summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHans Nilsson2012-01-11 19:37:26 (GMT)
committer Hans Nilsson2012-01-11 19:37:26 (GMT)
commit49680a6c501d3d06b4269a9958d66422986d2ef6 (patch)
tree2da6d7762ddd09090b31927890406787803649b9
parent39e8c0c2eeabb63f6695b839cf55eaab023b7771 (diff)
Fixing invalid video IDs.7.x-3.0
-rw-r--r--video_filter.codecs.inc7
1 files changed, 6 insertions, 1 deletions
diff --git a/video_filter.codecs.inc b/video_filter.codecs.inc
index 62bdd38..d377bf3 100644
--- a/video_filter.codecs.inc
+++ b/video_filter.codecs.inc
@@ -322,7 +322,7 @@ function video_filter_capped($video) {
function video_filter_bliptv($video) {
$id = $video['codec']['matches'][1];
-
+
// Since video ID in URL is different than in embed code, use API
// to lookup the embed code video ID. Adapted from emfield.module.
$result = drupal_http_request('http://blip.tv/file/' . $id . '?skin=api');
@@ -359,6 +359,11 @@ function video_filter_bliptv($video) {
}
}
$id = $response['EMBEDLOOKUP'][0];
+ // Protect from XSS.
+ if (preg_match("/[^A-Za-z0-9]/", $id, $matches)) {
+ watchdog('Video Filter', t('A faulty Blip.tv ID has been detected.'));
+ $id = 0;
+ }
}
$video['source'] = 'http://blip.tv/play/' . $id;