Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch '2.3.x' of dev.sourcefabric.org:airtime into 2.3.x

Browse source
This commit is contained in:
Naomi 2013-02-15 16:32:43 -05:00
commit f2773fcb01
72 changed files with 8418 additions and 13592 deletions
Download patch file Download diff file Expand all files Collapse all files

30
airtime_mvc/application/controllers/ApiController.php
View file

@ -262,7 +262,14 @@ class ApiController extends Zend_Controller_Action
"currentShow"=>Application_Model_Show::getCurrentShow($utcTimeNow),
"nextShow"=>Application_Model_Show::getNextShows($utcTimeNow, $limit, $utcTimeEnd)
);
// XSS exploit prevention
foreach ($result["currentShow"] as &$current) {
$current["name"] = htmlspecialchars($current["name"]);
}
foreach ($result["nextShow"] as &$next) {
$next["name"] = htmlspecialchars($next["name"]);
}
Application_Model_Show::convertToLocalTimeZone($result["currentShow"],
array("starts", "ends", "start_timestamp", "end_timestamp"));
Application_Model_Show::convertToLocalTimeZone($result["nextShow"],
@ -270,6 +277,17 @@ class ApiController extends Zend_Controller_Action
} else {
$result = Application_Model_Schedule::GetPlayOrderRange();
// XSS exploit prevention
$result["previous"]["name"] = htmlspecialchars($result["previous"]["name"]);
$result["current"]["name"] = htmlspecialchars($result["current"]["name"]);
$result["next"]["name"] = htmlspecialchars($result["next"]["name"]);
foreach ($result["currentShow"] as &$current) {
$current["name"] = htmlspecialchars($current["name"]);
}
foreach ($result["nextShow"] as &$next) {
$next["name"] = htmlspecialchars($next["name"]);
}
//Convert from UTC to localtime for Web Browser.
Application_Model_Show::ConvertToLocalTimeZone($result["currentShow"],
array("starts", "ends", "start_timestamp", "end_timestamp"));
@ -316,7 +334,15 @@ class ApiController extends Zend_Controller_Action
$result[$dow[$i]] = $shows;
}
// XSS exploit prevention
foreach ($dow as $d) {
foreach ($result[$d] as &$show) {
$show["name"] = htmlspecialchars($show["name"]);
$show["url"] = htmlspecialchars($show["url"]);
}
}
//used by caller to determine if the airtime they are running or widgets in use is out of date.
$result['AIRTIME_API_VERSION'] = AIRTIME_API_VERSION;
header("Content-type: text/javascript");

4
airtime_mvc/application/controllers/AudiopreviewController.php
View file

@ -62,8 +62,8 @@ class AudiopreviewController extends Zend_Controller_Action
$this->view->audioFileID = $audioFileID;
// We need to decode artist and title because it gets
// encoded twice in js
$this->view->audioFileArtist = urldecode($audioFileArtist);
$this->view->audioFileTitle = urldecode($audioFileTitle);
$this->view->audioFileArtist = htmlspecialchars(urldecode($audioFileArtist));
$this->view->audioFileTitle = htmlspecialchars(urldecode($audioFileTitle));
$this->view->type = $type;
$this->_helper->viewRenderer->setRender('audio-preview');

14
airtime_mvc/application/controllers/PreferenceController.php
View file

@ -139,17 +139,13 @@ class PreferenceController extends Zend_Controller_Action
{
$CC_CONFIG = Config::getConfig();
if(Application_Model_Preference::GetPlanLevel() == 'disabled'){
$baseUrl = Application_Common_OsPath::getBaseDir();
$baseUrl = Application_Common_OsPath::getBaseDir();
$this->view->headScript()->appendFile($baseUrl.'js/serverbrowse/serverbrowser.js?'.$CC_CONFIG['airtime_version'],'text/javascript');
$this->view->headScript()->appendFile($baseUrl.'js/airtime/preferences/musicdirs.js?'.$CC_CONFIG['airtime_version'],'text/javascript');
$this->view->headScript()->appendFile($baseUrl.'js/serverbrowse/serverbrowser.js?'.$CC_CONFIG['airtime_version'],'text/javascript');
$this->view->headScript()->appendFile($baseUrl.'js/airtime/preferences/musicdirs.js?'.$CC_CONFIG['airtime_version'],'text/javascript');
$watched_dirs_pref = new Application_Form_WatchedDirPreferences();
$this->view->form = $watched_dirs_pref;
}
$watched_dirs_pref = new Application_Form_WatchedDirPreferences();
$this->view->form = $watched_dirs_pref;
}
public function streamSettingAction()

7
airtime_mvc/application/controllers/ScheduleController.php
View file

@ -479,7 +479,7 @@ class ScheduleController extends Zend_Controller_Action
$this->view->percentFilled = $show->getPercentScheduled();
$this->view->showContent = $show->getShowListContent();
$this->view->dialog = $this->view->render('schedule/show-content-dialog.phtml');
$this->view->showTitle = $show->getName();
$this->view->showTitle = htmlspecialchars($show->getName());
unset($this->view->showContent);
}
@ -573,7 +573,10 @@ class ScheduleController extends Zend_Controller_Action
return;
}
if ($isDJ) {
// in case a user was once a dj and had been assigned to a show
// but was then changed to an admin user we need to allow
// the user to edit the show as an admin (CC-4925)
if ($isDJ && !$isAdminOrPM) {
$this->view->action = "dj-edit-show";
}