When Tomcat is not available (for example, when using Jetty), the
ClientAbortException is not available either, causing an error when
starting the server.
This commit fixes that, and instead catches that exception (or its Jetty
equivalent) via reflection.
When streaming, log messages now show the URL and IP of the originating
request, so that it's easier to determine what client is listening to
something on the server.
The `ClientAbortException` exception indicates that the connection was
closed by the client, usually for something the server can do nothing
about (e.g. navigating outside of the page while it's loading).
Since this error happens often, this commit displays shorter error
messages when it does, without a large stack trace.
All other exceptions are handled just as before.
The only place where the string `webfx` is mentioned
was in playQueue.jsp, to include a small css file, twice,
that only applies to webfx components, that aren't used
anywhere in the codebase.
The inline javascript used with the cancel buttons
was only used to change the location.
Instead of doing this, it's easier to wrap
the button in a tag.
This is related to #909.
- Fix a stupid self-XSS. I doubt that there are ways to
use it against other users, but well, better safe than sorry
- Replace the javascript-on-focus hacks with the `autofocus` attribute
Previously, lost passwords were generated via
org.apache.commons.lang.RandomStringUtils,
which is using java.util.Random internally.
This PRNG is has a 48-bit seed, that can easily be bruteforced
if an attacker is able to get the PRNG's output, for example
but resetting their own account multiple times,
leading to trivial privileges escalation attacks.
This commit makes use of java.security.SecureRandom
instead.
I threw airsonic at IntelliJ's IDEA analysis,
and asked it to flag what could be modernized
for Java > 5.
- foreach instead of for…
- I added some null-deref checks
- Integer.ValueOf, since Integer(…) is deprecated
- Contextual try
- Objects.equals instead of handcrafted comparisons
- StringBuilder instead of StringBuffer
- Removal of outdated/wrong javadoc comments
This commit should fix the following javascript crash that
may occur if the localstorage isn't available/supported by the browser:
```
more.view:140 Uncaught TypeError: Cannot read property 'playCountValue' of null
at loadShuffleForm (more.view:140)
at HTMLDocument.<anonymous> (more.view:181)
at n (jquery-1.7.1.min.js:2)
at Object.fireWith (jquery-1.7.1.min.js:2)
at Function.ready (jquery-1.7.1.min.js:2)
at HTMLDocument.B (jquery-1.7.1.min.js:2)
```
Signed-off-by: jvoisin <julien.voisin@dustri.org>
pngfix.js is used for compatibility's reason
with IE 5 and 6. I think that now that we're in 2019,
we can get rid of it.
Signed-off-by: jvoisin <julien.voisin@dustri.org>
MomentJS was only used in a single javascript function,
to do Seconds → (Minutes, Seconds). This commit
replaces this with a hand-rolled version, and removes
MomentJS.
Signed-off-by: jvoisin <julien.voisin@dustri.org>
The FILES DEFRAG / FILES LOG SIZE properties are kept when upgrading to
2.x; it's enough that they were set once on 1.8. For new installations
the migration will still run with the correct SQL statements.
This will only affect the (embedded/legacy) HSQLDB driver. Even though
cff97ea9 should prevent the db log from getting uncontrollably large,
the 'Clean-up database' and 'Scan' actions will additionally force a
checkpoint to ensure this happens on big operations.
tesshucom
François-Xavier Thomas
jvoisin
Andrew DeMaria
Iwao AVE!
jo
Frank de Lange