public function execute() { $this->entryId = $this->getRequestParameter("entryId", null); $this->flavorId = $this->getRequestParameter("flavorId", null); $this->storageId = $this->getRequestParameter("storageId", null); $this->maxBitrate = $this->getRequestParameter("maxBitrate", null); $flavorIdsStr = $this->getRequestParameter("flavorIds", null); if ($flavorIdsStr) { $this->flavorIds = explode(",", $flavorIdsStr); } $this->entry = entryPeer::retrieveByPKNoFilter($this->entryId); if (!$this->entry) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } if (!$this->flavorId) { $flavorParamId = $this->getRequestParameter("flavorParamId", null); if ($flavorParamId) { $flavorAsset = flavorAssetPeer::retrieveByEntryIdAndFlavorParams($entry->getId(), $flavorParamId); if (!$flavorAsset) { KExternalErrors::dieError(KExternalErrors::FLAVOR_NOT_FOUND); } $this->flavorId = $flavorAsset->getId(); } } $this->validateStorageId(); $this->protocol = $this->getRequestParameter("protocol", null); if (!$this->protocol) { $this->protocol = StorageProfile::PLAY_FORMAT_HTTP; } $this->format = $this->getRequestParameter("format"); if (!$this->format) { $this->format = StorageProfile::PLAY_FORMAT_HTTP; } $this->cdnHost = $this->getRequestParameter("cdnHost", null); $partner = $this->entry->getPartner(); if (!$this->cdnHost || $partner->getForceCdnHost()) { $this->cdnHost = myPartnerUtils::getCdnHost($this->entry->getPartnerId(), $this->protocol); } if ($this->maxBitrate && (!is_numeric($this->maxBitrate) || $this->maxBitrate <= 0)) { KExternalErrors::dieError(KExternalErrors::INVALID_MAX_BITRATE); } $ksStr = $this->getRequestParameter("ks"); $base64Referrer = $this->getRequestParameter("referrer"); $referrer = base64_decode($base64Referrer); if (!is_string($referrer)) { $referrer = ""; } // base64_decode can return binary data $securyEntryHelper = new KSecureEntryHelper($this->entry, $ksStr, $referrer); if ($securyEntryHelper->shouldPreview()) { $this->clipTo = $securyEntryHelper->getPreviewLength() * 1000; } else { $securyEntryHelper->validateForPlay($this->entry, $ksStr); } // grab seekFrom parameter and normalize url $this->seekFrom = $this->getRequestParameter("seekFrom", -1); if ($this->seekFrom <= 0) { $this->seekFrom = -1; } if ($this->entry->getStatus() == entryStatus::DELETED) { // because the fiter was turned off - a manual check for deleted entries must be done. die; } $xml = null; switch ($this->format) { case StorageProfile::PLAY_FORMAT_HTTP: $xml = $this->serveHttp(); break; case StorageProfile::PLAY_FORMAT_RTMP: $xml = $this->serveRtmp(); break; case StorageProfile::PLAY_FORMAT_SILVER_LIGHT: $xml = $this->serveSilverLight(); break; case StorageProfile::PLAY_FORMAT_APPLE_HTTP: $xml = $this->serveAppleHttp(); break; case "url": return $this->serveUrl(); break; case "hdnetworksmil": $xml = $this->serveHDNetwork(); break; case "hdnetwork": $duration = $this->entry->getDurationInt(); $mediaUrl = "<media url=\"" . requestUtils::getHost() . str_replace("f4m", "smil", str_replace("hdnetwork", "hdnetworksmil", $_SERVER["REQUEST_URI"])) . "\"/>"; $xml = $this->buildXml(self::PLAY_STREAM_TYPE_RECORDED, array(), 'video/x-flv', $duration, null, $mediaUrl); break; } if ($this->format == StorageProfile::PLAY_FORMAT_APPLE_HTTP) { header("Content-Type: text/plain; charset=UTF-8"); } else { header("Content-Type: text/xml; charset=UTF-8"); header("Content-Disposition: inline; filename=manifest.xml"); } echo $xml; die; }
