[development] Video module getting ready for 4.7 release: need
help debugging
Dries Buytaert
dries.buytaert at gmail.com
Sun Jun 18 21:44:10 UTC 2006
On 18 Jun 2006, at 18:30, Fabio Varesano wrote:
> I just uploaded to cvs a new version of the video module which adds
> long time needed and requested features to the module.
>
> The new code is still not mature and I'd like you guys to give a
> try to the new video module and reports your bug at
> http://drupal.org/node/add/project_issue/video
1. Your code has various XSS problems. For example:
t('play %link', array('%link' => $node->title))
should be:
t('play %link', array('%link' => theme('placeholder', $node->title)))
You also need to escape data before outputting it:
<object type="video/quicktime" width="'. $node->videox .'"
height="'. $height .'" data="'. $node->vidfile .'">
It's insecure, and unfortunately, it needs quite a bit of work.
2. For consistency, don't capitalize each word in a sentence. For
example:
Video Size Height
should be:
Video size height
3. In MySQL queries you don't need quotes around %d; that will break
compatibility with PostgreSQL.
Hope that helps,
--
Dries Buytaert :: http://www.buytaert.net/
More information about the development
mailing list