FFMpeg v3 v4 now with or without ”PHP passthru” working?
By ssnobben on Friday, 12 June 2020
Posted in Technical Issues
Replies 9
Likes 0
Views 0.9K
Votes 0
Hi

ES would be very good to take up similar features for smart uploading UI/UX short videos types, podcasts etc making ie similar Instagram, Facebook, Youtube types structure etc.

So what I wonder now if you can use FFMpeg without "PHP passthru" in any ways as it is now?

Can you use both FFMpeg V3 and V4 and have any solution around ”PHP passthru” pls share minimy risks? - many hostings doesnt like ”PHP passthru” function bcs it lets "unauthorized" run programs on the server .

Info example https://bewilderedoctothorpe.net/2019/06/14/enabling-php-passthru/
Unfortunately currently it still rely on this PHP passthru function, the reason this PHP passthru is required is because it allows PHP scripts to interact with command line script, so 3rd party program like ffmpeg is able to be executed and run to compress the uploaded videos.

In my opinion, you need to double check these 2 things :

1. Ensure that your site directory folder/files ownership set the correct chmod permission if you have allow different user access your site directory folder.

2. Have to take note for those 3rd party extension which allow user to upload the file on the site, because some of the hacker will write a PHP script into the file, so most of the extension will validate the file whether that is valid file and whether have contain any script code inside.
Arlex Wong
·
Friday, 12 June 2020 16:16
·
0 Likes
·
0 Votes
·
0 Comments
·
Ok thks for reply Arlex.

So we can use FFmpeg 4.2.3 working with ES latest?
ssnobben
·
Friday, 12 June 2020 17:18
·
0 Likes
·
0 Votes
·
0 Comments
·
Yes, you can try install this FFmpeg latest version on your server.
Arlex Wong
·
Friday, 12 June 2020 18:26
·
0 Likes
·
0 Votes
·
0 Comments
·
so Arlex.."2. Have to take note for those 3rd party extension which allow user to upload the file on the site, because some of the hacker will write a PHP script into the file, so most of the extension will validate the file whether that is valid file and whether have contain any script code inside. "

What you mean is that EasySocial checking if this is a valid file?
ssnobben
·
Tuesday, 16 June 2020 21:25
·
0 Likes
·
0 Votes
·
0 Comments
·
Yes, like our component did validate for the upload file whether contain any known malicious code for prevent server execute the script when the user upload a file on the site.
Arlex Wong
·
Wednesday, 17 June 2020 11:15
·
0 Likes
·
0 Votes
·
0 Comments
·
Ok thanks for the validation of that.

I see this article and I think you know about this method too if not something to learn from A Better Method for Embedding YouTube Videos on your Website

https://www.labnol.org/internet/light-youtube-embeds/27941/
ssnobben
·
Wednesday, 17 June 2020 11:50
·
0 Likes
·
0 Votes
·
0 Comments
·
I see this article and I think you know about this method too if not something to learn from A Better Method for Embedding YouTube Videos on your Website

https://www.labnol.org/internet/light-youtube-embeds/27941/

Thanks for sharing.
Arlex Wong
·
Wednesday, 17 June 2020 15:59
·
0 Likes
·
0 Votes
·
0 Comments
·
How will ES, EB support of webM (webP) ? any thoughts support plans this for audio (images) ?

https://en.wikipedia.org/wiki/WebM
ssnobben
·
Sunday, 05 July 2020 05:29
·
0 Likes
·
0 Votes
·
0 Comments
·
Do you have a sample files for video and audio (webM) extension format so we can run some test in my locally.

You have to zip those files together before you attach the file from your next reply.
Arlex Wong
·
Monday, 06 July 2020 10:56
·
0 Likes
·
0 Votes
·
0 Comments
·
View Full Post