protected function initEntry() { $this->entryId = $this->getRequestParameter("entryId", null); // look for a valid token $expiry = $this->getRequestParameter("expiry"); if ($expiry && $expiry <= time()) { KExternalErrors::dieError(KExternalErrors::EXPIRED_TOKEN); } $urlToken = $this->getRequestParameter("kt"); if ($urlToken) { if ($_SERVER["REQUEST_METHOD"] != "GET" || !self::validateKalturaToken($_SERVER["REQUEST_URI"], $urlToken)) { KExternalErrors::dieError(KExternalErrors::INVALID_TOKEN); } } // initalize the context $ksStr = $this->getRequestParameter("ks"); if ($ksStr && !$urlToken) { try { kCurrentContext::initKsPartnerUser($ksStr); } catch (Exception $ex) { KExternalErrors::dieError(KExternalErrors::INVALID_KS); } } else { $this->entry = kCurrentContext::initPartnerByEntryId($this->entryId); if (!$this->entry || $this->entry->getStatus() == entryStatus::DELETED) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } // no need for any further check if a token was used if ($urlToken) { return; } // enforce entitlement kEntitlementUtils::initEntitlementEnforcement(); if (!$this->entry) { $this->entry = entryPeer::retrieveByPKNoFilter($this->entryId); if (!$this->entry || $this->entry->getStatus() == entryStatus::DELETED) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } else { if (!kEntitlementUtils::isEntryEntitled($this->entry)) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } myPartnerUtils::blockInactivePartner($this->entry->getPartnerId()); // enforce access control $base64Referrer = $this->getRequestParameter("referrer"); $hashes = $this->getRequestParameter("hashes"); $keyValueHashes = array(); if ($hashes) { $hashes = urldecode($hashes); $hashes = explode(",", $hashes); foreach ($hashes as $keyValueHashString) { list($key, $value) = explode('=', $keyValueHashString); $keyValueHashes[$key] = $value; } } // replace space in the base64 string with + as space is invalid in base64 strings and caused // by symfony calling str_parse to replace + with spaces. // this happens only with params passed in the url path and not the query strings. specifically the ~ char at // a columns divided by 3 causes this issue (e.g. http://www.xyzw.com/~xxx) //replace also any - with + and _ with / $referrer = base64_decode(str_replace(array('-', '_', ' '), array('+', '/', '+'), $base64Referrer)); if (!is_string($referrer)) { $referrer = ""; } // base64_decode can return binary data $this->secureEntryHelper = new KSecureEntryHelper($this->entry, $ksStr, $referrer, ContextType::PLAY, $keyValueHashes); if ($this->secureEntryHelper->shouldPreview()) { $previewLengthInMsecs = $this->secureEntryHelper->getPreviewLength() * 1000; $entryLengthInMsecs = $this->entry->getLengthInMsecs(); if ($previewLengthInMsecs < $entryLengthInMsecs) { $this->deliveryAttributes->setClipTo($previewLengthInMsecs); } } else { $this->secureEntryHelper->validateForPlay(); } if (PermissionPeer::isValidForPartner(PermissionName::FEATURE_ENTITLEMENT, $this->entry->getPartnerId()) || $this->secureEntryHelper->hasRules()) { $this->forceUrlTokenization = true; } }
public function execute() { requestUtils::handleConditionalGet(); $entry_id = $this->getRequestParameter("entry_id"); $ks_str = $this->getRequestParameter("ks"); $base64_referrer = $this->getRequestParameter("referrer"); $referrer = base64_decode($base64_referrer); if (!is_string($referrer)) { // base64_decode can return binary data $referrer = ""; } $clip_from = $this->getRequestParameter("clip_from", 0); // milliseconds $clip_to = $this->getRequestParameter("clip_to", 2147483647); // milliseconds if ($clip_to == 0) { $clip_to = 2147483647; } $request = $_SERVER["REQUEST_URI"]; // remove dynamic fields from the url so we'll request a single url from the cdn $request = str_replace("/referrer/{$base64_referrer}", "", $request); $request = str_replace("/ks/{$ks_str}", "", $request); // workaround the filter which hides all the deleted entries - // now that deleted entries are part of xmls (they simply point to the 'deleted' templates), we should allow them here $entry = entryPeer::retrieveByPKNoFilter($entry_id); if (!