jvoisin
af4165310f
Fix yet an other XSS
6 years ago
Andrew DeMaria
10e90beb30
Refactor stream integration test
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
jo
eea9416fbe
[skip ci] Update stale labels
6 years ago
Andrew DeMaria
c3a1980ca2
Merge remote-tracking branch 'airsonic/pr/964'
6 years ago
Andrew DeMaria
b128479972
Merge remote-tracking branch 'airsonic/pr/962'
6 years ago
Andrew DeMaria
4b2cf99adf
Merge remote-tracking branch 'airsonic/pr/951'
6 years ago
Andrew DeMaria
8e0d49834c
Merge remote-tracking branch 'airsonic/pr/929'
6 years ago
Andrew DeMaria
ab33b34a67
Merge remote-tracking branch 'airsonic/pr/898'
...
Conflicts:
airsonic-main/src/main/java/org/airsonic/player/controller/StreamController.java
6 years ago
tesshucom
131713aaf4
With Jetty
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
tesshucom
4cd9e9deac
revert cling-core, cling-support, seamless-util and configuration
6 years ago
Andrew DeMaria
8ed98ebb6b
Merge remote-tracking branch 'airsonic/pr/980'
6 years ago
jvoisin
9fb56c031b
Fix the systemd unit file for OpenJDK
6 years ago
jvoisin
7d865ea7a9
Add a lost meta back
6 years ago
jvoisin
8f74db2ec1
Remove the unused embedded copy of weupnp
6 years ago
jvoisin
422127e3f6
Replace the flash player with medialement.js for the shared media
6 years ago
François-Xavier Thomas
3f4a49c95a
Fix dependency error with org.eclipse.jetty.jetty
...
This is only used by reflection, and should be provided by the servlet
container (Tomcat or Jetty).
6 years ago
François-Xavier Thomas
51b738053f
Make it work even if Tomcat-specific exceptions are not available
...
When Tomcat is not available (for example, when using Jetty), the
ClientAbortException is not available either, causing an error when
starting the server.
This commit fixes that, and instead catches that exception (or its Jetty
equivalent) via reflection.
6 years ago
François-Xavier Thomas
ec96b9711d
Show more informative messages while streaming
...
When streaming, log messages now show the URL and IP of the originating
request, so that it's easier to determine what client is listening to
something on the server.
6 years ago
François-Xavier Thomas
417583ccaa
Do not show stack trace for client-side connection errors
...
The `ClientAbortException` exception indicates that the connection was
closed by the client, usually for something the server can do nothing
about (e.g. navigating outside of the page while it's loading).
Since this error happens often, this commit displays shorter error
messages when it does, without a large stack trace.
All other exceptions are handled just as before.
6 years ago
jvoisin
268dc6e13d
Factorise the key generation into a static method
6 years ago
Andrew DeMaria
f04ec61d0f
Merge remote-tracking branch 'airsonic/pr/958'
6 years ago
Andrew DeMaria
58f4dfdb2e
Merge remote-tracking branch 'airsonic/pr/957'
6 years ago
Andrew DeMaria
a59e8e4a9f
Merge remote-tracking branch 'airsonic/pr/956'
6 years ago
Andrew DeMaria
afb9c6bfb7
Merge remote-tracking branch 'airsonic/pr/954'
6 years ago
Andrew DeMaria
1daa6cff6e
Merge remote-tracking branch 'airsonic/pr/952'
6 years ago
Andrew DeMaria
72609a8d0c
Merge remote-tracking branch 'airsonic/pr/950'
6 years ago
Andrew DeMaria
c460a16628
Merge remote-tracking branch 'airsonic/pr/928'
6 years ago
jvoisin
aff7bd3d57
Remove webfx stuff, since they're apparently not used
...
The only place where the string `webfx` is mentioned
was in playQueue.jsp, to include a small css file, twice,
that only applies to webfx components, that aren't used
anywhere in the codebase.
6 years ago
jvoisin
db2592a84b
Delete AC_OETags.js since it's not used anywhere
6 years ago
jvoisin
c9212805be
Remove jquery-contextmenu since it's not used anywhere
6 years ago
jvoisin
87442320fc
Try to run jkd9 on travis-ci
6 years ago
jvoisin
d35834c0e7
Fix a bunch of dom-based xss
...
This should close #633
6 years ago
jvoisin
0d6cbb60ed
Use https for external links
6 years ago
jvoisin
3e07ea5288
Use a random key to "encrypt" the remember-me cookie's value
...
Since Spring's default remember-me technique is
terrible security-wise (`user:timstamp:md5(use:timestamp:password:key)`),
we should at least use a random key, instead of a fixed one,
otherwise, and attacker able to capture the cookies
might be able to trivially bruteforce offline
the password of the associated user.
6 years ago
jvoisin
ab1690b1fe
Don't display the title if it's empty
6 years ago
Andrew DeMaria
83882b18d9
Merge remote-tracking branch 'airsonic/pr/919'
6 years ago
Andrew DeMaria
81835aa589
Merge remote-tracking branch 'airsonic/pr/934'
6 years ago
Andrew DeMaria
f8f5c4a6bf
Merge remote-tracking branch 'airsonic/pr/936'
6 years ago
Andrew DeMaria
b73ab9c45e
Merge remote-tracking branch 'airsonic/pr/949'
6 years ago
Andrew DeMaria
78ee5bd1da
Merge remote-tracking branch 'airsonic/pr/948'
6 years ago
Andrew DeMaria
221a0ed933
Merge remote-tracking branch 'airsonic/pr/945'
6 years ago
jvoisin
ac1c887698
Remove Google+ relics
...
Google+ is dead: https://developers.google.com/+/
6 years ago
jvoisin
cb0866d5fd
Download dependencies via https on download.java.net
6 years ago
Andrew DeMaria
edd097ad5b
Add a couple of static analysis badges
6 years ago
jvoisin
5edebf7885
Remove inline javascript on the `cancel` buttons
...
The inline javascript used with the cancel buttons
was only used to change the location.
Instead of doing this, it's easier to wrap
the button in a tag.
This is related to #909 .
6 years ago
Andrew DeMaria
cd45717256
Merge remote-tracking branch 'airsonic/pr/938'
6 years ago
Andrew DeMaria
570abe69d5
Merge remote-tracking branch 'airsonic/pr/939'
6 years ago
Andrew DeMaria
d5500ce3d2
Merge remote-tracking branch 'airsonic/pr/941'
6 years ago
Andrew DeMaria
41a5ae06d5
Merge remote-tracking branch 'airsonic/pr/922'
6 years ago
Andrew DeMaria
6613bd86d5
Merge remote-tracking branch 'airsonic/pr/907'
6 years ago