2012-08-26 00:49:11 +02:00
|
|
|
<?php
|
2016-07-21 17:09:48 +02:00
|
|
|
|
2016-08-09 11:54:42 +02:00
|
|
|
use PrivateBin\Persistence\ServerSalt;
|
2016-07-21 17:09:48 +02:00
|
|
|
|
2016-07-26 08:19:35 +02:00
|
|
|
error_reporting(E_ALL | E_STRICT);
|
2012-08-26 00:49:11 +02:00
|
|
|
|
|
|
|
// change this, if your php files and data is outside of your webservers document root
|
2016-07-26 08:19:35 +02:00
|
|
|
if (!defined('PUBLIC_PATH')) {
|
|
|
|
define('PUBLIC_PATH', '..');
|
|
|
|
}
|
|
|
|
if (!defined('PATH')) {
|
|
|
|
define('PATH', '..' . DIRECTORY_SEPARATOR);
|
|
|
|
}
|
|
|
|
if (!defined('CONF')) {
|
2017-10-03 19:45:47 +02:00
|
|
|
define('CONF', PATH . 'cfg' . DIRECTORY_SEPARATOR . 'conf.php');
|
2016-07-26 08:19:35 +02:00
|
|
|
}
|
2017-10-08 11:03:17 +02:00
|
|
|
if (!defined('CONF_SAMPLE')) {
|
|
|
|
define('CONF_SAMPLE', PATH . 'cfg' . DIRECTORY_SEPARATOR . 'conf.sample.php');
|
2016-07-26 08:19:35 +02:00
|
|
|
}
|
2012-08-26 00:49:11 +02:00
|
|
|
|
2016-07-21 17:09:48 +02:00
|
|
|
require PATH . 'vendor/autoload.php';
|
2016-08-16 11:11:03 +02:00
|
|
|
Helper::updateSubresourceIntegrity();
|
2012-08-26 00:49:11 +02:00
|
|
|
|
2016-08-09 11:54:42 +02:00
|
|
|
class Helper
|
2012-08-26 00:49:11 +02:00
|
|
|
{
|
2015-09-21 22:32:52 +02:00
|
|
|
/**
|
|
|
|
* example ID of a paste
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
private static $pasteid = '5e9bc25c89fb3bf9';
|
|
|
|
|
|
|
|
/**
|
2019-04-16 07:45:04 +02:00
|
|
|
* example paste version 1
|
2015-09-21 22:32:52 +02:00
|
|
|
*
|
|
|
|
* @var array
|
|
|
|
*/
|
2019-04-16 07:45:04 +02:00
|
|
|
private static $pasteV1 = array(
|
2016-10-29 10:24:08 +02:00
|
|
|
'data' => '{"iv":"EN39/wd5Nk8HAiSG2K5AsQ","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"QKN1DBXe5PI","ct":"8hA83xDdXjD7K2qfmw5NdA"}',
|
|
|
|
'attachment' => '{"iv":"Pd4pOKWkmDTT9uPwVwd5Ag","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"6nOCU3peNDclDDpFtJEBKA"}',
|
2015-09-26 12:29:27 +02:00
|
|
|
'attachmentname' => '{"iv":"76MkAtOGC4oFogX/aSMxRA","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"b6Ae/U1xJdsX/+lATud4sQ"}',
|
2016-10-29 10:24:08 +02:00
|
|
|
'meta' => array(
|
|
|
|
'formatter' => 'plaintext',
|
|
|
|
'postdate' => 1344803344,
|
2015-09-21 22:32:52 +02:00
|
|
|
'opendiscussion' => true,
|
|
|
|
),
|
|
|
|
);
|
|
|
|
|
2019-04-16 07:45:04 +02:00
|
|
|
/**
|
|
|
|
* example paste version 2
|
|
|
|
*
|
|
|
|
* @var array
|
|
|
|
*/
|
|
|
|
private static $pasteV2 = array(
|
|
|
|
'adata' => array(
|
|
|
|
array(
|
|
|
|
'gMSNoLOk4z0RnmsYwXZ8mw==',
|
|
|
|
'TZO+JWuIuxs=',
|
|
|
|
100000,
|
|
|
|
256,
|
|
|
|
128,
|
|
|
|
'aes',
|
|
|
|
'gcm',
|
|
|
|
'zlib'
|
|
|
|
),
|
|
|
|
'plaintext',
|
|
|
|
0,
|
|
|
|
0
|
|
|
|
),
|
|
|
|
'meta' => array( 'expire' => '5min' ),
|
|
|
|
'v' => 2,
|
|
|
|
'ct' => 'ME5JF/YBEijp2uYMzLZozbKtWc5wfy6R59NBb7SmRig='
|
|
|
|
);
|
|
|
|
|
2015-09-21 22:32:52 +02:00
|
|
|
/**
|
|
|
|
* example ID of a comment
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
private static $commentid = '5a52eebf11c4c94b';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* example comment
|
|
|
|
*
|
|
|
|
* @var array
|
|
|
|
*/
|
|
|
|
private static $comment = array(
|
|
|
|
'data' => '{"iv":"Pd4pOKWkmDTT9uPwVwd5Ag","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"6nOCU3peNDclDDpFtJEBKA"}',
|
|
|
|
'meta' => array(
|
|
|
|
'nickname' => '{"iv":"76MkAtOGC4oFogX/aSMxRA","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"b6Ae/U1xJdsX/+lATud4sQ"}',
|
2016-10-29 10:24:08 +02:00
|
|
|
'vizhash' => 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAABGUlEQVQokWOsl5/94983CNKQMjnxaOePf98MeKwPfNjkLZ3AgARab6b9+PeNEVnDj3/ff/z7ZiHnzsDA8Pv7H2TVPJw8EAYLAwb48OaVgIgYKycLsrYv378wMDB8//qdCVMDRA9EKSsnCwRBxNsepaLboMFlyMDAICAi9uHNK24GITQ/MDAwoNhgIGMLtwGrzegaLjw5jMz9+vUdnN17uwDCQDhJgk0O07yvX9+teDX1x79v6DYIsIjgcgMaYGFgYOBg4kJx2JejkAiBxAw+PzAwMNz4dp6wDXDw4MdNNOl0rWYsNkD89OLXI/xmo9sgzatJjAYmBgYGDiauD3/ePP18nVgb4MF89+M5ZX6js293wUMpnr8KTQMAxsCJnJ30apMAAAAASUVORK5CYII=',
|
2015-09-21 22:32:52 +02:00
|
|
|
'postdate' => 1344803528,
|
|
|
|
),
|
|
|
|
);
|
|
|
|
|
2016-08-16 11:11:03 +02:00
|
|
|
/**
|
|
|
|
* JS files and their SRI hashes
|
|
|
|
*
|
|
|
|
* @var array
|
|
|
|
*/
|
|
|
|
private static $hashes = array();
|
|
|
|
|
2015-09-21 22:32:52 +02:00
|
|
|
/**
|
|
|
|
* get example paste ID
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public static function getPasteId()
|
|
|
|
{
|
|
|
|
return self::$pasteid;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* get example paste
|
|
|
|
*
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
public static function getPaste($meta = array())
|
2015-09-26 12:29:27 +02:00
|
|
|
{
|
|
|
|
$example = self::getPasteWithAttachment($meta);
|
|
|
|
unset($example['attachment'], $example['attachmentname']);
|
|
|
|
return $example;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* get example paste
|
|
|
|
*
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
public static function getPasteWithAttachment($meta = array())
|
2015-09-21 22:32:52 +02:00
|
|
|
{
|
2019-04-16 07:45:04 +02:00
|
|
|
$example = self::$pasteV1;
|
2016-08-22 16:20:14 +02:00
|
|
|
$example['meta']['salt'] = ServerSalt::generate();
|
2016-10-29 10:24:08 +02:00
|
|
|
$example['meta'] = array_merge($example['meta'], $meta);
|
2015-09-21 22:32:52 +02:00
|
|
|
return $example;
|
|
|
|
}
|
|
|
|
|
2015-10-18 11:08:28 +02:00
|
|
|
/**
|
|
|
|
* get example paste
|
|
|
|
*
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
public static function getPasteAsJson($meta = array())
|
|
|
|
{
|
|
|
|
$example = self::getPaste();
|
2016-07-06 11:37:13 +02:00
|
|
|
// the JSON shouldn't contain the salt
|
|
|
|
unset($example['meta']['salt']);
|
2016-07-26 08:19:35 +02:00
|
|
|
if (count($meta)) {
|
2015-10-18 11:08:28 +02:00
|
|
|
$example['meta'] = $meta;
|
2016-07-26 08:19:35 +02:00
|
|
|
}
|
2016-10-29 10:24:08 +02:00
|
|
|
$example['comments'] = array();
|
|
|
|
$example['comment_count'] = 0;
|
2015-10-18 11:08:28 +02:00
|
|
|
$example['comment_offset'] = 0;
|
2016-10-29 10:24:08 +02:00
|
|
|
$example['@context'] = 'js/paste.jsonld';
|
2015-10-18 11:08:28 +02:00
|
|
|
return json_encode($example);
|
|
|
|
}
|
|
|
|
|
2015-09-21 22:32:52 +02:00
|
|
|
/**
|
|
|
|
* get example paste ID
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public static function getCommentId()
|
|
|
|
{
|
|
|
|
return self::$commentid;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* get example comment
|
|
|
|
*
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
public static function getComment($meta = array())
|
|
|
|
{
