storm/minidlna
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* Improve escaping of special characters in returned XML. Should close SF bug ID 2717054.

Browse Source
This commit is contained in:
Justin Maggard 2009-04-01 22:41:27 +00:00
parent d937f13526
commit ea70f079f2
2 changed files with 63 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
albumart.c
View File

@ -182,7 +182,7 @@ check_for_album_file(char * dir)
{ {
imsrc = image_new_from_jpeg(file, 1, NULL, 0); imsrc = image_new_from_jpeg(file, 1, NULL, 0);
if( !imsrc ) if( !imsrc )
return NULL; continue;
width = imsrc->width; width = imsrc->width;
height = imsrc->height; height = imsrc->height;
if( width > 160 || height > 160 ) if( width > 160 || height > 160 )

101
metadata.c
View File

@ -99,24 +99,44 @@ get_fourcc(const char *s)
return (s[0]) + (s[1]<<8) + (s[2]<<16) + (s[3]<<24); return (s[0]) + (s[1]<<8) + (s[2]<<16) + (s[3]<<24);
} }
char *
escape_tag(const char *tag)
{
char *esc_tag = NULL;
if( index(tag, '&') || index(tag, '<') || index(tag, '>') )
{
esc_tag = strdup(tag);
esc_tag = modifyString(esc_tag, "&", "&amp;amp;", 0);
esc_tag = modifyString(esc_tag, "<", "&amp;lt;", 0);
esc_tag = modifyString(esc_tag, ">", "&amp;gt;", 0);
}
return esc_tag;
}
sqlite_int64 sqlite_int64
GetFolderMetadata(const char * name, const char * path, const char * artist, const char * genre, const char * album_art, const char * art_dlna_pn) GetFolderMetadata(const char * name, const char * path, const char * artist, const char * genre, const char * album_art, const char * art_dlna_pn)
{ {
char * sql; char * sql;
char * esc_name = NULL;
int ret; int ret;
sql = sqlite3_mprintf( "INSERT into DETAILS" esc_name = escape_tag(name);
" (TITLE, PATH, CREATOR, ARTIST, GENRE, ALBUM_ART, ART_DLNA_PN) " sql = sqlite3_mprintf( "INSERT into DETAILS"
"VALUES" " (TITLE, PATH, CREATOR, ARTIST, GENRE, ALBUM_ART, ART_DLNA_PN) "
" ('%q', %Q, %Q, %Q, %Q, %lld, %Q);", "VALUES"
name, path, artist, artist, genre, " ('%q', %Q, %Q, %Q, %Q, %lld, %Q);",
album_art ? strtoll(album_art, NULL, 10) : 0, esc_name ? esc_name : name,
art_dlna_pn); path, artist, artist, genre,
album_art ? strtoll(album_art, NULL, 10) : 0,
art_dlna_pn);
if( sql_exec(db, sql) != SQLITE_OK ) if( sql_exec(db, sql) != SQLITE_OK )
ret = 0; ret = 0;
else else
ret = sqlite3_last_insert_rowid(db); ret = sqlite3_last_insert_rowid(db);
if( esc_name )
free(esc_name);
sqlite3_free(sql); sqlite3_free(sql);
return ret; return ret;
@ -130,6 +150,7 @@ GetAudioMetadata(const char * path, char * name)
sqlite_int64 ret; sqlite_int64 ret;
char *sql; char *sql;
char *title, *artist = NULL, *album = NULL, *genre = NULL, *comment = NULL, *date = NULL; char *title, *artist = NULL, *album = NULL, *genre = NULL, *comment = NULL, *date = NULL;
char *esc_tag;
int i, free_flags = 0; int i, free_flags = 0;
sqlite_int64 album_art = 0; sqlite_int64 album_art = 0;
char art_dlna_pn[9]; char art_dlna_pn[9];
@ -187,10 +208,10 @@ GetAudioMetadata(const char * path, char * name)
if( title ) if( title )
{ {
title = trim(title); title = trim(title);
if( index(title, '&') ) if( (esc_tag = escape_tag(title)) )
{ {
free_flags |= FLAG_TITLE; free_flags |= FLAG_TITLE;
title = modifyString(strdup(title), "&", "&amp;amp;", 0); title = esc_tag;
} }
} }
else else
@ -201,44 +222,40 @@ GetAudioMetadata(const char * path, char * name)
{ {
if( song.contributor[i] ) if( song.contributor[i] )
{ {
artist = song.contributor[i]; artist = trim(song.contributor[i]);
artist = trim(artist); if( (esc_tag = escape_tag(artist)) )
if( index(artist, '&') )
{ {
free_flags |= FLAG_ARTIST; free_flags |= FLAG_ARTIST;
artist = modifyString(strdup(artist), "&", "&amp;amp;", 0); artist = esc_tag;
} }
break; break;
} }
} }
if( song.album ) if( song.album )
{ {
album = song.album; album = trim(song.album);
album = trim(album); if( (esc_tag = escape_tag(album)) )
if( index(album, '&') )
{ {
free_flags |= FLAG_ALBUM; free_flags |= FLAG_ALBUM;
album = modifyString(strdup(album), "&", "&amp;amp;", 0); album = esc_tag;
} }
} }
if( song.genre ) if( song.genre )
{ {
genre = song.genre; genre = trim(song.genre);
genre = trim(genre); if( (esc_tag = escape_tag(genre)) )
if( index(genre, '&') )
{ {
free_flags |= FLAG_GENRE; free_flags |= FLAG_GENRE;
genre = modifyString(strdup(genre), "&", "&amp;amp;", 0); genre = esc_tag;
} }
} }
if( song.comment ) if( song.comment )
{ {
comment = song.comment; comment = trim(song.comment);
comment = trim(comment); if( (esc_tag = escape_tag(comment)) )
if( index(comment, '&') )
{ {
free_flags |= FLAG_COMMENT; free_flags |= FLAG_COMMENT;
comment = modifyString(strdup(comment), "&", "&amp;amp;", 0); comment = esc_tag;
} }
} }
@ -313,6 +330,7 @@ GetImageMetadata(const char * path, char * name)
off_t size; off_t size;
char date[64], make[32], model[64]; char date[64], make[32], model[64];
char b[1024]; char b[1024];
char *esc_name = NULL;
struct stat file; struct stat file;
sqlite_int64 ret; sqlite_int64 ret;
char *sql; char *sql;
@ -328,6 +346,7 @@ GetImageMetadata(const char * path, char * name)
else else
return 0; return 0;
strip_ext(name); strip_ext(name);
esc_name = escape_tag(name);
//DEBUG DPRINTF(E_DEBUG, L_METADATA, " * size: %d\n", size); //DEBUG DPRINTF(E_DEBUG, L_METADATA, " * size: %d\n", size);
/* MIME hard-coded to JPEG for now, until we add PNG support */ /* MIME hard-coded to JPEG for now, until we add PNG support */
@ -434,7 +453,7 @@ GetImageMetadata(const char * path, char * name)
" (PATH, TITLE, SIZE, DATE, RESOLUTION, THUMBNAIL, CREATOR, DLNA_PN, MIME) " " (PATH, TITLE, SIZE, DATE, RESOLUTION, THUMBNAIL, CREATOR, DLNA_PN, MIME) "
"VALUES" "VALUES"
" (%Q, '%q', %llu, '%s', %Q, %d, '%q', %Q, %Q);", " (%Q, '%q', %llu, '%s', %Q, %d, '%q', %Q, %Q);",
path, name, size, date, m.resolution, thumb, model, m.dlna_pn, m.mime); path, esc_name?esc_name:name, size, date, m.resolution, thumb, model, m.dlna_pn, m.mime);
//DEBUG DPRINTF(E_DEBUG, L_METADATA, "SQL: %s\n", sql); //DEBUG DPRINTF(E_DEBUG, L_METADATA, "SQL: %s\n", sql);
if( sql_exec(db, sql) != SQLITE_OK ) if( sql_exec(db, sql) != SQLITE_OK )
{ {
@ -452,6 +471,8 @@ GetImageMetadata(const char * path, char * name)
free(m.dlna_pn); free(m.dlna_pn);
if( m.mime ) if( m.mime )
free(m.mime); free(m.mime);
if( esc_name )
free(esc_name);
return ret; return ret;
} }
@ -463,6 +484,7 @@ GetVideoMetadata(const char * path, char * name)
char *sql; char *sql;
int ret, i; int ret, i;
struct tm *modtime; struct tm *modtime;
char *esc_name = NULL;
char date[20]; char date[20];
AVFormatContext *ctx; AVFormatContext *ctx;
int audio_stream = -1, video_stream = -1; int audio_stream = -1, video_stream = -1;
@ -482,6 +504,7 @@ GetVideoMetadata(const char * path, char * name)
size = file.st_size; size = file.st_size;
} }
strip_ext(name); strip_ext(name);
esc_name = escape_tag(name);
//DEBUG DPRINTF(E_DEBUG, L_METADATA, " * size: %d\n", size); //DEBUG DPRINTF(E_DEBUG, L_METADATA, " * size: %d\n", size);
av_register_all(); av_register_all();
@ -859,18 +882,16 @@ GetVideoMetadata(const char * path, char * name)
} }
av_close_input_file(ctx); av_close_input_file(ctx);
sql = sqlite3_mprintf( "INSERT into DETAILS" sql = sqlite3_mprintf( "INSERT into DETAILS"
" (PATH, SIZE, DURATION, DATE, CHANNELS, BITRATE, SAMPLERATE, RESOLUTION," " (PATH, SIZE, DURATION, DATE, CHANNELS, BITRATE, SAMPLERATE, RESOLUTION,"
" TITLE, DLNA_PN, MIME) " " TITLE, DLNA_PN, MIME) "
"VALUES" "VALUES"
" (%Q, %lld, %Q, %Q, %Q, %Q, %Q, %Q, '%q', %Q, '%q');", " (%Q, %lld, %Q, %Q, %Q, %Q, %Q, %Q, '%q', %Q, '%q');",
path, size, m.duration, path, size, m.duration,
strlen(date) ? date : NULL, strlen(date) ? date : NULL,
m.channels, m.channels, m.bitrate, m.frequency, m.resolution,
m.bitrate, esc_name?esc_name:name,
m.frequency, m.dlna_pn, m.mime);
m.resolution,
name, m.dlna_pn, m.mime);
//DEBUG DPRINTF(E_DEBUG, L_METADATA, "SQL: %s\n", sql); //DEBUG DPRINTF(E_DEBUG, L_METADATA, "SQL: %s\n", sql);
if( sql_exec(db, sql) != SQLITE_OK ) if( sql_exec(db, sql) != SQLITE_OK )
{ {
@ -898,6 +919,8 @@ GetVideoMetadata(const char * path, char * name)
free(m.bps); free(m.bps);
if( m.channels ) if( m.channels )
free(m.channels); free(m.channels);
if( esc_name )
free(esc_name);
return ret; return ret;
} }