Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3477523

Timestamp:

03/08/2026 05:43:06 PM (4 weeks ago)

Author:

museai

Message:

Release 0.6.0: Rebrand from muse.ai to skiv.com

Location:

muse-ai

Files:

: 5 added
: 2 edited

Legend:

: Unmodified
: Added
: Removed

muse-ai/trunk/muse-ai.php

-                      r3362100
+                      r3477523
 <?php
+/**
+ * Plugin Name: muse.ai
+ * Description: Enable oEmbed and shortcode support for muse.ai video embedding.
+ * Version: 0.5.1
+ * Author: muse.ai
+ * Author URI: https://muse.ai
+ */
+add_action('init', 'museai_init');
+add_action('elementor/widgets/register', 'museai_elementor');
+add_shortcode('muse-ai', 'museai_shortcode_video');
+function museai_sanitize_css($css_input) {
+    $css_input = trim($css_input);
+    if (empty($css_input)) {
+        return '';
+    }
+    // Whitelist of safe CSS properties.
+    $allowed_properties = [
+        'width', 'height', 'max-width', 'max-height', 'min-width', 'min-height',
+        'margin', 'margin-top', 'margin-bottom', 'margin-left', 'margin-right',
+        'padding', 'padding-top', 'padding-bottom', 'padding-left', 'padding-right',
+        'border', 'border-width', 'border-style', 'border-color', 'border-radius',
+        'background', 'background-color', 'background-image', 'background-size', 'background-position',
+        'color', 'font-size', 'font-family', 'font-weight', 'font-style',
+        'text-align', 'text-decoration', 'line-height', 'letter-spacing',
+        'opacity', 'visibility', 'display', 'position', 'top', 'bottom', 'left', 'right',
+        'z-index', 'overflow', 'box-shadow', 'text-shadow'
+    ];
+    // Remove dangerous content.
+    $dangerous_patterns = [
+        '/javascript:/i',
+        '/expression\s*\(/i',
+        '/url\s*\(\s*["\']?\s*data:/i',
+        '/import/i',
+        '/@import/i',
+        '/behavior:/i',
+        '/binding:/i',
+        '/mozbinding:/i',
+        '/vbscript:/i',
+        '/livescript:/i'
+    ];
+    foreach ($dangerous_patterns as $pattern) {
+        $css_input = preg_replace($pattern, '', $css_input);
+    }
+    // Parse CSS declarations.
+    $declarations = explode(';', $css_input);
+    $safe_css = [];
+    foreach ($declarations as $declaration) {
+        $declaration = trim($declaration);
+        if (empty($declaration)) continue;
+        // Split property and value
+        $parts = explode(':', $declaration, 2);
+        if (count($parts) !== 2) continue;
+        $property = trim(strtolower($parts[0]));
+        $value = trim($parts[1]);
+        // Check if property is allowed
+        if (!in_array($property, $allowed_properties)) continue;
+        // Sanitize value
+        $value = museai_sanitize_css_value($property, $value);
+        if ($value === false) continue;
+        $safe_css[] = $property . ': ' . $value;
+    }
+    return implode('; ', $safe_css);
+}
+function museai_sanitize_css_value($property, $value) {
+    // Remove quotes and normalize.
+    $value = trim($value, '"\'');
+    $value = trim($value);
+    // Block dangerous patterns in values.
+    $dangerous_patterns = [
+        '/javascript:/i',
+        '/expression/i',
+        '/url\s*\(\s*["\']?\s*data:/i',
+        '/url\s*\(\s*["\']?\s*javascript:/i',
+        '/vbscript:/i'
+    ];
+    foreach ($dangerous_patterns as $pattern) {
+        if (preg_match($pattern, $value)) {
+            return false;
+        }
+    }
+    // Property-specific validation.
+    switch ($property) {
+        case 'width':
+        case 'height':
+        case 'max-width':
+        case 'max-height':
+        case 'min-width':
+        case 'min-height':
+            // Allow px, %, em, rem, vh, vw
+            if (!preg_match('/^(auto|inherit|\d+(\.\d+)?(px|%|em|rem|vh|vw))$/', $value)) {
+                return false;
+            }
+            break;
+        case 'color':
+        case 'background-color':
+        case 'border-color':
+            // Allow hex colors, rgb, rgba, named colors
+            if (!preg_match('/^(#[0-9a-f]{3,6}|rgb\(\s*\d+\s*,\s*\d+\s*,\s*\d+\s*\)|rgba\(\s*\d+\s*,\s*\d+\s*,\s*\d+\s*,\s*[\d.]+\s*\)|transparent|inherit|[a-z]+)$/i', $value)) {
+                return false;
+            }
+            break;
+        case 'font-size':
+            if (!preg_match('/^(\d+(\.\d+)?(px|pt|em|rem|%)|small|medium|large|x-large|xx-large)$/i', $value)) {
+                return false;
+            }
+            break;
+        case 'z-index':
+            if (!preg_match('/^(\d+|auto|inherit)$/', $value)) {
+                return false;
+            }
+            break;
+        case 'opacity':
+            if (!preg_match('/^(0(\.\d+)?|1(\.0+)?|\.\d+)$/', $value)) {
+                return false;
+            }
+            break;
+        default:
+            // General sanitization - remove suspicious content
