Add more error handling to show-logo api
This commit is contained in:
parent
700fddbada
commit
f6e23ab075
|
@ -435,8 +435,8 @@ class ApiController extends Zend_Controller_Action
|
|||
* Go through a given array and sanitize any potentially exploitable fields
|
||||
* by passing them through htmlspecialchars
|
||||
*
|
||||
* @param unknown $arr the array to sanitize
|
||||
* @param unknown $keys indexes of values to be sanitized
|
||||
* @param array $arr the array to sanitize
|
||||
* @param array $keys indexes of values to be sanitized
|
||||
*/
|
||||
private function convertSpecialChars(&$arr, $keys)
|
||||
{
|
||||
|
@ -456,7 +456,7 @@ class ApiController extends Zend_Controller_Action
|
|||
* Recursively find image_path keys in the various $result subarrays,
|
||||
* and convert them to point to the show-logo endpoint
|
||||
*
|
||||
* @param unknown $arr the array to search
|
||||
* @param array $arr the array to search
|
||||
*/
|
||||
private function findAndConvertPaths(&$arr)
|
||||
{
|
||||
|
@ -480,26 +480,55 @@ class ApiController extends Zend_Controller_Action
|
|||
*/
|
||||
public function showLogoAction()
|
||||
{
|
||||
// Disable the view and the layout
|
||||
$this->view->layout()->disableLayout();
|
||||
$this->_helper->viewRenderer->setNoRender(true);
|
||||
|
||||
if (Application_Model_Preference::GetAllow3rdPartyApi() || $this->checkAuth()) {
|
||||
$request = $this->getRequest();
|
||||
$showId = $request->getParam('id');
|
||||
|
||||
// if no id is passed, just die - redirects to a 404
|
||||
if (!$showId || $showId === '') {
|
||||
// If no id is passed, redirect to a 404
|
||||
if (empty($showId)) {
|
||||
$this->getResponse()
|
||||
->setHttpResponseCode(400)
|
||||
->appendBody("ERROR: No ID was given.");
|
||||
return;
|
||||
}
|
||||
|
||||
$show = CcShowQuery::create()->findPk($showId);
|
||||
|
||||
// disable the view and the layout
|
||||
$this->view->layout()->disableLayout();
|
||||
$this->_helper->viewRenderer->setNoRender(true);
|
||||
// Check that a show with this ID exists
|
||||
if (empty($show)) {
|
||||
$this->getResponse()
|
||||
->setHttpResponseCode(400)
|
||||
->appendBody("ERROR: No show with ID $showId exists.");
|
||||
return;
|
||||
}
|
||||
|
||||
$path = $show->getDbImagePath();
|
||||
$mime_type = mime_content_type($path);
|
||||
|
||||
Application_Common_FileIO::smartReadFile($path, filesize($path), $mime_type);
|
||||
} else {
|
||||
if (empty($path)) {
|
||||
$this->getResponse()
|
||||
->setHttpResponseCode(400)
|
||||
->appendBody("ERROR: Show does not have an associated image.");
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
// Sometimes end users may be looking at stale data - if an image is removed
|
||||
// but has been cached in a client's browser this will throw an exception
|
||||
Application_Common_FileIO::smartReadFile($path, filesize($path), $mime_type);
|
||||
} catch(FileNotFoundException $e) {
|
||||
$this->getResponse()
|
||||
->setHttpResponseCode(404)
|
||||
->appendBody("ERROR: No image found at $path");
|
||||
} catch(Exception $e) {
|
||||
$this->getResponse()
|
||||
->setHttpResponseCode(500)
|
||||
->appendBody("ERROR: " . $e->getMessage());
|
||||
}
|
||||
} else {
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
print _('You are not allowed to access this resource. ');
|
||||
exit;
|
||||
|
|
|
@ -56,12 +56,13 @@ class Rest_ShowImageController extends Zend_Rest_Controller {
|
|||
$this->getResponse()
|
||||
->setHttpResponseCode(500)
|
||||
->appendBody("Error processing image: " . $e->getMessage());
|
||||
return;
|
||||
}
|
||||
|
||||
$show = CcShowQuery::create()->findPk($showId);
|
||||
|
||||
$con = Propel::getConnection();
|
||||
try {
|
||||
$con = Propel::getConnection();
|
||||
$con->beginTransaction();
|
||||
|
||||
$show->setDbImagePath($path);
|
||||
|
@ -103,8 +104,8 @@ class Rest_ShowImageController extends Zend_Rest_Controller {
|
|||
|
||||
$show = CcShowQuery::create()->findPk($showId);
|
||||
|
||||
$con = Propel::getConnection();
|
||||
try {
|
||||
$con = Propel::getConnection();
|
||||
$con->beginTransaction();
|
||||
|
||||
$show->setDbImagePath(null);
|
||||
|
@ -268,7 +269,7 @@ class Rest_ShowImageController extends Zend_Rest_Controller {
|
|||
private static function delTree($dir) {
|
||||
$files = array_diff(scandir($dir), array('.', '..'));
|
||||
foreach ($files as $file) {
|
||||
(is_dir("$dir/$file")) ? delTree("$dir/$file") : unlink("$dir/$file");
|
||||
(is_dir("$dir/$file")) ? self::delTree("$dir/$file") : unlink("$dir/$file");
|
||||
}
|
||||
return rmdir($dir);
|
||||
}
|
||||
|
@ -279,7 +280,7 @@ class Rest_ShowImageController extends Zend_Rest_Controller {
|
|||
* provided, otherwise returns the id
|
||||
*/
|
||||
private function getShowId() {
|
||||
if (!$id = $this->_getParam('id', false)) {
|
||||
if (!($id = $this->_getParam('id', false))) {
|
||||
$resp = $this->getResponse();
|
||||
$resp->setHttpResponseCode(400);
|
||||
$resp->appendBody("ERROR: No show ID specified.");
|
||||
|
|
Loading…
Reference in New Issue