/** * Will forward to the regular swf player according to the widget_id */ public function execute() { $entryId = $this->getRequestParameter("entry_id"); $flavorId = $this->getRequestParameter("flavor"); $fileName = $this->getRequestParameter("file_name"); $fileName = basename($fileName); $ksStr = $this->getRequestParameter("ks"); $referrer = $this->getRequestParameter("referrer"); $referrer = base64_decode($referrer); if (!is_string($referrer)) { // base64_decode can return binary data $referrer = ""; } $entry = null; if ($ksStr) { try { kCurrentContext::initKsPartnerUser($ksStr); } catch (Exception $ex) { KExternalErrors::dieError(KExternalErrors::INVALID_KS); } } else { $entry = kCurrentContext::initPartnerByEntryId($entryId); if (!$entry) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } kEntitlementUtils::initEntitlementEnforcement(); if (!$entry) { $entry = entryPeer::retrieveByPK($entryId); if (!$entry) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } else { if (!kEntitlementUtils::isEntryEntitled($entry)) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } myPartnerUtils::blockInactivePartner($entry->getPartnerId()); $securyEntryHelper = new KSecureEntryHelper($entry, $ksStr, $referrer, accessControlContextType::DOWNLOAD); $securyEntryHelper->validateForDownload($entry, $ksStr); $flavorAsset = null; if ($flavorId) { // get flavor asset $flavorAsset = assetPeer::retrieveById($flavorId); if (is_null($flavorAsset) || $flavorAsset->getStatus() != flavorAsset::FLAVOR_ASSET_STATUS_READY) { KExternalErrors::dieError(KExternalErrors::FLAVOR_NOT_FOUND); } // the request flavor should belong to the requested entry if ($flavorAsset->getEntryId() != $entryId) { KExternalErrors::dieError(KExternalErrors::FLAVOR_NOT_FOUND); } } else { $flavorAsset = assetPeer::retrieveBestPlayByEntryId($entry->getId()); } // Gonen 26-04-2010: in case entry has no flavor with 'mbr' tag - we return the source if (!$flavorAsset && ($entry->getMediaType() == entry::ENTRY_MEDIA_TYPE_VIDEO || $entry->getMediaType() == entry::ENTRY_MEDIA_TYPE_AUDIO)) { $flavorAsset = assetPeer::retrieveOriginalByEntryId($entryId); } if ($flavorAsset) { $syncKey = $this->getSyncKeyAndForFlavorAsset($entry, $flavorAsset); } else { $syncKey = $this->getBestSyncKeyForEntry($entry); } if (is_null($syncKey)) { KExternalErrors::dieError(KExternalErrors::FILE_NOT_FOUND); } $this->handleFileSyncRedirection($syncKey); $filePath = kFileSyncUtils::getReadyLocalFilePathForKey($syncKey); $wamsAssetId = kFileSyncUtils::getWamsAssetIdForKey($syncKey); $wamsURL = kFileSyncUtils::getWamsURLForKey($syncKey); list($fileBaseName, $fileExt) = $this->getFileName($entry, $flavorAsset); if (!$fileName) { $fileName = $fileBaseName; } if ($fileExt && !is_dir($filePath)) { $fileName = $fileName . '.' . $fileExt; } //enable downloading file_name which inside the flavor asset directory if (is_dir($filePath)) { $filePath = $filePath . DIRECTORY_SEPARATOR . $fileName; } $this->dumpFile($filePath, $fileName, $wamsAssetId, $wamsURL); die; // no view }
/** * Override in order to filter objects returned from doSelect. * * @param array $selectResults The array of objects to filter. * @param Criteria $criteria */ public static function filterSelectResults(&$selectResults, Criteria $criteria) { if (empty($selectResults)) { return; } $partnerId = kCurrentContext::getCurrentPartnerId(); $partner = PartnerPeer::retrieveByPK($partnerId); if ($partner && $partner->getShouldApplyAccessControlOnEntryMetadata() && !kCurrentContext::$is_admin_session) { if (is_null(self::$accessControlScope)) { self::$accessControlScope = new accessControlScope(); self::$accessControlScope->setContexts(array(ContextType::METADATA)); } $selectResults = array_filter($selectResults, array('entryPeer', 'filterByAccessControl')); if ($criteria instanceof KalturaCriteria) { $criteria->setRecordsCount(count($selectResults)); } } $removedRecordsCount = 0; if (!kEntitlementUtils::getEntitlementEnforcement() && !is_null(kCurrentContext::$ks) || !self::$filerResults || !kEntitlementUtils::getInitialized()) { // if initEntitlement hasn't run - skip filters. return parent::filterSelectResults($selectResults, $criteria); } if (is_null(kCurrentContext::$ks) && count($selectResults)) { $entry = $selectResults[0]; $partner = $entry->getPartner(); if (!$partner) { throw new kCoreException('entry partner not found'); } if (!$partner->getDefaultEntitlementEnforcement() || !PermissionPeer::isValidForPartner(PermissionName::FEATURE_ENTITLEMENT, $partner->getId())) { return parent::filterSelectResults($selectResults, $criteria); } } foreach ($selectResults as $key => $entry) { if (!kEntitlementUtils::isEntryEntitled($entry)) { unset($selectResults[$key]); $removedRecordsCount++; } } if ($criteria instanceof KalturaCriteria) { $recordsCount = $criteria->getRecordsCount(); $criteria->setRecordsCount($recordsCount - $removedRecordsCount); } self::$filerResults = false; parent::filterSelectResults($selectResults, $criteria); }