+            if (preg_match('/[<>{}\\\\]/', $value)) {
+                return false;
+            }
+            // Limit length
+            if (strlen($value) > 100) {
+                return false;
+            }
+    }
+    return $value;
+}
+function museai_init() {
+    wp_oembed_add_provider('#https://muse.ai/(v|vc|vd|vt)/.+#', 'https://muse.ai/oembed', true);
+    wp_enqueue_script('museai-embed-player', 'https://muse.ai/static/js/embed-player.min.js');
+}
+function museai_shortcode_video( $atts = [] ) {
+    $embed_id = bin2hex(random_bytes(16));
+    // Sanitize and validate all inputs with proper whitelisting.
+    $video_id = preg_replace('/[^a-z0-9]/i', '', $atts['id'] ?? '');
+    $width = preg_replace('/[^0-9%]/', '', $atts['width'] ?? '100%');
+    $volume = max(0, min(100, (int) preg_replace('/[^0-9]/', '', $atts['volume'] ?? '50')));
+    $autoplay = (int) preg_replace('/[^01]/', '', $atts['autoplay'] ?? '0');
+    // Handle title parameter: can be 0, 1, or custom string
+    $title_input = trim($atts['title'] ?? '1');
+    $title_lower = strtolower($title_input);
+    if ($title_lower === '0' || $title_lower === 'false') {
+        $title = 0;
+    } elseif ($title_lower === '1' || $title_lower === 'true') {
+        $title = 1;
+    } else {
+        // Custom title string - sanitize it.
+        $title = substr(sanitize_text_field($title_input), 0, 200);
+    }
+    // Whitelist allowed styles.
+    $allowed_styles = ['full', 'minimal', 'audio', 'cover'];
+    $style = in_array($atts['style'] ?? 'full', $allowed_styles) ? ($atts['style'] ?? 'full') : 'full';
+    $start = max(0, (float) preg_replace('/[^0-9.]/', '', $atts['start'] ?? '0'));
+    $loop = (int) preg_replace('/[^01]/', '', $atts['loop'] ?? '0');
+    $resume = (int) preg_replace('/[^01]/', '', $atts['resume'] ?? '0');
+    // Whitelist allowed align values.
+    $allowed_aligns = ['left', 'center', 'right', ''];
+    $align = in_array($atts['align'] ?? '', $allowed_aligns) ? ($atts['align'] ?? '') : '';
+    // Whitelist allowed cover play positions.
+    $allowed_positions = ['top-left', 'top-right', 'bottom-left', 'bottom-right', 'center'];
+    $playpos = in_array($atts['cover_play_position'] ?? 'bottom-left', $allowed_positions) ? ($atts['cover_play_position'] ?? 'bottom-left') : 'bottom-left';
+    // Handle CTA parameter - can be JSON object or empty.
+    $cta_input = trim($atts['cta'] ?? '');
+    $cta = '';
+    if (!empty($cta_input)) {
+        // Try to decode as JSON.
+        $cta_decoded = json_decode($cta_input, true);
+        if (json_last_error() === JSON_ERROR_NONE && is_array($cta_decoded)) {
+            // Sanitize each allowed field.
+            $sanitized_cta = array();
+            // Sanitize time field - must be 'end' or positive number.
+            if (isset($cta_decoded['time'])) {
+                if ($cta_decoded['time'] === 'end') {
+                    $sanitized_cta['time'] = 'end';
+                } elseif (is_numeric($cta_decoded['time']) && $cta_decoded['time'] >= 0) {
+                    $sanitized_cta['time'] = (float) $cta_decoded['time'];
+                }
+            }
+            // Sanitize text fields - strip dangerous characters.
+            if (isset($cta_decoded['title']) && is_string($cta_decoded['title'])) {
+                $sanitized_cta['title'] = substr(sanitize_text_field($cta_decoded['title']), 0, 200);
+            }
+            if (isset($cta_decoded['text']) && is_string($cta_decoded['text'])) {
+                $sanitized_cta['text'] = substr(sanitize_textarea_field($cta_decoded['text']), 0, 500);
+            }
+            if (isset($cta_decoded['button']) && is_string($cta_decoded['button'])) {
+                $sanitized_cta['button'] = substr(sanitize_text_field($cta_decoded['button']), 0, 100);
+            }
+            // Sanitize link field - must be valid URL.
+            if (isset($cta_decoded['link']) && is_string($cta_decoded['link'])) {
+                $link_trimmed = trim($cta_decoded['link']);
+                if (filter_var($link_trimmed, FILTER_VALIDATE_URL) &&
+                    (strpos($link_trimmed, 'http://') === 0 || strpos($link_trimmed, 'https://') === 0)) {
+                    $sanitized_cta['link'] = esc_url_raw($link_trimmed);
+                }
+            }
+            // Only use CTA if we have at least some valid data.
+            if (!empty($sanitized_cta)) {
+                $cta = $sanitized_cta;
+            }
+        }
+    }
+    // Sanitize CSS with strict whitelist approach.
+    $css = museai_sanitize_css($atts['css'] ?? '');
+    // Whitelist language codes for subtitles and locale.
+    $subtitles = preg_replace('/[^a-z\-]/', '', strtolower($atts['subtitles'] ?? ''));
+    $locale = preg_replace('/[^a-z\-]/', '', strtolower($atts['locale'] ?? ''));
+    $download = (int) preg_replace('/[^01]/', '', $atts['download'] ?? '0');
