Remove nonces from URLs, since we now use HTTP Cache-Control headers

to keep our clients honest.

diff --git a/templates/choose.html b/templates/choose.html
index e466975ea7a8819f0bf118286081b6ebba6db41c..2df2e2d8f5921df38e1ab3201cc2d6b259d6b776 100644 (file)
--- a/templates/choose.html
+++ b/templates/choose.html
@@ -118,7 +118,7 @@ USA
    @if{@ne{@arg:directory@}{}@}{
    <p class=directoryname>@navigate{@arg:directory@}{/<a
    class=thisdirectory
-   href="@url@?action=choose&#38;directory=@urlquote{@fullname@}@&#38;n=@nonce@">@basename@</a>}@:</p>
+   href="@url@?action=choose&#38;directory=@urlquote{@fullname@}@">@basename@</a>}@:</p>
    }@
 
    @if{@isdirectories@}{
@@ -129,7 +129,7 @@ USA
     @choose{directories}{
     <p class=directory>
      <a class=directory
-     href="@url@?action=choose&#38;directory=@urlquote{@file@}@&#38;n=@nonce@"
+     href="@url@?action=choose&#38;directory=@urlquote{@file@}@"
      title="@label:choose.directory@">
      <img class=button
       src="@image:directory@"
@@ -148,13 +148,13 @@ USA
     @choose{files}{
     <p class=file>
     @right{prefs}{<a class=imgprefs
-     href="@url@?action=prefs&#38;0_file=@urlquote{@resolve{@file@}@}@&#38;n=@nonce@"
+     href="@url@?action=prefs&#38;0_file=@urlquote{@resolve{@file@}@}@"
      ><img class=button
       src="@image:edit@"
       title="@label:choose.prefsverbose@"
       alt="@label:choose.prefs@"></a>}@
      <a class=file
-     href="@url@?action=play&#38;file=@urlquote{@file@}@&#38;back=@urlquote{@thisurl@}@&#38;n=@nonce@"
+     href="@url@?action=play&#38;file=@urlquote{@file@}@&#38;back=@urlquote{@thisurl@}@"
      title="@label:choose.play@">@transform{@file@}{track}{display}@</a>
      @if{@eq{@trackstate{@file@}@}{playing}@}{[<b>playing</b>]}@
      @if{@eq{@trackstate{@file@}@}{queued}@}{[<b>queued</b>]}@
@@ -162,12 +162,12 @@ USA
     }@
     <p class=allfiles>
      @right{prefs}{<a class=imgprefs
-     href="@url@?action=prefs&#38;directory=@urlquote{@arg:directory@}@&#38;n=@nonce@&#38;back=@urlquote{@thisurl@}@"
+     href="@url@?action=prefs&#38;directory=@urlquote{@arg:directory@}@&#38;back=@urlquote{@thisurl@}@"
      ><img class=button 
       src="@image:edit@"
       title="@label:choose.allprefsverbose@"
       alt="@label:choose.allprefs@"></a>}@
-     <a class=allfiles href="@url@?action=play&#38;directory=@urlquote{@arg:directory@}@&#38;n=@nonce@&#38;back=@urlquote{@thisurl@}@">
+     <a class=allfiles href="@url@?action=play&#38;directory=@urlquote{@arg:directory@}@&#38;back=@urlquote{@thisurl@}@">
       @label:choose.playall@
      </a>
     </p>

diff --git a/templates/help.html b/templates/help.html
index 135c037e73962eb0d3cb8d0169e399e57d7e97f0..13029265b258da4cbb36b30952263ca6396bcb7e 100644 (file)
--- a/templates/help.html
+++ b/templates/help.html
@@ -192,9 +192,9 @@ USA
     </table>
 
     <p>This screen has two forms: <a
-    href="@url@?action=choose&#38;n=@nonce@">choose</a>, which give
+    href="@url@?action=choose">choose</a>, which give
     you all the top-level directories at once, and <a
-    href="@url@?action=choosealpha&#38;n=@nonce@">choosealpha</a>,
+    href="@url@?action=choosealpha">choosealpha</a>,
     which breaks them down by initial letter.</p>
 
     <p>This screen will may not be available if you are not logged in

diff --git a/templates/login.html b/templates/login.html
index 11474e286e9d9bdc69aad5003992b6403cce856c..e586132efe9e16395a70c1fab3b7a1c2e083e123 100644 (file)
--- a/templates/login.html
+++ b/templates/login.html
@@ -73,7 +73,6 @@ USA
        </tr>
      </table>
      <input name=action type=hidden value=login>
-     <input name=nonce type=hidden value="@nonce@">
      <input name=back type=hidden value="@arg:back@">
    </form>
 
@@ -101,7 +100,6 @@ USA
        </tr>
      </table>
      <input name=action type=hidden value=reminder>
-     <input name=nonce type=hidden value="@nonce@">
    </form>
 
    @right{register}{
@@ -156,7 +154,6 @@ USA
        </tr>
      </table>
      <input name=action type=hidden value=register>
-     <input name=nonce type=hidden value="@nonce@">
    </form>}@
    }{
    @#{not the guest user, allow change of details and logout}@
@@ -171,7 +168,6 @@ USA
        </button>
      </div>
      <input name=action type=hidden value=logout>
-     <input name=nonce type=hidden value="@nonce@">
    </form>
 
    <p>Use this form to change your email address and/or password.</p>
@@ -212,7 +208,6 @@ USA
        </tr>
      </table>
      <input name=action type=hidden value=edituser>
-     <input name=nonce type=hidden value="@nonce@">
    </form>
 
    }@

diff --git a/templates/new.html b/templates/new.html
index 52bac0e6981ca734f611e2aa5ded387790c0b048..9c43b0b104963bc2397e6f2642a0042f347c65d0 100644 (file)
--- a/templates/new.html
+++ b/templates/new.html
@@ -54,14 +54,14 @@ USA
        >@part{short}{album}@</span>}@</td>
      <td class=title>@right{play}{<a class=file
        title="@part{title}@"
-       href="@url@?action=play&#38;file=@urlquote{@file@}@&#38;back=@urlquote{@thisurl@}@&#38;n=@nonce@"
+       href="@url@?action=play&#38;file=@urlquote{@file@}@&#38;back=@urlquote{@thisurl@}@"
        >@part{short}{title}@</a>}{<span class=file
        title="@part{title}@"
        >@part{short}{title}@</span>}@</td>
      <td class=length>@length@</td>
 @right{prefs}{
      <td class=imgbutton><a class=imgbutton
-      href="@url@?action=prefs&#38;n=@nonce@&#38;0_file=@urlquote{@file@}@"><img
+      href="@url@?action=prefs&#38;0_file=@urlquote{@file@}@"><img
        class=button src="@image:edit@"
        title="@label:choose.prefsverbose@"
        alt="@label:choose.prefs@"></a></td>

diff --git a/templates/playing.html b/templates/playing.html
index c75a7d65bb783c8094918bf55d778a035e4db7fa..4242740c2fe441df680f9da727e42620e496107f 100644 (file)
--- a/templates/playing.html
+++ b/templates/playing.html
@@ -35,7 +35,7 @@ USA
     <!-- paused -->
     <span class=button>
     <a class=button
-    href="@url@?action=resume&#38;n=@nonce@&#38;mgmt=true"
+    href="@url@?action=resume&#38;mgmt=true"
      title="@label:playing.resumeverbose@">@label:playing.pause@</a>
     </a>
     </span>
@@ -44,7 +44,7 @@ USA
     <!-- not paused -->
     <span class=button>
     <a class=button
-    href="@url@?action=pause&#38;n=@nonce@&#38;mgmt=true"
+    href="@url@?action=pause&#38;mgmt=true"
      title="@label:playing.pauseverbose@">@label:playing.pause@</a>
     </a>
     </span>
@@ -54,7 +54,7 @@ USA
     <!-- random played enabled -->
     <span class=button>
     <a class=button
-    href="@url@?action=random-disable&#38;n=@nonce@&#38;mgmt=true"
+    href="@url@?action=random-disable&#38;mgmt=true"
      title="@label:playing.randomdisableverbose@">@label:playing.random@</a>
     </a>
     </span>
@@ -63,7 +63,7 @@ USA
     <!-- random played disabled -->
     <span class=button>
     <a class=button
-    href="@url@?action=random-enable&#38;n=@nonce@&#38;mgmt=true"
+    href="@url@?action=random-enable&#38;mgmt=true"
      title="@label:playing.randomenableverbose@">@label:playing.random@</a>
     </a>
     </span>
@@ -73,7 +73,7 @@ USA
     <!-- playing enabled -->
     <span class=button>
     <a class=button
-    href="@url@?action=disable&#38;n=@nonce@&#38;mgmt=true"
+    href="@url@?action=disable&#38;mgmt=true"
      title="@label:playing.disableverbose@">@label:playing.playing@</a>
     </a>
     </span>
@@ -82,7 +82,7 @@ USA
     <!-- playing disabled -->
     <span class=button>
     <a class=button
-    href="@url@?action=enable&#38;n=@nonce@&#38;mgmt=true"
+    href="@url@?action=enable&#38;mgmt=true"
      title="@label:playing.enableverbose@">@label:playing.playing@</a>
     </a>
     </span>
@@ -99,7 +99,6 @@ USA
      </a>}{<img class=button src="@image:nodown@">}@
      @label:volume.left@ <input size=3 name=left type=text value="@volume:left@">
      @label:volume.right@ <input size=3 name=right type=text value="@volume:right@">
-     <input name=nonce type=hidden value="@nonce@">
      <input name=back type=hidden value="@thisurl@?mgmt=true">
      @right{volume}{<button class=search name=submit type=submit>
       @label:volume.set@
@@ -157,7 +156,7 @@ USA
        title="@part{title}@">@part{short}{title}@</span></td>
       <td class=length>@length@</td>
       <td class=imgbutton>@if{@scratchable@}{<a class=imgbutton
-       href="@url@?action=scratch&#38;n=@nonce@&#38;id=@id@&#38;mgmt=@arg:mgmt@"><img
+       href="@url@?action=scratch&#38;id=@id@&#38;mgmt=@arg:mgmt@"><img
        class=button src="@image:scratch@"
        title="@label:playing.scratchverbose@"
        alt="@label:playing.scratch@"></a>}{<img
@@ -196,7 +195,7 @@ USA
        title="@part{title}@">@part{short}{title}@</span></td>
       <td class=length>@length@</td>
       <td class=imgbutton>@if{@removable@}{<a class=imgbutton
-       href="@url@?action=remove&#38;n=@nonce@&#38;id=@id@&#38;mgmt=@arg:mgmt@"><img
+       href="@url@?action=remove&#38;id=@id@&#38;mgmt=@arg:mgmt@"><img
        class=button src="@image:scratch@"
        title="@label:playing.removeverbose@" 
        alt="@label:playing.remove@"></a>}{<img
@@ -220,13 +219,13 @@ USA
      <!-- can move up -->
      <td class=imgbutton>
       <a class=imgbutton
-        href="@url@?action=move&#38;n=@nonce@&#38;id=@id@&#38;delta=2147483647&#38;mgmt=true"><img
+        href="@url@?action=move&#38;id=@id@&#38;delta=2147483647&#38;mgmt=true"><img
        class=button src="@image:upall@"
        title="@label:playing.upallverbose@"
        alt="@label:playing.upall@"></a>
      <td class=imgbutton>
      <a class=imgbutton
-        href="@url@?action=move&#38;n=@nonce@&#38;id=@id@&#38;delta=1&#38;mgmt=true"><img
+        href="@url@?action=move&#38;id=@id@&#38;delta=1&#38;mgmt=true"><img
        class=button src="@image:up@"
        title="@label:playing.upverbose@" alt="@label:playing.up@"></a>
          }@
@@ -246,13 +245,13 @@ USA
      <!-- can move down -->
      <td class=imgbutton>
       <a class=imgbutton
-        href="@url@?action=move&#38;n=@nonce@&#38;id=@id@&#38;delta=-2147483647&#38;mgmt=true"><img
+        href="@url@?action=move&#38;id=@id@&#38;delta=-2147483647&#38;mgmt=true"><img
        class=button src="@image:downall@"
        title="@label:playing.downallverbose@"
        alt="@label:playing.downall@"></a>
      <td class=imgbutton>
      <a class=imgbutton
-        href="@url@?action=move&#38;n=@nonce@&#38;id=@id@&#38;delta=-1&#38;mgmt=true"><img
+        href="@url@?action=move&#38;id=@id@&#38;delta=-1&#38;mgmt=true"><img
        class=button src="@image:down@"
        title="@label:playing.downverbose@" alt="@label:playing.down@"></a>
          }@

diff --git a/templates/prefs.html b/templates/prefs.html
index 46722ad870fecf407ed7fa7d008c8fb28413fdbb..36a4f0135604217115cd021371ab76f95607f32f 100644 (file)
--- a/templates/prefs.html
+++ b/templates/prefs.html
@@ -30,7 +30,6 @@ USA
    <form class=prefs action="@url@" method=POST
          enctype="multipart/form-data" accept-charset=utf-8>
     <input type=hidden name="files" value="@nfiles@">
-    <input type=hidden name=nonce value=@nonce@>
     <input type=hidden name=parts value="artist album title">
    @files{
    <p class="prefs_head">Preferences for <span class="prefs_track">@arg{@index@_file}@</span></p>

diff --git a/templates/recent.html b/templates/recent.html
index 9b46d788887c33a036399932b5c57c8105099bd7..9c62496c66eb2e25c702f701fe407f2d1aaf3c45 100644 (file)
--- a/templates/recent.html
+++ b/templates/recent.html
@@ -61,7 +61,7 @@ USA
      <td class=length>@length@</td>
 @right{prefs}{
      <td class=imgbutton><a class=imgbutton
-      href="@url@?action=prefs&#38;n=@nonce@&#38;0_file=@urlquote{@file@}@"><img
+      href="@url@?action=prefs&#38;0_file=@urlquote{@file@}@"><img
        class=button src="@image:edit@"
        title="@label:choose.prefsverbose@"
        alt="@label:choose.prefs@"></a></td>

diff --git a/templates/search.html b/templates/search.html
index ea7a63223f990b2d482c7e5eec73187794487116..5201dc5116bcb72bdb1f4d9e1f21784520584d98 100644 (file)
--- a/templates/search.html
+++ b/templates/search.html
@@ -36,7 +36,6 @@ USA
       @label:search.search@
      </button>
      <input name=action type=hidden value=search>
-     <input name=nonce type=hidden value="@nonce@">
      </p>
    </form>
 
@@ -52,7 +51,7 @@ USA
       @search{title}{
       <div class="search_title">
        <p class="search_title">Title:
-       <a href="@url@?action=play&#38;file=@urlquote{@file@}@&#38;back=@urlquote{@thisurl@}@&#38;n=@nonce@">@part:title@</a>
+       <a href="@url@?action=play&#38;file=@urlquote{@file@}@&#38;back=@urlquote{@thisurl@}@">@part:title@</a>
        @if{@eq{@trackstate{@file@}@}{playing}@}{[<b>playing</b>]}@
        @if{@eq{@trackstate{@file@}@}{queued}@}{[<b>queued</b>]}@
        </p>

diff --git a/templates/topbar.html b/templates/topbar.html
index f7019b17be0c46eeb52ee973ebc4329e6d443338..be9beb8bc7f5accb50540e8997bb9d5707f7dbeb 100644 (file)
--- a/templates/topbar.html
+++ b/templates/topbar.html
@@ -3,29 +3,29 @@
  href="@url@"
  title="@label:sidebar.playingverbose@">@label:sidebar.playing@</a>
   <a class=@if{@eq{@action@}{recent}@}{activemenu}{inactivemenu}@
- href="@url@?action=recent&amp;n=@nonce@"
+ href="@url@?action=recent"
  title="@label:sidebar.recentverbose@">@label:sidebar.recent@</a>
   <a class=@if{@eq{@action@}{new}@}{activemenu}{inactivemenu}@
- href="@url@?action=new&amp;n=@nonce@"
+ href="@url@?action=new"
  title="@label:sidebar.newverbose@">@label:sidebar.new@</a>
 @right{play}{
   <a class=@if{@or{@eq{@action@}{choose}@}
                   {@eq{@action@}{choosealpha}@}@}
               {activemenu}
               {inactivemenu}@
- href="@url@?action=@label:sidebar.choosewhich@&amp;n=@nonce@"
+ href="@url@?action=@label:sidebar.choosewhich@"
  title="@label:sidebar.chooseverbose@">@label:sidebar.choose@</a>}{
   <span class=invalidmenu
    title="@label:sidebar.chooseverbose@">@label:sidebar.choose@</span>}@
 @right{play}{
   <a class=@if{@eq{@action@}{search}@}{activemenu}{inactivemenu}@
- href="@url@?action=search&amp;n=@nonce@"
+ href="@url@?action=search"
  title="@label:sidebar.searchverbose@">@label:sidebar.search@</a>}{
   <span class=invalidmenu
    title="@label:sidebar.searchverbose@">@label:sidebar.search@</span>}@
 <!-- disabled by default since now available from 'manage'
   <a class=@if{@eq{@action@}{volume}@}{activemenu}{inactivemenu}@
- href="@url@?action=volume&amp;n=@nonce@"
+ href="@url@?action=volume"
  title="@label:sidebar.volumeverbose@">@label:sidebar.volume@</a>
 -->
   <a class=@if{@eq{@action@}{manage}@}{activemenu}{inactivemenu}@
@@ -36,13 +36,13 @@
                   {@eq{@action@}{register}@}
                   {@eq{@action@}{reminder}@}
                   {@eq{@action@}{edituser}@}@}{activemenu}{inactivemenu}@
- href="@url@?action=login&amp;n=@nonce@"
+ href="@url@?action=login"
  title="@label:sidebar.loginverbose@">@label:sidebar.login@</a>
   <a class=@if{@eq{@action@}{help}@}{activemenu}{inactivemenu}@
- href="@url@?action=help&amp;n=@nonce@"
+ href="@url@?action=help"
  title="@label:sidebar.helpverbose@">@label:sidebar.help@</a>
   <a class=@if{@eq{@action@}{about}@}{activemenu}{inactivemenu}@
- href="@url@?action=about&amp;n=@nonce@"
+ href="@url@?action=about"
  title="@label:sidebar.aboutverbose@">@label:sidebar.about@</a>
 </p>
 <hr>

diff --git a/templates/volume.html b/templates/volume.html
index 63a763073682e0efa2372062d84e8ee172856f96..e614c91f78d59d78e1e9bbe51db54dc9db8d4ac0 100644 (file)
--- a/templates/volume.html
+++ b/templates/volume.html
@@ -36,7 +36,6 @@ USA
      </a>
      @label:volume.left@ <input size=3 name=left type=text value="@volume:left@">
      @label:volume.right@ <input size=3 name=right type=text value="@volume:right@">
-     <input name=nonce type=hidden value="@nonce@">
      <button class=search name=action type=submit value=volume>
       @label:volume.set@
      </button>