diff options
| author | Fabio Varesano <fax8@13637.no-reply.drupal.org> | 2006-06-19 20:55:12 +0000 |
|---|---|---|
| committer | Fabio Varesano <fax8@13637.no-reply.drupal.org> | 2006-06-19 20:55:12 +0000 |
| commit | 107e6f3bbc6963173e04b8350d4401ccb314e4fd (patch) | |
| tree | 5d0868c8fca1c642f363e6c006c031541e3143e5 /plugins | |
| parent | bff6fafe62a4201c99bdba20144313276d654bca (diff) | |
| download | video-107e6f3bbc6963173e04b8350d4401ccb314e4fd.tar.gz video-107e6f3bbc6963173e04b8350d4401ccb314e4fd.tar.bz2 | |
Corrected some XSS vulnerabilities.
Thanks to Dries Buytaert for pointing them out.
Chænged '%d' to %d for Postgres SQL compatibility
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/video_customfields/video_customfields.module | 2 | ||||
| -rw-r--r-- | plugins/video_multidownload/video_multidownload.module | 24 | ||||
| -rw-r--r-- | plugins/video_upload/video_upload.module | 70 |
3 files changed, 60 insertions, 36 deletions
diff --git a/plugins/video_customfields/video_customfields.module b/plugins/video_customfields/video_customfields.module index f6b2e50..95c993c 100644 --- a/plugins/video_customfields/video_customfields.module +++ b/plugins/video_customfields/video_customfields.module @@ -195,7 +195,7 @@ function theme_video_customfields($node) { if (($title1 . $title2 . $title3 . $title4 . $title5 . $title6) != '') { $output = '<div class="videofields">'; //Enclose all output in "videofields" div class. if ($group_title != '') { - $output .= '<div class="title"><h2>' . $group_title . '</h2></div>' . "\n"; + $output .= '<div class="title"><h2>' . check_plain($group_title) . '</h2></div>' . "\n"; } if ($title1 != '' and $node->custom_field_1 != '') { $fields[] = array('title' => $title1, 'body' => $field1); diff --git a/plugins/video_multidownload/video_multidownload.module b/plugins/video_multidownload/video_multidownload.module index 03027bf..ddbba8e 100644 --- a/plugins/video_multidownload/video_multidownload.module +++ b/plugins/video_multidownload/video_multidownload.module @@ -100,6 +100,28 @@ function video_multidownload_form_alter($form_id, &$form) { } +/** + * Implementation of hook_nodeapi() + */ +function video_upload_nodeapi(&$node, $op, $teaser) { + if($node->type == 'video') { + switch ($op) { + + case 'validate': + //Validate multi-file download values. + if (user_access('create multi-file downloads')) { //Make sure the user has permission. + //Checks to make sure either multi-downloads are disabled, or a valid folder is given, or use_play_folder is checked. + if ($node->disable_multidownload == 0 and !is_dir(getcwd() . '/' . $node->download_folder) and $node->use_play_folder == 0) { + form_set_error('disable_multidownload', t("Please disable multi-file downloads if you are not going to use the feature.")); + form_set_error('download_folder', t('Download directory does not exist. Make sure it has a trailing forward slash "/".')); + } + } + break; + } + } +} + + function video_multidownload_download() { if ($node = node_load(arg(1))) { @@ -227,7 +249,7 @@ function theme_video_multidownload_download($node) { $breadcrumb[] = l(t('View'), "node/$node->nid"); drupal_set_breadcrumb($breadcrumb); - drupal_set_title(t('Downloading').' '.$node->title); + drupal_set_title(t('Downloading').' '. theme('placeholder', $node->title)); return theme("page", $output); } diff --git a/plugins/video_upload/video_upload.module b/plugins/video_upload/video_upload.module index 22f8b1c..1f82b2a 100644 --- a/plugins/video_upload/video_upload.module +++ b/plugins/video_upload/video_upload.module @@ -63,40 +63,42 @@ function video_upload_perm() { * Implementation of hook_nodeapi() */ function video_upload_nodeapi(&$node, $op, $teaser) { - switch ($op) { - - case 'load': - $output['video_upload_file'] = _video_upload_load($node); - $output['vidfile'] = file_create_url($output['video_upload_file']->filepath); - return $output; - case 'prepare': - _video_upload_prepare($node); - break; - - case 'validate': - _video_upload_validate($node); - break; - - - case 'submit': - _video_upload_submit($node); - break; - - case 'insert': - case 'update': - _video_upload_store($node); - break; - - case 'delete': - ; - break; - - case 'delete revision': - video_upload_delete_revision($node); - break; - - - + if($node->type == 'video') { + switch ($op) { + + case 'load': + $output['video_upload_file'] = _video_upload_load($node); + $output['vidfile'] = file_create_url($output['video_upload_file']->filepath); + return $output; + case 'prepare': + _video_upload_prepare($node); + break; + + case 'validate': + _video_upload_validate($node); + break; + + + case 'submit': + _video_upload_submit($node); + break; + + case 'insert': + case 'update': + _video_upload_store($node); + break; + + case 'delete': + ; + break; + + case 'delete revision': + video_upload_delete_revision($node); + break; + + + + } } } |