We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit a35a810d authored by jurgbohn's avatar jurgbohn

Replacing '&' with '&' when generating XML.

Quoting scrobble-data before it is used in queries.
parent 7d4b230c
......@@ -34,8 +34,8 @@ class Artist {
$bio = $artist->addChild("bio", null);
$bio->addChild("published", $row['bio_published']);
$bio->addChild("summary", utf8_encode(htmlentities($row['bio_summary'])));
$bio->addChild("content", utf8_encode(htmlentities($row['bio_content'])));
$bio->addChild("summary", repamp($row['bio_summary']));
$bio->addChild("content", repamp($row['bio_content']));
$res->free();
......@@ -58,7 +58,7 @@ class Artist {
$xml = new SimpleXMLElement("<lfm status=\"ok\"></lfm>");
$root = $xml->addChild("toptracks", null);
$root->addAttribute("artist", utf8_encode(htmlentities($artist)));
$root->addAttribute("artist", repamp($artist));
$i = 1;
// Loop over every result and add as children to "toptracks".
......@@ -66,7 +66,7 @@ class Artist {
while (($row = $res->fetchRow(MDB2_FETCHMODE_ASSOC))) {
$track = $root->addChild("track", null);
$track->addAttribute("rank", $i);
$track->addChild("name", utf8_encode(htmlentities($row['name'])));
$track->addChild("name", repamp($row['name']));
$track->addChild("mbid", $row['mbid']);
$track->addChild("playcount", $row['freq']);
$track->addChild("listeners", $row['dist']);
......
......@@ -34,7 +34,7 @@ class User {
$timestamp;
if (!isset($time))
$time = "overall";
//TODO: Do better, this is too ugly :\
if (strcmp($time, "overall") == 0) {
$timestamp = 0;
} else if (strcmp($time, "3month") == 0) {
......@@ -69,7 +69,7 @@ class User {
$track = $root->addChild("track", null);
$track->addAttribute("rank", $i);
$track->addChild("name", utf8_encode(htmlentities($row['name'])));
$track->addChild("name", repamp($row['name']));
$track->addChild("playcount", $row['freq']);
$i++;
}
......@@ -102,9 +102,9 @@ class User {
while (($row = $res->fetchRow(MDB2_FETCHMODE_ASSOC))) {
$track = $root->addChild("track", null);
$artist = $track->addChild("artist", utf8_encode(htmlentities($row['artist'])));
$artist = $track->addChild("artist", repamp($row['artist']));
$artist->addAttribute("mbid", $row['artmbid']);
$track->addChild("name", utf8_encode(htmlentities($row['name'])));
$track->addChild("name", repamp($row['name']));
}
return($xml);
......
......@@ -16,4 +16,9 @@ class XML {
return($xml);
}
}
function repamp($input) {
$input = str_replace('&', '&amp;', $input);
return($input);
}
?>
......@@ -22,6 +22,8 @@ function usernameFromSID($session_id) {
function createArtistIfNew($artist) {
global $mdb2;
$artist = $mdb2->quote($artist, 'text');
$res = $mdb2->query("SELECT name FROM Artist WHERE name = " . ($artist));
if(PEAR::isError($res)) {
die("FAILED " . $res->getMessage());
......@@ -39,6 +41,9 @@ function createArtistIfNew($artist) {
function createAlbumIfNew($artist, $album) {
global $mdb2;
$artist = $mdb2->quote($artist, 'text');
$album = $mdb2->quote($album, 'text');
$res = $mdb2->query("SELECT name FROM Album WHERE name = " . ($album));
if(PEAR::isError($res)) {
die("FAILED " . $res->getMessage());
......@@ -56,6 +61,10 @@ function createAlbumIfNew($artist, $album) {
function createTrackIfNew($artist, $album, $track, $mbid) {
global $mdb2;
$artist = $mdb2->quote($artist, 'text');
$album = $mdb2->quote($album, 'text');
$track = $mdb2->quote($track, 'text');
$mbid = $mdb2->quote($mbid, 'text');
$res = $mdb2->query("SELECT name FROM Track WHERE name = " . ($track) . " AND artist = " . ($artist));
if(PEAR::isError($res)) {
die("FAILED " . $res->getMessage());
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment