Merge branch 'cc-5709-airtime-analyzer' into cc-5709-airtime-analyzer-refactor
This commit is contained in:
Albert Santoni
commit
7600b8ae82
48 changed files with 236 additions and 8770 deletions
|
|
@ -201,10 +201,14 @@ class AudiopreviewController extends Zend_Controller_Action
|
|||
$elementMap['element_mp3'] = $track['item_id'];
|
||||
} elseif (strtolower($mime) === 'audio/ogg') {
|
||||
$elementMap['element_oga'] = $track['item_id'];
|
||||
} elseif (strtolower($mime) === 'audio/vorbis') {
|
||||
$elementMap['element_oga'] = $track['item_id'];
|
||||
} elseif (strtolower($mime) === 'audio/mp4') {
|
||||
$elementMap['element_m4a'] = $track['item_id'];
|
||||
} elseif (strtolower($mime) === 'audio/wav') {
|
||||
$elementMap['element_wav'] = $track['item_id'];
|
||||
} elseif (strtolower($mime) === 'audio/x-wav') {
|
||||
$elementMap['element_wav'] = $track['item_id'];
|
||||
} elseif (strtolower($mime) === 'audio/x-flac') {
|
||||
$elementMap['element_flac'] = $track['item_id'];
|
||||
} else {
|
||||
|
|
@ -286,10 +290,14 @@ class AudiopreviewController extends Zend_Controller_Action
|
|||
$elementMap['element_mp3'] = $track['item_id'];
|
||||
} elseif (strtolower($mime) === 'audio/ogg') {
|
||||
$elementMap['element_oga'] = $track['item_id'];
|
||||
} elseif (strtolower($mime) === 'audio/vorbis') {
|
||||
$elementMap['element_oga'] = $track['item_id'];
|
||||
} elseif (strtolower($mime) === 'audio/mp4') {
|
||||
$elementMap['element_m4a'] = $track['item_id'];
|
||||
} elseif (strtolower($mime) === 'audio/wav') {
|
||||
$elementMap['element_wav'] = $track['item_id'];
|
||||
} elseif (strtolower($mime) === 'audio/x-wav') {
|
||||
$elementMap['element_wav'] = $track['item_id'];
|
||||
} elseif (strtolower($mime) === 'audio/x-flac') {
|
||||
$elementMap['element_flac'] = $track['item_id'];
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -98,6 +98,9 @@ class LoginController extends Zend_Controller_Action
|
|||
{
|
||||
$auth = Zend_Auth::getInstance();
|
||||
$auth->clearIdentity();
|
||||
// Unset all session variables relating to CSRF prevention on logout
|
||||
$csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
|
||||
$csrf_namespace->unsetAll();
|
||||
$this->_redirect('showbuilder/index');
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -31,9 +31,10 @@ class PluploadController extends Zend_Controller_Action
|
|||
$this->view->quotaLimitReached = true;
|
||||
}
|
||||
|
||||
//Because uploads are done via AJAX (and we're not using Zend form for those), we manually add the CSRF
|
||||
//token in here.
|
||||
$csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
|
||||
$csrf_namespace->setExpirationSeconds(5*60*60);
|
||||
$csrf_namespace->authtoken = sha1(uniqid(rand(),1));
|
||||
//The CSRF token is generated in Bootstrap.php
|
||||
|
||||
$csrf_element = new Zend_Form_Element_Hidden('csrf');
|
||||
$csrf_element->setValue($csrf_namespace->authtoken)->setRequired('true')->removeDecorator('HtmlTag')->removeDecorator('Label');
|
||||
|
|
|
|||
|
|
@ -136,7 +136,6 @@ class ScheduleController extends Zend_Controller_Action
|
|||
$editable = $user->isUserType(array(UTYPE_ADMIN, UTYPE_PROGRAM_MANAGER));
|
||||
|
||||
$calendar_interval = Application_Model_Preference::GetCalendarTimeScale();
|
||||
Logging::info($calendar_interval);
|
||||
if ($calendar_interval == "agendaDay") {
|
||||
list($start, $end) = Application_Model_Show::getStartEndCurrentDayView();
|
||||
} else if ($calendar_interval == "agendaWeek") {
|
||||
|
|
|
|||
|
|
@ -283,6 +283,14 @@ class ShowbuilderController extends Zend_Controller_Action
|
|||
$mediaItems = $request->getParam("mediaIds", array());
|
||||
$scheduledItems = $request->getParam("schedIds", array());
|
||||
|
||||
$log_vars = array();
|
||||
$log_vars["url"] = $_SERVER['HTTP_HOST'];
|
||||
$log_vars["action"] = "showbuilder/schedule-add";
|
||||
$log_vars["params"] = array();
|
||||
$log_vars["params"]["media_items"] = $mediaItems;
|
||||
$log_vars["params"]["scheduled_items"] = $scheduledItems;
|
||||
Logging::info($log_vars);
|
||||
|
||||
try {
|
||||
$scheduler = new Application_Model_Scheduler();
|
||||
$scheduler->scheduleAfter($scheduledItems, $mediaItems);
|
||||
|
|
|
|||
|
|
@ -148,17 +148,22 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
|
|||
}
|
||||
}
|
||||
} else { //We have a session/identity.
|
||||
|
||||
// If we have an identity and we're making a RESTful request,
|
||||
// we need to check the CSRF token
|
||||
if ($request->_action != "get" && $request->getModuleName() == "rest") {
|
||||
$tokenValid = $this->verifyCSRFToken($request->getParam("csrf_token"));
|
||||
if ($_SERVER['REQUEST_METHOD'] != "GET" && $request->getModuleName() == "rest") {
|
||||
$token = $request->getParam("csrf_token");
|
||||
$tokenValid = $this->verifyCSRFToken($token);
|
||||
|
||||
if (!$tokenValid) {
|
||||
$csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
|
||||
$csrf_namespace->authtoken = sha1(openssl_random_pseudo_bytes(128));
|
||||
|
||||
Logging::warn("Invalid CSRF token: $token");
|
||||
$this->getResponse()
|
||||
->setHttpResponseCode(401)
|
||||
->appendBody("ERROR: CSRF token mismatch.");
|
||||
return;
|
||||
->appendBody("ERROR: CSRF token mismatch.")
|
||||
->sendResponse();
|
||||
die();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -202,9 +207,7 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
|
|||
$current_namespace = new Zend_Session_Namespace('csrf_namespace');
|
||||
$observed_csrf_token = $token;
|
||||
$expected_csrf_token = $current_namespace->authtoken;
|
||||
Logging::error("Observed: " . $observed_csrf_token);
|
||||
Logging::error("Expected: " . $expected_csrf_token);
|
||||
|
||||
|
||||
return ($observed_csrf_token == $expected_csrf_token);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue