From c93b90cc54cc44975ba04971c73fc7ec159d88b1 Mon Sep 17 00:00:00 2001 From: Martin Konecny Date: Sat, 26 Jan 2013 20:05:31 -0500 Subject: [PATCH 01/15] prepare for improvements to way pypo communicates with LS --- python_apps/pypo/pypofetch.py | 47 ++++++++++++++++++++++++----------- 1 file changed, 33 insertions(+), 14 deletions(-) diff --git a/python_apps/pypo/pypofetch.py b/python_apps/pypo/pypofetch.py index 1448c65da..03c79cfc6 100644 --- a/python_apps/pypo/pypofetch.py +++ b/python_apps/pypo/pypofetch.py @@ -143,6 +143,24 @@ class PypoFetch(Thread): finally: lock.release() + @staticmethod + def telnet_send(logger, lock, commands): + try: + lock.acquire() + + tn = telnetlib.Telnet(LS_HOST, LS_PORT) + for i in commands: + logger.info(i) + tn.write(i) + + tn.write('exit\n') + tn.read_all() + except Exception, e: + logger.error(str(e)) + finally: + lock.release() + + @staticmethod def switch_source(logger, lock, sourcename, status): logger.debug('Switching source: %s to "%s" status', sourcename, status) @@ -159,17 +177,7 @@ class PypoFetch(Thread): else: command += "stop\n" - try: - lock.acquire() - - tn = telnetlib.Telnet(LS_HOST, LS_PORT) - tn.write(command) - tn.write('exit\n') - tn.read_all() - except Exception, e: - logger.error(str(e)) - finally: - lock.release() + PypoFetch.telnet_send(logger, lock, [command]) """ grabs some information that are needed to be set on bootstrap time @@ -184,9 +192,19 @@ class PypoFetch(Thread): self.logger.debug('info:%s', info) for k, v in info['switch_status'].iteritems(): self.switch_source(self.logger, self.telnet_lock, k, v) - self.update_liquidsoap_stream_format(info['stream_label']) - self.update_liquidsoap_station_name(info['station_name']) - self.update_liquidsoap_transition_fade(info['transition_fade']) + #self.update_liquidsoap_stream_format(info['stream_label']) + #self.update_liquidsoap_station_name(info['station_name']) + #self.update_liquidsoap_transition_fade(info['transition_fade']) + + stream_format = info['stream_label'] + station_name = info['station_name'] + fade = info['transition_fade'] + + commands = [] + commands.append(('vars.stream_metadata_type %s\n' % stream_format).encode('utf-8')) + commands.append(('vars.station_name %s\n' % station_name).encode('utf-8')) + commands.append(('vars.default_dj_fade %s\n' % fade).encode('utf-8')) + PypoFetch.telnet_send(self.logger, self.telnet_lock, commands) def restart_liquidsoap(self): @@ -356,6 +374,7 @@ class PypoFetch(Thread): if(status == "true"): self.api_client.notify_liquidsoap_status("OK", stream_id, str(fake_time)) + def update_liquidsoap_stream_format(self, stream_format): # Push stream metadata to liquidsoap # TODO: THIS LIQUIDSOAP STUFF NEEDS TO BE MOVED TO PYPO-PUSH!!! From b389e440019426f5cce94910ca4e5cfb2f578442 Mon Sep 17 00:00:00 2001 From: Martin Konecny Date: Sun, 27 Jan 2013 15:00:56 -0500 Subject: [PATCH 02/15] take liquidsoap by the horns if it misbehaves. --- python_apps/pypo/airtime-liquidsoap-init-d | 6 +++--- .../pypo/liquidsoap_scripts/liquidsoap_prepare_terminate.py | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/python_apps/pypo/airtime-liquidsoap-init-d b/python_apps/pypo/airtime-liquidsoap-init-d index 4180d5c67..7096bc59c 100755 --- a/python_apps/pypo/airtime-liquidsoap-init-d +++ b/python_apps/pypo/airtime-liquidsoap-init-d @@ -28,10 +28,10 @@ start () { stop () { monit unmonitor airtime-liquidsoap >/dev/null 2>&1 - /usr/lib/airtime/airtime_virtualenv/bin/python /usr/lib/airtime/pypo/bin/liquidsoap_scripts/liquidsoap_prepare_terminate.py - + #send term signal after 10 seconds + timeout 10 /usr/lib/airtime/airtime_virtualenv/bin/python /usr/lib/airtime/pypo/bin/liquidsoap_scripts/liquidsoap_prepare_terminate.py # Send TERM after 5 seconds, wait at most 30 seconds. - start-stop-daemon --stop --oknodo --retry 5 --quiet --pidfile $PIDFILE + start-stop-daemon --stop --oknodo --retry=TERM/10/KILL/5 --quiet --pidfile $PIDFILE rm -f $PIDFILE } diff --git a/python_apps/pypo/liquidsoap_scripts/liquidsoap_prepare_terminate.py b/python_apps/pypo/liquidsoap_scripts/liquidsoap_prepare_terminate.py index e1dac82b6..2f632d9c7 100644 --- a/python_apps/pypo/liquidsoap_scripts/liquidsoap_prepare_terminate.py +++ b/python_apps/pypo/liquidsoap_scripts/liquidsoap_prepare_terminate.py @@ -6,14 +6,14 @@ try: config = ConfigObj('/etc/airtime/pypo.cfg') LS_HOST = config['ls_host'] LS_PORT = config['ls_port'] - + tn = telnetlib.Telnet(LS_HOST, LS_PORT) tn.write("master_harbor.stop\n") tn.write("live_dj_harbor.stop\n") tn.write('exit\n') tn.read_all() - + except Exception, e: print('Error loading config file: %s', e) sys.exit() - \ No newline at end of file + From f1215c10fdd7fcbbb3534473caee67e0848589d3 Mon Sep 17 00:00:00 2001 From: denise Date: Mon, 28 Jan 2013 14:21:11 -0500 Subject: [PATCH 03/15] CC-4882: Scheduled item does not take into account cue_out - cue_in time -fixed --- airtime_mvc/application/models/Scheduler.php | 7 +++++-- airtime_mvc/application/models/StoredFile.php | 8 ++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/airtime_mvc/application/models/Scheduler.php b/airtime_mvc/application/models/Scheduler.php index 2530eb7bf..be9930402 100644 --- a/airtime_mvc/application/models/Scheduler.php +++ b/airtime_mvc/application/models/Scheduler.php @@ -136,13 +136,17 @@ class Application_Model_Scheduler if ($type === "audioclip") { $file = CcFilesQuery::create()->findPK($id, $this->con); + $storedFile = new Application_Model_StoredFile($file->getDbId()); if (is_null($file) || !$file->visible()) { throw new Exception(_("A selected File does not exist!")); } else { $data = $this->fileInfo; $data["id"] = $id; - $data["cliplength"] = $file->getDbLength(); + $data["cliplength"] = $storedFile->getRealClipLength( + $file->getDbCuein(), + $file->getDbCueout()); + $data["cuein"] = $file->getDbCuein(); $data["cueout"] = $file->getDbCueout(); @@ -438,7 +442,6 @@ class Application_Model_Scheduler } foreach ($schedFiles as $file) { - $endTimeDT = $this->findEndTime($nextStartDT, $file['cliplength']); //item existed previously and is being moved. diff --git a/airtime_mvc/application/models/StoredFile.php b/airtime_mvc/application/models/StoredFile.php index bd50f2826..9ca6ff32c 100644 --- a/airtime_mvc/application/models/StoredFile.php +++ b/airtime_mvc/application/models/StoredFile.php @@ -1285,6 +1285,14 @@ SQL; } } } + + public function getRealClipLength($p_cuein, $p_cueout) { + $sql = "SELECT :cueout::INTERVAL - :cuein::INTERVAL"; + + return Application_Common_Database::prepareAndExecute($sql, array( + ':cueout' => $p_cueout, + ':cuein' => $p_cuein), 'column'); + } } class DeleteScheduledFileException extends Exception {} From 5f3f2cd97ccfb8da8d706dc66018ce2e5b63a35f Mon Sep 17 00:00:00 2001 From: denise Date: Mon, 28 Jan 2013 16:46:11 -0500 Subject: [PATCH 04/15] CC-4881: Cue in time can be greater than Cue out time in some situations -fixed --- airtime_mvc/application/models/Schedule.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/airtime_mvc/application/models/Schedule.php b/airtime_mvc/application/models/Schedule.php index 481f22b2d..81a3c55e7 100644 --- a/airtime_mvc/application/models/Schedule.php +++ b/airtime_mvc/application/models/Schedule.php @@ -696,6 +696,10 @@ SQL; 'replay_gain' => $replay_gain, 'independent_event' => $independent_event, ); + + if ($schedule_item['cue_in'] > $schedule_item['cue_out']) { + $schedule_item['cue_in'] = $schedule_item['cue_out']; + } self::appendScheduleItem($data, $start, $schedule_item); } @@ -906,7 +910,6 @@ SQL; self::createScheduledEvents($data, $range_start, $range_end); self::foldData($data["media"]); - return $data; } From d7358338f0355cda0ba44e8bbf5d2f5258865cd8 Mon Sep 17 00:00:00 2001 From: Martin Konecny Date: Mon, 28 Jan 2013 17:00:16 -0500 Subject: [PATCH 05/15] improved logging in pypo fetch --- python_apps/pypo/pypofetch.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/python_apps/pypo/pypofetch.py b/python_apps/pypo/pypofetch.py index 1448c65da..9a94a4103 100644 --- a/python_apps/pypo/pypofetch.py +++ b/python_apps/pypo/pypofetch.py @@ -135,6 +135,7 @@ class PypoFetch(Thread): try: lock.acquire() tn = telnetlib.Telnet(LS_HOST, LS_PORT) + self.logger.info(command) tn.write(command) tn.write('exit\n') tn.read_all() @@ -330,8 +331,13 @@ class PypoFetch(Thread): # updated. current_time = time.time() boot_up_time_command = "vars.bootup_time " + str(current_time) + "\n" + self.logger.info(boot_up_time_command) tn.write(boot_up_time_command) - tn.write("streams.connection_status\n") + + connection_status = "streams.connection_status\n" + self.logger.info(connection_status) + tn.write(connection_status) + tn.write('exit\n') output = tn.read_all() From 9d8a9faca872b7697437da0811b7664694840c7e Mon Sep 17 00:00:00 2001 From: Martin Konecny Date: Mon, 28 Jan 2013 17:00:35 -0500 Subject: [PATCH 06/15] make code formatting easier on eyes --- .../pypo/liquidsoap_scripts/ls_script.liq | 79 ++++++++++++++++--- 1 file changed, 66 insertions(+), 13 deletions(-) diff --git a/python_apps/pypo/liquidsoap_scripts/ls_script.liq b/python_apps/pypo/liquidsoap_scripts/ls_script.liq index cd01ad453..489d494a3 100644 --- a/python_apps/pypo/liquidsoap_scripts/ls_script.liq +++ b/python_apps/pypo/liquidsoap_scripts/ls_script.liq @@ -195,28 +195,81 @@ def check_dj_client(user,password) = hd == "True" end -def append_dj_inputs(master_harbor_input_port, master_harbor_input_mount_point, dj_harbor_input_port, dj_harbor_input_mount_point, s) = - if master_harbor_input_port != 0 and master_harbor_input_mount_point != "" and dj_harbor_input_port != 0 and dj_harbor_input_mount_point != "" then - master_dj = mksafe(audio_to_stereo(input.harbor(id="master_harbor", master_harbor_input_mount_point, port=master_harbor_input_port, auth=check_master_dj_client, - max=40., on_connect=master_dj_connect, on_disconnect=master_dj_disconnect))) - dj_live = mksafe(audio_to_stereo(input.harbor(id="live_dj_harbor", dj_harbor_input_mount_point, port=dj_harbor_input_port, auth=check_dj_client, - max=40., on_connect=live_dj_connect, on_disconnect=live_dj_disconnect))) +def append_dj_inputs(master_harbor_input_port, + master_harbor_input_mount_point, + dj_harbor_input_port, + dj_harbor_input_mount_point, + s) = + if master_harbor_input_port != 0 + and master_harbor_input_mount_point != "" + and dj_harbor_input_port != 0 + and dj_harbor_input_mount_point != "" then + + master_dj = mksafe( + audio_to_stereo( + input.harbor(id="master_harbor", + master_harbor_input_mount_point, + port=master_harbor_input_port, + auth=check_master_dj_client, + max=40., + on_connect=master_dj_connect, + on_disconnect=master_dj_disconnect))) + + dj_live = mksafe( + audio_to_stereo( + input.harbor(id="live_dj_harbor", + dj_harbor_input_mount_point, + port=dj_harbor_input_port, + auth=check_dj_client, + max=40., + on_connect=live_dj_connect, + on_disconnect=live_dj_disconnect))) ignore(output.dummy(master_dj, fallible=true)) ignore(output.dummy(dj_live, fallible=true)) - switch(id="master_dj_switch", track_sensitive=false, transitions=[transition, transition, transition], [({!master_dj_enabled},master_dj), ({!live_dj_enabled},dj_live), ({true}, s)]) + + switch(id="master_dj_switch", + track_sensitive=false, + transitions=[transition, transition, transition], + [({!master_dj_enabled},master_dj), + ({!live_dj_enabled},dj_live), + ({true}, s)]) + elsif master_harbor_input_port != 0 and master_harbor_input_mount_point != "" then - master_dj = mksafe(audio_to_stereo(input.harbor(id="master_harbor", master_harbor_input_mount_point, port=master_harbor_input_port, auth=check_master_dj_client, - max=40., on_connect=master_dj_connect, on_disconnect=master_dj_disconnect))) + master_dj = mksafe( + audio_to_stereo( + input.harbor(id="master_harbor", + master_harbor_input_mount_point, + port=master_harbor_input_port, + auth=check_master_dj_client, + max=40., + on_connect=master_dj_connect, + on_disconnect=master_dj_disconnect))) + ignore(output.dummy(master_dj, fallible=true)) - switch(id="master_dj_switch", track_sensitive=false, transitions=[transition, transition], [({!master_dj_enabled},master_dj), ({true}, s)]) + switch(id="master_dj_switch", + track_sensitive=false, + transitions=[transition, transition], + [({!master_dj_enabled},master_dj), ({true}, s)]) + elsif dj_harbor_input_port != 0 and dj_harbor_input_mount_point != "" then - dj_live = mksafe(audio_to_stereo(input.harbor(id="live_dj_harbor", dj_harbor_input_mount_point, port=dj_harbor_input_port, auth=check_dj_client, - max=40., on_connect=live_dj_connect, on_disconnect=live_dj_disconnect))) + dj_live = mksafe( + audio_to_stereo( + input.harbor(id="live_dj_harbor", + dj_harbor_input_mount_point, + port=dj_harbor_input_port, + auth=check_dj_client, + max=40., + on_connect=live_dj_connect, + on_disconnect=live_dj_disconnect))) ignore(output.dummy(dj_live, fallible=true)) - switch(id="live_dj_switch", track_sensitive=false, transitions=[transition, transition], [({!live_dj_enabled},dj_live), ({true}, s)]) + + switch(id="live_dj_switch", + track_sensitive=false, + transitions=[transition, transition], + [({!live_dj_enabled},dj_live), ({true}, s)]) else s end From db4e6bb94afd6d362254ba570014f085c7ec3589 Mon Sep 17 00:00:00 2001 From: drigato Date: Tue, 29 Jan 2013 10:29:29 -0500 Subject: [PATCH 07/15] CC-4889: API client URL request is not wrapping in try/catch -fixed --- python_apps/api_clients/api_client.py | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/python_apps/api_clients/api_client.py b/python_apps/api_clients/api_client.py index 517870e45..b28a4ca5a 100644 --- a/python_apps/api_clients/api_client.py +++ b/python_apps/api_clients/api_client.py @@ -73,17 +73,26 @@ class ApcUrl(object): else: return self.base_url class ApiRequest(object): - def __init__(self, name, url): + def __init__(self, name, url, logger=None): self.name = name self.url = url self.