Resolved merge conflicts for merging cc-5709-airtime-analyzer into saas.
This commit is contained in:
Robert Elder
commit
9fb35c448e
24 changed files with 165 additions and 106 deletions
|
|
@ -61,6 +61,7 @@ class LoginController extends Zend_Controller_Action
|
|||
|
||||
$result = $auth->authenticate($authAdapter);
|
||||
if ($result->isValid()) {
|
||||
Zend_Session::regenerateId();
|
||||
//all info about this user from the login table omit only the password
|
||||
$userInfo = $authAdapter->getResultRowObject(null, 'password');
|
||||
|
||||
|
|
@ -81,6 +82,7 @@ class LoginController extends Zend_Controller_Action
|
|||
$auth = Zend_Auth::getInstance();
|
||||
$result = $auth->authenticate($authAdapter);
|
||||
if ($result->isValid()) {
|
||||
Zend_Session::regenerateId();
|
||||
//set the user locale in case user changed it in when logging in
|
||||
Application_Model_Preference::SetUserLocale($locale);
|
||||
|
||||
|
|
|
|||
|
|
@ -30,6 +30,33 @@ class PluploadController extends Zend_Controller_Action
|
|||
if (Application_Model_Systemstatus::isDiskOverQuota()) {
|
||||
$this->view->quotaLimitReached = true;
|
||||
}
|
||||
|
||||
$csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
|
||||
$csrf_namespace->setExpirationSeconds(5*60*60);
|
||||
$csrf_namespace->authtoken = sha1(uniqid(rand(),1));
|
||||
|
||||
$csrf_element = new Zend_Form_Element_Hidden('csrf');
|
||||
$csrf_element->setValue($csrf_namespace->authtoken)->setRequired('true')->removeDecorator('HtmlTag')->removeDecorator('Label');
|
||||
$csrf_form = new Zend_Form();
|
||||
$csrf_form->addElement($csrf_element);
|
||||
$this->view->form = $csrf_form;
|
||||
}
|
||||
|
||||
public function uploadAction()
|
||||
{
|
||||
$current_namespace = new Zend_Session_Namespace('csrf_namespace');
|
||||
$observed_csrf_token = $this->_getParam('csrf_token');
|
||||
$expected_csrf_token = $current_namespace->authtoken;
|
||||
|
||||
if($observed_csrf_token == $expected_csrf_token){
|
||||
$upload_dir = ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . "plupload";
|
||||
$tempFilePath = Application_Model_StoredFile::uploadFile($upload_dir);
|
||||
$tempFileName = basename($tempFilePath);
|
||||
|
||||
$this->_helper->json->sendJson(array("jsonrpc" => "2.0", "tempfilepath" => $tempFileName));
|
||||
}else{
|
||||
$this->_helper->json->sendJson(array("jsonrpc" => "2.0", "valid" => false, "error" => "CSRF token did not match."));
|
||||
}
|
||||
}
|
||||
|
||||
public function recentUploadsAction()
|
||||
|
|
|
|||
|
|
@ -171,6 +171,10 @@ class PreferenceController extends Zend_Controller_Action
|
|||
$num_of_stream = intval(Application_Model_Preference::GetNumOfStreams());
|
||||
$form = new Application_Form_StreamSetting();
|
||||
|
||||
$form->addElement('hash', 'csrf', array(
|
||||
'salt' => 'unique'
|
||||
));
|
||||
|
||||
$form->setSetting($setting);
|
||||
$form->startFrom();
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue