private function removeNotAllowedFlavors($flavorAssets) { $returnedFlavors = array(); foreach ($flavorAssets as $flavorAsset) { if ($this->secureEntryHelper->isAssetAllowed($flavorAsset)) { $returnedFlavors[] = $flavorAsset; } } return $returnedFlavors; }
/** * Serves the file content * * @action serveByFlavorParamsId * @param string $entryId Document entry id * @param string $flavorParamsId Flavor params id * @param bool $forceProxy force to get the content without redirect * @return file * * @throws KalturaErrors::ENTRY_ID_NOT_FOUND * @throws KalturaErrors::FLAVOR_ASSET_IS_NOT_READY * @throws KalturaErrors::FLAVOR_ASSET_ID_NOT_FOUND */ public function serveByFlavorParamsIdAction($entryId, $flavorParamsId = null, $forceProxy = false) { // temporary workaround for getting the referrer from a url with the format ....&forceProxy/true/referrer/... $referrer = null; if (isset($_GET["forceProxy"]) && kString::beginsWith($_GET["forceProxy"], "true/referrer/")) { $referrer = substr($_GET["forceProxy"], strlen("true/referrer/")); $referrer = base64_decode($referrer); } KalturaResponseCacher::disableCache(); myPartnerUtils::resetPartnerFilter('entry'); $dbEntry = entryPeer::retrieveByPK($entryId); if (!$dbEntry || $dbEntry->getType() != entryType::DOCUMENT) { throw new KalturaAPIException(KalturaErrors::ENTRY_ID_NOT_FOUND, $entryId); } $ksObj = $this->getKs(); $ks = $ksObj ? $ksObj->getOriginalString() : null; $securyEntryHelper = new KSecureEntryHelper($dbEntry, $ks, $referrer, ContextType::DOWNLOAD); $securyEntryHelper->validateForDownload(); $flavorAsset = null; if ($flavorParamsId) { $flavorAsset = assetPeer::retrieveByEntryIdAndParams($entryId, $flavorParamsId); if (!$flavorAsset) { throw new KalturaAPIException(KalturaErrors::FLAVOR_ASSET_IS_NOT_READY, $flavorParamsId); } } else { $flavorAsset = assetPeer::retrieveOriginalByEntryId($entryId); if (!$flavorAsset) { throw new KalturaAPIException(KalturaErrors::FLAVOR_ASSET_ID_NOT_FOUND, $flavorParamsId); } } if (!$securyEntryHelper->isAssetAllowed($flavorAsset)) { throw new KalturaAPIException(KalturaErrors::FLAVOR_ASSET_ID_NOT_FOUND, $flavorParamsId); } $fileName = $dbEntry->getName() . '.' . $flavorAsset->getFileExt(); return $this->serveFlavorAsset($flavorAsset, $fileName, $forceProxy); }
private function validateAccessControl(entry $entry, flavorAsset $flavorAsset, $referrer64base) { $referrer = base64_decode(str_replace(" ", "+", $referrer64base)); if (!is_string($referrer)) { $referrer = ""; } // base64_decode can return binary data $secureEntryHelper = new KSecureEntryHelper($entry, kCurrentContext::$ks, $referrer, ContextType::PLAY); if (!$secureEntryHelper->isKsAdmin()) { if (!$entry->isScheduledNow()) { throw new KalturaWidevineLicenseProxyException(KalturaWidevineErrorCodes::ENTRY_NOT_SCHEDULED_NOW); } if ($secureEntryHelper->isEntryInModeration()) { throw new KalturaWidevineLicenseProxyException(KalturaWidevineErrorCodes::ENTRY_MODERATION_ERROR); } } if ($secureEntryHelper->shouldBlock()) { throw new KalturaWidevineLicenseProxyException(KalturaWidevineErrorCodes::ACCESS_CONTROL_RESTRICTED); } if (!$secureEntryHelper->isAssetAllowed($flavorAsset)) { throw new KalturaWidevineLicenseProxyException(KalturaWidevineErrorCodes::FLAVOR_ASSET_ID_NOT_FOUND); } }
/** * Get download URL for the asset * * @action getUrl * @param string $id * @param int $storageId * @param bool $forceProxy * @param KalturaFlavorAssetUrlOptions $options * @return string * @throws KalturaErrors::FLAVOR_ASSET_ID_NOT_FOUND * @throws KalturaErrors::FLAVOR_ASSET_IS_NOT_READY */ public function getUrlAction($id, $storageId = null, $forceProxy = false, KalturaFlavorAssetUrlOptions $options = null) { if (!$options) { $options = new KalturaFlavorAssetUrlOptions(); } $assetDb = assetPeer::retrieveById($id); if (!$assetDb || !$assetDb instanceof flavorAsset) { throw new KalturaAPIException(KalturaErrors::FLAVOR_ASSET_ID_NOT_FOUND, $id); } $this->validateEntryEntitlement($assetDb->getEntryId(), $id); if (!$assetDb->isLocalReadyStatus()) { throw new KalturaAPIException(KalturaErrors::FLAVOR_ASSET_IS_NOT_READY); } if ($storageId) { return $assetDb->getExternalUrl($storageId, $options->fileName); } // Validate for download $entryDb = entryPeer::retrieveByPK($assetDb->getEntryId()); if (is_null($entryDb)) { throw new KalturaAPIException(KalturaErrors::ENTRY_ID_NOT_FOUND, $assetDb->getEntryId()); } $shouldServeFlavor = false; if ($entryDb->getType() == entryType::MEDIA_CLIP && !in_array($assetDb->getPartnerId(), kConf::get('legacy_get_url_partners', 'local', array()))) { $shouldServeFlavor = true; $preview = null; } else { $previewFileSize = null; } $ksObj = $this->getKs(); $ks = $ksObj ? $ksObj->getOriginalString() : null; $securyEntryHelper = new KSecureEntryHelper($entryDb, $ks, null, ContextType::DOWNLOAD); if ($securyEntryHelper->shouldPreview()) { if ($shouldServeFlavor) { $preview = $securyEntryHelper->getPreviewLength() * 1000; } else { $previewFileSize = $assetDb->estimateFileSize($entryDb, $securyEntryHelper->getPreviewLength()); } } else { $securyEntryHelper->validateForDownload(); } if (!$securyEntryHelper->isAssetAllowed($assetDb)) { throw new KalturaAPIException(KalturaErrors::ASSET_NOT_ALLOWED, $id); } if ($shouldServeFlavor) { return $assetDb->getServeFlavorUrl($preview, $options->fileName); } return $assetDb->getDownloadUrl(true, $forceProxy, $previewFileSize, $options->fileName); }
private function getAllowedFlavorAssets(KSecureEntryHelper $secureEntryHelper, $entryId, $format = null, $isOriginal = false, $isBestPlay = false) { $flavorAsset = null; if ($isBestPlay) { $flavorAssets = assetPeer::retrieveReadyWebByEntryId($entryId); } else { $c = new Criteria(); $c->add(assetPeer::ENTRY_ID, $entryId); if ($format) { $c->add(assetPeer::FILE_EXT, $format); } if ($isOriginal) { $c->add(assetPeer::IS_ORIGINAL, true); } $flavorAssets = assetPeer::doSelect($c); } foreach ($flavorAssets as $currentFlavorAsset) { if ($secureEntryHelper->isAssetAllowed($currentFlavorAsset)) { $flavorAsset = $currentFlavorAsset; break; } } return $flavorAsset; }
