summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/admin.php2
-rw-r--r--modules/class/album.php8
-rw-r--r--modules/class/artist.php8
-rw-r--r--modules/class/song.php2
-rw-r--r--modules/class/stream.php3
-rw-r--r--modules/id3/getid3/module.audio.mpc.php2
-rw-r--r--modules/lib.php58
7 files changed, 42 insertions, 41 deletions
diff --git a/modules/admin.php b/modules/admin.php
index 6eb9da04..5ce7bf6d 100644
--- a/modules/admin.php
+++ b/modules/admin.php
@@ -45,7 +45,7 @@ function show_manage_users () {
echo "<table class=\"text-box\">\n<tr><td>\n";
echo "<span class=\"header2\">" . _("Manage Users") . "</span><br />\n";
echo "<p>Use the following tools to manage the users that access your site.</p>\n";
- echo "<ul>\n\t<li><a href=\"".conf('web_path') . "/admin/users.php?action=show_add_user\">" . _("Add a new user") . "</a></li\n</dl>\n";
+ echo "<ul>\n\t<li><a href=\"".conf('web_path') . "/admin/users.php?action=show_add_user\">" . _("Add a new user") . "</a></li>\n</ul>\n";
echo "</td></tr></table>";
show_users();
diff --git a/modules/class/album.php b/modules/class/album.php
index c95a8ff6..17befbd9 100644
--- a/modules/class/album.php
+++ b/modules/class/album.php
@@ -115,12 +115,12 @@ class Album {
$web_path = conf('web_path');
/* Truncate the string if it's to long */
- $name = truncate_with_ellipse($this->name,conf('ellipse_threshold_album'));
-
- $this->f_name = "<a href=\"$web_path/albums.php?action=show&amp;album=" . $this->id . "\" title=\"" . $this->name . "\">" . $name . "</a>";
+ $name = htmlspecialchars(truncate_with_ellipse($this->name,conf('ellipse_threshold_album')));
+ $artist = htmlspecialchars($this->artist);
+ $this->f_name = "<a href=\"$web_path/albums.php?action=show&amp;album=" . $this->id . "\" title=\"" . $name . "\">" . $name . "</a>";
$this->f_songs = "<div align=\"center\">" . $this->songs . "</div>";
if ($this->artist_count == '1') {
- $this->f_artist = "<a href=\"$web_path/artists.php?action=show&amp;artist=" . $this->artist_id . "\">" . $this->artist . "</a>";
+ $this->f_artist = "<a href=\"$web_path/artists.php?action=show&amp;artist=" . $this->artist_id . "\">" . $artist . "</a>";
}
else {
$this->f_artist = _("Various");
diff --git a/modules/class/artist.php b/modules/class/artist.php
index a0b4caa7..2a6e3308 100644
--- a/modules/class/artist.php
+++ b/modules/class/artist.php
@@ -170,13 +170,11 @@ class Artist {
function format_artist() {
/* Combine prefix and name, trim then add ... if needed */
- $name = truncate_with_ellipse(trim($this->prefix . " " . $this->name));
-
+ $name = htmlspecialchars(truncate_with_ellipse(trim($this->prefix . " " . $this->name)));
$this->f_name = $this->name;
- $this->full_name = trim($this->prefix . " " . $this->name);
+ $this->full_name = htmlspecialchars(trim($this->prefix . " " . $this->name));
//FIXME: This shouldn't be set like this, f_name should be like this
- $this->link = "<a href=\"" . conf('web_path') . "/artists.php?action=show&amp;artist=" . $this->id . "\" title=\"" . $this->full_name . "\">" .
- $name . "</a>";
+ $this->link = "<a href=\"" . conf('web_path') . "/artists.php?action=show&amp;artist=" . $this->id . "\" title=\"" . $this->full_name . "\">" . $name . "</a>";
$this->name = $this->link;
return $artist;
diff --git a/modules/class/song.php b/modules/class/song.php
index cd1cfe8a..47600ee5 100644
--- a/modules/class/song.php
+++ b/modules/class/song.php
@@ -556,7 +556,7 @@ class Song {
$this->f_title = truncate_with_ellipse($this->title,conf('ellipse_threshold_title'));
// Create A link inclduing the title
- $this->f_link = "<a href=\"" . conf('web_path') . "/song.php?action=m3u&song=" . $this->id . "\">$this->f_title</a>";
+ $this->f_link = "<a href=\"" . conf('web_path') . "/song.php?action=m3u&amp;song=" . $this->id . "\">$this->f_title</a>";
// Format the Bitrate
$this->f_bitrate = intval($this->bitrate/1000) . "-" . strtoupper($this->mode);
diff --git a/modules/class/stream.php b/modules/class/stream.php
index 3472127a..999dcbca 100644
--- a/modules/class/stream.php
+++ b/modules/class/stream.php
@@ -267,6 +267,9 @@ class Stream {
/* Add the files to the MPD playlist */
addToPlaylist($myMpd,$this->songs);
+ /* If we've added songs we should start playing */
+ $myMpd->Play();
+
header ("Location: " . return_referer());
} // create_mpd
diff --git a/modules/id3/getid3/module.audio.mpc.php b/modules/id3/getid3/module.audio.mpc.php
index d0a7202f..7d5d33c5 100644
--- a/modules/id3/getid3/module.audio.mpc.php
+++ b/modules/id3/getid3/module.audio.mpc.php
@@ -201,7 +201,7 @@ class getid3_mpc
if ($thisfile_mpc_header['raw']['album_gain'] < 0) {
$thisfile_mpc_header['album_gain_db'] = (float) (32768 + $thisfile_mpc_header['raw']['album_gain']) / -100;
} else {
- $thisfile_mpc_header['album_gain_db'] = (float) $thisfile_mpc_header['raw']['album_gain'] / 100;;
+ $thisfile_mpc_header['album_gain_db'] = (float) $thisfile_mpc_header['raw']['album_gain'] / 100;
}
$thisfile_mpc_header['encoder_version'] = $this->MPCencoderVersionLookup($thisfile_mpc_header['raw']['encoder_version']);
diff --git a/modules/lib.php b/modules/lib.php
index 735f579a..585e9612 100644
--- a/modules/lib.php
+++ b/modules/lib.php
@@ -190,14 +190,14 @@ function show_random_play() {
</td>
</tr>
<tr class="even">
- <td nowrap> ' . _("from catalog") . '</td>
+ <td nowrap="nowrap"> ' . _("from catalog") . '</td>
<td>
';
show_catalog_pulldown( -1, 0);
print '
- </tr>
+ </td></tr>
<tr>
<td colspan="4">
<input type="hidden" name="aaction" value="Play!" />
@@ -227,15 +227,15 @@ function show_artist_pulldown ($artist) {
$query = "SELECT id,name FROM artist ORDER BY name";
$db_result = mysql_query($query, $dbh);
- echo "<select name=\"artist\">\n";
+ echo "\n<select name=\"artist\">\n";
while ( $r = mysql_fetch_row($db_result) ) {
// $r[0] = id, $r[1] = name
if ( $artist == $r[0] ) {
- echo "<option value=\"$r[0]\" selected=\"selected\">$r[1]</option>\n";
+ echo "<option value=\"$r[0]\" selected=\"selected\">". htmlspecialchars($r[1]) ."</option>\n";
}
else {
- echo "<option value=\"$r[0]\">$r[1]</option>\n";
+ echo "<option value=\"$r[0]\">". htmlspecialchars($r[1]) ."</option>\n";
}
}
@@ -256,7 +256,7 @@ function show_album_pulldown ($album) {
$sql = "SELECT id,name FROM album ORDER BY name";
$db_result = mysql_query($sql, $dbh);
- echo "<select name=\"album\">\n";
+ echo "\n<select name=\"album\">\n";
while ( $r = mysql_fetch_row($db_result) ) {
// $r[0] = id, $r[1] = name
@@ -268,7 +268,7 @@ function show_album_pulldown ($album) {
}
}//while
- echo "</select>\n";
+ echo "\n</select>\n";
} // show_album_pulldown()
@@ -292,19 +292,19 @@ function show_flagged_popup($reason,$label='value', $name='flagged_type', $other
}
$db_result = mysql_query($query, $dbh);
- echo "<select name=\"$name\" $other>\n";
+ echo "\n<select name=\"$name\" $other>\n";
while ( $r = mysql_fetch_array($db_result) ) {
// $r[0] = id, $r[1] = type
if ( $reason === $r['type'] ) {
- echo "\t<option value=\"".$r['type']."\" selected=\"selected\">".$r[$label]."</option>\n";
+ echo "\t<option value=\"".$r['type']."\" selected=\"selected\">".htmlspecialchars($r[$label])."</option>\n";
}
else {
- echo "\t<option value=\"".$r['type']."\">".$r[$label]."</option>\n";
+ echo "\t<option value=\"".$r['type']."\">".htmlspecialchars($r[$label])."</option>\n";
}
}
- echo "</select>\n";
+ echo "\n</select>\n";
} // show_flagged_popup()
@@ -331,7 +331,7 @@ function show_genre_pulldown ($genre, $complete) {
$db_result = mysql_query($sql, $dbh);
- echo "<select name=\"genre[]\" MULTIPLE size=\"7\">\n";
+ echo "\n<select name=\"genre\" multiple=\"multiple\" size=\"7\">\n";
if ( ! $complete ) {
$genre_info = get_genre_info( -1 );
@@ -355,8 +355,8 @@ function show_genre_pulldown ($genre, $complete) {
echo " <option value=\"${r[0]}\">$genre_name - ($genre_count)</option>\n";
}
}
+ echo " </select>\n";
- echo "</select>";
} // show_genre_pulldown()
/*
@@ -373,7 +373,7 @@ function show_catalog_pulldown ($catalog, $complete) {
$db_result = mysql_query($sql, dbh());
- echo "<select name=\"catalog\">\n";
+ echo "\n<select name=\"catalog\">\n";
echo " <option value=\"-1\" selected=\"selected\">All</option>\n";
@@ -391,7 +391,7 @@ function show_catalog_pulldown ($catalog, $complete) {
echo " <option value=\"${r[0]}\">$catalog_name</option>\n";
}
}
- echo "</select>";
+ echo "\n</select>\n";
} // show_catalog_pulldown()
@@ -989,14 +989,14 @@ ECHO;
list($count) = mysql_fetch_row($count_result);
$class = flip_class();
echo " <tr class=\"$class\">\n";
- echo " <td><a href=\"$web_path/playlist.php?playlist_id=$plid&action=view_list\">$plname</a></td>\n";
+ echo " <td><a href=\"$web_path/playlist.php?playlist_id=$plid&amp;action=view_list\">$plname</a></td>\n";
echo " <td>$count</td>\n";
echo " <td>$plfullname</td>\n";
- echo " <td><a href=\"$web_path/playlist.php?playlist_id=$plid&action=view_list\">" . _("View") . "</a></td>\n";
+ echo " <td><a href=\"$web_path/playlist.php?playlist_id=$plid&amp;action=view_list\">" . _("View") . "</a></td>\n";
if ($user->id == $pluser->id || $user->access === 'admin') {
- echo " <td><a href=\"$web_path/playlist.php?playlist_id=$plid&action=edit\">" . _("Edit") . "</a></td>\n";
- echo " <td><a href=\"$web_path/playlist.php?playlist_id=$plid&action=delete_playlist\">" . _("Delete") . "</a></td>\n";
+ echo " <td><a href=\"$web_path/playlist.php?playlist_id=$plid&amp;action=edit\">" . _("Edit") . "</a></td>\n";
+ echo " <td><a href=\"$web_path/playlist.php?playlist_id=$plid&amp;action=delete_playlist\">" . _("Delete") . "</a></td>\n";
}
else {
echo " <td>&nbsp;</td>\n";
@@ -1004,21 +1004,21 @@ ECHO;
}
if ( $count[0] ) {
- echo " <td><a href=\"$web_path/song.php?action=m3u&playlist_id=$plid\">" . _("Play") . "</a> | " .
- "<a href=\"$web_path/song.php?action=random&playlist_id=$plid\">" . _("Random") . "</a></td>\n";
+ echo " <td><a href=\"$web_path/song.php?action=m3u&amp;playlist_id=$plid\">" . _("Play") . "</a> | " .
