The CakePHP Media Plugin

12,079 views

Published on

Slides from the talk given by Neil Crookes during the CakeFest #3 - July 2009

Note: the original pdf and the code related to this talk can be found on cakephp.org

Published in: Technology, Business
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
12,079
On SlideShare
0
From Embeds
0
Number of Embeds
91
Actions
Shares
0
Downloads
126
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

The CakePHP Media Plugin

  1. 1. Introduction Transfer Generate Versions Markup Advanced End The CakePHP Media Plugin Marius Wilms aka David Persson July 12th 2009 Marius Wilms aka David Persson The CakePHP Media Plugin
  2. 2. Introduction Transfer Generate Versions Markup Advanced End Myself Fine Art Student at Braunschweig University of Art 8 years PHP 2.5 years CakePHP CakePHP core dev since march Marius Wilms aka David Persson The CakePHP Media Plugin
  3. 3. Introduction Transfer Generate Versions Markup Advanced End This Talk Handling file uploads Generating different versions of files Creating the markup to embed it Some advanced usage Marius Wilms aka David Persson The CakePHP Media Plugin
  4. 4. Introduction Transfer Generate Versions Markup Advanced End The Plugin A plugin for CakePHP enabling transfer/manipulation/embedding of files in 23 ways. Why? Stable: 0.50 / Unstable: 0.60alpha CakePHP 1.2.x.x and PHP >= 5.2.0 required Source: https://github.com/davidpersson/media/tree Docs: http://wiki.github.com/davidpersson/media Marius Wilms aka David Persson The CakePHP Media Plugin
  5. 5. Introduction Transfer Generate Versions Markup Advanced End Setting It Up Get a fresh copy git clone git ://github.com/davidpersson/media.git app/plugins/media Loading the configuration app/config/bootstrap.php require APP . ’ plugins /media/config/core.php’; Initializing the directories cake/console/cake media init chmod −R a+rwX app/webroot/media/{transfer,filter} Marius Wilms aka David Persson The CakePHP Media Plugin
  6. 6. Introduction Transfer Generate Versions Markup Advanced End Introduction Thousands of components, behaviors, libaries If not done right: Potential security hole Trickier than one would think Marius Wilms aka David Persson The CakePHP Media Plugin
  7. 7. Introduction Transfer Generate Versions Markup Advanced End HTML Form & Uploads Modifying the template app/views/movies/add.ctp echo $form−>create(’Movie’, array(’type’ => ’ file ’ )) ; // ... echo $form−>input(’file’ , array ( ’ type’ => ’ file ’ )) ; // ... Marius Wilms aka David Persson The CakePHP Media Plugin
  8. 8. Introduction Transfer Generate Versions Markup Advanced End A Request POST /movies/add Header: Content−Type: multipart/form−data; boundary=12591 Content−Length: 32888 Body: −−12591 Content−Disposition: form−data; name="‘_method"’ POST −−12591 Content−Disposition: form−data; name="‘data[Movie][title]" ’ Demo −−12591 Content−Disposition: form−data; name="‘data[Movie][file]"’ ; filename="‘clipboard . jpg"’ Content−Type: image/jpeg ... data ... −−12591−− 200 OK Marius Wilms aka David Persson The CakePHP Media Plugin
  9. 9. Introduction Transfer Generate Versions Markup Advanced End Resulting data MoviesController::$data Array ( [Movie] => Array ( [ title ] => Demo [ file ] => Array ( [name] => clipboard.jpg [type] => image/jpeg [tmp_name] => /private/var/tmp/php4zN7BY [ error ] => 0 [ size ] => 32405 ) ) ) Marius Wilms aka David Persson The CakePHP Media Plugin
  10. 10. Introduction Transfer Generate Versions Markup Advanced End Validation One shouldn’t trust Original filename (weird characters) Original file extension Submitted MIME type Marius Wilms aka David Persson The CakePHP Media Plugin
  11. 11. Introduction Transfer Generate Versions Markup Advanced End Uploading An Executable: The Request POST /movies/add Header: Content−Type: multipart/form−data; boundary=cAkePhPrUlEz Content−Length: 32888 Body: −−cAkePhPrUlEz Content−Disposition: form−data; name="‘_method"’ POST −−cAkePhPrUlEz Content−Disposition: form−data; name="‘data[Movie][title]" ’ Fake −−cAkePhPrUlEz Content−Disposition: form−data; name="‘data[Movie][file]"’ ; filename="‘ex.php"’ Content−Type: image/jpeg <?php echo "‘Hello PHP."’ ?> −−cAkePhPrUlEz−− 200 OK Marius Wilms aka David Persson The CakePHP Media Plugin
  12. 12. Introduction Transfer Generate Versions Markup Advanced End Uploading An Executable: Resulting Data MoviesController::$data Array ( [Movie] => Array ( [ title ] => Fake [ file ] => Array ( [name] => ex.php [type] => image/jpeg [tmp_name] => /private/var/tmp/phpn4BPKr [ error ] => 0 [ size ] => 26 ) ) ) Marius Wilms aka David Persson The CakePHP Media Plugin
  13. 13. Introduction Transfer Generate Versions Markup Advanced End Lessons Learned Do not trust the submitted data: Validate! Store uploaded files outside the webroot Serve only i.e. resized images Make the upload location not guessable i.e. use an UUID Marius Wilms aka David Persson The CakePHP Media Plugin
  14. 14. Introduction Transfer Generate Versions Markup Advanced End The Transfer Behavior What can it do for me? Handles several kinds of uploads HTTP POST Remote files via HTTP Local files Validates transfers (8 new validation rules) Marius Wilms aka David Persson The CakePHP Media Plugin
  15. 15. Introduction Transfer Generate Versions Markup Advanced End Usage Modifying the model app/models/movie.php class Movie extends AppModel { var $actsAs = array(’Media.Transfer ’ ) ; } Marius Wilms aka David Persson The CakePHP Media Plugin
  16. 16. Introduction Transfer Generate Versions Markup Advanced End Relocating The Transfer Directory Updating the config app/config/bootstrap.php define ( ’MEDIA_TRANSFER’, APP . ’transfer’ . DS); define ( ’MEDIA_TRANSFER_URL’, false); require APP . ’ plugins /media/config/core.php’; Reinitializing the directories cake/console/cake media init chmod −R a+rwX app/transfer Marius Wilms aka David Persson The CakePHP Media Plugin
  17. 17. Introduction Transfer Generate Versions Markup Advanced End Validation Methods location size pixels extension mimeType 3 (not so interesting methods more) ... Marius Wilms aka David Persson The CakePHP Media Plugin
  18. 18. Introduction Transfer Generate Versions Markup Advanced End Validation Adding rules app/models/movie.php class Movie extends AppModel { var $actsAs = array(’Media.Transfer ’ ) ; var $validate = array( ’ file ’ => array( ’mimeType’ => array( ’ rule ’ => array(’checkMimeType’, false, array ( ’image/jpeg’, ’image/png’)) ), size ’ => array( ’ rule ’ => array(’checkSize’ , ’5M’) ) )) ; } Marius Wilms aka David Persson The CakePHP Media Plugin
  19. 19. Introduction Transfer Generate Versions Markup Advanced End Reloca Transfer Demo demo.sh reloca_transfer exploit http://localhost/workspace/media_demo/reloca_ transfer/media/transfer/gen/ex.php http://localhost/workspace/media_demo/reloca_ transfer/movies/add Marius Wilms aka David Persson The CakePHP Media Plugin
  20. 20. Introduction Transfer Generate Versions Markup Advanced End Introduction A common task Need multiple libraries, no generic interface Helps securing transferred files (i.e. stripping comment tags) Marius Wilms aka David Persson The CakePHP Media Plugin
  21. 21. Introduction Transfer Generate Versions Markup Advanced End The Media Behavior What can it do for me? Generates versions of files Retrieves file metadata transparently (not covered) Couples files with database records (later) Marius Wilms aka David Persson The CakePHP Media Plugin
  22. 22. Introduction Transfer Generate Versions Markup Advanced End Usage Adding the behavior (chaining) app/models/movie.php class Movie extends AppModel { var $actsAs = array( ’Media.Transfer ’ , ’Media.Media’ ); // ... Marius Wilms aka David Persson The CakePHP Media Plugin
  23. 23. Introduction Transfer Generate Versions Markup Advanced End Usage Overwritting default filter config app/config/bootstrap.php define ( ’MEDIA_TRANSFER’, APP . ’transfer’ . DS); define ( ’MEDIA_TRANSFER_URL’, false); require APP . ’ plugins ’ . DS . ’media’ . DS . ’ config ’ . DS . ’ core .php’; Configure :: write ( ’Media. filter .image’, array ( ’s’ => array(’convert’ => ’image/png’, ’fitCrop ’ => array(100, 100)), ’m’ => array(’convert’ => ’image/png’, ’ fit ’ => array(300, 300)), )) ; Configure :: write ( ’Media. filter . video ’ , array ( ’s’ => array(’convert’ => ’image/png’, ’fitCrop ’ => array(100, 100)), ’m’ => array(’convert’ => ’video/ogg’, ’ fit ’ => array(300, 300)), )) ; Marius Wilms aka David Persson The CakePHP Media Plugin
  24. 24. Introduction Transfer Generate Versions Markup Advanced End Medium Class An instance represents a single medium file. Manipulation Information Available Adapters Gd Imagick (native & shell) Ffmpeg (native) GetId3 PearMp3 & -Text Contribute more adapters! Marius Wilms aka David Persson The CakePHP Media Plugin
  25. 25. Introduction Transfer Generate Versions Markup Advanced End Manipulation ... is expensive. When? Synchron (on upload) Asynchron Mixed Possible criteria Version Medium type File size Marius Wilms aka David Persson The CakePHP Media Plugin
  26. 26. Introduction Transfer Generate Versions Markup Advanced End Yet another callback: beforeMake Control which version gets generated when Delegate generation using i.e. a message queue Utilize custom manipulation methods Marius Wilms aka David Persson The CakePHP Media Plugin
  27. 27. Introduction Transfer Generate Versions Markup Advanced End Yet another callback: beforeMake Updating the model app/models/movie.php class Movie extends AppModel { // ... function beforeMake( $file , $process) { extract ($process) ; if ( $version == ’m’) { return ClassRegistry :: init ( ’Queue.Job’)−>put(compact(’file’, ’process ’ )) ; } } } Return true: handled, version has been generated false or null: unhandled, behavior generates version Marius Wilms aka David Persson The CakePHP Media Plugin
  28. 28. Introduction Transfer Generate Versions Markup Advanced End Introduction Multiple medium types Each one needs different markup Long paths Marius Wilms aka David Persson The CakePHP Media Plugin
  29. 29. Introduction Transfer Generate Versions Markup Advanced End The Medium Helper What can it do for me? Unified interface for easy embedding and linking Partial and dynamic paths Honor protected transfer directory Marius Wilms aka David Persson The CakePHP Media Plugin
  30. 30. Introduction Transfer Generate Versions Markup Advanced End Partial Paths Support Works for all helper methods Dynamically expanded css/cake.generic /full/path/to/static/css/cake.generic.css s/img/logo /full/path/to/filter/s/static/img/logo.png transfer/img/cern /full/path/to/transfer/img/cern.jpg m/transfer/img/cern /full/path/to/filter/m/transfer/img/cern.png Marius Wilms aka David Persson The CakePHP Media Plugin
  31. 31. Introduction Transfer Generate Versions Markup Advanced End Creating The Correct Markup Adding the helper app/controllers/movies_controller.php class MoviesController extends AppController { var $helpers = array(’Media.Medium’); // ... } Marius Wilms aka David Persson The CakePHP Media Plugin
