yetangitu/Oinktube
1
0
Fork 0
mirror of https://github.com/DanielnetoDotCom/YouPHPTube synced 2025-10-03 01:39:24 +02:00
Code Issues Releases Wiki Activity

TALOS Security Advisory for WWBN (TALOS-2022-1551, TALOS-2022-1550, TALOS-2022-1549, TALOS-2022-1548, TALOS-2022-1547, TALOS-2022-1546, TALOS-2022-1545, TALOS-2022-1542, TALOS-2022-1540 - TALOS-2022-1534)

Browse source 
Should all be good now
This commit is contained in:
DanieL 2022-07-07 17:24:20 -03:00
parent 68328cdd42
commit 21fed6e0b7
36 changed files with 3221 additions and 3091 deletions
Download patch file Download diff file Expand all files Collapse all files

2
install/checkConfiguration.php
View file

@ -4,7 +4,7 @@ if (file_exists("../videos/configuration.php")) {
exit;
}
$installationVersion = "11.8";
$installationVersion = "12.0";
error_log("Installation: ".__LINE__." ". json_encode($_POST));
header('Content-Type: application/json');

58
install/liveLinks.php
View file

@ -1,29 +1,29 @@
<?php
//streamer config
require_once '../videos/configuration.php';
if (!isCommandLineInterface()) {
return die('Command Line only');
}
AVideoPlugin::loadPlugin("Live");
$channelName = $global['mysqli']->real_escape_string($channelName);
$sql = "SELECT lt.*, u.* FROM users u LEFT JOIN live_transmitions lt ON users_id = u.id "
. " WHERE canStream = 1 AND status = 'a' ORDER BY public DESC LIMIT 20";
$res = sqlDAL::readSql($sql);
$users = sqlDAL::fetchAllAssoc($res);
sqlDAL::close($res);
if ($res != false) {
foreach ($users as $row) {
echo "-----------------------------------".PHP_EOL;
if (!empty($row['public'])) {
echo "PUBLIC ";
}
echo "{$row['id']} - {$row['user']} ".PHP_EOL;
echo Live::getServer() . "?p=" . $row['password'] . "/" . $row['key'].PHP_EOL;
echo Live::getLinkToLiveFromUsers_id($row['id']).PHP_EOL;
echo "-----------------------------------".PHP_EOL;
}
}
die();
<?php
//streamer config
require_once '../videos/configuration.php';
if (!isCommandLineInterface()) {
return die('Command Line only');
}
AVideoPlugin::loadPlugin("Live");
$channelName = ($channelName);
$sql = "SELECT lt.*, u.* FROM users u LEFT JOIN live_transmitions lt ON users_id = u.id "
. " WHERE canStream = 1 AND status = 'a' ORDER BY public DESC LIMIT 20";
$res = sqlDAL::readSql($sql);
$users = sqlDAL::fetchAllAssoc($res);
sqlDAL::close($res);
if ($res != false) {
foreach ($users as $row) {
echo "-----------------------------------".PHP_EOL;
if (!empty($row['public'])) {
echo "PUBLIC ";
}
echo "{$row['id']} - {$row['user']} ".PHP_EOL;
echo Live::getServer() . "?p=" . $row['password'] . "/" . $row['key'].PHP_EOL;
echo Live::getLinkToLiveFromUsers_id($row['id']).PHP_EOL;
echo "-----------------------------------".PHP_EOL;
}
}
die();

45
objects/Object.php
View file

@ -3,7 +3,6 @@ interface ObjectInterface
{
public static function getTableName();
public static function getSearchFieldsNames();
}
$tableExists = [];
@ -19,8 +18,12 @@ abstract class ObjectYPT implements ObjectInterface
$this->load($id);
}
}
public static function getSearchFieldsNames(){
return array();
}
protected function load($id)
public function load($id)
{
$row = self::getFromDb($id);
if (empty($row)) {
@ -165,8 +168,8 @@ abstract class ObjectYPT implements ObjectInterface
if (!empty($_POST['sort'])) {
$orderBy = [];
foreach ($_POST['sort'] as $key => $value) {
$key = $global['mysqli']->real_escape_string($key);
//$value = $global['mysqli']->real_escape_string($value);
$key = ($key);
//$value = ($value);
$direction = "ASC";
if (strtoupper($value) === "DESC") {
$direction = "DESC";
@ -253,7 +256,7 @@ abstract class ObjectYPT implements ObjectInterface
}
if (!empty($_GET['q'])) {
global $global;
$search = $global['mysqli']->real_escape_string(xss_esc($_GET['q']));
$search = (xss_esc($_GET['q']));
$like = [];
$searchFields = static::getSearchFieldsNames();
@ -287,10 +290,13 @@ abstract class ObjectYPT implements ObjectInterface
}
global $global;
$fieldsName = $this->getAllFields();
$formats = '';
$values = array();
if (!empty($this->id)) {
$sql = "UPDATE " . static::getTableName() . " SET ";
$fields = [];
foreach ($fieldsName as $value) {
//$escapedValue = $global['mysqli']->real_escape_string($this->$value);
if (strtolower($value) == 'created') {
// do nothing
} elseif (strtolower($value) == 'modified') {
@ -299,17 +305,21 @@ abstract class ObjectYPT implements ObjectInterface
if (empty($this->$value)) {
$this->$value = date_default_timezone_get();
}
$fields[] = " `{$value}` = '{$this->$value}' ";
} elseif (is_numeric($this->$value)) {
$fields[] = " `{$value}` = {$this->$value} ";
$formats .= 's';
$values[] = $this->$value;
$fields[] = " `{$value}` = ? ";
} elseif (!isset($this->$value) || strtolower($this->$value) == 'null') {
$fields[] = " `{$value}` = NULL ";
} else {
$fields[] = " `{$value}` = '{$this->$value}' ";
$formats .= 's';
$values[] = $this->$value;
$fields[] = " `{$value}` = ? ";
}
}
$sql .= implode(", ", $fields);
$sql .= " WHERE id = {$this->id}";
$formats .= 'i';
$values[] = $this->id;
$sql .= " WHERE id = ?";
} else {
$sql = "INSERT INTO " . static::getTableName() . " ( ";
$sql .= "`" . implode("`,`", $fieldsName) . "` )";
@ -321,20 +331,25 @@ abstract class ObjectYPT implements ObjectInterface
if (empty($this->$value)) {
$this->$value = date_default_timezone_get();
}
$fields[] = " '{$this->$value}' ";
$formats .= 's';
$values[] = $this->$value;
$fields[] = " ? ";
} elseif (!isset($this->$value) || (is_string($this->$value) && strtolower($this->$value) == 'null')) {
$fields[] = " NULL ";
} elseif (is_string($this->$value) || is_numeric($this->$value)) {
$fields[] = " '{$this->$value}' ";
$formats .= 's';
$values[] = $this->$value;
$fields[] = " ? ";
} else {
$fields[] = " NULL ";
}
}
$sql .= " VALUES (" . implode(", ", $fields) . ")";
}
//if(static::getTableName() == 'Scheduler_commands'){ echo $sql;var_dump($this->parameters);exit;}
//echo $sql;var_dump($this->parameters);exit;
$insert_row = sqlDAL::writeSql($sql);
//var_dump(static::getTableName(), $sql, $values);
//if(static::getTableName() == 'videos'){ echo $sql;var_dump($values);exit;}return false;
//echo $sql;var_dump($values);exit;
$insert_row = sqlDAL::writeSql($sql, $formats, $values);
if ($insert_row) {
if (empty($this->id)) {

2
objects/bootGrid.php
View file

@ -58,7 +58,7 @@ class BootGrid
if (!empty($_POST['searchPhrase'])) {
global $global;
$search = $global['mysqli']->real_escape_string(xss_esc($_POST['searchPhrase']));
$search = (xss_esc($_POST['searchPhrase']));
$search = str_replace('&quot;', '"', $search);
$like = [];
foreach ($searchFieldsNames as $value) {

2
objects/category.php
View file

@ -98,7 +98,7 @@ class Category {
}
}
private function load($id) {
public function load($id) {
$row = self::getCategory($id);
if (empty($row)) {
return false;

4
objects/comment.php
View file

@ -60,7 +60,7 @@ class Comment
return $this->videos_id;
}
private function load($id)
public function load($id)
{
$row = $this->getComment($id);
if (empty($row)) {
@ -80,7 +80,7 @@ class Comment
die('{"error":"'.__("Permission denied").'"}');
}
//$this->comment = htmlentities($this->comment);
$this->comment = $global['mysqli']->real_escape_string($this->comment);
$this->comment = ($this->comment);
if (empty($this->comment)) {
return false;

326
objects/comments_like.php
View file

@ -1,163 +1,163 @@
<?php
global $global, $config;
if (!isset($global['systemRootPath'])) {
require_once '../videos/configuration.php';
}
require_once $global['systemRootPath'] . 'objects/user.php';
class CommentsLike
{
private $id;
private $like;
private $comments_id;
private $users_id;
public function __construct($like, $comments_id)
{
if (!User::isLogged()) {
header('Content-Type: application/json');
die('{"error":"'.__("Permission denied").'"}');
}
$this->comments_id = $comments_id;
$this->users_id = User::getId();
$this->load();
// if click again in the same vote, remove the vote
if ($this->like == $like) {
$like = 0;
}
$this->setLike($like);
$this->save();
}
private function setLike($like)
{
$like = intval($like);
if (!in_array($like, [0,1,-1])) {
$like = 0;
}
$this->like = $like;
}
private function load()
{
$like = $this->getLike();
if (empty($like)) {
return false;
}
foreach ($like as $key => $value) {
$this->$key = $value;
}
}
private function getLike()
{
global $global;
if (empty($this->users_id) || empty($this->comments_id)) {
header('Content-Type: application/json');
die('{"error":"You must have user and videos set to get a like"}');
}
$sql = "SELECT * FROM comments_likes WHERE users_id = ? AND comments_id = ? LIMIT 1";
$res = sqlDAL::readSql($sql, "ii", [$this->users_id,$this->comments_id]);
$result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
return ($res) ? $result : false;
}
private function save()
{
global $global;
if (!User::isLogged()) {
header('Content-Type: application/json');
die('{"error":"'.__("Permission denied").'"}');
}
$formats = '';
$values = [];
if (!empty($this->id)) {
$sql = "UPDATE comments_likes SET `like` = ?, modified = now() WHERE id = ?";
$formats = "ii";
$values = [$this->like,$this->id];
} else {
$sql = "INSERT INTO comments_likes ( `like`,users_id, comments_id, created, modified) VALUES (?, ?, ?, now(), now())";
$formats = "iii";
$values = [$this->like,$this->users_id,$this->comments_id];
}
return sqlDAL::writeSql($sql, $formats, $values);
}
public static function getLikes($comments_id)
{
global $global;
$obj = new stdClass();
$obj->comments_id = $comments_id;
$obj->likes = 0;
$obj->dislikes = 0;
$obj->myVote = self::getMyVote($comments_id);
$sql = "SELECT count(*) as total FROM comments_likes WHERE comments_id = ? AND `like` = 1 "; // like
$res = sqlDAL::readSql($sql, "i", [$comments_id]);
$result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if (!$res) {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
$obj->likes = intval($result['total']);
$sql = "SELECT count(*) as total FROM comments_likes WHERE comments_id = ? AND `like` = -1 "; // dislike
$res = sqlDAL::readSql($sql, "i", [$comments_id]);
$result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if (!$res) {
die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
$obj->dislikes = intval($result['total']);
return $obj;
}
public static function getTotalLikes()
{
global $global;
$obj = new stdClass();
$obj->likes = 0;
$obj->dislikes = 0;
$sql = "SELECT count(*) as total FROM comments_likes WHERE `like` = 1 "; // like
$res = sqlDAL::readSql($sql);
$result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if (!$res) {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
$obj->likes = intval($result['total']);
$sql = "SELECT count(*) as total FROM comments_likes WHERE `like` = -1 "; // dislike
$res = sqlDAL::readSql($sql);
$result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if (!$res) {
die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
$obj->dislikes = intval($result['total']);
return $obj;
}
public static function getMyVote($comments_id)
{
global $global;
if (!User::isLogged()) {
return 0;
}
$id = User::getId();
$sql = "SELECT `like` FROM comments_likes WHERE comments_id = ? AND users_id = ? "; // like
$res = sqlDAL::readSql($sql, "ii", [$comments_id,$id]);
$result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if (!empty($result)) {
return intval($result['like']);
}
return 0;
}
}
<?php
global $global, $config;
if (!isset($global['systemRootPath'])) {
require_once '../videos/configuration.php';
}
require_once $global['systemRootPath'] . 'objects/user.php';
class CommentsLike
{
private $id;
private $like;
private $comments_id;
private $users_id;
public function __construct($like, $comments_id)
{
if (!User::isLogged()) {
header('Content-Type: application/json');
die('{"error":"'.__("Permission denied").'"}');
}
$this->comments_id = $comments_id;
$this->users_id = User::getId();
$this->load();
// if click again in the same vote, remove the vote
if ($this->like == $like) {
$like = 0;
}
$this->setLike($like);
$this->save();
}
private function setLike($like)
{
$like = intval($like);
if (!in_array($like, [0,1,-1])) {
$like = 0;
}
$this->like = $like;
}
public function load()
{
$like = $this->getLike();
if (empty($like)) {
return false;
}
foreach ($like as $key => $value) {
$this->$key = $value;
}
}
private function getLike()
{
global $global;
if (empty($this->users_id) || empty($this->comments_id)) {
header('Content-Type: application/json');
die('{"error":"You must have user and videos set to get a like"}');
}
$sql = "SELECT * FROM comments_likes WHERE users_id = ? AND comments_id = ? LIMIT 1";
$res = sqlDAL::readSql($sql, "ii", [$this->users_id,$this->comments_id]);
$result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
return ($res) ? $result : false;
}
private function save()
{
global $global;
if (!User::isLogged()) {
header('Content-Type: application/json');
die('{"error":"'.__("Permission denied").'"}');
}
$formats = '';
$values = [];
if (!empty($this->id)) {
$sql = "UPDATE comments_likes SET `like` = ?, modified = now() WHERE id = ?";
$formats = "ii";
$values = [$this->like,$this->id];
} else {
$sql = "INSERT INTO comments_likes ( `like`,users_id, comments_id, created, modified) VALUES (?, ?, ?, now(), now())";
$formats = "iii";
$values = [$this->like,$this->users_id,$this->comments_id];
}
return sqlDAL::writeSql($sql, $formats, $values);
}
public static function getLikes($comments_id)
{
global $global;
$obj = new stdClass();
$obj->comments_id = $comments_id;
$obj->likes = 0;
$obj->dislikes = 0;
$obj->myVote = self::getMyVote($comments_id);
$sql = "SELECT count(*) as total FROM comments_likes WHERE comments_id = ? AND `like` = 1 "; // like
$res = sqlDAL::readSql($sql, "i", [$comments_id]);
$result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if (!$res) {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
$obj->likes = intval($result['total']);
$sql = "SELECT count(*) as total FROM comments_likes WHERE comments_id = ? AND `like` = -1 "; // dislike
$res = sqlDAL::readSql($sql, "i", [$comments_id]);
$result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if (!$res) {
die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
$obj->dislikes = intval($result['total']);
return $obj;
}
public static function getTotalLikes()
{
global $global;
$obj = new stdClass();
$obj->likes = 0;
$obj->dislikes = 0;
$sql = "SELECT count(*) as total FROM comments_likes WHERE `like` = 1 "; // like
$res = sqlDAL::readSql($sql);
$result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if (!$res) {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
$obj->likes = intval($result['total']);
$sql = "SELECT count(*) as total FROM comments_likes WHERE `like` = -1 "; // dislike
$res = sqlDAL::readSql($sql);
$result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if (!$res) {
die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
$obj->dislikes = intval($result['total']);
return $obj;
}
public static function getMyVote($comments_id)
{
global $global;
if (!User::isLogged()) {
return 0;
}
$id = User::getId();
$sql = "SELECT `like` FROM comments_likes WHERE comments_id = ? AND users_id = ? "; // like
$res = sqlDAL::readSql($sql, "ii", [$comments_id,$id]);
$result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if (!empty($result)) {
return intval($result['like']);
}
return 0;
}
}

