Internet radio browser GUI for music/video streams from various directory services.

⌈⌋ ⎇ branch:  streamtuner2


Changes To project state

Changes to "project state" between 2015-03-29 07:28:26 and 2015-05-11 21:14:01

24
25
26
27
28
29
30
31

32
33
34
35


36
37
24
25
26
27
28
29
30

31
32
33


34
35
36
37







-
+


-
-
+
+



* Localization (not actually planned for)

## Security notes

* Directory scrapers use partially complex regular expressions - which is probably 
  not a security risk, but might lead to faulty data. Albeit HTML entitiy cleanup and constraints are in place. (As for fragile, the InternetRadio DOM method is less exact even.)
* MEDIUM: little integrity checking for .pls / .m3u references and files 
* MEDIUM: integrity checking for .pls / .m3u references and files only on conversion
* minimal XML/SGML entity decoding (-> faulty data) 
* fixed: now uses only proper Python json module (no longer Python-style dicts and eval)
* HIGH RISK: no verification of downloaded favicon image files (ico/png), 
 as they are passed to gtk.gdk.Pixbuf (OTOH data pre-filtered by Google) 
* <s>HIGH RISK: no verification of downloaded favicon image files (ico/png), 
 as they are passed to gtk.gdk.Pixbuf (OTOH data pre-filtered by Google)</s>
* MEDIUM: audio players / decoders are easily affected by buffer overflows 
  from corrupt mp3/stream data. However nothing we can preassert here, streamtuner2 just passes them on.