Merge branch 'saas-dev' into saas-installer-albert

2015-06-10 12:02:08 -04:00 · 2015-06-10 12:02:08 -04:00 · 3996e757b7
commit 3996e757b7
parent 01ea6f27ae 6126e8a51c
10 changed files with 93 additions and 36 deletions
--- a/airtime_mvc/application/controllers/ApiController.php
+++ b/airtime_mvc/application/controllers/ApiController.php
@ -435,8 +435,8 @@ class ApiController extends Zend_Controller_Action
     * Go through a given array and sanitize any potentially exploitable fields
     * by passing them through htmlspecialchars
     *
-     * @param unknown $arr    the array to sanitize
-     * @param unknown $keys    indexes of values to be sanitized
+     * @param array $arr     the array to sanitize
+     * @param array $keys    indexes of values to be sanitized
     */
    private function convertSpecialChars(&$arr, $keys) 
    {
@ -456,7 +456,7 @@ class ApiController extends Zend_Controller_Action
     * Recursively find image_path keys in the various $result subarrays,
     * and convert them to point to the show-logo endpoint
     *
-     * @param unknown $arr the array to search
+     * @param array $arr the array to search
     */
    private function findAndConvertPaths(&$arr) 
    {
@ -480,26 +480,38 @@ class ApiController extends Zend_Controller_Action
     */
    public function showLogoAction() 
    {
+        // Disable the view and the layout
+        $this->view->layout()->disableLayout();
+        $this->_helper->viewRenderer->setNoRender(true);
+
        if (Application_Model_Preference::GetAllow3rdPartyApi() || $this->checkAuth()) {
            $request = $this->getRequest();
            $showId = $request->getParam('id');
-
-            // if no id is passed, just die - redirects to a 404
-            if (!$showId || $showId === '') {
-                return;
+            if (empty($showId)) {
+                throw new ZendActionHttpException($this, 400, "ERROR: No ID was given.");
            }

            $show = CcShowQuery::create()->findPk($showId);
-            
-            // disable the view and the layout
-            $this->view->layout()->disableLayout();
-            $this->_helper->viewRenderer->setNoRender(true);
+            if (empty($show)) {
+                throw new ZendActionHttpException($this, 400, "ERROR: No show with ID $showId exists.");
+            }
            
            $path = $show->getDbImagePath();
            $mime_type = mime_content_type($path);
+            if (empty($path)) {
+                throw new ZendActionHttpException($this, 400, "ERROR: Show does not have an associated image.");
+            }

-            Application_Common_FileIO::smartReadFile($path, filesize($path), $mime_type);
-           } else {
+            try {
+                // Sometimes end users may be looking at stale data - if an image is removed
+                // but has been cached in a client's browser this will throw an exception
+                Application_Common_FileIO::smartReadFile($path, filesize($path), $mime_type);
+            } catch(FileNotFoundException $e) {
+                throw new ZendActionHttpException($this, 404, "ERROR: No image found at $path");
+            } catch(Exception $e) {
+                throw new ZendActionHttpException($this, 500, "ERROR: " . $e->getMessage());
+            }
+        } else {
            header('HTTP/1.0 401 Unauthorized');
            print _('You are not allowed to access this resource. ');
            exit;