fix: fix the fixes

inc/api.php

@@ -214,7 +214,7 @@ function get_qq_avatar() {
 }
 
 function bgm_bilibili() {
-    if (!check_ajax_referer('wp_rest', 'r', false)) {
+    if (!check_ajax_referer('wp_rest', '_wpnonce', false)) {
         $output = array(
             'status' => 403,
             'success' => false,
@@ -233,7 +233,16 @@ function bgm_bilibili() {
 function meting_aplayer() {
     $type = $_GET['type'];
     $id = $_GET['id'];
-    if (check_ajax_referer('wp_rest', '_wpnonce', false) || !wp_verify_nonce($_GET['meting_pnonce'], $type . '#:' . $id)) {
+    $wpnonce = $_GET['_wpnonce'];
+    $meting_pnonce = $_GET['meting_pnonce'];
+    if ((isset($wpnonce) && !check_ajax_referer('wp_rest', $wpnonce, false)) || (isset($nonce) && !wp_verify_nonce($nonce, $type . '#:' . $id))) {
+        $output = array(
+            'status' => 403,
+            'success' => false,
+            'message' => 'Unauthorized client.'
+        );
+        $response = new WP_REST_Response($output, 403);
+    } else {
         $Meting_API = new \Sakura\API\Aplayer();
         $data = $Meting_API->get_data($type, $id);
         if ($type === 'playlist') {
@@ -244,18 +253,10 @@ function meting_aplayer() {
             $response->set_headers(array('cache-control' => 'max-age=3600'));
             echo $data;
         } else {
-            $data = str_replace('http://', 'https://', $data);
             $response = new WP_REST_Response();
             $response->set_status(301);
             $response->header('Location', $data);
         }
-    } else {
-        $output = array(
-            'status' => 403,
-            'success' => false,
-            'message' => 'Unauthorized client.'
-        );
-        $response = new WP_REST_Response($output, 403);
     }
     return $response;
 }

inc/classes/Aplayer.php

@@ -27,6 +27,7 @@ class Aplayer
             case 'song':
                 $data = $api->format(true)->song($id);
                 $data = json_decode($data, true)["url"];
+                $data = $this->song_url($data);
                 break;
             // case 'album':
             //     $data = $api->format(true)->album($id);
@@ -46,11 +47,12 @@ class Aplayer
                 break;
             // case 'search':
             //     $data = $api->format(true)->search($id);
-            //     $data=json_decode($data, true)["url"];
+            //     $data=json_decode($data, true);
             //     break;
             default:
                 $data = $api->format(true)->url($id);
                 $data = json_decode($data, true)["url"];
+                $data = $this->song_url($data);
                 break;
         }
         return $data;
@@ -78,6 +80,24 @@ class Aplayer
         return $playlist;
     }
 
+    private function song_url($url){
+        $server = $this->server;
+        if ($server == 'netease') {
+            $url = str_replace('://m7c.', '://m7.', $url);
+            $url = str_replace('://m8c.', '://m8.', $url);
+            $url = str_replace('http://m8.', 'https://m9.', $url);
+            $url = str_replace('http://m7.', 'https://m9.', $url);
+            $url = str_replace('http://m10.', 'https://m10.', $url);
+        }elseif ($server == 'xiami') {
+            $url = str_replace('http://', 'https://', $url);
+        }elseif ($server == 'baidu') {
+            $url = str_replace('http://zhangmenshiting.qianqian.com', 'https://gss3.baidu.com/y0s1hSulBw92lNKgpU_Z2jR7b2w6buu', $url);
+        }else{
+            $url = $url;
+        }
+        return $url;
+    }
+
     private function format_lyric($data) {
         $server = $this->server;
         $data = json_decode($data, true);