__req = None + if logger is None: self.logger = logging + else: self.logger = logger def __call__(self,_post_data=None, **kwargs): # TODO : get rid of god damn urllib and replace everything with # grequests or requests at least final_url = self.url.params(**kwargs).url() if _post_data is not None: _post_data = urllib.urlencode(_post_data) - req = urllib2.Request(final_url, _post_data) - response = urllib2.urlopen(req).read() + try: + req = urllib2.Request(final_url, _post_data) + response = urllib2.urlopen(req).read() + except Exception, e: + self.logger.error('Exception: %s', e) + import traceback + top = traceback.format_exc() + self.logger.error("traceback: %s", top) + response = "" # Ghetto hack for now because we don't the content type we are getting # (Pointless to look at mime since it's not being set correctly always) try: return json.loads(response) From 28c01760dde01dabd84d079d6675fd46f3fd8dcf Mon Sep 17 00:00:00 2001 From: Martin Konecny Date: Tue, 29 Jan 2013 12:17:05 -0500 Subject: [PATCH 08/15] be more gentle to Liquidsoap when sending lots of commands --- python_apps/pypo/pypofetch.py | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/python_apps/pypo/pypofetch.py b/python_apps/pypo/pypofetch.py index 03c79cfc6..ea602581c 100644 --- a/python_apps/pypo/pypofetch.py +++ b/python_apps/pypo/pypofetch.py @@ -179,6 +179,25 @@ class PypoFetch(Thread): PypoFetch.telnet_send(logger, lock, [command]) + + #TODO: Merge this with switch_source + def switch_source_temp(self, sourcename, status): + self.logger.debug('Switching source: %s to "%s" status', sourcename, status) + command = "streams." + if sourcename == "master_dj": + command += "master_dj_" + elif sourcename == "live_dj": + command += "live_dj_" + elif sourcename == "scheduled_play": + command += "scheduled_play_" + + if status == "on": + command += "start\n" + else: + command += "stop\n" + + return command + """ grabs some information that are needed to be set on bootstrap time and configures them @@ -190,17 +209,14 @@ class PypoFetch(Thread): self.logger.error('Unable to get bootstrap info.. Exiting pypo...') else: self.logger.debug('info:%s', info) + commands = [] for k, v in info['switch_status'].iteritems(): - self.switch_source(self.logger, self.telnet_lock, k, v) - #self.update_liquidsoap_stream_format(info['stream_label']) - #self.update_liquidsoap_station_name(info['station_name']) - #self.update_liquidsoap_transition_fade(info['transition_fade']) + commands.append(self.switch_source_temp(k, v)) stream_format = info['stream_label'] station_name = info['station_name'] fade = info['transition_fade'] - commands = [] commands.append(('vars.stream_metadata_type %s\n' % stream_format).encode('utf-8')) commands.append(('vars.station_name %s\n' % station_name).encode('utf-8')) commands.append(('vars.default_dj_fade %s\n' % fade).encode('utf-8')) From b15c4569ebe90949fd55da5e1a7db5eea5ce1b41 Mon Sep 17 00:00:00 2001 From: Martin Konecny Date: Tue, 29 Jan 2013 15:17:29 -0500 Subject: [PATCH 09/15] CC-4894: Need to filter output for potential XSS exploits -fixed few areas --- .../application/controllers/LibraryController.php | 9 +++++++++ airtime_mvc/application/controllers/UserController.php | 2 +- airtime_mvc/application/layouts/scripts/layout.phtml | 2 +- airtime_mvc/application/models/ShowBuilder.php | 2 +- airtime_mvc/application/models/User.php | 2 ++ .../application/views/scripts/form/edit-user.phtml | 4 ++-- .../views/scripts/form/preferences_watched_dirs.phtml | 4 ++-- .../application/views/scripts/playlist/playlist.phtml | 2 +- .../public/js/airtime/preferences/streamsetting.js | 2 +- 9 files changed, 20 insertions(+), 9 deletions(-) diff --git a/airtime_mvc/application/controllers/LibraryController.php b/airtime_mvc/application/controllers/LibraryController.php index 2b38349dd..1e3ac996a 100644 --- a/airtime_mvc/application/controllers/LibraryController.php +++ b/airtime_mvc/application/controllers/LibraryController.php @@ -385,6 +385,15 @@ class LibraryController extends Zend_Controller_Action //TODO move this to the datatables row callback. foreach ($r["aaData"] as &$data) { + foreach ($data as $k => &$v) { + if ($k != "image" && $k != "checkbox") { + $v = htmlspecialchars($v); + } + } + //TODO: Replace the above foreach loop with the line below when ticket + //CC-4896 is completed. + //$data = array_map('htmlspecialchars', $data); + if ($data['ftype'] == 'audioclip') { $file = Application_Model_StoredFile::Recall($data['id']); $scid = $file->getSoundCloudId(); diff --git a/airtime_mvc/application/controllers/UserController.php b/airtime_mvc/application/controllers/UserController.php index 395156f97..3faa1477f 100644 --- a/airtime_mvc/application/controllers/UserController.php +++ b/airtime_mvc/application/controllers/UserController.php @@ -115,7 +115,7 @@ class UserController extends Zend_Controller_Action $post = $this->getRequest()->getPost(); $users = Application_Model_User::getUsersDataTablesInfo($post); - die(json_encode($users)); + $this->_helper->json->sendJson($users); } public function getUserDataAction() diff --git a/airtime_mvc/application/layouts/scripts/layout.phtml b/airtime_mvc/application/layouts/scripts/layout.phtml index 29d04c0d6..dedda7c88 100644 --- a/airtime_mvc/application/layouts/scripts/layout.phtml +++ b/airtime_mvc/application/layouts/scripts/layout.phtml @@ -24,7 +24,7 @@
diff --git a/airtime_mvc/application/models/ShowBuilder.php b/airtime_mvc/application/models/ShowBuilder.php index a1ef7c588..72a5f6ab0 100644 --- a/airtime_mvc/application/models/ShowBuilder.php +++ b/airtime_mvc/application/models/ShowBuilder.php @@ -227,7 +227,7 @@ class Application_Model_ShowBuilder $row["endDate"] = $showEndDT->format("Y-m-d"); $row["endTime"] = $showEndDT->format("H:i"); $row["duration"] = floatval($showEndDT->format("U.u")) - floatval($showStartDT->format("U.u")); - $row["title"] = $p_item["show_name"]; + $row["title"] = htmlspecialchars($p_item["show_name"]); $row["instance"] = intval($p_item["si_id"]); $row["image"] = ''; diff --git a/airtime_mvc/application/models/User.php b/airtime_mvc/application/models/User.php index 63b82820a..97c9ca3ad 100644 --- a/airtime_mvc/application/models/User.php +++ b/airtime_mvc/application/models/User.php @@ -335,6 +335,8 @@ class Application_Model_User } else { $record['delete'] = ""; } + + $record = array_map('htmlspecialchars', $record); } return $res; diff --git a/airtime_mvc/application/views/scripts/form/edit-user.phtml b/airtime_mvc/application/views/scripts/form/edit-user.phtml index cd4b70bd9..79a0081fc 100644 --- a/airtime_mvc/application/views/scripts/form/edit-user.phtml +++ b/airtime_mvc/application/views/scripts/form/edit-user.phtml @@ -1,4 +1,4 @@ -

currentUser) ?>

+

escape($this->currentUser)) ?>

@@ -160,4 +160,4 @@
-
\ No newline at end of file + diff --git a/airtime_mvc/application/views/scripts/form/preferences_watched_dirs.phtml b/airtime_mvc/application/views/scripts/form/preferences_watched_dirs.phtml index 4889892dd..ad8e77797 100644 --- a/airtime_mvc/application/views/scripts/form/preferences_watched_dirs.phtml +++ b/airtime_mvc/application/views/scripts/form/preferences_watched_dirs.phtml @@ -11,7 +11,7 @@ element->getElement('storageFolder')->hasErrors()) : ?>
    element->getElement('storageFolder')->getMessages() as $error): ?> -
    • +
  • escape($error); ?>
