You are not authorized to access that location.

Archives

Articles récents

Commentaires récents

In Working with a company that embraces open source
Guy Steels wrote: And a big thank you for open sourcing your plugins. When we look if certain functionality is...
In Marius Wilms - The CakePHP Media Plugin
Sotir wrote: Some practice use examples will be nice to have around...
In Felix Geisendörfer - Recipies for successful CakePHP projects
Felix Geisendörfer wrote: http://felixge.s3.amazonaws.com/09/cakephp-receipes.pdf (sorry, 8mb download)
In Joël Perras - Demystifying Webservices in CakePHP
Neil Crookes wrote: I have an upcoming project that could use the Google Chart / Visualisation API so would be...

Catégories

Flux RSS pour les commentaires

Marius Wilms - The CakePHP Media Plugin

Ecrit le Sat, Jul 18th 2009, 00:27 dans

If Marius had more than an hour to talk about the Media Plugin, he most certainly would have taken it. To go over the features and functionality of the entire plugin would have been many hours as there is a lot there. A brief touch on the features provided by the plugin was discussed, with some examples.

Requirements are in the high end, but considering the state of PHP and the upcoming version of CakePHP, developers should be moving forward in terms of their PHP version and library support anyway. The Media plugin requires CakePHP 1.2.x.x and PHP 5.2.0+. It enables the transfer, manipulation and embedding of files in many varied ways.

You can find the media plugin at: http://github.com/davidpersson/media

Marius' focus was on doing media manipulation and embedding "properly", and identified that while there are lots of user contributions floating around the net, none of them were meeting his needs and were flexible enough. One of the main points he made here was that if done incorrectly, potential security risks arise due to command line interaction and file saving. Validation was one particular section of the code that made this a tricky plugin to develop, but allowed tests to be implemented to ensure security.

Some common points that we hear all the time came through, and they make sense for CakePHP as well as any web application for security reasons:

 

  1. Don't trust users supplied filenames
  2. Don't store files in an accessible webroot, rather have them accessible to scripts.
  3. Make the upload location (and local filenames) unguessable (like referencing files by UUIDs)
The media plugin contains about 8 new rules for file validation purposes to ensure that submitted data meets the application needs. Beyond validation, it handles all kinds of uploads, HTTP Post, Remote HTTP and local file inclusion.
A console is included to initialize the default directory structure, and as such, could be included as part of a deployment script with the CakePHP console.examples.

To ensure flexibility of use, a behavior is included to allow attachment to any number of models, and generioc storage and linking provided to ease integration into existing apps.

Marius concluded his talk with a plea for feedback. There are plenty of people using the plugin, but more feedback is required to ensure its the best it can be, and that all bugs  (if any) are squashed. Checkout the code at: http://github.com/davidpersson/media

Retour aux articles de Graham's

Trackback | Digg This | Stumble It

Commentaires:

Add New Comment

  • tuts baby
    Some practice use examples will be nice to have around...

    Reply | Sotir | posted on 18/7/09

openID

Qu'est-ce que OpenID ?

OpenID est un nouveau standard ouvert qui permet de se connecter à des sites web grâce à une simple URL vous appartenant. Cette URL peut être votre page personnelle ou blog, ou peut vous être fournie par un site web que vous utilisez. Dans tous les cas, vous n'avez qu'à vous connecter une seule fois auprès de votre fournisseur OpenID, vous permettant ainsi de n'avoir qu'un seul mot de passe à maintenir.Learn more.

Comment est-ce que CakeDC utilise OpenID ?

Vous pouvez utiliser votre identité OpenID lorsque vous postez des commentaires sur le site. Lorsque vous voyez un champ de formulaire avecle logo OpenID il suffit de renseigner votre identité OpenID pour vous permettre de poster. Nous acceptons également les identités Google et Yahoo!. Utilisez simplement soit "google.com" soit "yahoo.com" et notre librairie OpenID ira chercher vos informations au bon endroit.