Merge branch 'saas' into saas-embed-player
This commit is contained in:
drigato
commit
ac2181a52d
40 changed files with 913 additions and 608 deletions
|
|
@ -95,126 +95,11 @@ class ApiController extends Zend_Controller_Action
|
|||
|
||||
$fileId = $this->_getParam("file");
|
||||
|
||||
$media = Application_Model_StoredFile::RecallById($fileId);
|
||||
if ($media != null) {
|
||||
// Make sure we don't have some wrong result beecause of caching
|
||||
clearstatcache();
|
||||
|
||||
if ($media->getPropelOrm()->isValidPhysicalFile()) {
|
||||
$filename = $media->getPropelOrm()->getFilename();
|
||||
|
||||
//Download user left clicks a track and selects Download.
|
||||
if ("true" == $this->_getParam('download')) {
|
||||
//path_info breaks up a file path into seperate pieces of informaiton.
|
||||
//We just want the basename which is the file name with the path
|
||||
//information stripped away. We are using Content-Disposition to specify
|
||||
//to the browser what name the file should be saved as.
|
||||
header('Content-Disposition: attachment; filename="'.$filename.'"');
|
||||
} else {
|
||||
//user clicks play button for track preview
|
||||
header('Content-Disposition: inline; filename="'.$filename.'"');
|
||||
}
|
||||
|
||||
$this->readStoredFileObject($media);
|
||||
exit;
|
||||
} else {
|
||||
header ("HTTP/1.1 404 Not Found");
|
||||
}
|
||||
}
|
||||
$inline = !($this->_getParam('download',false) == true);
|
||||
Application_Service_MediaService::streamFileDownload($fileId, $inline);
|
||||
|
||||
$this->_helper->json->sendJson(array());
|
||||
}
|
||||
|
||||
/**
|
||||
* Read data from StoredFile object and send with XHR response
|
||||
*
|
||||
* @param Application_Model_StoredFile $storedFile - StoredFile object holding file information
|
||||
*/
|
||||
private function readStoredFileObject($storedFile) {
|
||||
$filepath = $storedFile->getFilePath();
|
||||
$size = $storedFile->getFileSize();
|
||||
$mimeType = $storedFile->getPropelOrm()->getDbMime();
|
||||
|
||||
$this->smartReadFile($filepath, $mimeType, $size);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Reads the requested portion of a file and sends its contents to the client with the appropriate headers.
|
||||
*
|
||||
* This HTTP_RANGE compatible read file function is necessary for allowing streaming media to be skipped around in.
|
||||
*
|
||||
* @param string $location - the full filepath pointing to the location of the file
|
||||
* @param string $mimeType - the file's mime type. Defaults to 'audio/mp3'
|
||||
* @param integer $size - the file size, in bytes
|
||||
* @return void
|
||||
*
|
||||
* @link https://groups.google.com/d/msg/jplayer/nSM2UmnSKKA/Hu76jDZS4xcJ
|
||||
* @link http://php.net/manual/en/function.readfile.php#86244
|
||||
*/
|
||||
private function smartReadFile($location, $mimeType = 'audio/mp3', $size = null)
|
||||
{
|
||||
if (!$location || $location == "") {
|
||||
throw new FileDoesNotExistException("Requested file does not exist!");
|
||||
}
|
||||
|
||||
// If we're passing in a Stored File object, it's faster
|
||||
// to use getFileSize() and pass in the result
|
||||
if (!isset($size) || $size < 0) {
|
||||
$size= filesize($location);
|
||||
}
|
||||
|
||||
if ($size < 0) {
|
||||
throw new Exception("Invalid file size returned for file at $location");
|
||||
}
|
||||
|
||||
$fm = @fopen($location, 'rb');
|
||||
if (!$fm) {
|
||||
header ("HTTP/1.1 505 Internal server error");
|
||||
return;
|
||||
}
|
||||
|
||||
$begin = 0;
|
||||
$end = $size - 1;
|
||||
|
||||
if (isset($_SERVER['HTTP_RANGE'])) {
|
||||
if (preg_match('/bytes=\h*(\d+)-(\d*)[\D.*]?/i', $_SERVER['HTTP_RANGE'], $matches)) {
|
||||
$begin = intval($matches[1]);
|
||||
if (!empty($matches[2])) {
|
||||
$end = intval($matches[2]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($_SERVER['HTTP_RANGE'])) {
|
||||
header('HTTP/1.1 206 Partial Content');
|
||||
} else {
|
||||
header('HTTP/1.1 200 OK');
|
||||
}
|
||||
header("Content-Type: $mimeType");
|
||||
header('Cache-Control: public, must-revalidate, max-age=0');
|
||||
header('Pragma: no-cache');
|
||||
header('Accept-Ranges: bytes');
|
||||
if ($size > 0) {
|
||||
header('Content-Length:' . (($end - $begin) + 1));
|
||||
if (isset($_SERVER['HTTP_RANGE'])) {
|
||||
header("Content-Range: bytes $begin-$end/$size");
|
||||
}
|
||||
}
|
||||
header("Content-Transfer-Encoding: binary");
|
||||
|
||||
//We can have multiple levels of output buffering. Need to
|
||||
//keep looping until all have been disabled!!!