+    $playlist = preg_replace('/[^a-z0-9,]/i', '', $atts['playlist'] ?? '');
+    // Handle links parameter: can be 0, 1, true, false, or URL.
+    $links_input = trim($atts['links'] ?? '1');
+    $links_lower = strtolower($links_input);
+    if ($links_lower === '0' || $links_lower === 'false') {
+        $links = 0;
+    } elseif ($links_lower === '1' || $links_lower === 'true') {
+        $links = 1;
+    } elseif (filter_var($links_input, FILTER_VALIDATE_URL) && (strpos($links_input, 'http://') === 0 || strpos($links_input, 'https://') === 0)) {
+        $links = esc_url_raw($links_input);
+    } else {
+        $links = 1; // Default fallback.
+    }
+    // Handle logo parameter: can be 0, 1, true, false, or URL.
+    $logo_input = trim($atts['logo'] ?? '1');
+    $logo_lower = strtolower($logo_input);
+    if ($logo_lower === '0' || $logo_lower === 'false') {
+        $logo = 0;
+    } elseif ($logo_lower === '1' || $logo_lower === 'true') {
+        $logo = 1;
+    } elseif (filter_var($logo_input, FILTER_VALIDATE_URL) && (strpos($logo_input, 'http://') === 0 || strpos($logo_input, 'https://') === 0)) {
+        $logo = esc_url_raw($logo_input);
+    } else {
+        $logo = 1; // Default fallback.
+    }
+    // Handle search parameter: only boolean.
+    $search_raw = preg_replace('/[^a-z0-9]/', '', strtolower($atts['search'] ?? '1'));
+    $search = ($search_raw == '0' || $search_raw == '1') ? (int) $search_raw : 1;
+    // Build JavaScript configuration array with proper escaping
+    $config = array(
+        'container' => '#museai-player-' . $embed_id,
+        'video' => $video_id,
+        'width' => $width,
+        'links' => $links,
+        'logo' => $logo,
+        'search' => $search,
+        'autoplay' => $autoplay,
+        'volume' => $volume,
+        'title' => $title,
+        'style' => $style,
+        'start' => $start,
+        'loop' => $loop,
+        'resume' => $resume,
+        'align' => $align,
+        'coverPlayPosition' => $playpos,
+        'cta' => $cta,
+        'subtitles' => $subtitles,
+        'locale' => $locale,
+        'download' => $download,
+        'playlist' => $playlist
+    );
+    // Use wp_json_encode for safe JavaScript output
+    $config_json = wp_json_encode($config, JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_APOS | JSON_HEX_QUOT);
+    $out = sprintf(
+        '<div id="museai-player-%s"></div><script>MusePlayer(%s);</script>',
+        esc_attr($embed_id),
+        $config_json
+    );
+    return $out;
+}
+function museai_elementor( $widgets_manager ) {
+    class Elementor_Museai_Widget extends \Elementor\Widget_Base {
+        public function get_name() {
+            return 'muse.ai';
+        }
+        public function get_title() {
+            return esc_html__( 'muse.ai', 'elementor-oembed-widget' );
+        }
+        public function get_icon() {
+            return 'eicon-youtube';
+        }
+        public function get_custom_help_url() {
+            return 'https://wordpress.org/plugins/muse-ai/';
+        }
+        public function get_categories() {
+            return [ 'general' ];
+        }
+        public function get_keywords() {
+            return [ 'embed', 'url', 'link', 'video' ];
+        }
+        protected function register_controls() {
+            $this->start_controls_section(
+                'content_section',
+                [
+                    'label' => esc_html__( 'Content', 'elementor-museai-widget' ),
+                    'tab' => \Elementor\Controls_Manager::TAB_CONTENT,
+                ]
+            );
+            $this->add_control(
+                'video_id',
+                [
+                    'label' => esc_html__( 'Video ID', 'elementor-museai-widget' ),
+                    'type' => \Elementor\Controls_Manager::TEXT,
+                    'input_type' => 'text',
+                    'placeholder' => esc_html__( 'A1b2C3d', 'elementor-oembed-widget' ),
+                ]
+            );
+            $this->add_control(
+                'logo',
+                [
+                    'label' => esc_html__( 'Logo', 'elementor-museai-widget' ),
+                    'type' => \Elementor\Controls_Manager::TEXT,
+                    'input_type' => 'text',
+                    'placeholder' => esc_html__( 'Custom logo or yes/no', 'elementor-museai-widget' ),
+                    'default' => 'yes',
+                    'description' => esc_html__( 'Enter "yes" to show default logo, "no" to hide, or custom url to png', 'elementor-museai-widget' ),
+                ]
+            );
+            $this->add_control(
+                'title',
+                [
+                    'label' => esc_html__( 'Title', 'elementor-museai-widget' ),
+                    'type' => \Elementor\Controls_Manager::SWITCHER,
+                    'label_on' => 'yes',
+                    'label_off' => 'no',