|
2016-10-29 10:24:08 +02:00
|
|
|
$example = self::$comment;
|
2015-09-21 22:32:52 +02:00
|
|
|
$example['meta'] = array_merge($example['meta'], $meta);
|
|
|
|
return $example;
|
|
|
|
}
|
|
|
|
|
2015-10-03 15:52:37 +02:00
|
|
|
/**
|
|
|
|
* get example comment
|
|
|
|
*
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
public static function getCommentPost($meta = array())
|
|
|
|
{
|
2016-10-29 10:24:08 +02:00
|
|
|
$example = self::getComment($meta);
|
2015-10-03 15:52:37 +02:00
|
|
|
$example['nickname'] = $example['meta']['nickname'];
|
|
|
|
unset($example['meta']['nickname']);
|
|
|
|
return $example;
|
|
|
|
}
|
|
|
|
|
2015-08-29 10:41:10 +02:00
|
|
|
/**
|
|
|
|
* delete directory and all its contents recursively
|
|
|
|
*
|
|
|
|
* @param string $path
|
|
|
|
* @throws Exception
|
|
|
|
*/
|
2016-08-09 11:54:42 +02:00
|
|
|
public static function rmDir($path)
|
2015-08-27 21:41:21 +02:00
|
|
|
{
|
2017-03-24 23:42:11 +01:00
|
|
|
if (is_dir($path)) {
|
|
|
|
$path .= DIRECTORY_SEPARATOR;
|
|
|
|
$dir = dir($path);
|
|
|
|
while (false !== ($file = $dir->read())) {
|
|
|
|
if ($file != '.' && $file != '..') {
|
|
|
|
if (is_dir($path . $file)) {
|
|
|
|
self::rmDir($path . $file);
|
|
|
|
} elseif (is_file($path . $file)) {
|
|
|
|
if (!unlink($path . $file)) {
|
|
|
|
throw new Exception('Error deleting file "' . $path . $file . '".');
|
|
|
|
}
|
2015-08-27 21:41:21 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2017-03-24 23:42:11 +01:00
|
|
|
$dir->close();
|
|
|
|
if (!rmdir($path)) {
|
|
|
|
throw new Exception('Error deleting directory "' . $path . '".');
|
|
|
|
}
|
2015-08-27 21:41:21 +02:00
|
|
|
}
|
|
|
|
}
|
2015-08-29 10:41:10 +02:00
|
|
|
|
2015-09-22 23:21:31 +02:00
|
|
|
/**
|
|
|
|
* create a backup of the config file
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public static function confBackup()
|
|
|
|
{
|
2016-07-26 08:19:35 +02:00
|
|
|
if (!is_file(CONF . '.bak') && is_file(CONF)) {
|
2015-09-22 23:21:31 +02:00
|
|
|
rename(CONF, CONF . '.bak');
|
2016-07-26 08:19:35 +02:00
|
|
|
}
|
2017-10-08 11:03:17 +02:00
|
|
|
if (!is_file(CONF_SAMPLE . '.bak') && is_file(CONF_SAMPLE)) {
|
|
|
|
copy(CONF_SAMPLE, CONF_SAMPLE . '.bak');
|
|
|
|
}
|
2015-09-22 23:21:31 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* restor backup of the config file
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public static function confRestore()
|
|
|
|
{
|
2016-07-26 08:19:35 +02:00
|
|
|
if (is_file(CONF . '.bak')) {
|
2015-09-22 23:21:31 +02:00
|
|
|
rename(CONF . '.bak', CONF);
|
2016-07-26 08:19:35 +02:00
|
|
|
}
|
2017-10-08 11:03:17 +02:00
|
|
|
if (is_file(CONF_SAMPLE . '.bak')) {
|
|
|
|
rename(CONF_SAMPLE . '.bak', CONF_SAMPLE);
|
|
|
|
}
|
2015-09-22 23:21:31 +02:00
|
|
|
}
|
|
|
|
|
2015-08-29 10:41:10 +02:00
|
|
|
/**
|
|
|
|
* create ini file
|
|
|
|
*
|
|
|
|
* @param string $pathToFile
|
|
|
|
* @param array $values
|
|
|
|
*/
|
|
|
|
public static function createIniFile($pathToFile, $values)
|
|
|
|
{
|
|
|
|
if (count($values)) {
|
|
|
|
@unlink($pathToFile);
|
|
|
|
$ini = fopen($pathToFile, 'a');
|
|
|
|
foreach ($values as $section => $options) {
|
|
|
|
fwrite($ini, "[$section]" . PHP_EOL);
|
2016-07-26 08:19:35 +02:00
|
|
|
foreach ($options as $option => $setting) {
|
2015-08-29 10:41:10 +02:00
|
|
|
if (is_null($setting)) {
|
|
|
|
continue;
|
|
|
|
} elseif (is_string($setting)) {
|
|
|
|
$setting = '"' . $setting . '"';
|
2015-09-27 03:03:55 +02:00
|
|
|
} elseif (is_array($setting)) {
|
|
|
|
foreach ($setting as $key => $value) {
|
|
|
|
if (is_null($value)) {
|
|
|
|
$value = 'null';
|
|
|
|
} elseif (is_string($value)) {
|
|
|
|
$value = '"' . $value . '"';
|
|
|
|
} else {
|
|
|
|
$value = var_export($value, true);
|
|
|
|
}
|
|
|
|
fwrite($ini, $option . "[$key] = $value" . PHP_EOL);
|
|
|
|
}
|
|
|
|
continue;
|
2015-08-29 10:41:10 +02:00
|
|
|
} else {
|
|
|
|
$setting = var_export($setting, true);
|
|
|
|
}
|
|
|
|
fwrite($ini, "$option = $setting" . PHP_EOL);
|
|
|
|
}
|
|
|
|
fwrite($ini, PHP_EOL);
|
|
|
|
}
|
|
|
|
fclose($ini);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* a var_export that returns arrays without line breaks
|
|
|
|
* by linus@flowingcreativity.net via php.net
|
|
|
|
*
|
|
|
|
* @param mixed $var
|
|
|
|
* @param bool $return
|
|
|
|
* @return void|string
|
|
|
|
*/
|
2016-08-09 11:54:42 +02:00
|
|
|
public static function varExportMin($var, $return = false)
|
2015-08-29 10:41:10 +02:00
|
|
|
{
|
|
|
|
if (is_array($var)) {
|
|
|
|
$toImplode = array();
|
|
|
|
foreach ($var as $key => $value) {
|
2016-08-09 11:54:42 +02:00
|
|
|
$toImplode[] = var_export($key, true) . ' => ' . self::varExportMin($value, true);
|
2015-08-29 10:41:10 +02:00
|
|
|
}
|
|
|
|
$code = 'array(' . implode(', ', $toImplode) . ')';
|
|
|
|
if ($return) {
|
|
|
|
return $code;
|
|
|
|
} else {
|
|
|
|
echo $code;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
return var_export($var, $return);
|
|
|
|
}
|
|
|
|
}
|
2016-08-16 11:11:03 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* update all templates with the latest SRI hashes for all JS files
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public static function updateSubresourceIntegrity()
|
|
|
|
{
|
|
|
|
$dir = dir(PATH . 'js');
|
|
|
|
while (false !== ($file = $dir->read())) {
|
|
|
|
if (substr($file, -3) === '.js') {
|
|
|
|
self::$hashes[$file] = base64_encode(
|
|
|
|
hash('sha512', file_get_contents(
|
|
|
|
PATH . 'js' . DIRECTORY_SEPARATOR . $file
|
|
|
|
), true)
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$dir = dir(PATH . 'tpl');
|
|
|
|
while (false !== ($file = $dir->read())) {
|
|
|
|
if (substr($file, -4) === '.php') {
|
|
|
|
$content = file_get_contents(
|
|
|
|
PATH . 'tpl' . DIRECTORY_SEPARATOR . $file
|
|
|
|
);
|
|
|
|
$content = preg_replace_callback(
|
2018-07-01 07:51:05 +02:00
|
|
|
'#<script ([^>]+) src="js/([a-z0-9.-]+.js)([^"]*)"( integrity="[^"]+" crossorigin="[^"]+")?></script>#',
|
2016-08-16 11:11:03 +02:00
|
|
|
function ($matches) {
|
2018-07-01 07:51:05 +02:00
|
|
|
if (array_key_exists($matches[2], Helper::$hashes)) {
|
|
|
|
return '<script ' . $matches[1] . ' src="js/' .
|
|
|
|
$matches[2] . $matches[3] .
|
|
|
|
'" integrity="sha512-' . Helper::$hashes[$matches[2]] .
|
2016-08-16 11:11:03 +02:00
|
|
|
'" crossorigin="anonymous"></script>';
|
|
|
|
} else {
|
|
|
|
return $matches[0];
|
|
|
|
}
|
|
|
|
},
|
|
|
|
$content
|
|
|
|
);
|
|
|
|
file_put_contents(
|
|
|
|
PATH . 'tpl' . DIRECTORY_SEPARATOR . $file,
|
|
|
|
$content
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2016-07-06 09:01:10 +02:00
|
|
|
}
|