From f6e23ab075c4faef0007f223eea48604efc5bc7b Mon Sep 17 00:00:00 2001 From: Duncan Sommerville Date: Thu, 4 Jun 2015 18:45:00 -0400 Subject: [PATCH] Add more error handling to show-logo api --- .../application/controllers/ApiController.php | 51 +++++++++++++++---- .../rest/controllers/ShowImageController.php | 9 ++-- 2 files changed, 45 insertions(+), 15 deletions(-) diff --git a/airtime_mvc/application/controllers/ApiController.php b/airtime_mvc/application/controllers/ApiController.php index aa5a5f1cd..793e4b00e 100644 --- a/airtime_mvc/application/controllers/ApiController.php +++ b/airtime_mvc/application/controllers/ApiController.php @@ -435,8 +435,8 @@ class ApiController extends Zend_Controller_Action * Go through a given array and sanitize any potentially exploitable fields * by passing them through htmlspecialchars * - * @param unknown $arr the array to sanitize - * @param unknown $keys indexes of values to be sanitized + * @param array $arr the array to sanitize + * @param array $keys indexes of values to be sanitized */ private function convertSpecialChars(&$arr, $keys) { @@ -456,7 +456,7 @@ class ApiController extends Zend_Controller_Action * Recursively find image_path keys in the various $result subarrays, * and convert them to point to the show-logo endpoint * - * @param unknown $arr the array to search + * @param array $arr the array to search */ private function findAndConvertPaths(&$arr) { @@ -480,26 +480,55 @@ class ApiController extends Zend_Controller_Action */ public function showLogoAction() { + // Disable the view and the layout + $this->view->layout()->disableLayout(); + $this->_helper->viewRenderer->setNoRender(true); + if (Application_Model_Preference::GetAllow3rdPartyApi() || $this->checkAuth()) { $request = $this->getRequest(); $showId = $request->getParam('id'); - // if no id is passed, just die - redirects to a 404 - if (!$showId || $showId === '') { + // If no id is passed, redirect to a 404 + if (empty($showId)) { + $this->getResponse() + ->setHttpResponseCode(400) + ->appendBody("ERROR: No ID was given."); return; } $show = CcShowQuery::create()->findPk($showId); - - // disable the view and the layout - $this->view->layout()->disableLayout(); - $this->_helper->viewRenderer->setNoRender(true); + // Check that a show with this ID exists + if (empty($show)) { + $this->getResponse() + ->setHttpResponseCode(400) + ->appendBody("ERROR: No show with ID $showId exists."); + return; + } $path = $show->getDbImagePath(); $mime_type = mime_content_type($path); - Application_Common_FileIO::smartReadFile($path, filesize($path), $mime_type); - } else { + if (empty($path)) { + $this->getResponse() + ->setHttpResponseCode(400) + ->appendBody("ERROR: Show does not have an associated image."); + return; + } + + try { + // Sometimes end users may be looking at stale data - if an image is removed + // but has been cached in a client's browser this will throw an exception + Application_Common_FileIO::smartReadFile($path, filesize($path), $mime_type); + } catch(FileNotFoundException $e) { + $this->getResponse() + ->setHttpResponseCode(404) + ->appendBody("ERROR: No image found at $path"); + } catch(Exception $e) { + $this->getResponse() + ->setHttpResponseCode(500) + ->appendBody("ERROR: " . $e->getMessage()); + } + } else { header('HTTP/1.0 401 Unauthorized'); print _('You are not allowed to access this resource. '); exit; diff --git a/airtime_mvc/application/modules/rest/controllers/ShowImageController.php b/airtime_mvc/application/modules/rest/controllers/ShowImageController.php index a206208b2..502267920 100644 --- a/airtime_mvc/application/modules/rest/controllers/ShowImageController.php +++ b/airtime_mvc/application/modules/rest/controllers/ShowImageController.php @@ -56,12 +56,13 @@ class Rest_ShowImageController extends Zend_Rest_Controller { $this->getResponse() ->setHttpResponseCode(500) ->appendBody("Error processing image: " . $e->getMessage()); + return; } $show = CcShowQuery::create()->findPk($showId); + $con = Propel::getConnection(); try { - $con = Propel::getConnection(); $con->beginTransaction(); $show->setDbImagePath($path); @@ -103,8 +104,8 @@ class Rest_ShowImageController extends Zend_Rest_Controller { $show = CcShowQuery::create()->findPk($showId); + $con = Propel::getConnection(); try { - $con = Propel::getConnection(); $con->beginTransaction(); $show->setDbImagePath(null); @@ -268,7 +269,7 @@ class Rest_ShowImageController extends Zend_Rest_Controller { private static function delTree($dir) { $files = array_diff(scandir($dir), array('.', '..')); foreach ($files as $file) { - (is_dir("$dir/$file")) ? delTree("$dir/$file") : unlink("$dir/$file"); + (is_dir("$dir/$file")) ? self::delTree("$dir/$file") : unlink("$dir/$file"); } return rmdir($dir); } @@ -279,7 +280,7 @@ class Rest_ShowImageController extends Zend_Rest_Controller { * provided, otherwise returns the id */ private function getShowId() { - if (!$id = $this->_getParam('id', false)) { + if (!($id = $this->_getParam('id', false))) { $resp = $this->getResponse(); $resp->setHttpResponseCode(400); $resp->appendBody("ERROR: No show ID specified.");