+                    'default' => 'yes',
+                ]
+            );
+            $this->add_control(
+                'links',
+                [
+                    'label' => esc_html__( 'Link to video page', 'elementor-museai-widget' ),
+                    'type' => \Elementor\Controls_Manager::SWITCHER,
+                    'label_on' => 'yes',
+                    'label_off' => 'no',
+                    'default' => 'yes',
+                ]
+            );
+            $this->add_control(
+                'search',
+                [
+                    'label' => esc_html__( 'Search', 'elementor-museai-widget' ),
+                    'type' => \Elementor\Controls_Manager::SWITCHER,
+                    'label_on' => 'show',
+                    'label_off' => 'hide',
+                    'default' => 'yes',
+                ]
+            );
+            $this->add_control(
+                'autoplay',
+                [
+                    'label' => esc_html__( 'Autoplay', 'elementor-museai-widget' ),
+                    'type' => \Elementor\Controls_Manager::SWITCHER,
+                    'label_on' => 'yes',
+                    'label_off' => 'no',
+                    'default' => 'no',
+                ]
+            );
+            $this->add_control(
+                'mute',
+                [
+                    'label' => esc_html__( 'Mute', 'elementor-museai-widget' ),
+                    'type' => \Elementor\Controls_Manager::SWITCHER,
+                    'label_on' => 'yes',
+                    'label_off' => 'no',
+                    'default' => 'no',
+                ]
+            );
+            $this->end_controls_section();
+        }
+        protected function render() {
+            $settings = $this->get_settings_for_display();
+            $embed_id = bin2hex(random_bytes(16));
+            // Sanitize video ID - only allow alphanumeric characters.
+            $video_id = preg_replace('/[^a-z0-9]/i', '', $settings['video_id'] ?? '');
+            // Handle links parameter: can be boolean or URL in Elementor.
+            $links_setting = $settings['links'] ?? 'yes';
+            if ($links_setting === 'yes') {
+                $links = 1;
+            } elseif ($links_setting === 'no') {
+                $links = 0;
+            } elseif (filter_var($links_setting, FILTER_VALIDATE_URL) && (strpos($links_setting, 'http://') === 0 || strpos($links_setting, 'https://') === 0)) {
+                $links = esc_url_raw($links_setting);
+            } else {
+                $links = 1; // Default fallback
+            }
+            // Handle logo parameter: can be boolean or URL in Elementor.
+            $logo_setting = $settings['logo'] ?? 'yes';
+            if ($logo_setting === 'yes') {
+                $logo = 1;
+            } elseif ($logo_setting === 'no') {
+                $logo = 0;
+            } elseif (filter_var($logo_setting, FILTER_VALIDATE_URL) && (strpos($logo_setting, 'http://') === 0 || strpos($logo_setting, 'https://') === 0)) {
+                $logo = esc_url_raw($logo_setting);
+            } else {
+                $logo = 1; // Default fallback
+            }
+            $search = ($settings['search'] ?? 'yes') == 'yes' ? 1 : 0;
+            // Handle title parameter: can be boolean or custom string in Elementor.
+            $title_setting = $settings['title'] ?? 'yes';
+            if ($title_setting === 'yes') {
+                $title = 1;
+            } elseif ($title_setting === 'no') {
+                $title = 0;
+            } else {
+                // Custom title string - sanitize it
+                $title = substr(sanitize_text_field($title_setting), 0, 200);
+            }
+            $autoplay = ($settings['autoplay'] ?? 'no') == 'yes' ? 1 : 0;
+            $volume = ($settings['mute'] ?? 'no') == 'yes' ? 0 : 100;
+            // Build secure configuration array.
+            $config = array(
+                'container' => '#museai-player-' . $embed_id,
+                'video' => $video_id,
+                'links' => $links,
+                'logo' => $logo,
+                'search' => $search,
+                'autoplay' => $autoplay,
+                'volume' => $volume,
+                'title' => $title
+            );
+            // Use wp_json_encode for safe JavaScript output.
+            $config_json = wp_json_encode($config, JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_APOS | JSON_HEX_QUOT);
+            $out = sprintf(
+                '<div id="museai-player-%s"></div><script>MusePlayer(%s);</script>',
+                esc_attr($embed_id),
+                $config_json
+            );
+            echo $out;
+        }
+    }
+    $widgets_manager->register( new Elementor_Museai_Widget() );
+}
+// Backward compatibility: loads the main plugin file (skiv.php).
+require_once __DIR__ . '/skiv.php';

muse-ai/trunk/readme.txt

-                      r3362100
+                      r3477523
 === muse.ai video embedding ===
+=== skiv video embedding ===
 Contributors: museai
 Tags: muse.ai, muse ai, video search, embed videos, video player, upload video
+Tags: skiv, skiv.com, video search, embed videos, video player
 Requires at least: 4.7
 Tested up to: 6.8.2
 Stable tag: 0.5.1
 Requires PHP: 7.0
+Stable tag: 0.6.0
+Requires PHP: 7
 License: GPLv2 or later
 This plugin enables muse.ai oEmbed links, and adds shortcodes to easily embed videos hosted on muse.ai.
+This plugin enables skiv.com oEmbed links, and adds shortcodes to easily embed videos hosted on skiv.com.
 == Description ==
 This plugin simplifies the embedding of videos hosted on [muse.ai](https://muse.ai) platform.
+This plugin simplifies the embedding of videos hosted on [skiv.com](https://skiv.com) platform.
 It does three things:
  - whitelists muse.ai as an oEmbed provider (which lets you embed videos simply by pasting links),
+ - whitelists skiv.com as an oEmbed provider (which lets you embed videos simply by pasting links),
  - adds shortcodes as an alternative method of embedding that gives you a bit more control,
  - adds an Elementor widget for embedding muse.ai videos.
+ - adds an Elementor widget for embedding skiv.com videos.
 The shortcodes are essentially a wrapper around muse.ai [embed library](https://muse.ai/docs#embed-player).
+The shortcodes are essentially a wrapper around skiv.com [embed library](https://skiv.com/docs#embed-player).
 To embed videos using oEmbed, simply paste a video link into a separate line in your post or page. For example:
 `https://muse.ai/v/VBdrD8v`
+`https://skiv.com/v/VBdrD8v`
 If you would like more control, you can use shortcodes. For example:
 …
 == Changelog ==
+= 0.6.0 =
+* Rebranded from muse.ai to skiv.com.
+* Main plugin file renamed from muse-ai.php to skiv.php.
 = 0.5.1 =

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 3477523

Legend:

muse-ai/trunk/muse-ai.php

muse-ai/trunk/readme.txt

Download in other formats: