From 8ffd70781ba07e30b19f95575f7d08c2cedcd8c6 Mon Sep 17 00:00:00 2001
From: Albert Santoni <albert.santoni@sourcefabric.org>
Date: Thu, 20 Nov 2014 16:46:21 -0500
Subject: [PATCH] Remove clearAction from the media REST API for security

---
 .../application/modules/rest/controllers/MediaController.php   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/airtime_mvc/application/modules/rest/controllers/MediaController.php b/airtime_mvc/application/modules/rest/controllers/MediaController.php
index 7cc5f370a..8d8672a9f 100644
--- a/airtime_mvc/application/modules/rest/controllers/MediaController.php
+++ b/airtime_mvc/application/modules/rest/controllers/MediaController.php
@@ -78,6 +78,8 @@ class Rest_MediaController extends Zend_Rest_Controller
         }
     }
 
+/* This action is extremely dangerous and a horrible idea without CSRF protection.
+   
     public function clearAction()
     {
         if (!$this->verifyAuth(true, true))
@@ -113,6 +115,7 @@ class Rest_MediaController extends Zend_Rest_Controller
             ->setHttpResponseCode(200)
             ->appendBody("Library has been cleared");
     }
+*/
     
     public function getAction()
     {