Skip to content
Permalink
Browse files Browse the repository at this point in the history
vulnerabilities issues fixed in trunk folder
git-svn-id: https://plugins.svn.wordpress.org/contus-hd-flv-player/trunk@576511 b8457f37-d9ea-0310-8a92-e5e31aec5664
  • Loading branch information
hdflvplayer committed Jul 24, 2012
1 parent 7d3b06a commit 34d66b9
Show file tree
Hide file tree
Showing 17 changed files with 460 additions and 328 deletions.
23 changes: 12 additions & 11 deletions configXML.php
@@ -1,15 +1,16 @@
<?php
/*
*
* Purpose : Player Configuration Settings
* Path:/wp-content/plugins/contus-hd-flv-player/configXML.php
* Edited by : kranthi kumar
* Version: 1.7
* Email : kranthikumar@contus.in
* Date:9/12/11
*
*/

/**
* @name : Player Configuration Settings
* @version : 1.8
* @package : apptha
* @subpackage : contus-hd-flv-player
* @author : Apptha - http://www.apptha.com
* @copyright : Copyright (C) 2011 Powered by Apptha
* @license : GNU General Public License version 2 or later; see LICENSE.txt
* @Purpose : Player Configuration Settings
* @Creation Date : Dec 09, 2011
* @Modified Date : Jul 23, 2012
* */

header("content-type:text/xml;charset=utf-8");
require_once( dirname(__FILE__) . '/hdflv-config.php');
Expand Down
55 changes: 39 additions & 16 deletions functions.php
@@ -1,11 +1,19 @@
<?php
ob_start();
/* Purpose : Common functions needed throughout the plugin
* Edited by : kranthi kumar
* Email : kranthikumar@contus.in
* Path:/wp-content/plugins/contus-hd-flv-player/function.php
* Date:9/12/11
*/
/**
* @name : Common functions needed throughout the plugin
* @version : 1.8
* @package : apptha
* @subpackage : contus-hd-flv-player
* @author : Apptha - http://www.apptha.com
* @copyright : Copyright (C) 2011 Powered by Apptha
* @license : GNU General Public License version 2 or later; see LICENSE.txt
* @Purpose : Common functions needed throughout the plugin
* @Creation Date : Dec 09, 2011
* @Modified Date : Jul 23, 2012
* */

ob_start();

require_once( dirname(__FILE__) . '/hdflv-config.php');

$name = filter_input(INPUT_GET,'name');
Expand Down Expand Up @@ -201,7 +209,8 @@ function hd_add_media($wptfile_abspath, $wp_urlpath) {
// Get input informations from POST
$sorder = $_POST['sorder'];

$act_name = trim($_POST['name']);
$act_name = strip_tags(trim($_POST['name']));
$act_name = preg_replace("/[^a-zA-Z0-9\/_-\s]/", '', $act_name);

if ($_POST['youtube-value'] != '') {

Expand Down Expand Up @@ -289,7 +298,7 @@ function hd_update_thumb($wptfile_abspath,$showPath,$updateID) {
global $wpdb;
$uploadPath = $wpdb->get_col("SELECT upload_path FROM " . $wpdb->prefix . "hdflv_settings");
$uPath = $uploadPath[0];
//echo "<pre>"; print_r($_POST); echo "</pre>";
$uploadStatus = '';

if($uPath != ''){
$wp_urlpath = $wptfile_abspath.$uPath.'/';
Expand All @@ -303,26 +312,32 @@ function hd_update_thumb($wptfile_abspath,$showPath,$updateID) {
$random_digit = rand(0000,9999);
$new_file_name=$random_digit.'_'.$cname;
if(move_uploaded_file($tname ,$wp_urlpath . $new_file_name)){
$uploadStatus = true;
$updated_thumb=$new_file_name;
}
}else{
$uploadStatus = false;
render_error(__('Invalid File Format Uploaded', 'hdflv'));
}
if($uPath != ''){
$wp_showPath = $showPath.$uPath.'/';
}else{
$wp_showPath = $showPath.'/';
}
if($uploadStatus == '1'){
$updated_thumb_value = $wp_showPath.$updated_thumb;
$wpdb->query(" UPDATE " . $wpdb->prefix . "hdflv SET image= '$updated_thumb_value' WHERE vid = '$updateID'");
render_message(__('Image Update Successfully', 'hdflv'));
return;
}
}
//Function for updating preview image
function hd_update_preview($wptfile_abspath,$showPath,$updateID) {

global $wpdb;
$uploadPath = $wpdb->get_col("SELECT upload_path FROM " . $wpdb->prefix . "hdflv_settings");
$uPath = $uploadPath[0];
//echo "<pre>"; print_r($_POST); echo "</pre>";
$uploadStatus = '';

