Merge branch 'saas-cc-6055' into saas
This commit is contained in:
Albert Santoni
commit
0f58e315e6
10 changed files with 46 additions and 50 deletions
|
|
@ -199,9 +199,7 @@ class ApiController extends Zend_Controller_Action
|
|||
} else {
|
||||
$result = Application_Model_Schedule::GetPlayOrderRangeOld($limit);
|
||||
}
|
||||
|
||||
// XSS exploit prevention
|
||||
WidgetHelper::convertSpecialChars($result, array("name", "url"));
|
||||
|
||||
// apply user-defined timezone, or default to station
|
||||
Application_Common_DateHelper::convertTimestampsToTimezone(
|
||||
$result['currentShow'],
|
||||
|
|
@ -218,6 +216,10 @@ class ApiController extends Zend_Controller_Action
|
|||
$result["schedulerTime"] = Application_Common_DateHelper::UTCStringToTimezoneString($result["schedulerTime"], $timezone);
|
||||
$result["timezone"] = $upcase ? strtoupper($timezone) : $timezone;
|
||||
$result["timezoneOffset"] = Application_Common_DateHelper::getTimezoneOffset($timezone);
|
||||
|
||||
// XSS exploit prevention
|
||||
SecurityHelper::htmlescape_recursive($result);
|
||||
|
||||
// convert image paths to point to api endpoints
|
||||
WidgetHelper::findAndConvertPaths($result);
|
||||
|
||||
|
|
@ -288,10 +290,12 @@ class ApiController extends Zend_Controller_Action
|
|||
|
||||
$result = Application_Model_Schedule::GetPlayOrderRange($utcTimeEnd, $showsToRetrieve);
|
||||
|
||||
// XSS exploit prevention
|
||||
WidgetHelper::convertSpecialChars($result, array("name", "url"));
|
||||
// apply user-defined timezone, or default to station
|
||||
$this->applyLiveTimezoneAdjustments($result, $timezone, $upcase);
|
||||
|
||||
// XSS exploit prevention
|
||||
SecurityHelper::htmlescape_recursive($result);
|
||||
|
||||
// convert image paths to point to api endpoints
|
||||
WidgetHelper::findAndConvertPaths($result);
|
||||
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ class EmbedController extends Zend_Controller_Action
|
|||
$this->view->jquery = Application_Common_HTTPHelper::getStationUrl() . "js/libs/jquery-1.10.2.js";
|
||||
$this->view->muses_swf = Application_Common_HTTPHelper::getStationUrl() . "js/airtime/player/muses.swf";
|
||||
$this->view->metadata_api_url = Application_Common_HTTPHelper::getStationUrl() . "api/live-info";
|
||||
$this->view->player_title = json_encode($request->getParam('title'));
|
||||
$this->view->player_title = json_encode($this->view->escape($request->getParam('title')));
|
||||
|
||||
$styleParam = $request->getParam('style');
|
||||
$player_style = isset($styleParam) ? $styleParam : "basic";
|
||||
|
|
@ -98,7 +98,7 @@ class EmbedController extends Zend_Controller_Action
|
|||
$weeklyScheduleData = WidgetHelper::getWeekInfoV2($this->getRequest()->getParam("timezone"));
|
||||
|
||||
// Return only the current week's schedule data. In the future we may use the next week's data.
|
||||
$this->view->weeklyScheduleData = $weeklyScheduleData[0];
|
||||
$this->view->weeklyScheduleData = ($weeklyScheduleData[0]);
|
||||
|
||||
$currentDay = new DateTime("now", new DateTimeZone(Application_Model_Preference::GetTimezone()));
|
||||
//day of the month without leading zeros (1 to 31)
|
||||
|
|
|
|||
|
|
@ -413,7 +413,7 @@ class LibraryController extends Zend_Controller_Action
|
|||
$this->view->sEcho = $r["sEcho"];
|
||||
$this->view->iTotalDisplayRecords = $r["iTotalDisplayRecords"];
|
||||
$this->view->iTotalRecords = $r["iTotalRecords"];
|
||||
$this->view->files = $r["aaData"];
|
||||
$this->view->files = SecurityHelper::htmlescape_recursive($r["aaData"]);
|
||||
}
|
||||
|
||||
public function editFileMdAction()
|
||||
|
|
|
|||
|
|
@ -89,6 +89,7 @@ class PlayouthistoryController extends Zend_Controller_Action
|
|||
$this->view->iTotalDisplayRecords = $r["iTotalDisplayRecords"];
|
||||
$this->view->iTotalRecords = $r["iTotalRecords"];
|
||||
$this->view->history = $r["history"];
|
||||
$this->view->history = SecurityHelper::htmlescape_recursive($this->view->history);
|
||||
}
|
||||
catch (Exception $e) {
|
||||
Logging::info($e);
|
||||
|
|
@ -112,7 +113,9 @@ class PlayouthistoryController extends Zend_Controller_Action
|
|||
$this->view->iTotalDisplayRecords = $r["iTotalDisplayRecords"];
|
||||
$this->view->iTotalRecords = $r["iTotalRecords"];
|
||||
$this->view->history = $r["history"];
|
||||
}
|
||||
$this->view->history = SecurityHelper::htmlescape_recursive($this->view->history);
|
||||
|
||||
}
|
||||
catch (Exception $e) {
|
||||
Logging::info($e);
|
||||
Logging::info($e->getMessage());
|
||||
|
|
@ -130,6 +133,7 @@ class PlayouthistoryController extends Zend_Controller_Action
|
|||
|
||||
$historyService = new Application_Service_HistoryService();
|
||||
$shows = $historyService->getShowList($startsDT, $endsDT);
|
||||
$shows = SecurityHelper::htmlescape_recursive($shows);
|
||||
|
||||
$this->_helper->json->sendJson($shows);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -112,6 +112,6 @@ class PluploadController extends Zend_Controller_Action
|
|||
$this->view->sEcho = intval($request->getParam('sEcho'));
|
||||
$this->view->iTotalDisplayRecords = $numTotalDisplayUploads;
|
||||
$this->view->iTotalRecords = $numTotalRecentUploads;
|
||||
$this->view->files = $uploadsArray;
|
||||
$this->view->files = SecurityHelper::htmlescape_recursive($uploadsArray);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue