Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-33982 TinyMCE: Media preview supports external URLs

  • Loading branch information...
commit befd59097bab8dda6d7d6d648ee1e89d0f7baa42 1 parent 32efb09
@FMCorz FMCorz authored
View
115 lib/editor/tinymce/tiny_mce/3.5.1.1/plugins/moodlemedia/js/media.js
@@ -23,43 +23,9 @@ function insertMedia() {
tinyMCEPopup.close();
}
-function getType(v) {
- var fo, i, c, el, x, f = document.forms[0];
-
- fo = ed.getParam("media_types", "flash=swf;flv=flv;shockwave=dcr;qt=mov,qt,mpg,mp3,mp4,mpeg;shockwave=dcr;wmp=avi,wmv,wm,asf,asx,wmx,wvx;rmp=rm,ra,ram").split(';');
-
- // YouTube
- if (v.match(/watch\?v=(.+)(.*)/)) {
- f.src.value = 'http://www.youtube.com/v/' + v.match(/v=(.*)(.*)/)[0].split('=')[1];
- return 'flash';
- } else if (v.match(/v\/(.+)(.*)/)) {
- return 'flash';
- }
-
- // Google video
- if (v.indexOf('http://video.google.com/videoplay?docid=') == 0) {
- f.src.value = 'http://video.google.com/googleplayer.swf?docId=' + v.substring('http://video.google.com/videoplay?docid='.length) + '&hl=en';
- return 'flash';
- }
-
- for (i=0; i<fo.length; i++) {
- c = fo[i].split('=');
-
- el = c[1].split(',');
- for (x=0; x<el.length; x++)
- if (v.indexOf('.' + el[x]) != -1)
- return c[0];
- }
-
- return null;
-}
-
-
function serializeParameters() {
- var d = document, f = d.forms[0], s = '';
+ var d = document, s = '';
s += getStr(null, 'src');
- s += 'width:300,';
- s += 'height:225,';
// delete the tail comma
s = s.length > 0 ? s.substring(0, s.length - 1) : s;
@@ -87,10 +53,9 @@ function jsEncode(s) {
}
function generatePreview(c) {
- var f = document.forms[0], p = document.getElementById('prev'), h = '', cls, pl, n, type, codebase, wp, hp, nw, nh;
+ var f = document.forms[0], p = document.getElementById('prev');
p.innerHTML = '<!-- x --->';
- var type = getType(f.src.value);
var re = new RegExp("(.+)\#(.+)", "i");
var result = f.src.value.match(re);
if (result) {
@@ -102,7 +67,7 @@ function generatePreview(c) {
}
// After constrain
- pl = serializeParameters();
+ var pl = serializeParameters();
if (pl == '') {
p.innerHTML = '';
return;
@@ -116,22 +81,66 @@ function generatePreview(c) {
}
pl.src = tinyMCEPopup.editor.documentBaseURI.toAbsolute(pl.src);
- pl.width = !pl.width ? 100 : pl.width;
- pl.height = !pl.height ? 100 : pl.height;
- pl.id = !pl.id ? 'moodlemediaid' : pl.id;
- pl.name = !pl.name ? 'moodlemedianame' : pl.name;
- pl.align = !pl.align ? '' : pl.align;
-
- // Avoid annoying warning about insecure items
- if (!tinymce.isIE || document.location.protocol != 'https:') {
- // Include all the draftfile params after the ?
- var draftparams = pl.src.toString().replace(/^.*\/draftfile.php\//, '');
- h = '<iframe src="' + tinyMCE.baseURL + '/plugins/moodlemedia/preview.php?path=' +
- draftparams + '" width="100%" height="100%"></iframe>';
- }
+ // NOTE: Do not try to prevent https security popups here - users would get them later on real page anyway!
+
+ // We can not include URL directly in parameters because some security filters might block it.
+ p.innerHTML = '<iframe src="' + tinyMCE.baseURL + '/plugins/moodlemedia/preview.php'
+ + '?path=' + encodeURIComponent(encode64(pl.src.toString()))
+ + '&sesskey=' + encodeURIComponent(parent.M.cfg.sesskey)
+ + '" width="100%" height="100%"></iframe>';
+}
- // I don't know why the HTML comment is there, but leaving it just in case
- p.innerHTML = "<!-- x --->" + h;
+function encode64(input) {
+ /*
+ CryptoMX Tools
+ Copyright (C) 2004 - 2006 Derek Buitenhuis
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+ var keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
+ var output = "";
+ var chr1, chr2, chr3 = "";
+ var enc1, enc2, enc3, enc4 = "";
+ var i = 0;
+
+ do {
+ chr1 = input.charCodeAt(i++);
+ chr2 = input.charCodeAt(i++);
+ chr3 = input.charCodeAt(i++);
+
+ enc1 = chr1 >> 2;
+ enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
+ enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
+ enc4 = chr3 & 63;
+
+ if (isNaN(chr2)) {
+ enc3 = enc4 = 64;
+ } else if (isNaN(chr3)) {
+ enc4 = 64;
+ }
+
+ output = output +
+ keyStr.charAt(enc1) +
+ keyStr.charAt(enc2) +
+ keyStr.charAt(enc3) +
+ keyStr.charAt(enc4);
+ chr1 = chr2 = chr3 = "";
+ enc1 = enc2 = enc3 = enc4 = "";
+ } while (i < input.length);
+
+ return output;
}
tinyMCEPopup.onInit.add(init);
View
22 lib/editor/tinymce/tiny_mce/3.5.1.1/plugins/moodlemedia/preview.php
@@ -28,18 +28,22 @@
require_once($CFG->libdir . '/editorlib.php');
require_once($CFG->libdir . '/editor/tinymce/lib.php');
-// Must be logged in
+// Must be logged in and have a valid session key.
require_login();
+require_sesskey();
-// Require path to draftfile.php file
-$path = required_param('path', PARAM_PATH);
+// URL to the media.
+$path = required_param('path', PARAM_RAW);
+$path = base64_decode($path);
+$url = clean_param($path, PARAM_URL);
+$url = new moodle_url($url);
$editor = new tinymce_texteditor();
-// Now output this file which is super-simple
+// Now output this file which is super-simple.
$PAGE->set_pagelayout('embedded');
$PAGE->set_url(new moodle_url('/lib/editor/tinymce/tiny_mce/'.$editor->version.'/plugins/moodlemedia/preview.php',
- array('path' => $path)));
+ array('path' => base64_encode($path))));
$PAGE->set_context(context_system::instance());
$PAGE->add_body_class('core_media_preview');
@@ -47,14 +51,6 @@
$mediarenderer = $PAGE->get_renderer('core', 'media');
-$path = '/'.trim($path, '/');
-
-if (empty($CFG->slasharguments)) {
- $url = new moodle_url('/draftfile.php', array('file'=>$path));
-} else {
- $url = new moodle_url('/draftfile.php');
- $url->set_slashargument($path);
-}
if ($mediarenderer->can_embed_url($url)) {
echo $mediarenderer->embed_url($url);
}
Please sign in to comment.
Something went wrong with that request. Please try again.