mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2024-10-01 01:26:10 -04:00
Merge branch 'fb-tracking-param-fix'
This commit is contained in:
commit
48560e3d60
17
js/common.js
17
js/common.js
@ -22,11 +22,13 @@ require('./bootstrap-3.3.7');
|
|||||||
require('./privatebin');
|
require('./privatebin');
|
||||||
|
|
||||||
// internal variables
|
// internal variables
|
||||||
var a2zString = ['a','b','c','d','e','f','g','h','i','j','k','l','m',
|
var a2zString = ['a','b','c','d','e','f','g','h','i','j','k','l','m',
|
||||||
'n','o','p','q','r','s','t','u','v','w','x','y','z'],
|
'n','o','p','q','r','s','t','u','v','w','x','y','z'],
|
||||||
alnumString = a2zString.concat(['0','1','2','3','4','5','6','7','8','9']),
|
digitString = ['0','1','2','3','4','5','6','7','8','9'],
|
||||||
queryString = alnumString.concat(['+','%','&','.','*','-','_']),
|
alnumString = a2zString.concat(digitString),
|
||||||
hashString = queryString.concat(['!']),
|
hexString = digitString.concat(['a','b','c','d','e','f']),
|
||||||
|
queryString = alnumString.concat(['+','%','&','.','*','-','_']),
|
||||||
|
hashString = queryString.concat(['!']),
|
||||||
base64String = alnumString.concat(['+','/','=']).concat(
|
base64String = alnumString.concat(['+','/','=']).concat(
|
||||||
a2zString.map(function(c) {
|
a2zString.map(function(c) {
|
||||||
return c.toUpperCase();
|
return c.toUpperCase();
|
||||||
@ -123,6 +125,11 @@ exports.jscAlnumString = function() {
|
|||||||
return jsc.elements(alnumString);
|
return jsc.elements(alnumString);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
//provides random characters allowed in hexadecimal notation
|
||||||
|
exports.jscHexString = function() {
|
||||||
|
return jsc.elements(hexString);
|
||||||
|
};
|
||||||
|
|
||||||
// provides random characters allowed in GET queries
|
// provides random characters allowed in GET queries
|
||||||
exports.jscQueryString = function() {
|
exports.jscQueryString = function() {
|
||||||
return jsc.elements(queryString);
|
return jsc.elements(queryString);
|
||||||
|
@ -743,13 +743,44 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
|
|||||||
*/
|
*/
|
||||||
me.getPasteId = function()
|
me.getPasteId = function()
|
||||||
{
|
{
|
||||||
if (id === null) {
|
const idRegEx = /^[a-z0-9]{16}$/;
|
||||||
// Attention: This also returns the delete token inside of the ID, if it is specified
|
const idRegExFind = /[a-z0-9]{16}/;
|
||||||
id = window.location.search.substring(1);
|
|
||||||
|
|
||||||
if (id === '') {
|
// return cached value
|
||||||
throw 'no paste id given';
|
if (id !== null) {
|
||||||
|
return id;
|
||||||
|
}
|
||||||
|
|
||||||
|
// do use URL interface, if possible
|
||||||
|
if (window.URL && window.URL.prototype && ('searchParams' in window.URL.prototype)) {
|
||||||
|
try {
|
||||||
|
const url = new URL(window.location);
|
||||||
|
|
||||||
|
for (const param of url.searchParams) {
|
||||||
|
const key = param[0];
|
||||||
|
const value = param[1];
|
||||||
|
|
||||||
|
if (value === '' && idRegEx.test(key)) {
|
||||||
|
// safe, as the whole regex is matched
|
||||||
|
id = key;
|
||||||
|
return id;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} catch (e) {
|
||||||
|
// fallback below
|
||||||
|
console.error('URL interface not properly supported, error:', e);
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
console.warn('URL interface appears not to be supported in this browser.');
|
||||||
|
}
|
||||||
|
|
||||||
|
// fallback to simple RegEx
|
||||||
|
console.warn('fallback to simple RegEx search');
|
||||||
|
// Attention: This also returns the delete token inside of the ID, if it is specified
|
||||||
|
id = (window.location.search.match(idRegExFind) || [''])[0];
|
||||||
|
|
||||||
|
if (id === '') {
|
||||||
|
throw 'no paste id given';
|
||||||
}
|
}
|
||||||
|
|
||||||
return id;
|
return id;
|
||||||
|
@ -81,18 +81,23 @@ describe('Model', function () {
|
|||||||
'returns the query string without separator, if any',
|
'returns the query string without separator, if any',
|
||||||
jsc.nearray(common.jscA2zString()),
|
jsc.nearray(common.jscA2zString()),
|
||||||
jsc.nearray(common.jscA2zString()),
|
jsc.nearray(common.jscA2zString()),
|
||||||
jsc.nearray(common.jscHashString()),
|
jsc.tuple(new Array(16).fill(common.jscHexString)),
|
||||||
|
jsc.array(common.jscQueryString()),
|
||||||
|
jsc.array(common.jscQueryString()),
|
||||||
'string',
|
'string',
|
||||||
function (schema, address, query, fragment) {
|
function (schema, address, pasteId, queryStart, queryEnd, fragment) {
|
||||||
var queryString = query.join(''),
|
var pasteIdString = pasteId.join(''),
|
||||||
clean = jsdom('', {
|
queryStartString = queryStart.join('') + (queryStart.length > 0 ? '&' : ''),
|
||||||
|
queryEndString = (queryEnd.length > 0 ? '&' : '') + queryEnd.join(''),
|
||||||
|
queryString = queryStartString + pasteIdString + queryEndString,
|
||||||
|
clean = jsdom('', {
|
||||||
url: schema.join('') + '://' + address.join('') +
|
url: schema.join('') + '://' + address.join('') +
|
||||||
'/?' + queryString + '#' + fragment
|
'/?' + queryString + '#' + fragment
|
||||||
}),
|
}),
|
||||||
result = $.PrivateBin.Model.getPasteId();
|
result = $.PrivateBin.Model.getPasteId();
|
||||||
$.PrivateBin.Model.reset();
|
$.PrivateBin.Model.reset();
|
||||||
clean();
|
clean();
|
||||||
return queryString === result;
|
return pasteIdString === result;
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
jsc.property(
|
jsc.property(
|
||||||
|
@ -16,7 +16,7 @@ describe('Prompt', function () {
|
|||||||
'string',
|
'string',
|
||||||
function (password) {
|
function (password) {
|
||||||
password = password.replace(/\r+/g, '');
|
password = password.replace(/\r+/g, '');
|
||||||
var clean = jsdom('', {url: 'ftp://example.com/?0'});
|
var clean = jsdom('', {url: 'ftp://example.com/?0000000000000000'});
|
||||||
$('body').html(
|
$('body').html(
|
||||||
'<div id="passwordmodal" class="modal fade" role="dialog">' +
|
'<div id="passwordmodal" class="modal fade" role="dialog">' +
|
||||||
'<div class="modal-dialog"><div class="modal-content">' +
|
'<div class="modal-dialog"><div class="modal-content">' +
|
||||||
|
@ -72,6 +72,27 @@ class Request
|
|||||||
*/
|
*/
|
||||||
private $_isJsonApi = false;
|
private $_isJsonApi = false;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return the paste ID of the current paste.
|
||||||
|
*
|
||||||
|
* @access private
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
private function getPasteId()
|
||||||
|
{
|
||||||
|
// RegEx to check for valid paste ID (16 base64 chars)
|
||||||
|
$pasteIdRegEx = '/^[a-f0-9]{16}$/';
|
||||||
|
|
||||||
|
foreach ($_GET as $key => $value) {
|
||||||
|
// only return if value is empty and key matches RegEx
|
||||||
|
if (($value === '') and preg_match($pasteIdRegEx, $key, $match)) {
|
||||||
|
return $match[0];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return 'invalid id';
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor
|
* Constructor
|
||||||
*
|
*
|
||||||
@ -100,7 +121,7 @@ class Request
|
|||||||
array_key_exists('QUERY_STRING', $_SERVER) &&
|
array_key_exists('QUERY_STRING', $_SERVER) &&
|
||||||
!empty($_SERVER['QUERY_STRING'])
|
!empty($_SERVER['QUERY_STRING'])
|
||||||
) {
|
) {
|
||||||
$this->_params['pasteid'] = $_SERVER['QUERY_STRING'];
|
$this->_params['pasteid'] = $this->getPasteId();
|
||||||
}
|
}
|
||||||
|
|
||||||
// prepare operation, depending on current parameters
|
// prepare operation, depending on current parameters
|
||||||
|
@ -76,7 +76,7 @@ if ($MARKDOWN):
|
|||||||
endif;
|
endif;
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-gFuGN7PD3lRe5ZTe/S2NfugOrjqNWYgEwBmb3Grk2EVckz1UbqVPs8+PQp6SmQ0preKNpXC50omnwGh4MPkoRg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-tRRKkyV2RYlU1b/PdUmLigAV8mAQpklblVO071AcQs5QbeUwBnK2L5zjbscm2+B2eRJ06luEisXuPowvFHN6fA==" crossorigin="anonymous"></script>
|
||||||
<!--[if lt IE 10]>
|
<!--[if lt IE 10]>
|
||||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
|
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
|
||||||
<![endif]-->
|
<![endif]-->
|
||||||
|
@ -54,7 +54,7 @@ if ($MARKDOWN):
|
|||||||
endif;
|
endif;
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-gFuGN7PD3lRe5ZTe/S2NfugOrjqNWYgEwBmb3Grk2EVckz1UbqVPs8+PQp6SmQ0preKNpXC50omnwGh4MPkoRg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-tRRKkyV2RYlU1b/PdUmLigAV8mAQpklblVO071AcQs5QbeUwBnK2L5zjbscm2+B2eRJ06luEisXuPowvFHN6fA==" crossorigin="anonymous"></script>
|
||||||
<!--[if lt IE 10]>
|
<!--[if lt IE 10]>
|
||||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
|
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
|
||||||
<![endif]-->
|
<![endif]-->
|
||||||
|
@ -507,6 +507,7 @@ EOT;
|
|||||||
$code .= PHP_EOL . <<<'EOT'
|
$code .= PHP_EOL . <<<'EOT'
|
||||||
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
|
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
|
||||||
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
||||||
|
$_GET[Helper::getPasteId()] = '';
|
||||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||||
EOT;
|
EOT;
|
||||||
break;
|
break;
|
||||||
|
@ -680,6 +680,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||||||
public function testReadInvalidId()
|
public function testReadInvalidId()
|
||||||
{
|
{
|
||||||
$_SERVER['QUERY_STRING'] = 'foo';
|
$_SERVER['QUERY_STRING'] = 'foo';
|
||||||
|
$_GET['foo'] = '';
|
||||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||||
ob_start();
|
ob_start();
|
||||||
new Controller;
|
new Controller;
|
||||||
@ -696,6 +697,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||||||
public function testReadNonexisting()
|
public function testReadNonexisting()
|
||||||
{
|
{
|
||||||
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
||||||
|
$_GET[Helper::getPasteId()] = '';
|
||||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||||
ob_start();
|
ob_start();
|
||||||
new Controller;
|
new Controller;
|
||||||
@ -714,6 +716,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||||||
$expiredPaste = Helper::getPaste(array('expire_date' => 1344803344));
|
$expiredPaste = Helper::getPaste(array('expire_date' => 1344803344));
|
||||||
$this->_model->create(Helper::getPasteId(), $expiredPaste);
|
$this->_model->create(Helper::getPasteId(), $expiredPaste);
|
||||||
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
||||||
|
$_GET[Helper::getPasteId()] = '';
|
||||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||||
ob_start();
|
ob_start();
|
||||||
new Controller;
|
new Controller;
|
||||||
@ -732,6 +735,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||||||
$paste = Helper::getPaste(array('burnafterreading' => true));
|
$paste = Helper::getPaste(array('burnafterreading' => true));
|
||||||
$this->_model->create(Helper::getPasteId(), $paste);
|
$this->_model->create(Helper::getPasteId(), $paste);
|
||||||
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
||||||
|
$_GET[Helper::getPasteId()] = '';
|
||||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||||
ob_start();
|
ob_start();
|
||||||
new Controller;
|
new Controller;
|
||||||
@ -760,6 +764,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||||||
$paste = Helper::getPaste();
|
$paste = Helper::getPaste();
|
||||||
$this->_model->create(Helper::getPasteId(), $paste);
|
$this->_model->create(Helper::getPasteId(), $paste);
|
||||||
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
||||||
|
$_GET[Helper::getPasteId()] = '';
|
||||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||||
ob_start();
|
ob_start();
|
||||||
new Controller;
|
new Controller;
|
||||||
@ -790,6 +795,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||||||
);
|
);
|
||||||
$this->_model->create(Helper::getPasteId(), $paste);
|
$this->_model->create(Helper::getPasteId(), $paste);
|
||||||
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
||||||
|
$_GET[Helper::getPasteId()] = '';
|
||||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||||
ob_start();
|
ob_start();
|
||||||
new Controller;
|
new Controller;
|
||||||
@ -897,6 +903,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||||||
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
|
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
|
||||||
$_POST['deletetoken'] = 'burnafterreading';
|
$_POST['deletetoken'] = 'burnafterreading';
|
||||||
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
||||||
|
$_GET[Helper::getPasteId()] = '';
