From df18aa673e1dd90133b4d5b2381773b017fef729 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@helsinki.at>
Date: Thu, 17 Dec 2015 14:12:53 +0100
Subject: added sanity checks for listdropboxes.cgi


diff --git a/rh-bin/listdropboxes.cgi b/rh-bin/listdropboxes.cgi
index cb608f4..39270e6 100755
--- a/rh-bin/listdropboxes.cgi
+++ b/rh-bin/listdropboxes.cgi
@@ -36,24 +36,32 @@ my $q = CGI->new;
 my $username = $q->param('LOGIN_NAME');
 my $token = $q->param('PASSWORD');
 
-(my $ctx, $status, $errorstring) = RHRD::rddb::init();
-if(defined $ctx) {
-  my $result;
-  ($result, $status, $errorstring) = RHRD::rddb::check_token($ctx, $username, $token);
-  if($result == 1) {
-    $responsecode = 200;
-    @dropboxes = RHRD::rddb::get_dropboxes($ctx, $username);
-    if(!defined $dropboxes[0] && defined $dropboxes[1]) {
+if(!defined $username) {
+  $responsecode = 400;
+  $errorstring = "mandatory field LOGIN_NAME is missing"
+} elsif(!defined $token) {
+  $responsecode = 400;
+  $errorstring = "mandatory field PASSWORD is missing"
+} else {
+  (my $ctx, $status, $errorstring) = RHRD::rddb::init();
+  if(defined $ctx) {
+    my $result;
+    ($result, $status, $errorstring) = RHRD::rddb::check_token($ctx, $username, $token);
+    if($result == 1) {
+      $responsecode = 200;
+      @dropboxes = RHRD::rddb::get_dropboxes($ctx, $username);
+      if(!defined $dropboxes[0] && defined $dropboxes[1]) {
+        $responsecode = 500;
+        $status = $dropboxes[1];
+        $errorstring = $dropboxes[2];
+      }
+    } elsif($result == 0) {
+      $responsecode = 401;
+    } else {
       $responsecode = 500;
-      $status = $dropboxes[1];
-      $errorstring = $dropboxes[2];
     }
-  } elsif($result == 0) {
-    $responsecode = 401;
-  } else {
-    $responsecode = 500;
+    RHRD::rddb::destroy($ctx);
   }
-  RHRD::rddb::destroy($ctx);
 }
 
 print "Content-type: application/xml; charset=UTF-8\n";
diff --git a/rh-bin/musicgrid.cgi b/rh-bin/musicgrid.cgi
index 6e18e7e..1ec5313 100755
--- a/rh-bin/musicgrid.cgi
+++ b/rh-bin/musicgrid.cgi
@@ -35,6 +35,9 @@ my @clocks = ();
 my $q = CGI->new;
 my $username = $q->param('LOGIN_NAME');
 my $token = $q->param('PASSWORD');
+my $command = $q->param('PASSWORD');
+
+if(!defined $command
 
 (my $ctx, $status, $errorstring) = RHRD::rddb::init();
 if(defined $ctx) {
-- 
cgit v0.10.2