Extension talk:VideoFlash

support for Revver?
What about adding support for Revver? I tried to tweak it on my own but I was having some difficulty. Any suggestions?
 * I have Added Revver support to VideoFlash extension --Args 11:36, 24 March 2007 (UTC)

A quick and dirty solution to display videos from Revver (Example):

Copy the following code into extensions/revverflash.php : <?php

/*******************************************************************************
 * RevverFlash Extension by Daniel Hüttenmeister, based on VideoFlash extension *
 * http://www.mediawiki.org/wiki/Extension:VideoFlash                          *
 * Tag :                                                                       *
 * v                                              *
 * Ex :                                                                        *
 * http://one.revver.com/watch/89072               			       *
 * 89072                                            *
 * Ex :                                                                        *
 * http://one.revver.com/watch/89072               			       *
 * 89072                                            *
 * 89072                                            *

$wgExtensionFunctions[] = 'wfRevverFlash'; $wgExtensionCredits['parserhook'][] = array(       'name' => 'RevverFlash',        'description' => 'RevverFlash (based on VideoFlash from Alberto Sarullo)',        'author' => 'Daniel Hüttenmeister',        'url' => 'http://www.mediawiki.org/wiki/Extension:VideoFlash' );

function wfRevverFlash { global $wgParser; $wgParser->setHook('revverflash', 'renderRevverFlash'); }

function renderRevverFlash($input, $args) { $type = "revver"; $params = explode ("|", $input); $id = $params[0]; $width = 480; $height = 392; $style = ''; $url['revver']		 = 'http://flash.revver.com/player/1.0/player.swf'; if(count($args)>0 && $args['type'] && $url[$args['type']]){ $type = $args['type']; }
 * 1) The callback function for converting the input text to HTML output

if (count($params) > 1) { $width = $params[1]; if (count($params) > 2) { $height = $params[2]; if (count($params) > 3) { $style = $params[3]; }          }        }        $output=' ';

return $output; }

?>

Add the following lines at the end of LocalSettings.php: require_once("extensions/revverflash.php");

Standalone .flv files
There are many free .swf players for .flv files.

I find the lack of

somefileuploadedtomediawiki.flv

and

http://whatever.com/foo.flv

annoying to the point where I may much likely add something which does that. --Xiando 19:52, 13 March 2007 (UTC)


 * hold tight, I'll commit Extension:Player in a few hours. -- Duesentrieb ⇌ 20:23, 13 March 2007 (UTC)


 * Sweet. Perhaps you should take a look and see if there's any interesting code in anarchy media player, then. It works great for wordpress sites. Perhaps there's something you can borrow from there. --Xiando 20:47, 13 March 2007 (UTC)

Love the extension! --Lolade 20:42, 2 April 2007 (UTC)

XSS Vulnerability Explained
Consider this snippet of code (unrelated lines have been removed):

$params = explode ("|", $input); $id = $params[0]; // ... $url['youtube']     = ' http://www.youtube.com/v/ '. $id ; // ... $output= '&lt;object width="'.$width.'" height="'.$height.'" style="' . $style . '"&gt;' .'&lt;param name="movie" value="'. $url[$type] .'"&gt; &t;param name="allowfullscreen" value="true" /&gt;'

If the $id contains a doublequote followed by a close tag, the editor can effectively break out of the &lt;param&gt; tag and insert a &lt;script&gt; tag like so: 4lhyH5TsuPg" />  alert('evil code here'); $id field is never urlencoded on the way to becoming part of the &lt;param&gt; tag's value attribute.

Hope this makes sense. --Jimbojw 21:00, 6 April 2007 (UTC)


 * Since version 1.1 (2007-03-24), the entire $input is parsed (inluding any '<' or '>' tags). --Args 17:28, 10 April 2007 (UTC)


 * You're right - sorry for the confusion. The call to htmlspecialchars takes care of the quotes.  The only other thing I can find that's abusable is that it's possible to hijack the url to a degree by inserting a leading '../' vis a vis: ../img/pic_youtubelogo_123x63.gif More of annoyance vector rather than an actual attack vector though. --Jimbojw 18:52, 10 April 2007 (UTC)

godtube
Does someone mind adding GodTube to this? --12.219.111.23 16:15, 16 April 2007 (UTC)

faithtube
or faithtube www.faithtube.com

Yahoo video
It would be helpful if Yahoo video is added to this extension. I tried the obvious way and it didn't work. Thanks.

Bug
Using this extension as part of a template seems to break it. Example template: |400|326 If you use this as part of a template and insert the correct video ID, it will not correctly insert the ID. It leaves the URL with in the address. Any fix possible?


 * This isn't a bug in VideoFlash - it's a symptom of the fact that it's an extension tag. Extension tags cannot interpret the parameters as you'd like. --Jimbojw 05:24, 15 June 2007 (UTC)

submitting patch
Reposting here: I've modified Extension:VideoFlash a little, and added support for blip.tv- what would be the best way to go about submitting a patch for consideration ? -SignpostMarv 22:06, 1 July 2008 (UTC)

Programmatically include fullscreen support
I wasn't sure if I should simply hacque the code or suggest the change here, so I'll suggest first, then you can decide. This also probably qualifies as a patch, but I wasn't sure where to submit?

It is really trivial to add an option (possibly as an argument to the function itself) so that the full screen display option is incorporated in the main branch of the code. The changes are simple, and require (1) initializing the boolean "$fullscreen_enabled = 0;" at the top. Here is the code:

--Fjb 02:28, 4 August 2008 (UTC)