This file is indexed.

/usr/share/ampache/www/batch.php is in ampache-common 3.6-rzb2752+dfsg-5.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
<?php
/* vim:set softtabstop=4 shiftwidth=4 expandtab: */
/**
 *
 * LICENSE: GNU General Public License, version 2 (GPLv2)
 * Copyright 2001 - 2013 Ampache.org
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License v2
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 *
 */

require_once 'lib/init.php';
ob_end_clean();

//test that batch download is permitted
if (!Access::check_function('batch_download')) {
    UI::access_denied();
    exit;
}

/* Drop the normal Time limit constraints, this can take a while */
set_time_limit(0);

switch ($_REQUEST['action']) {
    case 'tmp_playlist':
        $media_ids = $GLOBALS['user']->playlist->get_items();
        $name = $GLOBALS['user']->username . ' - Playlist';
    break;
    case 'playlist':
        $playlist = new Playlist($_REQUEST['id']);
        $media_ids = $playlist->get_songs();
        $name = $playlist->name;
    break;
    case 'smartplaylist':
        $search = new Search('song', $_REQUEST['id']);
        $sql = $search->to_sql();
        $sql = $sql['base'] . ' ' . $sql['table_sql'] . ' WHERE ' . 
            $sql['where_sql'];
        $db_results = Dba::read($sql);
        $media_ids = array();
        while ($row = Dba::fetch_assoc($db_results)) {
            $media_ids[] = $row['id'];
        }
        $name = $search->name;
    break;
    case 'album':
        $album = new Album($_REQUEST['id']);
        $media_ids = $album->get_songs();
        $name = $album->name;
    break;
    case 'artist':
        $artist = new Artist($_REQUEST['id']);
        $media_ids = $artist->get_songs();
        $name = $artist->name;
    break;
    case 'browse':
        $id = scrub_in($_REQUEST['browse_id']);
        $browse = new Browse($id);
        $browse_media_ids = $browse->get_saved();
        $media_ids = array();
        foreach ($browse_media_ids as $media_id) {
            switch ($_REQUEST['type']) {
                case 'album':
                    $album = new Album($media_id);
                    $media_ids = array_merge($media_ids, $album->get_songs());
                break;
                case 'song':
                    $media_ids[] = $media_id;
                break;
                case 'video':
                    $media_ids[] = array('Video', $media_id);
                break;
            } // switch on type
        } // foreach media_id
        $name = 'Batch-' . date("dmY",time());
    default:
        // Rien a faire
    break;
} // action switch

// Take whatever we've got and send the zip
$song_files = get_song_files($media_ids);
set_memory_limit($song_files['1']+32);
send_zip($name,$song_files['0']);
exit;
?>