diff -Nru ampache-3.6-rzb2779+dfsg/debian/changelog ampache-3.6-rzb2779+dfsg/debian/changelog --- ampache-3.6-rzb2779+dfsg/debian/changelog 2016-03-23 01:38:32.000000000 +0000 +++ ampache-3.6-rzb2779+dfsg/debian/changelog 2021-01-14 13:46:39.000000000 +0000 @@ -1,3 +1,21 @@ +ampache (3.6-rzb2779+dfsg-0ubuntu9.2) xenial-security; urgency=medium + + * SECURITY UPDATE: SQL Injection and XSS vulnerabilities + - debian/patches/04_CVE-2019-12385_CVE-2019-12386.patch: Fix search engine + and the LocalPlay "add instance" functionality. + - CVE-2019-12385 + - CVE-2019-12386 + + -- Paulo Flabiano Smorigo Tue, 12 Jan 2021 13:26:25 +0000 + +ampache (3.6-rzb2779+dfsg-0ubuntu9.1) xenial; urgency=medium + + * debian/patches/04_rename_error_to_amperror.patch: Backport 'Rename + Error class to AmpError (fix php7 Error class name conflict)'. + Closes LP: #1578201. + + -- Nishanth Aravamudan Fri, 24 Jun 2016 08:21:47 -0700 + ampache (3.6-rzb2779+dfsg-0ubuntu9) xenial; urgency=medium * Update to PHP7.0 dependencies (LP: #1544352). diff -Nru ampache-3.6-rzb2779+dfsg/debian/patches/04_CVE-2019-12385_CVE-2019-12386.patch ampache-3.6-rzb2779+dfsg/debian/patches/04_CVE-2019-12385_CVE-2019-12386.patch --- ampache-3.6-rzb2779+dfsg/debian/patches/04_CVE-2019-12385_CVE-2019-12386.patch 1970-01-01 00:00:00.000000000 +0000 +++ ampache-3.6-rzb2779+dfsg/debian/patches/04_CVE-2019-12385_CVE-2019-12386.patch 2021-01-14 13:36:45.000000000 +0000 @@ -0,0 +1,337 @@ +--- ampache-3.6-rzb2779+dfsg.orig/albums.php ++++ ampache-3.6-rzb2779+dfsg/albums.php +@@ -78,7 +78,7 @@ switch ($_REQUEST['action']) { + + if ($image_data) { + $art->insert($image_data,$upload['0']['mime']); +- show_confirmation(T_('Album Art Inserted'),'',"/albums.php?action=show&album=" . $_REQUEST['album_id']); ++ show_confirmation(T_('Album Art Inserted'),'',"/albums.php?action=show&album=" . scrub_in($_REQUEST['album_id'])); + break; + + } // if image data +--- ampache-3.6-rzb2779+dfsg.orig/artists.php ++++ ampache-3.6-rzb2779+dfsg/artists.php +@@ -29,9 +29,9 @@ UI::show_header(); + */ + switch($_REQUEST['action']) { + case 'show': +- $artist = new Artist($_REQUEST['artist']); ++ $artist = new Artist(scrub_in($_REQUEST['artist'])); + $artist->format(); +- $object_ids = $artist->get_albums($_REQUEST['catalog']); ++ $object_ids = $artist->get_albums(scrub_in($_REQUEST['catalog'])); + $object_type = 'album'; + require_once Config::get('prefix') . '/templates/show_artist.inc.php'; + if (Config::get('show_similar')) { +@@ -44,7 +44,7 @@ switch($_REQUEST['action']) { + } + break; + case 'show_all_songs': +- $artist = new Artist($_REQUEST['artist']); ++ $artist = new Artist(scrub_in($_REQUEST['artist'])); + $artist->format(); + $object_type = 'song'; + $object_ids = $artist->get_songs(); +@@ -52,19 +52,19 @@ switch($_REQUEST['action']) { + break; + case 'update_from_tags': + $type = 'artist'; +- $object_id = intval($_REQUEST['artist']); ++ $object_id = intval(scrub_in($_REQUEST['artist'])); + $target_url = Config::get('web_path') . "/artists.php?action=show&artist=" . $object_id; + require_once Config::get('prefix') . '/templates/show_update_items.inc.php'; + break; + case 'rename_similar': + if (!$user->has_access('100')) { UI::access_denied(); } + $count = 0; +- if (isset($_REQUEST['artist']) && is_numeric($_REQUEST['artist']) && isset($_REQUEST['artists']) && is_array($_REQUEST['artists'])) { ++ if (isset(scrub_in($_REQUEST['artist'])) && is_numeric(scrub_in($_REQUEST['artist'])) && isset($_REQUEST['artists']) && is_array($_REQUEST['artists'])) { + $artist = new Artist($_REQUEST['artist']); + if ($artist->id) + foreach ($_REQUEST['artists'] as $artist_id) { + if (is_numeric($artist_id)) { +- $that_artist = new Artist($artist_id); ++ $that_artist = new Artist(scrub_in($artist_id)); + if ($that_artist->id) { + $that_artist->merge($artist->id); + $count++; +@@ -75,7 +75,7 @@ switch($_REQUEST['action']) { + } + } + else +- $GLOBALS['error']->add_error('general', sprintf(T_('Error: No such artist \'%s\''), $_REQUEST['artist'])); ++ $GLOBALS['error']->add_error('general', sprintf(T_('Error: No such artist \'%s\''), scrub_in($_REQUEST['artist']))); + } else { + $GLOBALS['error']->add_error('general', T_("Error: Errenous request")); + } +@@ -96,7 +96,7 @@ switch($_REQUEST['action']) { + exit; + } + +- $artist = new Artist($_REQUEST['artist']); ++ $artist = new Artist(scrub_in($_REQUEST['artist'])); + //options + $similar_artists = $artist->get_similar_artists( + make_bool($_POST['n_rep_uml']), +@@ -117,7 +117,7 @@ switch($_REQUEST['action']) { + if (!$user->has_access('100')) { UI::access_denied(); } + + /* Get the artist */ +- $artist = new Artist($_REQUEST['artist']); ++ $artist = new Artist(scrub_in($_REQUEST['artist'])); + $catalog = new Catalog(); + + //check if we've been given a target +@@ -175,7 +175,7 @@ switch($_REQUEST['action']) { + } + break; + case 'show_rename': +- $artist = new Artist($_REQUEST['artist']); ++ $artist = new Artist(scrub_in($_REQUEST['artist'])); + require Config::get('prefix') . '/templates/show_rename_artist.inc.php'; + break; + case 'match': +--- ampache-3.6-rzb2779+dfsg.orig/batch.php ++++ ampache-3.6-rzb2779+dfsg/batch.php +@@ -38,12 +38,12 @@ switch ($_REQUEST['action']) { + $name = $GLOBALS['user']->username . ' - Playlist'; + break; + case 'playlist': +- $playlist = new Playlist($_REQUEST['id']); ++ $playlist = new Playlist(scrub_in($_REQUEST['id'])); + $media_ids = $playlist->get_songs(); + $name = $playlist->name; + break; + case 'smartplaylist': +- $search = new Search('song', $_REQUEST['id']); ++ $search = new Search('song', scrub_in($_REQUEST['id'])); + $sql = $search->to_sql(); + $sql = $sql['base'] . ' ' . $sql['table_sql'] . ' WHERE ' . + $sql['where_sql']; +@@ -55,17 +55,17 @@ switch ($_REQUEST['action']) { + $name = $search->name; + break; + case 'album': +- $album = new Album($_REQUEST['id']); ++ $album = new Album(scrub_in($_REQUEST['id'])); + $media_ids = $album->get_songs(); + $name = $album->name; + break; + case 'artist': +- $artist = new Artist($_REQUEST['id']); ++ $artist = new Artist(scrub_in($_REQUEST['id'])); + $media_ids = $artist->get_songs(); + $name = $artist->name; + break; + case 'browse': +- $id = scrub_in($_REQUEST['browse_id']); ++ $id = scrub_in(scrub_in($_REQUEST['browse_id'])); + $browse = new Browse($id); + $browse_media_ids = $browse->get_saved(); + $media_ids = array(); +--- ampache-3.6-rzb2779+dfsg.orig/lib/class/dba.class.php ++++ ampache-3.6-rzb2779+dfsg/lib/class/dba.class.php +@@ -125,9 +125,10 @@ class Dba { + * into the sql + */ + public static function escape($var) { +- $var = self::dbh()->quote($var); +- // This is slightly less ugly than it was, but still ugly +- return substr($var, 1, -1); ++ $filter_var = filter_var($var, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); ++ $string = mysql_real_escape_string($filter_var,self::dbh()); ++ ++ return $string; + } + + /** +--- ampache-3.6-rzb2779+dfsg.orig/lib/class/search.class.php ++++ ampache-3.6-rzb2779+dfsg/lib/class/search.class.php +@@ -443,12 +443,13 @@ class Search extends playlist_object { + * Sanitizes raw search data + */ + public static function clean_request($data) { ++ $request = array(); + foreach ($data as $key => $value) { + $prefix = substr($key, 0, 4); + $value = trim($value); + + if ($prefix == 'rule' && strlen($value)) { +- $request[$key] = Dba::escape($value); ++ $request[$key] = Dba::escape(filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES)); + } + } + +@@ -771,7 +772,8 @@ class Search extends playlist_object { + break; + } + } +- $input = $this->_mangle_data($rule[2], $type, $operator); ++ $raw_input = $this->_mangle_data($rule[2], $type, $operator); ++ $input = filter_var($raw_input, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); + $sql_match_operator = $operator['sql']; + + switch ($rule[0]) { +@@ -855,7 +857,8 @@ class Search extends playlist_object { + break; + } + } +- $input = $this->_mangle_data($rule[2], $type, $operator); ++ $raw_input = $this->_mangle_data($rule[2], $type, $operator); ++ $input = filter_var($raw_input, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); + $sql_match_operator = $operator['sql']; + + switch ($rule[0]) { +@@ -918,7 +921,8 @@ class Search extends playlist_object { + break; + } + } +- $input = $this->_mangle_data($rule[2], $type, $operator); ++ $raw_input = $this->_mangle_data($rule[2], $type, $operator); ++ $input = filter_var($raw_input, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); + $sql_match_operator = $operator['sql']; + + switch ($rule[0]) { +@@ -1063,7 +1067,8 @@ class Search extends playlist_object { + break; + } + } +- $input = $this->_mangle_data($rule[2], $type, $operator); ++ $raw_input = $this->_mangle_data($rule[2], $type, $operator); ++ $input = filter_var($raw_input, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); + $sql_match_operator = $operator['sql']; + + switch ($rule[0]) { +--- ampache-3.6-rzb2779+dfsg.orig/lib/general.lib.php ++++ ampache-3.6-rzb2779+dfsg/lib/general.lib.php +@@ -44,25 +44,22 @@ function set_memory_limit($new_limit) { + /** + * generate_password + * This generates a random password of the specified length ++ * or will use a random length between 14-20 ++ * ++ * @param integer $length (optional) ++ * @return string $password + */ +-function generate_password($length) { ++function generate_password($length = null) { + +- $vowels = 'aAeEuUyY12345'; +- $consonants = 'bBdDgGhHjJmMnNpPqQrRsStTvVwWxXzZ6789'; +- $password = ''; +- +- $alt = time() % 2; +- +- for ($i = 0; $i < $length; $i++) { +- if ($alt == 1) { +- $password .= $consonants[(rand(0,strlen($consonants)-1))]; +- $alt = 0; +- } +- else { +- $password .= $vowels[(rand(0,strlen($vowels)-1))]; +- $alt = 1; +- } ++ // set a random password length so it's not as easy to guess ++ if ($length === null) { ++ $length = rand(14,20); + } ++ $strong = true; ++ $string = openssl_random_pseudo_bytes(ceil($length * 0.67), $strong); ++ $encode = str_replace('=', '', base64_encode($string)); ++ $password = strtr($encode, '+/', '^*'); ++ + + return $password; + +@@ -71,6 +68,8 @@ function generate_password($length) { + /** + * scrub_in + * Run on inputs, stuff that might get stuck in our db ++ * @param string|array $input ++ * @return string|array + */ + function scrub_in($input) { + +--- ampache-3.6-rzb2779+dfsg.orig/lostpassword.php ++++ ampache-3.6-rzb2779+dfsg/lostpassword.php +@@ -35,12 +35,13 @@ switch ($action) { + $current_ip =(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) ? $_SERVER['HTTP_X_FORWARDED_FOR'] :$_SERVER['REMOTE_ADDR']; + $result = send_newpassword($email, $current_ip); + } ++ /* Do not acknowledge a password has been sent or failed + if ($result) { + AmpError::add('general', T_('Password has been sent')); + } else { + AmpError::add('general', T_('Password has not been sent')); + } +- ++ }*/ + require Config::get('prefix') . '/templates/show_login_form.inc.php'; + break; + default: +@@ -50,8 +51,16 @@ switch ($action) { + function send_newpassword($email,$current_ip){ + /* get the Client and set the new password */ + $client = User::get_from_email($email); ++ ++ if (!client) { ++ return false; ++ } ++ if ($client->has_access(100)) { ++ return false; ++ } ++ + if ($client->email == $email) { +- $newpassword = generate_password(6); ++ $newpassword = generate_password(); + $client->update_password($newpassword); + + $mailer = new Mailer(); +--- ampache-3.6-rzb2779+dfsg.orig/random.php ++++ ampache-3.6-rzb2779+dfsg/random.php +@@ -26,7 +26,7 @@ UI::show_header(); + + switch ($_REQUEST['action']) { + case 'get_advanced': +- $object_ids = Random::advanced($_REQUEST['type'], $_POST); ++ $object_ids = Random::advanced(scrub_in($_REQUEST['type']), $_POST); + + // We need to add them to the active playlist + foreach ($object_ids as $object_id) { +--- ampache-3.6-rzb2779+dfsg.orig/smartplaylist.php ++++ ampache-3.6-rzb2779+dfsg/smartplaylist.php +@@ -25,7 +25,7 @@ require_once 'lib/init.php'; + // We special-case this so we can send a 302 if the delete succeeded + if ($_REQUEST['action'] == 'delete_playlist') { + // Check rights +- $playlist = new Search('song', $_REQUEST['playlist_id']); ++ $playlist = new Search('song', scrub_in($_REQUEST['playlist_id'])); + if ($playlist->has_access()) { + $playlist->delete(); + // Go elsewhere +@@ -45,8 +45,8 @@ switch ($_REQUEST['action']) { + } + + foreach ($_REQUEST as $key => $value) { +- $prefix = substr($key, 0, 4); +- $value = trim($value); ++ $prefix = substr(scrub_in($key), 0, 4); ++ $value = trim(scrub_in($value)); + + if ($prefix == 'rule' && strlen($value)) { + $rules[$key] = Dba::escape($value); +@@ -76,12 +76,12 @@ switch ($_REQUEST['action']) { + UI::access_denied(); + break; + case 'show_playlist': +- $playlist = new Search('song', $_REQUEST['playlist_id']); ++ $playlist = new Search('song', scrub_in($_REQUEST['playlist_id'])); + $playlist->format(); + require_once Config::get('prefix') . '/templates/show_smartplaylist.inc.php'; + break; + case 'update_playlist': +- $playlist = new Search('song', $_REQUEST['playlist_id']); ++ $playlist = new Search('song', scrub_in($_REQUEST['playlist_id'])); + if ($playlist->has_access()) { + $playlist->parse_rules(Search::clean_request($_REQUEST)); + $playlist->update(); diff -Nru ampache-3.6-rzb2779+dfsg/debian/patches/04_rename_error_to_amperror.patch ampache-3.6-rzb2779+dfsg/debian/patches/04_rename_error_to_amperror.patch --- ampache-3.6-rzb2779+dfsg/debian/patches/04_rename_error_to_amperror.patch 1970-01-01 00:00:00.000000000 +0000 +++ ampache-3.6-rzb2779+dfsg/debian/patches/04_rename_error_to_amperror.patch 2016-07-19 09:18:59.000000000 +0000 @@ -0,0 +1,1384 @@ +Description: Backport 'Rename Error class to AmpError (fix php7 Error class name conflict)' +Author: Nishanth Aravamudan +Origin: upstream, https://github.com/ampache/ampache/commit/92fcb8467070733bc70e0e0dc6a6edd3bbb2a621 +Bug-Ubuntu: https://launchpad.net/bugs/1578201 + +--- a/admin/access.php ++++ b/admin/access.php +@@ -67,7 +67,7 @@ + Access::create($_POST); + } + +- if (!Error::occurred()) { ++ if (!AmpError::occurred()) { + $url = Config::get('web_path') . '/admin/access.php'; + show_confirmation(T_('Added'), T_('Your new Access Control List(s) have been created'),$url); + } +@@ -83,7 +83,7 @@ + } + $access = new Access($_REQUEST['access_id']); + $access->update($_POST); +- if (!Error::occurred()) { ++ if (!AmpError::occurred()) { + show_confirmation(T_('Updated'), T_('Access List Entry updated'), Config::get('web_path').'/admin/access.php'); + } + else { +--- a/admin/catalog.php ++++ b/admin/catalog.php +@@ -200,14 +200,14 @@ + ob_end_flush(); + + if (!strlen($_POST['path']) || !strlen($_POST['name'])) { +- Error::add('general', T_('Error: Name and path not specified')); ++ AmpError::add('general', T_('Error: Name and path not specified')); + } + + if (substr($_POST['path'],0,7) != 'http://' && $_POST['type'] == 'remote') { +- Error::add('general', T_('Error: Remote selected, but path is not a URL')); ++ AmpError::add('general', T_('Error: Remote selected, but path is not a URL')); + } + if ($POST['type'] == 'remote' AND (!strlen($POST['remote_username']) OR !strlen($POST['remote_password']))) { +- Error::add('general', T_('Error: Username and Password Required for Remote Catalogs')); ++ AmpError::add('general', T_('Error: Username and Password Required for Remote Catalogs')); + } + + if (!Core::form_verify('add_catalog','post')) { +@@ -217,11 +217,11 @@ + + // Make sure that there isn't a catalog with a directory above this one + if (Catalog::get_from_path($_POST['path'])) { +- Error::add('general', T_('Error: Defined Path is inside an existing catalog')); ++ AmpError::add('general', T_('Error: Defined Path is inside an existing catalog')); + } + + // If an error hasn't occured +- if (!Error::occurred()) { ++ if (!AmpError::occurred()) { + + $catalog_id = Catalog::create($_POST); + +@@ -237,8 +237,8 @@ + + UI::show_box_top(T_('Catalog Created'), 'box box_catalog_created'); + echo "

" . T_('Catalog Created') . "

"; +- Error::display('general'); +- Error::display('catalog_add'); ++ AmpError::display('general'); ++ AmpError::display('catalog_add'); + UI::show_box_bottom(); + + show_confirmation('','', Config::get('web_path').'/admin/catalog.php'); +--- a/admin/modules.php ++++ b/admin/modules.php +@@ -35,8 +35,8 @@ + case 'install_localplay': + $localplay = new Localplay($_REQUEST['type']); + if (!$localplay->player_loaded()) { +- Error::add('general', T_('Install Failed, Controller Error')); +- Error::display('general'); ++ AmpError::add('general', T_('Install Failed, Controller Error')); ++ AmpError::display('general'); + break; + } + // Install it! +--- a/admin/users.php ++++ b/admin/users.php +@@ -53,14 +53,14 @@ + + /* Verify Input */ + if (empty($username)) { +- Error::add('username', T_("Error Username Required")); ++ AmpError::add('username', T_("Error Username Required")); + } + if ($pass1 !== $pass2 && !empty($pass1)) { +- Error::add('password', T_("Error Passwords don't match")); ++ AmpError::add('password', T_("Error Passwords don't match")); + } + + /* If we've got an error then break! */ +- if (Error::occurred()) { ++ if (AmpError::occurred()) { + $_REQUEST['action'] = 'show_edit'; + break; + } // if we've had an oops! +@@ -99,23 +99,23 @@ + $pass2 = $_POST['password_2']; + + if ($pass1 !== $pass2 || !strlen($pass1)) { +- Error::add('password', T_("Error Passwords don't match")); ++ AmpError::add('password', T_("Error Passwords don't match")); + } + + if (empty($username)) { +- Error::add('username', T_('Error Username Required')); ++ AmpError::add('username', T_('Error Username Required')); + } + + /* make sure the username doesn't already exist */ + if (!User::check_username($username)) { +- Error::add('username', T_('Error Username already exists')); ++ AmpError::add('username', T_('Error Username already exists')); + } + +- if (!Error::occurred()) { ++ if (!AmpError::occurred()) { + /* Attempt to create the user */ + $user_id = User::create($username, $fullname, $email, $pass1, $access); + if (!