Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cc-4105: fixed up python media monitor request parameter for recorded shows\n.Added more input validation in php controller

This commit is contained in:
Rudi Grinberg 2012-07-17 14:50:18 -04:00
parent 0ddc8497c3
commit 531dfe2b5e
2 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
airtime_mvc/application/controllers/ApiController.php
View File

@ -543,17 +543,28 @@ class ApiController extends Zend_Controller_Action
// to some unique id. // to some unique id.
$responses = array(); $responses = array();
$params = $request->getParams(); $params = $request->getParams();
$valid_modes = array('delete_dir', 'delete', 'moved', 'modify', 'create');
foreach ($request->getParams() as $k => $raw_json) { foreach ($request->getParams() as $k => $raw_json) {
// Valid requests must start with mdXXX where XXX represents at least 1 digit // Valid requests must start with mdXXX where XXX represents at least 1 digit
if( !preg_match('/^md\d+$/', $k) ) { continue; } if( !preg_match('/^md\d+$/', $k) ) { continue; }
$info_json = json_decode($raw_json, $assoc=true); $info_json = json_decode($raw_json, $assoc=true);
if( !array_key_exists('mode', $info_json) ) { if( !array_key_exists('mode', $info_json) ) { // Log invalid requests
Logging::log("Received bad request(key=$k), no 'mode' parameter. Bad request is:"); Logging::log("Received bad request(key=$k), no 'mode' parameter. Bad request is:");
Logging::log( $info_json ); Logging::log( $info_json );
array_push( $responses, array( array_push( $responses, array(
'error' => "Bad request. no 'mode' parameter passed.", 'error' => "Bad request. no 'mode' parameter passed.",
'key' => $k)); 'key' => $k));
continue; continue;
} elseif ( !in_array($info_json['mode'], $valid_modes) ) {
// A request still has a chance of being invalid even if it exists but it's validated
// by $valid_modes array
$mode = $info_json['mode'];
Logging::log("Received bad request(key=$k). 'mode' parameter was invalid with value: '$mode'");
array_push( $responses, array(
'error' => "Bad request. 'mode' parameter is invalid",
'key' => $k,
'mode' => $mode ) );
continue;
} }
// Removing 'mode' key from $info_json might not be necessary... // Removing 'mode' key from $info_json might not be necessary...
$mode = $info_json['mode']; $mode = $info_json['mode'];

10
python_apps/api_clients/api_client.py
View File

@ -394,11 +394,15 @@ class AirtimeApiClient():
# matter what it is based on if it's absent in the action # matter what it is based on if it's absent in the action
if 'is_record' in action: if 'is_record' in action:
self.logger.debug("Sending a 'recorded' action") self.logger.debug("Sending a 'recorded' action")
action['is_record'] = True action['is_record'] = 1
else: action['is_record'] = False else: action['is_record'] = 0
valid_actions.append(action) valid_actions.append(action)
# Note that we must prefix every key with: mdX where x is a number # Note that we must prefix every key with: mdX where x is a number
md_list = dict((("md%d" % i), json.dumps(convert_dict_value_to_utf8(md))) for i,md in enumerate(valid_actions)) # Is there a way to format the next line a little better? The
# parenthesis make the code almost unreadable
md_list = dict((("md%d" % i), json.dumps(convert_dict_value_to_utf8(md))) \
for i,md in enumerate(valid_actions))
self.logger.info("Pumping out %d requests..." % len(valid_actions))
data = urllib.urlencode(md_list) data = urllib.urlencode(md_list)
req = urllib2.Request(url, data) req = urllib2.Request(url, data)
response = self.get_response_from_server(req) response = self.get_response_from_server(req)