122
objects/configuration.php
View file

@ -5,42 +5,42 @@ if (!isset($global['systemRootPath'])) {
}
require_once $global['systemRootPath'] . 'objects/user.php';
require_once $global['systemRootPath'] . 'objects/functions.php';
require_once $global['systemRootPath'] . 'objects/Object.php';
class Configuration
{
private $id;
private $video_resolution;
private $webSiteTitle;
private $language;
private $contactEmail;
private $users_id;
private $version;
private $authCanUploadVideos;
private $authCanViewChart;
private $authCanComment;
private $head;
private $logo;
private $logo_small;
private $adsense;
private $mode;
class Configuration extends ObjectYPT{
protected $id;
protected $video_resolution;
protected $webSiteTitle;
protected $language;
protected $contactEmail;
protected $users_id;
protected $version;
protected $authCanUploadVideos;
protected $authCanViewChart;
protected $authCanComment;
protected $head;
protected $logo;
protected $logo_small;
protected $adsense;
protected $mode;
// version 2.7
private $disable_analytics;
private $disable_youtubeupload;
private $allow_download;
private $session_timeout;
private $autoplay;
protected $disable_analytics;
protected $disable_youtubeupload;
protected $allow_download;
protected $session_timeout;
protected $autoplay;
// version 3.1
private $theme;
protected $theme;
//version 3.3
private $smtp;
private $smtpAuth;
private $smtpSecure;
private $smtpHost;
private $smtpUsername;
private $smtpPassword;
private $smtpPort;
protected $smtp;
protected $smtpAuth;
protected $smtpSecure;
protected $smtpHost;
protected $smtpUsername;
protected $smtpPassword;
protected $smtpPort;
// version 4
private $encoderURL;
protected $encoderURL;
public function __construct($video_resolution = "")
{
@ -50,29 +50,13 @@ class Configuration
}
}
public function load()
public function load($id='')
{
global $global;
_mysql_connect();
$sql = "SELECT * FROM configurations WHERE id = 1 LIMIT 1";
//echo $sql;exit;
// add true because I was not getting the SMTP configuration on function setSiteSendMessage(&$mail)
$res = sqlDAL::readSql($sql, '', [], true);
$result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if ($res && !empty($result)) {
$config = $result;
//var_dump($config);exit;
foreach ($config as $key => $value) {
$this->$key = $value;
}
} else {
return false;
}
return parent::load(1);
}
public function save()
{
public function save(){
global $global;
if (!User::isAdmin()) {
header('Content-Type: application/json');
@ -82,38 +66,7 @@ class Configuration
ObjectYPT::deleteCache("getEncoderURL");
$sql = "UPDATE configurations SET "
. "video_resolution = '{$this->video_resolution}',"
. "webSiteTitle = '{$this->webSiteTitle}',"
. "language = '{$this->language}',"
. "contactEmail = '{$this->contactEmail}',"
. "users_id = '{$this->users_id}', "
. "authCanUploadVideos = '{$this->authCanUploadVideos}',"
. "authCanViewChart = '{$this->authCanViewChart}',"
. "authCanComment = '{$this->authCanComment}',"
. "encoderURL = '{$global['mysqli']->real_escape_string($this->_getEncoderURL())}',"
. "head = '{$global['mysqli']->real_escape_string($this->getHead())}',"
. "adsense = '{$global['mysqli']->real_escape_string($this->getAdsense())}',"
. "mode = '{$this->getMode()}',"
. "logo = '{$global['mysqli']->real_escape_string($this->getLogo())}',"
. "logo_small = '{$global['mysqli']->real_escape_string($this->getLogo_small())}',"
. "disable_analytics = '{$this->getDisable_analytics()}',"
. "disable_youtubeupload = '{$this->getDisable_youtubeupload()}',"
. "allow_download = '{$this->getAllow_download()}',"
. "session_timeout = '{$this->getSession_timeout()}',"
. "autoplay = '{$this->getAutoplay()}',"
. "theme = '{$global['mysqli']->real_escape_string($this->getTheme())}',"
. "smtp = '{$this->getSmtp()}',"
. "smtpAuth = '{$this->getSmtpAuth()}',"
. "smtpSecure = '{$global['mysqli']->real_escape_string($this->getSmtpSecure())}',"
. "smtpHost = '{$global['mysqli']->real_escape_string($this->getSmtpHost())}',"
. "smtpUsername = '{$global['mysqli']->real_escape_string($this->getSmtpUsername())}',"
. "smtpPort = '{$global['mysqli']->real_escape_string($this->getSmtpPort())}',"
. "smtpPassword = '{$global['mysqli']->real_escape_string($this->getSmtpPassword())}'"
. " WHERE id = 1";
return sqlDAL::writeSql($sql);
return parent::save();
}
public function getVideo_resolution()
@ -624,4 +577,9 @@ require_once \$global['systemRootPath'].'objects/include_config.php';
}
return " " . PAGE_TITLE_SEPARATOR . " ";
}
public static function getTableName() {
return 'configurations';
}
}

68
objects/functions.php
View file

@ -24,6 +24,14 @@ if (!function_exists('xss_esc')) {
if (empty($text)) {
return "";
}
if(!is_string($text)){
if(is_array($text)){
foreach ($text as $key => $value) {
$text[$key] = xss_esc($value);
}
}
return $text;
}
$result = @htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
if (empty($result)) {
$result = str_replace(['"', "'", "\\"], ["", "", ""], strip_tags($text));
@ -2000,7 +2008,7 @@ function unzipDirectory($filename, $destination) {
sleep(2);
ini_set('memory_limit', '-1');
ini_set('max_execution_time', 7200); // 2 hours
$filename = escapeshellarg($filename);
$filename = escapeshellarg(safeString($filename,true));
$destination = escapeshellarg($destination);
$cmd = "unzip -: {$filename} -d {$destination}" . " 2>&1";
_error_log("unzipDirectory: {$cmd}");
@ -2039,7 +2047,7 @@ function unzipDirectory($filename, $destination) {
}
} else {
_error_log("unzipDirectory: Success {$destination}");
}
}
@unlink($filename);
}
@ -2414,6 +2422,7 @@ function isValidM3U8Link($url, $timeout = 3) {
function url_get_contents($url, $ctx = "", $timeout = 0, $debug = false) {
global $global, $mysqlHost, $mysqlUser, $mysqlPass, $mysqlDatabase, $mysqlPort;
if (!isValidURLOrPath($url)) {
_error_log('url_get_contents Cannot download '.$url);
return false;
}
if ($debug) {
@ -3398,6 +3407,7 @@ function rrmdir($dir) {
function rrmdirCommandLine($dir, $async = false) {
if (is_dir($dir)) {
$dir = escapeshellarg($dir);
if (isWindows()) {
$command = ('rd /s /q ' . $dir);
} else {
@ -5010,12 +5020,13 @@ function isValidURLOrPath($str, $insideCacheOrTmpDirOnly = true) {
}
if (str_starts_with($str, '/') || str_starts_with($str, '../') || preg_match("/^[a-z]:.*/i", $str)) {
if ($insideCacheOrTmpDirOnly) {
$vroot = realpath($str);
$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
$absolutePath = realpath($str);
$ext = strtolower(pathinfo($absolutePath, PATHINFO_EXTENSION));
if ($ext == 'php') {
return false;
}
if (str_starts_with($vroot, getTmpDir()) || str_starts_with($vroot, $global['systemRootPath'])) {
$cacheDir = "{$global['systemRootPath']}videos/cache/";
if (str_starts_with($absolutePath, getTmpDir()) || str_starts_with($absolutePath, $cacheDir)) {
return true;
}
} else {
@ -5181,7 +5192,7 @@ function reloadSearchVar() {
}
function wget($url, $filename, $debug = false) {
if (empty($url) || $url == "php://input" || !preg_match("/^http/", $url)) {
if (empty($url) || $url == "php://input" || !isValidURL($url)) {
return false;
}
if ($lockfilename = wgetIsLocked($url)) {
@ -6216,6 +6227,9 @@ function setToastMessage($msg) {
}
function showAlertMessage() {
if(!requestComesFromSafePlace()){
return false;
}
if (!empty($_SESSION['YPTalertMessage'])) {
foreach ($_SESSION['YPTalertMessage'] as $value) {
if (!empty($value[0])) {
@ -6229,17 +6243,21 @@ function showAlertMessage() {
unset($_SESSION['YPTalertMessage']);
}
$joinString = ['error', 'msg', 'success'];
$joinString = ['error', 'msg', 'success', 'toast'];
foreach ($joinString as $value) {
if (!empty($_GET[$value]) && is_array($_GET[$value])) {
$_GET[$value] = array_unique($_GET[$value]);
$newStr = [];
foreach ($_GET[$value] as $value2) {
if (!empty($value2)) {
$newStr[] = $value2;
if (!empty($_GET[$value]) ) {
if (is_array($_GET[$value])) {
$_GET[$value] = array_unique($_GET[$value]);
$newStr = [];
foreach ($_GET[$value] as $value2) {
if (!empty($value2)) {
$newStr[] = $value2;
}
}
$_GET[$value] = implode("<br>", $newStr);
}else{
$_GET[$value] = $_GET[$value];
}
$_GET[$value] = implode("<br>", $newStr);
}
}
@ -6290,7 +6308,7 @@ function showAlertMessage() {
}
echo '$.toast({
text: "' . $value . '",
text: "' . strip_tags($value, $allowable_tags) . '",
hideAfter: ' . $hideAfter . ' // in milli seconds
});console.log("Toast Hide after ' . $hideAfter . '");';
}
@ -8803,3 +8821,23 @@ function _empty($html_string) {
}
return emptyHTML($html_string);
}
function adminSecurityCheck($force=false){
if(empty($force)){
if(!empty($_SESSION['adminSecurityCheck'])){
return false;
}
if(!User::isAdmin()){
return false;
}
}
global $global;
$videosHtaccessFile = getVideosDir().'.htaccess';
if(!file_exists($videosHtaccessFile)){
$bytes = copy("{$global['systemRootPath']}objects/htaccess_for_videos.conf",$videosHtaccessFile);
_error_log("adminSecurityCheck: file created {$videosHtaccessFile} {$bytes} bytes");
}
_session_start();
$_SESSION['adminSecurityCheck'] = time();
return true;
}

16
objects/htaccess_for_videos.conf Normal file
View file

@ -0,0 +1,16 @@
<IfModule !authz_core_module>
Order Allow,Deny
Deny from all
</IfModule>
<IfModule authz_core_module>
Require all denied
</IfModule>
<filesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|swf|ts|txt|mp4|mp3|m3u8|webp|key|css|tff|woff|woff2)$">
<IfModule !authz_core_module>
Order Allow,Deny
Allow from all
</IfModule>
<IfModule authz_core_module>
Require all granted
</IfModule>
</filesMatch>

1
objects/include_config.php
View file

@ -148,6 +148,7 @@ require_once $global['systemRootPath'] . 'objects/user.php';
require_once $global['systemRootPath'] . 'objects/video.php';
require_once $global['systemRootPath'] . 'plugin/AVideoPlugin.php';
adminSecurityCheck();
setSiteLang();
fixSystemPath();
ObjectYPT::checkSessionCacheBasedOnLastDeleteALLCacheTime();

386
objects/like.php
View file

@ -1,193 +1,193 @@
<?php
global $global, $config;
if (!isset($global['systemRootPath'])) {
require_once '../videos/configuration.php';
}
require_once $global['systemRootPath'] . 'objects/user.php';
class Like
{
private $id;
private $like;
private $videos_id;
private $users_id;
public function __construct($like, $videos_id)
{
if (!User::isLogged()) {
header('Content-Type: application/json');
die('{"error":"'.__("Permission denied").'"}');
}
$this->videos_id = $videos_id;
$this->users_id = User::getId();
$this->load();
// if click again in the same vote, remove the vote
if ($this->like == $like) {
$like = 0;
if ($this->like==1) {
Video::updateLikesDislikes($videos_id, 'likes', '-1');
} elseif ($this->like==-1) {
Video::updateLikesDislikes($videos_id, 'dislikes', '-1');
}
} else {
if (!empty($this->like)) {
// need to remove some like or dislike
if ($like==1) {
Video::updateLikesDislikes($videos_id, 'dislikes', '-1');
} elseif ($like==-1) {
Video::updateLikesDislikes($videos_id, 'likes', '-1');
}
}
if ($like==1) {
Video::updateLikesDislikes($videos_id, 'likes', '+1');
} elseif ($like==-1) {
Video::updateLikesDislikes($videos_id, 'dislikes', '+1');
}
}
//exit;
$this->setLike($like);
$saved = $this->save();
}
private function setLike($like)
{
$like = intval($like);
if (!in_array($like, [0,1,-1])) {
$like = 0;
}
$this->like = $like;
}
private function load()
{
$like = $this->getLike();
if (empty($like)) {
return false;
}
foreach ($like as $key => $value) {
$this->$key = $value;
}
}
private function getLike()
{
global $global;
if (empty($this->users_id) || empty($this->videos_id)) {
header('Content-Type: application/json');
die('{"error":"You must have user and videos set to get a like"}');
}
$sql = "SELECT * FROM likes WHERE users_id = ? AND videos_id = ".$this->videos_id." LIMIT 1;";
$res = sqlDAL::readSql($sql, "i", [$this->users_id]);
$dbLike = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
return $dbLike;
}
private function save()
{
global $global;
if (!User::isLogged()) {
header('Content-Type: application/json');
die('{"error":"'.__("Permission denied").'"}');
}
if (!empty($this->id)) {
$sql = "UPDATE likes SET `like` = ?, modified = now() WHERE id = ?;";
$res = sqlDAL::writeSql($sql, "ii", [$this->like, $this->id]);
} else {
$sql = "INSERT INTO likes (`like`,users_id, videos_id, created, modified) VALUES (?, ?, ?, now(), now());";
$res = sqlDAL::writeSql($sql, "iii", [$this->like, $this->users_id, $this->videos_id]);
}
//echo $sql;
if ($global['mysqli']->errno!=0) {
die('Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
return $res;
}
public static function getLikes($videos_id)
{
global $global, $_getLikes;
if (!isset($_getLikes)) {
$_getLikes = [];
}
if (!empty($_getLikes[$videos_id])) {
return $_getLikes[$videos_id];
}
$obj = new stdClass();
$obj->videos_id = $videos_id;
$obj->likes = 0;
$obj->dislikes = 0;
$obj->myVote = self::getMyVote($videos_id);
$sql = "SELECT count(*) as total FROM likes WHERE videos_id = ? AND `like` = 1 "; // like
$res = sqlDAL::readSql($sql, "i", [$videos_id]);
$row = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if ($global['mysqli']->errno!=0) {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
$obj->likes = intval($row['total']);
$sql = "SELECT count(*) as total FROM likes WHERE videos_id = ? AND `like` = -1 "; // dislike
$res = sqlDAL::readSql($sql, "i", [$videos_id]);
$row = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if ($global['mysqli']->errno!=0) {
die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
$obj->dislikes = intval($row['total']);
$_getLikes[$videos_id] = $obj;
return $obj;
}
public static function getTotalLikes()
{
global $global;
$obj = new stdClass();
$obj->likes = 0;
$obj->dislikes = 0;
$sql = "SELECT count(*) as total FROM likes WHERE `like` = 1 "; // like
$res = sqlDAL::readSql($sql);
$row = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if (!$res) {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
$obj->likes = intval($row['total']);
$sql = "SELECT count(*) as total FROM likes WHERE `like` = -1 "; // dislike
$res = sqlDAL::readSql($sql);
$row = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if (!$res) {
die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
$obj->dislikes = intval($row['total']);
return $obj;
}
public static function getMyVote($videos_id)
{
global $global;
if (!User::isLogged()) {
return 0;
}
$id = User::getId();
$sql = "SELECT `like` FROM likes WHERE videos_id = ? AND users_id = ? "; // like
$res = sqlDAL::readSql($sql, "ii", [$videos_id,$id]);
$dbLike = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if ($dbLike!=false) {
return intval($dbLike['like']);
}
return 0;
}
}
<?php
global $global, $config;
if (!isset($global['systemRootPath'])) {
require_once '../videos/configuration.php';
}
require_once $global['systemRootPath'] . 'objects/user.php';
class Like
{
private $id;
private $like;
private $videos_id;
private $users_id;
public function __construct($like, $videos_id)
{
if (!User::isLogged()) {
header('Content-Type: application/json');
die('{"error":"'.__("Permission denied").'"}');
}
$this->videos_id = $videos_id;
$this->users_id = User::getId();
$this->load();
// if click again in the same vote, remove the vote
if ($this->like == $like) {
$like = 0;
if ($this->like==1) {
Video::updateLikesDislikes($videos_id, 'likes', '-1');
} elseif ($this->like==-1) {
Video::updateLikesDislikes($videos_id, 'dislikes', '-1');
}
} else {
if (!empty($this->like)) {
// need to remove some like or dislike
if ($like==1) {
Video::updateLikesDislikes($videos_id, 'dislikes', '-1');
} elseif ($like==-1) {
Video::updateLikesDislikes($videos_id, 'likes', '-1');
}
}
if ($like==1) {
Video::updateLikesDislikes($videos_id, 'likes', '+1');
} elseif ($like==-1) {
Video::updateLikesDislikes($videos_id, 'dislikes', '+1');
}
}
//exit;
$this->setLike($like);
$saved = $this->save();
}
private function setLike($like)
{
$like = intval($like);
if (!in_array($like, [0,1,-1])) {
$like = 0;
}
$this->like = $like;
}
public function load()
{
$like = $this->getLike();
if (empty($like)) {
return false;
}
foreach ($like as $key => $value) {
$this->$key = $value;
}
}
private function getLike()
{
global $global;
if (empty($this->users_id) || empty($this->videos_id)) {
header('Content-Type: application/json');
die('{"error":"You must have user and videos set to get a like"}');
}
$sql = "SELECT * FROM likes WHERE users_id = ? AND videos_id = ".$this->videos_id." LIMIT 1;";
$res = sqlDAL::readSql($sql, "i", [$this->users_id]);
$dbLike = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
return $dbLike;
}
private function save()
{
global $global;
if (!User::isLogged()) {
header('Content-Type: application/json');
die('{"error":"'.__("Permission denied").'"}');
}
if (!empty($this->id)) {
$sql = "UPDATE likes SET `like` = ?, modified = now() WHERE id = ?;";
$res = sqlDAL::writeSql($sql, "ii", [$this->like, $this->id]);
} else {
$sql = "INSERT INTO likes (`like`,users_id, videos_id, created, modified) VALUES (?, ?, ?, now(), now());";
$res = sqlDAL::writeSql($sql, "iii", [$this->like, $this->users_id, $this->videos_id]);
}
//echo $sql;
if ($global['mysqli']->errno!=0) {
die('Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
return $res;
}
public static function getLikes($videos_id)
{
global $global, $_getLikes;
if (!isset($_getLikes)) {
$_getLikes = [];
}
if (!empty($_getLikes[$videos_id])) {
return $_getLikes[$videos_id];
}
$obj = new stdClass();
$obj->videos_id = $videos_id;
$obj->likes = 0;
$obj->dislikes = 0;
$obj->myVote = self::getMyVote($videos_id);
$sql = "SELECT count(*) as total FROM likes WHERE videos_id = ? AND `like` = 1 "; // like
$res = sqlDAL::readSql($sql, "i", [$videos_id]);
$row = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if ($global['mysqli']->errno!=0) {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
$obj->likes = intval($row['total']);
$sql = "SELECT count(*) as total FROM likes WHERE videos_id = ? AND `like` = -1 "; // dislike
$res = sqlDAL::readSql($sql, "i", [$videos_id]);
$row = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if ($global['mysqli']->errno!=0) {
die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
$obj->dislikes = intval($row['total']);
$_getLikes[$videos_id] = $obj;
return $obj;
}
public static function getTotalLikes()
{
global $global;
$obj = new stdClass();
$obj->likes = 0;
$obj->dislikes = 0;
$sql = "SELECT count(*) as total FROM likes WHERE `like` = 1 "; // like
$res = sqlDAL::readSql($sql);
$row = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if (!$res) {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
$obj->likes = intval($row['total']);
$sql = "SELECT count(*) as total FROM likes WHERE `like` = -1 "; // dislike
$res = sqlDAL::readSql($sql);
$row = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if (!$res) {
die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
$obj->dislikes = intval($row['total']);
return $obj;
}
public static function getMyVote($videos_id)
{
global $global;
if (!User::isLogged()) {
return 0;
}
$id = User::getId();
$sql = "SELECT `like` FROM likes WHERE videos_id = ? AND users_id = ? "; // like
$res = sqlDAL::readSql($sql, "ii", [$videos_id,$id]);
$dbLike = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if ($dbLike!=false) {
return intval($dbLike['like']);
}
return 0;
}
}

1166
objects/plugin.php
View file

File diff suppressed because it is too large Load diff

1
objects/security.php
View file

@ -1,6 +1,5 @@
<?php
require_once $global['systemRootPath'] . 'objects/functions.php';
// filter some security here
$securityFilter = ['jump','videoDownloadedLink','duration','error', 'msg', 'info', 'warning', 'success','toast', 'catName', 'type', 'channelName', 'captcha', 'showOnly', 'key', 'link', 'email', 'country', 'region', 'videoName'];
$securityFilterInt = ['isAdmin', 'priority', 'totalClips', 'rowCount'];

10
objects/subscribe.php
View file

@ -6,8 +6,7 @@ if (!isset($global['systemRootPath'])) {
require_once $global['systemRootPath'] . 'objects/bootGrid.php';
require_once $global['systemRootPath'] . 'objects/user.php';
class Subscribe
{
class Subscribe extends ObjectYPT{
private $id;
private $email;
private $status;
@ -31,7 +30,7 @@ class Subscribe
}
}
private function load($id)
public function load($id)
{
$obj = self::getSubscribe($id);
if (empty($obj)) {
@ -433,4 +432,9 @@ class Subscribe
{
$this->users_id = $users_id;
}
public static function getTableName() {
return 'subscribes';
}
}

2
objects/user.php
View file

@ -220,7 +220,7 @@ if (typeof gtag !== \"function\") {
return $eo[$id];
}
private function load($id) {
public function load($id) {
$id = intval($id);
if (empty($id)) {
return false;

1010
objects/userGroups.php
View file

File diff suppressed because it is too large Load diff

146
objects/video.php
View file

@ -19,50 +19,50 @@ require_once $global['systemRootPath'] . 'objects/Object.php';
if (!class_exists('Video')) {
class Video {
class Video extends ObjectYPT {
private $id;
private $title;
private $clean_title;
private $filename;
private $description;
private $views_count;
private $status;
private $duration;
private $users_id;
private $categories_id;
private $old_categories_id;
private $type;
private $rotation;
private $zoom;
private $videoDownloadedLink;
private $videoLink;
private $next_videos_id;
private $isSuggested;
protected $id;
protected $title;
protected $clean_title;
protected $filename;
protected $description;
protected $views_count;
protected $status;
protected $duration;
protected $users_id;
protected $categories_id;
protected $old_categories_id;
protected $type;
protected $rotation;
protected $zoom;
protected $videoDownloadedLink;
protected $videoLink;
protected $next_videos_id;
protected $isSuggested;
public static $types = ['webm', 'mp4', 'mp3', 'ogg', 'pdf', 'jpg', 'jpeg', 'gif', 'png', 'webp', 'zip'];
private $videoGroups;
private $trailer1;
private $trailer2;
private $trailer3;
private $rate;
private $can_download;
private $can_share;
private $only_for_paid;
private $rrating;
private $externalOptions;
private $sites_id;
private $serie_playlists_id;
private $video_password;
private $encoderURL;
private $filepath;
private $filesize;
private $live_transmitions_history_id;
private $total_seconds_watching;
private $duration_in_seconds;
private $likes;
private $dislikes;
private $users_id_company;
private $created;
protected $videoGroups;
protected $trailer1;
protected $trailer2;
protected $trailer3;
protected $rate;
protected $can_download;
protected $can_share;
protected $only_for_paid;
protected $rrating;
protected $externalOptions;
protected $sites_id;
protected $serie_playlists_id;
protected $video_password;
protected $encoderURL;
protected $filepath;
protected $filesize;
protected $live_transmitions_history_id;
protected $total_seconds_watching;
protected $duration_in_seconds;
protected $likes;
protected $dislikes;
protected $users_id_company;
protected $created;
public static $statusDesc = [
'a' => 'Active',
'k' => 'Active and Encoding',
@ -102,7 +102,7 @@ if (!class_exists('Video')) {
public static $statusBrokenMissingFiles = 'b';
public static $rratingOptions = ['', 'g', 'pg', 'pg-13', 'r', 'nc-17', 'ma'];
//ver 3.4
private $youtubeId;
protected $youtubeId;
public static $typeOptions = ['audio', 'video', 'embed', 'linkVideo', 'linkAudio', 'torrent', 'pdf', 'image', 'gallery', 'article', 'serie', 'image', 'zip', 'notfound', 'blockedUser'];
public static $searchFieldsNames = ['v.title', 'v.description', 'c.name', 'c.description', 'v.id', 'v.filename'];
public static $searchFieldsNamesLabels = ['Video Title', 'Video Description', 'Channel Name', 'Channel Description', 'Video ID', 'Video Filename'];
@ -349,9 +349,9 @@ if (!class_exists('Video')) {
$catDefault = Category::getCategoryDefault();
$this->categories_id = $catDefault['id'];
}
//$this->setTitle($global['mysqli']->real_escape_string(trim($this->title)));
$this->title = ($global['mysqli']->real_escape_string(safeString($this->title)));
$this->description = ($global['mysqli']->real_escape_string($this->description));
//$this->setTitle((trim($this->title)));
$this->title = ((safeString($this->title)));
$this->description = (($this->description));
if (forbiddenWords($this->title) || forbiddenWords($this->description)) {
return false;
@ -412,31 +412,16 @@ if (!class_exists('Video')) {
header('Content-Type: application/json');
die('{"error":"3 ' . __("Permission denied") . '"}');
}
$sql = "UPDATE videos SET title = '{$this->title}',clean_title = '{$this->clean_title}',"
. " filename = '{$this->filename}', categories_id = '{$this->categories_id}', status = '{$this->status}',"
. " description = '{$this->description}', duration = '{$this->duration}', type = '{$this->type}', videoDownloadedLink = '{$this->videoDownloadedLink}', youtubeId = '{$this->youtubeId}', videoLink = '{$this->videoLink}', next_videos_id = {$this->next_videos_id}, isSuggested = {$this->isSuggested}, users_id = {$this->users_id}, "
. " trailer1 = '{$this->trailer1}', trailer2 = '{$this->trailer2}', trailer3 = '{$this->trailer3}', rate = '{$this->rate}', can_download = '{$this->can_download}', can_share = '{$this->can_share}', only_for_paid = '{$this->only_for_paid}', rrating = '{$this->rrating}', externalOptions = '{$this->externalOptions}', sites_id = {$this->sites_id}, serie_playlists_id = {$this->serie_playlists_id} ,live_transmitions_history_id = {$this->live_transmitions_history_id} , video_password = '{$this->video_password}', "
. " encoderURL = '{$this->encoderURL}', filepath = '{$this->filepath}' , filesize = '{$this->filesize}' , duration_in_seconds = '{$this->duration_in_seconds}' , modified = now(), users_id_company = ".(empty($this->users_id_company)?'NULL':intval($this->users_id_company))." "
. " WHERE id = {$this->id}";
$saved = sqlDAL::writeSql($sql);
if ($saved) {
$insert_row = $this->id;
$insert_row = parent::save();
if ($insert_row) {
AVideoPlugin::onUpdateVideo($insert_row);
_error_log('onUpdateVideo $insert_row = '.$insert_row);
}else{
_error_log('onUpdateVideo error $saved is empty');
}
} else {
if(empty($this->created)){
$this->created = 'now()';
}
$sql = "INSERT INTO videos "
. "(duration_in_seconds, title,clean_title, filename, users_id, categories_id, status, description, duration,type,videoDownloadedLink, next_videos_id, created, modified, videoLink, can_download, can_share, only_for_paid, rrating, externalOptions, sites_id, serie_playlists_id,live_transmitions_history_id, video_password, encoderURL, filepath , filesize, users_id_company) values "
. "('{$this->duration_in_seconds}','{$this->title}','{$this->clean_title}', '{$this->filename}', {$this->users_id},{$this->categories_id}, '{$this->status}', '{$this->description}', '{$this->duration}', '{$this->type}', '{$this->videoDownloadedLink}', {$this->next_videos_id},{$this->created}, now(), '{$this->videoLink}', '{$this->can_download}', '{$this->can_share}','{$this->only_for_paid}', '{$this->rrating}', '$this->externalOptions', {$this->sites_id}, {$this->serie_playlists_id},{$this->live_transmitions_history_id}, '{$this->video_password}', '{$this->encoderURL}', '{$this->filepath}', '{$this->filesize}', ".(empty($this->users_id_company)?'NULL':intval($this->users_id_company)).")";
//_error_log("Video::save ".$sql);
$insert_row = sqlDAL::writeSql($sql);
$insert_row = parent::save();
if(!empty($insert_row)){
AVideoPlugin::onNewVideo($insert_row);
_error_log('onNewVideo $insert_row = '.$insert_row);
@ -444,6 +429,7 @@ if (!class_exists('Video')) {
_error_log('onNewVideo error $insert_row is empty');
}
}
//var_dump($this->title, $insert_row);exit;
if ($insert_row) {
_error_log("Video::save ({$this->title}) Saved id = {$insert_row} ");
Category::clearCacheCount();
@ -512,8 +498,10 @@ if (!class_exists('Video')) {
return false;
}
_error_log("Video::updateDurationInSeconds update duration {$videos_id}, {$duration}, {$duration_in_seconds}");
$sql = "UPDATE videos SET duration_in_seconds = '{$duration_in_seconds}' , modified = now() WHERE id = {$videos_id}";
$saved = sqlDAL::writeSql($sql);
$formats = 'si';
$values = [$duration_in_seconds, $videos_id];
$sql = "UPDATE videos SET duration_in_seconds = ? , modified = now() WHERE id = ?";
$saved = sqlDAL::writeSql($sql, $formats, $values);
self::clearCache($videos_id);
return $duration_in_seconds;
}
@ -663,8 +651,10 @@ if (!class_exists('Video')) {
if (!empty($this->id)) {
global $global;
$sql = "UPDATE videos SET rotation = '{$saneRotation}', modified = now() WHERE id = {$this->id} ";
$res = sqlDAL::writeSql($sql);
$sql = "UPDATE videos SET rotation = ?, modified = now() WHERE id = ? ";
$formats = 'si';
$values = [$saneRotation, $this->id];
$res = sqlDAL::writeSql($sql, $formats, $values);
if ($global['mysqli']->errno !== 0) {
die('Error on update Rotation: (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
@ -689,8 +679,10 @@ if (!class_exists('Video')) {
if (!empty($this->id)) {
global $global;
$sql = "UPDATE videos SET zoom = '{$saneZoom}', modified = now() WHERE id = {$this->id} ";
$res = sqlDAL::writeSql($sql);
$sql = "UPDATE videos SET zoom = ?, modified = now() WHERE id = ? ";
$formats = 'si';
$values = [$saneZoom, $this->id];
$res = sqlDAL::writeSql($sql, $formats, $values);
if ($global['mysqli']->errno !== 0) {
die('Error on update Zoom: (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
@ -826,7 +818,7 @@ if (!class_exists('Video')) {
}
if (!empty($_GET['catName'])) {
$catName = $global['mysqli']->real_escape_string($_GET['catName']);
$catName = ($_GET['catName']);
$sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))";
}
@ -1231,7 +1223,7 @@ if (!class_exists('Video')) {
}
if (!empty($_GET['catName'])) {
$catName = $global['mysqli']->real_escape_string($_GET['catName']);
$catName = ($_GET['catName']);
$sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))";
}
@ -1752,7 +1744,7 @@ if (!class_exists('Video')) {
}
if (!empty($_GET['catName'])) {
$catName = $global['mysqli']->real_escape_string($_GET['catName']);
$catName = ($_GET['catName']);
$sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))";
}
@ -4881,7 +4873,7 @@ if (!class_exists('Video')) {
private static function getFullTextSearch($columnsArray, $search, $connection = "OR") {
global $global;
$search = $global['mysqli']->real_escape_string(xss_esc($search));
$search = (xss_esc($search));
$search = str_replace('&quot;', '"', $search);
if (empty($columnsArray) || empty($search)) {
return "";
@ -5294,6 +5286,10 @@ if (!class_exists('Video')) {
return !$found;
}
public static function getTableName() {
return 'videos';
}
}
}

2
objects/video_statistic.php
View file

@ -123,7 +123,7 @@ class VideoStatistic extends ObjectYPT {
$this->seconds_watching_video = intval($this->seconds_watching_video);
$this->json = $global['mysqli']->real_escape_string($this->json);
$this->json = ($this->json);
return parent::save();
}

186
plugin/AD_Overlay/Objects/AD_Overlay_Code.php
View file

@ -1,93 +1,93 @@
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/user.php';
class AD_Overlay_Code extends ObjectYPT {
protected $id, $users_id, $code, $status;
function loadFromUser($users_id) {
$row = self::getFromDbFromUser($users_id);
$this->setUsers_id($users_id);
if (empty($row))
return false;
foreach ($row as $key => $value) {
$this->$key = $value;
}
return true;
}
static protected function getFromDbFromUser($users_id) {
global $global;
$users_id = intval($users_id);
$sql = "SELECT * FROM " . static::getTableName() . " WHERE users_id = ? LIMIT 1";
// I had to add this because the about from customize plugin was not loading on the about page http://127.0.0.1/AVideo/about
$res = sqlDAL::readSql($sql, "i", array($users_id));
$data = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if ($res) {
$row = $data;
} else {
$row = false;
}
return $row;
}
static function getSearchFieldsNames() {
return array('code');
}
static function getTableName() {
return 'ad_overlay_codes';
}
function getUsers_id() {
return $this->users_id;
}
function getCode() {
return trim($this->code);
}
function setUsers_id($users_id) {
$this->users_id = $users_id;
}
function setCode($code) {
$this->code = self::filterCode($code);
}
function getStatus() {
return $this->status;
}
function setStatus($status) {
$this->status = $status;
}
static function filterCode($data) {
global $global;
//$data = preg_replace('/[\x00-\x1F\x7F]/u', '', $data);
// normalize $data because of get_magic_quotes_gpc
$dataNeedsStripSlashes = get_magic_quotes_gpc();
if ($dataNeedsStripSlashes) {
$data = stripslashes($data);
}
// normalize $data because of whitespace on beginning and end
$data = trim($data);
// strip tags
//$data = strip_tags($data);
// replace characters with their HTML entitites
//$data = htmlentities($data);
// mysql escape string
$data = $global['mysqli']->real_escape_string($data);
return $data;
}
}
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/user.php';
class AD_Overlay_Code extends ObjectYPT {
protected $id, $users_id, $code, $status;
function loadFromUser($users_id) {
$row = self::getFromDbFromUser($users_id);
$this->setUsers_id($users_id);
if (empty($row))
return false;
foreach ($row as $key => $value) {
$this->$key = $value;
}
return true;
}
static protected function getFromDbFromUser($users_id) {
global $global;
$users_id = intval($users_id);
$sql = "SELECT * FROM " . static::getTableName() . " WHERE users_id = ? LIMIT 1";
// I had to add this because the about from customize plugin was not loading on the about page http://127.0.0.1/AVideo/about
$res = sqlDAL::readSql($sql, "i", array($users_id));
$data = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if ($res) {
$row = $data;
} else {
$row = false;
}
return $row;
}
static function getSearchFieldsNames() {
return array('code');
}
static function getTableName() {
return 'ad_overlay_codes';
}
function getUsers_id() {
return $this->users_id;
}
function getCode() {
return trim($this->code);
}
function setUsers_id($users_id) {
$this->users_id = $users_id;
}
function setCode($code) {
$this->code = self::filterCode($code);
}
function getStatus() {
return $this->status;
}
function setStatus($status) {
$this->status = $status;
}
static function filterCode($data) {
global $global;
//$data = preg_replace('/[\x00-\x1F\x7F]/u', '', $data);
// normalize $data because of get_magic_quotes_gpc
$dataNeedsStripSlashes = get_magic_quotes_gpc();
if ($dataNeedsStripSlashes) {
$data = stripslashes($data);
}
// normalize $data because of whitespace on beginning and end
$data = trim($data);
// strip tags
//$data = strip_tags($data);
// replace characters with their HTML entitites
//$data = htmlentities($data);
// mysql escape string
$data = ($data);
return $data;
}
}

176
plugin/AD_Server_Location/Objects/CampaignLocations.php
View file

@ -1,88 +1,88 @@
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/user.php';
class CampaignLocations extends ObjectYPT {
protected $id, $country_name, $region_name, $city_name, $vast_campaigns_id;
static function getSearchFieldsNames() {
return array('country_name','region_name','city_name');
}
static function getTableName() {
return 'campaign_locations';
}
function getCountry_name() {
return $this->country_name;
}
function getRegion_name() {
return $this->region_name;
}
function getCity_name() {
return $this->city_name;
}
function getVast_campaigns_id() {
return $this->vast_campaigns_id;
}
function setCountry_name($country_name) {
global $global;
$country_name = $global['mysqli']->real_escape_string($country_name);
$this->country_name = $country_name;
}
function setRegion_name($region_name) {
global $global;
$region_name = $global['mysqli']->real_escape_string($region_name);
$this->region_name = $region_name;
}
function setCity_name($city_name) {
global $global;
$city_name = $global['mysqli']->real_escape_string($city_name);
$this->city_name = $city_name;
}
function setVast_campaigns_id($vast_campaigns_id) {
$this->vast_campaigns_id = $vast_campaigns_id;
}
public function getCampaignLocations(){
global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE vast_campaigns_id={$this->vast_campaigns_id} ";
$sql .= self::getSqlFromPost();
$res = sqlDAL::readSql($sql);
$fullData = sqlDAL::fetchAllAssoc($res);
sqlDAL::close($res);
$rows = array();
if ($res!=false) {
foreach ($fullData as $row) {
$rows[] = $row;
}
} else {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
return $rows;
}
static function deleteFromCapmpaign($vast_campaigns_id) {
global $global;
if (!empty($vast_campaigns_id)) {
$sql = "DELETE FROM " . static::getTableName() . " ";
$sql .= " WHERE vast_campaigns_id = ?";
$global['lastQuery'] = $sql;
//_error_log("Delete Query: ".$sql);
return sqlDAL::writeSql($sql,"i",array($vast_campaigns_id));
}
_error_log("Id for table " . static::getTableName() . " not defined for deletion");
return false;
}
}
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/user.php';
class CampaignLocations extends ObjectYPT {
protected $id, $country_name, $region_name, $city_name, $vast_campaigns_id;
static function getSearchFieldsNames() {
return array('country_name','region_name','city_name');
}
static function getTableName() {
return 'campaign_locations';
}
function getCountry_name() {
return $this->country_name;
}
function getRegion_name() {
return $this->region_name;
}
function getCity_name() {
return $this->city_name;
}
function getVast_campaigns_id() {
return $this->vast_campaigns_id;
}
function setCountry_name($country_name) {
global $global;
$country_name = ($country_name);
$this->country_name = $country_name;
}
function setRegion_name($region_name) {
global $global;
$region_name = ($region_name);
$this->region_name = $region_name;
}
function setCity_name($city_name) {
global $global;
$city_name = ($city_name);
$this->city_name = $city_name;
}
function setVast_campaigns_id($vast_campaigns_id) {
$this->vast_campaigns_id = $vast_campaigns_id;
}
public function getCampaignLocations(){
global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE vast_campaigns_id={$this->vast_campaigns_id} ";
$sql .= self::getSqlFromPost();
$res = sqlDAL::readSql($sql);
$fullData = sqlDAL::fetchAllAssoc($res);
sqlDAL::close($res);
$rows = array();
if ($res!=false) {
foreach ($fullData as $row) {
$rows[] = $row;
}
} else {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
return $rows;
}
static function deleteFromCapmpaign($vast_campaigns_id) {
global $global;
if (!empty($vast_campaigns_id)) {
$sql = "DELETE FROM " . static::getTableName() . " ";
$sql .= " WHERE vast_campaigns_id = ?";
$global['lastQuery'] = $sql;
//_error_log("Delete Query: ".$sql);
return sqlDAL::writeSql($sql,"i",array($vast_campaigns_id));
}
_error_log("Id for table " . static::getTableName() . " not defined for deletion");
return false;
}
}

380
plugin/CloneSite/Objects/Clones.php
View file

@ -1,186 +1,194 @@
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/user.php';
class Clones extends ObjectYPT
{
protected $id;
protected $url;
protected $status;
protected $key;
protected $last_clone_request;
public static function getSearchFieldsNames()
{
return ['url'];
}
public static function getTableName()
{
return 'clone_SitesAllowed';
}
public static function getFromURL($url)
{
global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE url = ? LIMIT 1";
$res = sqlDAL::readSql($sql, "s", [$url]);
$data = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if ($res) {
$row = $data;
} else {
$row = false;
}
return $row;
}
public function updateLastCloneRequest()
{
global $global;
if (!empty($this->id)) {
$sql = "UPDATE " . static::getTableName() . " SET last_clone_request = now() ";
$sql .= " WHERE id = {$this->id}";
} else {
return false;
}
$insert_row = sqlDAL::writeSql($sql);
if ($insert_row) {
$id = $this->id;
return $id;
} else {
die($sql . ' Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
}
public function loadFromURL($url)
{
$row = self::getFromURL($url);
if (empty($row)) {
return false;
}
foreach ($row as $key => $value) {
$this->$key = $value;
}
return true;
}
public static function thisURLCanCloneMe($url, $key)
{
$resp = new stdClass();
$resp->canClone = false;
$resp->clone = null;
$resp->msg = "";
$clone = new Clones(0);
$clone->loadFromURL($url);
if (empty($clone->getId())) {
$resp->msg = "The URL {$url} was just added in our server, ask the Server Manager to approve this URL on plugins->Clone Site->Clones Manager (The Blue Button) and Activate your client";
self::addURL($url, $key);
return $resp;
}
if ($clone->getKey() !== $key) {
$resp->msg = "Invalid Key";
return $resp;
}
if ($clone->getStatus() !== 'a') {
$resp->msg = "The URL {$url} is inactive in our Clone Server";
return $resp;
}
$resp->clone = $clone;
$resp->canClone = true;
return $resp;
}
public static function addURL($url, $key)
{
$clone = new Clones(0);
$clone->loadFromURL($url);
if (empty($clone->getId())) {
$clone->setUrl($url);
$clone->setKey($key);
return $clone->save();
}
return false;
}
public function save()
{
global $global;
if (empty($this->status)) {
$this->status = 'i';
}
if (empty($this->last_clone_request)) {
$this->last_clone_request = 'null';
}
$this->key = $global['mysqli']->real_escape_string($this->key);
$this->url = $global['mysqli']->real_escape_string($this->url);
return parent::save();
}
public function getId()
{
return $this->id;
}
public function getUrl()
{
return $this->url;
}
public function getStatus()
{
return $this->status;
}
public function getKey()
{
return $this->key;
}
public function getLast_clone_request()
{
return $this->last_clone_request;
}
public function setId($id)
{
$this->id = $id;
}
public function setUrl($url)
{
$this->url = $url;
}
public function setStatus($status)
{
$this->status = $status;
}
public function setKey($key)
{
$this->key = $key;
}
public function setLast_clone_request($last_clone_request)
{
$this->last_clone_request = $last_clone_request;
}
public function toogleStatus()
{
if (empty($this->id)) {
return false;
}
if ($this->status==='i') {
$this->status='a';
} else {
$this->status='i';
}
return $this->save();
}
}
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/user.php';
class Clones extends ObjectYPT
{
protected $id;
protected $url;
protected $status;
protected $key;
protected $last_clone_request;
public static function getSearchFieldsNames()
{
return ['url'];
}
public static function getTableName()
{
return 'clone_SitesAllowed';
}
public static function getFromURL($url)
{
global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE url = ? LIMIT 1";
$res = sqlDAL::readSql($sql, "s", [$url]);
$data = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if ($res) {
$row = $data;
} else {
$row = false;
}
return $row;
}
public function updateLastCloneRequest()
{
global $global;
if (!empty($this->id)) {
$sql = "UPDATE " . static::getTableName() . " SET last_clone_request = now() ";
$sql .= " WHERE id = {$this->id}";
} else {
return false;
}
$insert_row = sqlDAL::writeSql($sql);
if ($insert_row) {
$id = $this->id;
return $id;
} else {
die($sql . ' Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
}
public function loadFromURL($url){
if(!isValidURL($url)){
return false;
}
$row = self::getFromURL($url);
if (empty($row)) {
return false;
}
foreach ($row as $key => $value) {
$this->$key = $value;
}
return true;
}
public static function thisURLCanCloneMe($url, $key)
{
$resp = new stdClass();
$resp->canClone = false;
$resp->clone = null;
$resp->msg = "";
if(!isValidURL($url)){
$resp->msg = "Invalid URL";
return $resp;
}
$clone = new Clones(0);
$clone->loadFromURL($url);
if (empty($clone->getId())) {
$resp->msg = "The URL {$url} was just added in our server, ask the Server Manager to approve this URL on plugins->Clone Site->Clones Manager (The Blue Button) and Activate your client";
self::addURL($url, $key);
return $resp;
}
if ($clone->getKey() !== $key) {
$resp->msg = "Invalid Key";
return $resp;
}
if ($clone->getStatus() !== 'a') {
$resp->msg = "The URL {$url} is inactive in our Clone Server";
return $resp;
}
$resp->clone = $clone;
$resp->canClone = true;
return $resp;
}
public static function addURL($url, $key)
{
$clone = new Clones(0);
$clone->loadFromURL($url);
if (empty($clone->getId())) {
$clone->setUrl($url);
$clone->setKey($key);
return $clone->save();
}
return false;
}
public function save()
{
global $global;
if (empty($this->status)) {
$this->status = 'i';
}
if (empty($this->last_clone_request)) {
$this->last_clone_request = 'null';
}
if(!isValidURL($this->url)){
return false;
}
$this->key = safeString($this->key, true);
$this->url = $this->url;
return parent::save();
}
public function getId()
{
return $this->id;
}
public function getUrl()
{
return $this->url;
}
public function getStatus()
{
return $this->status;
}
public function getKey()
{
return $this->key;
}
public function getLast_clone_request()
{
return $this->last_clone_request;
}
public function setId($id)
{
$this->id = $id;
}
public function setUrl($url){
if(isValidURL($url)){
$this->url = $url;
}
}
public function setStatus($status)
{
$this->status = $status;
}
public function setKey($key)
{
$this->key = safeString($key);
}
public function setLast_clone_request($last_clone_request)
{
$this->last_clone_request = $last_clone_request;
}
public function toogleStatus()
{
if (empty($this->id)) {
return false;
}
if ($this->status==='i') {
$this->status='a';
} else {
$this->status='i';
}
return $this->save();
}
}

2
plugin/Live/Live.php
View file

@ -3040,7 +3040,7 @@ Click <a href=\"{link}\">here</a> to join our live.";
}
if (!empty($_GET['catName'])) {
$catName = $global['mysqli']->real_escape_string($_GET['catName']);
$catName = ($_GET['catName']);
$sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))";
}

8
plugin/Live/Objects/LiveTransmition.php
View file

@ -75,7 +75,7 @@ class LiveTransmition extends ObjectYPT
public function setTitle($title)
{
global $global;
//$title = $global['mysqli']->real_escape_string($title);
//$title = ($title);
$this->title = xss_esc($title);
}
@ -107,7 +107,7 @@ class LiveTransmition extends ObjectYPT
public function setDescription($description)
{
global $global;
//$description = $global['mysqli']->real_escape_string($description);
//$description = ($description);
$this->description = xss_esc($description);
}
@ -204,7 +204,7 @@ class LiveTransmition extends ObjectYPT
{
global $global;
_mysql_connect();
$userName = $global['mysqli']->real_escape_string($userName);
$userName = ($userName);
$sql = "SELECT * FROM users WHERE user = ? LIMIT 1";
$res = sqlDAL::readSql($sql, "s", [$userName], true);
$data = sqlDAL::fetchAssoc($res);
@ -224,7 +224,7 @@ class LiveTransmition extends ObjectYPT
{
global $global;
_mysql_connect();
$channelName = $global['mysqli']->real_escape_string($channelName);
$channelName = ($channelName);
$sql = "SELECT * FROM users WHERE channelName = ? LIMIT 1";
$res = sqlDAL::readSql($sql, "s", [$channelName], true);
$data = sqlDAL::fetchAssoc($res);

6
plugin/Live/Objects/LiveTransmitionHistory.php
View file

@ -93,13 +93,13 @@ class LiveTransmitionHistory extends ObjectYPT {
global $global;
$Char = "&zwnj;";
$title = str_replace($Char, '', $title);
$title = $global['mysqli']->real_escape_string($title);
$title = ($title);
$this->title = $title;
}
public function setDescription($description) {
global $global;
$description = $global['mysqli']->real_escape_string($description);
$description = ($description);
$this->description = $description;
}
@ -354,7 +354,7 @@ class LiveTransmitionHistory extends ObjectYPT {
public static function getLatest($key, $live_servers_id = null, $active=false) {
global $global;
$key = $global['mysqli']->real_escape_string($key);
$key = ($key);
if (empty($key)) {
return false;

2
plugin/Live/Objects/Live_schedule.php
View file

@ -358,7 +358,7 @@ class Live_schedule extends ObjectYPT
$this->key = uniqid();
}
$this->description = $global['mysqli']->real_escape_string($this->description);
$this->description = ($this->description);
$this->_setTimeZone(date_default_timezone_get());

570
plugin/Live/Objects/Live_servers.php
View file

@ -1,285 +1,285 @@
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
class Live_servers extends ObjectYPT
{
protected $id;
protected $name;
protected $url;
protected $status;
protected $rtmp_server;
protected $playerServer;
protected $stats_url;
protected $disableDVR;
protected $disableGifThumbs;
protected $useAadaptiveMode;
protected $protectLive;
protected $getRemoteFile;
protected $restreamerURL;
protected $controlURL;
protected $webRTC_server;
public static function getSearchFieldsNames()
{
return ['name', 'url', 'rtmp_server', 'playerServer', 'stats_url', 'getRemoteFile'];
}
public static function getTableName()
{
return 'live_servers';
}
public function setId($id)
{
$this->id = intval($id);
}
public function setName($name)
{
$this->name = $name;
}
public function setUrl($url)
{
$this->url = $url;
}
public function setStatus($status)
{
$this->status = $status;
}
public function setRtmp_server($rtmp_server)
{
$this->rtmp_server = $rtmp_server;
}
public function setPlayerServer($playerServer)
{
$this->playerServer = $playerServer;
}
public function setStats_url($stats_url)
{
$this->stats_url = $stats_url;
}
public function setDisableDVR($disableDVR)
{
$this->disableDVR = intval($disableDVR);
}
public function setDisableGifThumbs($disableGifThumbs)
{
$this->disableGifThumbs = intval($disableGifThumbs);
}
public function setUseAadaptiveMode($useAadaptiveMode)
{
$this->useAadaptiveMode = intval($useAadaptiveMode);
}
public function setProtectLive($protectLive)
{
$this->protectLive = intval($protectLive);
}
public function setGetRemoteFile($getRemoteFile)
{
$this->getRemoteFile = $getRemoteFile;
}
public function getId()
{
return intval($this->id);
}
public function getName()
{
return $this->name;
}
public function getUrl()
{
return $this->url;
}
public function getStatus()
{
return $this->status;
}
public function getRtmp_server()
{
return trim($this->rtmp_server);
}
public function getPlayerServer()
{
return $this->playerServer;
}
public function getStats_url()
{
return $this->stats_url;
}
public function getDisableDVR()
{
return intval($this->disableDVR);
}
public function getDisableGifThumbs()
{
return intval($this->disableGifThumbs);
}
public function getUseAadaptiveMode()
{
return intval($this->useAadaptiveMode);
}
public function getProtectLive()
{
return intval($this->protectLive);
}
public function getGetRemoteFile()
{
return $this->getRemoteFile;
}
public function getRestreamerURL()
{
return $this->restreamerURL;
}
public function setRestreamerURL($restreamerURL)
{
$this->restreamerURL = $restreamerURL;
}
public function getControlURL()
{
return $this->controlURL;
}
public function setControlURL($controlURL)
{
$this->controlURL = $controlURL;
}
public function getwebRTC_server()
{
return $this->webRTC_server;
}
public function setwebRTC_server($webRTC_server)
{
$this->webRTC_server = addLastSlash($webRTC_server);
}
public static function getStatsFromId($live_servers_id, $force_recreate = false)
{
global $_getStatsFromId;
if (empty($force_recreate)) {
if (!isset($_getStatsFromId)) {
$_getStatsFromId = [];
}
if (isset($_getStatsFromId[$live_servers_id])) {
return $_getStatsFromId[$live_servers_id];
}
}
$ls = new Live_servers($live_servers_id);
if (empty($ls->getStatus()) || $ls->getStatus()=='i') {
_error_log("Live_servers:: getStatsFromId ERROR ".json_encode($ls));
$_getStatsFromId[$live_servers_id] = false;
} else {
$_getStatsFromId[$live_servers_id] = Live::_getStats($live_servers_id, $force_recreate);
}
return $_getStatsFromId[$live_servers_id];
}
public static function getAllActive()
{
global $global, $liveServersgetAllActive;
if (isset($liveServersgetAllActive)) {
return $liveServersgetAllActive;
}
if (!static::isTableInstalled()) {
return false;
}
$sql = "SELECT * FROM " . static::getTableName() . " WHERE status='a' ";
//$sql .= self::getSqlFromPost();
$res = sqlDAL::readSql($sql);
$fullData = sqlDAL::fetchAllAssoc($res);
sqlDAL::close($res);
$rows = [];
if ($res != false) {
foreach ($fullData as $row) {
$rows[] = $row;
}
} else {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
$liveServersgetAllActive = $rows;
return $rows;
}
public static function getServerFromRTMPHost($rtmpHostURI)
{
$obj = AVideoPlugin::getObjectData('Live');
if (empty($obj->useLiveServers)) {
return 0;
}
global $global;
$host = trim($rtmpHostURI);
$parts = parse_url($host);
$host = "rtmp://{$parts["host"]}{$parts["path"]}";
$host = $global['mysqli']->real_escape_string($host);
$sql = "SELECT * FROM " . static::getTableName() . " WHERE rtmp_server LIKE '%{$host}%' AND status = 'a' ";
$res = sqlDAL::readSql($sql);
$data = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if ($res) {
$row = $data;
} else {
$row = false;
}
return $row;
}
public static function getServerIdFromRTMPHost($rtmpHostURI)
{
$data = self::getServerFromRTMPHost($rtmpHostURI);
if ($data) {
$row = $data['id'];
} else {
$row = 0;
}
return intval($row);
}
public function save()
{
$id = parent::save();
if ($id) {
_session_start();
$_SESSION['useAadaptiveMode'] = [];
$_SESSION['playerServer'] = [];
}
return $id;
}
public function delete()
{
if (!empty($this->id)) {
LiveTransmitionHistory::deleteAllFromLiveServer($this->id);
}
return parent::delete();
}
}
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
class Live_servers extends ObjectYPT
{
protected $id;
protected $name;
protected $url;
protected $status;
protected $rtmp_server;
protected $playerServer;
protected $stats_url;
protected $disableDVR;
protected $disableGifThumbs;
protected $useAadaptiveMode;
protected $protectLive;
protected $getRemoteFile;
protected $restreamerURL;
protected $controlURL;
protected $webRTC_server;
public static function getSearchFieldsNames()
{
return ['name', 'url', 'rtmp_server', 'playerServer', 'stats_url', 'getRemoteFile'];
}
public static function getTableName()
{
return 'live_servers';
}
public function setId($id)
{
$this->id = intval($id);
}
public function setName($name)
{
$this->name = $name;
}
public function setUrl($url)
{
$this->url = $url;
}
public function setStatus($status)
{
$this->status = $status;
}
public function setRtmp_server($rtmp_server)
{
$this->rtmp_server = $rtmp_server;
}
public function setPlayerServer($playerServer)
{
$this->playerServer = $playerServer;
}
public function setStats_url($stats_url)
{
$this->stats_url = $stats_url;
}
public function setDisableDVR($disableDVR)
{
$this->disableDVR = intval($disableDVR);
}
public function setDisableGifThumbs($disableGifThumbs)
{
$this->disableGifThumbs = intval($disableGifThumbs);
}
public function setUseAadaptiveMode($useAadaptiveMode)
{
$this->useAadaptiveMode = intval($useAadaptiveMode);
}
public function setProtectLive($protectLive)
{
$this->protectLive = intval($protectLive);
}
public function setGetRemoteFile($getRemoteFile)
{
$this->getRemoteFile = $getRemoteFile;
}
public function getId()
{
return intval($this->id);
}
public function getName()
{
return $this->name;
}
public function getUrl()
{
return $this->url;
}
public function getStatus()
{
return $this->status;
}
public function getRtmp_server()
{
return trim($this->rtmp_server);
}
public function getPlayerServer()
{
return $this->playerServer;
}
public function getStats_url()
{
return $this->stats_url;
}
public function getDisableDVR()
{
return intval($this->disableDVR);
}
public function getDisableGifThumbs()
{
return intval($this->disableGifThumbs);
}
public function getUseAadaptiveMode()
{
return intval($this->useAadaptiveMode);
}
public function getProtectLive()
{
return intval($this->protectLive);
}
public function getGetRemoteFile()
{
return $this->getRemoteFile;
}
public function getRestreamerURL()
{
return $this->restreamerURL;
}
public function setRestreamerURL($restreamerURL)
{
$this->restreamerURL = $restreamerURL;
}
public function getControlURL()
{
return $this->controlURL;
}
public function setControlURL($controlURL)
{
$this->controlURL = $controlURL;
}
public function getwebRTC_server()
{
return $this->webRTC_server;
}
public function setwebRTC_server($webRTC_server)
{
$this->webRTC_server = addLastSlash($webRTC_server);
}
public static function getStatsFromId($live_servers_id, $force_recreate = false)
{
global $_getStatsFromId;
if (empty($force_recreate)) {
if (!isset($_getStatsFromId)) {
$_getStatsFromId = [];
}
if (isset($_getStatsFromId[$live_servers_id])) {
return $_getStatsFromId[$live_servers_id];
}
}
$ls = new Live_servers($live_servers_id);
if (empty($ls->getStatus()) || $ls->getStatus()=='i') {
_error_log("Live_servers:: getStatsFromId ERROR ".json_encode($ls));
$_getStatsFromId[$live_servers_id] = false;
} else {
$_getStatsFromId[$live_servers_id] = Live::_getStats($live_servers_id, $force_recreate);
}
return $_getStatsFromId[$live_servers_id];
}
public static function getAllActive()
{
global $global, $liveServersgetAllActive;
if (isset($liveServersgetAllActive)) {
return $liveServersgetAllActive;
}
if (!static::isTableInstalled()) {
return false;
}
$sql = "SELECT * FROM " . static::getTableName() . " WHERE status='a' ";
//$sql .= self::getSqlFromPost();
$res = sqlDAL::readSql($sql);
$fullData = sqlDAL::fetchAllAssoc($res);
sqlDAL::close($res);
$rows = [];
if ($res != false) {
foreach ($fullData as $row) {
$rows[] = $row;
}
} else {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
$liveServersgetAllActive = $rows;
return $rows;
}
public static function getServerFromRTMPHost($rtmpHostURI)
{
$obj = AVideoPlugin::getObjectData('Live');
if (empty($obj->useLiveServers)) {
return 0;
}
global $global;
$host = trim($rtmpHostURI);
$parts = parse_url($host);
$host = "rtmp://{$parts["host"]}{$parts["path"]}";
$host = ($host);
$sql = "SELECT * FROM " . static::getTableName() . " WHERE rtmp_server LIKE '%{$host}%' AND status = 'a' ";
$res = sqlDAL::readSql($sql);
$data = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if ($res) {
$row = $data;
} else {
$row = false;
}
return $row;
}
public static function getServerIdFromRTMPHost($rtmpHostURI)
{
$data = self::getServerFromRTMPHost($rtmpHostURI);
if ($data) {
$row = $data['id'];
} else {
$row = 0;
}
return intval($row);
}
public function save()
{
$id = parent::save();
if ($id) {
_session_start();
$_SESSION['useAadaptiveMode'] = [];
$_SESSION['playerServer'] = [];
}
return $id;
}
public function delete()
{
if (!empty($this->id)) {
LiveTransmitionHistory::deleteAllFromLiveServer($this->id);
}
return parent::delete();
}
}