$user_id) { +- Error::add('general', T_("Error: Insert Failed")); ++ AmpError::add('general', T_("Error: Insert Failed")); + } + + } // if no errors +--- a/bin/install/install_db.inc ++++ b/bin/install/install_db.inc +@@ -87,7 +87,7 @@ + // Install the database + if (!install_insert_db($new_db_user, $new_db_pass, $force)) { + echo T_('Database creation failed'), "\n"; +- echo Error::get('general'), "\n\n"; ++ echo AmpError::get('general'), "\n\n"; + exit(1); + } + +@@ -99,7 +99,7 @@ + // Write the config file + if (!install_create_config()) { + echo T_('Config file creation failed'), "\n"; +- echo Error::get('general') . "\n\n"; ++ echo AmpError::get('general') . "\n\n"; + exit(1); + } + +--- a/install.php ++++ b/install.php +@@ -91,7 +91,7 @@ + $new_pass = $_POST['db_password']; + } + if (!strlen($new_user) || !strlen($new_pass)) { +- Error::add('general', T_('Error: Ampache SQL Username or Password missing')); ++ AmpError::add('general', T_('Error: Ampache SQL Username or Password missing')); + require_once 'templates/show_install.inc.php'; + break; + } +@@ -132,7 +132,7 @@ + + /* Make sure we've got a valid config file */ + if (!check_config_values($results)) { +- Error::add('general', T_('Error: Config file not found or unreadable')); ++ AmpError::add('general', T_('Error: Config file not found or unreadable')); + require_once Config::get('prefix') . '/templates/show_install_config.inc.php'; + break; + } +--- a/lib/class/access.class.php ++++ b/lib/class/access.class.php +@@ -98,16 +98,16 @@ + $endn = @inet_pton($endp); + + if (!$startn && $startp != '0.0.0.0' && $startp != '::') { +- Error::add('start', T_('Invalid IPv4 / IPv6 Address Entered')); ++ AmpError::add('start', T_('Invalid IPv4 / IPv6 Address Entered')); + return false; + } + if (!$endn) { +- Error::add('end', T_('Invalid IPv4 / IPv6 Address Entered')); ++ AmpError::add('end', T_('Invalid IPv4 / IPv6 Address Entered')); + } + + if (strlen(bin2hex($startn)) != strlen(bin2hex($endn))) { +- Error::add('start', T_('IP Address Version Mismatch')); +- Error::add('end', T_('IP Address Version Mismatch')); ++ AmpError::add('start', T_('IP Address Version Mismatch')); ++ AmpError::add('end', T_('IP Address Version Mismatch')); + return false; + } + +@@ -155,7 +155,7 @@ + // Check existing ACLs to make sure we're not duplicating values here + if (self::exists($data)) { + debug_event('ACL Create', 'Error: An ACL equal to the created one already exists. Not adding another one: ' . $data['start'] . ' - ' . $data['end'], 1); +- Error::add('general', T_('Duplicate ACL defined')); ++ AmpError::add('general', T_('Duplicate ACL defined')); + return false; + } + +--- /dev/null ++++ b/lib/class/amperror.class.php +@@ -0,0 +1,139 @@ ++$error) { ++ $_SESSION['errors'][$key] = $error; ++ } ++ ++ } // __destruct ++ ++ /** ++ * add ++ * This is a public static function it adds a new error message to the array ++ * It can optionally clobber rather then adding to the error message ++ */ ++ public static function add($name,$message,$clobber=0) { ++ ++ // Make sure its set first ++ if (!isset(AmpError::$errors[$name])) { ++ AmpError::$errors[$name] = $message; ++ AmpError::$state = 1; ++ $_SESSION['errors'][$name] = $message; ++ } ++ // They want us to clobber it ++ elseif ($clobber) { ++ AmpError::$state = 1; ++ AmpError::$errors[$name] = $message; ++ $_SESSION['errors'][$name] = $message; ++ } ++ // They want us to append the error, add a BR\n and then the message ++ else { ++ AmpError::$state = 1; ++ AmpError::$errors[$name] .= "
\n" . $message; ++ $_SESSION['errors'][$name] .= "
\n" . $message; ++ } ++ ++ } // add ++ ++ /** ++ * occurred ++ * This returns true / false if an error has occured anywhere ++ */ ++ public static function occurred() { ++ ++ if (self::$state == '1') { return true; } ++ ++ return false; ++ ++ } // occurred ++ ++ /** ++ * get ++ * This returns an error by name ++ */ ++ public static function get($name) { ++ ++ if (!isset(AmpError::$errors[$name])) { return ''; } ++ ++ return AmpError::$errors[$name]; ++ ++ } // get ++ ++ /** ++ * display ++ * This prints the error out with a standard Error class span ++ * Ben Goska: Renamed from print to display, print is reserved ++ */ ++ public static function display($name) { ++ ++ // Be smart about this, if no error don't print ++ if (!isset(AmpError::$errors[$name])) { return ''; } ++ ++ echo '' . AmpError::$errors[$name] . ''; ++ ++ } // display ++ ++ /** ++ * auto_init ++ * This loads the errors from the session back into Ampache ++ */ ++ public static function auto_init() { ++ ++ if (!is_array($_SESSION['errors'])) { return false; } ++ ++ // Re-insert them ++ foreach ($_SESSION['errors'] as $key=>$error) { ++ self::add($key,$error); ++ } ++ ++ } // auto_init ++ ++} // Error +--- a/lib/class/api.class.php ++++ b/lib/class/api.class.php +@@ -122,7 +122,7 @@ + + if (intval($version) < self::$version) { + debug_event('API', 'Login Failed: version too old', 1); +- Error::add('api', T_('Login Failed: version too old')); ++ AmpError::add('api', T_('Login Failed: version too old')); + return false; + } + +@@ -130,7 +130,7 @@ + if (($timestamp < (time() - 1800)) || + ($timestamp > (time() + 1800))) { + debug_event('API', 'Login Failed: timestamp out of range', 1); +- Error::add('api', T_('Login Failed: timestamp out of range')); ++ AmpError::add('api', T_('Login Failed: timestamp out of range')); + return false; + } + +@@ -158,7 +158,7 @@ + + if (!$row['password']) { + debug_event('API', 'Unable to find user with userid of ' . $user_id, 1); +- Error::add('api', T_('Invalid Username/Password')); ++ AmpError::add('api', T_('Invalid Username/Password')); + return false; + } + +--- a/lib/class/art.class.php ++++ b/lib/class/art.class.php +@@ -989,7 +989,7 @@ + $handle = opendir($dir); + + if (!$handle) { +- Error::add('general', T_('Error: Unable to open') . ' ' . $dir); ++ AmpError::add('general', T_('Error: Unable to open') . ' ' . $dir); + debug_event('folder_art', "Error: Unable to open $dir for album art read", 2); + continue; + } +--- a/lib/class/catalog.class.php ++++ b/lib/class/catalog.class.php +@@ -218,7 +218,7 @@ + if ($data['type'] == 'local') { + if (!Core::is_readable($path)) { + debug_event('catalog', 'Cannot add catalog at unopenable path ' . $path, 1); +- Error::add('general', sprintf(T_('Error: %s is not readable or does not exist'), scrub_out($data['path']))); ++ AmpError::add('general', sprintf(T_('Error: %s is not readable or does not exist'), scrub_out($data['path']))); + return false; + } + } +@@ -229,7 +229,7 @@ + + if (Dba::num_rows($db_results)) { + debug_event('catalog', 'Cannot add catalog with duplicate path ' . $path, 1); +- Error::add('general', sprintf(T_('Error: Catalog with %s already exists'), $path)); ++ AmpError::add('general', sprintf(T_('Error: Catalog with %s already exists'), $path)); + return false; + } + +@@ -256,7 +256,7 @@ + $insert_id = Dba::insert_id(); + + if (!$insert_id) { +- Error::add('general', T_('Catalog Insert Failed check debug logs')); ++ AmpError::add('general', T_('Catalog Insert Failed check debug logs')); + debug_event('catalog', 'Insert failed: ' . json_encode($data), 2); + return false; + } +@@ -406,14 +406,14 @@ + + if (!is_resource($handle)) { + debug_event('read', "Unable to open $path", 5); +- Error::add('catalog_add', sprintf(T_('Error: Unable to open %s'), $path)); ++ AmpError::add('catalog_add', sprintf(T_('Error: Unable to open %s'), $path)); + return false; + } + + /* Change the dir so is_dir works correctly */ + if (!chdir($path)) { + debug_event('read', "Unable to chdir to $path", 2); +- Error::add('catalog_add', sprintf(T_('Error: Unable to change to directory %s'), $path)); ++ AmpError::add('catalog_add', sprintf(T_('Error: Unable to change to directory %s'), $path)); + return false; + } + +@@ -459,7 +459,7 @@ + /* Change the dir so is_dir works correctly */ + if (!chdir($path)) { + debug_event('read', "Unable to chdir to $path", 2); +- Error::add('catalog_add', sprintf(T_('Error: Unable to change to directory %s'), $path)); ++ AmpError::add('catalog_add', sprintf(T_('Error: Unable to change to directory %s'), $path)); + } + + /* Skip to the next file */ +@@ -495,14 +495,14 @@ + if (!$file_size) { + debug_event('read', "Unable to get filesize for $full_file", 2); + /* HINT: FullFile */ +- Error::add('catalog_add', sprintf(T_('Error: Unable to get filesize for %s'), $full_file)); ++ AmpError::add('catalog_add', sprintf(T_('Error: Unable to get filesize for %s'), $full_file)); + } // file_size check + + if (!Core::is_readable($full_file)) { + // not readable, warn user + debug_event('read', "$full_file is not readable by ampache", 2); + /* HINT: FullFile */ +- Error::add('catalog_add', sprintf(T_('%s is not readable by ampache'), $full_file)); ++ AmpError::add('catalog_add', sprintf(T_('%s is not readable by ampache'), $full_file)); + continue; + } + +@@ -511,7 +511,7 @@ + if (strcmp($full_file,iconv(Config::get('site_charset'),Config::get('site_charset'),$full_file)) != '0') { + debug_event('read',$full_file . ' has non-' . Config::get('site_charset') . ' characters and can not be indexed, converted filename:' . iconv(Config::get('site_charset'),Config::get('site_charset'),$full_file),'1'); + /* HINT: FullFile */ +- Error::add('catalog_add', sprintf(T_('%s does not match site charset'), $full_file)); ++ AmpError::add('catalog_add', sprintf(T_('%s does not match site charset'), $full_file)); + continue; + } + } // end if iconv +@@ -1065,16 +1065,16 @@ + 'debug_callback' => 'debug_event' + )); + } catch (Exception $e) { +- Error::add('general', $e->getMessage()); +- Error::display('general'); ++ AmpError::add('general', $e->getMessage()); ++ AmpError::display('general'); + flush(); + return false; + } + + if ($remote_handle->state() != 'CONNECTED') { + debug_event('catalog', 'API client failed to connect', 1); +- Error::add('general', T_('Error connecting to remote server')); +- Error::display('general'); ++ AmpError::add('general', T_('Error connecting to remote server')); ++ AmpError::display('general'); + return false; + } + +@@ -1112,8 +1112,8 @@ + $songs = $remote_handle->send_command('songs', array('offset' => $start, 'limit' => $step)); + } + catch (Exception $e) { +- Error::add('general',$e->getMessage()); +- Error::display('general'); ++ AmpError::add('general',$e->getMessage()); ++ AmpError::display('general'); + flush(); + } + +@@ -1127,8 +1127,8 @@ + $data['song']['file'] = preg_replace('/ssid=.*?&/', '', $data['song']['url']); + if (!Song::insert($data['song'])) { + debug_event('remote_catalog', 'Insert failed for ' . $data['song']['self']['id'], 1); +- Error::add('general', T_('Unable to Insert Song - %s'), $data['song']['title']); +- Error::display('general'); ++ AmpError::add('general', T_('Unable to Insert Song - %s'), $data['song']['title']); ++ AmpError::display('general'); + flush(); + } + } +@@ -1193,8 +1193,8 @@ + // First sanity check; no point in proceeding with an unreadable + // catalog root. + debug_event('catalog', 'Catalog path:' . $this->path . ' unreadable, clean failed', 1); +- Error::add('general', T_('Catalog Root unreadable, stopping clean')); +- Error::display('general'); ++ AmpError::add('general', T_('Catalog Root unreadable, stopping clean')); ++ AmpError::display('general'); + return 0; + } + +@@ -1216,7 +1216,7 @@ + // Never remove everything; it might be a dead mount + if ($dead_count >= $total) { + debug_event('catalog', 'All files would be removed. Doing nothing.', 1); +- Error::add('general', T_('All files would be removed. Doing nothing')); ++ AmpError::add('general', T_('All files would be removed. Doing nothing')); + continue; + } + if ($dead_count) { +@@ -1295,7 +1295,7 @@ + $file_info = filesize($results['file']); + if (!file_exists($results['file']) || $file_info < 1) { + debug_event('clean', 'File not found or empty: ' . $results['file'], 5); +- Error::add('general', sprintf(T_('Error File Not Found or 0 Bytes: %s'), $results['file'])); ++ AmpError::add('general', sprintf(T_('Error File Not Found or 0 Bytes: %s'), $results['file'])); + + + // Store it in an array we'll delete it later... +@@ -1388,7 +1388,7 @@ + } + + if (!Core::is_readable($row['file'])) { +- Error::add('general', sprintf(T_('%s does not exist or is not readable'), $row['file'])); ++ AmpError::add('general', sprintf(T_('%s does not exist or is not readable'), $row['file'])); + debug_event('read', $row['file'] . ' does not exist or is not readable', 5); + continue; + } +--- a/lib/class/config.class.php ++++ b/lib/class/config.class.php +@@ -72,7 +72,7 @@ + public static function set($name, $value, $clobber = false) { + if (isset(self::$_global[$name]) && !$clobber) { + debug_event('Config', "Tried to overwrite existing key $name without setting clobber", 5); +- Error::add('Config Global', sprintf(T_('Trying to clobber \'%s\' without setting clobber'), $name)); ++ AmpError::add('Config Global', sprintf(T_('Trying to clobber \'%s\' without setting clobber'), $name)); + return false; + } + +--- a/lib/class/query.class.php ++++ b/lib/class/query.class.php +@@ -75,7 +75,7 @@ + return true; + } + +- Error::add('browse', T_('Browse not found or expired, try reloading the page')); ++ AmpError::add('browse', T_('Browse not found or expired, try reloading the page')); + return false; + } + +--- a/lib/class/radio.class.php ++++ b/lib/class/radio.class.php +@@ -82,11 +82,11 @@ + + // Verify the incoming data + if (!$data['id']) { +- Error::add('general', T_('Missing ID')); ++ AmpError::add('general', T_('Missing ID')); + } + + if (!$data['name']) { +- Error::add('general', T_('Name Required')); ++ AmpError::add('general', T_('Name Required')); + } + + $allowed_array = array('https','http','mms','mmsh','mmsu','mmst','rtsp'); +@@ -94,10 +94,10 @@ + $elements = explode(":",$data['url']); + + if (!in_array($elements['0'],$allowed_array)) { +- Error::add('general', T_('Invalid URL must be mms:// , https:// or http://')); ++ AmpError::add('general', T_('Invalid URL must be mms:// , https:// or http://')); + } + +- if (Error::occurred()) { ++ if (AmpError::occurred()) { + return false; + } + +@@ -126,7 +126,7 @@ + + // Make sure we've got a name + if (!strlen($data['name'])) { +- Error::add('name', T_('Name Required')); ++ AmpError::add('name', T_('Name Required')); + } + + $allowed_array = array('https','http','mms','mmsh','mmsu','mmst','rtsp'); +@@ -134,16 +134,16 @@ + $elements = explode(":",$data['url']); + + if (!in_array($elements['0'],$allowed_array)) { +- Error::add('url', T_('Invalid URL must be http:// or https://')); ++ AmpError::add('url', T_('Invalid URL must be http:// or https://')); + } + + // Make sure it's a real catalog + $catalog = new Catalog($data['catalog']); + if (!$catalog->name) { +- Error::add('catalog', T_('Invalid Catalog')); ++ AmpError::add('catalog', T_('Invalid Catalog')); + } + +- if (Error::occurred()) { return false; } ++ if (AmpError::occurred()) { return false; } + + // Clean up the input + $name = Dba::escape($data['name']); +--- a/lib/class/update.class.php ++++ b/lib/class/update.class.php +@@ -385,7 +385,7 @@ + self::set_version('db_version', $version['version']); + } + else { +- Error::display('update'); ++ AmpError::display('update'); + return false; + } + } +--- a/lib/class/user.class.php ++++ b/lib/class/user.class.php +@@ -419,14 +419,14 @@ + */ + public function update($data) { + if (empty($data['username'])) { +- Error::add('username', T_('Error Username Required')); ++ AmpError::add('username', T_('Error Username Required')); + } + + if ($data['password1'] != $data['password2'] AND !empty($data['password1'])) { +- Error::add('password', T_("Error Passwords don't match")); ++ AmpError::add('password', T_("Error Passwords don't match")); + } + +- if (Error::occurred()) { ++ if (AmpError::occurred()) { + return false; + } + +--- a/lib/install.lib.php ++++ b/lib/install.lib.php +@@ -69,7 +69,7 @@ + if (!file_exists($configfile)) { + return true; + } else { +- Error::add('general', T_('Config file already exists, install is probably completed')); ++ AmpError::add('general', T_('Config file already exists, install is probably completed')); + } + + /* +@@ -80,7 +80,7 @@ + Config::set_by_array($results, true); + + if (!Dba::check_database()) { +- Error::add('general', T_('Unable to connect to database, check your ampache config')); ++ AmpError::add('general', T_('Unable to connect to database, check your ampache config')); + return false; + } + +@@ -88,7 +88,7 @@ + $db_results = Dba::read($sql); + + if (!$db_results) { +- Error::add('general', T_('Unable to query database, check your ampache config')); ++ AmpError::add('general', T_('Unable to query database, check your ampache config')); + return false; + } + +@@ -96,7 +96,7 @@ + return true; + } + else { +- Error::add('general', T_('Existing Database detected, unable to continue installation')); ++ AmpError::add('general', T_('Existing Database detected, unable to continue installation')); + return false; + } + +@@ -116,12 +116,12 @@ + $is_valid = preg_match('/([^\d\w\_\-])/', $database, $matches); + + if (count($matches)) { +- Error::add('general', T_('Error: Invalid database name.')); ++ AmpError::add('general', T_('Error: Invalid database name.')); + return false; + } + + if (!Dba::check_database()) { +- Error::add('general', sprintf(T_('Error: Unable to make database connection: %s'), Dba::error())); ++ AmpError::add('general', sprintf(T_('Error: Unable to make database connection: %s'), Dba::error())); + return false; + } + +@@ -136,14 +136,14 @@ + Dba::write('DROP DATABASE `' . $database . '`'); + } + else { +- Error::add('general', T_('Error: Database already exists and overwrite not checked')); ++ AmpError::add('general', T_('Error: Database already exists and overwrite not checked')); + return false; + } + } + + if ($create_db) { + if (!Dba::write('CREATE DATABASE `' . $database . '`')) { +- Error::add('general', sprintf(T_('Error: Unable to create database: %s'), Dba::error())); ++ AmpError::add('general', sprintf(T_('Error: Unable to create database: %s'), Dba::error())); + return false; + } + } +@@ -160,7 +160,7 @@ + } + $sql .= "IDENTIFIED BY '" . Dba::escape($db_pass) . "' WITH GRANT OPTION"; + if (!Dba::write($sql)) { +- Error::add('general', sprintf(T_('Error: Unable to create user %1$s with permissions to %2$s on %3$s: %4$s'), $db_user, $database, $db_host, Dba::error())); ++ AmpError::add('general', sprintf(T_('Error: Unable to create user %1$s with permissions to %2$s on %3$s: %4$s'), $db_user, $database, $db_host, Dba::error())); + return false; + } + } // end if we are creating a user +@@ -207,7 +207,7 @@ + + // Connect to the DB + if(!Dba::check_database()) { +- Error::add('general', T_("Database Connection Failed Check Hostname, Username and Password")); ++ AmpError::add('general', T_("Database Connection Failed Check Hostname, Username and Password")); + return false; + } + +@@ -216,13 +216,13 @@ + // Make sure the directory is writable OR the empty config file is + if (!$download) { + if (!check_config_writable()) { +- Error::add('general', T_('Config file is not writable')); ++ AmpError::add('general', T_('Config file is not writable')); + return false; + } + else { + // Given that $final is > 0, we can ignore lazy comparison problems + if (!file_put_contents($config_file, $final)) { +- Error::add('general', T_('Error writing config file')); ++ AmpError::add('general', T_('Error writing config file')); + return false; + } + } +@@ -244,22 +244,22 @@ + function install_create_account($username, $password, $password2) { + + if (!strlen($username) OR !strlen($password)) { +- Error::add('general', T_('No Username/Password specified')); ++ AmpError::add('general', T_('No Username/Password specified')); + return false; + } + + if ($password !== $password2) { +- Error::add('general', T_('Passwords do not match')); ++ AmpError::add('general', T_('Passwords do not match')); + return false; + } + + if (!Dba::check_database()) { +- Error::add('general', sprintf(T_('Database connection failed: %s'), Dba::error())); ++ AmpError::add('general', sprintf(T_('Database connection failed: %s'), Dba::error())); + return false; + } + + if (!Dba::check_database_inserted()) { +- Error::add('general', sprintf(T_('Database select failed: %s'), Dba::error())); ++ AmpError::add('general', sprintf(T_('Database select failed: %s'), Dba::error())); + return false; + } + +@@ -269,7 +269,7 @@ + $insert_id = User::create($username,'Administrator','',$password,'100'); + + if (!$insert_id) { +- Error::add('general', sprintf(T_('Administrative user creation failed: %s'), Dba::error())); ++ AmpError::add('general', sprintf(T_('Administrative user creation failed: %s'), Dba::error())); + return false; + } + +--- a/login.php ++++ b/login.php +@@ -84,14 +84,14 @@ + } + else { + debug_event('Login', scrub_out($username) . ' attempted to login and failed', '1'); +- Error::add('general', T_('Error Username or Password incorrect, please try again')); ++ AmpError::add('general', T_('Error Username or Password incorrect, please try again')); + } + + $user = User::get_from_username($username); + + if ($user->disabled) { + $auth['success'] = false; +- Error::add('general', T_('User Disabled please contact Admin')); ++ AmpError::add('general', T_('User Disabled please contact Admin')); + debug_event('Login', scrub_out($username) . ' is disabled and attempted to login', '1'); + } // if user disabled + elseif (Config::get('prevent_multiple_logins')) { +@@ -99,7 +99,7 @@ + $current_ip = inet_pton($_SERVER['REMOTE_ADDR']); + if ($current_ip && ($current_ip != $session_ip)) { + $auth['success'] = false; +- Error::add('general', T_('User Already Logged in')); ++ AmpError::add('general', T_('User Already Logged in')); + debug_event('Login', scrub_out($username) . ' is already logged in from ' . $session_ip . ' and attempted to login from ' . $current_ip, '1'); + } // if logged in multiple times + } // if prevent multiple logins +@@ -120,7 +120,7 @@ + } + else { + $auth['success'] = false; +- Error::add('general', T_('Unable to create local account')); ++ AmpError::add('general', T_('Unable to create local account')); + } + } // End if auto_create + +--- a/lostpassword.php ++++ b/lostpassword.php +@@ -36,9 +36,9 @@ + $result = send_newpassword($email, $current_ip); + } + if ($result) { +- Error::add('general', T_('Password has been sent')); ++ AmpError::add('general', T_('Password has been sent')); + } else { +- Error::add('general', T_('Password has not been sent')); ++ AmpError::add('general', T_('Password has not been sent')); + } + + require Config::get('prefix') . '/templates/show_login_form.inc.php'; +--- a/preferences.php ++++ b/preferences.php +@@ -110,7 +110,7 @@ + $_POST['username'] = $GLOBALS['user']->username; + + if (!$GLOBALS['user']->update($_POST)) { +- Error::add('general', T_('Error Update Failed')); ++ AmpError::add('general', T_('Error Update Failed')); + } + else { + $_REQUEST['action'] = 'confirm'; +--- a/register.php ++++ b/register.php +@@ -64,51 +64,51 @@ + if (Config::get('captcha_public_reg')) { + $captcha = captcha::solved(); + if(!isset ($captcha)) { +- Error::add('captcha', T_('Error Captcha Required')); ++ AmpError::add('captcha', T_('Error Captcha Required')); + } + if (isset ($captcha)) { + if ($captcha) { + $msg="SUCCESS"; + } + else { +- Error::add('captcha', T_('Error Captcha Failed')); ++ AmpError::add('captcha', T_('Error Captcha Failed')); + } + } // end if we've got captcha + } // end if it's enabled + + if (Config::get('user_agreement')) { + if (!$_POST['accept_agreement']) { +- Error::add('user_agreement', T_("You must accept the user agreement")); ++ AmpError::add('user_agreement', T_("You must accept the user agreement")); + } + } // if they have to agree to something + + if (!$_POST['username']) { +- Error::add('username', T_("You did not enter a username")); ++ AmpError::add('username', T_("You did not enter a username")); + } + + if(!$fullname) { +- Error::add('fullname', T_("Please fill in your full name (Firstname Lastname)")); ++ AmpError::add('fullname', T_("Please fill in your full name (Firstname Lastname)")); + } + + // Check the mail for correct address formation. + if (!Mailer::validate_address($email)) { +- Error::add('email', T_('Invalid email address') ++ AmpError::add('email', T_('Invalid email address') + } + + if (!$pass1) { +- Error::add('password', T_("You must enter a password")); ++ AmpError::add('password', T_("You must enter a password")); + } + + if ( $pass1 != $pass2 ) { +- Error::add('password', T_("Your passwords do not match")); ++ AmpError::add('password', T_("Your passwords do not match")); + } + + if (!User::check_username($username)) { +- Error::add('duplicate_user', T_("Error Username already exists")); ++ AmpError::add('duplicate_user', T_("Error Username already exists")); + } + + // If we've hit an error anywhere up there break! +- if (Error::occurred()) { ++ if (AmpError::occurred()) { + require_once Config::get('prefix') . '/templates/show_user_registration.inc.php'; + break; + } +@@ -133,7 +133,7 @@ + $access, Config::get('admin_enable_required')); + + if (!$new_user) { +- Error::add('duplicate_user', T_("Error: Insert Failed")); ++ AmpError::add('duplicate_user', T_("Error: Insert Failed")); + require_once Config::get('prefix') . '/templates/show_user_registration.inc.php'; + break; + } +--- a/shout.php ++++ b/shout.php +@@ -46,8 +46,8 @@ + $object = Shoutbox::get_object($_REQUEST['type'],$_REQUEST['id']); + + if (!$object->id) { +- Error::add('general', T_('Invalid Object Selected')); +- Error::display('general'); ++ AmpError::add('general', T_('Invalid Object Selected')); ++ AmpError::display('general'); + break; + } + +--- a/templates/error_page.inc.php ++++ b/templates/error_page.inc.php +@@ -48,7 +48,7 @@ + +

+ :
+- ++ + + + +--- a/templates/show_account.inc.php ++++ b/templates/show_account.inc.php +@@ -22,7 +22,7 @@ + + // Because this is a reset of the persons password make the form a little more secure + ?> +- ++ +
+ + +@@ -40,7 +40,7 @@ + + + + +--- a/templates/show_add_access.inc.php ++++ b/templates/show_add_access.inc.php +@@ -20,7 +20,7 @@ + */ + ?> + +- ++ + +
: +- ++ + +
+ +@@ -78,7 +78,7 @@ + + +
: +- ++ +

+- ++ + + + +--- a/templates/show_add_live_stream.inc.php ++++ b/templates/show_add_live_stream.inc.php +@@ -27,21 +27,21 @@ + + + + + + + + + + + + +--- a/templates/show_add_user.inc.php ++++ b/templates/show_add_user.inc.php +@@ -21,7 +21,7 @@ + */ + ?> + +- ++ + "> +
+ +- ++ +
+ +- ++ +
+ +- ++ +
+ +@@ -30,7 +30,7 @@ + + + + +@@ -53,7 +53,7 @@ + + + + +--- a/templates/show_edit_access.inc.php ++++ b/templates/show_edit_access.inc.php +@@ -48,12 +48,12 @@ + + + + + + +--- a/templates/show_edit_user.inc.php ++++ b/templates/show_edit_user.inc.php +@@ -21,7 +21,7 @@ + */ + ?> + +- ++ + "> +
+ +- ++ +
+ +- ++ +
: +- ++ + + : +- ++ + +
+ +@@ -33,7 +33,7 @@ + + + + +@@ -56,7 +56,7 @@ + + + + +--- a/templates/show_install.inc.php ++++ b/templates/show_install.inc.php +@@ -30,7 +30,7 @@ +
+
+
+- ++ +
+ + " enctype="multipart/form-data" > +--- a/templates/show_install_account.inc.php ++++ b/templates/show_install_account.inc.php +@@ -29,7 +29,7 @@ +
+
+
+- ++ +
+ + " enctype="multipart/form-data" > +--- a/templates/show_install_config.inc.php ++++ b/templates/show_install_config.inc.php +@@ -32,11 +32,11 @@ +
+ +
+- ++ +
+ + +- ++ + " enctype="multipart/form-data" > +
+ +- ++ +
+ +- ++ +
+ +--- a/templates/show_install_lang.inc.php ++++ b/templates/show_install_lang.inc.php +@@ -27,7 +27,7 @@ +
+ +

+- ++ +

+ " enctype="multipart/form-data" > + +--- a/templates/show_login_form.inc.php ++++ b/templates/show_login_form.inc.php +@@ -69,7 +69,7 @@ +
+ + +- ++ + +
+ +--- a/templates/show_user_registration.inc.php ++++ b/templates/show_user_registration.inc.php +@@ -61,7 +61,7 @@ + +
+ +- ++ +
+
+ +@@ -69,25 +69,25 @@ +
+ + +- +- ++ ++ +
+
+ + +- ++ +
+ +
+ + +- ++ +
+ +
+ + +- ++ +
+ +
+@@ -101,7 +101,7 @@ + + + +- ++ + + +
+--- a/update.php ++++ b/update.php +@@ -58,7 +58,7 @@ +
+ 3.3.3.5. According to your database your current version is: %s.'), Update::format_version($version)); ?> +

+-
++
+
+
+ +--- a/lib/class/error.class.php ++++ /dev/null +@@ -1,139 +0,0 @@ +-$error) { +- $_SESSION['errors'][$key] = $error; +- } +- +- } // __destruct +- +- /** +- * add +- * This is a public static function it adds a new error message to the array +- * It can optionally clobber rather then adding to the error message +- */ +- public static function add($name,$message,$clobber=0) { +- +- // Make sure its set first +- if (!isset(Error::$errors[$name])) { +- Error::$errors[$name] = $message; +- Error::$state = 1; +- $_SESSION['errors'][$name] = $message; +- } +- // They want us to clobber it +- elseif ($clobber) { +- Error::$state = 1; +- Error::$errors[$name] = $message; +- $_SESSION['errors'][$name] = $message; +- } +- // They want us to append the error, add a BR\n and then the message +- else { +- Error::$state = 1; +- Error::$errors[$name] .= "
\n" . $message; +- $_SESSION['errors'][$name] .= "
\n" . $message; +- } +- +- } // add +- +- /** +- * occurred +- * This returns true / false if an error has occured anywhere +- */ +- public static function occurred() { +- +- if (self::$state == '1') { return true; } +- +- return false; +- +- } // occurred +- +- /** +- * get +- * This returns an error by name +- */ +- public static function get($name) { +- +- if (!isset(Error::$errors[$name])) { return ''; } +- +- return Error::$errors[$name]; +- +- } // get +- +- /** +- * display +- * This prints the error out with a standard Error class span +- * Ben Goska: Renamed from print to display, print is reserved +- */ +- public static function display($name) { +- +- // Be smart about this, if no error don't print +- if (!isset(Error::$errors[$name])) { return ''; } +- +- echo '' . Error::$errors[$name] . ''; +- +- } // display +- +- /** +- * auto_init +- * This loads the errors from the session back into Ampache +- */ +- public static function auto_init() { +- +- if (!is_array($_SESSION['errors'])) { return false; } +- +- // Re-insert them +- foreach ($_SESSION['errors'] as $key=>$error) { +- self::add($key,$error); +- } +- +- } // auto_init +- +-} // Error diff -Nru ampache-3.6-rzb2779+dfsg/debian/patches/series ampache-3.6-rzb2779+dfsg/debian/patches/series --- ampache-3.6-rzb2779+dfsg/debian/patches/series 2013-08-27 17:00:00.000000000 +0000 +++ ampache-3.6-rzb2779+dfsg/debian/patches/series 2021-01-14 13:26:36.000000000 +0000 @@ -1,2 +1,4 @@ 03_apache2.4.patch 02_nonfree_font.patch +04_rename_error_to_amperror.patch +04_CVE-2019-12385_CVE-2019-12386.patch