Add more error handling to show-logo api

2015-06-04 18:45:00 -04:00 · 2015-06-04 18:45:00 -04:00 · f6e23ab075
parent 700fddbada
commit f6e23ab075
2 changed files with 45 additions and 15 deletions
--- a/airtime_mvc/application/controllers/ApiController.php
+++ b/airtime_mvc/application/controllers/ApiController.php
@ -435,8 +435,8 @@ class ApiController extends Zend_Controller_Action
     * Go through a given array and sanitize any potentially exploitable fields
     * by passing them through htmlspecialchars
     *
-     * @param unknown $arr    the array to sanitize
-     * @param unknown $keys    indexes of values to be sanitized
+     * @param array $arr     the array to sanitize
+     * @param array $keys    indexes of values to be sanitized
     */
    private function convertSpecialChars(&$arr, $keys) 
    {
@ -456,7 +456,7 @@ class ApiController extends Zend_Controller_Action
     * Recursively find image_path keys in the various $result subarrays,
     * and convert them to point to the show-logo endpoint
     *
-     * @param unknown $arr the array to search
+     * @param array $arr the array to search
     */
    private function findAndConvertPaths(&$arr) 
    {
@ -480,26 +480,55 @@ class ApiController extends Zend_Controller_Action
     */
    public function showLogoAction() 
    {
+        // Disable the view and the layout
+        $this->view->layout()->disableLayout();
+        $this->_helper->viewRenderer->setNoRender(true);
+
        if (Application_Model_Preference::GetAllow3rdPartyApi() || $this->checkAuth()) {
            $request = $this->getRequest();
            $showId = $request->getParam('id');

-            // if no id is passed, just die - redirects to a 404
-            if (!$showId || $showId === '') {
+            // If no id is passed, redirect to a 404
+            if (empty($showId)) {
+                $this->getResponse()
+                    ->setHttpResponseCode(400)
+                    ->appendBody("ERROR: No ID was given.");
                return;
            }

            $show = CcShowQuery::create()->findPk($showId);
-            
-            // disable the view and the layout
-            $this->view->layout()->disableLayout();
-            $this->_helper->viewRenderer->setNoRender(true);
+            // Check that a show with this ID exists
+            if (empty($show)) {
+                $this->getResponse()
+                    ->setHttpResponseCode(400)
+                    ->appendBody("ERROR: No show with ID $showId exists.");
+                return;
+            }
            
            $path = $show->getDbImagePath();
            $mime_type = mime_content_type($path);

-            Application_Common_FileIO::smartReadFile($path, filesize($path), $mime_type);
-           } else {
+            if (empty($path)) {
+                $this->getResponse()
+                    ->setHttpResponseCode(400)
+                    ->appendBody("ERROR: Show does not have an associated image.");
+                return;
+            }
+
+            try {
+                // Sometimes end users may be looking at stale data - if an image is removed
+                // but has been cached in a client's browser this will throw an exception
+                Application_Common_FileIO::smartReadFile($path, filesize($path), $mime_type);
+            } catch(FileNotFoundException $e) {
+                $this->getResponse()
+                    ->setHttpResponseCode(404)
+                    ->appendBody("ERROR: No image found at $path");
+            } catch(Exception $e) {
+                $this->getResponse()
+                    ->setHttpResponseCode(500)
+                    ->appendBody("ERROR: " . $e->getMessage());
+            }
+        } else {
            header('HTTP/1.0 401 Unauthorized');
            print _('You are not allowed to access this resource. ');
            exit;
--- a/airtime_mvc/application/modules/rest/controllers/ShowImageController.php
+++ b/airtime_mvc/application/modules/rest/controllers/ShowImageController.php
@ -56,12 +56,13 @@ class Rest_ShowImageController extends Zend_Rest_Controller {
            $this->getResponse()
                ->setHttpResponseCode(500)
                ->appendBody("Error processing image: " . $e->getMessage());
+            return;
        }

        $show = CcShowQuery::create()->findPk($showId);

+        $con = Propel::getConnection();
        try {
-            $con = Propel::getConnection();
            $con->beginTransaction();

            $show->setDbImagePath($path);
@ -103,8 +104,8 @@ class Rest_ShowImageController extends Zend_Rest_Controller {

        $show = CcShowQuery::create()->findPk($showId);

+        $con = Propel::getConnection();
        try {
-            $con = Propel::getConnection();
            $con->beginTransaction();

            $show->setDbImagePath(null);
@ -268,7 +269,7 @@ class Rest_ShowImageController extends Zend_Rest_Controller {
    private static function delTree($dir) {
        $files = array_diff(scandir($dir), array('.', '..'));
        foreach ($files as $file) {
-            (is_dir("$dir/$file")) ? delTree("$dir/$file") : unlink("$dir/$file");
+            (is_dir("$dir/$file")) ? self::delTree("$dir/$file") : unlink("$dir/$file");
        }
        return rmdir($dir);
    }
@ -279,7 +280,7 @@ class Rest_ShowImageController extends Zend_Rest_Controller {
     * provided, otherwise returns the id
     */
    private function getShowId() {
-        if (!$id = $this->_getParam('id', false)) {
+        if (!($id = $this->_getParam('id', false))) {
            $resp = $this->getResponse();
            $resp->setHttpResponseCode(400);
            $resp->appendBody("ERROR: No show ID specified.");