2012-04-29 13:15:06 -04:00
|
|
|
<?php
|
|
|
|
/**
|
|
|
|
* ZeroBin
|
|
|
|
*
|
|
|
|
* a zero-knowledge paste bin
|
|
|
|
*
|
|
|
|
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
|
|
|
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
|
|
|
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
2015-09-03 16:22:59 -04:00
|
|
|
* @version 0.20
|
2012-04-29 13:15:06 -04:00
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* zerobin
|
|
|
|
*
|
|
|
|
* Controller, puts it all together.
|
|
|
|
*/
|
|
|
|
class zerobin
|
|
|
|
{
|
2015-08-16 09:55:31 -04:00
|
|
|
/**
|
|
|
|
* version
|
|
|
|
*
|
|
|
|
* @const string
|
2012-04-29 13:15:06 -04:00
|
|
|
*/
|
2015-09-03 16:22:59 -04:00
|
|
|
const VERSION = '0.20';
|
2012-04-29 13:15:06 -04:00
|
|
|
|
2015-08-31 16:10:41 -04:00
|
|
|
/**
|
|
|
|
* show the same error message if the paste expired or does not exist
|
|
|
|
*
|
|
|
|
* @const string
|
|
|
|
*/
|
|
|
|
const GENERIC_ERROR = 'Paste does not exist, has expired or has been deleted.';
|
|
|
|
|
2012-04-29 13:15:06 -04:00
|
|
|
/**
|
2015-08-16 09:55:31 -04:00
|
|
|
* configuration array
|
|
|
|
*
|
2012-04-29 13:15:06 -04:00
|
|
|
* @access private
|
|
|
|
* @var array
|
|
|
|
*/
|
|
|
|
private $_conf = array(
|
|
|
|
'model' => 'zerobin_data',
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
2015-08-16 09:55:31 -04:00
|
|
|
* data
|
|
|
|
*
|
2012-04-29 13:15:06 -04:00
|
|
|
* @access private
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
private $_data = '';
|
|
|
|
|
2015-09-12 11:33:16 -04:00
|
|
|
/**
|
|
|
|
* formatter
|
|
|
|
*
|
|
|
|
* @access private
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
private $_formatter = 'plaintext';
|
|
|
|
|
2012-04-29 13:15:06 -04:00
|
|
|
/**
|
2015-08-16 09:55:31 -04:00
|
|
|
* error message
|
|
|
|
*
|
2012-04-29 13:15:06 -04:00
|
|
|
* @access private
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
private $_error = '';
|
|
|
|
|
2013-10-31 20:15:14 -04:00
|
|
|
/**
|
2015-08-16 09:55:31 -04:00
|
|
|
* status message
|
|
|
|
*
|
2013-10-31 20:15:14 -04:00
|
|
|
* @access private
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
private $_status = '';
|
|
|
|
|
2015-09-01 16:33:07 -04:00
|
|
|
/**
|
|
|
|
* JSON message
|
|
|
|
*
|
|
|
|
* @access private
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
private $_json = '';
|
|
|
|
|
2012-04-29 13:15:06 -04:00
|
|
|
/**
|
2015-08-16 09:55:31 -04:00
|
|
|
* data storage model
|
|
|
|
*
|
2012-04-29 13:15:06 -04:00
|
|
|
* @access private
|
2015-08-16 09:55:31 -04:00
|
|
|
* @var zerobin_abstract
|
2012-04-29 13:15:06 -04:00
|
|
|
*/
|
|
|
|
private $_model;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* constructor
|
|
|
|
*
|
|
|
|
* initializes and runs ZeroBin
|
|
|
|
*
|
|
|
|
* @access public
|
2015-08-16 09:55:31 -04:00
|
|
|
* @return void
|
2012-04-29 13:15:06 -04:00
|
|
|
*/
|
|
|
|
public function __construct()
|
|
|
|
{
|
|
|
|
if (version_compare(PHP_VERSION, '5.2.6') < 0)
|
2015-09-01 16:33:07 -04:00
|
|
|
{
|
2015-09-04 20:24:56 -04:00
|
|
|
throw new Exception(i18n::_('ZeroBin requires php 5.2.6 or above to work. Sorry.'), 1);
|
2015-09-01 16:33:07 -04:00
|
|
|
}
|
2012-04-29 13:15:06 -04:00
|
|
|
|
2013-10-31 20:15:14 -04:00
|
|
|
// in case stupid admin has left magic_quotes enabled in php.ini
|
2012-04-29 13:15:06 -04:00
|
|
|
if (get_magic_quotes_gpc())
|
|
|
|
{
|
|
|
|
$_POST = array_map('filter::stripslashes_deep', $_POST);
|
|
|
|
$_GET = array_map('filter::stripslashes_deep', $_GET);
|
|
|
|
$_COOKIE = array_map('filter::stripslashes_deep', $_COOKIE);
|
|
|
|
}
|
|
|
|
|
2013-10-31 20:15:14 -04:00
|
|
|
// load config from ini file
|
2012-04-29 13:15:06 -04:00
|
|
|
$this->_init();
|
|
|
|
|
2013-10-31 20:15:14 -04:00
|
|
|
// create new paste or comment
|
2015-09-16 16:51:48 -04:00
|
|
|
if (
|
|
|
|
(array_key_exists('data', $_POST) && !empty($_POST['data'])) ||
|
|
|
|
(array_key_exists('attachment', $_POST) && !empty($_POST['attachment']))
|
|
|
|
)
|
2012-04-29 13:15:06 -04:00
|
|
|
{
|
2015-09-16 16:51:48 -04:00
|
|
|
$this->_create();
|
2013-10-31 20:15:14 -04:00
|
|
|
}
|
|
|
|
// delete an existing paste
|
|
|
|
elseif (!empty($_GET['deletetoken']) && !empty($_GET['pasteid']))
|
|
|
|
{
|
2015-09-01 16:33:07 -04:00
|
|
|
$this->_delete($_GET['pasteid'], $_GET['deletetoken']);
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
2013-10-31 20:15:14 -04:00
|
|
|
// display an existing paste
|
2012-04-29 13:15:06 -04:00
|
|
|
elseif (!empty($_SERVER['QUERY_STRING']))
|
|
|
|
{
|
2013-10-31 20:15:14 -04:00
|
|
|
$this->_read($_SERVER['QUERY_STRING']);
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
|
|
|
|
2015-09-01 16:33:07 -04:00
|
|
|
// output JSON or HTML
|
|
|
|
if (strlen($this->_json))
|
|
|
|
{
|
|
|
|
header('Content-type: application/json');
|
|
|
|
echo $this->_json;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
$this->_view();
|
|
|
|
}
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* initialize zerobin
|
|
|
|
*
|
|
|
|
* @access private
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
private function _init()
|
|
|
|
{
|
2012-04-30 07:58:29 -04:00
|
|
|
foreach (array('cfg', 'lib') as $dir)
|
|
|
|
{
|
2015-08-28 19:26:48 -04:00
|
|
|
if (!is_file(PATH . $dir . DIRECTORY_SEPARATOR . '.htaccess')) file_put_contents(
|
|
|
|
PATH . $dir . DIRECTORY_SEPARATOR . '.htaccess',
|
2012-04-30 07:58:29 -04:00
|
|
|
'Allow from none' . PHP_EOL .
|
2015-08-16 06:27:06 -04:00
|
|
|
'Deny from all'. PHP_EOL,
|
|
|
|
LOCK_EX
|
2012-04-30 07:58:29 -04:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2015-08-28 19:26:48 -04:00
|
|
|
$this->_conf = parse_ini_file(PATH . 'cfg' . DIRECTORY_SEPARATOR . 'conf.ini', true);
|
2015-08-16 06:27:06 -04:00
|
|
|
foreach (array('main', 'model') as $section) {
|
2015-08-29 14:29:14 -04:00
|
|
|
if (!array_key_exists($section, $this->_conf)) {
|
2015-09-04 20:24:56 -04:00
|
|
|
throw new Exception(i18n::_('ZeroBin requires configuration section [%s] to be present in configuration file.', $section), 2);
|
2015-08-29 14:29:14 -04:00
|
|
|
}
|
2015-08-16 06:27:06 -04:00
|
|
|
}
|
2012-05-19 17:59:41 -04:00
|
|
|
$this->_model = $this->_conf['model']['class'];
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* get the model, create one if needed
|
|
|
|
*
|
|
|
|
* @access private
|
2015-08-16 09:55:31 -04:00
|
|
|
* @return zerobin_abstract
|
2012-04-29 13:15:06 -04:00
|
|
|
*/
|
|
|
|
private function _model()
|
|
|
|
{
|
|
|
|
// if needed, initialize the model
|
|
|
|
if(is_string($this->_model)) {
|
2012-05-19 17:59:41 -04:00
|
|
|
$this->_model = forward_static_call(
|
|
|
|
array($this->_model, 'getInstance'),
|
|
|
|
$this->_conf['model_options']
|
|
|
|
);
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
|
|
|
return $this->_model;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2013-10-31 20:15:14 -04:00
|
|
|
* Store new paste or comment
|
2012-04-29 13:15:06 -04:00
|
|
|
*
|
2015-09-16 16:51:48 -04:00
|
|
|
* POST contains one or both:
|
|
|
|
* data = json encoded SJCL encrypted text (containing keys: iv,v,iter,ks,ts,mode,adata,cipher,salt,ct)
|
|
|
|
* attachment = json encoded SJCL encrypted text (containing keys: iv,v,iter,ks,ts,mode,adata,cipher,salt,ct)
|
2012-04-29 13:15:06 -04:00
|
|
|
*
|
|
|
|
* All optional data will go to meta information:
|
2012-05-19 17:59:41 -04:00
|
|
|
* expire (optional) = expiration delay (never,5min,10min,1hour,1day,1week,1month,1year,burn) (default:never)
|
2015-09-16 16:51:48 -04:00
|
|
|
* formatter (optional) = format to display the paste as (plaintext,syntaxhighlighting,markdown) (default:syntaxhighlighting)
|
|
|
|
* burnafterreading (optional) = if this paste may only viewed once ? (0/1) (default:0)
|
2012-04-29 13:15:06 -04:00
|
|
|
* opendiscusssion (optional) = is the discussion allowed on this paste ? (0/1) (default:0)
|
2015-09-04 20:24:56 -04:00
|
|
|
* nickname (optional) = in discussion, encoded SJCL encrypted text nickname of author of comment (containing keys: iv,v,iter,ks,ts,mode,adata,cipher,salt,ct)
|
2012-04-29 13:15:06 -04:00
|
|
|
* parentid (optional) = in discussion, which comment this comment replies to.
|
|
|
|
* pasteid (optional) = in discussion, which paste this comment belongs to.
|
|
|
|
*
|
|
|
|
* @access private
|
2015-08-27 17:58:56 -04:00
|
|
|
* @return string
|
2012-04-29 13:15:06 -04:00
|
|
|
*/
|
2015-09-16 16:51:48 -04:00
|
|
|
private function _create()
|
2012-04-29 13:15:06 -04:00
|
|
|
{
|
|
|
|
$error = false;
|
|
|
|
|
2015-09-16 16:51:48 -04:00
|
|
|
$has_attachment = array_key_exists('attachment', $_POST);
|
2015-09-18 06:33:10 -04:00
|
|
|
$has_attachmentname = $has_attachment && array_key_exists('attachmentname', $_POST) && !empty($_POST['attachmentname']);
|
2015-09-16 16:51:48 -04:00
|
|
|
$data = array_key_exists('data', $_POST) ? $_POST['data'] : '';
|
|
|
|
$attachment = $has_attachment ? $_POST['attachment'] : '';
|
2015-09-18 06:33:10 -04:00
|
|
|
$attachmentname = $has_attachmentname ? $_POST['attachmentname'] : '';
|
2015-09-16 16:51:48 -04:00
|
|
|
|
2012-05-19 17:59:41 -04:00
|
|
|
// Make sure last paste from the IP address was more than X seconds ago.
|
|
|
|
trafficlimiter::setLimit($this->_conf['traffic']['limit']);
|
|
|
|
trafficlimiter::setPath($this->_conf['traffic']['dir']);
|
2015-09-18 16:31:01 -04:00
|
|
|
$ipKey = 'REMOTE_ADDR';
|
|
|
|
if (array_key_exists('header', $this->_conf['traffic']))
|
|
|
|
{
|
|
|
|
$header = 'HTTP_' . $this->_conf['traffic']['header'];
|
|
|
|
if (array_key_exists($header, $_SERVER) && !empty($_SERVER[$header]))
|
|
|
|
{
|
|
|
|
$ipKey = $header;
|
|
|
|
}
|
|
|
|
}
|
2015-09-19 08:22:29 -04:00
|
|
|
if (!trafficlimiter::canPass($_SERVER[$ipKey])) return $this->_return_message(
|
|
|
|
1,
|
|
|
|
i18n::_(
|
|
|
|
'Please wait %d seconds between each post.',
|
|
|
|
$this->_conf['traffic']['limit']
|
|
|
|
)
|
|
|
|
);
|
2012-04-29 13:15:06 -04:00
|
|
|
|
|
|
|
// Make sure content is not too big.
|
2015-08-16 06:27:06 -04:00
|
|
|
$sizelimit = (int) $this->_getMainConfig('sizelimit', 2097152);
|
2015-09-19 08:22:29 -04:00
|
|
|
if (
|
|
|
|
strlen($data) + strlen($attachment) + strlen($attachmentname) > $sizelimit
|
|
|
|
) return $this->_return_message(
|
|
|
|
1,
|
|
|
|
i18n::_(
|
|
|
|
'Paste is limited to %s of encrypted data.',
|
|
|
|
filter::size_humanreadable($sizelimit)
|
|
|
|
)
|
|
|
|
);
|
2012-04-29 13:15:06 -04:00
|
|
|
|
|
|
|
// Make sure format is correct.
|
2015-08-27 17:30:35 -04:00
|
|
|
if (!sjcl::isValid($data)) return $this->_return_message(1, 'Invalid data.');
|
2012-04-29 13:15:06 -04:00
|
|
|
|
2015-09-16 16:51:48 -04:00
|
|
|
// Make sure attachments are enabled and format is correct.
|
|
|
|
if($has_attachment)
|
|
|
|
{
|
|
|
|
if (
|
|
|
|
!$this->_getMainConfig('fileupload', false) ||
|
2015-09-18 06:33:10 -04:00
|
|
|
!sjcl::isValid($attachment) ||
|
|
|
|
!($has_attachmentname && sjcl::isValid($attachmentname))
|
2015-09-19 08:22:29 -04:00
|
|
|
) return $this->_return_message(1, 'Invalid attachment.');
|
2015-09-16 16:51:48 -04:00
|
|
|
}
|
|
|
|
|
2012-04-29 13:15:06 -04:00
|
|
|
// Read additional meta-information.