+ "<a href=\"$web_path/song.php?action=random&amp;playlist_id=$plid\">" . _("Random") . "</a></td>\n";
}
else {
echo " <td>&nbsp;</td>\n";
}
if( batch_ok() ) {
- echo" <td><a href=\"$web_path/batch.php?action=pl&id=$plid\">" . _("Download") . "</a></td>\n";
+ echo" <td><a href=\"$web_path/batch.php?action=pl&amp;id=$plid\">" . _("Download") . "</a></td>\n";
} else {
echo" <td>&nbsp;</td>\n";
}
echo " </tr>\n";
}
- echo "</ul>\n";
+ echo "\n";
} //if rows in result
else {
echo " <tr class=\"even\">\n";
@@ -1027,7 +1027,7 @@ ECHO;
}
echo "</table>\n";
- echo "<br>\n";
+ echo "<br />\n";
}
@@ -1294,20 +1294,20 @@ function get_global_popular($type) {
$artist = $song->get_artist_name();
$text = "$artist - $song->title";
/* Add to array */
- $items[] = "<li> <a href=\"$web_path/song.php?action=m3u&song=$song->id\" title=\"$text\">" . truncate_with_ellipse($text, conf('ellipse_threshold_title')+3) . "&nbsp;($r->count)</a> </li>";
+ $items[] = "<li> <a href=\"$web_path/song.php?action=m3u&amp;song=$song->id\" title=\"". htmlspecialchars($text) ."\">" . htmlspecialchars(truncate_with_ellipse($text, conf('ellipse_threshold_title')+3)) . "&nbsp;($r->count)</a> </li>";
} // if it's a song
elseif ( $type == 'artist' ) {
$artist = get_artist_name($r->object_id);
if ($artist) {
- $items[] = "<li> <a href=\"$web_path/artists.php?action=show&amp;artist=$r->object_id\" title=\"$artist\">" . truncate_with_ellipse($artist, conf('ellipse_threshold_artist')+3) . "&nbsp;($r->count)</a> </li>";
+ $items[] = "<li> <a href=\"$web_path/artists.php?action=show&amp;artist=$r->object_id\" title=\"". htmlspecialchars($artist) ."\">" . htmlspecialchars(truncate_with_ellipse($artist, conf('ellipse_threshold_artist')+3)) . "&nbsp;($r->count)</a> </li>";
} // if no artist found
} // if type isn't artist
elseif ( $type == 'album' ) {
$album = new Album($r->object_id);
if ($album) {
- $items[] = "<li> <a href=\"$web_path/albums.php?action=show&amp;album=$r->object_id\" title=\"$album->name\">" . truncate_with_ellipse($album->name,conf('ellipse_threshold_album')+3) . "&nbsp;($r->count)</a> </li>";
+ $items[] = "<li> <a href=\"$web_path/albums.php?action=show&amp;album=$r->object_id\" title=\"". htmlspecialchars($album->name) ."\">" . htmlspecialchars(truncate_with_ellipse($album->name,conf('ellipse_threshold_album')+3)) . "&nbsp;($r->count)</a> </li>";
}
}
} // end while
@@ -1356,10 +1356,10 @@ function show_info_box ($title, $type, $items) {
if ($type == 'your_song') {
- echo "<td>$title - <a href=\"$web_path/song.php?action=m3u&your_popular_songs=$popular_threshold\">Play</a></td>\n";
+ echo "<td>$title - <a href=\"$web_path/song.php?action=m3u&amp;your_popular_songs=$popular_threshold\">Play</a></td>\n";
}
elseif ($type == 'song') {
- echo "<td>$title - <a href=\"$web_path/song.php?action=m3u&popular_songs=$popular_threshold\">Play</a></td>\n";
+ echo "<td>$title - <a href=\"$web_path/song.php?action=m3u&amp;popular_songs=$popular_threshold\">Play</a></td>\n";
}
else {
echo "<td>$title</td>\n";
generated by cgit (git 2.34.1) at 2025-08-13 20:48:34 +0000