jvoisin
3d54ef1afb
Mark the player cookie httpOnly
...
It doesn't improve much security-wise,
but it's a good practise anyway.
6 years ago
jvoisin
8f608485cb
Fix a typo
6 years ago
jvoisin
8123716d52
Remove unused loggers
6 years ago
jvoisin
4a06823057
Balance some synchronized
...
Balance synchronized used on getters and not setters
as well as the other way around.
6 years ago
jvoisin
d2f40b710b
Fix a possible stacktrace on RandomPlayQueue
6 years ago
Andrew DeMaria
a14c8549fa
Merge remote-tracking branch 'origin/pr/963'
6 years ago
Andrew DeMaria
a3e59e9724
Fix file encoding
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
e5c36d9854
Fix variable name
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
d8a5d1afad
Merge remote-tracking branch 'origin/pr/1034'
6 years ago
Andrew DeMaria
afc2f58ac5
Merge remote-tracking branch 'origin/pr/1036'
6 years ago
Andrew DeMaria
ab07462530
Update tomcat to 8.5.40
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
François-Xavier Thomas
820a4faec2
Avoid logging sensitive URL parameters in the Subsonic API
...
In case of exceptions, Airsonic logs the full URL that triggered it
since 417583cc
, including possibly sensitive query parameters such as
the authentication password/tokens passed to the Subsonic API.
This replaces the value set for this parameter in the URL by the
"<hidden>" string.
6 years ago
jvoisin
41408bc2c3
Replace the double-mustache anti-pattern
...
Because Double Brace Initialization (DBI) creates an anonymous class with a
reference to the instance of the owning object, its use can lead to memory
leaks if the anonymous inner class is returned and held by other objects. Even
when there's no leak, DBI is so obscure that it's bound to confuse most
maintainers.
6 years ago
jvoisin
c6825cf0d7
Minor refactorization of two methods in AbstractDao
6 years ago
François-Xavier Thomas
d9f164499f
Fix cancel button colors in 'Groove' dark theme
6 years ago
Andrew DeMaria
1463f75b06
Merge remote-tracking branch 'origin/pr/961'
6 years ago
Andrew DeMaria
693336af83
Merge remote-tracking branch 'origin/pr/967'
6 years ago
Andrew DeMaria
e2e1554e93
Merge remote-tracking branch 'origin/pr/968'
6 years ago
Andrew DeMaria
cddc2b2fa7
Merge remote-tracking branch 'origin/pr/983'
6 years ago
Andrew DeMaria
d03b4dd963
Merge remote-tracking branch 'origin/pr/984'
6 years ago
Andrew DeMaria
2030caa219
Merge remote-tracking branch 'origin/pr/994'
6 years ago
Andrew DeMaria
1bd70263bd
Merge remote-tracking branch 'origin/pr/989'
6 years ago
Andrew DeMaria
24f5c2d8f5
Merge remote-tracking branch 'origin/pr/1005'
6 years ago
Andrew DeMaria
3f9c525933
Merge remote-tracking branch 'origin/pr/1007'
6 years ago
Andrew DeMaria
50964fa378
Merge remote-tracking branch 'origin/pr/1002'
6 years ago
Andrew DeMaria
326583839e
Merge remote-tracking branch 'origin/pr/982'
6 years ago
Andrew DeMaria
a2b423aa82
Merge remote-tracking branch 'origin/pr/1020'
6 years ago
Andrew DeMaria
f5250e36f1
Merge remote-tracking branch 'origin/pr/1021'
6 years ago
Andrew DeMaria
fdfa244ad4
Merge remote-tracking branch 'origin/pr/1022'
6 years ago
Andrew DeMaria
fe08dd1c94
Merge remote-tracking branch 'origin/pr/1023'
6 years ago
Andrew DeMaria
969394a1c9
Merge remote-tracking branch 'origin/pr/1006'
6 years ago
jvoisin
a21188a064
Add a permission check for the podcast folder
...
This should make podcast-related stacktraces a bit
more obvious to debug for users.
6 years ago
jvoisin
716fd3635c
Remove a useless test page
6 years ago
jvoisin
e2683024af
Factorize a bit the checkbox-related CSS
...
Since the `border: 0;` property is applied
to every checkbox, there is no need for a class.
This is also a good opportunity to use ternaries
for the `checked` attribute, instead of clumsy `if`.
6 years ago
jvoisin
cf1f86f226
Move some video-cast-related inline js to an external file
6 years ago
jvoisin
af4165310f
Fix yet an other XSS
6 years ago
tesshucom
f54e72026f
version upgrade of spring-boot-dependencies,spring-boot-maven-plugin
...
- Safety version for CVE-2019-3795
- Match the new jetty ecj version because the version of ecj used by
tomcat and jetty is different.
6 years ago
jvoisin
e69287cfe6
Minor frameset-related factorization
6 years ago
Andrew DeMaria
10e90beb30
Refactor stream integration test
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
jvoisin
17f1d45e08
Remove mentions of subsonic premium
6 years ago
tesshucom
133cf666b7
Fix processing when artist and albumArtist are null
6 years ago
tesshucom
f5f1ec336f
Fix to get fields when file format is ID3v2.4
6 years ago
jvoisin
90cb02105e
Add a noopener and noreferrer to external urls
...
- noreferrer is used to prevent the browser from sending the referrer
to the visited site
- noopener fixes a fun class of bug: https://mathiasbynens.github.io/rel-noopener/
6 years ago
jvoisin
cdd47b36d2
Clicking on the logo now redirects to home instead of about
...
The previous behaviour was confusing, because on
most websites, clicking on the logo will redirect
to the main page, and not on the about one.
6 years ago
jvoisin
a200dd0c37
Don't autocomplete the password field
...
I guess that this is a bit silly in 2019,
but since people tend to use weird browsers in weird
places, disabling autocompletion here might prevent
the password from ending up in some local cache.
6 years ago
jvoisin
9dea3e9051
Add a CONTRIBUTING.md file
6 years ago
jvoisin
ec4b969e2c
Replace latin encoding with utf-8
6 years ago
jvoisin
5acabcae19
Remove resource bundles for messages as well
6 years ago
jo
eea9416fbe
[skip ci] Update stale labels
6 years ago
Andrew DeMaria
c3a1980ca2
Merge remote-tracking branch 'airsonic/pr/964'
6 years ago