|
||||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||||
ob_start();
|
ob_start();
|
||||||
@ -917,6 +924,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||||||
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
|
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
|
||||||
$_POST['deletetoken'] = 'burnafterreading';
|
$_POST['deletetoken'] = 'burnafterreading';
|
||||||
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
||||||
|
$_GET[Helper::getPasteId()] = '';
|
||||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||||
ob_start();
|
ob_start();
|
||||||
|
@ -82,6 +82,7 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
|
|||||||
file_put_contents($file, http_build_query($paste));
|
file_put_contents($file, http_build_query($paste));
|
||||||
Request::setInputStream($file);
|
Request::setInputStream($file);
|
||||||
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
||||||
|
$_GET[Helper::getPasteId()] = '';
|
||||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||||
$_SERVER['REQUEST_METHOD'] = 'PUT';
|
$_SERVER['REQUEST_METHOD'] = 'PUT';
|
||||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||||
@ -117,6 +118,7 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
|
|||||||
)));
|
)));
|
||||||
Request::setInputStream($file);
|
Request::setInputStream($file);
|
||||||
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
||||||
|
$_GET[Helper::getPasteId()] = '';
|
||||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||||
$_SERVER['REQUEST_METHOD'] = 'DELETE';
|
$_SERVER['REQUEST_METHOD'] = 'DELETE';
|
||||||
ob_start();
|
ob_start();
|
||||||
@ -164,6 +166,7 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
|
|||||||
unset($paste['attachmentname']);
|
unset($paste['attachmentname']);
|
||||||
$this->_model->create(Helper::getPasteId(), $paste);
|
$this->_model->create(Helper::getPasteId(), $paste);
|
||||||
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
||||||
|
$_GET[Helper::getPasteId()] = '';
|
||||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||||
ob_start();
|
ob_start();
|
||||||
new Controller;
|
new Controller;
|
||||||
|
@ -21,6 +21,36 @@ class RequestTest extends PHPUnit_Framework_TestCase
|
|||||||
$_POST = array();
|
$_POST = array();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns 16 random hexadecimal characters.
|
||||||
|
*
|
||||||
|
* @access public
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function getRandomId()
|
||||||
|
{
|
||||||
|
// 8 binary bytes are 16 characters long in hex
|
||||||
|
return bin2hex(random_bytes(8));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns random query safe characters.
|
||||||
|
*
|
||||||
|
* @access public
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function getRandomQueryChars()
|
||||||
|
{
|
||||||
|
$queryChars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ=';
|
||||||
|
$queryCharCount = strlen($queryChars) - 1;
|
||||||
|
$resultLength = random_int(1, 10);
|
||||||
|
$result = '';
|
||||||
|
for ($i = 0; $i < $resultLength; ++$i) {
|
||||||
|
$result .= $queryChars[random_int(0, $queryCharCount)];
|
||||||
|
}
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
|
|
||||||
public function testView()
|
public function testView()
|
||||||
{
|
{
|
||||||
$this->reset();
|
$this->reset();
|
||||||
@ -33,24 +63,27 @@ class RequestTest extends PHPUnit_Framework_TestCase
|
|||||||
public function testRead()
|
public function testRead()
|
||||||
{
|
{
|
||||||
$this->reset();
|
$this->reset();
|
||||||
|
$id = $this->getRandomId();
|
||||||
$_SERVER['REQUEST_METHOD'] = 'GET';
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
||||||
$_SERVER['QUERY_STRING'] = 'foo';
|
$_SERVER['QUERY_STRING'] = $id;
|
||||||
|
$_GET[$id] = '';
|
||||||
$request = new Request;
|
$request = new Request;
|
||||||
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
|
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
|
||||||
$this->assertEquals('foo', $request->getParam('pasteid'));
|
$this->assertEquals($id, $request->getParam('pasteid'));
|
||||||
$this->assertEquals('read', $request->getOperation());
|
