Congegni
/
libretime
mirror of https://github.com/libretime/libretime.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'saas' of https://github.com/sourcefabric/Airtime into saas

This commit is contained in:
Duncan Sommerville 2014-10-30 17:43:31 -04:00
parent ef9ab1acf0 359727fc66
commit 057993eeeb
3 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
airtime_mvc/application/common/CORSHelper.php
View File

@ -10,7 +10,7 @@ class CORSHelper
//Chrome sends the Origin header for all requests, so we whitelist the webserver's hostname as well. //Chrome sends the Origin header for all requests, so we whitelist the webserver's hostname as well.
$response = $response->setHeader('Access-Control-Allow-Origin', '*'); $response = $response->setHeader('Access-Control-Allow-Origin', '*');
$origin = $request->getHeader('Origin'); $origin = $request->getHeader('Origin');
if (($origin != "") && if ((!(preg_match("/https?:\/\/localhost/", $origin) === 1)) && ($origin != "") &&
(!in_array($origin, (!in_array($origin,
array("http://www.airtime.pro", array("http://www.airtime.pro",
"https://www.airtime.pro", "https://www.airtime.pro",

18
airtime_mvc/application/modules/rest/controllers/MediaController.php
View File

@ -312,18 +312,21 @@ class Rest_MediaController extends Zend_Rest_Controller
if($observed_csrf_token == $expected_csrf_token){ if($observed_csrf_token == $expected_csrf_token){
return true; return true;
}else{ }else{
$resp = $this->getResponse();
$resp->setHttpResponseCode(401);
$resp->appendBody("ERROR: Token Missmatch.");
return false; return false;
} }
} }
private function verifyAuth($checkApiKey, $checkSession) private function verifyAuth($checkApiKey, $checkSession)
{ {
//Session takes precedence over API key for now: // Session takes precedence over API key for now:
if ($checkSession && $this->verifySession()) if ($checkSession && $this->verifySession()) {
{ // CSRF token validation only applies to session based authorization.
if(!$this->verifyCSRFToken($this->_getParam('csrf_token'))){
$resp = $this->getResponse();
$resp->setHttpResponseCode(401);
$resp->appendBody("ERROR: Token Missmatch.");
return false;
}
return true; return true;
} }
@ -339,7 +342,6 @@ class Rest_MediaController extends Zend_Rest_Controller
return false; return false;
} }
private function verifyAPIKey() private function verifyAPIKey()
{ {
//The API key is passed in via HTTP "basic authentication": //The API key is passed in via HTTP "basic authentication":

2
airtime_mvc/public/js/airtime/library/plupload.js
View File

@ -89,7 +89,7 @@ $(document).ready(function() {
$.ajax({ $.ajax({
type: 'DELETE', type: 'DELETE',
url: '/rest/media/' + file.id, url: 'rest/media/' + file.id + "?csrf_token=" + $("#csrf").attr('value'),
success: function(resp) { success: function(resp) {
self.recentUploadsTable.fnDraw(); self.recentUploadsTable.fnDraw();
}, },