We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit 16936518 authored by jurgbohn's avatar jurgbohn

Wrapped fields in htmlentities() to replace nasty symbols with html-equivalents.

parent 3ccff0b2
......@@ -64,7 +64,7 @@ class Artist {
while (($row = $res->fetchRow(MDB2_FETCHMODE_ASSOC))) {
$track = $root->addChild("track", null);
$track->addAttribute("rank", $i);
$track->addChild("name", $row['name']);
$track->addChild("name", htmlentities($row['name']));
$track->addChild("mbid", $row['mbid']);
$track->addChild("playcount", $row['freq']);
$track->addChild("listeners", $row['dist']);
......
......@@ -66,9 +66,10 @@ class User {
$root->addAttribute("type", $time);
$i = 1;
while(($row = $res->fetchRow(MDB2_FETCHMODE_ASSOC))) {
$track = $root->addChild("track", null);
$track->addAttribute("rank", $i);
$track->addChild("name", $row['name']);
$track->addChild("name", htmlentities($row['name']));
$track->addChild("playcount", $row['freq']);
$i++;
}
......@@ -103,7 +104,7 @@ class User {
$track = $root->addChild("track", null);
$artist = $track->addChild("artist", $row['artist']);
$artist->addAttribute("mbid", $row['artmbid']);
$track->addChild("name", $row['name']);
$track->addChild("name", htmlentities($row['name']));
}
return($xml);
......
......@@ -22,14 +22,14 @@ function usernameFromSID($session_id) {
function createArtistIfNew($artist) {
global $mdb2;
$res = $mdb2->query("SELECT name FROM Artist WHERE name = " . $artist);
$res = $mdb2->query("SELECT name FROM Artist WHERE name = " . htmlentities($artist));
if(PEAR::isError($res)) {
die("FAILED " . $res->getMessage());
}
if(!$res->numRows()) {
// Artist doesn't exist, so we create them
$res = $mdb2->query("INSERT INTO Artist (name) VALUES (" . $artist . ")");
$res = $mdb2->query("INSERT INTO Artist (name) VALUES (" . htmlentities($artist) . ")");
if(PEAR::isError($res)) {
die("FAILED " . $res->getMessage());
}
......@@ -39,14 +39,14 @@ function createArtistIfNew($artist) {
function createAlbumIfNew($artist, $album) {
global $mdb2;
$res = $mdb2->query("SELECT name FROM Album WHERE name = " . $album);
$res = $mdb2->query("SELECT name FROM Album WHERE name = " . htmlentities($album));
if(PEAR::isError($res)) {
die("FAILED " . $res->getMessage());
}
if(!$res->numRows()) {
// Album doesn't exist, so create it
$res = $mdb2->query("INSERT INTO Album (name, artist_name) VALUES (" . $album . ", " . $artist . ")");
$res = $mdb2->query("INSERT INTO Album (name, artist_name) VALUES (" . htmlentities($album) . ", " . htmlentities($artist) . ")");
if(PEAR::isError($res)) {
die("FAILED " . $res->getMessage());
}
......@@ -56,7 +56,7 @@ function createAlbumIfNew($artist, $album) {
function createTrackIfNew($artist, $album, $track, $mbid) {
global $mdb2;
$res = $mdb2->query("SELECT name FROM Track WHERE name = " . $track . " AND artist = " . $artist);
$res = $mdb2->query("SELECT name FROM Track WHERE name = " . htmlentities($track) . " AND artist = " . htmlentities($artist));
if(PEAR::isError($res)) {
die("FAILED " . $res->getMessage());
}
......@@ -64,10 +64,10 @@ function createTrackIfNew($artist, $album, $track, $mbid) {
if(!$res->numRows()) {
// Create new track
$res = $mdb2->query("INSERT INTO Track (name, artist, album, mbid) VALUES ("
. $track . ", "
. $artist . ", "
. $album . ", "
. $mbid . ")");
. htmlentities($track) . ", "
. htmlentities($artist) . ", "
. htmlentities($album) . ", "
. htmlentities($mbid) . ")");
if(PEAR::isError($res)) {
die("FAILED " . $res->getMessage());
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment