Skip to content
Permalink
Browse files

4.0.1

* Bug fix that would cause albums to be recreated in Album::check
* Added 'file' to Song::find
  • Loading branch information
lachlan-00 committed Nov 25, 2019
1 parent 225d57e commit acc4fd35b2c4f39b3c4e3c86ee196b2d454007a3
Showing with 43 additions and 4 deletions.
  1. +24 −0 SECURITY.md
  2. +5 −0 docs/CHANGELOG.md
  3. +5 −2 lib/class/album.class.php
  4. +7 −0 lib/class/song.class.php
  5. +1 −1 lib/init.php
  6. +1 −1 templates/show_object_rating.inc.php
@@ -0,0 +1,24 @@
# Security Policy

## Supported Versions

Now that version 4 is out all previous 3.x releases are considered unsupported.

| Version | Supported |
| ------- | ------------------ |
| 4.x.x | :white_check_mark: |
| < 4.0 | :x: |

## Reporting a Vulnerability

Report all security issues directly to me lachlan.00 [at] gmail [dot] com

Use the following format

Subject:
Security Issue, Amapche [version number of git branch]

Body:
Description, execution steps and contact information to reply. (A github account to tag in the created issue would be good)

All reported issues will be examined and an issue will be created to track against.
@@ -1,5 +1,10 @@
# CHANGELOG

## 4.0.1

* Bug fix that would cause albums to be recreated in Album::check
* Added 'file' to Song::find

## 4.0.0

### Backend
@@ -503,7 +503,7 @@ public static function check($name, $year = 0, $disk = 1, $mbid = null, $mbid_gr
return self::$_mapcache[$name][$disk][$year][$original_year][$mbid][$mbid_group][$album_artist];
}

$sql = "SELECT `album`.`id` FROM `album` WHERE (`album`.`name` = ? OR LTRIM(CONCAT(COALESCE(`album`.`prefix`, ''), ' ', `album`.`name`)) = ?) AND `album`.`disk` = ? AND `album`.`year` = ? AND `album`.`original_year` = ? ";
$sql = "SELECT `album`.`id` FROM `album` WHERE (`album`.`name` = ? OR LTRIM(CONCAT(COALESCE(`album`.`prefix`, ''), ' ', `album`.`name`)) = ?) AND `album`.`disk` = ? AND `album`.`year` = ? ";
$params = array($name, $name, $disk, $year, $original_year);

if ($mbid) {
@@ -516,11 +516,14 @@ public static function check($name, $year = 0, $disk = 1, $mbid = null, $mbid_gr
$sql .= 'AND `album`.`prefix` = ? ';
$params[] = $prefix;
}

if ($album_artist) {
$sql .= 'AND `album`.`album_artist` = ? ';
$params[] = $album_artist;
}
if ($original_year) {
$sql .= 'AND `album`.`original_year` = ? ';
$params[] = $original_year;
}

$db_results = Dba::read($sql, $params);

@@ -784,6 +784,13 @@ public static function find($data)
return $results['id'];
}
}
if ($data['file']) {
$sql = $sql_base . " WHERE `song`.`file` = ? LIMIT 1";
$db_results = Dba::read($sql, array($data['file']));
if ($results = Dba::fetch_assoc($db_results)) {
return $results['id'];
}
}

$where = "WHERE `song`.`title` = ?";
$sql = $sql_base;
@@ -68,7 +68,7 @@

$results['load_time_begin'] = $load_time_begin;
/** This is the version.... fluff nothing more... **/
$results['version'] = '4.0.0-release';
$results['version'] = '4.0.1-release';
$results['int_config_version'] = '40';

if (!empty($results['force_ssl'])) {
@@ -43,7 +43,7 @@

//set the current rating background
echo '<li class="current-rating" style="width:' . $width . '%" >';
echo T_('Current rating: ');
echo T_('Current rating') . ': ';
if ($rate <= 0) {
echo T_('not rated yet') . "</li>\n";
} else {

0 comments on commit acc4fd3

Please sign in to comment.
You can’t perform that action at this time.