protected function initEntry() { $this->entryId = $this->getRequestParameter("entryId", null); // look for a valid token $expiry = $this->getRequestParameter("expiry"); if ($expiry && $expiry <= time()) { KExternalErrors::dieError(KExternalErrors::EXPIRED_TOKEN); } $urlToken = $this->getRequestParameter("kt"); if ($urlToken) { if ($_SERVER["REQUEST_METHOD"] != "GET" || !self::validateKalturaToken($_SERVER["REQUEST_URI"], $urlToken)) { KExternalErrors::dieError(KExternalErrors::INVALID_TOKEN); } } // initalize the context $ksStr = $this->getRequestParameter("ks"); if ($ksStr && !$urlToken) { try { kCurrentContext::initKsPartnerUser($ksStr); } catch (Exception $ex) { KExternalErrors::dieError(KExternalErrors::INVALID_KS); } } else { $this->entry = kCurrentContext::initPartnerByEntryId($this->entryId); if (!$this->entry || $this->entry->getStatus() == entryStatus::DELETED) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } // no need for any further check if a token was used if ($urlToken) { return; } // enforce entitlement kEntitlementUtils::initEntitlementEnforcement(); if (!$this->entry) { $this->entry = entryPeer::retrieveByPKNoFilter($this->entryId); if (!$this->entry || $this->entry->getStatus() == entryStatus::DELETED) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } else { if (!kEntitlementUtils::isEntryEntitled($this->entry)) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } myPartnerUtils::blockInactivePartner($this->entry->getPartnerId()); // enforce access control $base64Referrer = $this->getRequestParameter("referrer"); $hashes = $this->getRequestParameter("hashes"); $keyValueHashes = array(); if ($hashes) { $hashes = urldecode($hashes); $hashes = explode(",", $hashes); foreach ($hashes as $keyValueHashString) { list($key, $value) = explode('=', $keyValueHashString); $keyValueHashes[$key] = $value; } } // replace space in the base64 string with + as space is invalid in base64 strings and caused // by symfony calling str_parse to replace + with spaces. // this happens only with params passed in the url path and not the query strings. specifically the ~ char at // a columns divided by 3 causes this issue (e.g. http://www.xyzw.com/~xxx) //replace also any - with + and _ with / $referrer = base64_decode(str_replace(array('-', '_', ' '), array('+', '/', '+'), $base64Referrer)); if (!is_string($referrer)) { $referrer = ""; } // base64_decode can return binary data $this->secureEntryHelper = new KSecureEntryHelper($this->entry, $ksStr, $referrer, ContextType::PLAY, $keyValueHashes); if ($this->secureEntryHelper->shouldPreview()) { $previewLengthInMsecs = $this->secureEntryHelper->getPreviewLength() * 1000; $entryLengthInMsecs = $this->entry->getLengthInMsecs(); if ($previewLengthInMsecs < $entryLengthInMsecs) { $this->deliveryAttributes->setClipTo($previewLengthInMsecs); } } else { $this->secureEntryHelper->validateForPlay(); } if (PermissionPeer::isValidForPartner(PermissionName::FEATURE_ENTITLEMENT, $this->entry->getPartnerId()) || $this->secureEntryHelper->hasRules()) { $this->forceUrlTokenization = true; } }
/** * Serves caption by entry id and thumnail params id * * @action serveByEntryId * @param string $entryId * @param int $captionParamId if not set, default caption will be used. * @return file * * @throws KalturaCaptionErrors::CAPTION_ASSET_PARAMS_ID_NOT_FOUND * @throws KalturaErrors::ENTRY_ID_NOT_FOUND */ public function serveByEntryIdAction($entryId, $captionParamId = null) { $entry = null; if (!kCurrentContext::$ks) { $entry = kCurrentContext::initPartnerByEntryId($entryId); if (!$entry || $entry->getStatus() == entryStatus::DELETED) { throw new KalturaAPIException(KalturaErrors::ENTRY_ID_NOT_FOUND, $entryId); } // enforce entitlement kEntitlementUtils::initEntitlementEnforcement(); if (!kEntitlementUtils::isEntryEntitled($entry)) { throw new KalturaAPIException(KalturaErrors::ENTRY_ID_NOT_FOUND, $entryId); } } else { $entry = entryPeer::retrieveByPK($entryId); } if (!$entry) { throw new KalturaAPIException(KalturaErrors::ENTRY_ID_NOT_FOUND, $entryId); } $securyEntryHelper = new KSecureEntryHelper($entry, kCurrentContext::$ks, null, accessControlContextType::DOWNLOAD); $securyEntryHelper->validateForDownload(); $captionAsset = null; if (is_null($captionParamId)) { $captionAssets = assetPeer::retrieveByEntryId($entryId, array(CaptionPlugin::getAssetTypeCoreValue(CaptionAssetType::CAPTION))); foreach ($captionAssets as $checkCaptionAsset) { if ($checkCaptionAsset->getDefault()) { $captionAsset = $checkCaptionAsset; break; } } } else { $captionAsset = assetPeer::retrieveByEntryIdAndParams($entryId, $captionParamId); } if (!$captionAsset) { throw new KalturaAPIException(KalturaCaptionErrors::CAPTION_ASSET_PARAMS_ID_NOT_FOUND, $captionParamId); } $fileName = $captionAsset->getId() . '.' . $captionAsset->getFileExt(); return $this->serveAsset($captionAsset, $fileName); }
public function execute() { requestUtils::handleConditionalGet(); $entry_id = $this->getRequestParameter("entry_id"); $ks_str = $this->getRequestParameter("ks"); $base64_referrer = $this->getRequestParameter("referrer"); $referrer = base64_decode($base64_referrer); if (!is_string($referrer)) { // base64_decode can return binary data $referrer = ""; } $clip_from = $this->getRequestParameter("clip_from", 0); // milliseconds $clip_to = $this->getRequestParameter("clip_to", 2147483647); // milliseconds if ($clip_to == 0) { $clip_to = 2147483647; } $request = $_SERVER["REQUEST_URI"]; // remove dynamic fields from the url so we'll request a single url from the cdn $request = str_replace("/referrer/{$base64_referrer}", "", $request); $request = str_replace("/ks/{$ks_str}", "", $request); $entry = null; if ($ks_str) { try { kCurrentContext::initKsPartnerUser($ks_str); } catch (Exception $ex) { KExternalErrors::dieError(KExternalErrors::INVALID_KS); } } else { $entry = kCurrentContext::initPartnerByEntryId($entry_id); if (!$entry) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } kEntitlementUtils::initEntitlementEnforcement(); // workaround the filter which hides all the deleted entries - // now that deleted entries are part of xmls (they simply point to the 'deleted' templates), we should allow them here if (!$entry) { $entry = entryPeer::retrieveByPKNoFilter($entry_id); } else { if (!kEntitlementUtils::isEntryEntitled($entry)) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } if (!