|
2015-09-04 20:24:56 -04:00
|
|
|
$meta = array();
|
2012-04-29 13:15:06 -04:00
|
|
|
|
|
|
|
// Read expiration date
|
2015-09-12 11:33:16 -04:00
|
|
|
if (array_key_exists('expire', $_POST) && !empty($_POST['expire']))
|
2012-04-29 13:15:06 -04:00
|
|
|
{
|
2015-08-16 06:27:06 -04:00
|
|
|
$selected_expire = (string) $_POST['expire'];
|
2015-09-04 20:24:56 -04:00
|
|
|
if (array_key_exists($selected_expire, $this->_conf['expire_options']))
|
|
|
|
{
|
2015-08-16 06:27:06 -04:00
|
|
|
$expire = $this->_conf['expire_options'][$selected_expire];
|
2015-09-04 20:24:56 -04:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2013-10-30 18:54:42 -04:00
|
|
|
$expire = $this->_conf['expire_options'][$this->_conf['expire']['default']];
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
2013-10-30 18:54:42 -04:00
|
|
|
if ($expire > 0) $meta['expire_date'] = time() + $expire;
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
2015-08-16 05:20:06 -04:00
|
|
|
|
2013-02-24 08:33:51 -05:00
|
|
|
// Destroy the paste when it is read.
|
2015-09-12 11:33:16 -04:00
|
|
|
if (array_key_exists('burnafterreading', $_POST) && !empty($_POST['burnafterreading']))
|
2013-02-24 08:33:51 -05:00
|
|
|
{
|
|
|
|
$burnafterreading = $_POST['burnafterreading'];
|
2015-08-16 06:27:06 -04:00
|
|
|
if ($burnafterreading !== '0')
|
2013-02-24 08:33:51 -05:00
|
|
|
{
|
2015-08-16 06:27:06 -04:00
|
|
|
if ($burnafterreading !== '1') $error = true;
|
2013-02-24 08:33:51 -05:00
|
|
|
$meta['burnafterreading'] = true;
|
|
|
|
}
|
|
|
|
}
|
2012-04-29 13:15:06 -04:00
|
|
|
|
|
|
|
// Read open discussion flag.
|
2015-09-12 11:33:16 -04:00
|
|
|
if (
|
|
|
|
$this->_getMainConfig('discussion', true) &&
|
|
|
|
array_key_exists('opendiscussion', $_POST) &&
|
|
|
|
!empty($_POST['opendiscussion'])
|
|
|
|
)
|
2012-04-29 13:15:06 -04:00
|
|
|
{
|
|
|
|
$opendiscussion = $_POST['opendiscussion'];
|
2015-08-16 06:27:06 -04:00
|
|
|
if ($opendiscussion !== '0')
|
2012-04-29 13:15:06 -04:00
|
|
|
{
|
2015-08-16 06:27:06 -04:00
|
|
|
if ($opendiscussion !== '1') $error = true;
|
2012-04-29 13:15:06 -04:00
|
|
|
$meta['opendiscussion'] = true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-09-12 11:33:16 -04:00
|
|
|
// Read formatter flag.
|
|
|
|
if (array_key_exists('formatter', $_POST) && !empty($_POST['formatter']))
|
|
|
|
{
|
|
|
|
$formatter = $_POST['formatter'];
|
|
|
|
if (!array_key_exists($formatter, $this->_conf['formatter_options']))
|
|
|
|
{
|
2015-09-19 08:22:29 -04:00
|
|
|
$formatter = $this->_getMainConfig('defaultformatter', 'plaintext');
|
2015-09-12 11:33:16 -04:00
|
|
|
}
|
|
|
|
$meta['formatter'] = $formatter;
|
|
|
|
}
|
|
|
|
|
2012-04-29 13:15:06 -04:00
|
|
|
// You can't have an open discussion on a "Burn after reading" paste:
|
|
|
|
if (isset($meta['burnafterreading'])) unset($meta['opendiscussion']);
|
|
|
|
|
|
|
|
// Optional nickname for comments
|
|
|
|
if (!empty($_POST['nickname']))
|
|
|
|
{
|
|
|
|
// Generation of the anonymous avatar (Vizhash):
|
|
|
|
// If a nickname is provided, we generate a Vizhash.
|
|
|
|
// (We assume that if the user did not enter a nickname, he/she wants
|
|
|
|
// to be anonymous and we will not generate the vizhash.)
|
|
|
|
$nick = $_POST['nickname'];
|
|
|
|
if (!sjcl::isValid($nick))
|
|
|
|
{
|
|
|
|
$error = true;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
$meta['nickname'] = $nick;
|
|
|
|
$vz = new vizhash16x16();
|
|
|
|
$pngdata = $vz->generate($_SERVER['REMOTE_ADDR']);
|
|
|
|
if ($pngdata != '')
|
|
|
|
{
|
|
|
|
$meta['vizhash'] = 'data:image/png;base64,' . base64_encode($pngdata);
|
|
|
|
}
|
|
|
|
// Once the avatar is generated, we do not keep the IP address, nor its hash.
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-09-19 08:22:29 -04:00
|
|
|
if ($error) return $this->_return_message(1, 'Invalid data.');
|
2012-04-29 13:15:06 -04:00
|
|
|
|
|
|
|
// Add post date to meta.
|
|
|
|
$meta['postdate'] = time();
|
|
|
|
|
|
|
|
// We just want a small hash to avoid collisions:
|
|
|
|
// Half-MD5 (64 bits) will do the trick
|
|
|
|
$dataid = substr(hash('md5', $data), 0, 16);
|
|
|
|
|
|
|
|
$storage = array('data' => $data);
|
|
|
|
|
|
|
|
// Add meta-information only if necessary.
|
|
|
|
if (count($meta)) $storage['meta'] = $meta;
|
|
|
|
|
|
|
|
// The user posts a comment.
|
|
|
|
if (
|
|
|
|
!empty($_POST['parentid']) &&
|
|
|
|
!empty($_POST['pasteid'])
|
|
|
|
)
|
|
|
|
{
|
2015-08-16 06:27:06 -04:00
|
|
|
$pasteid = (string) $_POST['pasteid'];
|
|
|
|
$parentid = (string) $_POST['parentid'];
|
2012-04-29 13:15:06 -04:00
|
|
|
if (
|
2014-02-06 16:52:17 -05:00
|
|
|
!filter::is_valid_paste_id($pasteid) ||
|
|
|
|
!filter::is_valid_paste_id($parentid)
|
2015-09-19 08:22:29 -04:00
|
|
|
) return $this->_return_message(1, 'Invalid data.');
|
2012-04-29 13:15:06 -04:00
|
|
|
|
|
|
|
// Comments do not expire (it's the paste that expires)
|
|
|
|
unset($storage['expire_date']);
|
|
|
|
unset($storage['opendiscussion']);
|
|
|
|
|
|
|
|
// Make sure paste exists.
|
|
|
|
if (
|
|
|
|
!$this->_model()->exists($pasteid)
|
2015-09-19 08:22:29 -04:00
|
|
|
) return $this->_return_message(1, 'Invalid data.');
|
2012-04-29 13:15:06 -04:00
|
|
|
|
|
|
|
// Make sure the discussion is opened in this paste.
|
|
|
|
$paste = $this->_model()->read($pasteid);
|
|
|
|
if (
|
|
|
|
!$paste->meta->opendiscussion
|
2015-09-19 08:22:29 -04:00
|
|
|
) return $this->_return_message(1, 'Invalid data.');
|
2012-04-29 13:15:06 -04:00
|
|
|
|
|
|
|
// Check for improbable collision.
|
|
|
|
if (
|
|
|
|
$this->_model()->existsComment($pasteid, $parentid, $dataid)
|
2015-09-19 08:22:29 -04:00
|
|
|
) return $this->_return_message(1, 'You are unlucky. Try again.');
|
2012-04-29 13:15:06 -04:00
|
|
|
|
|
|
|
// New comment
|
|
|
|
if (
|
|
|
|
$this->_model()->createComment($pasteid, $parentid, $dataid, $storage) === false
|
2015-09-19 08:22:29 -04:00
|
|
|
) return $this->_return_message(1, 'Error saving comment. Sorry.');
|
2012-04-29 13:15:06 -04:00
|
|
|
|
|
|
|
// 0 = no error
|
2015-09-19 08:22:29 -04:00
|
|
|
return $this->_return_message(0, $dataid);
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
|
|
|
// The user posts a standard paste.
|
|
|
|
else
|
|
|
|
{
|
|
|
|
// Check for improbable collision.
|
|
|
|
if (
|
|
|
|
$this->_model()->exists($dataid)
|
2015-09-19 08:22:29 -04:00
|
|
|
) return $this->_return_message(1, 'You are unlucky. Try again.');
|
2012-04-29 13:15:06 -04:00
|
|
|
|
2015-09-18 06:33:10 -04:00
|
|
|
// Add attachment and its name, if one was sent
|
|
|
|
if ($has_attachment) $storage['attachment'] = $attachment;
|
|
|
|
if ($has_attachmentname) $storage['attachmentname'] = $attachmentname;
|
2015-09-16 16:51:48 -04:00
|
|
|
|
2012-04-29 13:15:06 -04:00
|
|
|
// New paste
|
|
|
|
if (
|
|
|
|
$this->_model()->create($dataid, $storage) === false
|
2015-09-19 08:22:29 -04:00
|
|
|
) return $this->_return_message(1, 'Error saving paste. Sorry.');
|
2012-04-29 13:15:06 -04:00
|
|
|
|
2013-10-31 20:15:14 -04:00
|
|
|
// Generate the "delete" token.
|
|
|
|
// The token is the hmac of the pasteid signed with the server salt.
|
2015-08-28 19:26:48 -04:00
|
|
|
// The paste can be delete by calling http://example.com/zerobin/?pasteid=<pasteid>&deletetoken=<deletetoken>
|
2015-08-27 15:41:21 -04:00
|
|
|
$deletetoken = hash_hmac('sha1', $dataid, serversalt::get());
|
2013-10-31 20:15:14 -04:00
|
|
|
|
2012-04-29 13:15:06 -04:00
|
|
|
// 0 = no error
|
2015-09-19 08:22:29 -04:00
|
|
|
return $this->_return_message(0, $dataid, array('deletetoken' => $deletetoken));
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-02-24 08:33:51 -05:00
|
|
|
/**
|
|
|
|
* Delete an existing paste
|
|
|
|
*
|
|
|
|
* @access private
|
2013-10-31 20:15:14 -04:00
|
|
|
* @param string $dataid
|
|
|
|
* @param string $deletetoken
|
2015-09-01 16:33:07 -04:00
|
|
|
* @return void
|
2013-02-24 08:33:51 -05:00
|
|
|
*/
|
|
|
|
private function _delete($dataid, $deletetoken)
|
|
|
|
{
|
2013-10-31 20:15:14 -04:00
|
|
|
// Is this a valid paste identifier?
|
2014-02-06 16:52:17 -05:00
|
|
|
if (!filter::is_valid_paste_id($dataid))
|
2013-10-31 20:15:14 -04:00
|
|
|
{
|
2014-02-06 16:52:17 -05:00
|
|
|
$this->_error = 'Invalid paste ID.';
|
2015-09-01 16:33:07 -04:00
|
|
|
return;
|
2014-02-06 16:52:17 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
// Check that paste exists.
|
|
|
|
if (!$this->_model()->exists($dataid))
|
|
|
|
{
|
2015-08-31 16:10:41 -04:00
|
|
|
$this->_error = self::GENERIC_ERROR;
|
2015-09-01 16:33:07 -04:00
|
|
|
return;
|
2015-08-31 16:10:41 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
// Get the paste itself.
|
|
|
|
$paste = $this->_model()->read($dataid);
|
|
|
|
|
|
|
|
// See if paste has expired.
|
|
|
|
if (
|
|
|
|
isset($paste->meta->expire_date) &&
|
|
|
|
$paste->meta->expire_date < time()
|
|
|
|
)
|
|
|
|
{
|
|
|
|
// Delete the paste
|
|
|
|
$this->_model()->delete($dataid);
|
|
|
|
$this->_error = self::GENERIC_ERROR;
|
2015-09-01 16:33:07 -04:00
|
|
|
return;
|
2015-08-31 16:10:41 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
if ($deletetoken == 'burnafterreading') {
|
|
|
|
if (
|
|
|
|
isset($paste->meta->burnafterreading) &&
|
|
|
|
$paste->meta->burnafterreading
|
|
|
|
)
|
|
|
|
{
|
|
|
|
// Delete the paste
|
|
|
|
$this->_model()->delete($dataid);
|
2015-09-01 17:51:31 -04:00
|
|
|
$this->_return_message(0, $dataid);
|
2015-09-01 16:33:07 -04:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
$this->_return_message(1, 'Paste is not of burn-after-reading type.');
|
2015-08-31 16:10:41 -04:00
|
|
|
}
|
2015-09-01 16:33:07 -04:00
|
|
|
return;
|
2013-10-31 20:15:14 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
// Make sure token is valid.
|
2015-08-27 15:41:21 -04:00
|
|
|
serversalt::setPath($this->_conf['traffic']['dir']);
|
|
|
|
if (!filter::slow_equals($deletetoken, hash_hmac('sha1', $dataid, serversalt::get())))
|
2013-10-31 20:15:14 -04:00
|
|
|
{
|
|
|
|
$this->_error = 'Wrong deletion token. Paste was not deleted.';
|
2015-09-01 16:33:07 -04:00
|
|
|
return;
|
2013-10-31 20:15:14 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
// Paste exists and deletion token is valid: Delete the paste.
|
|
|
|
$this->_model()->delete($dataid);
|
|
|
|
$this->_status = 'Paste was properly deleted.';
|
|
|
|
}
|
|
|
|
|
2012-04-29 13:15:06 -04:00
|
|
|
/**
|
2013-10-31 20:15:14 -04:00
|
|
|
* Read an existing paste or comment
|
2012-04-29 13:15:06 -04:00
|
|
|
*
|
|
|
|
* @access private
|
2013-10-31 20:15:14 -04:00
|
|
|
* @param string $dataid
|
2012-04-29 13:15:06 -04:00
|
|
|
* @return void
|
|
|
|
*/
|
2013-10-31 20:15:14 -04:00
|
|
|
private function _read($dataid)
|
2012-04-29 13:15:06 -04:00
|
|
|
{
|
2015-09-01 16:33:07 -04:00
|
|
|
$isJson = false;
|
|
|
|
if (($pos = strpos($dataid, '&json')) !== false) {
|
|
|
|
$isJson = true;
|
|
|
|
$dataid = substr($dataid, 0, $pos);
|
|
|
|
}
|
|
|
|
|
2012-04-29 13:15:06 -04:00
|
|
|
// Is this a valid paste identifier?
|
2014-02-06 16:52:17 -05:00
|
|
|
if (!filter::is_valid_paste_id($dataid))
|
2012-04-29 13:15:06 -04:00
|
|
|
{
|
2014-02-06 16:52:17 -05:00
|
|
|
$this->_error = 'Invalid paste ID.';
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check that paste exists.
|
|
|
|
if ($this->_model()->exists($dataid))
|
|
|
|
{
|
|
|
|
// Get the paste itself.
|
|
|
|
$paste = $this->_model()->read($dataid);
|
|
|
|
|
|
|
|
// See if paste has expired.
