search

poehoes / ampache-mobile

Automatically exported from code.google.com/p/ampache-mobile
0 stars 0 forks source link

name= field not correct in URL #38

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Play a song, any song.
2. Look at the URL being used in the request.

What is the expected output? What do you see instead?

I expect the url to be something of the form (session and oid removed for 
readability):

http://192.168.0.42/ampache/play/index.php?ssid=...&oid=...&uid=2&name=/Senses%2
0Fail%20-%20Fireworks%20At%20Dawn.mp3

What I get is:
http://bedrock.dnsalias.org/ampache/play/index.php?ssid=...&oid=...&uid=2&name=/
Senses

Notice the name= section is not complete. Senses is only the first word of the 
name. 

The Problem as I see it: Ampache apparently doesn't use the name= section of 
the URL. So right now if someone was able to get the session id of any request, 
they could get access to the catalog by repetitively incrementing the oid 
value. 

I was adding a feature to check that the name that comes in on the request is 
the name of the song. (I'm a noob at ampache, so maybe that is naive.) That way 
they only have access to things you have already requested that they managed to 
snoop(unless they are a good guesser). That way have the login over ssl, but 
the playback over http.

But, I can't check the name= field if ampache-mobile is not formatting it 
correctly.

What version of Ampache Mobile are you using?
0.9.6

What version of Ampache Server are you using? ex: 3.5.1
3.5.4

Please provide any additional information below. (Ex. Using transcoding,
problem is specific to EVDO vs WiFi)

Original issue reported on code.google.com by darthal...@yahoo.com on 29 Aug 2010 at 6:44

GoogleCodeExporter commented 9 years ago 
There is a workaround in the settings call Gstreamer %20... try enabling that.

Original comment by bjgeiser@gmail.com on 3 Sep 2010 at 3:56

GoogleCodeExporter commented 9 years ago 
When I enable Gstreamer %20 I don't get a name= parameter at all in the URL 
showing up on the server:

http://192.168.0.42/ampache/play/index.php?ssid=...&oid=...&uid=2

Is this what the workaround is supposed to do? I am trying to get a 
properly-formatted name parameter in the URL, like:

http://192.168.0.42/ampache/play/index.php?ssid=...&oid=...&uid=1&name=/U2%20-%2
0The%20Fly.mp3

Original comment by darthal...@yahoo.com on 4 Sep 2010 at 4:45

GoogleCodeExporter commented 9 years ago 
There is a bug in webOS which sends spaces instead of %20s down to the server, 
some servers handle this fine others don't.  The workaround completely 
eliminates the name field so that you can still stream from your server.

Original comment by bjgeiser@gmail.com on 4 Sep 2010 at 8:39

GoogleCodeExporter commented 9 years ago 
Since this bug has already been reported to Palm/HP its pretty much out of my 
control.  Closing it.

Original comment by bjgeiser@gmail.com on 12 Mar 2011 at 9:09