Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'saas-sessionoptimizations' into saas-3.x-sessionoptimizations

Browse source 
Conflicts:
	airtime_mvc/application/Bootstrap.php
	airtime_mvc/application/configs/constants.php
	airtime_mvc/application/controllers/LoginController.php
	airtime_mvc/application/controllers/UserController.php
	airtime_mvc/public/js/airtime/preferences/preferences.js
This commit is contained in:
Albert Santoni 2015-09-29 18:58:55 -04:00
commit 8b33acacd3
19 changed files with 395 additions and 216 deletions
Download patch file Download diff file Expand all files Collapse all files

24
airtime_mvc/application/controllers/PreferenceController.php
View file

@ -34,7 +34,7 @@ class PreferenceController extends Zend_Controller_Action
$form = new Application_Form_Preferences();
$values = array();
session_start(); //Open session for writing.
SessionHelper::reopenSessionForWriting();
if ($request->isPost()) {
$values = $request->getPost();
@ -94,7 +94,7 @@ class PreferenceController extends Zend_Controller_Action
$this->view->headScript()->appendFile($baseUrl.'js/airtime/preferences/support-setting.js?'.$CC_CONFIG['airtime_version'],'text/javascript');
$this->view->statusMsg = "";
session_start(); //Open session for writing.
SessionHelper::reopenSessionForWriting();
$form = new Application_Form_SupportSettings();
if ($request->isPost()) {
@ -130,12 +130,18 @@ class PreferenceController extends Zend_Controller_Action
public function removeLogoAction()
{
session_start(); //Open session for writing.
SessionHelper::reopenSessionForWriting();
$this->view->layout()->disableLayout();
// Remove reliance on .phtml files to render requests
$this->_helper->viewRenderer->setNoRender(true);
if (!SecurityHelper::verifyCSRFToken($this->_getParam('csrf_token'))) {
Logging::error(__FILE__ . ': Invalid CSRF token');
$this->_helper->json->sendJson(array("jsonrpc" => "2.0", "valid" => false, "error" => "CSRF token did not match."));
return;
}
Application_Model_Preference::SetStationLogo("");
}
@ -151,7 +157,7 @@ class PreferenceController extends Zend_Controller_Action
$this->view->headScript()->appendFile($baseUrl.'js/airtime/preferences/streamsetting.js?'.$CC_CONFIG['airtime_version'],'text/javascript');
session_start(); //Open session for writing.
SessionHelper::reopenSessionForWriting();
$name_map = array(
'ogg' => 'Ogg Vorbis',
@ -445,7 +451,7 @@ class PreferenceController extends Zend_Controller_Action
public function setSourceConnectionUrlAction()
{
session_start(); //Open session for writing.
SessionHelper::reopenSessionForWriting();
$request = $this->getRequest();
$type = $request->getParam("type", null);
@ -465,7 +471,7 @@ class PreferenceController extends Zend_Controller_Action
public function getAdminPasswordStatusAction()
{
session_start(); //Open session for writing.
SessionHelper::reopenSessionForWriting();
$out = array();
$num_of_stream = intval(Application_Model_Preference::GetNumOfStreams());
@ -483,6 +489,12 @@ class PreferenceController extends Zend_Controller_Action
{
$this->view->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender(true);
if (!SecurityHelper::verifyCSRFToken($this->_getParam('csrf_token'))) {
Logging::error(__FILE__ . ': Invalid CSRF token');
$this->_helper->json->sendJson(array("jsonrpc" => "2.0", "valid" => false, "error" => "CSRF token did not match."));
return;
}
// Only admin users should get here through ACL permissioning
// Only allow POST requests