Evan Harris
59db5073e3
Added webm to default video file types
5 years ago
Andrew DeMaria
42bced139f
Small refactor on httpservletrequest injection
5 years ago
Evan Harris
983d688cce
Added validation to reject things disallowed on the current user
5 years ago
Evan Harris
a4c62f6860
Disallow deleting your own user or removing admin role
5 years ago
Evan Harris
79b800656a
Cleanup siebling -> sibling mis-spellings
5 years ago
jvoisin
1640411573
Fix some invalid/incomplete javadoc comments
5 years ago
jvoisin
4fbc080098
Please the linter
5 years ago
jvoisin
70bc0f6c04
Remove the ghetto REST flash-based video player
5 years ago
jvoisin
1f1a22fca5
Remove the deprecated getAlphabetialAlbums method
5 years ago
jvoisin
643be3930f
Remove superfluous casts
5 years ago
jvoisin
3202a1086d
Minor simplification
...
`.sorted(Comparator.reverseOrder()).findFirst()`
can be replaced with `max(Comparator.naturalOrder()`
5 years ago
jvoisin
def5f854fb
Inline some variables
...
There is no point in `Type a = …; return a;`
5 years ago
jvoisin
57df709cd8
Replace things like size == 0 with isEmpty
5 years ago
jvoisin
977b656bc6
Remove superfluous escape in two regexp
5 years ago
jvoisin
828c1b2674
Use modern Spring mapping annotations
...
Java is verbose enough, no need to make it worse.
5 years ago
jvoisin
3492fc0c05
Fix a crash when transcoding a track without album
5 years ago
jvoisin
b1eb0536b8
Fix a crash when transcoding a track without artist
5 years ago
jvoisin
e283ac46a8
Fix downloads with embedded covers
...
Previously, this would always fail with
embedded covers.
5 years ago
jvoisin
b697dc5bfc
An other batch of LGTM-found issues
5 years ago
tesshucom
1c4a70af99
Fixed null check with StringUtils/ObjectUtils.
5 years ago
Peter Marheine
3efa2d3e2c
Remove the option to never set Content-Length
...
This workaround is obsolete with correct handling of ranges when
requested.
5 years ago
Peter Marheine
9be2a8892f
More correctly handle stream ranges
...
When transcoding, always use chunked transfers and report that ranges
are not supported. When not transcoding, support returning ranges but
only if requested.
5 years ago
Peter Marheine
3e97186043
Omit unnecessary null check on ranges
5 years ago
Peter Marheine
47eefc1369
Refactor output streaming for readability
...
The core loop was put together confusingly; this encapsulates the
process of constructing an OutputStream and reformats some.
5 years ago
Peter Marheine
cae8f8b4e5
Reformat stream controller some
...
Mostly just whitespace changes, shortening lines for readability. Adds a
few comments that outline what's supposed to happen.
5 years ago
Peter Marheine
d42af4575f
Add some @Nullable annotations
...
Making it easier to tell where API contracts allow nulls, where it's
otherwise unclear without reading the implementation.
5 years ago
Peter Marheine
5077e0d5e1
Short circuit RangeOutputStream for open ranges
...
There's no reason to wrap a stream in an output that will do nothing, as
when the requested range is 0-; eg the entire stream.
5 years ago
jvoisin
ab03526620
Fix two NULL-deref
5 years ago
François-Xavier Thomas
f57ad3f27b
Fix typo in anonymous user name ( #663 )
6 years ago
François-Xavier Thomas
8a90d9f77b
Add system properties for persisting the 'remember me' key
...
This adds the 'airsonic.rememberMeKey' system property (can be set from
command-line with `-Dairsonic.rememberMeKey=<value>`) as well as a
'RememberMeKey' setting in airsonic.properties, so that the key used for
generating 'remember me' tokens can be persisted across server restarts.
It also adds a default, insecure key in case we are running in
development mode with the 'airsonic.development' property set.
6 years ago
jvoisin
348c698e35
Remove the /db page
...
This page wasn't linked anywhere, and was
allowing an administrator to issue arbitrary sql
comments, and was vulnerable to reflected XSS.
We should get rid of it. If you really want to issue
SQL commands, just ssh to your instance and do it from here.
6 years ago
jvoisin
d3970a5c62
Fix various minor issues found by LGTM
...
- Unnecessary boxing
- Integer overflow
- Path traversal via zip
- Dangerous synchronization pattern
6 years ago
jvoisin
3d54ef1afb
Mark the player cookie httpOnly
...
It doesn't improve much security-wise,
but it's a good practise anyway.
6 years ago
jvoisin
8f608485cb
Fix a typo
6 years ago
jvoisin
8123716d52
Remove unused loggers
6 years ago
jvoisin
4a06823057
Balance some synchronized
...
Balance synchronized used on getters and not setters
as well as the other way around.
6 years ago
jvoisin
d2f40b710b
Fix a possible stacktrace on RandomPlayQueue
6 years ago
Andrew DeMaria
a3e59e9724
Fix file encoding
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
e5c36d9854
Fix variable name
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
François-Xavier Thomas
820a4faec2
Avoid logging sensitive URL parameters in the Subsonic API
...
In case of exceptions, Airsonic logs the full URL that triggered it
since 417583cc
, including possibly sensitive query parameters such as
the authentication password/tokens passed to the Subsonic API.
This replaces the value set for this parameter in the URL by the
"<hidden>" string.
6 years ago
jvoisin
41408bc2c3
Replace the double-mustache anti-pattern
...
Because Double Brace Initialization (DBI) creates an anonymous class with a
reference to the instance of the owning object, its use can lead to memory
leaks if the anonymous inner class is returned and held by other objects. Even
when there's no leak, DBI is so obscure that it's bound to confuse most
maintainers.
6 years ago
jvoisin
c6825cf0d7
Minor refactorization of two methods in AbstractDao
6 years ago
jvoisin
a21188a064
Add a permission check for the podcast folder
...
This should make podcast-related stacktraces a bit
more obvious to debug for users.
6 years ago
jvoisin
716fd3635c
Remove a useless test page
6 years ago
tesshucom
133cf666b7
Fix processing when artist and albumArtist are null
6 years ago
tesshucom
f5f1ec336f
Fix to get fields when file format is ID3v2.4
6 years ago
jvoisin
ec4b969e2c
Replace latin encoding with utf-8
6 years ago
tesshucom
131713aaf4
With Jetty
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
tesshucom
4cd9e9deac
revert cling-core, cling-support, seamless-util and configuration
6 years ago
François-Xavier Thomas
51b738053f
Make it work even if Tomcat-specific exceptions are not available
...
When Tomcat is not available (for example, when using Jetty), the
ClientAbortException is not available either, causing an error when
starting the server.
This commit fixes that, and instead catches that exception (or its Jetty
equivalent) via reflection.
6 years ago