[vlc-devel] commit: Add comment about getVariable() and setVariable() JS function: they are removed because of their security implications. Everyone is advice to use the newer ActiveX v2 (IVLCControl2) interface instead. (Jean-Paul Saman )
git version control
git at videolan.org
Sat Jun 14 11:05:47 CEST 2008
vlc | branch: master | Jean-Paul Saman <jpsaman at videolan.org> | Tue Jun 10 16:34:25 2008 +0200| [21d5beede3b4df8a588b131a3ec598f2b84bc6de]
Add comment about getVariable() and setVariable() JS function: they are removed because of their security implications. Everyone is advice to use the newer ActiveX v2 (IVLCControl2) interface instead.
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=21d5beede3b4df8a588b131a3ec598f2b84bc6de
---
projects/activex/vlccontrol.cpp | 185 +-------------------------------------
1 files changed, 5 insertions(+), 180 deletions(-)
diff --git a/projects/activex/vlccontrol.cpp b/projects/activex/vlccontrol.cpp
index a1e3c83..1921014 100644
--- a/projects/activex/vlccontrol.cpp
+++ b/projects/activex/vlccontrol.cpp
@@ -509,191 +509,16 @@ STDMETHODIMP VLCControl::toggleMute(void)
STDMETHODIMP VLCControl::setVariable(BSTR name, VARIANT value)
{
+ /** setVariable() is an unsafe interface because of security
+ implications it has and is thus removed. */
return E_INVALIDARG;
-#if 0
- if( 0 == SysStringLen(name) )
- return E_INVALIDARG;
-
- libvlc_instance_t *p_libvlc;
- HRESULT hr = _p_instance->getVLC(&p_libvlc);
- if( SUCCEEDED(hr) )
- {
- int codePage = _p_instance->getCodePage();
- char *psz_varname = CStrFromBSTR(codePage, name);
- if( NULL == psz_varname )
- return E_OUTOFMEMORY;
-
- int i_type;
- vlc_value_t val;
-
- if( VLC_SUCCESS == VLC_VariableType(i_vlc, psz_varname, &i_type) )
- {
- VARIANT arg;
- VariantInit(&arg);
-
- switch( i_type )
- {
- case VLC_VAR_BOOL:
- hr = VariantChangeType(&arg, &value, 0, VT_BOOL);
- if( SUCCEEDED(hr) )
- val.b_bool = (VARIANT_TRUE == V_BOOL(&arg)) ? true : false;
- break;
-
- case VLC_VAR_INTEGER:
- case VLC_VAR_HOTKEY:
- hr = VariantChangeType(&arg, &value, 0, VT_I4);
- if( SUCCEEDED(hr) )
- val.i_int = V_I4(&arg);
- break;
-
- case VLC_VAR_FLOAT:
- hr = VariantChangeType(&arg, &value, 0, VT_R4);
- if( SUCCEEDED(hr) )
- val.f_float = V_R4(&arg);
- break;
-
- case VLC_VAR_STRING:
- case VLC_VAR_MODULE:
- case VLC_VAR_FILE:
- case VLC_VAR_DIRECTORY:
- case VLC_VAR_VARIABLE:
- hr = VariantChangeType(&arg, &value, 0, VT_BSTR);
- if( SUCCEEDED(hr) )
- {
- i_type = VLC_VAR_STRING;
- val.psz_string = CStrFromBSTR(codePage, V_BSTR(&arg));
- VariantClear(&arg);
- }
- break;
-
- case VLC_VAR_TIME:
- // use a double value to represent time (base is expressed in seconds)
- hr = VariantChangeType(&arg, &value, 0, VT_R8);
- if( SUCCEEDED(hr) )
- val.i_time = (signed __int64)(V_R8(&arg)*1000000.0);
- break;
-
- default:
- hr = DISP_E_TYPEMISMATCH;
