Merge branch 'cc-5709-airtime-analyzer' of github.com:sourcefabric/Airtime into cc-5709-airtime-analyzer

2015-02-18 16:16:41 -05:00 · 2015-02-18 16:16:41 -05:00 · 2ae921e9d7
parent 2a9790adf3 a07a1edcc0
commit 2ae921e9d7
5 changed files with 62 additions and 4 deletions
--- a/airtime_mvc/application/Bootstrap.php
+++ b/airtime_mvc/application/Bootstrap.php
@ -11,6 +11,7 @@ require_once __DIR__."/configs/constants.php";
 require_once 'Preference.php';
 require_once 'Locale.php';
 require_once "DateHelper.php";
+require_once "FileDataHelper.php";
 require_once "HTTPHelper.php";
 require_once "OsPath.php";
 require_once "Database.php";
--- a/airtime_mvc/application/common/FileDataHelper.php
+++ b/airtime_mvc/application/common/FileDataHelper.php
@ -0,0 +1,20 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: sourcefabric
+ * Date: 17/02/15
+ */
+
+class FileDataHelper {
+
+    /**
+     * We want to throw out invalid data and process the upload successfully
+     * at all costs, so check the data and sanitize it if necessary
+     * @param array $data array containing new file metadata
+     */
+    public static function sanitizeData(&$data) {
+        // If the track number isn't numeric, this will return 0
+        $data["track_number"] = intval($data["track_number"]);
+    }
+
+}
--- a/airtime_mvc/application/controllers/LibraryController.php
+++ b/airtime_mvc/application/controllers/LibraryController.php
@ -77,8 +77,6 @@ class LibraryController extends Zend_Controller_Action

            $obj_sess = new Zend_Session_Namespace(UI_PLAYLISTCONTROLLER_OBJ_SESSNAME);
            if (isset($obj_sess->id)) {
-                $objInfo = Application_Model_Library::getObjInfo($obj_sess->type);
-
                $objInfo     = Application_Model_Library::getObjInfo($obj_sess->type);
                $obj         = new $objInfo['className']($obj_sess->id);
                $userInfo    = Zend_Auth::getInstance()->getStorage()->read();
@ -446,6 +444,8 @@ class LibraryController extends Zend_Controller_Action
            }

            if ($form->isValid($serialized)) {
+                // Sanitize any incorrect metadata that slipped past validation
+                FileDataHelper::sanitizeData($serialized["track_number"]);

                $formValues = $this->_getParam('data', null);
                $formdata = array();
--- a/airtime_mvc/application/forms/EditAudioMD.php
+++ b/airtime_mvc/application/forms/EditAudioMD.php
@ -59,7 +59,7 @@ class Application_Form_EditAudioMD extends Zend_Form
        $track_number->class = 'input_text';
        $track_number->setLabel('Track Number:')
            ->setFilters(array('StringTrim'))
-            ->setValidators(array(new Zend_Validate_Digits()));
+            ->setValidators(array(new Zend_Validate_Int()));
        $this->addElement($track_number);

        // Add genre field
--- a/airtime_mvc/application/modules/rest/controllers/MediaController.php
+++ b/airtime_mvc/application/modules/rest/controllers/MediaController.php
@ -113,6 +113,9 @@ class Rest_MediaController extends Zend_Rest_Controller
            $file->save();
            return;
        } else {
+            // Sanitize any incorrect metadata that slipped past validation
+            FileDataHelper::sanitizeData($whiteList["track_number"]);
+
            /* If full_path is set, the post request came from ftp.
             * Users are allowed to upload folders via ftp. If this is the case
             * we need to include the folder name with the file name, otherwise
@ -164,7 +167,41 @@ class Rest_MediaController extends Zend_Rest_Controller
        if (!$this->validateRequestData($file, $whiteList)) {
            $file->save();
            return;
+        } else if ($file && isset($requestData["resource_id"])) {
+            // Sanitize any incorrect metadata that slipped past validation
+            FileDataHelper::sanitizeData($whiteList["track_number"]);
+
+            $file->fromArray($whiteList, BasePeer::TYPE_FIELDNAME);
+            
+            //store the original filename
+            $file->setDbFilepath($requestData["filename"]);
+            
+            $fileSizeBytes = $requestData["filesize"];
+            if (!isset($fileSizeBytes) || $fileSizeBytes === false)
+            {
+                $file->setDbImportStatus(2)->save();
+                $this->fileNotFoundResponse();
+                return;
+            }
+            $cloudFile = new CloudFile();
+            $cloudFile->setStorageBackend($requestData["storage_backend"]);
+            $cloudFile->setResourceId($requestData["resource_id"]);
+            $cloudFile->setCcFiles($file);
+            $cloudFile->save();
+            
+            Application_Model_Preference::updateDiskUsage($fileSizeBytes);
+            
+            $now  = new DateTime("now", new DateTimeZone("UTC"));
+            $file->setDbMtime($now);
+            $file->save();
+            
+            $this->getResponse()
+                ->setHttpResponseCode(200)
+                ->appendBody(json_encode(CcFiles::sanitizeResponse($file)));
        } else if ($file) {
+            // Sanitize any incorrect metadata that slipped past validation
+            $this->sanitizeData($file, $whiteList);
+
            $file->fromArray($whiteList, BasePeer::TYPE_FIELDNAME);

            //Our RESTful API takes "full_path" as a field, which we then split and translate to match
@ -262,7 +299,7 @@ class Rest_MediaController extends Zend_Rest_Controller
            $fileForm = new Application_Form_EditAudioMD();
            $fileForm->startForm($file->getDbId());
            $fileForm->populate($whiteList);
-            
+
            /*
             * Here we are truncating metadata of any characters greater than the
             * max string length set in the database. In the rare case a track's