|
||||
//http://www.php.net/manual/en/function.ob-end-flush.php
|
||||
while (@ob_end_flush());
|
||||
|
||||
// NOTE: We can't use fseek here because it does not work with streams
|
||||
// (a.k.a. Files stored in the cloud)
|
||||
while(!feof($fm) && (connection_status() == 0)) {
|
||||
echo fread($fm, 1024 * 8);
|
||||
}
|
||||
fclose($fm);
|
||||
}
|
||||
|
||||
//Used by the SaaS monitoring
|
||||
public function onAirLightAction()
|
||||
|
|
@ -610,9 +495,8 @@ class ApiController extends Zend_Controller_Action
|
|||
|
||||
$path = $show->getDbImagePath();
|
||||
$mime_type = mime_content_type($path);
|
||||
|
||||
header("Content-type: " . $mime_type);
|
||||
$this->smartReadFile($path, $mime_type);
|
||||
|
||||
Application_Common_FileIO::smartReadFile($path, filesize($path), $mime_type);
|
||||
} else {
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
print _('You are not allowed to access this resource. ');
|
||||
|
|
|
|||
|
|
@ -22,8 +22,6 @@ class AudiopreviewController extends Zend_Controller_Action
|
|||
$CC_CONFIG = Config::getConfig();
|
||||
|
||||
$audioFileID = $this->_getParam('audioFileID');
|
||||
$audioFileArtist = $this->_getParam('audioFileArtist');
|
||||
$audioFileTitle = $this->_getParam('audioFileTitle');
|
||||
$type = $this->_getParam('type');
|
||||
|
||||
$baseUrl = Application_Common_OsPath::getBaseDir();
|
||||
|
|
@ -49,10 +47,15 @@ class AudiopreviewController extends Zend_Controller_Action
|
|||
$media = Application_Model_StoredFile::RecallById($audioFileID);
|
||||
$uri = $baseUrl."api/get-media/file/".$audioFileID;
|
||||
$mime = $media->getPropelOrm()->getDbMime();
|
||||
$this->view->audioFileArtist = htmlspecialchars($media->getPropelOrm()->getDbArtistName());
|
||||
$this->view->audioFileTitle = htmlspecialchars($media->getPropelOrm()->getDbTrackTitle());
|
||||
|
||||
} elseif ($type == "stream") {
|
||||
$webstream = CcWebstreamQuery::create()->findPk($audioFileID);
|
||||
$uri = $webstream->getDbUrl();
|
||||
$mime = $webstream->getDbMime();
|
||||
$this->view->audioFileTitle = htmlspecialchars($webstream->getDbName());
|
||||
|
||||
} else {
|
||||
throw new Exception("Unknown type for audio preview!.Type=$type");
|
||||
}
|
||||
|
|
@ -60,10 +63,7 @@ class AudiopreviewController extends Zend_Controller_Action
|
|||
$this->view->uri = $uri;
|
||||
$this->view->mime = $mime;
|
||||
$this->view->audioFileID = $audioFileID;
|
||||
// We need to decode artist and title because it gets
|
||||
// encoded twice in js
|
||||
$this->view->audioFileArtist = htmlspecialchars(urldecode($audioFileArtist));
|
||||
$this->view->audioFileTitle = htmlspecialchars(urldecode($audioFileTitle));
|
||||
|
||||
$this->view->type = $type;
|
||||
|
||||
$this->_helper->viewRenderer->setRender('audio-preview');
|
||||
|
|
|
|||
|
|
@ -217,7 +217,7 @@ class LibraryController extends Zend_Controller_Action
|
|||
// and not the cloud_file id (if applicable) for track download.
|
||||
// Our application logic (StoredFile.php) will determine if the track
|
||||
// is a cloud_file and handle it appropriately.
