Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add more error handling to show-logo api

This commit is contained in:
Duncan Sommerville 2015-06-04 18:45:00 -04:00
parent 700fddbada
commit f6e23ab075
2 changed files with 45 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
airtime_mvc/application/controllers/ApiController.php
View File

@ -435,8 +435,8 @@ class ApiController extends Zend_Controller_Action
* Go through a given array and sanitize any potentially exploitable fields * Go through a given array and sanitize any potentially exploitable fields
* by passing them through htmlspecialchars * by passing them through htmlspecialchars
* *
* @param unknown $arr the array to sanitize * @param array $arr the array to sanitize
* @param unknown $keys indexes of values to be sanitized * @param array $keys indexes of values to be sanitized
*/ */
private function convertSpecialChars(&$arr, $keys) private function convertSpecialChars(&$arr, $keys)
{ {
@ -456,7 +456,7 @@ class ApiController extends Zend_Controller_Action
* Recursively find image_path keys in the various $result subarrays, * Recursively find image_path keys in the various $result subarrays,
* and convert them to point to the show-logo endpoint * and convert them to point to the show-logo endpoint
* *
* @param unknown $arr the array to search * @param array $arr the array to search
*/ */
private function findAndConvertPaths(&$arr) private function findAndConvertPaths(&$arr)
{ {
@ -480,26 +480,55 @@ class ApiController extends Zend_Controller_Action
*/ */
public function showLogoAction() public function showLogoAction()
{ {
// Disable the view and the layout
$this->view->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender(true);
if (Application_Model_Preference::GetAllow3rdPartyApi() || $this->checkAuth()) { if (Application_Model_Preference::GetAllow3rdPartyApi() || $this->checkAuth()) {
$request = $this->getRequest(); $request = $this->getRequest();
$showId = $request->getParam('id'); $showId = $request->getParam('id');
// if no id is passed, just die - redirects to a 404 // If no id is passed, redirect to a 404
if (!$showId || $showId === '') { if (empty($showId)) {
$this->getResponse()
->setHttpResponseCode(400)
->appendBody("ERROR: No ID was given.");
return; return;
} }
$show = CcShowQuery::create()->findPk($showId); $show = CcShowQuery::create()->findPk($showId);
// Check that a show with this ID exists
// disable the view and the layout if (empty($show)) {
$this->view->layout()->disableLayout(); $this->getResponse()
$this->_helper->viewRenderer->setNoRender(true); ->setHttpResponseCode(400)
->appendBody("ERROR: No show with ID $showId exists.");
return;
}
$path = $show->getDbImagePath(); $path = $show->getDbImagePath();
$mime_type = mime_content_type($path); $mime_type = mime_content_type($path);
Application_Common_FileIO::smartReadFile($path, filesize($path), $mime_type); if (empty($path)) {
} else { $this->getResponse()
->setHttpResponseCode(400)
->appendBody("ERROR: Show does not have an associated image.");
return;
}
try {
// Sometimes end users may be looking at stale data - if an image is removed
// but has been cached in a client's browser this will throw an exception
Application_Common_FileIO::smartReadFile($path, filesize($path), $mime_type);
} catch(FileNotFoundException $e) {
$this->getResponse()
->setHttpResponseCode(404)
->appendBody("ERROR: No image found at $path");
} catch(Exception $e) {
$this->getResponse()
->setHttpResponseCode(500)
->appendBody("ERROR: " . $e->getMessage());
}
} else {
header('HTTP/1.0 401 Unauthorized'); header('HTTP/1.0 401 Unauthorized');
print _('You are not allowed to access this resource. '); print _('You are not allowed to access this resource. ');
exit; exit;

9
airtime_mvc/application/modules/rest/controllers/ShowImageController.php
View File

@ -56,12 +56,13 @@ class Rest_ShowImageController extends Zend_Rest_Controller {
$this->getResponse() $this->getResponse()
->setHttpResponseCode(500) ->setHttpResponseCode(500)
->appendBody("Error processing image: " . $e->getMessage()); ->appendBody("Error processing image: " . $e->getMessage());
return;
} }
$show = CcShowQuery::create()->findPk($showId); $show = CcShowQuery::create()->findPk($showId);
$con = Propel::getConnection();
try { try {
$con = Propel::getConnection();
$con->beginTransaction(); $con->beginTransaction();
$show->setDbImagePath($path); $show->setDbImagePath($path);
@ -103,8 +104,8 @@ class Rest_ShowImageController extends Zend_Rest_Controller {
$show = CcShowQuery::create()->findPk($showId); $show = CcShowQuery::create()->findPk($showId);
$con = Propel::getConnection();
try { try {
$con = Propel::getConnection();
$con->beginTransaction(); $con->beginTransaction();
$show->setDbImagePath(null); $show->setDbImagePath(null);
@ -268,7 +269,7 @@ class Rest_ShowImageController extends Zend_Rest_Controller {
private static function delTree($dir) { private static function delTree($dir) {
$files = array_diff(scandir($dir), array('.', '..')); $files = array_diff(scandir($dir), array('.', '..'));
foreach ($files as $file) { foreach ($files as $file) {
(is_dir("$dir/$file")) ? delTree("$dir/$file") : unlink("$dir/$file"); (is_dir("$dir/$file")) ? self::delTree("$dir/$file") : unlink("$dir/$file");
} }
return rmdir($dir); return rmdir($dir);
} }
@ -279,7 +280,7 @@ class Rest_ShowImageController extends Zend_Rest_Controller {
* provided, otherwise returns the id * provided, otherwise returns the id
*/ */
private function getShowId() { private function getShowId() {
if (!$id = $this->_getParam('id', false)) { if (!($id = $this->_getParam('id', false))) {
$resp = $this->getResponse(); $resp = $this->getResponse();
$resp->setHttpResponseCode(400); $resp->setHttpResponseCode(400);
$resp->appendBody("ERROR: No show ID specified."); $resp->appendBody("ERROR: No show ID specified.");