|
|
|
|
if (
|
|
|
|
isset($paste->meta->expire_date) &&
|
|
|
|
$paste->meta->expire_date < time()
|
|
|
|
)
|
|
|
|
{
|
|
|
|
// Delete the paste
|
|
|
|
$this->_model()->delete($dataid);
|
2015-08-31 16:10:41 -04:00
|
|
|
$this->_error = self::GENERIC_ERROR;
|
2014-02-06 16:52:17 -05:00
|
|
|
}
|
|
|
|
// If no error, return the paste.
|
|
|
|
else
|
2012-04-29 13:15:06 -04:00
|
|
|
{
|
2014-02-06 16:52:17 -05:00
|
|
|
// We kindly provide the remaining time before expiration (in seconds)
|
|
|
|
if (
|
|
|
|
property_exists($paste->meta, 'expire_date')
|
|
|
|
) $paste->meta->remaining_time = $paste->meta->expire_date - time();
|
2012-04-29 13:15:06 -04:00
|
|
|
|
2014-02-06 16:52:17 -05:00
|
|
|
// The paste itself is the first in the list of encrypted messages.
|
|
|
|
$messages = array($paste);
|
|
|
|
|
|
|
|
// If it's a discussion, get all comments.
|
2012-04-29 13:15:06 -04:00
|
|
|
if (
|
2014-02-06 16:52:17 -05:00
|
|
|
property_exists($paste->meta, 'opendiscussion') &&
|
|
|
|
$paste->meta->opendiscussion
|
2012-04-29 13:15:06 -04:00
|
|
|
)
|
|
|
|
{
|
2014-02-06 16:52:17 -05:00
|
|
|
$messages = array_merge(
|
|
|
|
$messages,
|
|
|
|
$this->_model()->readComments($dataid)
|
|
|
|
);
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
2015-09-12 11:33:16 -04:00
|
|
|
|
|
|
|
// set formatter for for the view.
|
|
|
|
if (!property_exists($paste->meta, 'formatter'))
|
|
|
|
{
|
2015-09-17 14:47:00 -04:00
|
|
|
// support < 0.21 syntax highlighting
|
|
|
|
if (property_exists($paste->meta, 'syntaxcoloring') && $paste->meta->syntaxcoloring === true)
|
|
|
|
{
|
|
|
|
$paste->meta->formatter = 'syntaxhighlighting';
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2015-09-19 08:22:29 -04:00
|
|
|
$paste->meta->formatter = $this->_getMainConfig('defaultformatter', 'plaintext');
|
2015-09-17 14:47:00 -04:00
|
|
|
}
|
2015-09-12 11:33:16 -04:00
|
|
|
}
|
|
|
|
|
2014-02-06 16:52:17 -05:00
|
|
|
$this->_data = json_encode($messages);
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
|
|
|
}
|
2013-09-03 02:17:49 -04:00
|
|
|
else
|
|
|
|
{
|
2015-08-31 16:10:41 -04:00
|
|
|
$this->_error = self::GENERIC_ERROR;
|
2013-09-03 02:17:49 -04:00
|
|
|
}
|
2015-09-01 16:33:07 -04:00
|
|
|
if ($isJson)
|
|
|
|
{
|
|
|
|
if (strlen($this->_error))
|
|
|
|
{
|
|
|
|
$this->_return_message(1, $this->_error);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
$this->_return_message(0, $dataid, array('messages' => $messages));
|
|
|
|
}
|
|
|
|
}
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Display ZeroBin frontend.
|
|
|
|
*
|
|
|
|
* @access private
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
private function _view()
|
|
|
|
{
|
2012-08-28 17:28:41 -04:00
|
|
|
// set headers to disable caching
|
2013-02-24 08:33:51 -05:00
|
|
|
$time = gmdate('D, d M Y H:i:s \G\M\T');
|
|
|
|
header('Cache-Control: no-store, no-cache, must-revalidate');
|
|
|
|
header('Pragma: no-cache');
|
|
|
|
header('Expires: ' . $time);
|
|
|
|
header('Last-Modified: ' . $time);
|
|
|
|
header('Vary: Accept');
|
2012-08-25 18:49:11 -04:00
|
|
|
|
2013-10-30 18:54:42 -04:00
|
|
|
// label all the expiration options
|
|
|
|
$expire = array();
|
2015-09-12 11:33:16 -04:00
|
|
|
foreach ($this->_conf['expire_options'] as $time => $seconds)
|
|
|
|
{
|
2015-09-06 13:21:17 -04:00
|
|
|
$expire[$time] = ($seconds == 0) ? i18n::_(ucfirst($time)): filter::time_humanreadable($time);
|
2013-10-30 18:54:42 -04:00
|
|
|
}
|
|
|
|
|
2015-09-12 11:33:16 -04:00
|
|
|
// translate all the formatter options
|
|
|
|
$formatters = array_map(array('i18n', 'translate'), $this->_conf['formatter_options']);
|
|
|
|
|
2015-09-19 05:21:13 -04:00
|
|
|
// set language cookie if that functionality was enabled
|
|
|
|
$languageselection = '';
|
|
|
|
if ($this->_getMainConfig('languageselection', false))
|
|
|
|
{
|
|
|
|
$languageselection = i18n::getLanguage();
|
|
|
|
setcookie('lang', $languageselection);
|
|
|
|
}
|
|
|
|
|
2012-04-29 13:15:06 -04:00
|
|
|
$page = new RainTPL;
|
2015-08-16 06:27:06 -04:00
|
|
|
$page::$path_replace = false;
|
2013-10-30 18:54:42 -04:00
|
|
|
// we escape it here because ENT_NOQUOTES can't be used in RainTPL templates
|
2012-04-29 13:15:06 -04:00
|
|
|
$page->assign('CIPHERDATA', htmlspecialchars($this->_data, ENT_NOQUOTES));
|
2015-09-04 20:24:56 -04:00
|
|
|
$page->assign('ERROR', i18n::_($this->_error));
|
|
|
|
$page->assign('STATUS', i18n::_($this->_status));
|
2012-04-29 13:15:06 -04:00
|
|
|
$page->assign('VERSION', self::VERSION);
|
2015-08-30 18:01:35 -04:00
|
|
|
$page->assign('DISCUSSION', $this->_getMainConfig('discussion', true));
|
2015-08-16 06:27:06 -04:00
|
|
|
$page->assign('OPENDISCUSSION', $this->_getMainConfig('opendiscussion', true));
|
2015-09-12 11:33:16 -04:00
|
|
|
$page->assign('MARKDOWN', array_key_exists('markdown', $formatters));
|
|
|
|
$page->assign('SYNTAXHIGHLIGHTING', array_key_exists('syntaxhighlighting', $formatters));
|
2015-08-17 17:18:33 -04:00
|
|
|
$page->assign('SYNTAXHIGHLIGHTINGTHEME', $this->_getMainConfig('syntaxhighlightingtheme', ''));
|
2015-09-12 11:33:16 -04:00
|
|
|
$page->assign('FORMATTER', $formatters);
|
2015-09-19 08:22:29 -04:00
|
|
|
$page->assign('FORMATTERDEFAULT', $this->_getMainConfig('defaultformatter', 'plaintext'));
|
2015-09-04 20:24:56 -04:00
|
|
|
$page->assign('NOTICE', i18n::_($this->_getMainConfig('notice', '')));
|
2015-08-16 06:27:06 -04:00
|
|
|
$page->assign('BURNAFTERREADINGSELECTED', $this->_getMainConfig('burnafterreadingselected', false));
|
2015-08-30 18:01:35 -04:00
|
|
|
$page->assign('PASSWORD', $this->_getMainConfig('password', true));
|
2015-09-16 16:51:48 -04:00
|
|
|
$page->assign('FILEUPLOAD', $this->_getMainConfig('fileupload', false));
|
2015-08-16 06:27:06 -04:00
|
|
|
$page->assign('BASE64JSVERSION', $this->_getMainConfig('base64version', '2.1.9'));
|
2015-09-19 05:21:13 -04:00
|
|
|
$page->assign('LANGUAGESELECTION', $languageselection);
|
|
|
|
$page->assign('LANGUAGES', i18n::getLanguageLabels(i18n::getAvailableLanguages()));
|
2013-10-30 18:54:42 -04:00
|
|
|
$page->assign('EXPIRE', $expire);
|
|
|
|
$page->assign('EXPIREDEFAULT', $this->_conf['expire']['default']);
|
2015-08-16 06:27:06 -04:00
|
|
|
$page->draw($this->_getMainConfig('template', 'page'));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* get configuration option from [main] section, optionally set a default
|
|
|
|
*
|
|
|
|
* @access private
|
|
|
|
* @param string $option
|
|
|
|
* @param mixed $default (optional)
|
|
|
|
* @return mixed
|
|
|
|
*/
|
|
|
|
private function _getMainConfig($option, $default = false)
|
|
|
|
{
|
|
|
|
return array_key_exists($option, $this->_conf['main']) ?
|
|
|
|
$this->_conf['main'][$option] :
|
|
|
|
$default;
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* return JSON encoded message and exit
|
|
|
|
*
|
|
|
|
* @access private
|
|
|
|
* @param bool $status
|
|
|
|
* @param string $message
|
2013-10-31 20:15:14 -04:00
|
|
|
* @param array $other
|
2015-09-01 16:33:07 -04:00
|
|
|
* @return void
|
2012-04-29 13:15:06 -04:00
|
|
|
*/
|
2013-10-31 20:15:14 -04:00
|
|
|
private function _return_message($status, $message, $other = array())
|
2012-04-29 13:15:06 -04:00
|
|
|
{
|
|
|
|
$result = array('status' => $status);
|
|
|
|
if ($status)
|
|
|
|
{
|
2015-09-04 20:24:56 -04:00
|
|
|
$result['message'] = i18n::_($message);
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
$result['id'] = $message;
|
|
|
|
}
|
2013-10-31 20:15:14 -04:00
|
|
|
$result += $other;
|
2015-09-01 16:33:07 -04:00
|
|
|
$this->_json = json_encode($result);
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
|
|
|
}
|