Apache commons is providing Html-escaping, no need to reinvent the wheel:
> It supports all known HTML 4.0 entities, including funky accents. Note that the
> commonly used apostrophe escape character (') is not a legal entity and so
> is not supported).
So I manually checked that nothing is relying on escaped single-quotes,
and didn't manage to find anything that does.
If someone was using MariaDB before #1188, they were probably doing so
by using the MySQL JDBC driver to pass the migration (which had the
proper workarounds in place for some column types).
This commit assumes that the migrations done that way were valid and
produced the same result as running the MariaDB migrations after #1188.
Radeox is a rendering engine for an unspecified markup.
Its [website](http://radeox.org/) is dead, the website
of its [authors](http://www.codehaus.org/) is dead too,
its [last commit](https://github.com/codehaus/radeox) was 13 years ago.
It's only used for the welcome and login messages,
as well as comments from users. If we want to have some markup parsing,
we should use something maintained with autoescaping guarantees,
instead of a piece of zombie code prone to $DEITY knows what injections.
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
I accidentally deleted most of my music directory. The database was
still intact. I recovered the music directory by rolling back to a
previous ZFS snapshot and performed a reindex. However, libresonic did
not mark the deleted files as present. Turns out the file timestamp was
unchanged through the ZFS restore, and so libresonic still thought the
last indexing effort was still "good".
This adds the option to ignore file timestamps when scanning files. This
can be helpful in the case of a restore as described above. There might
be a better way to do this, as this was really a quick effort on my part
to fix my own libresonic.
This does not add a UI, just a single property that can be turned on by
editing the lilbresonic.properties file.
@fxthomas suggested this could instead be a query parameter on the
initial issue #359. That would basically move the potential UI to the
scan page. That would be fine, but I could imagine there might be cases
where people want this setting on all the time.
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>