diff --git a/musik.py b/musik.py index 422757a..94f2da1 100755 --- a/musik.py +++ b/musik.py @@ -78,6 +78,13 @@ def init_library(): return tracks +def escape(string): + """Escape things.""" + string = parse.quote(string, safe='') + string = string.replace('&', '%26') + return string + + app = Flask(__name__) api = Api(app) tracks = init_library() @@ -127,14 +134,14 @@ class Selection(Resource): found.pop('filepath') found['streampath'] = url_for( 'stream', - artist=parse.quote(track.artist, safe=''), - album=parse.quote(track.album, safe=''), - track=parse.quote(track.title, safe='')) + artist=escape(track.artist), + album=escape(track.album), + track=escape(track.title)) found['coverart'] = url_for( 'coverart', - artist=parse.quote(track.artist, safe=''), - album=parse.quote(track.album, safe=''), - track=parse.quote(track.title, safe='')) + artist=escape(track.artist), + album=escape(track.album), + track=escape(track.title)) return found elif args.get('album'): diff --git a/static/musik.js b/static/musik.js index 659036a..4473412 100644 --- a/static/musik.js +++ b/static/musik.js @@ -32,7 +32,7 @@ function select_artist(select) { document.getElementById('albumList').innerHTML = html_str; document.getElementById('trackList').innerHTML = ''; }; - httpRequest.open('GET', api_uri + '?artist=' + select.value, true); + httpRequest.open('GET', api_uri + '?artist=' + select.value.replace('&', '%26'), true); httpRequest.send(); } @@ -49,7 +49,7 @@ function select_album(select) { } document.getElementById('trackList').innerHTML = html_str; }; - httpRequest.open('GET', api_uri + '?artist=' + document.getElementById('artistList').value + '&album=' + select.value, true); + httpRequest.open('GET', api_uri + '?artist=' + document.getElementById('artistList').value.replace('&', '%26') + '&album=' + select.value.replace('&', '%26'), true); httpRequest.send(); } @@ -63,7 +63,7 @@ function select_track(select) { let track = JSON.parse(httpRequest.responseText); change_track(track); }; - httpRequest.open('GET', api_uri + '?artist=' + document.getElementById('artistList').value + '&album=' + document.getElementById('albumList').value + '&track=' + select.value, true); + httpRequest.open('GET', api_uri + '?artist=' + document.getElementById('artistList').value.replace('&', '%26') + '&album=' + document.getElementById('albumList').value.replace('&', '%26') + '&track=' + select.value.replace('&', '%26'), true); httpRequest.send(); }