diff --git a/upload/includes/functions.php b/upload/includes/functions.php index a6b4bc80f..067c73d5f 100644 --- a/upload/includes/functions.php +++ b/upload/includes/functions.php @@ -2181,8 +2181,11 @@ function increment_views_new($id,$type=NULL) { { if(!isset($_COOKIE['video_'.$id])) { $currentTime = time(); + $vdetails = get_video_details($id); + // Cookie life time at least 1 hour else if video duration is bigger set at video time. + $cookieTime = ($vdetails['duration'] > 3600) ? $vdetails['duration'] : $cookieTime = 3600; $db->update(tbl("video"),array("views", "last_viewed"),array("|f|views+1",$currentTime)," videoid='$id' OR videokey='$id'"); - setcookie('video_'.$id,'watched',time()+3600); + setcookie('video_'.$id,'watched',time()+$cookieTime); } } break; @@ -2714,9 +2717,9 @@ function category_link($data,$type) { case 'video':case 'videos':case 'v': { if(SEO=='yes') { - return BASEURL.'/videos/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.$_GET['sort'].'/'.$_GET['time'].'/'; + return BASEURL.'/videos/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.htmlspecialchars($_GET['sort']).'/'.htmlspecialchars($_GET['time']).'/'; } else { - return BASEURL.'/videos.php?cat='.$data['category_id'].'&sort='.$_GET['sort'].'&time='.$_GET['time'].'&seo_cat_name='.$_GET['seo_cat_name']; + return BASEURL.'/videos.php?cat='.$data['category_id'].'&sort='. htmlspecialchars($_GET['sort']).'&time='.htmlspecialchars($_GET['time']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']); } } break; @@ -2724,9 +2727,9 @@ function category_link($data,$type) { case 'channels':case 'channel':case'c':case'user': { if(SEO=='yes') { - return BASEURL.'/channels/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.$_GET['sort'].'/'.$_GET['time'].'/'; + return BASEURL.'/channels/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.htmlspecialchars($_GET['sort']).'/'.htmlspecialchars($_GET['time']).'/'; } else { - return BASEURL.'/channels.php?cat='.$data['category_id'].'&sort='.$_GET['sort'].'&time='.$_GET['time'].'&seo_cat_name='.$_GET['seo_cat_name']; + return BASEURL.'/channels.php?cat='.$data['category_id'].'&sort='.htmlspecialchars($_GET['sort']).'&time='.htmlspecialchars($_GET['time']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']); } } break; @@ -2739,7 +2742,7 @@ function category_link($data,$type) { if(defined("IN_MODULE")) { global $prefix_catlink; - $url = 'cat='.$data['category_id'].'&sort='.$_GET['sort'].'&time='.$_GET['time'].'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name']; + $url = 'cat='.$data['category_id'].'&sort='.htmlspecialchars($_GET['sort']).'&time='.htmlspecialchars($_GET['time']).'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']); $url = $prefix_catlink.$url; $rm_array = array("cat","sort","time","page","seo_cat_name"); $p = ""; @@ -2751,9 +2754,9 @@ function category_link($data,$type) { } if(SEO=='yes') { - return BASEURL.'/'.$type.'/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.$_GET['sort'].'/'.$_GET['time'].'/'; + return BASEURL.'/'.$type.'/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.htmlspecialchars($_GET['sort']).'/'.htmlspecialchars($_GET['time']).'/'; } else { - return BASEURL.'/'.$type.'.php?cat='.$data['category_id'].'&sort='.$_GET['sort'].'&time='.$_GET['time'].'&seo_cat_name='.$_GET['seo_cat_name']; + return BASEURL.'/'.$type.'.php?cat='.$data['category_id'].'&sort='.htmlspecialchars($_GET['sort']).'&time='.htmlspecialchars($_GET['time']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']); } } break; @@ -2790,18 +2793,18 @@ function sort_link($sort,$mode='sort',$type) { if($mode == 'sort') { $sorting = $sort; } else { - $sorting = $_GET['sort']; + $sorting = htmlspecialchars($_GET['sort']); } if($mode == 'time') { $time = $sort; } else { - $time = $_GET['time']; + $time = htmlspecialchars($_GET['time']); } if (SEO=='yes') { - return BASEURL.'/videos/'.$_GET['cat'].'/'.$_GET['seo_cat_name'].'/'.