T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/domains/soundstudiopro.com/public_html/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/domains/soundstudiopro.com/public_html/ADVANCED_MODE_PROMPT_AUDIT.md
# Advanced Mode Prompt Processing Audit

## Issue Reported
User reports that in Advanced Mode, "the prompt doesn't get sent but whatever you detect you rearrange"

## Current Flow Analysis

### Step 1: Prompt Initialization (Line 124, 223)
```php
$advancedPrompt = isset($_POST['advancedPrompt']) ? trim($_POST['advancedPrompt']) : '';
$finalPrompt = !empty($proPrompt) ? $proPrompt : (!empty($advancedPrompt) ? $advancedPrompt : $prompt);
```
✅ **Status**: `advancedPrompt` is correctly read and assigned to `$finalPrompt` if it exists.

### Step 2: Metadata Extraction (Lines 234-321)
The code extracts metadata from `$finalPrompt` using regex patterns:
- BPM (line 247)
- Key (line 253)
- Style (line 259)
- Vocal (line 265)
- Mood (line 271)
- Sound (line 277)
- Duration (lines 283-320)

⚠️ **Issue**: This extraction **does NOT modify** `$finalPrompt`, it only populates `$extractedMetadata` array. However, the extraction happens **before** we know if we're in custom mode or not.

### Step 3: Custom Mode Check (Lines 323-405)
```php
$isNonCustomMode = ($customMode === 'false' || $customMode === false);
if ($isNonCustomMode) {
    // Line 330: RESTORES original prompt
    $finalPrompt = !empty($proPrompt) ? $proPrompt : (!empty($advancedPrompt) ? $advancedPrompt : $prompt);
    // Only decode HTML entities, keep original format
    $finalPrompt = html_entity_decode($finalPrompt, ENT_QUOTES | ENT_HTML5, 'UTF-8');
    $finalPrompt = trim($finalPrompt);
}
```

✅ **Status**: In non-custom mode (Advanced Mode uses `customMode = 'false'`), the original `advancedPrompt` is restored.

### Step 4: Title Extraction (Lines 504-526)
```php
if (empty($finalTitle) && !empty($finalPrompt)) {
    if (preg_match('/^(\d+\.\s+)([^\n]+?)(?:\n|$)/', $finalPrompt, $matches)) {
        // Extract title
        $finalTitle = trim($matches[2]);
        // ⚠️ REMOVE title line from prompt
        $finalPrompt = preg_replace('/^' . preg_quote($matches[0], '/') . '\s*/m', '', $finalPrompt);
        $finalPrompt = trim($finalPrompt);
    }
}
```

⚠️ **Issue**: If the prompt starts with a pattern like "2. TITLE", the title is extracted AND **removed from the prompt**. This modifies the original prompt content.

### Step 5: Advanced Settings Addition (Lines 530-640)
```php
if (!empty($advancedPrompt) && $hasAdvancedSettings) {
    // Build settings from form fields (tempo, key, scale, etc.)
    $advancedSettingsParts = [];
    // ... collect settings ...
    
    if (!empty($advancedSettingsParts)) {
        // ⚠️ APPEND settings to prompt
        $settingsText = "Musical specifications: " . implode(": ", $advancedSettingsParts) . ".";
        $finalPrompt = rtrim($finalPrompt, '.') . '. ' . $settingsText;
    }
}
```

⚠️ **Issue**: The "Musical specifications" string is **appended** to the prompt, but it's built from **form field values**, not from what was detected in the original prompt.

## Problems Identified

### Problem 1: Title Extraction Removes Content
**Location**: Lines 504-526
- If user writes: `"2. My Song Title\nA beautiful song about love"`
- After extraction: `"A beautiful song about love"` (title line removed)
- **Impact**: User's prompt content is modified

### Problem 2: Settings Are Built from Form Fields, Not Prompt
**Location**: Lines 530-640
- The "Musical specifications" are built from form dropdowns/sliders (tempo, key, scale, etc.)
- These values may **differ** from what was detected in the original prompt
- **Example**: 
  - User writes in prompt: "120 BPM, key of C"
  - User selects in form: tempo=140, key=Gm
  - Result: Prompt says "120 BPM, key of C" but specifications say "140 BPM, key of Gm"
- **Impact**: Conflicting information sent to API

### Problem 3: Extracted Metadata Is Not Used
**Location**: Lines 234-321 extract metadata, but it's only used in custom mode (lines 363-390)
- In Advanced Mode (non-custom mode), the extracted metadata is **ignored**
- The form field values are used instead
- **Impact**: If user writes structured metadata in prompt (e.g., "BPM: 120"), it's extracted but then ignored, and form defaults are used instead

### Problem 4: No Validation That Prompt Content Is Preserved
- There's no check to ensure the original prompt content is still present in `$finalPrompt` before sending to API
- Title extraction could remove important content
- Settings addition could conflict with prompt content

## Expected vs Actual Behavior

### Expected Behavior:
1. User enters prompt in Advanced Mode: `"A beautiful song about love"`
2. User selects form fields: tempo=120, key=Gm
3. **Expected**: Prompt sent to API should be: `"A beautiful song about love. Musical specifications: 120 BPM: key of Gm: ..."`

### Actual Behavior (Based on Code):
1. User enters prompt: `"A beautiful song about love"`
2. User selects form fields: tempo=120, key=Gm
3. **Actual**: 
   - If prompt starts with "2. Title", title is extracted and removed
   - Settings are appended: `"A beautiful song about love. Musical specifications: 120 BPM: key of Gm: ..."`
   - ✅ This seems correct, BUT...

### The Real Issue:
If user writes structured content in prompt like:
```
"BPM: 120
Key: C Minor
A beautiful song about love"
```

**What happens:**
1. Metadata is extracted (BPM=120, Key=C Minor) ✅
2. In non-custom mode, original prompt is restored ✅
3. Settings are built from **form fields** (not extracted metadata) ⚠️
4. If form has tempo=140, key=Gm, the specifications will say "140 BPM, key of Gm" even though prompt says "BPM: 120, Key: C Minor"
5. **Result**: Conflicting information in the final prompt

## Recommendations

1. **Use Extracted Metadata When Available**: If metadata is extracted from prompt, use it instead of form fields (or merge intelligently)
2. **Preserve Original Prompt Content**: Don't remove title lines if they contain important context
3. **Validate Consistency**: Check if form fields match extracted metadata and warn/merge appropriately
4. **Add Logging**: Log what the original prompt was vs what's being sent to API

## Code Locations to Review

- **Line 330**: Prompt restoration (good, but happens after extraction)
- **Line 521**: Title removal (modifies prompt)
- **Line 637**: Settings appending (uses form fields, not extracted metadata)
- **Line 1456**: Final prompt sent to API

CasperSecurity Mini