Beispiel #1
0
function jwplayer_api_call($method, $params = array())
{
    $api = jwplayer_api_get_instance();
    foreach ($params as $key => $value) {
        if (null === $value) {
            unset($params[$key]);
        }
    }
    if ($api) {
        $response = $api->call($method, $params);
        if ($response) {
            return $response;
        } else {
            jwplayer_log('API: invalid response.');
        }
    }
    return null;
}
Beispiel #2
0
function jwplayer_proxy()
{
    global $JWPLAYER_PROXY_METHODS;
    $nonce = '';
    if (!empty($_GET['token'])) {
        $nonce = sanitize_text_field($_GET['token']);
        // input var okay
    }
    if (!wp_verify_nonce($nonce, 'jwplayer-widget-nonce')) {
        return;
    }
    if (!current_user_can('edit_posts')) {
        jwplayer_json_error('Access denied');
        return;
    }
    if (!empty($_GET['method'])) {
        $method = sanitize_text_field($_GET['method']);
        // input var okay
    }
    if (null === $method) {
        jwplayer_json_error('Method was not specified');
        return;
    }
    if (!in_array($method, $JWPLAYER_PROXY_METHODS)) {
        jwplayer_json_error('Access denied');
        return;
    }
    $jwplayer_api = jwplayer_api_get_instance();
    if (null === $jwplayer_api) {
        jwplayer_json_error('Enter your API key and secret first');
        return;
    }
    $params = array();
    foreach ($_GET as $name => $value) {
        if ('method' != $name) {
            $params[$name] = sanitize_text_field($value);
            // input var okay
        }
    }
    $params['api_format'] = 'php';
    $response = $jwplayer_api->call($method, $params);
    header('Content-Type: application/json');
    echo json_encode($response);
}
Beispiel #3
0
function jwplayer_ajax_jwp_api_proxy()
{
    $JWPLAYER_PROXY_METHODS = array('/videos/list', '/channels/list', '/videos/create', '/videos/thumbnails/show', '/players/list');
    if (!isset($_GET['token']) || !wp_verify_nonce(sanitize_text_field(wp_unslash($_GET['token'])), 'jwplayer-widget-nonce')) {
        // Input var okay
        return;
    }
    if (!current_user_can('edit_posts')) {
        jwplayer_json_error('Access denied');
        return;
    }
    $method = !empty($_GET['method']) ? sanitize_text_field(wp_unslash($_GET['method'])) : null;
    // Input var okay
    if (null === $method) {
        jwplayer_json_error('Method was not specified');
        return;
    }
    if (!in_array($method, $JWPLAYER_PROXY_METHODS, true)) {
        jwplayer_json_error('Access denied');
        return;
    }
    $jwplayer_api = jwplayer_api_get_instance();
    if (null === $jwplayer_api) {
        jwplayer_json_error('Enter your API key and secret first');
        return;
    }
    $params = array();
    foreach ($_GET as $name => $value) {
        // Input var okay
        $name = sanitize_text_field($name);
        if ('method' !== $name) {
            $params[$name] = sanitize_text_field(wp_unslash($value));
            // Input var okay
        }
    }
    $params['api_format'] = 'json';
    $response = $jwplayer_api->call($method, $params);
    header('Content-Type: application/json');
    echo json_encode($response);
}