$entry) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } KalturaMonitorClient::initApiMonitor(false, 'keditorservices.flvclipper', $entry->getPartnerId()); myPartnerUtils::blockInactivePartner($entry->getPartnerId()); if (PermissionPeer::isValidForPartner(PermissionName::FEATURE_BLOCK_FLVCLIPPER_ACTION, $entry->getPartnerId())) { KExternalErrors::dieError(KExternalErrors::ACTION_BLOCKED); } // set the memory size to be able to serve big files in a single chunk ini_set("memory_limit", "64M"); // set the execution time to be able to serve big files in a single chunk ini_set("max_execution_time", 240); if ($entry->getType() == entryType::MIX && $entry->getStatus() == entryStatus::DELETED) { // because the fiter was turned off - a manual check for deleted entries must be done. KExternalErrors::dieGracefully(); } else { if ($entry->getMediaType() == entry::ENTRY_MEDIA_TYPE_IMAGE) { $version = $this->getRequestParameter("version", null); $width = $this->getRequestParameter("width", -1); $height = $this->getRequestParameter("height", -1); $crop_provider = $this->getRequestParameter("crop_provider", null); $bgcolor = $this->getRequestParameter("bgcolor", "ffffff"); $type = $this->getRequestParameter("type", 1); $quality = $this->getRequestParameter("quality", 0); $src_x = $this->getRequestParameter("src_x", 0); $src_y = $this->getRequestParameter("src_y", 0); $src_w = $this->getRequestParameter("src_w", 0); $src_h = $this->getRequestParameter("src_h", 0); $vid_sec = $this->getRequestParameter("vid_sec", -1); $vid_slice = $this->getRequestParameter("vid_slice", -1); $vid_slices = $this->getRequestParameter("vid_slices", -1); if ($width == -1 && $height == -1) { $width = 640; $height = 480; } else { if ($width == -1) { // if only either width or height is missing reset them to zero, and convertImage will handle them $width = 0; } else { if ($height == -1) { $height = 0; } } } $tempThumbPath = myEntryUtils::resizeEntryImage($entry, $version, $width, $height, $type, $bgcolor, $crop_provider, $quality, $src_x, $src_y, $src_w, $src_h, $vid_sec, $vid_slice, $vid_slices); kFileUtils::dumpFile($tempThumbPath, null, strpos($tempThumbPath, "_NOCACHE_") === false ? null : 0); } } $audio_only = $this->getRequestParameter("audio_only"); // milliseconds $flavor = $this->getRequestParameter("flavor", 1); // $flavor_param_id = $this->getRequestParameter("flavor_param_id", null); // $streamer = $this->getRequestParameter("streamer"); // if (substr($streamer, 0, 4) == "rtmp") { // the fms may add .mp4 to the end of the url $streamer = "rtmp"; } // grab seek_from_bytes parameter and normalize url $seek_from_bytes = $this->getRequestParameter("seek_from_bytes", -1); $request = str_replace("/seek_from_bytes/{$seek_from_bytes}", "", $request); if ($seek_from_bytes <= 0) { $seek_from_bytes = -1; } // grab seek_from parameter and normalize url $seek_from = $this->getRequestParameter("seek_from", -1); $request = str_replace("/seek_from/{$seek_from}", "", $request); if ($seek_from <= 0) { $seek_from = -1; } $this->dump_from_byte = 0; // reset accurate seek from timestamp $seek_from_timestamp = -1; // backward compatibility if ($flavor === "0") { // for edit version $flavor = "edit"; } if ($flavor === "1" || $flavor === 1) { // for play version $flavor = null; } // when flavor is null, we will get a default flavor if ($flavor == "edit") { $flavorAsset = assetPeer::retrieveBestEditByEntryId($entry->getId()); } elseif (!is_null($flavor)) { $flavorAsset = assetPeer::retrieveById($flavor); // when specific asset was request, we don't validate its tags if ($flavorAsset && ($flavorAsset->getEntryId() != $entry->getId() || $flavorAsset->getStatus() != flavorAsset::FLAVOR_ASSET_STATUS_READY)) { $flavorAsset = null; } // we will throw an error later } elseif (is_null($flavor) && !is_null($flavor_param_id)) { $flavorAsset = assetPeer::retrieveByEntryIdAndParams($entry->getId(), $flavor_param_id); if ($flavorAsset && $flavorAsset->getStatus() != flavorAsset::FLAVOR_ASSET_STATUS_READY) { $flavorAsset = null; } // we will throw an error later } else { if ($entry->getSource() == entry::ENTRY_MEDIA_SOURCE_WEBCAM) { $flavorAsset = assetPeer::retrieveOriginalByEntryId($entry->getId()); } else { $flavorAsset = assetPeer::retrieveBestPlayByEntryId($entry->getId()); } if (!$flavorAsset) { $flavorAssets = assetPeer::retrieveReadyFlavorsByEntryIdAndTag($entry->getId(), flavorParams::TAG_WEB); if (count($flavorAssets) > 0) { $flavorAsset = $flavorAssets[0]; } } } if (is_null($flavorAsset)) { KExternalErrors::dieError(KExternalErrors::FLAVOR_NOT_FOUND); } $syncKey = $flavorAsset->getSyncKey(flavorAsset::FILE_SYNC_FLAVOR_ASSET_SUB_TYPE_ASSET); if (kFileSyncUtils::file_exists($syncKey, false)) { $path = kFileSyncUtils::getReadyLocalFilePathForKey($syncKey); } else { list($fileSync, $local) = kFileSyncUtils::getReadyFileSyncForKey($syncKey, true, false); if (is_null($fileSync)) { KalturaLog::log("Error - no FileSync for flavor [" . $flavorAsset->getId() . "]"); KExternalErrors::dieError(KExternalErrors::FILE_NOT_FOUND); } if ($fileSync->getFileType() == FileSync::FILE_SYNC_FILE_TYPE_URL) { $urlManager = DeliveryProfilePeer::getRemoteDeliveryByStorageId(DeliveryProfileDynamicAttributes::init($fileSync->getDc(), $flavorAsset->getEntryId()), null, $flavorAsset); if (!$urlManager) { KalturaLog::log("Error - failed to find an HTTP delivery for storage profile [" . $fileSync->getDc() . "]"); KExternalErrors::dieError(KExternalErrors::FILE_NOT_FOUND); } $url = rtrim($urlManager->getUrl(), '/') . '/' . ltrim($urlManager->getFileSyncUrl($fileSync), '/'); header('location: ' . $url); die; } $remoteUrl = kDataCenterMgr::getRedirectExternalUrl($fileSync); $this->redirect($remoteUrl); } $flv_wrapper = new myFlvHandler($path); $isFlv = $flv_wrapper->isFlv(); // scrubbing is not allowed within mp4 files if (!$isFlv) { $seek_from = $seek_from_bytes = -1; } if ($seek_from !== -1 && $seek_from !