Handle bad payload in some airtime_mvc api calls

Added a basic JSON decode error safe guard for the following actions:
- pushStreamStatsAction
- updateStreamSettingTableAction
This commit is contained in:
jo 2021-08-05 14:24:48 +02:00
parent f5d1ffe27c
commit 719f6b5c6a
1 changed files with 34 additions and 2 deletions

View File

@ -1427,7 +1427,16 @@ class ApiController extends Zend_Controller_Action
public function pushStreamStatsAction() {
$request = $this->getRequest();
$data = json_decode($request->getParam("data"), true);
$data_blob = $request->getParam("data");
$data = json_decode($data_blob, true);
if ($data === null && json_last_error() !== JSON_ERROR_NONE) {
$message = "An error occured while decoding the 'data' JSON blob: '$data_blob'";
Logging::error($message);
$this->jsonError(400, $message);
return;
}
Application_Model_ListenerStat::insertDataPoints($data);
$this->view->data = $data;
@ -1435,7 +1444,16 @@ class ApiController extends Zend_Controller_Action
public function updateStreamSettingTableAction() {
$request = $this->getRequest();
$data = json_decode($request->getParam("data"), true);
$data_blob = $request->getParam("data");
$data = json_decode($data_blob, true);
if ($data === null && json_last_error() !== JSON_ERROR_NONE) {
$message = "An error occured while decoding the 'data' JSON blob: '$data_blob'";
Logging::error($message);
$this->jsonError(400, $message);
return;
}
foreach ($data as $k=>$v) {
Application_Model_StreamSetting::SetListenerStatError($k, $v);
@ -1711,4 +1729,18 @@ class ApiController extends Zend_Controller_Action
// enable cors access from configured URLs
CORSHelper::enableCrossOriginRequests($request, $response);
}
/**
* Respond with a JSON error message with a custom HTTP status code.
*
* This logic should be handled by Zend, but I lack understanding of this
* framework, and prefer not break it or spend too much time on it.
*/
private final function jsonError($status, $message)
{
$this->getResponse()
->setHttpResponseCode($status)
->setHeader('Content-Type', 'application/json')
->setBody(json_encode(['error' => $message]));
}
}