$entry) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } myPartnerUtils::blockInactivePartner($entry->getPartnerId()); // set the memory size to be able to serve big files in a single chunk ini_set("memory_limit", "64M"); // set the execution time to be able to serve big files in a single chunk ini_set("max_execution_time", 240); if ($entry->getType() == entryType::MIX && $entry->getStatus() == entryStatus::DELETED) { // because the fiter was turned off - a manual check for deleted entries must be done. die; } else { if ($entry->getMediaType() == entry::ENTRY_MEDIA_TYPE_IMAGE) { $version = $this->getRequestParameter("version", null); $width = $this->getRequestParameter("width", -1); $height = $this->getRequestParameter("height", -1); $crop_provider = $this->getRequestParameter("crop_provider", null); $bgcolor = $this->getRequestParameter("bgcolor", "ffffff"); $type = $this->getRequestParameter("type", 1); $quality = $this->getRequestParameter("quality", 0); $src_x = $this->getRequestParameter("src_x", 0); $src_y = $this->getRequestParameter("src_y", 0); $src_w = $this->getRequestParameter("src_w", 0); $src_h = $this->getRequestParameter("src_h", 0); $vid_sec = $this->getRequestParameter("vid_sec", -1); $vid_slice = $this->getRequestParameter("vid_slice", -1); $vid_slices = $this->getRequestParameter("vid_slices", -1); if ($width == -1 && $height == -1) { $width = 640; $height = 480; } else { if ($width == -1) { // if only either width or height is missing reset them to zero, and convertImage will handle them $width = 0; } else { if ($height == -1) { $height = 0; } } } $tempThumbPath = myEntryUtils::resizeEntryImage($entry, $version, $width, $height, $type, $bgcolor, $crop_provider, $quality, $src_x, $src_y, $src_w, $src_h, $vid_sec, $vid_slice, $vid_slices); kFile::dumpFile($tempThumbPath, null, strpos($tempThumbPath, "_NOCACHE_") === false ? null : 0); } } $audio_only = $this->getRequestParameter("audio_only"); // milliseconds $flavor = $this->getRequestParameter("flavor", 1); // $flavor_param_id = $this->getRequestParameter("flavor_param_id", null); // $streamer = $this->getRequestParameter("streamer"); // if (substr($streamer, 0, 4) == "rtmp") { // the fms may add .mp4 to the end of the url $streamer = "rtmp"; } // grab seek_from_bytes parameter and normalize url $seek_from_bytes = $this->getRequestParameter("seek_from_bytes", -1); $request = str_replace("/seek_from_bytes/{$seek_from_bytes}", "", $request); if ($seek_from_bytes <= 0) { $seek_from_bytes = -1; } // grab seek_from parameter and normalize url $seek_from = $this->getRequestParameter("seek_from", -1); $request = str_replace("/seek_from/{$seek_from}", "", $request); if ($seek_from <= 0) { $seek_from = -1; } $this->dump_from_byte = 0; // reset accurate seek from timestamp $seek_from_timestamp = -1; // backward compatibility if ($flavor === "0") { // for edit version $flavor = "edit"; } if ($flavor === "1" || $flavor === 1) { // for play version $flavor = null; } // when flavor is null, we will get a default flavor if ($flavor == "edit") { $flavorAsset = flavorAssetPeer::retrieveBestEditByEntryId($entry->getId()); } elseif (!is_null($flavor)) { $flavorAsset = flavorAssetPeer::retrieveById($flavor); // when specific asset was request, we don't validate its tags if ($flavorAsset && ($flavorAsset->getEntryId() != $entry->getId() || $flavorAsset->getStatus() != flavorAsset::FLAVOR_ASSET_STATUS_READY)) { $flavorAsset = null; } // we will throw an error later } elseif (is_null($flavor) && !is_null($flavor_param_id)) { $flavorAsset = flavorAssetPeer::retrieveByEntryIdAndFlavorParams($entry->getId(), $flavor_param_id); if ($flavorAsset && $flavorAsset->getStatus() != flavorAsset::FLAVOR_ASSET_STATUS_READY) { $flavorAsset = null; } // we will throw an error later } else { if ($entry->getSource() == entry::ENTRY_MEDIA_SOURCE_WEBCAM) { $flavorAsset = flavorAssetPeer::retrieveOriginalByEntryId($entry->getId()); } else { $flavorAsset = flavorAssetPeer::retrieveBestPlayByEntryId($entry->getId()); } if (!$flavorAsset) { $flavorAssets = flavorAssetPeer::retreiveReadyByEntryIdAndTag($entry->getId(), flavorParams::TAG_WEB); if (count($flavorAssets) > 0) { $flavorAsset = $flavorAssets[0]; } } } if (is_null($flavorAsset)) { KExternalErrors::dieError(KExternalErrors::FLAVOR_NOT_FOUND); } $syncKey = $flavorAsset->getSyncKey(flavorAsset::FILE_SYNC_FLAVOR_ASSET_SUB_TYPE_ASSET); if (kFileSyncUtils::file_exists($syncKey, false)) { $path = kFileSyncUtils::getReadyLocalFilePathForKey($syncKey); } else { list($fileSync, $local) = kFileSyncUtils::getReadyFileSyncForKey($syncKey, true, false); if (is_null($fileSync)) { KalturaLog::log("Error - no FileSync for flavor [" . $flavorAsset->getId() . "]"); KExternalErrors::dieError(KExternalErrors::FILE_NOT_FOUND); } $remoteUrl = kDataCenterMgr::getRedirectExternalUrl($fileSync); $this->redirect($remoteUrl); } $flv_wrapper = new myFlvHandler($path); $isFlv = $flv_wrapper->isFlv(); // scrubbing is not allowed within mp4 files if (!$isFlv) { $seek_from = $seek_from_bytes = -1; } if ($seek_from !== -1 && $seek_from !== 0) { if ($audio_only === '0') { // audio_only was explicitly set to 0 - don't attempt to make further automatic investigations } elseif ($flv_wrapper->getFirstVideoTimestamp() < 0) { $audio_only = true; } list($bytes, $duration, $first_tag_byte, $to_byte) = $flv_wrapper->clip(0, -1, $audio_only); list($bytes, $duration, $from_byte, $to_byte, $seek_from_timestamp) = $flv_wrapper->clip($seek_from, -1, $audio_only); $seek_from_bytes = myFlvHandler::FLV_HEADER_SIZE + $flv_wrapper->getMetadataSize($audio_only) + $from_byte - $first_tag_byte; } // the direct path without a cdn is "http://s3kaltura.s3.amazonaws.com".$entry->getDataPath(); $extStorageUrl = $entry->getExtStorageUrl(); if ($extStorageUrl && substr_count($extStorageUrl, 's3kaltura')) { // if for some reason we didnt set our accurate $seek_from_timestamp reset it to the requested seek_from if ($seek_from_timestamp == -1) { $seek_from_timestamp = $seek_from; } $request_host = parse_url($extStorageUrl, PHP_URL_HOST); $akamai_url = str_replace($request_host, "cdns3akmi.kaltura.com", $extStorageUrl); $akamai_url .= $seek_from_bytes == -1 ? "" : "?aktimeoffset=" . floor($seek_from_timestamp / 1000); header("Location: {$akamai_url}"); die; } elseif ($extStorageUrl) { // if for some reason we didnt set our accurate $seek_from_timestamp reset it to the requested seek_from if ($seek_from_timestamp == -1) { $seek_from_timestamp = $seek_from; } $extStorageUrl .