Start word filter

objects/functions.php

@@ -1,4 +1,16 @@
 <?php
+function forbiddenWords($text){
+    global $global;
+    if(empty($global['forbiddenWords'])){
+        return false;
+    }
+    foreach ($global['forbiddenWords'] as $value) {
+        if(preg_match("/{$value}/i", $text)){
+            return true;
+        }
+    }
+    return false;
+}
 
 function xss_esc($text){
   return htmlspecialchars($text, ENT_QUOTES, 'UTF-8');

objects/video.php

@@ -138,6 +138,11 @@ if (!class_exists('Video')) {
             }
             $this->setTitle($global['mysqli']->real_escape_string(trim($this->title)));
             $this->setDescription($global['mysqli']->real_escape_string($this->description));
+            
+            if(forbiddenWords($this->title) || forbiddenWords($this->description)){
+                return false;
+            }
+            
             $this->next_videos_id = intval($this->next_videos_id);
             if (empty($this->next_videos_id)) {
                 $this->next_videos_id = 'NULL';

view/mini-upload-form/upload.php

@@ -1,13 +1,13 @@
 <?php
+
 global $global, $config;
 session_write_close();
 $obj = new stdClass();
 $obj->error = true;
-if(!isset($global['systemRootPath'])){
+if (!isset($global['systemRootPath'])) {
     require_once '../../videos/configuration.php';
 }
-if (!User::canUpload())
+if (!User::canUpload()) {
-{
     $obj->msg = "Only logged users can upload";
     die(json_encode($obj));
 }
@@ -23,88 +23,80 @@ $allowed = array(
     'webm'
 );
 
-if (isset($_FILES['upl']) && $_FILES['upl']['error'] == 0)
+if (isset($_FILES['upl']) && $_FILES['upl']['error'] == 0) {
-{
     $extension = pathinfo($_FILES['upl']['name'], PATHINFO_EXTENSION);
-    if (!in_array(strtolower($extension) , $allowed))
+    if (!in_array(strtolower($extension), $allowed)) {
-    {
         $obj->msg = "File extension error [{$_FILES['upl']['name']}], we allow only (" . implode(",", $allowed) . ")";
         die(json_encode($obj));
     }
-    
+
     require_once $global['systemRootPath'] . 'objects/video.php';
-    
+
     $duration = Video::getDurationFromFile($_FILES['upl']['tmp_name']);
     $path_parts = pathinfo($_FILES['upl']['name']);
     $mainName = preg_replace("/[^A-Za-z0-9]/", "", cleanString($path_parts['filename']));
     $filename = uniqid($mainName . "_", true);
-    $video = new Video(substr(preg_replace("/_+/", " ", $_FILES['upl']['name']) , 0, -4) , $filename, @$_FILES['upl']['videoId']);
+    $video = new Video(substr(preg_replace("/_+/", " ", $_FILES['upl']['name']), 0, -4), $filename, @$_FILES['upl']['videoId']);
     $video->setDuration($duration);
-    
+
-    if(!empty($_POST['title'])){
+    if (!empty($_POST['title'])) {
         $video->setTitle($_POST['title']);
     }
-    
+
-    if(!empty($_POST['description'])){
+    if (!empty($_POST['description'])) {
         $video->setDescription($_POST['description']);
     }
-    
+
-    if ($extension == "mp4")
+    if ($extension == "mp4") {
-    {
         $video->setType("video");
+    } else
+    if (($extension == "mp3") || ($extension == "ogg")) {
+        $video->setType("audio");
     }
-    else
+
-        if (($extension == "mp3") || ($extension == "ogg")){
-            $video->setType("audio");
-        }
-    
     $advancedCustom = YouPHPTubePlugin::getObjectDataIfEnabled("CustomizeAdvanced");
-    if (empty($advancedCustom->makeVideosInactiveAfterEncode))
+    if (empty($advancedCustom->makeVideosInactiveAfterEncode)) {
-    {
+
-        
         // set active
-        
+
         $video->setStatus('a');
-    }
+    } else {
-    else
-    {
         $video->setStatus('i');
     }
-    
+
     $id = $video->save();
-    /**
+    if ($id) {
-     * This is when is using in a non uploaded movie
+        /**
-     */
+         * This is when is using in a non uploaded movie
-    $aws_s3 = YouPHPTubePlugin::loadPluginIfEnabled('AWS_S3');
+         */
-    $tmp_name = $_FILES['upl']['tmp_name'];
+        $aws_s3 = YouPHPTubePlugin::loadPluginIfEnabled('AWS_S3');
-    $filenameMP4 = $filename . "." . $extension;
+        $tmp_name = $_FILES['upl']['tmp_name'];
-    decideMoveUploadedToVideos($tmp_name, $filenameMP4);
+        $filenameMP4 = $filename . "." . $extension;
-    if ((YouPHPTubePlugin::isEnabled("996c9afb-b90e-40ca-90cb-934856180bb9")) && ($extension == "mp4"))
+        decideMoveUploadedToVideos($tmp_name, $filenameMP4);
-    {
+        if ((YouPHPTubePlugin::isEnabled("996c9afb-b90e-40ca-90cb-934856180bb9")) && ($extension == "mp4")) {
-        require_once $global['systemRootPath'] . 'plugin/MP4ThumbsAndGif/MP4ThumbsAndGif.php';
+            require_once $global['systemRootPath'] . 'plugin/MP4ThumbsAndGif/MP4ThumbsAndGif.php';
-        
+
-        $videoFileName = $video->getFilename();
+            $videoFileName = $video->getFilename();
-        MP4ThumbsAndGif::getImage($videoFileName, 'jpg');
+            MP4ThumbsAndGif::getImage($videoFileName, 'jpg');
-        MP4ThumbsAndGif::getImage($videoFileName, 'gif');
+            MP4ThumbsAndGif::getImage($videoFileName, 'gif');
-    }
+        } else
-    else
+        if ((YouPHPTubePlugin::isEnabled("916c9afb-css90e-26fa-97fd-864856180cc9")) && ($extension == "mp4")) {
-        if ((YouPHPTubePlugin::isEnabled("916c9afb-css90e-26fa-97fd-864856180cc9")) && ($extension == "mp4"))
-        {
             require_once $global['systemRootPath'] . 'plugin/MP4ThumbsAndGifLocal/MP4ThumbsAndGifLocal.php';
-            
+
             $videoFileName = $video->getFilename();
             MP4ThumbsAndGifLocal::getImage($videoFileName, 'jpg');
             MP4ThumbsAndGifLocal::getImage($videoFileName, 'gif');
         }
-    
+
-    //    } else if(($extension=="mp3")||($extension=="ogg")){
+        //    } else if(($extension=="mp3")||($extension=="ogg")){
-    //  }
+        //  }
-    
+
-    $obj->error = false;
+        $obj->error = false;
-    $obj->filename = $filename;
+        $obj->filename = $filename;
-    $obj->duration = $duration;
+        $obj->duration = $duration;
-    YouPHPTubePlugin::afterNewVideo($video->getId());
+        YouPHPTubePlugin::afterNewVideo($video->getId());
-    die(json_encode($obj));
+        die(json_encode($obj));
+    }
 }
 
 $obj->msg = "\$_FILES Error";