|
||||
$url = $baseUrl."api/get-media/file/".$id.".".$file->getFileExtension().'/download/true';
|
||||
$url = $baseUrl."api/get-media/file/$id/download/true";
|
||||
$menu["download"] = array("name" => _("Download"), "icon" => "download", "url" => $url);
|
||||
} elseif ($type === "playlist" || $type === "block") {
|
||||
if ($type === 'playlist') {
|
||||
|
|
|
|||
|
|
@ -119,6 +119,9 @@ class LoginController extends Zend_Controller_Action
|
|||
{
|
||||
$auth = Zend_Auth::getInstance();
|
||||
$auth->clearIdentity();
|
||||
// Unset all session variables relating to CSRF prevention on logout
|
||||
$csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
|
||||
$csrf_namespace->unsetAll();
|
||||
$this->_redirect('showbuilder/index');
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -31,9 +31,10 @@ class PluploadController extends Zend_Controller_Action
|
|||
$this->view->quotaLimitReached = true;
|
||||
}
|
||||
|
||||
//Because uploads are done via AJAX (and we're not using Zend form for those), we manually add the CSRF
|
||||
//token in here.
|
||||
$csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
|
||||
$csrf_namespace->setExpirationSeconds(5*60*60);
|
||||
$csrf_namespace->authtoken = sha1(uniqid(rand(),1));
|
||||
//The CSRF token is generated in Bootstrap.php
|
||||
|
||||
$csrf_element = new Zend_Form_Element_Hidden('csrf');
|
||||
$csrf_element->setValue($csrf_namespace->authtoken)->setRequired('true')->removeDecorator('HtmlTag')->removeDecorator('Label');
|
||||
|
|
|
|||
|
|
@ -38,6 +38,7 @@ class PreferenceController extends Zend_Controller_Action
|
|||
if ($form->isValid($values))
|
||||
{
|
||||
Application_Model_Preference::SetHeadTitle($values["stationName"], $this->view);
|
||||
Application_Model_Preference::SetStationDescription($values["stationDescription"]);
|
||||
Application_Model_Preference::SetDefaultCrossfadeDuration($values["stationDefaultCrossfadeDuration"]);
|
||||
Application_Model_Preference::SetDefaultFadeIn($values["stationDefaultFadeIn"]);
|
||||
Application_Model_Preference::SetDefaultFadeOut($values["stationDefaultFadeOut"]);
|
||||
|
|
@ -49,7 +50,11 @@ class PreferenceController extends Zend_Controller_Action
|
|||
$logoUploadElement = $form->getSubForm('preferences_general')->getElement('stationLogo');
|
||||
$logoUploadElement->receive();
|
||||
$imagePath = $logoUploadElement->getFileName();
|
||||
Application_Model_Preference::SetStationLogo($imagePath);
|
||||
|
||||
// Only update the image logo if the new logo is non-empty
|
||||
if (!empty($imagePath) && $imagePath != "") {
|
||||
Application_Model_Preference::SetStationLogo($imagePath);
|
||||
}
|
||||
|
||||
Application_Model_Preference::SetUploadToSoundcloudOption($values["UploadToSoundcloudOption"]);
|
||||
Application_Model_Preference::SetSoundCloudDownloadbleOption($values["SoundCloudDownloadbleOption"]);
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ class UpgradeController extends Zend_Controller_Action
|
|||
array_push($upgraders, new AirtimeUpgrader255());
|
||||
array_push($upgraders, new AirtimeUpgrader259());
|
||||
array_push($upgraders, new AirtimeUpgrader2510());
|
||||
array_push($upgraders, new AirtimeUpgrader2511());
|
||||
|
||||
$didWePerformAnUpgrade = false;
|
||||
try
|
||||
|
|
|
|||
|
|
@ -152,17 +152,22 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
|
|||
}
|
||||
}
|
||||
} else { //We have a session/identity.
|
||||
|
||||
// If we have an identity and we're making a RESTful request,
|
||||
// we need to check the CSRF token
|
||||
if ($request->_action != "get" && $request->getModuleName() == "rest") {
|
||||
$tokenValid = $this->verifyCSRFToken($request->getParam("csrf_token"));
|
||||
if ($_SERVER['REQUEST_METHOD'] != "GET" && $request->getModuleName() == "rest") {
|
||||
$token = $request->getParam("csrf_token");
|
||||
$tokenValid = $this->verifyCSRFToken($token);
|
||||
|
||||
if (!$tokenValid) {
|
||||
$csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
|
||||
$csrf_namespace->authtoken = sha1(openssl_random_pseudo_bytes(128));
|
||||
|
||||
Logging::warn("Invalid CSRF token: $token");
|
||||
$this->getResponse()
|
||||
->setHttpResponseCode(401)
|
||||
->appendBody("ERROR: CSRF token mismatch.");
|
||||
return;
|
||||
->appendBody("ERROR: CSRF token mismatch.")
|
||||
->sendResponse();
|
||||
die();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -207,7 +212,7 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
|
|||
$current_namespace = new Zend_Session_Namespace('csrf_namespace');
|
||||
$observed_csrf_token = $token;
|
||||
$expected_csrf_token = $current_namespace->authtoken;
|
||||
|
||||
|
||||
return ($observed_csrf_token == $expected_csrf_token);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue