From 49c6e3c1b662bb31cb37aa5b454ec8f09e1cb4d0 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sun, 16 Aug 2015 12:27:06 +0200 Subject: [PATCH] updated base64.js to version 2.1.9, using minified version found at https://github.com/dankogai/js-base64/blob/9192c510f5ed604d9e9dcdbb6760eba5a9eb2851/base64.min.js kudos Dan Kogai small improvements to input checking implementing default values for most configuration options switching to versioned JS files to avoid version hack used in template --- cfg/conf.ini | 12 ++++--- js/{base64.js => base64-1.7.js} | 0 js/base64-2.1.9.js | 1 + js/{jquery.js => jquery-1.11.3.js} | 0 js/{sjcl.js => sjcl-1.0.2.js} | 0 lib/persistence.php | 3 +- lib/zerobin.php | 58 ++++++++++++++++++++---------- tpl/page.html | 18 +++++----- tst/RainTPL.php | 3 +- 9 files changed, 62 insertions(+), 33 deletions(-) rename js/{base64.js => base64-1.7.js} (100%) create mode 100644 js/base64-2.1.9.js rename js/{jquery.js => jquery-1.11.3.js} (100%) rename js/{sjcl.js => sjcl-1.0.2.js} (100%) diff --git a/cfg/conf.ini b/cfg/conf.ini index 4169c1e..bd58b6c 100644 --- a/cfg/conf.ini +++ b/cfg/conf.ini @@ -8,21 +8,25 @@ ; @version 0.18 [main] -; enable or disable discussions +; enable or disable discussions, defaults to true opendiscussion = true -; enable or disable syntax highlighting +; enable or disable syntax highlighting, defaults to true syntaxhighlighting = true -; preselect the burn-after-reading feature by default +; preselect the burn-after-reading feature by default, defaults to false burnafterreadingselected = false -; size limit per paste or comment in bytes, default is 2 Mibibytes +; size limit per paste or comment in bytes, defaults to 2 Mibibytes sizelimit = 2097152 ; template to include, default is "page" (tpl/page.html) template = "page" +; base64.js library version, defaults to 2.1.9 +; use "1.7" if you are upgrading from a ZeroBin Alpha 0.19 installation +base64version = "2.1.9" + [expire] ; expire value that is selected per default ; make sure the value exists in [expire_options] diff --git a/js/base64.js b/js/base64-1.7.js similarity index 100% rename from js/base64.js rename to js/base64-1.7.js diff --git a/js/base64-2.1.9.js b/js/base64-2.1.9.js new file mode 100644 index 0000000..2ec7266 --- /dev/null +++ b/js/base64-2.1.9.js @@ -0,0 +1 @@ +(function(global){"use strict";var _Base64=global.Base64;var version="2.1.9";var buffer;if(typeof module!=="undefined"&&module.exports){try{buffer=require("buffer").Buffer}catch(err){}}var b64chars="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";var b64tab=function(bin){var t={};for(var i=0,l=bin.length;i>>6)+fromCharCode(128|cc&63):fromCharCode(224|cc>>>12&15)+fromCharCode(128|cc>>>6&63)+fromCharCode(128|cc&63)}else{var cc=65536+(c.charCodeAt(0)-55296)*1024+(c.charCodeAt(1)-56320);return fromCharCode(240|cc>>>18&7)+fromCharCode(128|cc>>>12&63)+fromCharCode(128|cc>>>6&63)+fromCharCode(128|cc&63)}};var re_utob=/[\uD800-\uDBFF][\uDC00-\uDFFFF]|[^\x00-\x7F]/g;var utob=function(u){return u.replace(re_utob,cb_utob)};var cb_encode=function(ccc){var padlen=[0,2,1][ccc.length%3],ord=ccc.charCodeAt(0)<<16|(ccc.length>1?ccc.charCodeAt(1):0)<<8|(ccc.length>2?ccc.charCodeAt(2):0),chars=[b64chars.charAt(ord>>>18),b64chars.charAt(ord>>>12&63),padlen>=2?"=":b64chars.charAt(ord>>>6&63),padlen>=1?"=":b64chars.charAt(ord&63)];return chars.join("")};var btoa=global.btoa?function(b){return global.btoa(b)}:function(b){return b.replace(/[\s\S]{1,3}/g,cb_encode)};var _encode=buffer?function(u){return(u.constructor===buffer.constructor?u:new buffer(u)).toString("base64")}:function(u){return btoa(utob(u))};var encode=function(u,urisafe){return!urisafe?_encode(String(u)):_encode(String(u)).replace(/[+\/]/g,function(m0){return m0=="+"?"-":"_"}).replace(/=/g,"")};var encodeURI=function(u){return encode(u,true)};var re_btou=new RegExp(["[À-ß][€-¿]","[à-ï][€-¿]{2}","[ð-÷][€-¿]{3}"].join("|"),"g");var cb_btou=function(cccc){switch(cccc.length){case 4:var cp=(7&cccc.charCodeAt(0))<<18|(63&cccc.charCodeAt(1))<<12|(63&cccc.charCodeAt(2))<<6|63&cccc.charCodeAt(3),offset=cp-65536;return fromCharCode((offset>>>10)+55296)+fromCharCode((offset&1023)+56320);case 3:return fromCharCode((15&cccc.charCodeAt(0))<<12|(63&cccc.charCodeAt(1))<<6|63&cccc.charCodeAt(2));default:return fromCharCode((31&cccc.charCodeAt(0))<<6|63&cccc.charCodeAt(1))}};var btou=function(b){return b.replace(re_btou,cb_btou)};var cb_decode=function(cccc){var len=cccc.length,padlen=len%4,n=(len>0?b64tab[cccc.charAt(0)]<<18:0)|(len>1?b64tab[cccc.charAt(1)]<<12:0)|(len>2?b64tab[cccc.charAt(2)]<<6:0)|(len>3?b64tab[cccc.charAt(3)]:0),chars=[fromCharCode(n>>>16),fromCharCode(n>>>8&255),fromCharCode(n&255)];chars.length-=[0,0,2,1][padlen];return chars.join("")};var atob=global.atob?function(a){return global.atob(a)}:function(a){return a.replace(/[\s\S]{1,4}/g,cb_decode)};var _decode=buffer?function(a){return(a.constructor===buffer.constructor?a:new buffer(a,"base64")).toString()}:function(a){return btou(atob(a))};var decode=function(a){return _decode(String(a).replace(/[-_]/g,function(m0){return m0=="-"?"+":"/"}).replace(/[^A-Za-z0-9\+\/]/g,""))};var noConflict=function(){var Base64=global.Base64;global.Base64=_Base64;return Base64};global.Base64={VERSION:version,atob:atob,btoa:btoa,fromBase64:decode,toBase64:encode,utob:utob,encode:encode,encodeURI:encodeURI,btou:btou,decode:decode,noConflict:noConflict};if(typeof Object.defineProperty==="function"){var noEnum=function(v){return{value:v,enumerable:false,writable:true,configurable:true}};global.Base64.extendString=function(){Object.defineProperty(String.prototype,"fromBase64",noEnum(function(){return decode(this)}));Object.defineProperty(String.prototype,"toBase64",noEnum(function(urisafe){return encode(this,urisafe)}));Object.defineProperty(String.prototype,"toBase64URI",noEnum(function(){return encode(this,true)}))}}if(global["Meteor"]){Base64=global.Base64}})(this); \ No newline at end of file diff --git a/js/jquery.js b/js/jquery-1.11.3.js similarity index 100% rename from js/jquery.js rename to js/jquery-1.11.3.js diff --git a/js/sjcl.js b/js/sjcl-1.0.2.js similarity index 100% rename from js/sjcl.js rename to js/sjcl-1.0.2.js diff --git a/lib/persistence.php b/lib/persistence.php index 281d3ad..3cf90d6 100644 --- a/lib/persistence.php +++ b/lib/persistence.php @@ -87,7 +87,8 @@ abstract class persistence file_put_contents( $file, 'Allow from none' . PHP_EOL . - 'Deny from all'. PHP_EOL + 'Deny from all'. PHP_EOL, + LOCK_EX ); } } diff --git a/lib/zerobin.php b/lib/zerobin.php index bc6ec69..41a2553 100644 --- a/lib/zerobin.php +++ b/lib/zerobin.php @@ -110,11 +110,17 @@ class zerobin if (!is_file(PATH . $dir . '/.htaccess')) file_put_contents( PATH . $dir . '/.htaccess', 'Allow from none' . PHP_EOL . - 'Deny from all'. PHP_EOL + 'Deny from all'. PHP_EOL, + LOCK_EX ); } $this->_conf = parse_ini_file(PATH . 'cfg/conf.ini', true); + foreach (array('main', 'model') as $section) { + if (!array_key_exists($section, $this->_conf)) die( + "ZeroBin requires configuration section [$section] to be present in configuration file." + ); + } $this->_model = $this->_conf['model']['class']; } @@ -171,14 +177,13 @@ class zerobin ); // Make sure content is not too big. + $sizelimit = (int) $this->_getMainConfig('sizelimit', 2097152); if ( - strlen($data) > $this->_conf['main']['sizelimit'] + strlen($data) > $sizelimit ) $this->_return_message( 1, 'Paste is limited to ' . - $this->_conf['main']['sizelimit'] . - ' ' . - filter::size_humanreadable($this->_conf['main']['sizelimit']) . + filter::size_humanreadable($sizelimit) . ' of encrypted data.' ); @@ -191,8 +196,9 @@ class zerobin // Read expiration date if (!empty($_POST['expire'])) { - if (array_key_exists($_POST['expire'], $this->_conf['expire_options'])) { - $expire = $this->_conf['expire_options'][$_POST['expire']]; + $selected_expire = (string) $_POST['expire']; + if (array_key_exists($selected_expire, $this->_conf['expire_options'])) { + $expire = $this->_conf['expire_options'][$selected_expire]; } else { $expire = $this->_conf['expire_options'][$this->_conf['expire']['default']]; } @@ -203,9 +209,9 @@ class zerobin if (!empty($_POST['burnafterreading'])) { $burnafterreading = $_POST['burnafterreading']; - if ($burnafterreading != '0') + if ($burnafterreading !