Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'cc-5709-airtime-analyzer' into cc-5709-airtime-analyzer-cloud-storage

Browse source
This commit is contained in:
drigato 2014-10-08 11:46:30 -04:00
commit 2423ea6787
108 changed files with 24748 additions and 2164 deletions
Download patch file Download diff file Expand all files Collapse all files

2
airtime_mvc/application/controllers/LocaleController.php
View file

@ -12,12 +12,10 @@ class LocaleController extends Zend_Controller_Action
$this->_helper->viewRenderer->setNoRender(true);
header("Content-type: text/javascript");
$baseUrl = Application_Common_OsPath::getBaseDir();
$locale = Application_Model_Preference::GetLocale();
echo "var datatables_dict =" .
file_get_contents(Application_Common_OsPath::join(
$_SERVER["DOCUMENT_ROOT"],
$baseUrl,
"js/datatables/i18n/",
$locale.".txt")
);

2
airtime_mvc/application/controllers/LoginController.php
View file

@ -56,6 +56,8 @@ class LoginController extends Zend_Controller_Action
$result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
// Regenerate session id on login to prevent session fixation.
Zend_Session::regenerateId();
//all info about this user from the login table omit only the password
$userInfo = $authAdapter->getResultRowObject(null, 'password');

27
airtime_mvc/application/controllers/PluploadController.php
View file

@ -30,6 +30,33 @@ class PluploadController extends Zend_Controller_Action
if (Application_Model_Systemstatus::isDiskOverQuota()) {
$this->view->quotaLimitReached = true;
}
$csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
$csrf_namespace->setExpirationSeconds(5*60*60);
$csrf_namespace->authtoken = sha1(uniqid(rand(),1));
$csrf_element = new Zend_Form_Element_Hidden('csrf');
$csrf_element->setValue($csrf_namespace->authtoken)->setRequired('true')->removeDecorator('HtmlTag')->removeDecorator('Label');
$csrf_form = new Zend_Form();
$csrf_form->addElement($csrf_element);
$this->view->form = $csrf_form;
}
public function uploadAction()
{
$current_namespace = new Zend_Session_Namespace('csrf_namespace');
$observed_csrf_token = $this->_getParam('csrf_token');
$expected_csrf_token = $current_namespace->authtoken;
if($observed_csrf_token == $expected_csrf_token){
$upload_dir = ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . "plupload";
$tempFilePath = Application_Model_StoredFile::uploadFile($upload_dir);
$tempFileName = basename($tempFilePath);
$this->_helper->json->sendJson(array("jsonrpc" => "2.0", "tempfilepath" => $tempFileName));
}else{
$this->_helper->json->sendJson(array("jsonrpc" => "2.0", "valid" => false, "error" => "CSRF token did not match."));
}
}
public function recentUploadsAction()

4
airtime_mvc/application/controllers/PreferenceController.php
View file

@ -201,6 +201,10 @@ class PreferenceController extends Zend_Controller_Action
$num_of_stream = intval(Application_Model_Preference::GetNumOfStreams());
$form = new Application_Form_StreamSetting();
$form->addElement('hash', 'csrf', array(
'salt' => 'unique'
));
$form->setSetting($setting);
$form->startFrom();

1
airtime_mvc/application/controllers/plugins/Acl_plugin.php
View file

@ -119,7 +119,6 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
}
if (in_array($controller, array("api", "auth", "locale", "upgrade"))) {
$this->setRoleName("G");
} elseif (!Zend_Auth::getInstance()->hasIdentity()) {