  32. 32. Introduction Transfer Generate Versions Markup Advanced End Creating The Correct Markup Modifying the template app/views/movies/view.ctp <h2>Movie</h2> <dl> <dt>Id</dt> <dd><?php echo $movie[’Movie’][’id’]; ?></dd> <dt>Title</dt> <dd><?php echo $movie[’Movie’][’title’ ]; ?></dd> <dt>File</dt> <dd><?php echo $medium−>file($movie[’Movie’]); ?></dd> <dt>Preview</dt> <dd><?php echo $medium−>embed($medium−>file(’filter/s’, $movie[’Movie’])); ?></dd> </dl> Marius Wilms aka David Persson The CakePHP Media Plugin
  33. 33. Introduction Transfer Generate Versions Markup Advanced End Introduction Everything comes together Marius Wilms aka David Persson The CakePHP Media Plugin
  34. 34. Introduction Transfer Generate Versions Markup Advanced End The Attachment Model What does it provide? Central place for attached files Coupling of files with database records Already prepared with validation rules Other (multiple) models can relate to it (polymorphic) Marius Wilms aka David Persson The CakePHP Media Plugin
  35. 35. Introduction Transfer Generate Versions Markup Advanced End Usage Supplied model app/plugins/media/models/attachment.php class Attachment extends AppModel { var $actsAs = array( // ... ’Media.Transfer ’ => array( ’ trustClient ’ => false, ’ baseDirectory ’ => MEDIA_TRANSFER, ’ destinationFile ’ => ’:Medium.short::DS::Source.basename:’, ’ createDirectory ’ => true, ), ’Media.Media’ => array( ’metadataLevel’ => 2, ’makeVersions’ => true, ’ filterDirectory ’ => MEDIA_FILTER, ), ); // ... } cake schema run create −path app/plugins/media/config/sql/ −name Media Marius Wilms aka David Persson The CakePHP Media Plugin
  36. 36. Introduction Transfer Generate Versions Markup Advanced End Usage Relationship app/models/movie.php class Movie extends AppModel { var $hasMany = array( ’Attachment’ => array( ’className’ => ’Media.Attachment’, ’ foreignKey ’ => ’foreign_key’, ’ conditions ’ => array(’model’ => ’Movie’), ’dependent’ => true, )) ; } Marius Wilms aka David Persson The CakePHP Media Plugin
  37. 37. Introduction Transfer Generate Versions Markup Advanced End Usage Modfying the controller action app/controllers/movies_controller.php class MoviesController extends AppController { // ... function add() { if (! empty($this−>data)) { $this −>Movie−>create(); if ( $this −>Movie−>saveAll($this−>data, array(’validate’ => ’first’))) { $this −>flash(’Movie saved.’, array ( ’ action ’=>’index’)); // ... Marius Wilms aka David Persson The CakePHP Media Plugin
  38. 38. Introduction Transfer Generate Versions Markup Advanced End The Attachments Element What is it? A HTML only solution Form fields for attaching and detaching files A prototype to build your own solutions on (i.e. flash based) Uses the Helper internally Marius Wilms aka David Persson The CakePHP Media Plugin
  39. 39. Introduction Transfer Generate Versions Markup Advanced End Usage Modifying the template app/views/movies/add.ctp echo $form−>create(’Movie’, array(’type’ => ’ file ’ )) ; // ... echo $this−>element(’attachments’, array(’plugin ’ => ’media’)); // ... Marius Wilms aka David Persson The CakePHP Media Plugin
  40. 40. Introduction Transfer Generate Versions Markup Advanced End Advanced Demo http: //localhost/workspace/media_demo/advanced/movies/add Marius Wilms aka David Persson The CakePHP Media Plugin
  41. 41. Introduction Transfer Generate Versions Markup Advanced End Future Keep up with new CakePHP releases Stabelize Few new features Marius Wilms aka David Persson The CakePHP Media Plugin
  42. 42. Introduction Transfer Generate Versions Markup Advanced End This Is The End, My Friend Questions? Marius Wilms aka David Persson The CakePHP Media Plugin

×