ref_url)," videoid='$vid'");
 		}
--- a/upload/search_result.php
+++ b/upload/search_result.php
@ -11,14 +11,14 @@ require 'includes/config.inc.php';
 $pages->page_redir();
 						
 $page = mysql_clean($_GET['page']);
-$type = $_GET['type'] ;
+$type = mysql_clean($_GET['type']) ;
 $type = $type ? $type : 'videos';
 $search = cbsearch::init_search($type);

-$search->key = $_GET['query'];
-$search->category = $_GET['category'];
-$search->date_margin = $_GET['datemargin'];
-$search->sort_by = $_GET['sort'];
+$search->key = mysql_clean($_GET['query']);
+$search->category = mysql_clean($_GET['category']);
+$search->date_margin = mysql_clean($_GET['datemargin']);
+$search->sort_by = mysql_clean($_GET['sort']);
 $search->limit = create_query_limit($page,$search->results_per_page);
 $results = $search->search();