From 17f1d0e96deadc1e417bfd5e81e0102136ff8097 Mon Sep 17 00:00:00 2001
From: Albert Santoni <albert.santoni@sourcefabric.org>
Date: Wed, 18 Feb 2015 16:29:08 -0500
Subject: [PATCH] Simplify the metadata sanitization and bugfix it
* SAAS-376 and CC-5868
---
.../application/common/FileDataHelper.php | 18 +++++++++-------
.../controllers/LibraryController.php | 21 ++++---------------
.../rest/controllers/MediaController.php | 10 +++------
3 files changed, 17 insertions(+), 32 deletions(-)
diff --git a/airtime_mvc/application/common/FileDataHelper.php b/airtime_mvc/application/common/FileDataHelper.php
index 4f8738b05..fc93c64fe 100644
--- a/airtime_mvc/application/common/FileDataHelper.php
+++ b/airtime_mvc/application/common/FileDataHelper.php
@@ -1,9 +1,4 @@
<?php
-/**
- * Created by PhpStorm.
- * User: sourcefabric
- * Date: 17/02/15
- */
class FileDataHelper {
@@ -12,9 +7,16 @@ class FileDataHelper {
* at all costs, so check the data and sanitize it if necessary
* @param array $data array containing new file metadata
*/
- public static function sanitizeData(&$data) {
- // If the track number isn't numeric, this will return 0
- $data["track_number"] = intval($data["track_number"]);
+ public static function sanitizeData(&$data)
+ {
+ if (array_key_exists("track_number", $data)) {
+ // If the track number isn't numeric, this will return 0
+ $data["track_number"] = intval($data["track_number"]);
+ }
+ if (array_key_exists("year", $data)) {
+ // If the track number isn't numeric, this will return 0
+ $data["year"] = intval($data["year"]);
+ }
}
}
\ No newline at end of file
diff --git a/airtime_mvc/application/controllers/LibraryController.php b/airtime_mvc/application/controllers/LibraryController.php
index 01c29dde8..52103175b 100644
--- a/airtime_mvc/application/controllers/LibraryController.php
+++ b/airtime_mvc/application/controllers/LibraryController.php
@@ -443,24 +443,11 @@ class LibraryController extends Zend_Controller_Action
$serialized[$j["name"]] = $j["value"];
}
+ // Sanitize any wildly incorrect metadata before it goes to be validated.
+ FileDataHelper::sanitizeData($serialized);
+
if ($form->isValid($serialized)) {
- // Sanitize any incorrect metadata that slipped past validation
- FileDataHelper::sanitizeData($serialized["track_number"]);
-
- $formValues = $this->_getParam('data', null);
- $formdata = array();
- foreach ($formValues as $val) {
- $formdata[$val["name"]] = $val["value"];
- }
- $file->setDbColMetadata($formdata);
-
- $data = $file->getMetadata();
-
- // set MDATA_KEY_FILEPATH
- $data['MDATA_KEY_FILEPATH'] = $file->getFilePath();
- Logging::info($data['MDATA_KEY_FILEPATH']);
- Application_Model_RabbitMq::SendMessageToMediaMonitor("md_update", $data);
-
+ $file->setDbColMetadata($serialized);
$this->_redirect('Library');
}
}
diff --git a/airtime_mvc/application/modules/rest/controllers/MediaController.php b/airtime_mvc/application/modules/rest/controllers/MediaController.php
index 74fc4c346..90587d480 100644
--- a/airtime_mvc/application/modules/rest/controllers/MediaController.php
+++ b/airtime_mvc/application/modules/rest/controllers/MediaController.php
@@ -113,9 +113,6 @@ class Rest_MediaController extends Zend_Rest_Controller
$file->save();
return;
} else {
- // Sanitize any incorrect metadata that slipped past validation
- FileDataHelper::sanitizeData($whiteList["track_number"]);
-
/* If full_path is set, the post request came from ftp.
* Users are allowed to upload folders via ftp. If this is the case
* we need to include the folder name with the file name, otherwise
@@ -168,8 +165,6 @@ class Rest_MediaController extends Zend_Rest_Controller
$file->save();
return;
} else if ($file && isset($requestData["resource_id"])) {
- // Sanitize any incorrect metadata that slipped past validation
- FileDataHelper::sanitizeData($whiteList["track_number"]);
$file->fromArray($whiteList, BasePeer::TYPE_FIELDNAME);
@@ -199,8 +194,6 @@ class Rest_MediaController extends Zend_Rest_Controller
->setHttpResponseCode(200)
->appendBody(json_encode(CcFiles::sanitizeResponse($file)));
} else if ($file) {
- // Sanitize any incorrect metadata that slipped past validation
- $this->sanitizeData($file, $whiteList);
$file->fromArray($whiteList, BasePeer::TYPE_FIELDNAME);
@@ -294,6 +287,9 @@ class Rest_MediaController extends Zend_Rest_Controller
private function validateRequestData($file, &$whiteList)
{
+ // Sanitize any wildly incorrect metadata before it goes to be validated
+ FileDataHelper::sanitizeData($whiteList);
+
try {
// EditAudioMD form is used here for validation
$fileForm = new Application_Form_EditAudioMD();