[xiph-commits] r8325 - websites/dir.xiph.org

[oddsock at motherfish-iii.xiph.org]

Author: oddsock
Date: 2004-12-02 11:09:31 -0800 (Thu, 02 Dec 2004)
New Revision: 8325

Modified:
   websites/dir.xiph.org/index.php
Log:
a bit extra protection against possible misuse of the YP.


Modified: websites/dir.xiph.org/index.php
===================================================================
--- websites/dir.xiph.org/index.php	2004-12-01 07:00:45 UTC (rev 8324)
+++ websites/dir.xiph.org/index.php	2004-12-02 19:09:31 UTC (rev 8325)
@@ -323,7 +323,7 @@
 	}
         $id = $row[0];
         $server_name = htmlentities($row[1]);
-        $listeners = $row[2];
+        $listeners = htmlentities($row[2]);
 	$cluster_flag = 0;
 	if ($cluster_id != "") {
 		$cluster_flag = 1;
@@ -355,17 +355,20 @@
 		while ($row2 = mysql_fetch_row($result2)) {
 			$description = htmlentities($row2[0]);
 			$genre = htmlentities($row2[1]);
-			$url = $row2[2];
+			$url = htmlentities($row2[2]);
+			$url = str_replace("hTtP", "http", $url);
 			$current_song = htmlentities($row2[3]);
 			$listen_url = urlencode($row2[4]);
-			$listen_url_raw = $row2[4];
-			$server_type = $row2[5];
-			$bitrate = $row2[6];
-			$samplerate = $row2[7];
-			$channels = $row2[8];
-			$listeners = $row2[9];
-			$cluster_id = $row2[10];
-			$stream_id = $row2[11];
+			$listen_url = str_replace("hTtP", "http", $listen_url);
+			$listen_url_raw = htmlentities($row2[4]);
+			$listen_url_raw = str_replace("hTtP", "http", $listen_url_raw);
+			$server_type = htmlentities($row2[5]);
+			$bitrate = htmlentities($row2[6]);
+			$samplerate = htmlentities($row2[7]);
+			$channels = htmlentities($row2[8]);
+			$listeners = htmlentities($row2[9]);
+			$cluster_id = htmlentities($row2[10]);
+			$stream_id = htmlentities($row2[11]);
 			$total_listeners = $total_listeners + $listeners;
 			$streamDetailsLine .= buildStreamLine($server_name, $listen_url_raw, $genre, $listeners, $description, $current_song, $server_type, $bitrate, $samplerate, $channels, $stream_id, $bgcolor);
 		}