Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'cc-5709-airtime-analyzer' into saas-file-sanitization 

Conflicts:
	airtime_mvc/application/controllers/LibraryController.php
	airtime_mvc/application/modules/rest/controllers/MediaController.php
This commit is contained in:
Albert Santoni 2015-02-18 17:18:43 -05:00
parent 72e4a036a4 17f1d0e96d
commit 9098e204e5
3 changed files with 17 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
airtime_mvc/application/common/FileDataHelper.php
View File

@ -1,9 +1,4 @@
<?php
/**
* Created by PhpStorm.
* User: sourcefabric
* Date: 17/02/15
*/
class FileDataHelper {
@ -12,9 +7,16 @@ class FileDataHelper {
* at all costs, so check the data and sanitize it if necessary
* @param array $data array containing new file metadata
*/
public static function sanitizeData(&$data) {
// If the track number isn't numeric, this will return 0
$data["track_number"] = intval($data["track_number"]);
public static function sanitizeData(&$data)
{
if (array_key_exists("track_number", $data)) {
// If the track number isn't numeric, this will return 0
$data["track_number"] = intval($data["track_number"]);
}
if (array_key_exists("year", $data)) {
// If the track number isn't numeric, this will return 0
$data["year"] = intval($data["year"]);
}
}
}

9
airtime_mvc/application/controllers/LibraryController.php
View File

@ -441,12 +441,11 @@ class LibraryController extends Zend_Controller_Action
$serialized[$j["name"]] = $j["value"];
}
if ($form->isValid($serialized)) {
// Sanitize any incorrect metadata that slipped past validation
FileDataHelper::sanitizeData($serialized);
$file->setDbColMetadata($serialized);
// Sanitize any wildly incorrect metadata before it goes to be validated.
FileDataHelper::sanitizeData($serialized);
$this->_redirect('Library');
if ($form->isValid($serialized)) {
$file->setDbColMetadata($serialized);
}
}

10
airtime_mvc/application/modules/rest/controllers/MediaController.php
View File

@ -119,9 +119,6 @@ class Rest_MediaController extends Zend_Rest_Controller
$file->save();
return;
} else {
// Sanitize any incorrect metadata that slipped past validation
FileDataHelper::sanitizeData($whiteList);
/* If full_path is set, the post request came from ftp.
* Users are allowed to upload folders via ftp. If this is the case
* we need to include the folder name with the file name, otherwise
@ -175,8 +172,6 @@ class Rest_MediaController extends Zend_Rest_Controller
$file->save();
return;
} else if ($file && isset($requestData["resource_id"])) {
// Sanitize any incorrect metadata that slipped past validation
FileDataHelper::sanitizeData($whiteList);
$file->fromArray($whiteList, BasePeer::TYPE_FIELDNAME);
@ -206,8 +201,6 @@ class Rest_MediaController extends Zend_Rest_Controller
->setHttpResponseCode(200)
->appendBody(json_encode(CcFiles::sanitizeResponse($file)));
} else if ($file) {
// Sanitize any incorrect metadata that slipped past validation
FileDataHelper::sanitizeData($whiteList);
//local file storage
$file->setDbDirectory(self::MUSIC_DIRS_STOR_PK);
@ -304,6 +297,9 @@ class Rest_MediaController extends Zend_Rest_Controller
private function validateRequestData($file, &$whiteList)
{
// Sanitize any wildly incorrect metadata before it goes to be validated
FileDataHelper::sanitizeData($whiteList);
try {
// EditAudioMD form is used here for validation
$fileForm = new Application_Form_EditAudioMD();