diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2006-01-02 02:32:34 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2006-01-02 02:32:34 +0000 |
| commit | 2caa80fcfd81d6cf79e81ae12fa7c34efb77341a (patch) | |
| tree | 013939ea7bba02e08423d0ff78ab6e39714ae9b2 /lib/stream.lib.php | |
| parent | 83f3c4114164617f48f3b013027f9079ddc2675c (diff) | |
| download | ampache-2caa80fcfd81d6cf79e81ae12fa7c34efb77341a.tar.gz ampache-2caa80fcfd81d6cf79e81ae12fa7c34efb77341a.tar.bz2 ampache-2caa80fcfd81d6cf79e81ae12fa7c34efb77341a.zip | |
fix unescape filename which could potentially get ouside the downsample_cmd
Diffstat (limited to 'lib/stream.lib.php')
| -rw-r--r-- | lib/stream.lib.php | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/stream.lib.php b/lib/stream.lib.php index f1f0a366..1415a6fe 100644 --- a/lib/stream.lib.php +++ b/lib/stream.lib.php @@ -234,19 +234,20 @@ function start_downsample($song,$now_playing_id=0,$song_name=0) { $eofss = floor($song->time-$eofmm*60); $eof = sprintf("%02d.%02d",$eofmm,$eofss); + $song_file = escapeshellarg($song->file); /* Replace Variables */ $downsample_command = conf($song->stream_cmd()); - $downsample_command = str_replace("%FILE%",$song->file,$downsample_command); + $downsample_command = str_replace("%FILE%",$song_file,$downsample_command); $downsample_command = str_replace("%OFFSET%",$offset,$downsample_command); $downsample_command = str_replace("%EOF%",$eof,$downsample_command); $downsample_command = str_replace("%SAMPLE%",$sample_rate,$downsample_command); // If we are debugging log this event - if (conf('debug')) { + //if (conf('debug')) { $message = "Start Downsample: $downsample_command"; log_event($GLOBALS['user']->username,' downsample ',$message); - } // if debug + //} // if debug $fp = @popen($downsample_command, 'r'); |