$this->assertEquals('read', $request->getOperation());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testDelete()
|
public function testDelete()
|
||||||
{
|
{
|
||||||
$this->reset();
|
$this->reset();
|
||||||
|
$id = $this->getRandomId();
|
||||||
$_SERVER['REQUEST_METHOD'] = 'GET';
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
||||||
$_GET['pasteid'] = 'foo';
|
$_GET['pasteid'] = $id;
|
||||||
$_GET['deletetoken'] = 'bar';
|
$_GET['deletetoken'] = 'bar';
|
||||||
$request = new Request;
|
$request = new Request;
|
||||||
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
|
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
|
||||||
$this->assertEquals('delete', $request->getOperation());
|
$this->assertEquals('delete', $request->getOperation());
|
||||||
$this->assertEquals('foo', $request->getParam('pasteid'));
|
$this->assertEquals($id, $request->getParam('pasteid'));
|
||||||
$this->assertEquals('bar', $request->getParam('deletetoken'));
|
$this->assertEquals('bar', $request->getParam('deletetoken'));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -84,74 +117,103 @@ class RequestTest extends PHPUnit_Framework_TestCase
|
|||||||
public function testApiRead()
|
public function testApiRead()
|
||||||
{
|
{
|
||||||
$this->reset();
|
$this->reset();
|
||||||
|
$id = $this->getRandomId();
|
||||||
$_SERVER['REQUEST_METHOD'] = 'GET';
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
||||||
$_SERVER['HTTP_ACCEPT'] = 'application/json, text/javascript, */*; q=0.01';
|
$_SERVER['HTTP_ACCEPT'] = 'application/json, text/javascript, */*; q=0.01';
|
||||||
$_SERVER['QUERY_STRING'] = 'foo';
|
$_SERVER['QUERY_STRING'] = $id;
|
||||||
|
$_GET[$id] = '';
|
||||||
$request = new Request;
|
$request = new Request;
|
||||||
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
|
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
|
||||||
$this->assertEquals('foo', $request->getParam('pasteid'));
|
$this->assertEquals($id, $request->getParam('pasteid'));
|
||||||
$this->assertEquals('read', $request->getOperation());
|
$this->assertEquals('read', $request->getOperation());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testApiDelete()
|
public function testApiDelete()
|
||||||
{
|
{
|
||||||
$this->reset();
|
$this->reset();
|
||||||
|
$id = $this->getRandomId();
|
||||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||||
$_SERVER['QUERY_STRING'] = 'foo';
|
$_SERVER['QUERY_STRING'] = $id;
|
||||||
|
$_GET = array($id => '');
|
||||||
$_POST['deletetoken'] = 'bar';
|
$_POST['deletetoken'] = 'bar';
|
||||||
$request = new Request;
|
$request = new Request;
|
||||||
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
|
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
|
||||||
$this->assertEquals('delete', $request->getOperation());
|
$this->assertEquals('delete', $request->getOperation());
|
||||||
$this->assertEquals('foo', $request->getParam('pasteid'));
|
$this->assertEquals($id, $request->getParam('pasteid'));
|
||||||
$this->assertEquals('bar', $request->getParam('deletetoken'));
|
$this->assertEquals('bar', $request->getParam('deletetoken'));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testReadWithNegotiation()
|
public function testReadWithNegotiation()
|
||||||
{
|
{
|
||||||
$this->reset();
|
$this->reset();
|
||||||
|
$id = $this->getRandomId();
|
||||||
$_SERVER['REQUEST_METHOD'] = 'GET';
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
||||||
$_SERVER['HTTP_ACCEPT'] = 'text/html,text/html; charset=UTF-8,application/xhtml+xml, application/xml;q=0.9,*/*;q=0.8, text/csv,application/json';
|
$_SERVER['HTTP_ACCEPT'] = 'text/html,text/html; charset=UTF-8,application/xhtml+xml, application/xml;q=0.9,*/*;q=0.8, text/csv,application/json';
|
||||||
$_SERVER['QUERY_STRING'] = 'foo';
|
$_SERVER['QUERY_STRING'] = $id;
|
||||||
|
$_GET[$id] = '';
|
||||||
$request = new Request;
|
$request = new Request;
|
||||||
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
|
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
|
||||||
$this->assertEquals('foo', $request->getParam('pasteid'));
|
$this->assertEquals($id, $request->getParam('pasteid'));
|
||||||
$this->assertEquals('read', $request->getOperation());
