8 files changed, 15 insertions, 7 deletions

diff --git a/api/addFavorite.php b/api/addFavorite.php
index 48e0036..e54e7e2 100644
--- a/api/addFavorite.php
+++ b/api/addFavorite.php
@@ -1,9 +1,10 @@
 <?php
 
+header("X-Frame-Options: SAMEORIGIN");
 require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/session.php";
 global $songs; global $_PROFILE; global $favorites;
 
-if (!isset($_GET["i"])) return;
+if (!isset($_GET["i"]) || !isset($songs[$_GET["i"]])) return;
 
 if (!in_array($_GET["i"], $favorites)) {
     $favorites[] = $_GET["i"];
diff --git a/api/addHistory.php b/api/addHistory.php
index cc35409..117fc06 100644
--- a/api/addHistory.php
+++ b/api/addHistory.php
@@ -1,9 +1,10 @@
 <?php
 
+header("X-Frame-Options: SAMEORIGIN");
 require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/session.php";
 global $songs; global $_PROFILE; global $history;
 
-if (!isset($_GET["i"])) return;
+if (!isset($_GET["i"]) || !isset($songs[$_GET["i"]])) return;
 $history[] = $_GET["i"];
 
 file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/users/" . $_PROFILE["id"] . "-history.json", json_encode($history));
\ No newline at end of file
diff --git a/api/addLibrary.php b/api/addLibrary.php
index 6c0633c..b59e476 100644
--- a/api/addLibrary.php
+++ b/api/addLibrary.php
@@ -1,9 +1,10 @@
 <?php
 
+header("X-Frame-Options: SAMEORIGIN");
 require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/session.php";
-global $songs; global $_PROFILE; global $library;
+global $albums; global $_PROFILE; global $library;
 
-if (!isset($_GET["i"])) return;
+if (!isset($_GET["i"]) || !isset($albums[$_GET["i"]])) return;
 
 if (!in_array($_GET["i"], $library)) {
     $library[] = $_GET["i"];
diff --git a/api/getFavorites.php b/api/getFavorites.php
index 7e30763..a226d54 100644
--- a/api/getFavorites.php
+++ b/api/getFavorites.php
@@ -1,5 +1,6 @@
 <?php
 
+header("X-Frame-Options: SAMEORIGIN");
 require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/session.php";
 header("Content-Type: application/json");
 global $favorites;
diff --git a/api/getLibrary.php b/api/getLibrary.php
index fdfa695..1263f85 100644
--- a/api/getLibrary.php
+++ b/api/getLibrary.php
@@ -1,5 +1,6 @@
 <?php
 
+header("X-Frame-Options: SAMEORIGIN");
 require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/session.php";
 header("Content-Type: application/json");
 global $library;
diff --git a/api/lyrics.php b/api/lyrics.php
index a0126ee..89e7675 100644
--- a/api/lyrics.php
+++ b/api/lyrics.php
@@ -1,5 +1,6 @@
 <?php
 
+header("X-Frame-Options: SAMEORIGIN");
 header("Content-Type: application/json");
 require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/session.php"; global $songs;
 $token = json_decode(file_get_contents("/opt/spotify/token.json"), true);
diff --git a/api/removeFavorite.php b/api/removeFavorite.php
index 86f41c7..721f21d 100644
--- a/api/removeFavorite.php
+++ b/api/removeFavorite.php
@@ -1,9 +1,10 @@
 <?php
 
+header("X-Frame-Options: SAMEORIGIN");
 require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/session.php";
 global $songs; global $_PROFILE; global $favorites;
 
-if (!isset($_GET["i"])) return;
+if (!isset($_GET["i"]) || !isset($songs[$_GET["i"]])) return;
 
 if (in_array($_GET["i"], $favorites)) {
     $favorites = array_filter($favorites, function ($i) {
diff --git a/api/removeLibrary.php b/api/removeLibrary.php
index 50b283a..901c343 100644
--- a/api/removeLibrary.php
+++ b/api/removeLibrary.php
@@ -1,9 +1,10 @@
 <?php
 
+header("X-Frame-Options: SAMEORIGIN");
 require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/session.php";
-global $songs; global $_PROFILE; global $library;
+global $albums; global $_PROFILE; global $library;
 
-if (!isset($_GET["i"])) return;
+if (!isset($_GET["i"]) || !isset($albums[$_GET["i"]])) return;
 
 if (in_array($_GET["i"], $library)) {
     $library = array_filter($library, function ($i) {