From 30b192a80920532651e41d2511512da902bb807e Mon Sep 17 00:00:00 2001 From: James Date: Wed, 21 Dec 2011 17:30:42 -0500 Subject: [PATCH] CC-3218: tream-settings: Spaces and other illegal characters should not be allowed in the fields: server, username, password, URL, and mount point - masking was added on the front end and validators were added for the server side. - extra fix: fixed php undefined index notice problem. --- .../controllers/PreferenceController.php | 1 + airtime_mvc/application/forms/StreamSetting.php | 4 +++- .../application/forms/StreamSettingSubForm.php | 15 +++++++++++++++ .../js/airtime/preferences/streamsetting.js | 11 +++++++++++ 4 files changed, 30 insertions(+), 1 deletion(-) diff --git a/airtime_mvc/application/controllers/PreferenceController.php b/airtime_mvc/application/controllers/PreferenceController.php index 88ceca045..8d227c7e7 100644 --- a/airtime_mvc/application/controllers/PreferenceController.php +++ b/airtime_mvc/application/controllers/PreferenceController.php @@ -133,6 +133,7 @@ class PreferenceController extends Zend_Controller_Action $baseUrl = $request->getBaseUrl(); $this->view->headScript()->appendFile($baseUrl.'/js/airtime/preferences/streamsetting.js','text/javascript'); + $this->view->headScript()->appendFile($baseUrl.'/js/meioMask/jquery.meio.mask.js','text/javascript'); // get current settings $temp = Application_Model_StreamSetting::getStreamSetting(); diff --git a/airtime_mvc/application/forms/StreamSetting.php b/airtime_mvc/application/forms/StreamSetting.php index 9d5289ebf..6c4e59871 100644 --- a/airtime_mvc/application/forms/StreamSetting.php +++ b/airtime_mvc/application/forms/StreamSetting.php @@ -68,8 +68,10 @@ class Application_Form_StreamSetting extends Zend_Form } public function isValid($data){ - $this->populate(array("output_sound_device"=>$data['output_sound_device'], "icecast_vorbis_metadata"=>$data['icecast_vorbis_metadata'], + if($data['output_sound_device']){ + $this->populate(array("output_sound_device"=>$data['output_sound_device'], "icecast_vorbis_metadata"=>$data['icecast_vorbis_metadata'], "output_sound_device_type"=>$data['output_sound_device_type'], "streamFormat"=>$data['streamFormat'])); + } return true; } } diff --git a/airtime_mvc/application/forms/StreamSettingSubForm.php b/airtime_mvc/application/forms/StreamSettingSubForm.php index f63825eb8..2d69d9c29 100644 --- a/airtime_mvc/application/forms/StreamSettingSubForm.php +++ b/airtime_mvc/application/forms/StreamSettingSubForm.php @@ -83,10 +83,13 @@ class Application_Form_StreamSettingSubForm extends Zend_Form_SubForm{ $host = new Zend_Form_Element_Text('host'); $host->setLabel("Server") ->setValue(isset($setting[$prefix.'_host'])?$setting[$prefix.'_host']:"") + ->setValidators(array( + array('regex', false, array('/^[^ &<>]+$/', 'messages' => 'Invalid character entered')))) ->setDecorators(array('ViewHelper')); if($disable_all){ $host->setAttrib("disabled", "disabled"); } + $host->setAttrib('alt', 'regular_text'); $this->addElement($host); $port = new Zend_Form_Element_Text('port'); @@ -103,10 +106,13 @@ class Application_Form_StreamSettingSubForm extends Zend_Form_SubForm{ $pass = new Zend_Form_Element_Text('pass'); $pass->setLabel("Password") ->setValue(isset($setting[$prefix.'_pass'])?$setting[$prefix.'_pass']:"") + ->setValidators(array( + array('regex', false, array('/^[^ &<>]+$/', 'messages' => 'Invalid character entered')))) ->setDecorators(array('ViewHelper')); if($disable_all){ $pass->setAttrib("disabled", "disabled"); } + $pass->setAttrib('alt', 'regular_text'); $this->addElement($pass); $genre = new Zend_Form_Element_Text('genre'); @@ -121,10 +127,13 @@ class Application_Form_StreamSettingSubForm extends Zend_Form_SubForm{ $url = new Zend_Form_Element_Text('url'); $url->setLabel("URL") ->setValue(isset($setting[$prefix.'_url'])?$setting[$prefix.'_url']:"") + ->setValidators(array( + array('regex', false, array('/^[0-9a-zA-Z\-_.:\/]+$/', 'messages' => 'Invalid character entered')))) ->setDecorators(array('ViewHelper')); if($disable_all){ $url->setAttrib("disabled", "disabled"); } + $url->setAttrib('alt', 'url'); $this->addElement($url); $description = new Zend_Form_Element_Text('description'); @@ -139,19 +148,25 @@ class Application_Form_StreamSettingSubForm extends Zend_Form_SubForm{ $mount = new Zend_Form_Element_Text('mount'); $mount->setLabel("Mount Point") ->setValue(isset($setting[$prefix.'_mount'])?$setting[$prefix.'_mount']:"") + ->setValidators(array( + array('regex', false, array('/^[^ &<>]+$/', 'messages' => 'Invalid character entered')))) ->setDecorators(array('ViewHelper')); if($disable_all){ $mount->setAttrib("disabled", "disabled"); } + $mount->setAttrib('alt', 'regular_text'); $this->addElement($mount); $user = new Zend_Form_Element_Text('user'); $user->setLabel("Username") ->setValue(isset($setting[$prefix.'_user'])?$setting[$prefix.'_user']:"") + ->setValidators(array( + array('regex', false, array('/^[^ &<>]+$/', 'messages' => 'Invalid character entered')))) ->setDecorators(array('ViewHelper')); if($disable_all){ $user->setAttrib("disabled", "disabled"); } + $user->setAttrib('alt', 'regular_text'); $this->addElement($user); $liquidsopa_error_msg = '

Getting information from the server...

'; diff --git a/airtime_mvc/public/js/airtime/preferences/streamsetting.js b/airtime_mvc/public/js/airtime/preferences/streamsetting.js index 681bf43c0..ff5883efe 100644 --- a/airtime_mvc/public/js/airtime/preferences/streamsetting.js +++ b/airtime_mvc/public/js/airtime/preferences/streamsetting.js @@ -174,5 +174,16 @@ $(document).ready(function() { showErrorSections() setInterval('checkLiquidsoapStatus()', 1000) + $.mask.rules = { + '@': /[^ &<>]/, + 'u': /[0-9a-zA-Z-_.:/]/ + } + // add masking on the fields that don't allow special chars + + $.mask.masks = $.extend($.mask.masks,{ + regular_text:{ mask: '@', type:'repeat', 'maxLength': 256, selectCharsOnFocus: false, autoTab: false, fixedChars : '[(),:/]'}, + url:{ mask: 'u', type:'repeat', 'maxLength': 261, selectCharsOnFocus: false, autoTab: false, fixedChars : '[(),]'} + }) + $('input:text').setMask() });