/**
* ZeroBin
*
* a zero-knowledge paste bin
*
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 0.19
*/
// Immediately start random number generator collector.
sjcl.random.startCollectors();
/**
* Converts a duration (in seconds) into human readable format.
*
* @param int seconds
* @return string
*/
function secondsToHuman(seconds)
{
if (seconds<60) { var v=Math.floor(seconds); return v+' second'+((v>1)?'s':''); }
if (seconds<60*60) { var v=Math.floor(seconds/60); return v+' minute'+((v>1)?'s':''); }
if (seconds<60*60*24) { var v=Math.floor(seconds/(60*60)); return v+' hour'+((v>1)?'s':''); }
// If less than 2 months, display in days:
if (seconds<60*60*24*60) { var v=Math.floor(seconds/(60*60*24)); return v+' day'+((v>1)?'s':''); }
var v=Math.floor(seconds/(60*60*24*30)); return v+' month'+((v>1)?'s':'');
}
/**
* Converts an associative array to an encoded string
* for appending to the anchor.
*
* @param object associative_array Object to be serialized
* @return string
*/
function hashToParameterString(associativeArray)
{
var parameterString = "";
for (key in associativeArray)
{
if( parameterString === "" )
{
parameterString = encodeURIComponent(key);
parameterString += "=" + encodeURIComponent(associativeArray[key]);
} else {
parameterString += "&" + encodeURIComponent(key);
parameterString += "=" + encodeURIComponent(associativeArray[key]);
}
}
//padding for URL shorteners
parameterString += "&p=p";
return parameterString;
}
/**
* Converts a string to an associative array.
*
* @param string parameter_string String containing parameters
* @return object
*/
function parameterStringToHash(parameterString)
{
var parameterHash = {};
var parameterArray = parameterString.split("&");
for (var i = 0; i < parameterArray.length; i++) {
//var currentParamterString = decodeURIComponent(parameterArray[i]);
var pair = parameterArray[i].split("=");
var key = decodeURIComponent(pair[0]);
var value = decodeURIComponent(pair[1]);
parameterHash[key] = value;
}
return parameterHash;
}
/**
* Get an associative array of the parameters found in the anchor
*
* @return object
*/
function getParameterHash()
{
var hashIndex = window.location.href.indexOf("#");
if (hashIndex >= 0) {
return parameterStringToHash(window.location.href.substring(hashIndex + 1));
} else {
return {};
}
}
/**
* Compress a message (deflate compression). Returns base64 encoded data.
*
* @param string message
* @return base64 string data
*/
function compress(message) {
return Base64.toBase64( RawDeflate.deflate( Base64.utob(message) ) );
}
/**
* Decompress a message compressed with compress().
*/
function decompress(data) {
return Base64.btou( RawDeflate.inflate( Base64.fromBase64(data) ) );
}
/**
* Compress, then encrypt message with key.
*
* @param string key
* @param string message
* @return encrypted string data
*/
function zeroCipher(key, message) {
if ($('#passwordinput').val().length == 0) {
return sjcl.encrypt(key, compress(message));
}
return sjcl.encrypt(key + sjcl.codec.hex.fromBits(sjcl.hash.sha256.hash($("#passwordinput").val())), compress(message));
}
/**
* Decrypt message with key, then decompress.
*
* @param string key
* @param encrypted string data
* @return string readable message
*/
function zeroDecipher(key, data) {
if (data != undefined) {
try {
return decompress(sjcl.decrypt(key, data));
} catch (err) {
try {
if ($('#passwordinput').val().length > 0) {
password = $('#passwordinput').val();
} else {
password = prompt("Please enter the password for this paste:", "");
if (password == null) return null;
}
data = decompress(sjcl.decrypt(key + sjcl.codec.hex.fromBits(sjcl.hash.sha256.hash(password)), data));
$('#passwordinput').val(password);
return data;
} catch (err) {
return zeroDecipher(key, data);
}
}
}
}
/**
* Get the current script location (without search or hash part of the URL).
* eg. http://server.com/zero/?aaaa#bbbb --> http://server.com/zero/
*
* @return string current script location
*/
function scriptLocation() {
var scriptLocation = window.location.href.substring(0,window.location.href.length
- window.location.search.length - window.location.hash.length);
var hashIndex = scriptLocation.indexOf("#");
if (hashIndex !== -1) {
scriptLocation = scriptLocation.substring(0, hashIndex);
}
return scriptLocation;
}
/**
* Get the pastes unique identifier from the URL
* eg. http://server.com/zero/?c05354954c49a487#xxx --> c05354954c49a487
*
* @return string unique identifier
*/
function pasteID() {
return window.location.search.substring(1);
}
/**
* Convert all applicable characters to HTML entities
*
* @param string str
* @returns string encoded string
*/
function htmlEntities(str) {
return String(str).replace(/&/g, '&').replace(//g, '>').replace(/"/g, '"');
}
/**
* Set text of a DOM element (required for IE)
* This is equivalent to element.text(text)
*
* @param object element : a DOM element.
* @param string text : the text to enter.
*/
function setElementText(element, text) {
// For IE<10.
if ($('#oldienotice').is(":visible")) {
// IE<10 does not support white-space:pre-wrap; so we have to do this BIG UGLY STINKING THING.
var html = htmlEntities(text).replace(/\n/ig,"\r\n
");
element.html('
'+html+''); } // for other (sane) browsers: else { element.text(text); } } /** * Show decrypted text in the display area, including discussion (if open) * * @param string key : decryption key * @param array comments : Array of messages to display (items = array with keys ('data','meta') */ function displayMessages(key, comments) { // restore password if set in previous visit, then clear the session if (window.sessionStorage && sessionStorage.getItem(pageKey())) { $('#passwordinput').val(sessionStorage.getItem(pageKey())); sessionStorage.clear(); } try { // Try to decrypt the paste. var cleartext = zeroDecipher(key, comments[0].data); if (cleartext == null) throw "password prompt canceled"; } catch(err) { $('#cleartext').addClass('hidden'); $('#prettymessage').addClass('hidden'); $('#clonebutton').addClass('hidden'); showError('Could not decrypt data (Wrong key ?)'); return; } setElementText($('#cleartext'), cleartext); setElementText($('#prettyprint'), cleartext); // Convert URLs to clickable links. urls2links($('#cleartext')); urls2links($('#prettyprint')); if (typeof prettyPrint == 'function') prettyPrint(); // Display paste expiration. if (comments[0].meta.expire_date) $('#remainingtime').removeClass('foryoureyesonly').text('This document will expire in '+secondsToHuman(comments[0].meta.remaining_time)+'.').removeClass('hidden'); if (comments[0].meta.burnafterreading) { $('#remainingtime').addClass('foryoureyesonly').text('FOR YOUR EYES ONLY. Don\'t close this window, this message can\'t be displayed again.').removeClass('hidden'); $('#clonebutton').addClass('hidden'); // Discourage cloning (as it can't really be prevented). } // If the discussion is opened on this paste, display it. if (comments[0].meta.opendiscussion) { $('#comments').html(''); // iterate over comments for (var i = 1; i < comments.length; i++) { var comment=comments[i]; var cleartext="[Could not decrypt comment ; Wrong key ?]"; try { cleartext = zeroDecipher(key, comment.data); } catch(err) { } var place = $('#comments'); // If parent comment exists, display below (CSS will automatically shift it right.) var cname = '#comment_'+comment.meta.parentid; // If the element exists in page if ($(cname).length) { place = $(cname); } var divComment = $('
