Subject: | Hi there, Excellent work, already... |
Summary: | Package rating comment |
Messages: | 1 |
Author: | tobozo |
Date: | 2013-03-20 11:02:48 |
|
|
|
tobozo rated this package as follows:
Utility: | Not sure |
Consistency: | Good |
Examples: | Not sure |
|
tobozo - 2013-03-20 11:02:48
Hi there,
Excellent work, already using this on my experimental environment.
Here's my 1$ contrib :
- Security issue : trusting the 'type' property of the uploaded file is not enough to prevent filetype spoofing and binary injection (especially since the content is passed to 'shell_exec' afterwards. You might consider using mime_content_type(), and parse video headers with ffmpeg as an enforcement.
- There are no options to tweak the encoding (size, ratio, fps, etc).
- The class checks for 'ffmpex2theora.exe' but shell_execs 'ffmpeg2theora', it won't work as is on linux/mac boxes.
- Consider using a better filename filter (ex: slugify() from Symfony does a decent job) as windows, linux and macos do not have the same restrictions, also check for file existence before writing, and use escapeshellarg() when building your shell_exec() string.
- Add webm, mp4 and flv support, html5 videos are not only in ogv format and some browsers need a fallback, converting to multiple formats in one operation is always helpful.
Hope this helps
tbz
|