Merged cc-5709-airtime-analyzer into saas-file-sanitization

2015-02-17 12:19:11 -05:00 · 2015-02-17 12:19:11 -05:00 · 29c6ae15b0
commit 29c6ae15b0
parent 04e138b124 a07a1edcc0
4 changed files with 29 additions and 16 deletions
--- a/airtime_mvc/application/modules/rest/controllers/MediaController.php
+++ b/airtime_mvc/application/modules/rest/controllers/MediaController.php
@ -120,7 +120,8 @@ class Rest_MediaController extends Zend_Rest_Controller
            return;
        } else {
            // Sanitize any incorrect metadata that slipped past validation
-            $this->sanitizeData($file, $whiteList);
+            FileDataHelper::sanitizeData($whiteList["track_number"]);
+
            /* If full_path is set, the post request came from ftp.
             * Users are allowed to upload folders via ftp. If this is the case
             * we need to include the folder name with the file name, otherwise
@ -174,6 +175,9 @@ class Rest_MediaController extends Zend_Rest_Controller
            $file->save();
            return;
        } else if ($file && isset($requestData["resource_id"])) {
+            // Sanitize any incorrect metadata that slipped past validation
+            FileDataHelper::sanitizeData($whiteList["track_number"]);
+
            $file->fromArray($whiteList, BasePeer::TYPE_FIELDNAME);
            
            //store the original filename
@ -305,7 +309,7 @@ class Rest_MediaController extends Zend_Rest_Controller
            $fileForm = new Application_Form_EditAudioMD();
            $fileForm->startForm($file->getDbId());
            $fileForm->populate($whiteList);
-            
+
            /*
             * Here we are truncating metadata of any characters greater than the
             * max string length set in the database. In the rare case a track's
@ -340,18 +344,6 @@ class Rest_MediaController extends Zend_Rest_Controller
        return true;
    }

-    /**
-     * We want to throw out invalid data and process the upload successfully
-     * at all costs, so check the whitelisted data and sanitize it if necessary
-     * @param CcFiles   $file       CcFiles object being uploaded
-     * @param array     $whitelist  array of whitelisted (modifiable) file fields
-     */
-    private function sanitizeData($file, &$whitelist) {
-        if (!ctype_digit(strval($whitelist["track_number"]))) {
-            $file->setDbTrackNumber(null);
-        }
-    }
-
    private function processUploadedFile($callbackUrl, $originalFilename, $ownerId)
    {
        $CC_CONFIG = Config::getConfig();