From 777b91817cc6029706e5d4fd279911560b2900de Mon Sep 17 00:00:00 2001 From: Spirit Date: Tue, 7 Apr 2020 01:56:27 +0800 Subject: [PATCH] fix: fix the fixes --- inc/api.php | 21 +++++++++++---------- inc/classes/Aplayer.php | 22 +++++++++++++++++++++- 2 files changed, 32 insertions(+), 11 deletions(-) diff --git a/inc/api.php b/inc/api.php index b2f50c2..7771f77 100755 --- a/inc/api.php +++ b/inc/api.php @@ -214,7 +214,7 @@ function get_qq_avatar() { } function bgm_bilibili() { - if (!check_ajax_referer('wp_rest', 'r', false)) { + if (!check_ajax_referer('wp_rest', '_wpnonce', false)) { $output = array( 'status' => 403, 'success' => false, @@ -233,7 +233,16 @@ function bgm_bilibili() { function meting_aplayer() { $type = $_GET['type']; $id = $_GET['id']; - if (check_ajax_referer('wp_rest', '_wpnonce', false) || !wp_verify_nonce($_GET['meting_pnonce'], $type . '#:' . $id)) { + $wpnonce = $_GET['_wpnonce']; + $meting_pnonce = $_GET['meting_pnonce']; + if ((isset($wpnonce) && !check_ajax_referer('wp_rest', $wpnonce, false)) || (isset($nonce) && !wp_verify_nonce($nonce, $type . '#:' . $id))) { + $output = array( + 'status' => 403, + 'success' => false, + 'message' => 'Unauthorized client.' + ); + $response = new WP_REST_Response($output, 403); + } else { $Meting_API = new \Sakura\API\Aplayer(); $data = $Meting_API->get_data($type, $id); if ($type === 'playlist') { @@ -244,18 +253,10 @@ function meting_aplayer() { $response->set_headers(array('cache-control' => 'max-age=3600')); echo $data; } else { - $data = str_replace('http://', 'https://', $data); $response = new WP_REST_Response(); $response->set_status(301); $response->header('Location', $data); } - } else { - $output = array( - 'status' => 403, - 'success' => false, - 'message' => 'Unauthorized client.' - ); - $response = new WP_REST_Response($output, 403); } return $response; } \ No newline at end of file diff --git a/inc/classes/Aplayer.php b/inc/classes/Aplayer.php index 29de769..0db6ea3 100644 --- a/inc/classes/Aplayer.php +++ b/inc/classes/Aplayer.php @@ -27,6 +27,7 @@ class Aplayer case 'song': $data = $api->format(true)->song($id); $data = json_decode($data, true)["url"]; + $data = $this->song_url($data); break; // case 'album': // $data = $api->format(true)->album($id); @@ -46,11 +47,12 @@ class Aplayer break; // case 'search': // $data = $api->format(true)->search($id); - // $data=json_decode($data, true)["url"]; + // $data=json_decode($data, true); // break; default: $data = $api->format(true)->url($id); $data = json_decode($data, true)["url"]; + $data = $this->song_url($data); break; } return $data; @@ -78,6 +80,24 @@ class Aplayer return $playlist; } + private function song_url($url){ + $server = $this->server; + if ($server == 'netease') { + $url = str_replace('://m7c.', '://m7.', $url); + $url = str_replace('://m8c.', '://m8.', $url); + $url = str_replace('http://m8.', 'https://m9.', $url); + $url = str_replace('http://m7.', 'https://m9.', $url); + $url = str_replace('http://m10.', 'https://m10.', $url); + }elseif ($server == 'xiami') { + $url = str_replace('http://', 'https://', $url); + }elseif ($server == 'baidu') { + $url = str_replace('http://zhangmenshiting.qianqian.com', 'https://gss3.baidu.com/y0s1hSulBw92lNKgpU_Z2jR7b2w6buu', $url); + }else{ + $url = $url; + } + return $url; + } + private function format_lyric($data) { $server = $this->server; $data = json_decode($data, true);