== 0) { if ($audio_only === '0') { // audio_only was explicitly set to 0 - don't attempt to make further automatic investigations } elseif ($flv_wrapper->getFirstVideoTimestamp() < 0) { $audio_only = true; } list($bytes, $duration, $first_tag_byte, $to_byte) = $flv_wrapper->clip(0, -1, $audio_only); list($bytes, $duration, $from_byte, $to_byte, $seek_from_timestamp) = $flv_wrapper->clip($seek_from, -1, $audio_only); $seek_from_bytes = myFlvHandler::FLV_HEADER_SIZE + $flv_wrapper->getMetadataSize($audio_only) + $from_byte - $first_tag_byte; } // the direct path without a cdn is "http://s3kaltura.s3.amazonaws.com".$entry->getDataPath(); $extStorageUrl = $entry->getExtStorageUrl(); if ($extStorageUrl && substr_count($extStorageUrl, 's3kaltura')) { // if for some reason we didnt set our accurate $seek_from_timestamp reset it to the requested seek_from if ($seek_from_timestamp == -1) { $seek_from_timestamp = $seek_from; } $request_host = parse_url($extStorageUrl, PHP_URL_HOST); $akamai_url = str_replace($request_host, "cdns3akmi.kaltura.com", $extStorageUrl); $akamai_url .= $seek_from_bytes == -1 ? "" : "?aktimeoffset=" . floor($seek_from_timestamp / 1000); header("Location: {$akamai_url}"); KExternalErrors::dieGracefully(); } elseif ($extStorageUrl) { // if for some reason we didnt set our accurate $seek_from_timestamp reset it to the requested seek_from if ($seek_from_timestamp == -1) { $seek_from_timestamp = $seek_from; } $extStorageUrl .= $seek_from_bytes == -1 ? "" : "?aktimeoffset=" . floor($seek_from_timestamp / 1000); header("Location: {$extStorageUrl}"); KExternalErrors::dieGracefully(); } // use headers to detect cdn $cdn_name = ""; $via_header = @$_SERVER["HTTP_VIA"]; if (strpos($via_header, "llnw.net") !== false) { $cdn_name = "limelight"; } else { if (strpos($via_header, "akamai") !== false) { $cdn_name = "akamai"; } else { if (strpos($via_header, "Level3") !== false) { $cdn_name = "level3"; } } } // setting file extension - first trying frrom flavor asset $ext = $flavorAsset->getFileExt(); // if failed, set extension according to file type (isFlv) if (!$ext) { $ext = $isFlv ? "flv" : "mp4"; } $flv_extension = $streamer == "rtmp" ? "?" : "/a.{$ext}?novar=0"; // dont check for rtmp / and for an already redirect url if ($streamer != "rtmp" && strpos($request, $flv_extension) === false) { // check security using ks $securyEntryHelper = new KSecureEntryHelper($entry, $ks_str, $referrer, ContextType::PLAY); if ($securyEntryHelper->shouldPreview()) { $this->checkForPreview($securyEntryHelper, $clip_to); } else { $securyEntryHelper->validateForPlay($entry, $ks_str); } } else { // if needs security check using cdn authentication mechanism // for now assume this is a cdn request and don't check for security } // use limelight mediavault if either security policy requires it or if we're trying to seek within the video if ($entry->getSecurityPolicy() || $seek_from_bytes !== -1) { // we have three options: // arrived through limelight mediavault url - the url is secured // arrived directly through limelight (not secured through mediavault) - enforce ks and redirect to mediavault url // didnt use limelight - enforce ks // the cdns are configured to authenticate request for /s/.... // check if we're already in a redirected secure link using the "/s/" prefix $secure_request = substr($request, 0, 3) == "/s/"; if ($secure_request && ($cdn_name == "limelight" || $cdn_name == "level3")) { // request was validated by cdn let it through } else { // extract ks $ks_str = $this->getRequestParameter("ks", ""); if ($entry->getSecurityPolicy()) { if (!$ks_str) { $this->logMessage("flvclipper - no KS"); KExternalErrors::dieGracefully(); } $ks = kSessionUtils::crackKs($ks_str); if (!$ks) { $this->logMessage("flvclipper - invalid ks [{$ks_str}]"); KExternalErrors::dieGracefully(); } $matched_privs = $ks->verifyPrivileges("sview", $entry_id); $this->logMessage("flvclipper - verifyPrivileges name [sview], priv [{$entry_id}] [{$matched_privs}]"); if (!$matched_privs) { $this->logMessage("flvclipper - doesnt not match required privlieges [{$ks_str}]"); KExternalErrors::dieGracefully(); } } if ($cdn_name == "limelight") { $ll_url = requestUtils::getCdnHost() . "/s{$request}" . $flv_extension; $secret = kConf::get("limelight_madiavault_password"); $expire = "&e=" . (time() + 120); $ll_url .= $expire; $fs = $seek_from_bytes == -1 ? "" : "&fs={$seek_from_bytes}"; $ll_url .= "&h=" . md5("{$secret}{$ll_url}") . $fs; //header("Location: $ll_url"); $this->redirect($ll_url); } else { if ($cdn_name == "level3") { $level3_url = $request . $flv_extension; if ($entry->getSecurityPolicy()) { $level3_url = "/s{$level3_url}"; // set expire time in GMT hence the date("Z") offset $expire = "&nva=" . strftime("%Y%m%d%H%M%S", time() - date("Z") + 30); $level3_url .= $expire; $secret = kConf::get("level3_authentication_key"); $hash = "0" . substr(self::hmac('sha1', $secret, $level3_url), 0, 20); $level3_url .= "&h={$hash}"; } $level3_url .= $seek_from_bytes == -1 ? "" : "&start={$seek_from_bytes}"; header("Location: {$level3_url}"); KExternalErrors::dieGracefully(); } else { if ($cdn_name == "akamai") { $akamai_url = $request . $flv_extension; // if for some reason we didnt set our accurate $seek_from_timestamp reset it to the requested seek_from if ($seek_from_timestamp == -1) { $seek_from_timestamp = $seek_from; } $akamai_url .= $seek_from_bytes == -1 ? "" : "&aktimeoffset=" . floor($seek_from_timestamp / 1000); header("Location: {$akamai_url}"); KExternalErrors::dieGracefully(); } } } // a seek request without a supporting cdn - we need to send the answer from our server if ($seek_from_bytes !== -1 && $via_header === null) { $this->dump_from_byte = $seek_from_bytes; } } } // always add the file suffix to the request (needed for scrubbing by some cdns, // and also breaks without extension on some corporate antivirus). // we add the the novar paramter since a leaving a trailing "?" will be trimmed // and then the /seek_from request will result in another url which level3 // will try to refetch from the origin // note that for streamer we dont add the file extension if ($streamer != "rtmp" && strpos($request, $flv_extension) === false) { // a seek request without a supporting cdn - we need to send the answer from our server if ($seek_from_bytes !== -1 && $via_header === null) { $request .= "/seek_from_bytes/{$seek_from_bytes}"; } requestUtils::sendCdnHeaders("flv", 0); header("Location: {$request}" . $flv_extension); KExternalErrors::dieGracefully(); } // mp4 if (!$isFlv) { $limit_file_size = 0; if ($clip_to != 2147483647) { $mediaInfo = mediaInfoPeer::retrieveByFlavorAssetId($flavorAsset->getId()); if ($mediaInfo && ($mediaInfo->getVideoDuration() || $mediaInfo->getAudioDuration() || $mediaInfo->getContainerDuration())) { $duration = $mediaInfo->getVideoDuration() ? $mediaInfo->getVideoDuration() : ($mediaInfo->getAudioDuration() ? $mediaInfo->getAudioDuration() : $mediaInfo->getContainerDuration()); $limit_file_size = floor(@kFile::fileSize($path) * ($clip_to / $duration) * 1.2); } } KalturaLog::info("serving file [{$path}] entry id [{$entry_id}] limit file size [{$limit_file_size}] clip_to [{$clip_to}]"); kFileUtils::dumpFile($path, null, null, $limit_file_size); } $this->logMessage("flvclipperAction: serving file [{$path}] entry_id [{$entry_id}] clip_from [{$clip_from}] clip_to [{$clip_to}]", "warning"); if ($audio_only === '0') { // audio_only was explicitly set to 0 - don't attempt to make further automatic investigations } elseif ($flv_wrapper->getFirstVideoTimestamp() < 0) { $audio_only = true; } //$start = microtime(true); list($bytes, $duration, $from_byte, $to_byte, $from_ts, $cuepoint_pos) = myFlvStaticHandler::clip($path, $clip_from, $clip_to, $audio_only); $metadata_size = $flv_wrapper->getMetadataSize($audio_only); $this->from_byte = $from_byte; $this->to_byte = $to_byte; //$end1 = microtime(true); //$this->logMessage( "flvclipperAction: serving file [$path] entry_id [$entry_id] bytes [$bytes] duration [$duration] [$from_byte]->[$to_byte]" , "warning" ); //$this->logMessage( "flvclipperAction: serving file [$path] t1 [" . ( $end1-$start) . "]"); $data_offset = $metadata_size + myFlvHandler::getHeaderSize(); // if we're returning a partial file adjust the total size: // substract the metadata and bytes which are not delivered if ($this->dump_from_byte >= $data_offset && !$audio_only) { $bytes -= $metadata_size + max(0, $this->dump_from_byte - $data_offset); } $this->total_length = $data_offset + $bytes; //echo " $bytes , $duration ,$from_byte , $to_byte, $cuepoint_pos\n"; die; $this->cuepoint_time = 0; $this->cuepoint_pos = 0; if ($streamer == "chunked" && $clip_to != 2147483647) { $this->cuepoint_time = $clip_to - 1; $this->cuepoint_pos = $cuepoint_pos; $this->total_length += myFlvHandler::CUEPOINT_TAG_SIZE; } //$this->logMessage( "flvclipperAction: serving file [$path] entry_id [$entry_id] bytes with header & md [" . $this->total_length . "] bytes [$bytes] duration [$duration] [$from_byte]->[$to_byte]" , "warning" ); $this->flv_wrapper = $flv_wrapper; $this->audio_only = $audio_only; try { Propel::close(); } catch (Exception $e) { $this->logMessage("flvclipperAction: error closing db {$e}"); } KExternalErrors::terminateDispatch(); return sfView::SUCCESS; }
/** * Serves thumbnail by entry id and thumnail params id * * @action serveByEntryId * @param string $entryId * @param int $thumbParamId if not set, default thumbnail will be used. * @return file * * @throws KalturaErrors::THUMB_ASSET_IS_NOT_READY * @throws KalturaErrors::THUMB_ASSET_PARAMS_ID_NOT_FOUND * @throws KalturaErrors::ENTRY_ID_NOT_FOUND */ public function serveByEntryIdAction($entryId, $thumbParamId = null) { $entry = null; if (!kCurrentContext::$ks) { $entry = kCurrentContext::initPartnerByEntryId($entryId); if (!$entry || $entry->getStatus() == entryStatus::DELETED) { throw new KalturaAPIException(KalturaErrors::ENTRY_ID_NOT_FOUND, $entryId); } // enforce entitlement kEntitlementUtils::initEntitlementEnforcement(); if (!kEntitlementUtils::isEntryEntitled($entry)) { throw new KalturaAPIException(KalturaErrors::ENTRY_ID_NOT_FOUND, $entryId); } } else { $entry = entryPeer::retrieveByPK($entryId); } if (!$entry) { throw new KalturaAPIException(KalturaErrors::ENTRY_ID_NOT_FOUND, $entryId); } $securyEntryHelper = new KSecureEntryHelper($entry, kCurrentContext::$ks, null, accessControlContextType::THUMBNAIL); $securyEntryHelper->validateAccessControl(); $fileName = $entry->getId() . '.jpg'; if (is_null($thumbParamId)) { return $this->serveFile($entry, entry::FILE_SYNC_ENTRY_SUB_TYPE_THUMB, $fileName, $entryId); } $thumbAsset = assetPeer::retrieveByEntryIdAndParams($entryId, $thumbParamId); if (!$thumbAsset) { throw new KalturaAPIException(KalturaErrors::THUMB_ASSET_PARAMS_ID_NOT_FOUND, $thumbParamId); } return $this->serveAsset($thumbAsset, $fileName); }
/** * Will forward to the regular swf player according to the widget_id */ public function execute() { requestUtils::handleConditionalGet(); $wams_asset_id = NULL; $wams_url = NULL; $entry_id = $this->getRequestParameter("entry_id"); $type = $this->getRequestParameter("type"); $ks = $this->getRequestParameter("ks"); $file_sync = null; $ret_file_name = "name"; $referrer = $this->getRequestParameter("referrer"); $referrer = base64_decode($referrer); if (!is_string($referrer)) { // base64_decode can return binary data $referrer = ""; } $request_file_name = $this->getRequestParameter("file_name"); if ($request_file_name) { $ret_file_name = $request_file_name; } $direct_serve = $this->getRequestParameter("direct_serve"); $entry = null; if ($ks) { try { kCurrentContext::initKsPartnerUser($ks); } catch (Exception $ex) { KExternalErrors::dieError(KExternalErrors::INVALID_KS); } } else { $entry = kCurrentContext::initPartnerByEntryId($entry_id); if (!$entry) { die; } } kEntitlementUtils::initEntitlementEnforcement(); if (!$entry) { $entry = entryPeer::retrieveByPK($entry_id); if (!$entry) { die; } } else { if (!kEntitlementUtils::isEntryEntitled($entry)) { die; } } myPartnerUtils::blockInactivePartner($entry->getPartnerId()); $securyEntryHelper = new KSecureEntryHelper($entry, $ks, $referrer, accessControlContextType::DOWNLOAD); $securyEntryHelper->validateForDownload(); // Rmoved by Tan-Tan - asked by Eran // // allow access only via cdn unless these are documents (due to the current implementation of convert ppt2swf) // if ($entry->getType() != entryType::DOCUMENT && $entry->getMediaType() != entry::ENTRY_MEDIA_TYPE_IMAGE) // { // requestUtils::enforceCdnDelivery($entry->getPartnerId()); // } // relocate = did we use the redirect and added the extension to the name $relocate = $this->getRequestParameter("relocate"); if ($ret_file_name == "name") { $ret_file_name = $entry->getName(); } if ($ret_file_name) { //rawurlencode to content-disposition filename to handle spaces and other characters across different browsers //$name = rawurlencode($ret_file_name); // 19.04.2009 (Roman) - url encode is not needed when the filename in Content-Disposition header is in quotes // IE6/FF3/Chrome - Will show the filename correctly // IE7 - Will show the filename with underscores instead of spaces (this is better than showing %20) $name = $ret_file_name; if ($name) { if ($relocate) { // if we have a good file extension (from the first time) - use it in the content-disposition // in some browsers it will be stronger than the URL's extension $file_ext = pathinfo($relocate, PATHINFO_EXTENSION); $name .= ".{$file_ext}"; } if (!$direct_serve) { header("Content-Disposition: attachment; filename=\"{$name}\""); } } } else { $ret_file_name = $entry_id; } $format = $this->getRequestParameter("format"); if ($type == "download" && $format && $entry->getType() != entryType::DOCUMENT) { // this is a video for a specifc extension - use the proper flavorAsset $flavor_asset = assetPeer::retrieveByEntryIdAndExtension($entry_id, $format); if ($flavor_asset && $flavor_asset->getStatus() == flavorAsset::FLAVOR_ASSET_STATUS_READY) { $file_sync = $this->redirectIfRemote($flavor_asset, flavorAsset::FILE_SYNC_FLAVOR_ASSET_SUB_TYPE_ASSET, null, true); } else { header('KalturaRaw: no flavor asset for extension'); header("HTTP/1.0 404 Not Found"); die; } $archive_file = $file_sync->getFullPath(); $mime_type = kFile::mimeType($archive_file); kFile::dumpFile($archive_file, $mime_type); } // TODO - move to a different action - document should be plugin if ($entry->getType() == entryType::DOCUMENT) { // use the fileSync from the entry if ($type == "download" && $format) { $flavor_asset = assetPeer::retrieveByEntryIdAndExtension($entry_id, $format); } else { $flavor_asset = assetPeer::retrieveOriginalByEntryId($entry_id); } if ($flavor_asset && $flavor_asset->getStatus() == flavorAsset::FLAVOR_ASSET_STATUS_READY) { $file_sync = $this->redirectIfRemote($flavor_asset, flavorAsset::FILE_SYNC_FLAVOR_ASSET_SUB_TYPE_ASSET, null, true); } else { header('KalturaRaw: no flavor asset for extension'); header("HTTP/1.0 404 Not Found"); die; } // Gonen 2010-08-05 workaround to make sure file name includes correct extension // make sure a file extension is added to the downloaded file so browser will identify and // allow opening with default program // for direct serve we do not want to send content-disposition header if (!$direct_serve) { $ext = pathinfo($file_sync->getFullPath(), PATHINFO_EXTENSION); if ($relocate) { // remove relocate file extension $reloc_ext = pathinfo($relocate, PATHINFO_EXTENSION); $name = str_replace(".{$reloc_ext}", '', $name); } header("Content-Disposition: attachment; filename=\"{$name}.{$ext}\""); } kFile::dumpFile($file_sync->getFullPath()); } elseif ($entry->getType() == entryType::DATA) { $version = $this->getRequestParameter("version"); $syncKey = $entry->getSyncKey(entry::FILE_SYNC_ENTRY_SUB_TYPE_DATA, $version); list($fileSync, $local) = kFileSyncUtils::getReadyFileSyncForKey($syncKey, true, false); if ($local) { $path = $fileSync->getFullPath(); } else { $path = kDataCenterMgr::getRedirectExternalUrl($fileSync); KalturaLog::info("Redirecting to [{$path}]"); } if (!$path) { header('KalturaRaw: no data was found available for download'); header("HTTP/1.0 404 Not Found"); } else { kFile::dumpFile($path); } } //$archive_file = $entry->getArchiveFile(); $media_type = $entry->getMediaType(); if ($media_type == entry::ENTRY_MEDIA_TYPE_IMAGE) { // image - use data for entry $file_sync = $this->redirectIfRemote($entry, entry::FILE_SYNC_ENTRY_SUB_TYPE_DATA, null); $key = $entry->getSyncKey(entry::FILE_SYNC_ENTRY_SUB_TYPE_DATA); kFile::dumpFile(kFileSyncUtils::getLocalFilePathForKey($key, true)); } elseif ($media_type == entry::ENTRY_MEDIA_TYPE_VIDEO || $media_type == entry::ENTRY_MEDIA_TYPE_AUDIO) { $format = $this->getRequestParameter("format"); if ($type == "download" && $format) { // this is a video for a specifc extension - use the proper flavorAsset $flavor_asset = assetPeer::retrieveByEntryIdAndExtension($entry_id, $format); if ($flavor_asset && $flavor_asset->getStatus() == flavorAsset::FLAVOR_ASSET_STATUS_READY) { $file_sync = $this->redirectIfRemote($flavor_asset, flavorAsset::FILE_SYNC_FLAVOR_ASSET_SUB_TYPE_ASSET, null, true); } else { header('KalturaRaw: no flavor asset for extension'); die; } $archive_file = $file_sync->getFullPath(); } else { // flavorAsset of the original $flavor_asset = assetPeer::retrieveOriginalByEntryId($entry_id); if ($flavor_asset && $flavor_asset->getStatus() == flavorAsset::FLAVOR_ASSET_STATUS_READY) { $file_sync = $this->redirectIfRemote($flavor_asset, flavorAsset::FILE_SYNC_FLAVOR_ASSET_SUB_TYPE_ASSET, null, false); // NOT strict - if there is no archive, get the data version if ($file_sync) { $wams_asset_id = $file_sync->getWamsAssetId(); $archive_file = $file_sync->getFullPath(); } } if (!