$sorting.'/'.$time.'/'.$_GET['page']; + return BASEURL.'/videos/'.htmlspecialchars($_GET['cat']).'/'.htmlspecialchars($_GET['seo_cat_name']).'/'.$sorting.'/'.$time.'/'.htmlspecialchars($_GET['page']); } else { - return BASEURL.'/videos.php?cat='.$_GET['cat'].'&sort='.$sorting.'&time='.$time.'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name']; + return BASEURL.'/videos.php?cat='.htmlspecialchars($_GET['cat']).'&sort='.$sorting.'&time='.$time.'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']); } } break; @@ -2823,18 +2826,18 @@ function sort_link($sort,$mode='sort',$type) { if($mode == 'sort') { $sorting = $sort; } else { - $sorting = $_GET['sort']; + $sorting = htmlspecialchars($_GET['sort']); } if($mode == 'time') { $time = $sort; } else { - $time = $_GET['time']; + $time = htmlspecialchars($_GET['time']); } if(SEO=='yes') { - return BASEURL.'/channels/'.$_GET['cat'].'/'.$_GET['seo_cat_name'].'/'.$sorting.'/'.$time.'/'.$_GET['page']; + return BASEURL.'/channels/'.htmlspecialchars($_GET['cat']).'/'.htmlspecialchars($_GET['seo_cat_name']).'/'.$sorting.'/'.$time.'/'.htmlspecialchars($_GET['page']); } else { - return BASEURL.'/channels.php?cat='.$_GET['cat'].'&sort='.$sorting.'&time='.$time.'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name']; + return BASEURL.'/channels.php?cat='.htmlspecialchars($_GET['cat']).'&sort='.$sorting.'&time='.$time.'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']); } } break; @@ -2856,12 +2859,12 @@ function sort_link($sort,$mode='sort',$type) { if($mode == 'sort') { $sorting = $sort; } else { - $sorting = $_GET['sort']; + $sorting = htmlspecialchars($_GET['sort']); } if($mode == 'time') { $time = $sort; } else { - $time = $_GET['time']; + $time = htmlspecialchars($_GET['time']); } if(THIS_PAGE=='photos') { @@ -2869,15 +2872,15 @@ function sort_link($sort,$mode='sort',$type) { } if(defined("IN_MODULE")) { - $url = 'cat='.$_GET['cat'].'&sort='.$sorting.'&time='.$time.'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name']; + $url = 'cat='.htmlspecialchars($_GET['cat']).'&sort='.$sorting.'&time='.$time.'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']); $plugURL = queryString($url,array("cat","sort","time","page","seo_cat_name")); return $plugURL; } if(SEO=='yes') { - return BASEURL.'/'.$type.'/'.$_GET['cat'].'/'.$_GET['seo_cat_name'].'/'.$sorting.'/'.$time.'/'.$_GET['page']; + return BASEURL.'/'.$type.'/'.htmlspecialchars($_GET['cat']).'/'.htmlspecialchars($_GET['seo_cat_name']).'/'.$sorting.'/'.$time.'/'.htmlspecialchars($_GET['page']); } else { - return BASEURL.'/'.$type.'.php?cat='.$_GET['cat'].'&sort='.$sorting.'&time='.$time.'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name']; + return BASEURL.'/'.$type.'.php?cat='.htmlspecialchars($_GET['cat']).'&sort='.$sorting.'&time='.$time.'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']); } } break; diff --git a/upload/rss.php b/upload/rss.php index f9dd2fcb1..8c3ee565d 100644 --- a/upload/rss.php +++ b/upload/rss.php @@ -30,7 +30,7 @@ case 'recent': default: { - $videos = get_videos(array('limit'=>$limit,'order'=>'date_added DESC')); + $videos = get_videos(array('limit'=>$limit,'broadcast'=>'public','order'=>'date_added DESC')); $title = "Recently Added Videos"; } break; @@ -38,21 +38,21 @@ case 'views': { - $videos = get_videos(array('limit'=>$limit,'order'=>'views DESC')); + $videos = get_videos(array('limit'=>$limit,'broadcast'=>'public','order'=>'views DESC')); $title = "Most Viewed Videos"; } break; case 'rating': { - $videos = get_videos(array('limit'=>$limit,'order'=>'rating DESC')); + $videos = get_videos(array('limit'=>$limit,'broadcast'=>'public','order'=>'rating DESC')); $title = "Top Rated Videos"; } break; case 'watching': { - $videos = get_videos(array('limit'=>$limit,'order'=>'last_viewed DESC')); + $videos = get_videos(array('limit'=>$limit,'broadcast'=>'public','order'=>'last_viewed DESC')); $title = "Videos Being Watched"; } break;