= $seek_from_bytes == -1 ? "" : "?aktimeoffset=" . floor($seek_from_timestamp / 1000); header("Location: {$extStorageUrl}"); die; } // use headers to detect cdn $cdn_name = ""; $via_header = @$_SERVER["HTTP_VIA"]; if (strpos($via_header, "llnw.net") !== false) { $cdn_name = "limelight"; } else { if (strpos($via_header, "akamai") !== false) { $cdn_name = "akamai"; } else { if (strpos($via_header, "Level3") !== false) { $cdn_name = "level3"; } } } // setting file extension - first trying frrom flavor asset $ext = $flavorAsset->getFileExt(); // if failed, set extension according to file type (isFlv) if (!$ext) { $ext = $isFlv ? "flv" : "mp4"; } $flv_extension = $streamer == "rtmp" ? "?" : "/a.{$ext}?novar=0"; // dont check for rtmp / and for an already redirect url if ($streamer != "rtmp" && strpos($request, $flv_extension) === false) { // check security using ks $securyEntryHelper = new KSecureEntryHelper($entry, $ks_str, $referrer); if ($securyEntryHelper->shouldPreview()) { $this->checkForPreview($securyEntryHelper, $clip_to); } else { $securyEntryHelper->validateForPlay($entry, $ks_str); } } else { // if needs security check using cdn authentication mechanism // for now assume this is a cdn request and don't check for security } // use limelight mediavault if either security policy requires it or if we're trying to seek within the video if ($entry->getSecurityPolicy() || $seek_from_bytes !== -1) { // we have three options: // arrived through limelight mediavault url - the url is secured // arrived directly through limelight (not secured through mediavault) - enforce ks and redirect to mediavault url // didnt use limelight - enforce ks // the cdns are configured to authenticate request for /s/.... // check if we're already in a redirected secure link using the "/s/" prefix $secure_request = substr($request, 0, 3) == "/s/"; if ($secure_request && ($cdn_name == "limelight" || $cdn_name == "level3")) { // request was validated by cdn let it through } else { // extract ks $ks_str = $this->getRequestParameter("ks", ""); if ($entry->getSecurityPolicy()) { if (!$ks_str) { $this->logMessage("flvclipper - no KS"); die; } $ks = kSessionUtils::crackKs($ks_str); if (!$ks) { $this->logMessage("flvclipper - invalid ks [{$ks_str}]"); die; } $matched_privs = $ks->verifyPrivileges("sview", $entry_id); $this->logMessage("flvclipper - verifyPrivileges name [sview], priv [{$entry_id}] [{$matched_privs}]"); if (!$matched_privs) { $this->logMessage("flvclipper - doesnt not match required privlieges [{$ks_str}]"); die; } } if ($cdn_name == "limelight") { $ll_url = requestUtils::getCdnHost() . "/s{$request}" . $flv_extension; $secret = kConf::get("limelight_madiavault_password"); $expire = "&e=" . (time() + 120); $ll_url .= $expire; $fs = $seek_from_bytes == -1 ? "" : "&fs={$seek_from_bytes}"; $ll_url .= "&h=" . md5("{$secret}{$ll_url}") . $fs; //header("Location: $ll_url"); $this->redirect($ll_url); } else { if ($cdn_name == "level3") { $level3_url = $request . $flv_extension; if ($entry->getSecurityPolicy()) { $level3_url = "/s{$level3_url}"; // set expire time in GMT hence the date("Z") offset $expire = "&nva=" . strftime("%Y%m%d%H%M%S", time() - date("Z") + 30); $level3_url .= $expire; $secret = kConf::get("level3_authentication_key"); $hash = "0" . substr(self::hmac('sha1', $secret, $level3_url), 0, 20); $level3_url .= "&h={$hash}"; } $level3_url .= $seek_from_bytes == -1 ? "" : "&start={$seek_from_bytes}"; header("Location: {$level3_url}"); die; } else { if ($cdn_name == "akamai") { $akamai_url = $request . $flv_extension; // if for some reason we didnt set our accurate $seek_from_timestamp reset it to the requested seek_from if ($seek_from_timestamp == -1) { $seek_from_timestamp = $seek_from; } $akamai_url .= $seek_from_bytes == -1 ? "" : "&aktimeoffset=" . floor($seek_from_timestamp / 1000); header("Location: {$akamai_url}"); die; } } } // a seek request without a supporting cdn - we need to send the answer from our server if ($seek_from_bytes !== -1 && $via_header === null) { $this->dump_from_byte = $seek_from_bytes; } } } // always add the file suffix to the request (needed for scrubbing by some cdns, // and also breaks without extension on some corporate antivirus). // we add the the novar paramter since a leaving a trailing "?" will be trimmed // and then the /seek_from request will result in another url which level3 // will try to refetch from the origin // note that for streamer we dont add the file extension if ($streamer != "rtmp" && strpos($request, $flv_extension) === false) { // a seek request without a supporting cdn - we need to send the answer from our server if ($seek_from_bytes !== -1 && $via_header === null) { $request .= "/seek_from_bytes/{$seek_from_bytes}"; } requestUtils::sendCdnHeaders("flv", 0); header("Location: {$request}" . $flv_extension); die; } // mp4 if (!$isFlv) { kFile::dumpFile($path); } $this->logMessage("flvclipperAction: serving file [{$path}] entry_id [{$entry_id}] clip_from [{$clip_from}] clip_to [{$clip_to}]", "warning"); if ($audio_only === '0') { // audio_only was explicitly set to 0 - don't attempt to make further automatic investigations } elseif ($flv_wrapper->getFirstVideoTimestamp() < 0) { $audio_only = true; } //$start = microtime(true); list($bytes, $duration, $from_byte, $to_byte, $from_ts, $cuepoint_pos) = myFlvStaticHandler::clip($path, $clip_from, $clip_to, $audio_only); $metadata_size = $flv_wrapper->getMetadataSize($audio_only); $this->from_byte = $from_byte; $this->to_byte = $to_byte; //$end1 = microtime(true); //$this->logMessage( "flvclipperAction: serving file [$path] entry_id [$entry_id] bytes [$bytes] duration [$duration] [$from_byte]->[$to_byte]" , "warning" ); //$this->logMessage( "flvclipperAction: serving file [$path] t1 [" . ( $end1-$start) . "]"); $data_offset = $metadata_size + myFlvHandler::getHeaderSize(); // if we're returning a partial file adjust the total size: // substract the metadata and bytes which are not delivered if ($this->dump_from_byte >= $data_offset && !$audio_only) { $bytes -= $metadata_size + max(0, $this->dump_from_byte - $data_offset); } $this->total_length = $data_offset + $bytes; //echo " $bytes , $duration ,$from_byte , $to_byte, $cuepoint_pos\n"; die; $this->cuepoint_time = 0; $this->cuepoint_pos = 0; if ($streamer == "chunked" && $clip_to != 2147483647) { $this->cuepoint_time = $clip_to - 1; $this->cuepoint_pos = $cuepoint_pos; $this->total_length += myFlvHandler::CUEPOINT_TAG_SIZE; } //$this->logMessage( "flvclipperAction: serving file [$path] entry_id [$entry_id] bytes with header & md [" . $this->total_length . "] bytes [$bytes] duration [$duration] [$from_byte]->[$to_byte]" , "warning" ); $this->flv_wrapper = $flv_wrapper; $this->audio_only = $audio_only; try { Propel::close(); } catch (Exception $e) { $this->logMessage("flvclipperAction: error closing db {$e}"); } return sfView::SUCCESS; }
/** * Get download URL for the Flavor Asset * * @action getDownloadUrl * @param string $id * @param bool $useCdn * @return string * @deprecated use getUrl instead */ public function getDownloadUrlAction($id, $useCdn = false) { $flavorAssetDb = assetPeer::retrieveById($id); if (!$flavorAssetDb || !$flavorAssetDb instanceof flavorAsset) { throw new KalturaAPIException(KalturaErrors::FLAVOR_ASSET_ID_NOT_FOUND, $id); } $this->validateEntryEntitlement($flavorAssetDb->getEntryId(), $id); if ($flavorAssetDb->getStatus() != flavorAsset::FLAVOR_ASSET_STATUS_READY) { throw new KalturaAPIException(KalturaErrors::FLAVOR_ASSET_IS_NOT_READY); } // Validate for download $entryDb = entryPeer::retrieveByPK($flavorAssetDb->getEntryId()); if (is_null($entryDb)) { throw new KalturaAPIException(KalturaErrors::ENTRY_ID_NOT_FOUND, $flavorAssetDb->getEntryId()); } $preview = null; $ksObj = $this->getKs(); $ks = $ksObj ? $ksObj->getOriginalString() : null; $securyEntryHelper = new KSecureEntryHelper($entryDb, $ks, null, ContextType::DOWNLOAD); if ($securyEntryHelper->shouldPreview()) { $preview = $flavorAssetDb->estimateFileSize($entryDb, $securyEntryHelper->getPreviewLength()); } else { $securyEntryHelper->validateForDownload(); } return $flavorAssetDb->getDownloadUrl($useCdn, false, $preview); }
/** * Will forward to the regular swf player according to the widget_id */ public function execute() { $entryId = $this->getRequestParameter("entry_id"); $flavorId = $this->getRequestParameter("flavor"); $fileName = $this->getRequestParameter("file_name"); $fileName = basename($fileName); $ksStr = $this->getRequestParameter("ks"); $referrer = $this->getRequestParameter("referrer"); $referrer = base64_decode($referrer); if (!is_string($referrer)) { // base64_decode can return binary data $referrer = ""; } $entry = null; if ($ksStr) { try { kCurrentContext::initKsPartnerUser($ksStr); } catch (Exception $ex) { KExternalErrors::dieError(KExternalErrors::INVALID_KS); } } else { $entry = kCurrentContext::initPartnerByEntryId($entryId); if (!$entry) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } kEntitlementUtils::initEntitlementEnforcement(); if (!$entry) { $entry = entryPeer::retrieveByPK($entryId); if (!$entry) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } else { if (!kEntitlementUtils::isEntryEntitled($entry)) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } KalturaMonitorClient::initApiMonitor(false, 'extwidget.download', $entry->getPartnerId()); myPartnerUtils::blockInactivePartner($entry->getPartnerId()); $shouldPreview = false; $securyEntryHelper = new KSecureEntryHelper($entry, $ksStr, $referrer, ContextType::DOWNLOAD); if ($securyEntryHelper->shouldPreview()) { $shouldPreview = true; } else { $securyEntryHelper->validateForDownload(); } $flavorAsset = null; if ($flavorId) { // get flavor asset $flavorAsset = assetPeer::retrieveById($flavorId); if (is_null($flavorAsset) || !$flavorAsset->isLocalReadyStatus()) { KExternalErrors::dieError(KExternalErrors::FLAVOR_NOT_FOUND); } // the request flavor should belong to the requested entry if ($flavorAsset->getEntryId() != $entryId) { KExternalErrors::dieError(KExternalErrors::FLAVOR_NOT_FOUND); } if (!$securyEntryHelper->isAssetAllowed($flavorAsset)) { KExternalErrors::dieError(KExternalErrors::FLAVOR_NOT_FOUND); } } else { $flavorAssets = assetPeer::retrieveReadyWebByEntryId($entry->getId()); foreach ($flavorAssets as $curFlavorAsset) { if ($securyEntryHelper->isAssetAllowed($curFlavorAsset)) { $flavorAsset = $curFlavorAsset; break; } } } // Gonen 26-04-2010: in case entry has no flavor with 'mbr' tag - we return the source if (!$flavorAsset && ($entry->getMediaType() == entry::ENTRY_MEDIA_TYPE_VIDEO || $entry->getMediaType() == entry::ENTRY_MEDIA_TYPE_AUDIO)) { $flavorAsset = assetPeer::retrieveOriginalByEntryId($entryId); if (!