aww yea

4 files changed, 54 insertions, 4 deletions

diff --git a/lib/class/playlist.class.php b/lib/class/playlist.class.php
index aea55323..201b63e1 100644
--- a/lib/class/playlist.class.php
+++ b/lib/class/playlist.class.php
@@ -290,6 +290,33 @@ class Playlist {
 	} // add_songs
 
 	/**
+	 * add_dyn_song
+	 * This adds a dynamic song to a specified playlist this is just called as the
+	 * song its self is stored in the session to keep it away from evil users
+	 */
+	function add_dyn_song() { 
+	
+		$dyn_song = $_SESSION['userdata']['stored_search'];
+
+		if (strlen($dyn_song) < 1) { echo "FAILED1"; return false; }
+
+		if (substr($dyn_song,0,6) != 'SELECT') { echo "$dyn_song"; return false; }
+
+		/* Test the query before we put it in */
+		$db_results = @mysql_query($dyn_song, dbh());
+
+		if (!$db_results) { return false; }
+
+		/* Ok now let's add it */
+		$sql = "INSERT INTO playlist_data (`playlist`,`dyn_song`,`track`) " . 
+			" VALUES ('" . sql_escape($this->id) . "','" . sql_escape($dyn_song) . "','0')";
+		$db_results = mysql_query($sql, dbh());
+
+		return true;
+
+	} // add_dyn_song
+
+	/**
 	 * create
 	 * This function creates an empty playlist, gives it a name and type
 	 * Assumes $GLOBALS['user']->username as the user
@@ -377,7 +404,6 @@ class Playlist {
 			$id = sql_escape($value);
 			
 			$sql = "DELETE FROM playlist_data WHERE id='$id'";
-			echo $sql;
 			$db_results = mysql_query($sql, dbh());
 
 		} // end foreach dead songs
diff --git a/lib/search.php b/lib/search.php
index 818c91d2..891a7610 100644
--- a/lib/search.php
+++ b/lib/search.php
@@ -178,7 +178,14 @@ function search_song($data,$operator,$method,$limit) {
 	$where_sql = rtrim($where_sql,$operator);
 
 	$sql = $base_sql . $table_sql . " WHERE " . $join_sql . "(" . $where_sql . ")" . $limit_sql;
-	
+
+	/**
+	 * Because we might need this for Dynamic Playlist Action 
+	 * but we don't trust users to provide this store it in the
+	 * session where they can't get to it!
+	 */
+	$_SESSION['userdata']['stored_search'] = $sql;
+
 	$db_results = mysql_query($sql, dbh());
 	
 	while ($r = mysql_fetch_assoc($db_results)) { 
diff --git a/playlist.php b/playlist.php
index 914a167c..64be7f7e 100644
--- a/playlist.php
+++ b/playlist.php
@@ -87,6 +87,16 @@ switch ($action) {
 		/* Show the Playlist */
 		show_playlist($playlist);
 	break;	
+	case 'add_dyn_song':
+		/* Check Rights */
+		if (!$GLOBALS['user']->has_access(100) && $GLOBALS['user']->username != $playlist->username) { 
+			access_denied();
+			break;
+		}
+		
+		$playlist->add_dyn_song();
+		show_playlist($playlist);
+	break;
 	case 'create_playlist':
 	case 'create':
 		/* Check rights */
@@ -139,7 +149,6 @@ switch ($action) {
 		show_import_playlist();
 	break;
 	case 'set_track_numbers':
-		print_r($_REQUEST);
 		/* Make sure they have permission */
 		if (!$GLOBALS['user']->has_access(100) && $GLOBALS['user']->username != $playlist->user) { 
 			access_denied();
diff --git a/templates/show_search.inc b/templates/show_search.inc
index 957480fe..cf408b98 100644
--- a/templates/show_search.inc
+++ b/templates/show_search.inc
@@ -176,6 +176,14 @@ $final_javascript .= " // END-->\n </script>";
 </tr>
 </table>
 </form>
-
 <?php echo $final_javascript; ?>
 
+<?php if (isset($_REQUEST['search_object'])) { ?>
+<br />
+<form method="post" action="<?php echo conf('web_path'); ?>/playlist.php?action=add_dyn_song">
+<?php echo _('Save Search As Track on'); ?>:
+<?php show_playlist_dropdown(); ?>
+<input type="submit" value="<?php echo _('Save'); ?>" /></form>
+<?php } ?>
+<br />
+