Add more error handling to show-logo api

This commit is contained in:
Duncan Sommerville 2015-06-04 18:45:00 -04:00
parent 700fddbada
commit f6e23ab075
2 changed files with 45 additions and 15 deletions

View File

@ -435,8 +435,8 @@ class ApiController extends Zend_Controller_Action
* Go through a given array and sanitize any potentially exploitable fields
* by passing them through htmlspecialchars
*
* @param unknown $arr the array to sanitize
* @param unknown $keys indexes of values to be sanitized
* @param array $arr the array to sanitize
* @param array $keys indexes of values to be sanitized
*/
private function convertSpecialChars(&$arr, $keys)
{
@ -456,7 +456,7 @@ class ApiController extends Zend_Controller_Action
* Recursively find image_path keys in the various $result subarrays,
* and convert them to point to the show-logo endpoint
*
* @param unknown $arr the array to search
* @param array $arr the array to search
*/
private function findAndConvertPaths(&$arr)
{
@ -480,26 +480,55 @@ class ApiController extends Zend_Controller_Action
*/
public function showLogoAction()
{
// Disable the view and the layout
$this->view->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender(true);
if (Application_Model_Preference::GetAllow3rdPartyApi() || $this->checkAuth()) {
$request = $this->getRequest();
$showId = $request->getParam('id');
// if no id is passed, just die - redirects to a 404
if (!$showId || $showId === '') {
// If no id is passed, redirect to a 404
if (empty($showId)) {
$this->getResponse()
->setHttpResponseCode(400)
->appendBody("ERROR: No ID was given.");
return;
}
$show = CcShowQuery::create()->findPk($showId);
// disable the view and the layout
$this->view->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender(true);
// Check that a show with this ID exists
if (empty($show)) {
$this->getResponse()
->setHttpResponseCode(400)
->appendBody("ERROR: No show with ID $showId exists.");
return;
}
$path = $show->getDbImagePath();
$mime_type = mime_content_type($path);
Application_Common_FileIO::smartReadFile($path, filesize($path), $mime_type);
} else {
if (empty($path)) {
$this->getResponse()
->setHttpResponseCode(400)
->appendBody("ERROR: Show does not have an associated image.");
return;
}
try {
// Sometimes end users may be looking at stale data - if an image is removed
// but has been cached in a client's browser this will throw an exception
Application_Common_FileIO::smartReadFile($path, filesize($path), $mime_type);
} catch(FileNotFoundException $e) {
$this->getResponse()
->setHttpResponseCode(404)
->appendBody("ERROR: No image found at $path");
} catch(Exception $e) {
$this->getResponse()
->setHttpResponseCode(500)
->appendBody("ERROR: " . $e->getMessage());
}
} else {
header('HTTP/1.0 401 Unauthorized');
print _('You are not allowed to access this resource. ');
exit;

View File

@ -56,12 +56,13 @@ class Rest_ShowImageController extends Zend_Rest_Controller {
$this->getResponse()
->setHttpResponseCode(500)
->appendBody("Error processing image: " . $e->getMessage());
return;
}
$show = CcShowQuery::create()->findPk($showId);
$con = Propel::getConnection();
try {
$con = Propel::getConnection();
$con->beginTransaction();
$show->setDbImagePath($path);
@ -103,8 +104,8 @@ class Rest_ShowImageController extends Zend_Rest_Controller {
$show = CcShowQuery::create()->findPk($showId);
$con = Propel::getConnection();
try {
$con = Propel::getConnection();
$con->beginTransaction();
$show->setDbImagePath(null);
@ -268,7 +269,7 @@ class Rest_ShowImageController extends Zend_Rest_Controller {
private static function delTree($dir) {
$files = array_diff(scandir($dir), array('.', '..'));
foreach ($files as $file) {
(is_dir("$dir/$file")) ? delTree("$dir/$file") : unlink("$dir/$file");
(is_dir("$dir/$file")) ? self::delTree("$dir/$file") : unlink("$dir/$file");
}
return rmdir($dir);
}
@ -279,7 +280,7 @@ class Rest_ShowImageController extends Zend_Rest_Controller {
* provided, otherwise returns the id
*/
private function getShowId() {
if (!$id = $this->_getParam('id', false)) {
if (!($id = $this->_getParam('id', false))) {
$resp = $this->getResponse();
$resp->setHttpResponseCode(400);
$resp->appendBody("ERROR: No show ID specified.");