/** * Will forward to the regular swf player according to the widget_id */ public function execute() { $entryId = $this->getRequestParameter("entry_id"); $flavorId = $this->getRequestParameter("flavor"); $fileName = $this->getRequestParameter("file_name"); $fileName = basename($fileName); $ksStr = $this->getRequestParameter("ks"); $referrer = $this->getRequestParameter("referrer"); $referrer = base64_decode($referrer); if (!is_string($referrer)) { // base64_decode can return binary data $referrer = ""; } $entry = null; if ($ksStr) { try { kCurrentContext::initKsPartnerUser($ksStr); } catch (Exception $ex) { KExternalErrors::dieError(KExternalErrors::INVALID_KS); } } else { $entry = kCurrentContext::initPartnerByEntryId($entryId); if (!$entry) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } kEntitlementUtils::initEntitlementEnforcement(); if (!$entry) { $entry = entryPeer::retrieveByPK($entryId); if (!$entry) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } else { if (!kEntitlementUtils::isEntryEntitled($entry)) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } KalturaMonitorClient::initApiMonitor(false, 'extwidget.download', $entry->getPartnerId()); myPartnerUtils::blockInactivePartner($entry->getPartnerId()); $shouldPreview = false; $securyEntryHelper = new KSecureEntryHelper($entry, $ksStr, $referrer, ContextType::DOWNLOAD); if ($securyEntryHelper->shouldPreview()) { $shouldPreview = true; } else { $securyEntryHelper->validateForDownload(); } $flavorAsset = null; if ($flavorId) { // get flavor asset $flavorAsset = assetPeer::retrieveById($flavorId); if (is_null($flavorAsset) || !$flavorAsset->isLocalReadyStatus()) { KExternalErrors::dieError(KExternalErrors::FLAVOR_NOT_FOUND); } // the request flavor should belong to the requested entry if ($flavorAsset->getEntryId() != $entryId) { KExternalErrors::dieError(KExternalErrors::FLAVOR_NOT_FOUND); } if (!$securyEntryHelper->isAssetAllowed($flavorAsset)) { KExternalErrors::dieError(KExternalErrors::FLAVOR_NOT_FOUND); } } else { $flavorAssets = assetPeer::retrieveReadyWebByEntryId($entry->getId()); foreach ($flavorAssets as $curFlavorAsset) { if ($securyEntryHelper->isAssetAllowed($curFlavorAsset)) { $flavorAsset = $curFlavorAsset; break; } } } // Gonen 26-04-2010: in case entry has no flavor with 'mbr' tag - we return the source if (!$flavorAsset && ($entry->getMediaType() == entry::ENTRY_MEDIA_TYPE_VIDEO || $entry->getMediaType() == entry::ENTRY_MEDIA_TYPE_AUDIO)) { $flavorAsset = assetPeer::retrieveOriginalByEntryId($entryId); if (!$securyEntryHelper->isAssetAllowed($flavorAsset)) { $flavorAsset = null; } } if ($flavorAsset) { $syncKey = $this->getSyncKeyAndForFlavorAsset($entry, $flavorAsset); } else { $syncKey = $this->getBestSyncKeyForEntry($entry); } if (is_null($syncKey)) { KExternalErrors::dieError(KExternalErrors::FILE_NOT_FOUND); } $this->handleFileSyncRedirection($syncKey); $filePath = kFileSyncUtils::getReadyLocalFilePathForKey($syncKey); list($fileBaseName, $fileExt) = kAssetUtils::getFileName($entry, $flavorAsset); if (!$fileName) { $fileName = $fileBaseName; } if ($fileExt && !is_dir($filePath)) { $fileName = $fileName . '.' . $fileExt; } $preview = 0; if ($shouldPreview && $flavorAsset) { $preview = $flavorAsset->estimateFileSize($entry, $securyEntryHelper->getPreviewLength()); } else { if (kCurrentContext::$ks_object) { $preview = kCurrentContext::$ks_object->getPrivilegeValue(kSessionBase::PRIVILEGE_PREVIEW, 0); } } //enable downloading file_name which inside the flavor asset directory if (is_dir($filePath)) { $filePath = $filePath . DIRECTORY_SEPARATOR . $fileName; } $this->dumpFile($filePath, $fileName, $preview); KExternalErrors::dieGracefully(); // no view }