Fix multi genres #939
Fix multi genres #939
Conversation
soncaokim
force-pushed
the
fix-multi-genres
branch
from
e68d0c7
to
39d629a
Compare
|
@gaycodegal There is actually more to do with mutli-genres support - I overlooked this part as well. This PR provides necessary missing bits for that. Otherwise genres filled with '\n' (from the tag editor screens) wont be interpreted correctly. |
|
@soncaokim oh thanks for the catch. I hadnt checked unicode normalization, or perhaps it was that i didnt check full app boot cycle. One question though, is Song.toString used anywhere important? it looks like something that could be vulnerable to injection attacks if its used in anything important, such as being interpreted as code. we might wish to escape our values for all fields to prevent malicious uses if this is indeed used anywhere as code / with a database |
|
like for example, users can store newlines in any field regardless of if we personally want them to or not. If genres broke it, conceivably other fields may as well; we just dont test for that |
|
and also what about single quote injections - does unicode normalization safeguard against that or not |
|
Hi, as of now, the app does nothing special to prevent SQL injection, beside some common practice such as replacement parameter or query (cf https://developer.android.com/privacy-and-security/risks/sql-injection) |
|
@soncaokim ah ok so that is SQL then. I'll fix it when I have time. From my brief reading of the code, we are not safe against malicious files, and you could theoretically make an mp3 file that causes the app to not open |
Add missing implementation to support multi-genre (loading and saving)