Icy Phoenix

     
 


Post new topic  Reply to topic 
Page 1 of 1
 
 
Reply with quote Download Post 
Post BBCODE - Improved Youtube Insertion 
 
Hi all!

this is not a support topic, but I can't create topics in other places, so I let this here.
I have improved the insertion of youtube videos with BBcode. As you should know, the actual BBcode, requires users to clear the url to get the video ID and write it here. A lot of users don't know what is a video id, so I made the BBcode translator be the one to take the vid Id and use the new Youtube insertion with <iframe> html tag.

As some users are used to insert videos with only the Id, the BBcode still works if they insert only the Id, they insert an Url with more vars, or even if they insert the short Url version.

Let's see how:
OPEN ip_root/includes/bbcode.php
FIND
Code: [Download] [Hide] [Select]
else if ($tag === 'youtube')
                                {
                                        $color_append = '';
                                        if ($color_1 || $color_2)
                                        {
                                                $color_append .= ($color_1 ? ('&color1=0x' . str_replace('#', '', $color_1)) : '');
                                                $color_append .= ($color_2 ? ('&color2=0x' . str_replace('#', '', $color_2)) : '');
                                        }

                                        $width = in_array($width, $width_array) ? $width : 640;
                                        $height = in_array($height, $height_array) ? $height : 385;
                                        $html = '<object width="' . $width . '" height="' . $height . '"><param name="movie" value="http://www.youtube.com/v/' . $content . $color_append . '" /><embed src="http://www.youtube.com/v/' . $content . $color_append . '" type="application/x-shockwave-flash" width="' . $width . '" height="' . $height . '"></embed></object><br /><a href="http://youtube.com/watch?v=' . $content . $color_append . '" target="_blank">Link</a><br />';
                                }

REPLACE WITH
Code: [Download] [Hide] [Select]
else if ($tag === 'youtube')
                                {
//check URL type
                    $vid = '';
                    if (strpos($content,'youtu.be')!==FALSE){ // short URL
                        $parsedUrl = parse_url($content);    //parse the URL to split it in parts
                        $vid = str_replace('/','',$parsedUrl['path']); //get the path and delete the initial / simbol
                    } else if (strrpos($content,'youtube')!==FALSE) { // long URL
                        $parsedUrl = parse_url($content); // parse the URL to split it in parts
                        parse_str($parsedUrl['query']); // get the query part (vars) and parse them into name and value
                        $vid = $v; //send the value to the destination var.
                    } else // in this case, the user entered only the vid
                        $vid = $content;                        

                    $width = in_array($width, $width_array) ? $width : 640;
                    $height = in_array($height, $height_array) ? $height : 385;
                    $html = "<iframe width=\"$width\" height=\"$height\" src=\"http://www.youtube.com/embed/$vid\" frameborder=\"0\" allowfullscreen></iframe>";
}


if you want to use the old video insertion with <object> tag: just change the last line for:

Code: [Download] [Hide] [Select]
$html = "<object width=\"$width\" height=\"$height\"><param name=\"movie\" value=\"http://www.youtube.com/v/$vid?version=3&\"></param><param name=\"allowFullScreen\" value=\"true\"></param><param name=\"allowscriptaccess\" value=\"always\"></param><embed src=\"http://www.youtube.com/v/$vid?version=3&\" type=\"application/x-shockwave-flash\" width=\"$width\" height=\"$height\" allowscriptaccess=\"always\" allowfullscreen=\"true\"></embed></object>";


As you will see, now this four options works:

Code: [Download] [Hide] [Select]
[youtube]http://youtu.be/z0XAI-PFQcA[/youtube]
[youtube]http://www.youtube.com/watch?v=z0XAI-PFQcA[/youtube]
[youtube]http://www.youtube.com/watch?v=KtBbyglq37E&feature=list_other&playnext=1&list=AL94UKMTqg-9AQHw-H4wKwQuvHKZQH67tF[/youtube]
[youtube]z0XAI-PFQcA[/youtube]


I hope this can help anyone! Have a nice day!.
 



 
jefazo666Send private message  
Back to topPage bottom
Icy Phoenix is an open source project, you can show your appreciation and support future development by donating to the project.

Support us
 
Reply with quote Download Post 
Post Re: BBCODE - Improved Youtube Insertion 
 
Thank you for the suggestion, I have implemented it on my dev environment and I'll probably implement officially.

I just wanted to point out that your code has a security flaw for at least two reasons:

  1. parse_str function has been used without specifying an output var: http://it.php.net/manual/en/function.parse-str.php
    This means that someone can arbitrarily pass some OFFENDING code directly through HTTP QUERY STRING by overriding some other vars in bbcode.php (a fix is provided in my code below).
  2. Video content string is not sanitized, this means that someone can arbitrarily close the IFRAME tag by sending proper HTTP QUERY STRING and open another IFRAME with its own code (a fix is provided in my code below).




Code: [Download] [Hide] [Select]
                    //check URL type
                    $video_file = $content;
                    if (strpos($content, 'youtu.be') !== false)
                    {
                        // Short URL
                        // parse the URL to split it in parts
                        $parsed_url = parse_url($content);
                        // get the path and delete the initial / simbol
                        $video_file = str_replace('/', '', $parsed_url['path']);
                    }
                    elseif (strrpos($content, 'youtube') !== false)
                    {
                        // Long URL
                        // parse the URL to split it in parts
                        $parsed_url = parse_url($content);
                        // get the query part (vars) and parse them into name and value
                        parse_str($parsed_url['query'], $qvars);
                        // send the value to the destination var.
                        $video_file = $qvars['v'];
                    }
                    $video_file = preg_replace('/[^A-Za-z0-9]+/', '', $video_file);

 




____________
Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
 
Mighty GorgonSend private messageSend e-mail to userVisit poster's website  
Back to topPage bottom
Post new topic  Reply to topic  Page 1 of 1
 


Display posts from previous:    

HideWas this topic useful?

Link this topic
URL
BBCode
HTML




 
Permissions List
You cannot post new topics
You cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events


  

 

  cron