Archives

Recent posts

Recent comments

In Working with a company that embraces open source
Guy Steels wrote: And a big thank you for open sourcing your plugins. When we look if certain functionality is...
In Marius Wilms - The CakePHP Media Plugin
Sotir wrote: Some practice use examples will be nice to have around...
In Felix Geisendörfer - Recipies for successful CakePHP projects
Felix Geisendörfer wrote: http://felixge.s3.amazonaws.com/09/cakephp-receipes.pdf (sorry, 8mb download)
In Joël Perras - Demystifying Webservices in CakePHP
Neil Crookes wrote: I have an upcoming project that could use the Google Chart / Visualisation API so would be...

Categories

RSS Feed for comments

Marius Wilms - The CakePHP Media Plugin

Written on Sat, Jul 18th 2009, 00:27 in

If Marius had more than an hour to talk about the Media Plugin, he most certainly would have taken it. To go over the features and functionality of the entire plugin would have been many hours as there is a lot there. A brief touch on the features provided by the plugin was discussed, with some examples.

Requirements are in the high end, but considering the state of PHP and the upcoming version of CakePHP, developers should be moving forward in terms of their PHP version and library support anyway. The Media plugin requires CakePHP 1.2.x.x and PHP 5.2.0+. It enables the transfer, manipulation and embedding of files in many varied ways.

You can find the media plugin at: http://github.com/davidpersson/media

Marius' focus was on doing media manipulation and embedding "properly", and identified that while there are lots of user contributions floating around the net, none of them were meeting his needs and were flexible enough. One of the main points he made here was that if done incorrectly, potential security risks arise due to command line interaction and file saving. Validation was one particular section of the code that made this a tricky plugin to develop, but allowed tests to be implemented to ensure security.

Some common points that we hear all the time came through, and they make sense for CakePHP as well as any web application for security reasons:

 

  1. Don't trust users supplied filenames
  2. Don't store files in an accessible webroot, rather have them accessible to scripts.
  3. Make the upload location (and local filenames) unguessable (like referencing files by UUIDs)
The media plugin contains about 8 new rules for file validation purposes to ensure that submitted data meets the application needs. Beyond validation, it handles all kinds of uploads, HTTP Post, Remote HTTP and local file inclusion.
A console is included to initialize the default directory structure, and as such, could be included as part of a deployment script with the CakePHP console.examples.

To ensure flexibility of use, a behavior is included to allow attachment to any number of models, and generioc storage and linking provided to ease integration into existing apps.

Marius concluded his talk with a plea for feedback. There are plenty of people using the plugin, but more feedback is required to ensure its the best it can be, and that all bugs  (if any) are squashed. Checkout the code at: http://github.com/davidpersson/media

Back to Graham's articles

Trackback | Digg This | Stumble It

Comments:

Add comment
  • tuts baby
    Some practice use examples will be nice to have around...

    Reply | Sotir | posted on 18/7/09

openID

What is OpenID?

OpenID is a new open standard that lets you sign in to web sites with a single URL that you own. This URL can be your homepage or blog, or it can be provided to you by a web site you use. In either case, you only have to sign in once to your OpenID provider and so you only need to maintain a single password.Learn more.

How is CakeDC using OpenID?

You can use your OpenID identity when posting comments on the site. When you see a form field with OpenID logo entering your OpenID identity is sufficient to allow your post. We also accept Google or Yahoo! identities. Simply use either "google.com" or "yahoo.com" and our OpenID library will locate your information from the appropriate source.