$flavor_asset || !$file_sync || $flavor_asset->getStatus() != flavorAsset::FLAVOR_ASSET_STATUS_READY) { // either no archive asset or no fileSync for archive asset // use fallback flavorAsset $flavor_asset = assetPeer::retrieveBestPlayByEntryId($entry_id); if (!$flavor_asset) { header('KalturaRaw: no original flavor asset for entry, no best play asset for entry'); die; } $file_sync = $this->redirectIfRemote($flavor_asset, flavorAsset::FILE_SYNC_FLAVOR_ASSET_SUB_TYPE_ASSET, null, false); // NOT strict - if there is no archive, get the data version $archive_file = $file_sync->getFullPath(); } } } elseif ($media_type == entry::ENTRY_MEDIA_TYPE_SHOW) { // in this case "raw" is a bad name // TODO - add the ability to fetch the actual XML by flagging "xml" or something $version = $this->getRequestParameter("version"); // hotfix - links sent after flattening is done look like: // http://cdn.kaltura.com/p/387/sp/38700/raw/entry_id/0_ix99151g/version/100001 // while waiting for flavor-adaptation in flattening, we want to find at least one file to return. $try_formats = array('mp4', 'mov', 'avi', 'flv'); if ($format) { $key = array_search($format, $try_formats); if ($key !== FALSE) { unset($try_formats[$key]); } $file_sync = $this->redirectIfRemote($entry, entry::FILE_SYNC_ENTRY_SUB_TYPE_DOWNLOAD, $format, false); } if (!isset($file_sync) || !$file_sync || !file_exists($file_sync->getFullPath())) { foreach ($try_formats as $ext) { KalturaLog::log("raw for mix - trying to find filesync for extension: [{$ext}] on entry [{$entry->getId()}]"); $file_sync = $this->redirectIfRemote($entry, entry::FILE_SYNC_ENTRY_SUB_TYPE_DOWNLOAD, $ext, false); if ($file_sync && file_exists($file_sync->getFullPath())) { KalturaLog::log("raw for mix - found flattened video of extension: [{$ext}] continuing with this file {$file_sync->getFullPath()}"); break; } } if (!$file_sync || !file_exists($file_sync->getFullPath())) { $file_sync = $this->redirectIfRemote($entry, entry::FILE_SYNC_ENTRY_SUB_TYPE_DOWNLOAD, $ext, true); } } // use fileSync for entry - roughcuts don't have flavors //$file_sync = $this->redirectIfRemote ( $entry , entry::FILE_SYNC_ENTRY_SUB_TYPE_DOWNLOAD , $version , true ); // strict - nothing to do if no flattened version // if got to here - fileSync was found for one of the extensions - continue with that file $archive_file = $file_sync->getFullPath(); } else { // no archive for this file header("HTTP/1.0 404 Not Found"); die; } // echo "[$archive_file][" . file_exists ( $archive_file ) . "]"; if (empty($wams_asset_id)) { $mime_type = kFile::mimeType($archive_file); } // echo "[[$mime_type]]"; $shouldProxy = $this->getRequestParameter("forceproxy", false); if ($shouldProxy || !empty($relocate)) { if (!empty($wams_asset_id)) { $fileExt = pathinfo($archive_file, PATHINFO_EXTENSION); kWAMS::getInstance($entry->getPartnerId())->dumpFile($wams_asset_id, $fileExt); die; } else { // dump the file kFile::dumpFile($archive_file, $mime_type); die; } } // use new Location to add the best extension we can find for the file $file_ext = pathinfo($archive_file, PATHINFO_EXTENSION); if ($file_ext != "flv") { // if the file does not end with "flv" - it is the real extension $ext = $file_ext; } else { // for now - if "flv" return "flv" - // TODO - find the real extension from the file itself $ext = "flv"; } // rebuild the URL and redirect to it with extraa parameters $url = $_SERVER["REQUEST_URI"]; $format = $this->getRequestParameter("format"); if (!$format) { $url = str_replace("format", "", $url); } if (!$ret_file_name) { // don't leave the name empty - if it is empty - use the entry id $ret_file_name = $entry_id; } $ret_file_name_safe = str_replace(' ', '-', $ret_file_name); // spaces replace with "-" $ret_file_name_safe = preg_replace('/[^a-zA-Z0-9-_]/', '', $ret_file_name_safe); // only "a-z", "A-Z", "0-9", "-" & "_" are left if (strpos($url, "?") > 0) { $url = str_replace("?", "/{$ret_file_name_safe}.{$ext}?", $url); $url .= "&relocate=f.{$ext}"; // add the ufname as a query parameter } else { $url .= "/{$ret_file_name_safe}.{$ext}?relocate=f.{$ext}"; // add the ufname as a query parameter } // or redirect if no proxy header("Location: {$url}"); die; }
/** * Will forward to the regular swf player according to the widget_id */ public function execute() { $entryId = $this->getRequestParameter("entry_id"); $flavorId = $this->getRequestParameter("flavor"); $fileName = $this->getRequestParameter("file_name"); $fileName = basename($fileName); $ksStr = $this->getRequestParameter("ks"); $referrer = $this->getRequestParameter("referrer"); $referrer = base64_decode($referrer); if (!is_string($referrer)) { // base64_decode can return binary data $referrer = ""; } $entry = null; if ($ksStr) { try { kCurrentContext::initKsPartnerUser($ksStr); } catch (Exception $ex) { KExternalErrors::dieError(KExternalErrors::INVALID_KS); } } else { $entry = kCurrentContext::initPartnerByEntryId($entryId); if (!$entry) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } kEntitlementUtils::initEntitlementEnforcement(); if (!$entry) { $entry = entryPeer::retrieveByPK($entryId); if (!$entry) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } else { if (!kEntitlementUtils::isEntryEntitled($entry)) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } KalturaMonitorClient::initApiMonitor(false, 'extwidget.download', $entry->getPartnerId()); myPartnerUtils::blockInactivePartner($entry->getPartnerId()); $shouldPreview = false; $securyEntryHelper = new KSecureEntryHelper($entry, $ksStr, $referrer, ContextType::DOWNLOAD); if ($securyEntryHelper->shouldPreview()) { $shouldPreview = true; } else { $securyEntryHelper->validateForDownload(); } $flavorAsset = null; if ($flavorId) { // get flavor asset $flavorAsset = assetPeer::retrieveById($flavorId); if (is_null($flavorAsset) || !