2
plugin/LiveLinks/LiveLinks.php
View file

@ -304,7 +304,7 @@ class LiveLinks extends PluginAbstract {
}
if (!empty($_GET['catName'])) {
$catName = $global['mysqli']->real_escape_string($_GET['catName']);
$catName = ($_GET['catName']);
$sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))";
}

362
plugin/PayPalYPT/Objects/PayPalYPT_log.php
View file

@ -1,181 +1,181 @@
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
class PayPalYPT_log extends ObjectYPT
{
protected $id;
protected $agreement_id;
protected $users_id;
protected $json;
protected $recurring_payment_id;
protected $value;
protected $token;
public static function getSearchFieldsNames()
{
return ['agreement_id', 'json', 'recurring_payment_id', 'token'];
}
public static function getTableName()
{
return 'PayPalYPT_log';
}
public static function getAllUsers()
{
global $global;
$table = "users";
$sql = "SELECT * FROM {$table} WHERE 1=1 ";
$sql .= self::getSqlFromPost();
$res = sqlDAL::readSql($sql);
$fullData = sqlDAL::fetchAllAssoc($res);
sqlDAL::close($res);
$rows = [];
if ($res != false) {
foreach ($fullData as $row) {
$rows[] = $row;
}
} else {
_error_log($sql . ' Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
return $rows;
}
public function setId($id)
{
$this->id = intval($id);
}
public function setAgreement_id($agreement_id)
{
$this->agreement_id = $agreement_id;
}
public function setUsers_id($users_id)
{
$this->users_id = intval($users_id);
}
public function setJson($json)
{
if (!is_string($json)) {
$json = _json_encode($json);
}
$this->json = $json;
}
public function setRecurring_payment_id($recurring_payment_id)
{
$this->recurring_payment_id = $recurring_payment_id;
}
public function setValue($value)
{
$this->value = floatval($value);
}
public function setToken($token)
{
$this->token = $token;
}
public function getId()
{
return intval($this->id);
}
public function getAgreement_id()
{
return $this->agreement_id;
}
public function getUsers_id()
{
return intval($this->users_id);
}
public function getJson()
{
return $this->json;
}
public function getRecurring_payment_id()
{
return $this->recurring_payment_id;
}
public function getValue()
{
return floatval($this->value);
}
public function getToken()
{
return $this->token;
}
public static function getFromToken($token)
{
global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE token = ? LIMIT 1";
// I had to add this because the about from customize plugin was not loading on the about page http://127.0.0.1/AVideo/about
$res = sqlDAL::readSql($sql, "s", [$token], true);
$data = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if ($res) {
$row = $data;
} else {
$row = false;
}
return $row;
}
public static function getFromRecurringPaymentId($recurring_payment_id)
{
global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE recurring_payment_id = ? LIMIT 1";
// I had to add this because the about from customize plugin was not loading on the about page http://127.0.0.1/AVideo/about
$res = sqlDAL::readSql($sql, "s", [$recurring_payment_id], true);
$data = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if ($res) {
$row = $data;
} else {
$row = false;
}
return $row;
}
public static function getAllFromUser($users_id)
{
global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE users_id = ? ";
$sql .= self::getSqlFromPost();
$res = sqlDAL::readSql($sql, "i", [$users_id]);
$fullData = sqlDAL::fetchAllAssoc($res);
sqlDAL::close($res);
$rows = [];
if ($res != false) {
foreach ($fullData as $row) {
$search = ['"get":{"json":"{', '}","success"'];
$replace = ['"get":{"json":{', '},"success"'];
$row['json'] = str_replace($search, $replace, $row['json']);
$rows[] = $row;
}
} else {
_error_log($sql . ' Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
return $rows;
}
public function save()
{
global $global;
$this->json = $global['mysqli']->real_escape_string($this->json);
return parent::save();
}
}
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
class PayPalYPT_log extends ObjectYPT
{
protected $id;
protected $agreement_id;
protected $users_id;
protected $json;
protected $recurring_payment_id;
protected $value;
protected $token;
public static function getSearchFieldsNames()
{
return ['agreement_id', 'json', 'recurring_payment_id', 'token'];
}
public static function getTableName()
{
return 'PayPalYPT_log';
}
public static function getAllUsers()
{
global $global;
$table = "users";
$sql = "SELECT * FROM {$table} WHERE 1=1 ";
$sql .= self::getSqlFromPost();
$res = sqlDAL::readSql($sql);
$fullData = sqlDAL::fetchAllAssoc($res);
sqlDAL::close($res);
$rows = [];
if ($res != false) {
foreach ($fullData as $row) {
$rows[] = $row;
}
} else {
_error_log($sql . ' Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
return $rows;
}
public function setId($id)
{
$this->id = intval($id);
}
public function setAgreement_id($agreement_id)
{
$this->agreement_id = $agreement_id;
}
public function setUsers_id($users_id)
{
$this->users_id = intval($users_id);
}
public function setJson($json)
{
if (!is_string($json)) {
$json = _json_encode($json);
}
$this->json = $json;
}
public function setRecurring_payment_id($recurring_payment_id)
{
$this->recurring_payment_id = $recurring_payment_id;
}
public function setValue($value)
{
$this->value = floatval($value);
}
public function setToken($token)
{
$this->token = $token;
}
public function getId()
{
return intval($this->id);
}
public function getAgreement_id()
{
return $this->agreement_id;
}
public function getUsers_id()
{
return intval($this->users_id);
}
public function getJson()
{
return $this->json;
}
public function getRecurring_payment_id()
{
return $this->recurring_payment_id;
}
public function getValue()
{
return floatval($this->value);
}
public function getToken()
{
return $this->token;
}
public static function getFromToken($token)
{
global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE token = ? LIMIT 1";
// I had to add this because the about from customize plugin was not loading on the about page http://127.0.0.1/AVideo/about
$res = sqlDAL::readSql($sql, "s", [$token], true);
$data = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if ($res) {
$row = $data;
} else {
$row = false;
}
return $row;
}
public static function getFromRecurringPaymentId($recurring_payment_id)
{
global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE recurring_payment_id = ? LIMIT 1";
// I had to add this because the about from customize plugin was not loading on the about page http://127.0.0.1/AVideo/about
$res = sqlDAL::readSql($sql, "s", [$recurring_payment_id], true);
$data = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if ($res) {
$row = $data;
} else {
$row = false;
}
return $row;
}
public static function getAllFromUser($users_id)
{
global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE users_id = ? ";
$sql .= self::getSqlFromPost();
$res = sqlDAL::readSql($sql, "i", [$users_id]);
$fullData = sqlDAL::fetchAllAssoc($res);
sqlDAL::close($res);
$rows = [];
if ($res != false) {
foreach ($fullData as $row) {
$search = ['"get":{"json":"{', '}","success"'];
$replace = ['"get":{"json":{', '},"success"'];
$row['json'] = str_replace($search, $replace, $row['json']);
$rows[] = $row;
}
} else {
_error_log($sql . ' Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
return $rows;
}
public function save()
{
global $global;
$this->json = ($this->json);
return parent::save();
}
}

4
plugin/Scheduler/Objects/Scheduler_commands.php
View file

@ -102,7 +102,7 @@ class Scheduler_commands extends ObjectYPT {
global $global;
if(!is_string($parameters)){
$parameters = _json_encode($parameters);
$parameters = $global['mysqli']->real_escape_string($parameters);
$parameters = ($parameters);
}
$this->parameters = $parameters;
@ -158,7 +158,7 @@ class Scheduler_commands extends ObjectYPT {
function setExecuted($callbackResponse) {
if (!is_string($callbackResponse)) {
$callbackResponse = json_encode($callbackResponse);
$callbackResponse = $global['mysqli']->real_escape_string($callbackResponse);
$callbackResponse = ($callbackResponse);
}
$this->setExecuted_in(date('Y-m-d H:i:s'));
$this->setCallbackResponse($callbackResponse);

266
plugin/TopMenu/Objects/Menu.php
View file

@ -1,133 +1,133 @@
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/bootGrid.php';
require_once dirname(__FILE__) . '/../../../objects/user.php';
class Menu extends ObjectYPT {
static $typeLeftMenu = 1;
static $typeTopMenu = 2;
static $typeActionMenu = 3;
static $typeActionMenuCustomURL = 4;
static $typeActionMenuCustomURLForLoggedUsers = 5;
static $typeActionMenuCustomURLForUsersThatCanWatchVideo = 6;
static $typeActionMenuCustomURLForUsersThatCanNotWatchVideo = 7;
static $typeMobileTabMenu = 8;
static $typeMobileLeftMenu = 9;
static $typeMobileTabMenuInABrowser = 10;
static $typeMobileLeftMenuInABrowser = 11;
static $typeName = array(
1=>'Left',
2=>'Top',
3=>'Action',
4=>'Action Per Video',
5=>'Action Per Video For Logged Users Only',
6=>'Action Per Video For Users That can Watch Video',
7=>'Action Per Video For Users That can NOT Watch Video',
8=>'Mobile Tab Menu',
9=>'Mobile Left Menu',
10=>'Mobile Tab Menu in a Browser',
11=>'Mobile Left Menu in a Browser');
protected $id, $menuName, $categories_id, $users_groups_id, $menu_order, $status, $position, $type, $icon, $menuSeoUrl;
static function getSearchFieldsNames() {
return array();
}
static function getTableName() {
return 'topMenu';
}
function setMenuName($menuName) {
$this->menuName = $menuName;
}
function setCategories_id($categories_id) {
$this->categories_id = $categories_id;
}
function setUsers_groups_id($users_groups_id) {
$this->users_groups_id = $users_groups_id;
}
function setMenu_order($menu_order) {
$this->menu_order = $menu_order;
}
function setStatus($status) {
$this->status = $status;
}
function setPosition($position) {
$this->position = $position;
}
function setType($type) {
$this->type = $type;
}
function setIcon($icon) {
$this->icon = $icon;
}
function setmenuSeoUrl($menuSeoUrl){
$this->menuSeoUrl=$menuSeoUrl;
}
static function getAllActive($type=false) {
global $global;
$sql = "SELECT * FROM ".static::getTableName()." WHERE status = 'active' ";
if(!empty($type)){
$sql .= " AND type = $type ";
}
$sql .= " ORDER BY menu_order ";
_mysql_connect();
$res = $global['mysqli']->query($sql);
$rows = array();
if ($res) {
while ($row = $res->fetch_assoc()) {
$rows[] = $row;
}
}
return $rows;
}
function save() {
global $global;
if(empty($this->menuName)){
$this->menuName = 'Unknow Menu Name';
}
if(empty($this->categories_id)){
$this->categories_id = 'null';
}
if(empty($this->users_groups_id)){
$this->users_groups_id = 'null';
}
if(empty($this->menu_order)){
$this->menu_order = 0;
}
if(empty($this->status)){
$this->status = "active";
}
if(empty($this->position)){
$this->position = "right";
}
if(empty($this->type)){
$this->type = 1;
}
if(empty($this->menuSeoUrl)){
$this->menuSeoUrl=$this->menuName;
}
$this->menuSeoUrl=$global['mysqli']->real_escape_string(preg_replace('/[^a-z0-9]+/', '_', strtolower($this->menuSeoUrl)));
return parent::save();
}
}
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/bootGrid.php';
require_once dirname(__FILE__) . '/../../../objects/user.php';
class Menu extends ObjectYPT {
static $typeLeftMenu = 1;
static $typeTopMenu = 2;
static $typeActionMenu = 3;
static $typeActionMenuCustomURL = 4;
static $typeActionMenuCustomURLForLoggedUsers = 5;
static $typeActionMenuCustomURLForUsersThatCanWatchVideo = 6;
static $typeActionMenuCustomURLForUsersThatCanNotWatchVideo = 7;
static $typeMobileTabMenu = 8;
static $typeMobileLeftMenu = 9;
static $typeMobileTabMenuInABrowser = 10;
static $typeMobileLeftMenuInABrowser = 11;
static $typeName = array(
1=>'Left',
2=>'Top',
3=>'Action',
4=>'Action Per Video',
5=>'Action Per Video For Logged Users Only',
6=>'Action Per Video For Users That can Watch Video',
7=>'Action Per Video For Users That can NOT Watch Video',
8=>'Mobile Tab Menu',
9=>'Mobile Left Menu',
10=>'Mobile Tab Menu in a Browser',
11=>'Mobile Left Menu in a Browser');
protected $id, $menuName, $categories_id, $users_groups_id, $menu_order, $status, $position, $type, $icon, $menuSeoUrl;
static function getSearchFieldsNames() {
return array();
}
static function getTableName() {
return 'topMenu';
}
function setMenuName($menuName) {
$this->menuName = $menuName;
}
function setCategories_id($categories_id) {
$this->categories_id = $categories_id;
}
function setUsers_groups_id($users_groups_id) {
$this->users_groups_id = $users_groups_id;
}
function setMenu_order($menu_order) {
$this->menu_order = $menu_order;
}
function setStatus($status) {
$this->status = $status;
}
function setPosition($position) {
$this->position = $position;
}
function setType($type) {
$this->type = $type;
}
function setIcon($icon) {
$this->icon = $icon;
}
function setmenuSeoUrl($menuSeoUrl){
$this->menuSeoUrl=$menuSeoUrl;
}
static function getAllActive($type=false) {
global $global;
$sql = "SELECT * FROM ".static::getTableName()." WHERE status = 'active' ";
if(!empty($type)){
$sql .= " AND type = $type ";
}
$sql .= " ORDER BY menu_order ";
_mysql_connect();
$res = $global['mysqli']->query($sql);
$rows = array();
if ($res) {
while ($row = $res->fetch_assoc()) {
$rows[] = $row;
}
}
return $rows;
}
function save() {
global $global;
if(empty($this->menuName)){
$this->menuName = 'Unknow Menu Name';
}
if(empty($this->categories_id)){
$this->categories_id = 'null';
}
if(empty($this->users_groups_id)){
$this->users_groups_id = 'null';
}
if(empty($this->menu_order)){
$this->menu_order = 0;
}
if(empty($this->status)){
$this->status = "active";
}
if(empty($this->position)){
$this->position = "right";
}
if(empty($this->type)){
$this->type = 1;
}
if(empty($this->menuSeoUrl)){
$this->menuSeoUrl=$this->menuName;
}
$this->menuSeoUrl=(preg_replace('/[^a-z0-9]+/', '_', strtolower($this->menuSeoUrl)));
return parent::save();
}
}

284
plugin/TopMenu/Objects/MenuItem.php
View file

@ -1,142 +1,142 @@
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/bootGrid.php';
require_once dirname(__FILE__) . '/../../../objects/user.php';
class MenuItem extends ObjectYPT {
protected $id, $title, $image, $url, $class, $style, $item_order, $topMenu_id, $status, $text, $icon, $clean_url, $menuSeoUrlItem;
static function getSearchFieldsNames() {
return array();
}
static function getTableName() {
return 'topMenu_items';
}
static function getAllFromMenu($menu_id, $activeOnly = false, $sort = true) {
global $global;
$menu_id = intval($menu_id);
if (empty($menu_id)) {
return false;
}
$sql = "SELECT * FROM " . static::getTableName() . " WHERE topMenu_id = {$menu_id}";
if ($activeOnly) {
$sql .= " AND status = 'active' ";
}
if ($sort) {
$sql .= " ORDER BY item_order ";
}
$res = $global['mysqli']->query($sql);
$rows = array();
if ($res) {
$webSiteRootURLParse = parse_url($global['webSiteRootURL']);
$webSiteRootURLParse['host'] = strtolower($webSiteRootURLParse['host']);
while ($row = $res->fetch_assoc()) {
$row['finalURL'] = $row['url'];
$row['target'] = "";
if (!empty($row['url']) && strpos($row['url'], 'iframe:') === false) {// it is not an iframe
$parse = parse_url($row['url']);
if (!empty($parse['host']) && strtolower($parse['host']) !== $webSiteRootURLParse['host']) {// it is to another domain
$row['target'] = " target='_blank' rel='noopener noreferrer' ";
}
} else {
if (!empty($row['menuSeoUrlItem'])) {
$row['finalURL'] = $global['webSiteRootURL'] . "menu/{$row['menuSeoUrlItem']}";
} else {
$row['finalURL'] = $global['webSiteRootURL'] . "plugin/TopMenu/?id={$row['id']}";
}
}
$rows[] = $row;
}
} else {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
return $rows;
}
function setTitle($title) {
$this->title = $title;
}
function setImage($image) {
$this->image = $image;
}
function setUrl($url) {
$this->url = $url;
}
function setClass($class) {
$this->class = $class;
}
function setStyle($style) {
$this->style = $style;
}
function setItem_order($item_order) {
$this->item_order = intval($item_order);
}
function setTopMenu_id($topMenu_id) {
$this->topMenu_id = intval($topMenu_id);
}
function setStatus($status) {
$this->status = $status;
}
function setText($text) {
$this->text = $text;
}
function setIcon($icon) {
$this->icon = $icon;
}
function setClean_url($clean_url) {
$this->clean_url = $clean_url;
}
function setmenuSeoUrlItem($menuSeoUrlItem) {
$this->menuSeoUrlItem = $menuSeoUrlItem;
}
function save() {
global $global;
if (empty($this->title)) {
$this->title = "Unknow Item Menu Title";
}
if (empty($this->status)) {
$this->status = "active";
}
if (empty($this->menuSeoUrlItem)) {
$this->menuSeoUrlItem = $this->title;
}
$this->menuSeoUrlItem = $global['mysqli']->real_escape_string(preg_replace('/[^a-z0-9]+/', '_', strtolower($this->title)));
$this->title = $global['mysqli']->real_escape_string($this->title);
$this->text = $global['mysqli']->real_escape_string($this->text);
return parent::save();
}
function getTitle() {
return $this->title;
}
function getText() {
return $this->text;
}
function getUrl() {
return $this->url;
}
}
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/bootGrid.php';
require_once dirname(__FILE__) . '/../../../objects/user.php';
class MenuItem extends ObjectYPT {
protected $id, $title, $image, $url, $class, $style, $item_order, $topMenu_id, $status, $text, $icon, $clean_url, $menuSeoUrlItem;
static function getSearchFieldsNames() {
return array();
}
static function getTableName() {
return 'topMenu_items';
}
static function getAllFromMenu($menu_id, $activeOnly = false, $sort = true) {
global $global;
$menu_id = intval($menu_id);
if (empty($menu_id)) {
return false;
}
$sql = "SELECT * FROM " . static::getTableName() . " WHERE topMenu_id = {$menu_id}";
if ($activeOnly) {
$sql .= " AND status = 'active' ";
}
if ($sort) {
$sql .= " ORDER BY item_order ";
}
$res = $global['mysqli']->query($sql);
$rows = array();
if ($res) {
$webSiteRootURLParse = parse_url($global['webSiteRootURL']);
$webSiteRootURLParse['host'] = strtolower($webSiteRootURLParse['host']);
while ($row = $res->fetch_assoc()) {
$row['finalURL'] = $row['url'];
$row['target'] = "";
if (!empty($row['url']) && strpos($row['url'], 'iframe:') === false) {// it is not an iframe
$parse = parse_url($row['url']);
if (!empty($parse['host']) && strtolower($parse['host']) !== $webSiteRootURLParse['host']) {// it is to another domain
$row['target'] = " target='_blank' rel='noopener noreferrer' ";
}
} else {
if (!empty($row['menuSeoUrlItem'])) {
$row['finalURL'] = $global['webSiteRootURL'] . "menu/{$row['menuSeoUrlItem']}";
} else {
$row['finalURL'] = $global['webSiteRootURL'] . "plugin/TopMenu/?id={$row['id']}";
}
}
$rows[] = $row;
}
} else {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
return $rows;
}
function setTitle($title) {
$this->title = $title;
}
function setImage($image) {
$this->image = $image;
}
function setUrl($url) {
$this->url = $url;
}
function setClass($class) {
$this->class = $class;
}
function setStyle($style) {
$this->style = $style;
}
function setItem_order($item_order) {
$this->item_order = intval($item_order);
}
function setTopMenu_id($topMenu_id) {
$this->topMenu_id = intval($topMenu_id);
}
function setStatus($status) {
$this->status = $status;
}
function setText($text) {
$this->text = $text;
}
function setIcon($icon) {
$this->icon = $icon;
}
function setClean_url($clean_url) {
$this->clean_url = $clean_url;
}
function setmenuSeoUrlItem($menuSeoUrlItem) {
$this->menuSeoUrlItem = $menuSeoUrlItem;
}
function save() {
global $global;
if (empty($this->title)) {
$this->title = "Unknow Item Menu Title";
}
if (empty($this->status)) {
$this->status = "active";
}
if (empty($this->menuSeoUrlItem)) {
$this->menuSeoUrlItem = $this->title;
}
$this->menuSeoUrlItem = (preg_replace('/[^a-z0-9]+/', '_', strtolower($this->title)));
$this->title = ($this->title);
$this->text = ($this->text);
return parent::save();
}
function getTitle() {
return $this->title;
}
function getText() {
return $this->text;
}
function getUrl() {
return $this->url;
}
}

2
plugin/TopMenu/TopMenu.php
View file

@ -91,7 +91,7 @@ class TopMenu extends PluginAbstract {
public function getidBySeoUrl($menuSeoUrlItem) {
global $global;
$sql="select id from topMenu_items where menuSeoUrlItem= ?";
$res=sqlDal::readSql($sql, "s", array($global['mysqli']->real_escape_string($menuSeoUrlItem)));
$res=sqlDal::readSql($sql, "s", array(($menuSeoUrlItem)));
$menuId=sqlDAL::fetchAssoc($res);
if(!isset($menuId['id']))
return false;

238
plugin/YPTWallet/Objects/Wallet.php
View file

@ -1,119 +1,119 @@
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/bootGrid.php';
require_once dirname(__FILE__) . '/../../../objects/video.php';
require_once dirname(__FILE__) . '/../../../objects/user.php';
class Wallet extends ObjectYPT {
protected $id, $balance, $users_id, $crypto_wallet_address;
static function getSearchFieldsNames() {
return array();
}
static function getTableName() {
return 'wallet';
}
function getBalance() {
if(empty($this->balance)){
return 0.0;
}
return floatval($this->balance);
}
function getId() {
return $this->id;
}
function setId($id) {
$this->id = $id;
}
function getUsers_id() {
return $this->users_id;
}
function setBalance($balance) {
$this->balance = floatval($balance);
}
function setUsers_id($users_id) {
$this->loadFromUser($users_id);
$this->users_id = $users_id;
}
// base64 is used to save hexa values as string in some databases
function getCrypto_wallet_address() {
return base64_decode($this->crypto_wallet_address);
}
function setCrypto_wallet_address($crypto_wallet_address) {
$this->crypto_wallet_address = base64_encode($crypto_wallet_address);
}
protected function loadFromUser($users_id) {
$row = self::getFromUser($users_id);
if (empty($row))
return false;
foreach ($row as $key => $value) {
$this->$key = $value;
}
return true;
}
static function getFromUser($users_id) {
global $global;
$users_id = intval($users_id);
$sql = "SELECT * FROM " . static::getTableName() . " WHERE users_id = $users_id LIMIT 1";
$res = $global['mysqli']->query($sql);
if ($res) {
$row = $res->fetch_assoc();
$res->free();// do not cache the result
} else {
$row = false;
}
return $row;
}
static function getFromWalletId($wallet_id) {
global $global;
$wallet_id = intval($wallet_id);
$sql = "SELECT u.*, w.* FROM " . static::getTableName() . " w "
. " LEFT JOIN users u ON u.id = users_id WHERE w.id = $wallet_id LIMIT 1";
//echo $sql;
$res = $global['mysqli']->query($sql);
if ($res) {
$row = $res->fetch_assoc();
$row = cleanUpRowFromDatabase($row);
} else {
$row = false;
}
return $row;
}
public function save() {
global $global;
$this->balance = floatval($this->balance);
$this->crypto_wallet_address = $global['mysqli']->real_escape_string($this->crypto_wallet_address);
ObjectYPT::clearSessionCache();
return parent::save();
}
static function getOrCreateFromUser($users_id) {
$wallet = self::getFromUser($users_id);
if(empty($wallet)){
$w = new Wallet(0);
$w->setBalance(0);
$w->setCrypto_wallet_address("");
$w->setUsers_id($users_id);
$w->save();
$wallet = self::getFromUser($users_id);
}
return $wallet;
}
}
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/bootGrid.php';
require_once dirname(__FILE__) . '/../../../objects/video.php';
require_once dirname(__FILE__) . '/../../../objects/user.php';
class Wallet extends ObjectYPT {
protected $id, $balance, $users_id, $crypto_wallet_address;
static function getSearchFieldsNames() {
return array();
}
static function getTableName() {
return 'wallet';
}
function getBalance() {
if(empty($this->balance)){
return 0.0;
}
return floatval($this->balance);
}
function getId() {
return $this->id;
}
function setId($id) {
$this->id = $id;
}
function getUsers_id() {
return $this->users_id;
}
function setBalance($balance) {
$this->balance = floatval($balance);
}
function setUsers_id($users_id) {
$this->loadFromUser($users_id);
$this->users_id = $users_id;
}
// base64 is used to save hexa values as string in some databases
function getCrypto_wallet_address() {
return base64_decode($this->crypto_wallet_address);
}
function setCrypto_wallet_address($crypto_wallet_address) {
$this->crypto_wallet_address = base64_encode($crypto_wallet_address);
}
protected function loadFromUser($users_id) {
$row = self::getFromUser($users_id);
if (empty($row))
return false;
foreach ($row as $key => $value) {
$this->$key = $value;
}
return true;
}
static function getFromUser($users_id) {
global $global;
$users_id = intval($users_id);
$sql = "SELECT * FROM " . static::getTableName() . " WHERE users_id = $users_id LIMIT 1";
$res = $global['mysqli']->query($sql);
if ($res) {
$row = $res->fetch_assoc();
$res->free();// do not cache the result
} else {
$row = false;
}
return $row;
}
static function getFromWalletId($wallet_id) {
global $global;
$wallet_id = intval($wallet_id);
$sql = "SELECT u.*, w.* FROM " . static::getTableName() . " w "
. " LEFT JOIN users u ON u.id = users_id WHERE w.id = $wallet_id LIMIT 1";
//echo $sql;
$res = $global['mysqli']->query($sql);
if ($res) {
$row = $res->fetch_assoc();
$row = cleanUpRowFromDatabase($row);
} else {
$row = false;
}
return $row;
}
public function save() {
global $global;
$this->balance = floatval($this->balance);
$this->crypto_wallet_address = ($this->crypto_wallet_address);
ObjectYPT::clearSessionCache();
return parent::save();
}
static function getOrCreateFromUser($users_id) {
$wallet = self::getFromUser($users_id);
if(empty($wallet)){
$w = new Wallet(0);
$w->setBalance(0);
$w->setCrypto_wallet_address("");
$w->setUsers_id($users_id);
$w->save();
$wallet = self::getFromUser($users_id);
}
return $wallet;
}
}

360
plugin/YPTWallet/Objects/Wallet_log.php
View file

@ -1,180 +1,180 @@
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/bootGrid.php';
require_once dirname(__FILE__) . '/../../../objects/video.php';
require_once dirname(__FILE__) . '/../../../objects/user.php';
require_once $global['systemRootPath'].'plugin/YPTWallet/Objects/Wallet.php';
class WalletLog extends ObjectYPT {
protected $id, $value, $description, $wallet_id, $json_data, $status, $type, $information;
static function getSearchFieldsNames() {
return array();
}
static function getTableName() {
return 'wallet_log';
}
function getValue() {
return $this->value;
}
function getDescription() {
return $this->description;
}
function getWallet_id() {
return $this->wallet_id;
}
function getJson_data() {
return $this->json_data;
}
function setValue($value) {
$this->value = $value;
}
function setDescription($description) {
$this->description = $description;
}
function setWallet_id($wallet_id) {
$this->wallet_id = $wallet_id;
}
function setJson_data($json_data) {
$this->json_data = $json_data;
}
function getStatus() {
return $this->status;
}
function getType() {
return $this->type;
}
function setStatus($status) {
$this->status = $status;
}
function setType($type) {
$this->type = $type;
}
function getInformation() {
return $this->information;
}
function setInformation($information) {
if(!is_string($information)){
$information = _json_encode($information);
}
$this->information = $information;
}
static function getAllFromWallet($wallet_id, $dontReturnEmpty = true, $status="") {
global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE 1=1 ";
if(!empty($wallet_id)){
$sql .= " AND wallet_id=$wallet_id ";
}
if($dontReturnEmpty){
$sql .= " AND value != 0.0 ";
}
if(!empty($status)){
$sql .= " AND status = '$status' ";
}
$sql .= self::getSqlFromPost();
$obj = AVideoPlugin::getObjectData("YPTWallet");
$res = $global['mysqli']->query($sql);
$rows = array();
if ($res) {
while ($row = $res->fetch_assoc()) {
$row['valueText'] = YPTWallet::formatCurrency($row['value']);
$row['wallet'] = Wallet::getFromWalletId($row['wallet_id']);
$row['user'] = $row['wallet']['user'];
$row['balance'] = $row['wallet']['balance'];
$row['crypto_wallet_address'] = "";
$rows[] = $row;
}
} else {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
return $rows;
}
static function getTotalFromWallet($wallet_id, $dontReturnEmpty = true, $status="") {
global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE 1=1 ";
if(!empty($wallet_id)){
$sql .= " AND wallet_id=$wallet_id ";
}
if($dontReturnEmpty){
$sql .= " AND value != 0.0 ";
}
if(!empty($status)){
$sql .= " AND status = '$status' ";
}
$sql .= self::getSqlSearchFromPost();
$res = $global['mysqli']->query($sql);
if(!$res){
return 0;
}
return $res->num_rows;
}
static function getAllFromUser($users_id, $dontReturnEmpty = true) {
$wallet = Wallet::getFromUser($users_id);
if(empty($wallet)){
return false;
}
return self::getAllFromWallet($wallet['id'], $dontReturnEmpty);
}
static function getTotalFromUser($users_id, $dontReturnEmpty = true) {
$wallet = Wallet::getFromUser($users_id);
if(empty($wallet)){
return false;
}
return self::getTotalFromWallet($wallet['id'], $dontReturnEmpty);
}
static function addLog($wallet_id, $value, $description="", $json_data="{}", $status="success", $type="", $information=''){
$log = new WalletLog(0);
$log->setWallet_id($wallet_id);
$log->setValue($value);
$log->setDescription($description);
$log->setJson_data($json_data);
$log->setStatus($status);
$log->setType($type);
$log->setInformation($information);
return $log->save();
}
function save() {
global $global;
$this->description = $global['mysqli']->real_escape_string($this->description);
$this->information = $global['mysqli']->real_escape_string($this->information);
return parent::save();
}
}
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/bootGrid.php';
require_once dirname(__FILE__) . '/../../../objects/video.php';
require_once dirname(__FILE__) . '/../../../objects/user.php';
require_once $global['systemRootPath'].'plugin/YPTWallet/Objects/Wallet.php';
class WalletLog extends ObjectYPT {
protected $id, $value, $description, $wallet_id, $json_data, $status, $type, $information;
static function getSearchFieldsNames() {
return array();
}
static function getTableName() {
return 'wallet_log';
}
function getValue() {
return $this->value;
}
function getDescription() {
return $this->description;
}
function getWallet_id() {
return $this->wallet_id;
}
function getJson_data() {
return $this->json_data;
}
function setValue($value) {
$this->value = $value;
}
function setDescription($description) {
$this->description = $description;
}
function setWallet_id($wallet_id) {
$this->wallet_id = $wallet_id;
}
function setJson_data($json_data) {
$this->json_data = $json_data;
}
function getStatus() {
return $this->status;
}
function getType() {
return $this->type;
}
function setStatus($status) {
$this->status = $status;
}
function setType($type) {
$this->type = $type;
}
function getInformation() {
return $this->information;
}
function setInformation($information) {
if(!is_string($information)){
$information = _json_encode($information);
}
$this->information = $information;
}
static function getAllFromWallet($wallet_id, $dontReturnEmpty = true, $status="") {
global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE 1=1 ";
if(!empty($wallet_id)){
$sql .= " AND wallet_id=$wallet_id ";
}
if($dontReturnEmpty){
$sql .= " AND value != 0.0 ";
}
if(!empty($status)){
$sql .= " AND status = '$status' ";
}
$sql .= self::getSqlFromPost();
$obj = AVideoPlugin::getObjectData("YPTWallet");
$res = $global['mysqli']->query($sql);
$rows = array();
if ($res) {
while ($row = $res->fetch_assoc()) {
$row['valueText'] = YPTWallet::formatCurrency($row['value']);
$row['wallet'] = Wallet::getFromWalletId($row['wallet_id']);
$row['user'] = $row['wallet']['user'];
$row['balance'] = $row['wallet']['balance'];
$row['crypto_wallet_address'] = "";
$rows[] = $row;
}
} else {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
return $rows;
}
static function getTotalFromWallet($wallet_id, $dontReturnEmpty = true, $status="") {
global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE 1=1 ";
if(!empty($wallet_id)){
$sql .= " AND wallet_id=$wallet_id ";
}
if($dontReturnEmpty){
$sql .= " AND value != 0.0 ";
}
if(!empty($status)){
$sql .= " AND status = '$status' ";
}
$sql .= self::getSqlSearchFromPost();
$res = $global['mysqli']->query($sql);
if(!$res){
return 0;
}
return $res->num_rows;
}
static function getAllFromUser($users_id, $dontReturnEmpty = true) {
$wallet = Wallet::getFromUser($users_id);
if(empty($wallet)){
return false;
}
return self::getAllFromWallet($wallet['id'], $dontReturnEmpty);
}
static function getTotalFromUser($users_id, $dontReturnEmpty = true) {
$wallet = Wallet::getFromUser($users_id);
if(empty($wallet)){
return false;
}
return self::getTotalFromWallet($wallet['id'], $dontReturnEmpty);
}
static function addLog($wallet_id, $value, $description="", $json_data="{}", $status="success", $type="", $information=''){
$log = new WalletLog(0);
$log->setWallet_id($wallet_id);
$log->setValue($value);
$log->setDescription($description);
$log->setJson_data($json_data);
$log->setStatus($status);
$log->setType($type);
$log->setInformation($information);
return $log->save();
}
function save() {
global $global;
$this->description = ($this->description);
$this->information = ($this->information);
return parent::save();
}
}

95
updatedb/updateDb.v12.0.sql Normal file
View file

@ -0,0 +1,95 @@
-- ### Credit
--
-- Discovered by Claudio Bozzato of Cisco Talos.
--
-- TALOS-2022-1534
--
-- Now the userUpdate.json.php requires a request from the same domain as the AVideo site
-- in aditional all save and delete database calls requires the same by default (a whitelist can be builded hardcoding it in the objects/Object.php file)
--
-- TALOS-2022-1535
--
-- Session ID will only change if you are not logged in
-- In case the session ID changed we will regenerate it with a new name avoiding reuse it
--
-- TALOS-2022-1536
--
-- plugin/Live/view/Live_schedule/add.json.php and objects/playlistAddNew.json.php will deny to update if the users_id is not = as the original record when it is editing
--
-- TALOS-2022-1537
--
-- Add a sanitize rule on the security file
--
--
-- TALOS-2022-1539
--
-- Add a sanitize rule on the view/img/image403.php file itself
--
-- TALOS-2022-1540
--
-- Video title and filename will always be sanitized on the setTitle method (sometimes more than once)
--
--
-- TALOS-2022-1542
--
-- httponly set to true
-- we are now using the passhash instead of the database pass in all site
-- the passhash is totally different than the original DB password, it a encrypted json and has an expiration time and also will be automatically rejected if the original password is updated
-- the login with the pass hash (database password field) directly will be disabled soon, for now it is only enabled to buy some time to update the other third parties apps
--
-- TALOS-2022-1545
--
-- Fixed on TALOS-2022-1542
--
-- TALOS-2022-1546
--
-- Filename is now sanitized with escapeshellarg(safeString($filename,true));
--
-- TALOS-2022-1538
--
-- all 4 parameters are sanitized now
-- also if the request does not come from the same site, the showAlertMessage() function will not be executed
--
-- TALOS-2022-1547
--
-- Now every time the admin login we will check if the new videos/.htaccess is there, and create it if it is not
-- <IfModule !authz_core_module>
-- Order Allow,Deny
-- Deny from all
-- </IfModule>
-- <IfModule authz_core_module>
-- Require all denied
-- </IfModule>
-- <filesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|swf|ts|txt|mp4|mp3|m3u8|webp|key|css|tff|woff|woff2)$">
-- <IfModule !authz_core_module>
-- Order Allow,Deny
-- Allow from all
-- </IfModule>
-- <IfModule authz_core_module>
-- Require all granted
-- </IfModule>
-- </filesMatch>
--
-- this will only allow access to only some specific file types inside videos folder
--
-- TALOS-2022-1548
--
-- we now verify if is a valid URL properly, also we are using the escapeshellarg for URL and destination filename
--
-- TALOS-2022-1549
--
-- We now only download the downloadURL_image if it is a valid URL NOT localfiles any more
--
-- TALOS-2022-1551
--
-- All our classes were updated using the prepare statement to avoid sql injection
-- also `videoDownloadedLink` and `duration` are now sanitized
-- if you are editing anything we now "forbidIfItIsNotMyUsersId"
-- key and URL are now sanitized Clone plugin
--
-- TALOS-2022-1550
--
-- the url_get_contents now only download files from valid URLs or files from inside the cache folder
UPDATE configurations SET version = '12.0', modified = now() WHERE id = 1;