From ac921793c43cf9edcb998a4a0d48816bda1dc9bb Mon Sep 17 00:00:00 2001
From: lachlan <lachlan.00@gmail.com>
Date: Mon, 9 Aug 2021 12:08:44 +1000
Subject: [PATCH] Set "X-Frame-Options: SAMEORIGIN" on login page

---
 docs/CHANGELOG.md                        |  5 ++++-
 public/templates/show_login_form.inc.php | 24 +++++++++++-------------
 src/Module/Cli/PrintTagsCommand.php      |  8 ++++----
 3 files changed, 19 insertions(+), 18 deletions(-)

diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index 1238dcd3b5..1d93a47a1b 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -33,6 +33,7 @@ This means Ampache now **requires** php-intl module/dll to be enabled.
 * Save a search or Smartlist as a regular playlist
 * New option to refresh a Playlist from Searches with the same name
 * Option to change the playlist owner when editing OR importing
+* Set "X-Frame-Options: SAMEORIGIN" on login page
 * Search changes
   * Add 'possible_duplicate', 'recently_played' to song, artist and album search
   * Add 'catalog' to artist and album search
@@ -86,6 +87,7 @@ This means Ampache now **requires** php-intl module/dll to be enabled.
 * updateCatalog now implies add when using -i / --import by itself
 * Playlist Import checks for playlists by your user only in the UI (System for the cli)
 * Plugins: Use only https for building gravatar urls
+* Scrobble actions now check for the exact time as well (different agents or scripts would insert)
 * Subsonic
   * Wait a few seconds before allowing scrobbles to avoid collisions
   * Shift the last music play if gap is bigger than 5 repeated plays (over night, etc)
@@ -98,7 +100,7 @@ This means Ampache now **requires** php-intl module/dll to be enabled.
 * Take out the info icon from the song row; just click the song link
 * Take song artist out of the album edit popup
 * File tag reading for Band/Album Artist
-* Corrected albumartist collection and added missing tags to vorbis, aac and id3v2
+* Corrected album_artist collection and added missing tags to vorbis, aac and id3v2
 * Removed links from album list headers when split by release type
 * REMOVED config options
   * write_id3: Use write_tags
@@ -130,6 +132,7 @@ This means Ampache now **requires** php-intl module/dll to be enabled.
 * Translations could break JS with apostrophes
 * Playlist imports with an empty web_path would never work
 * Playlist imports were importing nothing
+* list preferences didn't reset allow null values after being set (Personal Favorites plugin)
 * Subsonic
   * Support a global user playqueue with getplayqueue, saveplayqueue
   * Incorrect header being set on art requests
diff --git a/public/templates/show_login_form.inc.php b/public/templates/show_login_form.inc.php
index 9bf24446d4..3aff610555 100644
--- a/public/templates/show_login_form.inc.php
+++ b/public/templates/show_login_form.inc.php
@@ -31,23 +31,21 @@
 use Ampache\Module\Util\Mailer;
 use Ampache\Module\Util\Ui;
 
-$remember_disabled = '';
-if (AmpConfig::get('session_length', 3600) >= AmpConfig::get('remember_length', 604800)) {
-    $remember_disabled = 'disabled="disabled"';
-}
-$htmllang                             = str_replace("_", "-", AmpConfig::get('lang'));
-is_rtl(AmpConfig::get('lang')) ? $dir = 'rtl' : $dir = 'ltr';
-
 $web_path = AmpConfig::get('web_path');
+$htmllang = str_replace("_", "-", AmpConfig::get('lang'));
+$dir      = is_rtl(AmpConfig::get('lang'))
+    ? 'rtl'
+    : 'ltr';
+
+$remember_disabled = (AmpConfig::get('session_length', 3600) >= AmpConfig::get('remember_length', 604800))
+    ? 'disabled="disabled"'
+    : '';
 
-$_SESSION['login'] = true;
-define('TABLE_RENDERED', 1);
-$mobile_session = false;
 $user_agent     = Core::get_server('HTTP_USER_AGENT');
+$mobile_session = strpos($user_agent, 'Mobile') && (strpos($user_agent, 'Android') || strpos($user_agent, 'iPhone') || strpos($user_agent, 'iPad'));
 
-if (strpos($user_agent, 'Mobile') && (strpos($user_agent, 'Android') || strpos($user_agent, 'iPhone') || strpos($user_agent, 'iPad'))) {
-    $mobile_session = true;
-} ?>
+define('TABLE_RENDERED', 1);
+header("X-Frame-Options: SAMEORIGIN"); ?>
 <!DOCTYPE html>
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $htmllang; ?>" lang="<?php echo $htmllang; ?>" dir="<?php echo $dir; ?>">
 
diff --git a/src/Module/Cli/PrintTagsCommand.php b/src/Module/Cli/PrintTagsCommand.php
index f2c529f766..86414213ea 100644
--- a/src/Module/Cli/PrintTagsCommand.php
+++ b/src/Module/Cli/PrintTagsCommand.php
@@ -67,7 +67,7 @@ public function execute(
         $dir_pattern  = $catalog->sort_pattern;
         $file_pattern = $catalog->rename_pattern;
 
-        $info = $this->utilityFactory->createVaInfo(
+        $vainfo = $this->utilityFactory->createVaInfo(
             $filename,
             ['music'],
             '',
@@ -83,8 +83,8 @@ public function execute(
             );
         }
         try {
-            $info->get_info();
-            $results         = $info->tags;
+            $vainfo->get_info();
+            $results         = $vainfo->tags;
             $keys            = VaInfo::get_tag_type($results);
             $ampache_results = VaInfo::clean_tag_info($results, $keys, $filename);
 
@@ -94,7 +94,7 @@ public function execute(
             );
             $io->eol(2);
 
-            print_r($info);
+            print_r($vainfo);
 
             $io->eol();
             $io->info('------------------------------------------------------------------', true);