From 79a858f176947db963a202fecdabb62a89979d82 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sun, 20 Jan 2019 12:20:37 +0100 Subject: [PATCH] extracting only the 16 hex characters of the query string as paste ID, addressing #396 --- js/privatebin.js | 2 +- js/test/Prompt.js | 2 +- lib/Request.php | 4 +++- tpl/bootstrap.php | 2 +- tpl/page.php | 2 +- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/js/privatebin.js b/js/privatebin.js index 57eb273..08aea83 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -745,7 +745,7 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) { { if (id === null) { // Attention: This also returns the delete token inside of the ID, if it is specified - id = window.location.search.substring(1); + id = (window.location.search.match(/[a-z0-9]{16}/) || [''])[0]; if (id === '') { throw 'no paste id given'; diff --git a/js/test/Prompt.js b/js/test/Prompt.js index 0e65b25..038f7a0 100644 --- a/js/test/Prompt.js +++ b/js/test/Prompt.js @@ -16,7 +16,7 @@ describe('Prompt', function () { 'string', function (password) { password = password.replace(/\r+/g, ''); - var clean = jsdom('', {url: 'ftp://example.com/?0'}); + var clean = jsdom('', {url: 'ftp://example.com/?0000000000000000'}); $('body').html( '