- }
- }
- else {
- // no defined type, use type in VARIANT
- hr = NO_ERROR;
- switch( V_VT(&value) )
- {
- case VT_BOOL:
- val.b_bool = (VARIANT_TRUE == V_BOOL(&value)) ? true : false;
- i_type = VLC_VAR_BOOL;
- break;
- case VT_I4:
- val.i_int = V_I4(&value);
- i_type = VLC_VAR_INTEGER;
- break;
- case VT_R4:
- val.f_float = V_R4(&value);
- i_type = VLC_VAR_FLOAT;
- break;
- case VT_BSTR:
- val.psz_string = CStrFromBSTR(codePage, V_BSTR(&value));
- i_type = VLC_VAR_STRING;
- break;
- case VT_R8:
- // use a double value to represent time (base is expressed in seconds)
- val.i_time = (signed __int64)(V_R8(&value)*1000000.0);
- i_type = VLC_VAR_TIME;
- break;
- default:
- hr = DISP_E_TYPEMISMATCH;
- }
- }
- if( SUCCEEDED(hr) )
- {
- hr = (VLC_SUCCESS == VLC_VariableSet(i_vlc, psz_varname, val)) ? NOERROR : E_FAIL;
-
- if( (VLC_VAR_STRING == i_type) && (NULL != val.psz_string) )
- CoTaskMemFree(val.psz_string);
- }
- CoTaskMemFree(psz_varname);
- }
- return hr;
-#endif
};
-STDMETHODIMP VLCControl::getVariable( BSTR name, VARIANT *value)
+STDMETHODIMP VLCControl::getVariable(BSTR name, VARIANT *value)
{
+ /** getVariable() is an unsafe interface because of security
+ implications it has and is thus removed. */
return E_INVALIDARG;
-#if 0
- if( NULL == value )
- return E_POINTER;
-
- VariantInit(value);
-
- if( 0 == SysStringLen(name) )
- return E_INVALIDARG;
-
- libvlc_instance_t *p_libvlc;
- HRESULT hr = _p_instance->getVLC(&p_libvlc);
- if( SUCCEEDED(hr) )
- {
- UINT codePage = _p_instance->getCodePage();
- char *psz_varname = CStrFromBSTR(codePage, name);
- if( NULL == psz_varname )
- return E_OUTOFMEMORY;
-
- hr = E_INVALIDARG;
-
- vlc_value_t val;
- int i_type;
-
- if( (VLC_SUCCESS == VLC_VariableGet(i_vlc, psz_varname, &val))
- && (VLC_SUCCESS == VLC_VariableType(i_vlc, psz_varname, &i_type)) )
- {
- hr = NOERROR;
- switch( i_type )
- {
- case VLC_VAR_BOOL:
- V_VT(value) = VT_BOOL;
- V_BOOL(value) = val.b_bool ? VARIANT_TRUE : VARIANT_FALSE;
- break;
-
- case VLC_VAR_INTEGER:
- case VLC_VAR_HOTKEY:
- V_VT(value) = VT_I4;
- V_I4(value) = val.i_int;
- break;
-
- case VLC_VAR_FLOAT:
- V_VT(value) = VT_R4;
- V_R4(value) = val.f_float;
- break;
-
- case VLC_VAR_STRING:
- case VLC_VAR_MODULE:
- case VLC_VAR_FILE:
- case VLC_VAR_DIRECTORY:
- case VLC_VAR_VARIABLE:
- V_VT(value) = VT_BSTR;
- V_BSTR(value) = BSTRFromCStr(codePage, val.psz_string);
- if( NULL != val.psz_string)
- free(val.psz_string);
- break;
-
- case VLC_VAR_TIME:
- // use a double value to represent time (base is expressed in seconds)
- V_VT(value) = VT_R8;
- V_R8(value) = ((double)val.i_time)/1000000.0;
- break;
-
- default:
- hr = DISP_E_TYPEMISMATCH;
- }
- }
- CoTaskMemFree(psz_varname);
- return hr;
- }
- return hr;
-#endif
};
void VLCControl::FreeTargetOptions(char **cOptions, int cOptionCount)
More information about the vlc-devel
mailing list