From 883e792083aa12c0fd8a390c51265a16ecb6798f Mon Sep 17 00:00:00 2001
From: Rudi Grinberg <rudi.grinberg@sourcefabric.org>
Date: Tue, 17 Jul 2012 14:50:18 -0400
Subject: [PATCH] cc-4105: fixed up python media monitor request parameter for
 recorded shows\n.Added more input validation in php controller

---
 .../application/controllers/ApiController.php       | 13 ++++++++++++-
 python_apps/api_clients/api_client.py               | 10 +++++++---
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/airtime_mvc/application/controllers/ApiController.php b/airtime_mvc/application/controllers/ApiController.php
index 89d427de6..f095e2358 100644
--- a/airtime_mvc/application/controllers/ApiController.php
+++ b/airtime_mvc/application/controllers/ApiController.php
@@ -539,17 +539,28 @@ class ApiController extends Zend_Controller_Action
         // to some unique id.
         $responses = array();
         $params = $request->getParams();
+        $valid_modes = array('delete_dir', 'delete', 'moved', 'modify', 'create');
         foreach ($request->getParams() as $k => $raw_json) {
             // Valid requests must start with mdXXX where XXX represents at least 1 digit
             if( !preg_match('/^md\d+$/', $k) ) { continue; }
             $info_json = json_decode($raw_json, $assoc=true);
-            if( !array_key_exists('mode', $info_json) ) {
+            if( !array_key_exists('mode', $info_json) ) { // Log invalid requests
                 Logging::log("Received bad request(key=$k), no 'mode' parameter. Bad request is:");
                 Logging::log( $info_json );
                 array_push( $responses, array(
                     'error' => "Bad request. no 'mode' parameter passed.",
                     'key' => $k));
                 continue;
+            } elseif ( !in_array($info_json['mode'], $valid_modes) )  {
+                // A request still has a chance of being invalid even if it exists but it's validated
+                // by $valid_modes array
+                $mode = $info_json['mode'];
+                Logging::log("Received bad request(key=$k). 'mode' parameter was invalid with value: '$mode'");
+                array_push( $responses, array(
+                    'error' => "Bad request. 'mode' parameter is invalid",
+                    'key' => $k,
+                    'mode' => $mode ) );
+                continue;
             }
             // Removing 'mode' key from $info_json might not be necessary...
             $mode = $info_json['mode'];
diff --git a/python_apps/api_clients/api_client.py b/python_apps/api_clients/api_client.py
index 938f55250..8793e8f74 100644
--- a/python_apps/api_clients/api_client.py
+++ b/python_apps/api_clients/api_client.py
@@ -394,11 +394,15 @@ class AirtimeApiClient():
                     # matter what it is based on if it's absent in the action
                     if 'is_record' in action:
                         self.logger.debug("Sending a 'recorded' action")
-                        action['is_record'] = True
-                    else: action['is_record'] = False
+                        action['is_record'] = 1
+                    else: action['is_record'] = 0
                     valid_actions.append(action)
             # Note that we must prefix every key with: mdX where x is a number
-            md_list = dict((("md%d" % i), json.dumps(convert_dict_value_to_utf8(md))) for i,md in enumerate(valid_actions))
+            # Is there a way to format the next line a little better? The
+            # parenthesis make the code almost unreadable
+            md_list = dict((("md%d" % i), json.dumps(convert_dict_value_to_utf8(md))) \
+                    for i,md in enumerate(valid_actions))
+            self.logger.info("Pumping out %d requests..." % len(valid_actions))
             data = urllib.urlencode(md_list)
             req = urllib2.Request(url, data)
             response = self.get_response_from_server(req)