Congegni
/
libretime
mirror of https://github.com/libretime/libretime.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Changed extension check to MIME-type checking

This commit is contained in:
Duncan Sommerville 2014-09-18 10:36:40 -04:00
parent 080b2581b6
commit b525638829
1 changed files with 41 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
airtime_mvc/application/modules/rest/controllers/ShowController.php
View File

@ -6,9 +6,10 @@
* *
* Changelog: * Changelog:
* 16/09/2014 : v1.0 Created class skeleton, added image upload functionality * 16/09/2014 : v1.0 Created class skeleton, added image upload functionality
* 18/09/2014 : v1.1 Changed auth references to static calls
* *
* @author sourcefabric * @author sourcefabric
* @version 1.0 * @version 1.1
* *
*/ */
@ -17,11 +18,8 @@ require_once($filepath."/../helpers/RestAuth.php");
class Rest_ShowController extends Zend_Rest_Controller class Rest_ShowController extends Zend_Rest_Controller
{ {
private $restAuth;
public function init() public function init()
{ {
$this->restAuth = new RestAuth();
// Remove layout dependencies // Remove layout dependencies
$this->view->layout()->disableLayout(); $this->view->layout()->disableLayout();
// Remove reliance on .phtml files to render requests // Remove reliance on .phtml files to render requests
@ -55,7 +53,7 @@ class Rest_ShowController extends Zend_Rest_Controller
public function uploadImageAction() public function uploadImageAction()
{ {
if (!$this->restAuth->verifyAuth(true, true)) if (!RestAuth::verifyAuth(true, true))
{ {
Logging::info("Authentication failed"); Logging::info("Authentication failed");
return; return;
@ -75,7 +73,13 @@ class Rest_ShowController extends Zend_Rest_Controller
return; return;
} }
$path = $this->processUploadedImage($showId, $_FILES["file"]["tmp_name"], $_FILES["file"]["name"]); try {
$path = $this->processUploadedImage($showId, $_FILES["file"]["tmp_name"], $_FILES["file"]["name"]);
} catch (Exception $e) {
$this->getResponse()
->setHttpResponseCode(400)
->appendBody("Error processing image: " . $e->getMessage());
}
$show = CcShowQuery::create()->findPk($showId); $show = CcShowQuery::create()->findPk($showId);
@ -90,7 +94,9 @@ class Rest_ShowController extends Zend_Rest_Controller
$con->commit(); $con->commit();
} catch (Exception $e) { } catch (Exception $e) {
$con->rollBack(); $con->rollBack();
Logging::error("Couldn't add show image: " . $e->getMessage()); $this->getResponse()
->setHttpResponseCode(400)
->appendBody("Couldn't add show image: " . $e->getMessage());
} }
$this->getResponse() $this->getResponse()
@ -110,7 +116,7 @@ class Rest_ShowController extends Zend_Rest_Controller
*/ */
private function processUploadedImage($showId, $tempFilePath, $originalFilename) private function processUploadedImage($showId, $tempFilePath, $originalFilename)
{ {
$ownerId = $this->restAuth->getOwnerId(); $ownerId = RestAuth::getOwnerId();
$CC_CONFIG = Config::getConfig(); $CC_CONFIG = Config::getConfig();
$apiKey = $CC_CONFIG["apiKey"][0]; $apiKey = $CC_CONFIG["apiKey"][0];
@ -118,36 +124,51 @@ class Rest_ShowController extends Zend_Rest_Controller
$tempFileName = basename($tempFilePath); $tempFileName = basename($tempFilePath);
//Only accept files with a file extension that we support. //Only accept files with a file extension that we support.
$fileExtension = pathinfo($originalFilename, PATHINFO_EXTENSION); $fileExtension = $this->getMimeExtension($originalFileName, $tempFilePath);
if (!in_array(strtolower($fileExtension), explode(",", "jpg,png,gif,jpeg"))) if (!in_array(strtolower($fileExtension), explode(",", "jpg,png,gif,jpeg")))
{ {
@unlink($tempFilePath); @unlink($tempFilePath);
// Should this be an HTTPResponse?
throw new Exception("Bad file extension."); throw new Exception("Bad file extension.");
} }
$storDir = Application_Model_MusicDir::getStorDir(); $storDir = Application_Model_MusicDir::getStorDir();
$importedStorageDirectory = $storDir->getDirectory() . "imported/" . $ownerId . "/show-images/" . $showId; $importedStorageDirectory = $storDir->getDirectory() . "imported/" . $ownerId . "/show-images/" . $showId;
Logging::info("Stor directory: " . $storDir->getDirectory());
Logging::info("Show image directory: " . $importedStorageDirectory);
try { try {
$importedStorageDirectory = $this->copyFileToStor($tempFilePath, $importedStorageDirectory, $fileExtension); $importedStorageDirectory = $this->copyFileToStor($tempFilePath, $importedStorageDirectory, $fileExtension);
} catch (Exception $e) { } catch (Exception $e) {
@unlink($tempFilePath); @unlink($tempFilePath);
Logging::error($e->getMessage()); throw new Exception("Failed to copy file: " . $e->getMessage());
return;
} }
return $importedStorageDirectory; return $importedStorageDirectory;
} }
private function getMimeExtension($originalFileName, $tempFilePath)
{
// Don't trust the extension - get the MIME-type instead
$fileInfo = finfo_open();
$mime = finfo_file($fileInfo, $tempFilePath, FILEINFO_MIME_TYPE);
return $this->getExtensionFromMime($mime);
}
private function getExtensionFromMime($mime)
{
$extensions = array(
'image/jpeg' => 'jpg',
'image/png' => 'png',
'image/gif' => 'gif'
);
return $extensions[$mime];
}
private function copyFileToStor($tempFilePath, $importedStorageDirectory, $fileExtension) private function copyFileToStor($tempFilePath, $importedStorageDirectory, $fileExtension)
{ {
$image_file = $tempFilePath; $image_file = $tempFilePath;
// check if "organize" dir exists and if not create one // check if show image dir exists and if not, create one
if (!file_exists($importedStorageDirectory)) { if (!file_exists($importedStorageDirectory)) {
if (!mkdir($importedStorageDirectory, 0777, true)) { if (!mkdir($importedStorageDirectory, 0777, true)) {
throw new Exception("Failed to create storage directory."); throw new Exception("Failed to create storage directory.");
@ -180,9 +201,9 @@ class Rest_ShowController extends Zend_Rest_Controller
return $image_stor; return $image_stor;
} }
public static function deleteFilesFromStor($showId) { // Should this be a POST endpoint instead?
$auth = new RestAuth(); public static function deleteShowImagesFromStor($showId) {
$ownerId = $auth->getOwnerId(); $ownerId = RestAuth::getOwnerId();
$storDir = Application_Model_MusicDir::getStorDir(); $storDir = Application_Model_MusicDir::getStorDir();
$importedStorageDirectory = $storDir->getDirectory() . "imported/" . $ownerId . "/show-images/" . $showId; $importedStorageDirectory = $storDir->getDirectory() . "imported/" . $ownerId . "/show-images/" . $showId;
@ -198,7 +219,7 @@ class Rest_ShowController extends Zend_Rest_Controller
} }
} }
// from a comment @ http://php.net/manual/en/function.rmdir.php // from a note @ http://php.net/manual/en/function.rmdir.php
private static function delTree($dir) { private static function delTree($dir) {
$files = array_diff(scandir($dir), array('.','..')); $files = array_diff(scandir($dir), array('.','..'));
foreach ($files as $file) { foreach ($files as $file) {