function jwplayer_api_call($method, $params = array()) { $api = jwplayer_api_get_instance(); foreach ($params as $key => $value) { if (null === $value) { unset($params[$key]); } } if ($api) { $response = $api->call($method, $params); if ($response) { return $response; } else { jwplayer_log('API: invalid response.'); } } return null; }
function jwplayer_proxy() { global $JWPLAYER_PROXY_METHODS; $nonce = ''; if (!empty($_GET['token'])) { $nonce = sanitize_text_field($_GET['token']); // input var okay } if (!wp_verify_nonce($nonce, 'jwplayer-widget-nonce')) { return; } if (!current_user_can('edit_posts')) { jwplayer_json_error('Access denied'); return; } if (!empty($_GET['method'])) { $method = sanitize_text_field($_GET['method']); // input var okay } if (null === $method) { jwplayer_json_error('Method was not specified'); return; } if (!in_array($method, $JWPLAYER_PROXY_METHODS)) { jwplayer_json_error('Access denied'); return; } $jwplayer_api = jwplayer_api_get_instance(); if (null === $jwplayer_api) { jwplayer_json_error('Enter your API key and secret first'); return; } $params = array(); foreach ($_GET as $name => $value) { if ('method' != $name) { $params[$name] = sanitize_text_field($value); // input var okay } } $params['api_format'] = 'php'; $response = $jwplayer_api->call($method, $params); header('Content-Type: application/json'); echo json_encode($response); }
function jwplayer_ajax_jwp_api_proxy() { $JWPLAYER_PROXY_METHODS = array('/videos/list', '/channels/list', '/videos/create', '/videos/thumbnails/show', '/players/list'); if (!isset($_GET['token']) || !wp_verify_nonce(sanitize_text_field(wp_unslash($_GET['token'])), 'jwplayer-widget-nonce')) { // Input var okay return; } if (!current_user_can('edit_posts')) { jwplayer_json_error('Access denied'); return; } $method = !empty($_GET['method']) ? sanitize_text_field(wp_unslash($_GET['method'])) : null; // Input var okay if (null === $method) { jwplayer_json_error('Method was not specified'); return; } if (!in_array($method, $JWPLAYER_PROXY_METHODS, true)) { jwplayer_json_error('Access denied'); return; } $jwplayer_api = jwplayer_api_get_instance(); if (null === $jwplayer_api) { jwplayer_json_error('Enter your API key and secret first'); return; } $params = array(); foreach ($_GET as $name => $value) { // Input var okay $name = sanitize_text_field($name); if ('method' !== $name) { $params[$name] = sanitize_text_field(wp_unslash($value)); // Input var okay } } $params['api_format'] = 'json'; $response = $jwplayer_api->call($method, $params); header('Content-Type: application/json'); echo json_encode($response); }