if($uPath != ''){
$wp_urlpath = $wptfile_abspath.$uPath.'/';
Expand All @@ -337,18 +352,24 @@ function hd_update_preview($wptfile_abspath,$showPath,$updateID) {
$random_digit = rand(0000,9999);
$new_file_name=$random_digit.'_'.$cname;
if(move_uploaded_file($tname ,$wp_urlpath . $new_file_name)){
$uploadStatus = true;
$updated_preview = $new_file_name;
}
}else{
$uploadStatus = false;
render_error(__('Invalid File Format Uploaded', 'hdflv'));
}
if($uPath != ''){
$wp_showPath = $showPath.$uPath.'/';
}else{
$wp_showPath = $showPath.'/';
}
if($uploadStatus == '1'){
$updated_preview_value = $wp_showPath.$updated_preview;
$wpdb->query(" UPDATE " . $wpdb->prefix . "hdflv SET opimage= '$updated_preview_value' WHERE vid = '$updateID'");
render_message(__('Image Update Successfully', 'hdflv'));
return;
}
}
//Function used for retrieving YOUTUBE url
function youtubeurl() {
Expand Down Expand Up @@ -376,7 +397,8 @@ function hd_update_media($media_id) {
global $wpdb;
$pieces = explode(",", $_POST['hid']);
$sorder = $_POST['sorder'];
$act_name = addslashes(trim($_POST['act_name']));
$act_name = strip_tags(trim($_POST['act_name']));
$act_name = preg_replace("/[^a-zA-Z0-9\/_-\s]/", '', $act_name);
$act_filepath = addslashes(trim($_POST['act_filepath']));
$act_image = addslashes(trim($_POST['act_image']));
$act_hdpath = addslashes(trim($_POST['act_hdpath']));
Expand Down Expand Up @@ -509,8 +531,9 @@ function hd_add_playlist() {
global $wpdb;

// Get input informations from POST
$p_name = addslashes(trim($_POST['p_name']));
$p_description = addslashes(trim($_POST['p_description']));
$p_name = strip_tags(trim($_POST['p_name']));
$p_name = preg_replace("/[^a-zA-Z0-9\/_-\s]/", '', $p_name);
$p_description = strip_tags(trim($_POST['p_description']));
$p_playlistorder = $_POST['sortorder'];
if (empty($p_playlistorder))
$p_playlistorder = "ASC";
Expand Down Expand Up @@ -541,9 +564,9 @@ function hd_update_playlist() {

// Get input informations from POST
$p_id = (int) ($_POST['p_id']);
$p_name = addslashes(trim($_POST['p_name']));

$p_description = addslashes(trim($_POST['p_description']));
$p_name = strip_tags(trim($_POST['p_name']));
$p_name = preg_replace("/[^a-zA-Z0-9\/_-\s]/", '', $p_name);
$p_description = strip_tags(trim($_POST['p_description']));
$p_playlistorder = $_POST['sortorder'];

//echo $siteUrl = $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?page='.$_GET['page'].'&mode='.$_GET['mode'];
Expand Down
22 changes: 13 additions & 9 deletions hdflv-config.php
@@ -1,13 +1,17 @@
<?php
/*
* version : 1.6
* Edited by : kranthi kumar
* Email : kranthikumar@contus.in
* Purpose : configuration of plugin
* Path:/wp-content/plugins/contus-hd-flv-player/hdflv-config.php
* Date:9/12/11
*
*/
/**
* @name : configuration of plugin
* @version : 1.8
* @package : apptha
* @subpackage : contus-hd-flv-player
* @author : Apptha - http://www.apptha.com
* @copyright : Copyright (C) 2011 Powered by Apptha
* @license : GNU General Public License version 2 or later; see LICENSE.txt
* @Purpose : configuration of plugin
* @Creation Date : Dec 09, 2011
* @Modified Date : Jul 23, 2012
* */