== '0') { - if ($burnafterreading != '1') $error = true; + if ($burnafterreading !== '1') $error = true; $meta['burnafterreading'] = true; } } @@ -214,9 +220,9 @@ class zerobin if ($this->_conf['main']['opendiscussion'] && !empty($_POST['opendiscussion'])) { $opendiscussion = $_POST['opendiscussion']; - if ($opendiscussion != 0) + if ($opendiscussion !== '0') { - if ($opendiscussion != 1) $error = true; + if ($opendiscussion !== '1') $error = true; $meta['opendiscussion'] = true; } } @@ -269,8 +275,8 @@ class zerobin !empty($_POST['pasteid']) ) { - $pasteid = $_POST['pasteid']; - $parentid = $_POST['parentid']; + $pasteid = (string) $_POST['pasteid']; + $parentid = (string) $_POST['parentid']; if ( !filter::is_valid_paste_id($pasteid) || !filter::is_valid_paste_id($parentid) @@ -458,19 +464,35 @@ class zerobin $key; } - RainTPL::$path_replace = false; $page = new RainTPL; + $page::$path_replace = false; // we escape it here because ENT_NOQUOTES can't be used in RainTPL templates $page->assign('CIPHERDATA', htmlspecialchars($this->_data, ENT_NOQUOTES)); $page->assign('ERROR', $this->_error); $page->assign('STATUS', $this->_status); $page->assign('VERSION', self::VERSION); - $page->assign('BURNAFTERREADINGSELECTED', $this->_conf['main']['burnafterreadingselected']); - $page->assign('OPENDISCUSSION', $this->_conf['main']['opendiscussion']); - $page->assign('SYNTAXHIGHLIGHTING', $this->_conf['main']['syntaxhighlighting']); + $page->assign('OPENDISCUSSION', $this->_getMainConfig('opendiscussion', true)); + $page->assign('SYNTAXHIGHLIGHTING', $this->_getMainConfig('syntaxhighlighting', true)); + $page->assign('BURNAFTERREADINGSELECTED', $this->_getMainConfig('burnafterreadingselected', false)); + $page->assign('BASE64JSVERSION', $this->_getMainConfig('base64version', '2.1.9')); $page->assign('EXPIRE', $expire); $page->assign('EXPIREDEFAULT', $this->_conf['expire']['default']); - $page->draw($this->_conf['main']['template']); + $page->draw($this->_getMainConfig('template', 'page')); + } + + /** + * get configuration option from [main] section, optionally set a default + * + * @access private + * @param string $option + * @param mixed $default (optional) + * @return mixed + */ + private function _getMainConfig($option, $default = false) + { + return array_key_exists($option, $this->_conf['main']) ? + $this->_conf['main'][$option] : + $default; } /** diff --git a/tpl/page.html b/tpl/page.html index ecddbb4..da81250 100644 --- a/tpl/page.html +++ b/tpl/page.html @@ -4,15 +4,15 @@ ZeroBin - - - - - - - {if="$SYNTAXHIGHLIGHTING"} - {/if} - + {if="$SYNTAXHIGHLIGHTING"} + {/if} + + + + + {if="$SYNTAXHIGHLIGHTING"} + {/if} + diff --git a/tst/RainTPL.php b/tst/RainTPL.php index 8892a68..f6409c9 100644 --- a/tst/RainTPL.php +++ b/tst/RainTPL.php @@ -24,8 +24,8 @@ class RainTPLTest extends PHPUnit_Framework_TestCase /* Setup Routine */ $page = new RainTPL; $page::configure(array('cache_dir' => 'tmp/')); + $page::$path_replace = false; - $page = new RainTPL; // We escape it here because ENT_NOQUOTES can't be used in RainTPL templates. $page->assign('CIPHERDATA', htmlspecialchars(self::$data, ENT_NOQUOTES)); $page->assign('ERROR', self::$error); @@ -34,6 +34,7 @@ class RainTPLTest extends PHPUnit_Framework_TestCase $page->assign('BURNAFTERREADINGSELECTED', false); $page->assign('OPENDISCUSSION', false); $page->assign('SYNTAXHIGHLIGHTING', true); + $page->assign('BASE64JSVERSION', '2.1.9'); $page->assign('EXPIRE', self::$expire); $page->assign('EXPIREDEFAULT', self::$expire_default); ob_start();