Merge branch 'saas-dev' into saas-installer-albert

2015-06-10 12:02:08 -04:00 · 2015-06-10 12:02:08 -04:00 · 3996e757b7
commit 3996e757b7
parent 01ea6f27ae 6126e8a51c
10 changed files with 93 additions and 36 deletions
--- a/airtime_mvc/application/controllers/ApiController.php
+++ b/airtime_mvc/application/controllers/ApiController.php
@ -435,8 +435,8 @@ class ApiController extends Zend_Controller_Action
     * Go through a given array and sanitize any potentially exploitable fields
     * by passing them through htmlspecialchars
     *
-     * @param unknown $arr    the array to sanitize
-     * @param unknown $keys    indexes of values to be sanitized
+     * @param array $arr     the array to sanitize
+     * @param array $keys    indexes of values to be sanitized
     */
    private function convertSpecialChars(&$arr, $keys) 
    {
@ -456,7 +456,7 @@ class ApiController extends Zend_Controller_Action
     * Recursively find image_path keys in the various $result subarrays,
     * and convert them to point to the show-logo endpoint
     *
-     * @param unknown $arr the array to search
+     * @param array $arr the array to search
     */
    private function findAndConvertPaths(&$arr) 
    {
@ -480,26 +480,38 @@ class ApiController extends Zend_Controller_Action
     */
    public function showLogoAction() 
    {
+        // Disable the view and the layout
+        $this->view->layout()->disableLayout();
+        $this->_helper->viewRenderer->setNoRender(true);
+
        if (Application_Model_Preference::GetAllow3rdPartyApi() || $this->checkAuth()) {
            $request = $this->getRequest();
            $showId = $request->getParam('id');
-
-            // if no id is passed, just die - redirects to a 404
-            if (!$showId || $showId === '') {
-                return;
+            if (empty($showId)) {
+                throw new ZendActionHttpException($this, 400, "ERROR: No ID was given.");
            }

            $show = CcShowQuery::create()->findPk($showId);
-            
-            // disable the view and the layout
-            $this->view->layout()->disableLayout();
-            $this->_helper->viewRenderer->setNoRender(true);
+            if (empty($show)) {
+                throw new ZendActionHttpException($this, 400, "ERROR: No show with ID $showId exists.");
+            }
            
            $path = $show->getDbImagePath();
            $mime_type = mime_content_type($path);
+            if (empty($path)) {
+                throw new ZendActionHttpException($this, 400, "ERROR: Show does not have an associated image.");
+            }

-            Application_Common_FileIO::smartReadFile($path, filesize($path), $mime_type);
-           } else {
+            try {
+                // Sometimes end users may be looking at stale data - if an image is removed
+                // but has been cached in a client's browser this will throw an exception
+                Application_Common_FileIO::smartReadFile($path, filesize($path), $mime_type);
+            } catch(FileNotFoundException $e) {
+                throw new ZendActionHttpException($this, 404, "ERROR: No image found at $path");
+            } catch(Exception $e) {
+                throw new ZendActionHttpException($this, 500, "ERROR: " . $e->getMessage());
+            }
+        } else {
            header('HTTP/1.0 401 Unauthorized');
            print _('You are not allowed to access this resource. ');
            exit;
--- a/airtime_mvc/application/controllers/IndexController.php
+++ b/airtime_mvc/application/controllers/IndexController.php
@ -10,7 +10,7 @@ class IndexController extends Zend_Controller_Action

    public function indexAction()
    {
-        $this->_forward('index', 'showbuilder');
+        $this->_redirect('Showbuilder');
    }

    public function mainAction()
--- a/airtime_mvc/application/controllers/UserController.php
+++ b/airtime_mvc/application/controllers/UserController.php
@ -102,7 +102,6 @@ class UserController extends Zend_Controller_Action
    public function getHostsAction()
    {
        $search            = $this->_getParam('term');
-        $res               = Application_Model_User::getHosts($search);
        $this->view->hosts = Application_Model_User::getHosts($search);
    }

@ -144,14 +143,27 @@ class UserController extends Zend_Controller_Action
                // We don't allow 6 x's as a password.
                // The reason is because we use that as a password placeholder
                // on the client side.
-                if (($formData['cu_password'] != "xxxxxx") &&
+                if (array_key_exists('cu_password', $formData) && ($formData['cu_password'] != "xxxxxx") &&
                    (!empty($formData['cu_password']))) {
                    $user->setPassword($formData['cu_password']);
                }
-                $user->setEmail($formData['cu_email']);
-                $user->setCellPhone($formData['cu_cell_phone']);
-                $user->setSkype($formData['cu_skype']);
-                $user->setJabber($formData['cu_jabber']);
+
+                if (array_key_exists('cu_email', $formData)) {
+                    $user->setEmail($formData['cu_email']);
+                }
+
+                if (array_key_exists('cu_cell_phone', $formData)) {
+                    $user->setCellPhone($formData['cu_cell_phone']);
+                }
+
+                if (array_key_exists('cu_skype', $formData)) {
+                    $user->setSkype($formData['cu_skype']);
+                }
+
+                if (array_key_exists('cu_jabber', $formData)) {
+                    $user->setJabber($formData['cu_jabber']);
+                }
+
                $user->save();

                Application_Model_Preference::SetUserLocale($formData['cu_locale']);