From: Robin Appelman <icewind@owncloud.com>
Date: Sat, 9 Jun 2012 15:39:14 +0000 (+0200)
Subject: prevent opening non-music files through the media ajax api
X-Git-Tag: v4.5.0beta1~74^2~422^2~10
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=d065b2d29edb4bb72492dde46293e77fa03b50d6;p=nextcloud-server.git

prevent opening non-music files through the media ajax api
---

diff --git a/apps/media/ajax/api.php b/apps/media/ajax/api.php
index 6e269f3bb78..a229c17e804 100644
--- a/apps/media/ajax/api.php
+++ b/apps/media/ajax/api.php
@@ -103,6 +103,10 @@ if($arguments['action']){
 			@ob_end_clean();
 			
 			$ftype=OC_Filesystem::getMimeType( $arguments['path'] );
+			if(substr($ftype,0,5)!='audio' and $ftype!='application/ogg'){
+				echo 'Not an audio file';
+				exit();
+			}
 			
 			$songId=OC_MEDIA_COLLECTION::getSongByPath($arguments['path']);
 			OC_MEDIA_COLLECTION::registerPlay($songId);