[development] Video module getting ready for 4.7 release: need help debugging

Dries Buytaert dries.buytaert at gmail.com
Sun Jun 18 21:44:10 UTC 2006

On 18 Jun 2006, at 18:30, Fabio Varesano wrote:
> I just uploaded to cvs a new version of the video module which adds
> long time needed and requested features to the module.
> The new code is still not mature and I'd like you guys to give a
> try to the new video module and reports your bug at
> http://drupal.org/node/add/project_issue/video

1. Your code has various XSS problems.  For example:

   t('play %link', array('%link' => $node->title))

should be:

   t('play %link', array('%link' => theme('placeholder', $node->title)))

You also need to escape data before outputting it:

   <object type="video/quicktime" width="'. $node->videox .'"  
height="'. $height .'" data="'. $node->vidfile .'">

It's insecure, and unfortunately, it needs quite a bit of work.

2. For consistency, don't capitalize each word in a sentence.  For  

   Video Size Height

should be:

   Video size height

3. In MySQL queries you don't need quotes around %d; that will break  
compatibility with PostgreSQL.

Hope that helps,

Dries Buytaert  ::  http://www.buytaert.net/

More information about the development mailing list