/**
* Bootstrap file for getting the ABSPATH constant to wp-load.php
* This is requried when a plugin requires access not via the admin screen.
Expand Down
7 changes: 0 additions & 7 deletions hdflvplayer/css/jquery.ui.all.css
Expand Up @@ -9,10 +9,3 @@
*/
@import "jquery.ui.base.css";
@import "jquery.ui.theme.css";
.column { width: 500px; float: left; padding-bottom: 20px; }
.portlet { margin: 0 1em 1em 0; }
.portlet-header { margin: 0.3em; padding-bottom: 4px; padding-left: 10px;padding-top: 4px;font-size:12px; }
.portlet-header .ui-icon { float: right; }
.portlet-content { padding: 0.4em; font-size:12px;}
.ui-sortable-placeholder { border: 1px dotted black; visibility: visible !important; height: 50px !important; }
.ui-sortable-placeholder * { visibility: hidden; }
2 changes: 1 addition & 1 deletion hdflvplayer/css/jquery.ui.theme.css
Expand Up @@ -16,7 +16,7 @@
.ui-widget { font-family: Verdana,Arial,sans-serif/*{ffDefault}*/; font-size: 1.1em/*{fsDefault}*/; }
.ui-widget .ui-widget { font-size: 1em; }
.ui-widget input, .ui-widget select, .ui-widget textarea, .ui-widget button { font-family: Verdana,Arial,sans-serif/*{ffDefault}*/; font-size: 1em; }
.ui-widget-content { border: 1px solid #aaaaaa/*{borderColorContent}*/; background: #ffffff/*{bgColorContent}*/ /*{bgImgUrlContent}*/ 50%/*{bgContentXPos}*/ 50%/*{bgContentYPos}*/ repeat-x/*{bgContentRepeat}*/; color: #222222/*{fcContent}*/; }
.ui-widget-content { border: 1px solid #aaaaaa/*{borderColorContent}*/; background: #ffffff/*{bgColorContent}*/ url(images/ui-bg_flat_75_ffffff_40x100.png)/*{bgImgUrlContent}*/ 50%/*{bgContentXPos}*/ 50%/*{bgContentYPos}*/ repeat-x/*{bgContentRepeat}*/; color: #222222/*{fcContent}*/; }
.ui-widget-content a { color: #222222/*{fcContent}*/; }
.ui-widget-header { border: 1px solid #aaaaaa/*{borderColorHeader}*/; background: #cccccc/*{bgColorHeader}*/ url(images/ui-bg_highlight-soft_75_cccccc_1x100.png)/*{bgImgUrlHeader}*/ 50%/*{bgHeaderXPos}*/ 50%/*{bgHeaderYPos}*/ repeat-x/*{bgHeaderRepeat}*/; color: #222222/*{fcHeader}*/; font-weight: bold; }
.ui-widget-header a { color: #222222/*{fcHeader}*/; }
Expand Down
32 changes: 32 additions & 0 deletions hdflvplayer/xml-nouse/config.xml
@@ -0,0 +1,32 @@
<?xml version="1.0" encoding="utf-8"?>
<config
license="Key provided for commercial version"
stagecolor="0x000000"
autoplay="true"
buffer="3"
Volume="false"
fullscreenscale="0"
normalscale="0"
logopath="hdflvplayer/images/platoon.png"
logoalpha="50"
logoalign="TR"
Download="false"
logo_target="http://www.hdflvplayer.net/"
skin="hdflvplayer/skin/skin_black/skin_black.swf"
skin_autohide="false"
language = "English"
playlistXML="hdflvplayer/xml/playlist.xml"
playlist_open="false"
showPlaylist ="true"
HD_default="false"
vast="false"
vast_partnerid=""
streamer=""
embed_visible="true"
UseYouTubeApi="flash"
debug="true">
<timer>true</timer>
<zoom>true</zoom>
<email>true</email>
<fullscreen>true</fullscreen>
</config>
23 changes: 23 additions & 0 deletions hdflvplayer/xml-nouse/playlist.xml
@@ -0,0 +1,23 @@
<?xml version="1.0" encoding="utf-8"?>
<playlist autoplay="false" random="false">

<mainvideo url="http://www.hdflvplayer.net/videos/300.mp4"
hdpath="http://www.hdflvplayer.net/videos/300.mp4"
id="100"
thu_image=""
Preview=""
preroll="true"
midroll="true"
postroll="true"
allow_download="true"
streamer=""
isLive="false" >
<title><![CDATA[Welcome]]></title>
<!--Optional-->
<tagline targeturl="https://mydomain.com"><![CDATA[<span class='heading'>Tagline - </span> <b>Your short description goes here for Videos.</b> ]]></tagline>
</mainvideo>




</playlist>
1 change: 1 addition & 0 deletions hdflvplayer/youtubeurl.php
@@ -1,4 +1,5 @@
<?php

/*
* version : 1.6
* Edited by : John THomas
Expand Down
7 changes: 3 additions & 4 deletions hdflvplugin.php
@@ -1,15 +1,14 @@
<?php
/*
* Plugin Name: Contus HDFLVPlayer Plugin
* Version: 1.7
* Version: 1.8
* Author: Apptha
* Plugin URI: http://www.apptha.com/category/extension/Wordpress/HD-FLV-Player-Plugin/
* Author URI: http://www.apptha.com/
* Description: Contus HD FLV Player simplifies the process of adding high definition videos to the Wordpress blog. The plugin efficiently plays your Videos with high quality video and audio output.
* Path :wp-content\plugins\contus-hd-flv-player\hdflvplugin.php
* Edited by : kranthi kumar
* Email : kranthikumar@contus.in
* date:09/12/11
* Creation Date : Dec 09, 2011
* Modified Date : Jul 23, 2012
* Purpose : Main plugin file to configure
*/
session_start();
Expand Down
Binary file modified images/Thumbs.db
Binary file not shown.
19 changes: 13 additions & 6 deletions install.php
@@ -1,10 +1,17 @@
<?php
/*
* Purpose : Used for installing player plugin (Creating tables)
* Edited By : kranthi kumar
* Version: 1.7
* Email : kranthikumar@contus.in
*/
/**
* @name : Used for installing player plugin (Creating tables)
* @version : 1.8
* @package : apptha
* @subpackage : contus-hd-flv-player
* @author : Apptha - http://www.apptha.com
* @copyright : Copyright (C) 2011 Powered by Apptha
* @license : GNU General Public License version 2 or later; see LICENSE.txt
* @Purpose : Used for installing player plugin (Creating tables)
* @Creation Date : Dec 09, 2011
* @Modified Date : Jul 23, 2012
* */

/****************************************************************/
/* Install routine for hdflvplayer
/****************************************************************/
Expand Down

0 comments on commit 34d66b9

Please sign in to comment.