prevent opening non-music files through the media ajax api

author Robin Appelman <icewind@owncloud.com>

Sat, 9 Jun 2012 15:39:14 +0000 (17:39 +0200)

committer Robin Appelman <icewind@owncloud.com>

Sat, 9 Jun 2012 15:39:14 +0000 (17:39 +0200)
author Robin Appelman <icewind@owncloud.com>
Sat, 9 Jun 2012 15:39:14 +0000 (17:39 +0200)
committer Robin Appelman <icewind@owncloud.com>
Sat, 9 Jun 2012 15:39:14 +0000 (17:39 +0200)
diff --git a/apps/media/ajax/api.php b/apps/media/ajax/api.php

index 6e269f3bb78cd9711578c8d3371687cdd81b62da..a229c17e80423a17940307480eb1209ec8b285fd 100644 (file)
--- a/apps/media/ajax/api.php
+++ b/apps/media/ajax/api.php
@@ -103,6 +103,10 @@ if($arguments['action']){
                         @ob_end_clean();
                         
                         $ftype=OC_Filesystem::getMimeType( $arguments['path'] );
+                       if(substr($ftype,0,5)!='audio' and $ftype!='application/ogg'){
+                               echo 'Not an audio file';
+                               exit();
+                       }
                         
                         $songId=OC_MEDIA_COLLECTION::getSongByPath($arguments['path']);
                         OC_MEDIA_COLLECTION::registerPlay($songId);
author	Robin Appelman <icewind@owncloud.com>
	Sat, 9 Jun 2012 15:39:14 +0000 (17:39 +0200)
committer	Robin Appelman <icewind@owncloud.com>
	Sat, 9 Jun 2012 15:39:14 +0000 (17:39 +0200)