From 29d7e20622f58efe92606f89048425fae6b0390d Mon Sep 17 00:00:00 2001 From: Duncan Sommerville Date: Tue, 17 Feb 2015 12:39:58 -0500 Subject: [PATCH 1/2] Fixing file metadata sanitization --- airtime_mvc/application/controllers/LibraryController.php | 2 +- .../modules/rest/controllers/MediaController.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/airtime_mvc/application/controllers/LibraryController.php b/airtime_mvc/application/controllers/LibraryController.php index a8fc5d8ee..1b78cf7f1 100644 --- a/airtime_mvc/application/controllers/LibraryController.php +++ b/airtime_mvc/application/controllers/LibraryController.php @@ -446,7 +446,7 @@ class LibraryController extends Zend_Controller_Action if ($form->isValid($serialized)) { // Sanitize any incorrect metadata that slipped past validation - FileDataHelper::sanitizeData($serialized["track_number"]); + FileDataHelper::sanitizeData($serialized); $formValues = $this->_getParam('data', null); $formdata = array(); diff --git a/airtime_mvc/application/modules/rest/controllers/MediaController.php b/airtime_mvc/application/modules/rest/controllers/MediaController.php index 2b60b76a7..4df2cc7a8 100644 --- a/airtime_mvc/application/modules/rest/controllers/MediaController.php +++ b/airtime_mvc/application/modules/rest/controllers/MediaController.php @@ -120,7 +120,7 @@ class Rest_MediaController extends Zend_Rest_Controller return; } else { // Sanitize any incorrect metadata that slipped past validation - FileDataHelper::sanitizeData($whiteList["track_number"]); + FileDataHelper::sanitizeData($whiteList); /* If full_path is set, the post request came from ftp. * Users are allowed to upload folders via ftp. If this is the case @@ -176,7 +176,7 @@ class Rest_MediaController extends Zend_Rest_Controller return; } else if ($file && isset($requestData["resource_id"])) { // Sanitize any incorrect metadata that slipped past validation - FileDataHelper::sanitizeData($whiteList["track_number"]); + FileDataHelper::sanitizeData($whiteList); $file->fromArray($whiteList, BasePeer::TYPE_FIELDNAME); @@ -207,7 +207,7 @@ class Rest_MediaController extends Zend_Rest_Controller ->appendBody(json_encode(CcFiles::sanitizeResponse($file))); } else if ($file) { // Sanitize any incorrect metadata that slipped past validation - $this->sanitizeData($file, $whiteList); + FileDataHelper::sanitizeData($whiteList); //local file storage $file->setDbDirectory(self::MUSIC_DIRS_STOR_PK); From 72e4a036a44c54750350475b92c9daf528ec8653 Mon Sep 17 00:00:00 2001 From: Duncan Sommerville Date: Tue, 17 Feb 2015 15:09:18 -0500 Subject: [PATCH 2/2] Cleaning up editFileMD in LibraryController --- .../controllers/LibraryController.php | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/airtime_mvc/application/controllers/LibraryController.php b/airtime_mvc/application/controllers/LibraryController.php index 1b78cf7f1..1f17ebc9b 100644 --- a/airtime_mvc/application/controllers/LibraryController.php +++ b/airtime_mvc/application/controllers/LibraryController.php @@ -421,9 +421,6 @@ class LibraryController extends Zend_Controller_Action $request = $this->getRequest(); - - - $file_id = $this->_getParam('id', null); $file = Application_Model_StoredFile::RecallById($file_id); @@ -447,20 +444,7 @@ class LibraryController extends Zend_Controller_Action if ($form->isValid($serialized)) { // Sanitize any incorrect metadata that slipped past validation FileDataHelper::sanitizeData($serialized); - - $formValues = $this->_getParam('data', null); - $formdata = array(); - foreach ($formValues as $val) { - $formdata[$val["name"]] = $val["value"]; - } - $file->setDbColMetadata($formdata); - - $data = $file->getMetadata(); - - // set MDATA_KEY_FILEPATH - $data['MDATA_KEY_FILEPATH'] = $file->getFilePath(); - Logging::info($data['MDATA_KEY_FILEPATH']); - Application_Model_RabbitMq::SendMessageToMediaMonitor("md_update", $data); + $file->setDbColMetadata($serialized); $this->_redirect('Library'); }