| 开发者 | iandunn |
|---|---|
| 更新时间 | 2018年1月17日 07:24 |
| PHP版本: | 5.2 及以上 |
| WordPress版本: | 4.9 |
| 版权: | GPLv2 |
First, a word of caution: You probably don't need this plugin, and shouldn't install it. Before you install it, make sure that you really need to, and that you're aware of the security implications. Are you hosting streaming DASH or HLS videos? Do you really need to support outdated browsers? The safest thing to do is avoid installing it. If you do, make sure you always install any updates that become available, to decrease the security risks to your site.WordPress bundles the MediaElement.js library for improved audio and video playback, and it uses Flash to support a few edge cases, like older browsers that can't play DASH or HLS streams via JavaScript and Media Source Extensions. WordPress 4.9.2 removed the Flash fallbacks because they're not necessary in vast majority of use cases, and have a history of security problems. This plugin restores those files, for the tiny minority of sites that are hosting streaming DASH/HLS videos, and still need to support outdated browsers. It also optionally validates the unsafe input that's passed to the SWF file in some situations, to decrease the risk associated with it. That validation is off by default, though, and only works in some circumstances. You should only install this if you're sure that you really need it. See the warning above for details.
Please report them to WordPress' HackerOne program.
No, WordPress 4.9 is required. WP 4.9 upgraded the bundled version of MediaElement.js from 2.x to 4.x, which made significant changes to the Flash fallbacks. This plugin only supports the MediaElement 4.x fallbacks. The Flash fallbacks were also removed from WordPress 4.8 and below. If you'd like to use the flash fallbacks, the best way is to upgrade to the latest version of WordPress. Running old versions puts your site at risk, and is strongly discouraged.
The input validation is off by default, because it only works in some circumstances, and could potentially break valid use cases.
I recommend you turn it on, but test your videos afterwards to make sure they still work. To turn it on, adding the following line of code to a functionality plugin:
add_filter( 'meff_validate_query', '__return_true' );
If you're not sure what functionality plugins are, there is a lot of information and tutorials available on the web.
The development version is hosted on GitHub.