'+paste+''); newDoc.close(); } /** * Clone the current paste. */ function clonePaste() { stateNewPaste(); //Erase the id and the key in url history.replaceState(document.title, document.title, scriptLocation()); showStatus(''); $('#message').text($('#cleartext').text()); } /** * Create a new paste. */ function newPaste() { stateNewPaste(); showStatus(''); $('#message').text(''); } /** * Display an error message * (We use the same function for paste and reply to comments) */ function showError(message) { if ($('#status').length) { $('#status').addClass('errorMessage').text(message); } else { $('#errormessage').removeClass('hidden').append(message); } $('#replystatus').addClass('errorMessage').text(message); } /** * Display status * (We use the same function for paste and reply to comments) * * @param string message : text to display * @param boolean spin (optional) : tell if the "spinning" animation should be displayed. */ function showStatus(message, spin) { $('#replystatus').removeClass('errorMessage'); $('#replystatus').text(message); if (!message) { $('#status').html(' '); return; } if (message == '') { $('#status').html(' '); return; } $('#status').removeClass('errorMessage'); $('#status').text(message); if (spin) { var img = ''; $('#status').prepend(img); $('#replystatus').prepend(img); } } /** * Convert URLs to clickable links. * URLs to handle: *
* magnet:?xt.1=urn:sha1:YNCKHTQCWBTRNJIV4WNAE52SJUQCZO5C&xt.2=urn:sha1:TXGCZQTH26NL6OUQAJJPFALHG2LTGBC7
* http://localhost:8800/zero/?6f09182b8ea51997#WtLEUO5Epj9UHAV9JFs+6pUQZp13TuspAUjnF+iM+dM=
* http://user:password@localhost:8800/zero/?6f09182b8ea51997#WtLEUO5Epj9UHAV9JFs+6pUQZp13TuspAUjnF+iM+dM=
*
*
* @param object element : a jQuery DOM element.
*/
function urls2links(element) {
var re = /((http|https|ftp):\/\/[\w?=&.\/-;#@~%+-]+(?![\w\s?&.\/;#~%"=-]*>))/ig;
element.html(element.html().replace(re,'$1'));
var re = /((magnet):[\w?=&.\/-;#@~%+-]+)/ig;
element.html(element.html().replace(re,'$1'));
}
/**
* Return the deciphering key stored in anchor part of the URL
*/
function pageKey() {
var key = window.location.hash.substring(1); // Get key
// Some stupid web 2.0 services and redirectors add data AFTER the anchor
// (such as &utm_source=...).
// We will strip any additional data.
// First, strip everything after the equal sign (=) which signals end of base64 string.
i = key.indexOf('='); if (i>-1) { key = key.substring(0,i+1); }
// If the equal sign was not present, some parameters may remain:
i = key.indexOf('&'); if (i>-1) { key = key.substring(0,i); }
// Then add trailing equal sign if it's missing
if (key.charAt(key.length-1)!=='=') key+='=';
return key;
}
/**
* main application start, called when DOM is fully loaded
*/
$(function() {
// hide "no javascript" message
$('#noscript').hide();
// If "burn after reading" is checked, disable discussion.
$('#burnafterreading').change(function() {
if ($(this).is(':checked') ) {
$('#opendisc').addClass('buttondisabled');
$('#opendiscussion').attr({checked: false});
$('#opendiscussion').attr('disabled',true);
}
else {
$('#opendisc').removeClass('buttondisabled');
$('#opendiscussion').removeAttr('disabled');
}
});
// Display status returned by php code if any (eg. Paste was properly deleted.)
if ($('#status').text().length > 0) {
showStatus($('#status').text(),false);
return;
}
$('#status').html(' '); // Keep line height even if content empty.
// Display an existing paste
if ($('#cipherdata').text().length > 1) {
// Missing decryption key in URL ?
if (window.location.hash.length == 0) {
showError('Cannot decrypt paste: Decryption key missing in URL (Did you use a redirector or an URL shortener which strips part of the URL ?)');
return;
}
// List of messages to display
var messages = jQuery.parseJSON($('#cipherdata').text());
// Show proper elements on screen.
stateExistingPaste();
displayMessages(pageKey(), messages);
}
// Display error message from php code.
else if ($('#errormessage').text().length>1) {
showError($('#errormessage').text());
}
// Create a new paste.
else {
newPaste();
}
});