diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index ccf699417b..63688ed157 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -18,6 +18,8 @@ There will probably not be another big change to Ampache 5 as work has moved to
* Missing translation on preferences sidebar
* Default catalog_filter group could be missing on a new install
* Gather genre tags when not an array
+* Display webp images
+* Check for a valid image extensions when uploading art
## API 5.5.6
diff --git a/public/templates/show_artist_info.inc.php b/public/templates/show_artist_info.inc.php
index 86d9762afa..895912aae5 100644
--- a/public/templates/show_artist_info.inc.php
+++ b/public/templates/show_artist_info.inc.php
@@ -48,8 +48,8 @@
";
- if (Core::get_global('user')->has_access(50) || (Core::get_global('user')->has_access(25) && Core::get_global('user')->id == $libitem->get_user_owner())) {
+ if ((!empty(Core::get_global('user')) && Core::get_global('user')->has_access(50)) || (Core::get_global('user')->has_access(25) && Core::get_global('user')->id == $libitem->get_user_owner())) {
echo "
";
echo Ui::get_icon('edit', T_('Edit/Find Art'));
echo "";
diff --git a/src/Repository/Model/Catalog.php b/src/Repository/Model/Catalog.php
index 668cfd76f1..36fcc88b7a 100644
--- a/src/Repository/Model/Catalog.php
+++ b/src/Repository/Model/Catalog.php
@@ -3821,6 +3821,7 @@ public static function garbage_collect_mapping()
$sql = "DELETE FROM `catalog_map` WHERE `catalog_id` = 0";
Dba::write($sql);
}
+
/**
* Delete catalog filters that might have gone missing
*/
diff --git a/src/Repository/Model/TVShow_Season.php b/src/Repository/Model/TVShow_Season.php
index a8e0964508..f07c07a71e 100644
--- a/src/Repository/Model/TVShow_Season.php
+++ b/src/Repository/Model/TVShow_Season.php
@@ -115,7 +115,7 @@ private function _get_extra_info()
if (parent::is_cached('tvshow_extra', $this->id)) {
$row = parent::get_from_cache('tvshow_extra', $this->id);
} else {
- $sql = "SELECT COUNT(`tvshow_episode`.`id`) AS `episode_count`, `video`.`catalog` AS `catalog_id` FROM `tvshow_episode` LEFT JOIN `video` ON `video`.`id` = `tvshow_episode`.`id` WHERE `tvshow_episode`.`season` = ?GROUP BY `catalog_id`";
+ $sql = "SELECT COUNT(`tvshow_episode`.`id`) AS `episode_count`, `video`.`catalog` AS `catalog_id` FROM `tvshow_episode` LEFT JOIN `video` ON `video`.`id` = `tvshow_episode`.`id` WHERE `tvshow_episode`.`season` = ? GROUP BY `catalog_id`";
$db_results = Dba::read($sql, array($this->id));
$row = Dba::fetch_assoc($db_results);
diff --git a/src/Repository/Model/Tag.php b/src/Repository/Model/Tag.php
index 57a9e6a581..a521e16b31 100644
--- a/src/Repository/Model/Tag.php
+++ b/src/Repository/Model/Tag.php
@@ -553,7 +553,7 @@ public static function get_top_tags($type, $object_id, $limit = 10)
$object_id = (int)($object_id);
$limit = (int)($limit);
- $sql = "SELECT `tag_map`.`id`, `tag_map`.`tag_id`, `tag`.`name`, `tag_map`.`user` FROM `tag` LEFT JOIN `tag_map` ON `tag_map`.`tag_id`=`tag`.`id` WHERE `tag`.`is_hidden` = false AND `tag_map`.`object_type` = ? AND `tag_map`.`object_id` = ?LIMIT $limit";
+ $sql = "SELECT `tag_map`.`id`, `tag_map`.`tag_id`, `tag`.`name`, `tag_map`.`user` FROM `tag` LEFT JOIN `tag_map` ON `tag_map`.`tag_id`=`tag`.`id` WHERE `tag`.`is_hidden` = false AND `tag_map`.`object_type` = ? AND `tag_map`.`object_id` = ? LIMIT $limit";
$db_results = Dba::read($sql, array($type, $object_id));
$results = array();
diff --git a/src/Repository/Model/User.php b/src/Repository/Model/User.php
index 19c4cf0ca6..abecdaaa12 100644
--- a/src/Repository/Model/User.php
+++ b/src/Repository/Model/User.php
@@ -354,7 +354,6 @@ public static function get_user_catalogs($userid)
return $catalogs;
} // get_catalogs
-
/**
* get_catalogs
* This returns the catalogs as an array of ids that this user is allowed to access
@@ -365,7 +364,6 @@ public function get_catalogs()
return self::get_user_catalogs($this->id);
} // get_catalogs
-
/**
* get_preferences
* This is a little more complicate now that we've got many types of preferences
@@ -1440,8 +1438,11 @@ public function upload_avatar()
$path_info = pathinfo($_FILES['avatar']['name']);
$upload['file'] = $_FILES['avatar']['tmp_name'];
$upload['mime'] = 'image/' . $path_info['extension'];
- $image_data = Art::get_from_source($upload, 'user');
+ if (!in_array(strtolower($path_info['extension']), Art::VALID_TYPES)) {
+ return false;
+ }
+ $image_data = Art::get_from_source($upload, 'user');
if ($image_data !== '') {
return $this->update_avatar($image_data, $upload['mime']);
}