diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2006-01-05 06:41:04 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2006-01-05 06:41:04 +0000 |
| commit | d0e0e716af8e19de76d861aa0f334b55203a759f (patch) | |
| tree | 621bd1e4104921d23ba27c1d90863387ca849720 /lib | |
| parent | 6daae3271c5126c2cd4c08b98b451ebe51fa90e0 (diff) | |
| download | ampache-d0e0e716af8e19de76d861aa0f334b55203a759f.tar.gz ampache-d0e0e716af8e19de76d861aa0f334b55203a759f.tar.bz2 ampache-d0e0e716af8e19de76d861aa0f334b55203a759f.zip | |
aww yea
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/class/playlist.class.php | 28 | ||||
| -rw-r--r-- | lib/search.php | 9 |
2 files changed, 35 insertions, 2 deletions
diff --git a/lib/class/playlist.class.php b/lib/class/playlist.class.php index aea55323..201b63e1 100644 --- a/lib/class/playlist.class.php +++ b/lib/class/playlist.class.php @@ -290,6 +290,33 @@ class Playlist { } // add_songs /** + * add_dyn_song + * This adds a dynamic song to a specified playlist this is just called as the + * song its self is stored in the session to keep it away from evil users + */ + function add_dyn_song() { + + $dyn_song = $_SESSION['userdata']['stored_search']; + + if (strlen($dyn_song) < 1) { echo "FAILED1"; return false; } + + if (substr($dyn_song,0,6) != 'SELECT') { echo "$dyn_song"; return false; } + + /* Test the query before we put it in */ + $db_results = @mysql_query($dyn_song, dbh()); + + if (!$db_results) { return false; } + + /* Ok now let's add it */ + $sql = "INSERT INTO playlist_data (`playlist`,`dyn_song`,`track`) " . + " VALUES ('" . sql_escape($this->id) . "','" . sql_escape($dyn_song) . "','0')"; + $db_results = mysql_query($sql, dbh()); + + return true; + + } // add_dyn_song + + /** * create * This function creates an empty playlist, gives it a name and type * Assumes $GLOBALS['user']->username as the user @@ -377,7 +404,6 @@ class Playlist { $id = sql_escape($value); $sql = "DELETE FROM playlist_data WHERE id='$id'"; - echo $sql; $db_results = mysql_query($sql, dbh()); } // end foreach dead songs diff --git a/lib/search.php b/lib/search.php index 818c91d2..891a7610 100644 --- a/lib/search.php +++ b/lib/search.php @@ -178,7 +178,14 @@ function search_song($data,$operator,$method,$limit) { $where_sql = rtrim($where_sql,$operator); $sql = $base_sql . $table_sql . " WHERE " . $join_sql . "(" . $where_sql . ")" . $limit_sql; - + + /** + * Because we might need this for Dynamic Playlist Action + * but we don't trust users to provide this store it in the + * session where they can't get to it! + */ + $_SESSION['userdata']['stored_search'] = $sql; + $db_results = mysql_query($sql, dbh()); while ($r = mysql_fetch_assoc($db_results)) { |