Extension talk:VideoFlash
From MediaWiki.org
Contents |
[edit] support for Revver?
What about adding support for Revver? I tried to tweak it on my own but I was having some difficulty. Any suggestions?
-
- I have Added Revver support to VideoFlash extension --Args 11:36, 24 March 2007 (UTC)
A quick and dirty solution to display videos from Revver (Example):
Copy the following code into extensions/revverflash.php :
<?php
/*******************************************************************************
* *
* RevverFlash Extension by Daniel Hüttenmeister, based on VideoFlash extension *
* http://www.mediawiki.org/wiki/Extension:VideoFlash *
* *
* *
* Tag : *
* <revverflash>v</revverflash> *
* *
* Ex : *
* http://one.revver.com/watch/89072 *
* <revverflash>89072</revverflash> *
* *
* * * *
********************************************************************************/
$wgExtensionFunctions[] = 'wfRevverFlash';
$wgExtensionCredits['parserhook'][] = array(
'name' => 'RevverFlash',
'description' => 'RevverFlash (based on VideoFlash from Alberto Sarullo)',
'author' => 'Daniel Hüttenmeister',
'url' => 'http://www.mediawiki.org/wiki/Extension:VideoFlash'
);
function wfRevverFlash() {
global $wgParser;
$wgParser->setHook('revverflash', 'renderRevverFlash');
}
# The callback function for converting the input text to HTML output
function renderRevverFlash($input, $args) {
$type = "revver";
$params = explode ("|", $input);
$id = $params[0];
$width = 480;
$height = 392;
$style = '';
$url['revver'] = 'http://flash.revver.com/player/1.0/player.swf';
if(count($args)>0 && $args['type'] && $url[$args['type']]){
$type = $args['type'];
}
if (count($params) > 1) {
$width = $params[1];
if (count($params) > 2) {
$height = $params[2];
if (count($params) > 3) {
$style = $params[3];
}
}
}
$output='<embed type="application/x-shockwave-flash" src="'.$url[$type]
.'" pluginspage="http://www.mac392romedia.com/go/getflashplayer" scale="noScale" salign="TL" bgcolor="#ffffff" flashvars="mediaId='.$id
.'&affiliateId=0" wmode="transparent" height="'.$height.'" width="'.$width.'"></embed>';
return $output;
}
?>
Add the following lines at the end of LocalSettings.php:
require_once("extensions/revverflash.php");
[edit] Standalone .flv files
There are many free .swf players for .flv files.
I find the lack of
<videoflash type="flv">somefileuploadedtomediawiki.flv</videoflash>
and
<videoflash type="flv">http://whatever.com/foo.flv</videoflash>
annoying to the point where I may much likely add something which does that. --Xiando 19:52, 13 March 2007 (UTC)
- hold tight, I'll commit Extension:Player in a few hours. -- Duesentrieb ⇌ 20:23, 13 March 2007 (UTC)
-
- Sweet. Perhaps you should take a look and see if there's any interesting code in anarchy media player, then. It works great for wordpress sites. Perhaps there's something you can borrow from there. --Xiando 20:47, 13 March 2007 (UTC)
Love the extension! --Lolade 20:42, 2 April 2007 (UTC)
[edit] XSS Vulnerability Explained
Consider this snippet of code (unrelated lines have been removed):
$params = explode ("|", $input);
$id = $params[0];
// ...
$url['youtube'] = 'http://www.youtube.com/v/'.$id;
// ...
$output= '<object width="'.$width.'" height="'.$height.'" style="' . $style . '">'
.'<param name="movie" value="'.$url[$type].'"> &t;param name="allowfullscreen" value="true" />'
If the $id contains a doublequote followed by a close tag, the editor can effectively break out of the <param> tag and insert a <script> tag like so:
<videoflash>4lhyH5TsuPg" />
<script type="text/javascript">
alert('evil code here');
</script>
<param class="</videoflash>
This happens because the $id field is never urlencoded on the way to becoming part of the <param> tag's value attribute.
Hope this makes sense. --Jimbojw 21:00, 6 April 2007 (UTC)
-
- Since version 1.1 (2007-03-24), the entire $input is parsed (inluding any '<' or '>' tags). --Args 17:28, 10 April 2007 (UTC)
-
-
- You're right - sorry for the confusion. The call to htmlspecialchars takes care of the quotes. The only other thing I can find that's abusable is that it's possible to hijack the url to a degree by inserting a leading '../' vis a vis:
<videoflash>../img/pic_youtubelogo_123x63.gif</videoflash>
More of annoyance vector rather than an actual attack vector though. --Jimbojw 18:52, 10 April 2007 (UTC)
- You're right - sorry for the confusion. The call to htmlspecialchars takes care of the quotes. The only other thing I can find that's abusable is that it's possible to hijack the url to a degree by inserting a leading '../' vis a vis:
-
[edit] godtube
Does someone mind adding GodTube to this? --12.219.111.23 16:15, 16 April 2007 (UTC)
- FramedVideo now supports GodTube, if you still need it. (FaithTube uses YouTube streaming.) Ruiz 13:54, 17 August 2008 (UTC)
[edit] faithtube
or faithtube www.faithtube.com
[edit] Yahoo video
It would be helpful if Yahoo video is added to this extension. I tried the obvious way and it didn't work. Thanks.
[edit] Bug
Using this extension as part of a template seems to break it.
Example template:
<videoflash type="googlevideo">{{{video}}}|400|326</videoflash>
If you use this as part of a template and insert the correct video ID, it will not correctly insert the ID. It leaves the URL with {{{video}}} in the address. Any fix possible?
- This isn't a bug in VideoFlash - it's a symptom of the fact that it's an extension tag. Extension tags cannot interpret the parameters as you'd like. --Jimbojw 05:24, 15 June 2007 (UTC)
[edit] submitting patch
Reposting here: I've modified Extension:VideoFlash a little, and added support for blip.tv- what would be the best way to go about submitting a patch for consideration ? -SignpostMarv 22:06, 1 July 2008 (UTC)
- It was requested that I make the modification available for consideration on the Second Life Wiki, so the modification is available here
- SignpostMarv 10:50, 12 August 2008 (UTC)
[edit] Programmatically include fullscreen support
I wasn't sure if I should simply hacque the code or suggest the change here, so I'll suggest first, then you can decide. This also probably qualifies as a patch, but I wasn't sure where to submit?
It is really trivial to add an option (possibly as an argument to the function itself) so that the full screen display option is incorporated in the main branch of the code. The changes are simple, and require (1) initializing the boolean "$fullscreen_enabled = 0;" at the top. Here is the code:
function renderVideoFlash($input, $args) { $input = htmlspecialchars($input); $fullscreen_enabled = 0; // set to 1 (or True) to enable full screen viewing // [ ... no more changes until before "return $output;" ... ] if ($fullscreen_enabled) { /**************************************************************************** * Simple "View in fullscreen" addon by xiandos.info. * * At the end, before the output is returned, add: * *****************************************************************************/ if (strstr($type, "googlevideo")) { $output .= '<p><a href="javascript:void(window.open(' . "'http://video.google.com/googleplayer.swf?docid=" . $id . "','GooglePlayer','location=no,menubar=no,scrollbars=auto,status=no," . "toolbar=no,fullscreen=yes,dependent=no,left=1,top=1'))" . '">View the video in fullscreen</a></p>'; } } return $output; }
--Fjb 02:28, 4 August 2008 (UTC)
