Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #5304 from kaltura/strip_tags
call strip_tags on all values extracted from $_GET[]
  • Loading branch information
etameran committed Feb 27, 2017
2 parents 4d91059 + c9f9f4c commit 041a6d5
Show file tree
Hide file tree
Showing 5 changed files with 20 additions and 20 deletions.
10 changes: 5 additions & 5 deletions admin_console/web/tools/AkamaiBroadcaster.php
Expand Up @@ -12,11 +12,11 @@
<script language="javascript">


var flashVars = 'cpcode=<?php echo $_GET['streamUsername']; ?>';
flashVars += '&passwd=<?php echo $_GET['streamPassword']; ?>';
flashVars += '&streamname=<?php echo $_GET['entryId']; ?>@<?php echo $_GET['streamRemoteId']; ?>';
flashVars += '&primaryep=p.ep<?php echo $_GET['streamRemoteId']; ?>.i.akamaientrypoint.net';
flashVars += '&backupep=b.ep<?php echo $_GET['streamRemoteBackupId']; ?>.i.akamaientrypoint.net';
var flashVars = 'cpcode=<?php echo strip_tags($_GET['streamUsername']); ?>';
flashVars += '&passwd=<?php echo strip_tags($_GET['streamPassword']); ?>';
flashVars += '&streamname=<?php echo strip_tags($_GET['entryId']); ?>@<?php echo strip_tags($_GET['streamRemoteId']); ?>';
flashVars += '&primaryep=p.ep<?php echo strip_tags($_GET['streamRemoteId']); ?>.i.akamaientrypoint.net';
flashVars += '&backupep=b.ep<?php echo strip_tags($_GET['streamRemoteBackupId']); ?>.i.akamaientrypoint.net';


if (AC_FL_RunContent == 0) {
Expand Down
4 changes: 2 additions & 2 deletions admin_console/web/tools/SimpleJWPlayer.php
Expand Up @@ -7,13 +7,13 @@
value="non-commercial.swf" />
<param name="wmode" value="transparent" />
<param name="allowScriptAccess" value="always" />
<param name="flashvars" value="file=<?php echo $_GET['entryId']; ?>_1@<?php echo $_GET['streamRemoteId']; ?>&subscribe=true&streamer=rtmp://cp<?php echo $_GET['streamUsername']; ?>.live.edgefcs.net/live/&type=fcsubscribe" />
<param name="flashvars" value="file=<?php echo strip_tags($_GET['entryId']); ?>_1@<?php echo strip_tags($_GET['streamRemoteId']); ?>&subscribe=true&streamer=rtmp://cp<?php echo strip_tags($_GET['streamUsername']); ?>.live.edgefcs.net/live/&type=fcsubscribe" />
<embed id="jw_player__1267721422280"
name="jw_player__1267721422280"
src="non-commercial.swf"
width="400" height="319" allowfullscreen="true"
wmode="transparent" allowscriptaccess="always"
flashvars="file=<?php echo $_GET['entryId']; ?>_1@<?php echo $_GET['streamRemoteId']; ?>&subscribe=true&streamer=rtmp://cp<?php echo $_GET['streamUsername']; ?>.live.edgefcs.net/live/&type=fcsubscribe" />
flashvars="file=<?php echo strip_tags($_GET['entryId']); ?>_1@<?php echo strip_tags($_GET['streamRemoteId']); ?>&subscribe=true&streamer=rtmp://cp<?php echo strip_tags($_GET['streamUsername']); ?>.live.edgefcs.net/live/&type=fcsubscribe" />
<noembed>
<a href="http://www.kaltura.org/">Open Source Video</a>
</noembed>
Expand Down
4 changes: 2 additions & 2 deletions admin_console/web/tools/XmlJWPlayer.php
Expand Up @@ -7,13 +7,13 @@
value="non-commercial.swf" />
<param name="wmode" value="transparent" />
<param name="allowScriptAccess" value="always" />
<param name="flashvars" value="config=/index.php/extwidget/streamclipper?entryId=<?php echo $_GET['entryId']; ?>" />
<param name="flashvars" value="config=/index.php/extwidget/streamclipper?entryId=<?php echo strip_tags($_GET['entryId']); ?>" />
<embed id="jw_player__1267721422280"
name="jw_player__1267721422280"
src="non-commercial.swf"
width="400" height="319" allowfullscreen="true"
wmode="transparent" allowscriptaccess="always"
flashvars="config=/index.php/extwidget/streamclipper?entryId=<?php echo $_GET['entryId']; ?>" />
flashvars="config=/index.php/extwidget/streamclipper?entryId=<?php echo strip_tags($_GET['entryId']); ?>" />
<noembed>
<a href="http://www.kaltura.org/">Open Source Video</a>
</noembed>
Expand Down
10 changes: 5 additions & 5 deletions admin_console/web/tools/bigRedButton.php
Expand Up @@ -5,9 +5,9 @@
if(!isset($_GET['playerVersion']))
die('html5 lib version must be supplied in query string');

$partnerId = $_GET['partnerId'];
$partnerId = strip_tags($_GET['partnerId']);

$html5Version = $_GET['playerVersion'];
$html5Version = strip_tags($_GET['playerVersion']);
?>
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="lt-ie10 lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
Expand Down Expand Up @@ -305,15 +305,15 @@ function updateSystemTime()
</tr>
<tr>
<td>Admin Secret:</td>
<td><input type="text" id="txtSecret" value="<?php echo isset($_GET['secret']) ? $_GET['secret'] : ''; ?>" />
<td><input type="text" id="txtSecret" value="<?php echo isset($_GET['secret']) ? strip_tags($_GET['secret']) : ''; ?>" />
</td>
<tr>
<td>Entry Id:</td>
<td><input type="text" id="txtEntryId" value="<?php echo isset($_GET['entryId']) ? $_GET['entryId'] : ''; ?>" />
<td><input type="text" id="txtEntryId" value="<?php echo isset($_GET['entryId']) ? strip_tags($_GET['entryId']) : ''; ?>" />
</td>
<tr>
<td>uiConf Id:</td>
<td><input type="text" id="txtUiConfId" value="<?php echo isset($_GET['uiConfId']) ? $_GET['uiConfId'] : ''; ?>" />
<td><input type="text" id="txtUiConfId" value="<?php echo isset($_GET['uiConfId']) ? strip_tags($_GET['uiConfId']) : ''; ?>" />
</td>
<tr>
<td colspan="2">
Expand Down
12 changes: 6 additions & 6 deletions admin_console/web/tools/bigRedButtonPtsPoc.php
Expand Up @@ -5,9 +5,9 @@
if(!isset($_GET['playerVersion']))
die('html5 lib version must be supplied in query string');

$partnerId = $_GET['partnerId'];
$partnerId = strip_tags($_GET['partnerId']);

$html5Version = $_GET['playerVersion'];
$html5Version = strip_tags($_GET['playerVersion']);
?>
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="lt-ie10 lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
Expand Down Expand Up @@ -210,19 +210,19 @@ function sendAd(){
<table>
<tr style="display: none; ">
<td>Admin Secret:</td>
<td><input type="text" id="txtSecret" value="<?php echo isset($_GET['secret']) ? $_GET['secret'] : ''; ?>" />
<td><input type="text" id="txtSecret" value="<?php echo isset($_GET['secret']) ? strip_tags($_GET['secret']) : ''; ?>" />
</td>
<tr style="display: none; ">
<td>Entry Id:</td>
<td><input type="text" id="txtEntryId" value="<?php echo isset($_GET['entryId']) ? $_GET['entryId'] : ''; ?>" />
<td><input type="text" id="txtEntryId" value="<?php echo isset($_GET['entryId']) ? strip_tags($_GET['entryId']) : ''; ?>" />
</td>
<tr style="display: none; ">
<td>Admin uiConf Id:</td>
<td><input type="text" id="txtAdminUiConfId" value="<?php echo isset($_GET['adminUiConfId']) ? $_GET['adminUiConfId'] : ''; ?>" />
<td><input type="text" id="txtAdminUiConfId" value="<?php echo isset($_GET['adminUiConfId']) ? strip_tags($_GET['adminUiConfId']) : ''; ?>" />
</td>
<tr style="display: none; ">
<td>User uiConf Id:</td>
<td><input type="text" id="txtUiConfId" value="<?php echo isset($_GET['uiConfId']) ? $_GET['uiConfId'] : ''; ?>" />
<td><input type="text" id="txtUiConfId" value="<?php echo isset($_GET['uiConfId']) ? strip_tags($_GET['uiConfId']) : ''; ?>" />
</td>
<tr style="display: none; ">
<td colspan="2">
Expand Down

0 comments on commit 041a6d5

Please sign in to comment.