We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit 57b3c307 authored by clint's avatar clint

Discard any MusicBrainz ID submissions not of the form...

Discard any MusicBrainz ID submissions not of the form a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11 to avoid additional database pollution.
parent c28e9912
......@@ -46,11 +46,7 @@ if(isset($_POST['l']) && is_numeric($_POST['l'])) {
$expires = time() + 250; //Expire in 5 minutes if we don't know the track length
}
if(isset($_POST['m'])) {
$mbid = $mdb2->quote($_POST['m'], "text");
} else {
$mbid = 'NULL';
}
$mbid = validateMBID($_POST['m']);
createArtistIfNew($artist);
if($album != 'NULL') {
......
......@@ -210,4 +210,16 @@ $image = $aws_xml->Items->Item->MediumImage->URL;
return $image;
}
function validateMBID ($input) {
if(isset($input) {
$input = strtolower(rtrim($input));
if(preg_match('/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/', $input)) {
return $mdb2->quote($input, "text");
} else {
return 'NULL'
}
} else {
return 'NULL';
}
?>
......@@ -83,11 +83,9 @@ for($i = 0; $i < count($_POST['a']); $i++) {
date_default_timezone_set("UTC");
$time = strtotime($_POST['i'][$i]);
}
if(isset($_POST['m'][$i])) {
$mbid = $mdb2->quote(rtrim($_POST['m'][$i]), "text");
} else {
$mbid = 'NULL';
}
$mbid = validateMBID($_POST['m']);
if(isset($_POST['o'][$i])) {
$source = $mdb2->quote($_POST['o'][$i], "text");
} else {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment