js2/mwEmbed/php/mv_embed_iframe.php

   1 <?php
   2 /*
   3 mv_embed_iframe.php
   4 this allows for remote embedding without exposing the hosting site to remote javascript.
   5 */
   6
   7 mv_embed_iframe();
   8
   9 function mv_embed_iframe() {
  10         if( !function_exists( 'filter_input' ) ){
  11                 die( 'your version of PHP lacks <b>filter_input()</b> function<br />' );
  12         }
  13         // default to null media in not provided:
  14         $stream_name = ( isset( $_GET['sn'] ) )? $_GET['sn'] : die('no stream name provided');
  15         $time =   ( isset( $_GET['t'] ) )? $_GET['t']: '';
  16         $width =  ( isset( $_GET['width'] )  )? intval( $_GET['width'] )        : '400';
  17         $height = ( isset( $_GET['height'] ) )? intval( $_GET['height'] )       : '300';                //
  18
  19         $roe_url = 'http://metavid.org/wiki/Special:MvExportStream?feed_format=roe&stream_name=' . htmlspecialchars( $stream_name ) .
  20                                         '&t=' . htmlspecialchars( $time );
  21         //everything good output page:
  22         output_page(array(
  23                 'roe_url' => $roe_url,
  24                 'width'         => $width,
  25                 'height'        => $height,
  26         ));
  27 }
  28 function output_page( $params ){
  29         extract( $params );
  30 ?>
  31 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  32         <html xmlns="http://www.w3.org/1999/xhtml">
  33         <head>
  34         <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
  35         <title>mv_embed iframe</title>
  36         <style type="text/css">
  37         <!--
  38         body {
  39                 margin-left: 0px;
  40                 margin-top: 0px;
  41                 margin-right: 0px;
  42                 margin-bottom: 0px;
  43         }
  44         -->
  45         </style>
  46                 <script type="text/javascript" src="mv_embed.js"></script>
  47         </head>
  48         <body>
  49                 <video roe="<?php echo $roe_url ?>" width="<?php echo htmlspecialchars( $width ) ?>"
  50                            height="<?php echo htmlspecialchars( $height ) ?>"></video>
  51         </body>
  52         </html>
  53 <?php
  54 }
  55
  56 /**
  57  * JS escape function copied from MediaWiki's Xml::escapeJsString()
  58  */
  59 function escapeJsString( $string ) {
  60         // See ECMA 262 section 7.8.4 for string literal format
  61         $pairs = array(
  62                 "\\" => "\\\\",
  63                 "\"" => "\\\"",
  64                 '\'' => '\\\'',
  65                 "\n" => "\\n",
  66                 "\r" => "\\r",
  67
  68                 # To avoid closing the element or CDATA section
  69                 "<" => "\\x3c",
  70                 ">" => "\\x3e",
  71
  72                 # To avoid any complaints about bad entity refs
  73                 "&" => "\\x26",
  74
  75                 # Work around https://bugzilla.mozilla.org/show_bug.cgi?id=274152
  76                 # Encode certain Unicode formatting chars so affected
  77                 # versions of Gecko don't misinterpret our strings;
  78                 # this is a common problem with Farsi text.
  79                 "\xe2\x80\x8c" => "\\u200c", // ZERO WIDTH NON-JOINER
  80                 "\xe2\x80\x8d" => "\\u200d", // ZERO WIDTH JOINER
  81         );
  82         return strtr( $string, $pairs );
  83 }