On 18 Jun 2006, at 18:30, Fabio Varesano wrote:
I just uploaded to cvs a new version of the video module which adds long time needed and requested features to the module.
The new code is still not mature and I'd like you guys to give a try to the new video module and reports your bug at http://drupal.org/node/add/project_issue/video
1. Your code has various XSS problems. For example: t('play %link', array('%link' => $node->title)) should be: t('play %link', array('%link' => theme('placeholder', $node->title))) You also need to escape data before outputting it: <object type="video/quicktime" width="'. $node->videox .'" height="'. $height .'" data="'. $node->vidfile .'"> It's insecure, and unfortunately, it needs quite a bit of work. 2. For consistency, don't capitalize each word in a sentence. For example: Video Size Height should be: Video size height 3. In MySQL queries you don't need quotes around %d; that will break compatibility with PostgreSQL. Hope that helps, -- Dries Buytaert :: http://www.buytaert.net/