@@ -29,7 +29,7 @@ element->getElement('watchedFolder')->hasErrors()) : ?>
    element->getElement('watchedFolder')->getMessages() as $error): ?> -
    • +
  • escape($error); ?>
diff --git a/airtime_mvc/application/views/scripts/playlist/playlist.phtml b/airtime_mvc/application/views/scripts/playlist/playlist.phtml index f8496d926..a516f2746 100644 --- a/airtime_mvc/application/views/scripts/playlist/playlist.phtml +++ b/airtime_mvc/application/views/scripts/playlist/playlist.phtml @@ -39,7 +39,7 @@ if (isset($this->obj)) {

- obj->getName(); ?> + escape($this->obj->getName()); ?>

length; ?>

diff --git a/airtime_mvc/public/js/airtime/preferences/streamsetting.js b/airtime_mvc/public/js/airtime/preferences/streamsetting.js index 54bb986ca..6e76b693c 100644 --- a/airtime_mvc/public/js/airtime/preferences/streamsetting.js +++ b/airtime_mvc/public/js/airtime/preferences/streamsetting.js @@ -28,7 +28,7 @@ function rebuildStreamURL(ele){ }else{ streamurl = "http://"+host+":"+port+"/" } - div.find("#stream_url").html(streamurl) + div.find("#stream_url").text(streamurl) } function restrictOggBitrate(ele, on){ var div = ele.closest("div") From 2a0cc9e45fafc44f28319f222873b546497a2942 Mon Sep 17 00:00:00 2001 From: Martin Konecny Date: Wed, 30 Jan 2013 11:23:20 -0500 Subject: [PATCH 10/15] fix indentation --- python_apps/pypo/pypofetch.py | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/python_apps/pypo/pypofetch.py b/python_apps/pypo/pypofetch.py index 0d9884881..b026f3a22 100644 --- a/python_apps/pypo/pypofetch.py +++ b/python_apps/pypo/pypofetch.py @@ -146,20 +146,20 @@ class PypoFetch(Thread): @staticmethod def telnet_send(logger, lock, commands): - try: - lock.acquire() + try: + lock.acquire() - tn = telnetlib.Telnet(LS_HOST, LS_PORT) - for i in commands: - logger.info(i) - tn.write(i) + tn = telnetlib.Telnet(LS_HOST, LS_PORT) + for i in commands: + logger.info(i) + tn.write(i) - tn.write('exit\n') - tn.read_all() - except Exception, e: - logger.error(str(e)) - finally: - lock.release() + tn.write('exit\n') + tn.read_all() + except Exception, e: + logger.error(str(e)) + finally: + lock.release() @staticmethod From e459f739f2b189d8c08a2b6a9dc7faf3b8fb21db Mon Sep 17 00:00:00 2001 From: Martin Konecny Date: Wed, 30 Jan 2013 11:29:28 -0500 Subject: [PATCH 11/15] indentation error fix --- python_apps/pypo/pypofetch.py | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/python_apps/pypo/pypofetch.py b/python_apps/pypo/pypofetch.py index b026f3a22..b0cbdc69a 100644 --- a/python_apps/pypo/pypofetch.py +++ b/python_apps/pypo/pypofetch.py @@ -147,19 +147,19 @@ class PypoFetch(Thread): @staticmethod def telnet_send(logger, lock, commands): try: - lock.acquire() + lock.acquire() - tn = telnetlib.Telnet(LS_HOST, LS_PORT) - for i in commands: - logger.info(i) - tn.write(i) + tn = telnetlib.Telnet(LS_HOST, LS_PORT) + for i in commands: + logger.info(i) + tn.write(i) - tn.write('exit\n') - tn.read_all() - except Exception, e: - logger.error(str(e)) - finally: - lock.release() + tn.write('exit\n') + tn.read_all() + except Exception, e: + logger.error(str(e)) + finally: + lock.release() @staticmethod From 595429e6e514aab20ac75a714cf2891bd3c1264c Mon Sep 17 00:00:00 2001 From: denise Date: Wed, 30 Jan 2013 11:51:27 -0500 Subject: [PATCH 12/15] CC-4897: XSS exploit on library page -fixed --- airtime_mvc/application/controllers/LibraryController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/airtime_mvc/application/controllers/LibraryController.php b/airtime_mvc/application/controllers/LibraryController.php index 1e3ac996a..15ae12944 100644 --- a/airtime_mvc/application/controllers/LibraryController.php +++ b/airtime_mvc/application/controllers/LibraryController.php @@ -438,7 +438,7 @@ class LibraryController extends Zend_Controller_Action $formValues = $this->_getParam('data', null); $formdata = array(); foreach ($formValues as $val) { - $formdata[$val["name"]] = $val["value"]; + $formdata[$val["name"]] = htmlspecialchars($val["value"]); } $file->setDbColMetadata($formdata); From cc5acf3c9e7786fc8fab1197c180942440d62124 Mon Sep 17 00:00:00 2001 From: Martin Konecny Date: Wed, 30 Jan 2013 14:34:06 -0500 Subject: [PATCH 13/15] improved logging for boolean vars --- airtime_mvc/application/logging/Logging.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/airtime_mvc/application/logging/Logging.php b/airtime_mvc/application/logging/Logging.php index dfe7e1fbe..65a8f6dc2 100644 --- a/airtime_mvc/application/logging/Logging.php +++ b/airtime_mvc/application/logging/Logging.php @@ -32,6 +32,8 @@ class Logging { { if (is_array($p_msg) || is_object($p_msg)) { return print_r($p_msg, true); + } else if (is_bool($p_msg)) { + return $p_msg ? "true" : "false"; } else { return $p_msg; } From 52d96241daedaa98e2833686cae9f6b01046811f Mon Sep 17 00:00:00 2001 From: Martin Konecny Date: Wed, 30 Jan 2013 14:40:29 -0500 Subject: [PATCH 14/15] CC-4754: Replay gain modifier -fix regression --- airtime_mvc/application/controllers/PreferenceController.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/airtime_mvc/application/controllers/PreferenceController.php b/airtime_mvc/application/controllers/PreferenceController.php index 00b0fa6ca..e68e6c603 100644 --- a/airtime_mvc/application/controllers/PreferenceController.php +++ b/airtime_mvc/application/controllers/PreferenceController.php @@ -273,7 +273,8 @@ class PreferenceController extends Zend_Controller_Action Application_Model_Preference::SetEnableReplayGain($values["enableReplayGain"]); Application_Model_Preference::setReplayGainModifier($values["replayGainModifier"]); $md = array('schedule' => Application_Model_Schedule::getSchedule()); - Application_Model_RabbitMq::PushSchedule(); + Application_Model_RabbitMq::SendMessageToPypo("update_schedule", $md); + //Application_Model_RabbitMq::PushSchedule(); } if (!Application_Model_Preference::GetMasterDjConnectionUrlOverride()) { From 3553ebc2ee3bde9cd7c8352f322b7848d31e65c0 Mon Sep 17 00:00:00 2001 From: Martin Konecny Date: Wed, 30 Jan 2013 18:21:46 -0500 Subject: [PATCH 15/15] fix upgrade script so that cue out of files is not 00:00:00 by default --- install_minimal/upgrades/airtime-2.3.0/data/upgrade.sql | 2 ++ 1 file changed, 2 insertions(+) diff --git a/install_minimal/upgrades/airtime-2.3.0/data/upgrade.sql b/install_minimal/upgrades/airtime-2.3.0/data/upgrade.sql index c2d176b23..cd34a28bb 100644 --- a/install_minimal/upgrades/airtime-2.3.0/data/upgrade.sql +++ b/install_minimal/upgrades/airtime-2.3.0/data/upgrade.sql @@ -15,6 +15,8 @@ INSERT INTO cc_stream_setting ("keyname", "value", "type") VALUES ('s3_admin_pas UPDATE cc_music_dirs SET directory = directory || '/' where id in (select id from cc_music_dirs where substr(directory, length(directory)) != '/'); UPDATE cc_files SET filepath = substring(filepath from 2) where id in (select id from cc_files where substring(filepath from 1 for 1) = '/'); +UPDATE cc_files SET cueout = length where cueout = '00:00:00'; + INSERT INTO cc_pref("keystr", "valstr") VALUES('locale', 'en_CA'); INSERT INTO cc_pref("subjid", "keystr", "valstr") VALUES(1, 'user_locale', 'en_CA');