From 107e6f3bbc6963173e04b8350d4401ccb314e4fd Mon Sep 17 00:00:00 2001
From: Fabio Varesano <fax8@13637.no-reply.drupal.org>
Date: Mon, 19 Jun 2006 20:55:12 +0000
Subject: Corrected some XSS vulnerabilities. Thanks to Dries Buytaert for
 pointing them out.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Chænged '%d' to %d for Postgres SQL compatibility
---
 .../video_customfields/video_customfields.module   |  2 +-
 .../video_multidownload/video_multidownload.module | 24 +++++++-
 plugins/video_upload/video_upload.module           | 70 +++++++++++-----------
 3 files changed, 60 insertions(+), 36 deletions(-)

(limited to 'plugins')

diff --git a/plugins/video_customfields/video_customfields.module b/plugins/video_customfields/video_customfields.module
index f6b2e50..95c993c 100644
--- a/plugins/video_customfields/video_customfields.module
+++ b/plugins/video_customfields/video_customfields.module
@@ -195,7 +195,7 @@ function theme_video_customfields($node) {
   if (($title1 . $title2 . $title3 . $title4 . $title5 . $title6) != '') {
     $output = '<div class="videofields">'; //Enclose all output in "videofields" div class.
     if ($group_title != '') {
-      $output .= '<div class="title"><h2>' . $group_title . '</h2></div>' . "\n";
+      $output .= '<div class="title"><h2>' . check_plain($group_title) . '</h2></div>' . "\n";
     }
     if ($title1 != '' and $node->custom_field_1 != '') {
       $fields[] = array('title' => $title1, 'body' => $field1);
diff --git a/plugins/video_multidownload/video_multidownload.module b/plugins/video_multidownload/video_multidownload.module
index 03027bf..ddbba8e 100644
--- a/plugins/video_multidownload/video_multidownload.module
+++ b/plugins/video_multidownload/video_multidownload.module
@@ -100,6 +100,28 @@ function video_multidownload_form_alter($form_id, &$form) {
 }
 
 
+/**
+ * Implementation of hook_nodeapi()
+ */
+function video_upload_nodeapi(&$node, $op, $teaser) {
+  if($node->type == 'video') {
+    switch ($op) {
+  
+      case 'validate':
+        //Validate multi-file download values.
+        if (user_access('create multi-file downloads')) { //Make sure the user has permission.
+          //Checks to make sure either multi-downloads are disabled, or a valid folder is given, or use_play_folder is checked.
+          if ($node->disable_multidownload == 0 and !is_dir(getcwd() . '/' . $node->download_folder) and $node->use_play_folder == 0) {
+              form_set_error('disable_multidownload', t("Please disable multi-file downloads if you are not going to use the feature."));
+              form_set_error('download_folder', t('Download directory does not exist. Make sure it has a trailing forward slash "/".'));
+          }
+        }
+      break;
+    }
+  }
+}
+
+
 
 function video_multidownload_download() {
   if ($node = node_load(arg(1))) {
@@ -227,7 +249,7 @@ function theme_video_multidownload_download($node) {
   $breadcrumb[] = l(t('View'), "node/$node->nid");
   drupal_set_breadcrumb($breadcrumb);
 
-  drupal_set_title(t('Downloading').' '.$node->title);
+  drupal_set_title(t('Downloading').' '. theme('placeholder', $node->title));
   return theme("page", $output);
 }
 
diff --git a/plugins/video_upload/video_upload.module b/plugins/video_upload/video_upload.module
index 22f8b1c..1f82b2a 100644
--- a/plugins/video_upload/video_upload.module
+++ b/plugins/video_upload/video_upload.module
@@ -63,40 +63,42 @@ function video_upload_perm() {
  * Implementation of hook_nodeapi()
  */
 function video_upload_nodeapi(&$node, $op, $teaser) {
-  switch ($op) {
-
-    case 'load':
-      $output['video_upload_file'] = _video_upload_load($node);
-      $output['vidfile'] = file_create_url($output['video_upload_file']->filepath);
-      return $output;
-    case 'prepare':
-      _video_upload_prepare($node);
-      break;
-
-    case 'validate':
-       _video_upload_validate($node);
-      break;
-
-
-    case 'submit':
-      _video_upload_submit($node);
-      break;
-
-    case 'insert':
-    case 'update':
-      _video_upload_store($node);
-      break;
-
-    case 'delete':
-      ;
-      break;
-
-    case 'delete revision':
-      video_upload_delete_revision($node);
-      break;
-
-
-
+  if($node->type == 'video') {
+    switch ($op) {
+  
+      case 'load':
+        $output['video_upload_file'] = _video_upload_load($node);
+        $output['vidfile'] = file_create_url($output['video_upload_file']->filepath);
+        return $output;
+      case 'prepare':
+        _video_upload_prepare($node);
+        break;
+  
+      case 'validate':
+         _video_upload_validate($node);
+        break;
+  
+  
+      case 'submit':
+        _video_upload_submit($node);
+        break;
+  
+      case 'insert':
+      case 'update':
+        _video_upload_store($node);
+        break;
+  
+      case 'delete':
+        ;
+        break;
+  
+      case 'delete revision':
+        video_upload_delete_revision($node);
+        break;
+  
+  
+  
+    }
   }
 }
 
-- 
cgit v1.2.3