From e08e25a3b800c157e7d44564efbd107e3a4d2dce Mon Sep 17 00:00:00 2001
From: codey <codey@code.ee>
Date: Fri, 26 Sep 2025 12:30:23 -0400
Subject: [PATCH] Remove file path information from track data in WebSocket
 responses (low/no-risk)

---
 endpoints/radio.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/endpoints/radio.py b/endpoints/radio.py
index adf88e5..8dd5894 100644
--- a/endpoints/radio.py
+++ b/endpoints/radio.py
@@ -538,6 +538,7 @@ class Radio(FastAPI):
         try:
             # Send current track info immediately on connect
             current_track = await self._get_now_playing_data(station)
+            current_track.pop("file_path", None)  # Ensure file_path is stripped
             await websocket.send_text(json.dumps(current_track))
             
             # Send LRC asynchronously
@@ -598,6 +599,9 @@ class Radio(FastAPI):
         if station not in self.active_connections:
             return
             
+        # Remove sensitive file path info
+        track_data.pop("file_path", None)
+        
         # Create broadcast message
         broadcast_data = {
             "type": "track_change",