$flavorAsset->isLocalReadyStatus()) { KExternalErrors::dieError(KExternalErrors::FLAVOR_NOT_FOUND); } // the request flavor should belong to the requested entry if ($flavorAsset->getEntryId() != $entryId) { KExternalErrors::dieError(KExternalErrors::FLAVOR_NOT_FOUND); } if (!$securyEntryHelper->isAssetAllowed($flavorAsset)) { KExternalErrors::dieError(KExternalErrors::FLAVOR_NOT_FOUND); } } else { $flavorAssets = assetPeer::retrieveReadyWebByEntryId($entry->getId()); foreach ($flavorAssets as $curFlavorAsset) { if ($securyEntryHelper->isAssetAllowed($curFlavorAsset)) { $flavorAsset = $curFlavorAsset; break; } } } // Gonen 26-04-2010: in case entry has no flavor with 'mbr' tag - we return the source if (!$flavorAsset && ($entry->getMediaType() == entry::ENTRY_MEDIA_TYPE_VIDEO || $entry->getMediaType() == entry::ENTRY_MEDIA_TYPE_AUDIO)) { $flavorAsset = assetPeer::retrieveOriginalByEntryId($entryId); if (!$securyEntryHelper->isAssetAllowed($flavorAsset)) { $flavorAsset = null; } } if ($flavorAsset) { $syncKey = $this->getSyncKeyAndForFlavorAsset($entry, $flavorAsset); } else { $syncKey = $this->getBestSyncKeyForEntry($entry); } if (is_null($syncKey)) { KExternalErrors::dieError(KExternalErrors::FILE_NOT_FOUND); } $this->handleFileSyncRedirection($syncKey); $filePath = kFileSyncUtils::getReadyLocalFilePathForKey($syncKey); list($fileBaseName, $fileExt) = kAssetUtils::getFileName($entry, $flavorAsset); if (!$fileName) { $fileName = $fileBaseName; } if ($fileExt && !is_dir($filePath)) { $fileName = $fileName . '.' . $fileExt; } $preview = 0; if ($shouldPreview && $flavorAsset) { $preview = $flavorAsset->estimateFileSize($entry, $securyEntryHelper->getPreviewLength()); } else { if (kCurrentContext::$ks_object) { $preview = kCurrentContext::$ks_object->getPrivilegeValue(kSessionBase::PRIVILEGE_PREVIEW, 0); } } //enable downloading file_name which inside the flavor asset directory if (is_dir($filePath)) { $filePath = $filePath . DIRECTORY_SEPARATOR . $fileName; } $this->dumpFile($filePath, $fileName, $preview); KExternalErrors::dieGracefully(); // no view }
protected function initEntry() { $this->entryId = $this->getRequestParameter("entryId", null); // look for a valid token $expiry = $this->getRequestParameter("expiry"); if ($expiry && $expiry <= time()) { KExternalErrors::dieError(KExternalErrors::EXPIRED_TOKEN); } $urlToken = $this->getRequestParameter("kt"); if ($urlToken) { if ($_SERVER["REQUEST_METHOD"] != "GET" || !self::validateKalturaToken($_SERVER["REQUEST_URI"], $urlToken)) { KExternalErrors::dieError(KExternalErrors::INVALID_TOKEN); } } // initalize the context $ksStr = $this->getRequestParameter("ks"); if ($ksStr && !$urlToken) { try { kCurrentContext::initKsPartnerUser($ksStr); } catch (Exception $ex) { KExternalErrors::dieError(KExternalErrors::INVALID_KS); } } else { $this->entry = kCurrentContext::initPartnerByEntryId($this->entryId); if (!$this->entry || $this->entry->getStatus() == entryStatus::DELETED) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } // no need for any further check if a token was used if ($urlToken) { return; } // enforce entitlement kEntitlementUtils::initEntitlementEnforcement(); if (!$this->entry) { $this->entry = entryPeer::retrieveByPKNoFilter($this->entryId); if (!$this->entry || $this->entry->getStatus() == entryStatus::DELETED) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } else { if (!kEntitlementUtils::isEntryEntitled($this->entry)) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } // enforce access control $base64Referrer = $this->getRequestParameter("referrer"); // replace space in the base64 string with + as space is invalid in base64 strings and caused // by symfony calling str_parse to replace + with spaces. // this happens only with params passed in the url path and not the query strings. specifically the ~ char at // a columns divided by 3 causes this issue (e.g. http://www.xyzw.com/~xxx) $referrer = base64_decode(str_replace(" ", "+", $base64Referrer)); if (!is_string($referrer)) { $referrer = ""; } // base64_decode can return binary data $this->secureEntryHelper = new KSecureEntryHelper($this->entry, $ksStr, $referrer, accessControlContextType::PLAY); if ($this->secureEntryHelper->shouldPreview()) { $this->clipTo = $this->secureEntryHelper->getPreviewLength() * 1000; } else { $this->secureEntryHelper->validateForPlay(); } }
/** * Override in order to filter objects returned from doSelect. * * @param array $selectResults The array of objects to filter. * @param Criteria $criteria */ public static function filterSelectResults(&$selectResults, Criteria $criteria) { if (!kEntitlementUtils::getEntitlementEnforcement() && !is_null(kCurrentContext::$ks) || !self::$filerResults || !kEntitlementUtils::getInitialized()) { // if initEntitlement hasn't run - skip filters. return parent::filterSelectResults($selectResults, $criteria); } KalturaLog::debug('Entitlement: Filter Results'); if (is_null(kCurrentContext::$ks) && count($selectResults)) { $entry = $selectResults[0]; $partner = $entry->getPartner(); if (!$partner) { throw new kCoreException('entry partner not found'); } if (!$partner->getDefaultEntitlementEnforcement() || !PermissionPeer::isValidForPartner(PermissionName::FEATURE_ENTITLEMENT, $partner->getId())) { return parent::filterSelectResults($selectResults, $criteria); } } $removedRecordsCount = 0; foreach ($selectResults as $key => $entry) { if (!kEntitlementUtils::isEntryEntitled($entry)) { unset($selectResults[$key]); $removedRecordsCount++; } } if ($criteria instanceof KalturaCriteria) { $recordsCount = $criteria->getRecordsCount(); $criteria->setRecordsCount($recordsCount - $removedRecordsCount); } self::$filerResults = false; parent::filterSelectResults($selectResults, $criteria); KalturaLog::debug('Entitlement: Filter Results - done'); }