$securyEntryHelper->isAssetAllowed($flavorAsset)) { $flavorAsset = null; } } if ($flavorAsset) { $syncKey = $this->getSyncKeyAndForFlavorAsset($entry, $flavorAsset); } else { $syncKey = $this->getBestSyncKeyForEntry($entry); } if (is_null($syncKey)) { KExternalErrors::dieError(KExternalErrors::FILE_NOT_FOUND); } $this->handleFileSyncRedirection($syncKey); $filePath = kFileSyncUtils::getReadyLocalFilePathForKey($syncKey); list($fileBaseName, $fileExt) = kAssetUtils::getFileName($entry, $flavorAsset); if (!$fileName) { $fileName = $fileBaseName; } if ($fileExt && !is_dir($filePath)) { $fileName = $fileName . '.' . $fileExt; } $preview = 0; if ($shouldPreview && $flavorAsset) { $preview = $flavorAsset->estimateFileSize($entry, $securyEntryHelper->getPreviewLength()); } else { if (kCurrentContext::$ks_object) { $preview = kCurrentContext::$ks_object->getPrivilegeValue(kSessionBase::PRIVILEGE_PREVIEW, 0); } } //enable downloading file_name which inside the flavor asset directory if (is_dir($filePath)) { $filePath = $filePath . DIRECTORY_SEPARATOR . $fileName; } $this->dumpFile($filePath, $fileName, $preview); KExternalErrors::dieGracefully(); // no view }
protected function initEntry() { $this->entryId = $this->getRequestParameter("entryId", null); // look for a valid token $expiry = $this->getRequestParameter("expiry"); if ($expiry && $expiry <= time()) { KExternalErrors::dieError(KExternalErrors::EXPIRED_TOKEN); } $urlToken = $this->getRequestParameter("kt"); if ($urlToken) { if ($_SERVER["REQUEST_METHOD"] != "GET" || !self::validateKalturaToken($_SERVER["REQUEST_URI"], $urlToken)) { KExternalErrors::dieError(KExternalErrors::INVALID_TOKEN); } } // initalize the context $ksStr = $this->getRequestParameter("ks"); if ($ksStr && !$urlToken) { try { kCurrentContext::initKsPartnerUser($ksStr); } catch (Exception $ex) { KExternalErrors::dieError(KExternalErrors::INVALID_KS); } } else { $this->entry = kCurrentContext::initPartnerByEntryId($this->entryId); if (!$this->entry || $this->entry->getStatus() == entryStatus::DELETED) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } // no need for any further check if a token was used if ($urlToken) { return; } // enforce entitlement kEntitlementUtils::initEntitlementEnforcement(); if (!$this->entry) { $this->entry = entryPeer::retrieveByPKNoFilter($this->entryId); if (!$this->entry || $this->entry->getStatus() == entryStatus::DELETED) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } else { if (!kEntitlementUtils::isEntryEntitled($this->entry)) { KExternalErrors::dieError(KExternalErrors::ENTRY_NOT_FOUND); } } // enforce access control $base64Referrer = $this->getRequestParameter("referrer"); // replace space in the base64 string with + as space is invalid in base64 strings and caused // by symfony calling str_parse to replace + with spaces. // this happens only with params passed in the url path and not the query strings. specifically the ~ char at // a columns divided by 3 causes this issue (e.g. http://www.xyzw.com/~xxx) $referrer = base64_decode(str_replace(" ", "+", $base64Referrer)); if (!is_string($referrer)) { $referrer = ""; } // base64_decode can return binary data $this->secureEntryHelper = new KSecureEntryHelper($this->entry, $ksStr, $referrer, accessControlContextType::PLAY); if ($this->secureEntryHelper->shouldPreview()) { $this->clipTo = $this->secureEntryHelper->getPreviewLength() * 1000; } else { $this->secureEntryHelper->validateForPlay(); } }