SAAS-1062 - more work on podcasting frontend

airtime_mvc/application/controllers/plugins/Acl_plugin.php

@@ -169,6 +169,12 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
             // we need to check the CSRF token
             if ($_SERVER['REQUEST_METHOD'] != "GET" && $request->getModuleName() == "rest") {
                 $token = $request->getParam("csrf_token");
+                // PUT requests don't parameterize the data in the body, so we can't
+                // fetch it with getParam or getPost; instead we have to parse the body and
+                // check for the token in the JSON. (Hopefully we can find a better way to do this) -- Duncan
+                if (empty($token)) {
+                    $token = json_decode($this->getRequest()->getRawBody(), true)["csrf_token"];
+                }
                 $tokenValid = $this->verifyCSRFToken($token);
 
                 if (!$tokenValid) {

airtime_mvc/application/views/scripts/podcast/podcast.phtml

@@ -1,4 +1,4 @@
-<div id="podcast-wrapper" ng-controller="RestController">
+<div class="podcast-wrapper" ng-controller="RestController">
     <div class="inner_editor_title">
         <h2>
             <?php echo _("Editing ") ?>"<span ng-bind="podcast.title" class="title_obj_name"></span>"
@@ -29,6 +29,6 @@
                 <?php echo _("Save") ?>
             </button>
         </div>
-        <div id='sp-success' class='success' style='display:none'></span></div>
+        <div class='success' style='display:none'></span></div>
     </div>
 </div>

airtime_mvc/application/views/scripts/podcast/podcast_url_dialog.phtml

@@ -1,5 +1,5 @@
 <div id="podcast_url_dialog">
-    <form>
+    <form name="podcast_url_form">
         <?php echo $this->csrf ?>
         <label>
             Podcast URL