Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CC-5733: RESTful API data sanitization and validation 

Renamed sanitize function to sanitizeResponse
This commit is contained in:
drigato 2014-03-14 17:53:03 -04:00
parent 820f7f257a
commit 65ab49baee
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
airtime_mvc/application/modules/rest/controllers/MediaController.php
View File

@ -36,7 +36,7 @@ class Rest_MediaController extends Zend_Rest_Controller
$files_array = array(); $files_array = array();
foreach (CcFilesQuery::create()->find() as $file) foreach (CcFilesQuery::create()->find() as $file)
{ {
array_push($files_array, $this->sanitize($file)); array_push($files_array, $this->sanitizeResponse($file));
} }
$this->getResponse() $this->getResponse()
@ -65,7 +65,7 @@ class Rest_MediaController extends Zend_Rest_Controller
$this->getResponse() $this->getResponse()
->setHttpResponseCode(200) ->setHttpResponseCode(200)
->appendBody(json_encode($this->sanitize($file))); ->appendBody(json_encode($this->sanitizeResponse($file)));
} else { } else {
$this->fileNotFoundResponse(); $this->fileNotFoundResponse();
} }
@ -98,7 +98,7 @@ class Rest_MediaController extends Zend_Rest_Controller
$this->getResponse() $this->getResponse()
->setHttpResponseCode(201) ->setHttpResponseCode(201)
->appendBody(json_encode($this->sanitize($file))); ->appendBody(json_encode($this->sanitizeResponse($file)));
} }
public function putAction() public function putAction()
@ -114,14 +114,13 @@ class Rest_MediaController extends Zend_Rest_Controller
$file = CcFilesQuery::create()->findPk($id); $file = CcFilesQuery::create()->findPk($id);
if ($file) if ($file)
{ {
//TODO: Strip or sanitize the JSON output
$file->fromArray($this->validateRequestData(json_decode($this->getRequest()->getRawBody(), true)), BasePeer::TYPE_FIELDNAME); $file->fromArray($this->validateRequestData(json_decode($this->getRequest()->getRawBody(), true)), BasePeer::TYPE_FIELDNAME);
$now = new DateTime("now", new DateTimeZone("UTC")); $now = new DateTime("now", new DateTimeZone("UTC"));
$file->setDbMtime($now); $file->setDbMtime($now);
$file->save(); $file->save();
$this->getResponse() $this->getResponse()
->setHttpResponseCode(200) ->setHttpResponseCode(200)
->appendBody(json_encode($this->sanitize($file))); ->appendBody(json_encode($this->sanitizeResponse($file)));
} else { } else {
$this->fileNotFoundResponse(); $this->fileNotFoundResponse();
} }
@ -267,7 +266,7 @@ class Rest_MediaController extends Zend_Rest_Controller
* Strips out the private fields we do not want to send back in API responses * Strips out the private fields we do not want to send back in API responses
*/ */
//TODO: rename this function? //TODO: rename this function?
public function sanitize($file) public function sanitizeResponse($file)
{ {
$response = $file->toArray(BasePeer::TYPE_FIELDNAME); $response = $file->toArray(BasePeer::TYPE_FIELDNAME);