|
$this->assertEquals('read', $request->getOperation());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testReadWithXhtmlNegotiation()
|
public function testReadWithXhtmlNegotiation()
|
||||||
{
|
{
|
||||||
$this->reset();
|
$this->reset();
|
||||||
|
$id = $this->getRandomId();
|
||||||
$_SERVER['REQUEST_METHOD'] = 'GET';
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
||||||
$_SERVER['HTTP_ACCEPT'] = 'application/xhtml+xml,text/html,text/html; charset=UTF-8, application/xml;q=0.9,*/*;q=0.8, text/csv,application/json';
|
$_SERVER['HTTP_ACCEPT'] = 'application/xhtml+xml,text/html,text/html; charset=UTF-8, application/xml;q=0.9,*/*;q=0.8, text/csv,application/json';
|
||||||
$_SERVER['QUERY_STRING'] = 'foo';
|
$_SERVER['QUERY_STRING'] = $id;
|
||||||
|
$_GET[$id] = '';
|
||||||
$request = new Request;
|
$request = new Request;
|
||||||
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
|
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
|
||||||
$this->assertEquals('foo', $request->getParam('pasteid'));
|
$this->assertEquals($id, $request->getParam('pasteid'));
|
||||||
$this->assertEquals('read', $request->getOperation());
|
$this->assertEquals('read', $request->getOperation());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testApiReadWithNegotiation()
|
public function testApiReadWithNegotiation()
|
||||||
{
|
{
|
||||||
$this->reset();
|
$this->reset();
|
||||||
|
$id = $this->getRandomId();
|
||||||
$_SERVER['REQUEST_METHOD'] = 'GET';
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
||||||
$_SERVER['HTTP_ACCEPT'] = 'text/plain,text/csv, application/xml;q=0.9, application/json, text/html,text/html; charset=UTF-8,application/xhtml+xml, */*;q=0.8';
|
$_SERVER['HTTP_ACCEPT'] = 'text/plain,text/csv, application/xml;q=0.9, application/json, text/html,text/html; charset=UTF-8,application/xhtml+xml, */*;q=0.8';
|
||||||
$_SERVER['QUERY_STRING'] = 'foo';
|
$_SERVER['QUERY_STRING'] = $id;
|
||||||
|
$_GET[$id] = '';
|
||||||
$request = new Request;
|
$request = new Request;
|
||||||
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
|
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
|
||||||
$this->assertEquals('foo', $request->getParam('pasteid'));
|
$this->assertEquals($id, $request->getParam('pasteid'));
|
||||||
$this->assertEquals('read', $request->getOperation());
|
$this->assertEquals('read', $request->getOperation());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testReadWithFailedNegotiation()
|
public function testReadWithFailedNegotiation()
|
||||||
{
|
{
|
||||||
$this->reset();
|
$this->reset();
|
||||||
|
$id = $this->getRandomId();
|
||||||
$_SERVER['REQUEST_METHOD'] = 'GET';
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
||||||
$_SERVER['HTTP_ACCEPT'] = 'text/plain,text/csv, application/xml;q=0.9, */*;q=0.8';
|
$_SERVER['HTTP_ACCEPT'] = 'text/plain,text/csv, application/xml;q=0.9, */*;q=0.8';
|
||||||
$_SERVER['QUERY_STRING'] = 'foo';
|
$_SERVER['QUERY_STRING'] = $id;
|
||||||
|
$_GET[$id] = '';
|
||||||
$request = new Request;
|
$request = new Request;
|
||||||
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
|
$this->assertFalse($request->isJsonApiCall(), 'is HTML call');
|
||||||
$this->assertEquals('foo', $request->getParam('pasteid'));
|
$this->assertEquals($id, $request->getParam('pasteid'));
|
||||||
$this->assertEquals('read', $request->getOperation());
|
$this->assertEquals('read', $request->getOperation());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testPasteIdExtraction()
|
||||||
|
{
|
||||||
|
$this->reset();
|
||||||
|
$id = $this->getRandomId();
|
||||||
|
$queryParams = array($id);
|
||||||
|
$queryParamCount = random_int(1, 5);
|
||||||
|
for ($i = 0; $i < $queryParamCount; ++$i) {
|
||||||
|
array_push($queryParams, $this->getRandomQueryChars());
|
||||||
|
}
|
||||||
|
shuffle($queryParams);
|
||||||
|
$_SERVER['REQUEST_METHOD'] = 'GET';
|
||||||
|
$_SERVER['QUERY_STRING'] = implode('&', $queryParams);
|
||||||
|
$_GET[$id] = '';
|
||||||
|
$request = new Request;
|
||||||
|
$this->assertEquals($id, $request->getParam('pasteid'));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user