When transcoding, always use chunked transfers and report that ranges
are not supported. When not transcoding, support returning ranges but
only if requested.
* Add a simple testcase
This commit was done to understand how JUnit
and its friends are working. Expect more useful tests
in the future ;)
* Factorise a bit the tests
This adds the 'airsonic.rememberMeKey' system property (can be set from
command-line with `-Dairsonic.rememberMeKey=<value>`) as well as a
'RememberMeKey' setting in airsonic.properties, so that the key used for
generating 'remember me' tokens can be persisted across server restarts.
It also adds a default, insecure key in case we are running in
development mode with the 'airsonic.development' property set.
I bumped it first to 2.X with jQuery migrate, played around but didn't manage
to trigger any warning. So I bumped it again to the latest available version,
jQuery 3.4.0, which isn't triggering useful warnings either.
This page wasn't linked anywhere, and was
allowing an administrator to issue arbitrary sql
comments, and was vulnerable to reflected XSS.
We should get rid of it. If you really want to issue
SQL commands, just ssh to your instance and do it from here.
In case of exceptions, Airsonic logs the full URL that triggered it
since 417583cc, including possibly sensitive query parameters such as
the authentication password/tokens passed to the Subsonic API.
This replaces the value set for this parameter in the URL by the
"<hidden>" string.
Because Double Brace Initialization (DBI) creates an anonymous class with a
reference to the instance of the owning object, its use can lead to memory
leaks if the anonymous inner class is returned and held by other objects. Even
when there's no leak, DBI is so obscure that it's bound to confuse most
maintainers.
Since the `border: 0;` property is applied
to every checkbox, there is no need for a class.
This is also a good opportunity to use ternaries
for the `checked` attribute, instead of clumsy `if`.
I guess that this is a bit silly in 2019,
but since people tend to use weird browsers in weird
places, disabling autocompletion here might prevent
the password from ending up in some local cache.