Fixed
- DownloadsView: Fixed invalid Svelte 5 prop syntax
{history=downloadItems}→history={downloadItems}and replaced Svelte 4on:closeevent directive with Svelte 5onClosecallback prop forExportHistoryModal, which previously caused the modal close callback to never fire - SettingsView: Fixed double-toggle bug on all three toggle switches (Notifications, Search History, System Tray) —
bind:checkedand the wrapperonclickwere both mutating state on a single user click, causing the value to flip twice (no visible change); save functions no longer re-toggle state, label clicks stop propagation, and store subscriptions created inonMountare now properly unsubscribed on unmount - Sidebar: Fixed user avatar fallback icon never being visible when
user.imageis falsy —.avatar-fallbackCSS setsdisplay: noneby default (correct for image-error fallback) but the{:else}branch fallback was never overridden todisplay: flex - LyricsModal: Fixed
onClosebeing called twice when pressing Escape — bothwindow.addEventListener('keydown', …)andonkeydownon the backdrop handled the same key; removed the redundant global listener; also addedtarget === currentTargetguard tohandleBackdropKeydownso pressing Enter on the Synced/Plain toggle buttons no longer bubbles up and closes the modal - QueueView: Fixed
dragDisablednever being reset totrueafter a completed drag-and-drop reorder, leaving the entire queue draggable from any point rather than only from the drag handle - SearchView: Fixed missing
clearTimeout(searchTimeout)inonMountcleanup, which could triggerdoSearch()after the component was unmounted - ExportHistoryModal: Fixed
handleOverlayKeydownclosing the modal when Enter is pressed inside the date inputs — addedevent.target !== event.currentTargetguard so only keypresses directly on the overlay backdrop are handled - Rate limiter timing: Fixed timing drift in rate limiter where
lastCallTimewas updated after the wait period, causing slight cumulative delays over many calls; now updates timestamp correctly based on whether throttling occurred - Keyboard shortcuts: Simplified and fixed modifier key matching logic to require exact matches — shortcuts now properly distinguish between plain keys and modified keys (e.g., 'K' vs 'Ctrl+K')
- Tray pause/resume: Fixed tray pause/resume toggle only pausing queued downloads but not actively downloading tracks; added tracking of active download IDs so all downloads (active and queued) can be paused from the system tray
Security
- Settings hint XSS hardening – Removed raw HTML rendering from the ARL hint in Settings (
{@html}replaced with text interpolation) and updated locale strings to plain text - Null-byte filename sanitization – Strips `` from generated filename/path components to prevent OS-level truncation issues
- Cover-art memory guardrail – Enforces a 10 MiB size cap for album-cover downloads to reduce memory-exhaustion risk from abnormal responses
- Search history input cap – Rejects oversized search-history entries (>500 bytes) to prevent unbounded settings-file growth