Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-08-09 06:52:34 -04:00
Code Issues Projects Releases Packages Wiki Activity

address Scrutinizer reported issues

Browse source
This commit is contained in:
El RIDO 2025-07-19 21:01:38 +02:00
parent cbc0d99c59
commit 70842cf271
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
6 changed files with 45 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

3
lib/Controller.php
View file

@ -319,7 +319,8 @@ class Controller
$paste->setData($data); $paste->setData($data);
$paste->store(); $paste->store();
} catch (Exception $e) { } catch (Exception $e) {
return $this->_return_message(1, $e->getMessage()); $this->_return_message(1, $e->getMessage());
return;
} }
$this->_return_message(0, $paste->getId(), array('deletetoken' => $paste->getDeleteToken())); $this->_return_message(0, $paste->getId(), array('deletetoken' => $paste->getDeleteToken()));
} }

18
lib/Data/Database.php
View file

@ -296,7 +296,7 @@ class Database extends AbstractData
// create comment list // create comment list
$comments = array(); $comments = array();
if (is_array($rows) && count($rows)) { if (count($rows)) {
foreach ($rows as $row) { foreach ($rows as $row) {
$i = $this->getOpenSlot($comments, (int) $row['postdate']); $i = $this->getOpenSlot($comments, (int) $row['postdate']);
$comments[$i] = Json::decode($row['data']); $comments[$i] = Json::decode($row['data']);
@ -386,7 +386,7 @@ class Database extends AbstractData
$fs = new Filesystem(array('dir' => 'data')); $fs = new Filesystem(array('dir' => 'data'));
$value = $fs->getValue('salt'); $value = $fs->getValue('salt');
$this->setValue($value, 'salt'); $this->setValue($value, 'salt');
@unlink($file); unlink($file);
return $value; return $value;
} }
} }
@ -467,7 +467,7 @@ class Database extends AbstractData
* @param array $params * @param array $params
* @param bool $firstOnly if only the first row should be returned * @param bool $firstOnly if only the first row should be returned
* @throws PDOException * @throws PDOException
* @return array|false * @return array
*/ */
private function _select($sql, array $params, $firstOnly = false) private function _select($sql, array $params, $firstOnly = false)
{ {
@ -475,6 +475,10 @@ class Database extends AbstractData
$statement->execute($params); $statement->execute($params);
if ($firstOnly) { if ($firstOnly) {
$result = $statement->fetch(PDO::FETCH_ASSOC); $result = $statement->fetch(PDO::FETCH_ASSOC);
if ($this->_type === 'oci' && is_array($result)) {
// returned CLOB values are streams, convert these into strings
$result = array_map('PrivateBin\Data\Database::_sanitizeClob', $result);
}
} elseif ($this->_type === 'oci') { } elseif ($this->_type === 'oci') {
// workaround for https://bugs.php.net/bug.php?id=46728 // workaround for https://bugs.php.net/bug.php?id=46728
$result = array(); $result = array();
@ -485,12 +489,6 @@ class Database extends AbstractData
$result = $statement->fetchAll(PDO::FETCH_ASSOC); $result = $statement->fetchAll(PDO::FETCH_ASSOC);
} }
$statement->closeCursor(); $statement->closeCursor();
if ($this->_type === 'oci' && is_array($result)) {
// returned CLOB values are streams, convert these into strings
$result = $firstOnly ?
array_map('PrivateBin\Data\Database::_sanitizeClob', $result) :
$result;
}
return $result; return $result;
} }
@ -763,7 +761,7 @@ class Database extends AbstractData
if ($this->_type === 'sqlite') { if ($this->_type === 'sqlite') {
try { try {
$row = $this->_select('SELECT sqlite_version() AS "v"', array(), true); $row = $this->_select('SELECT sqlite_version() AS "v"', array(), true);
$supportsDropColumn = version_compare($row['v'], '3.35.0', '>='); $supportsDropColumn = (bool) version_compare($row['v'], '3.35.0', '>=');
} catch (PDOException $e) { } catch (PDOException $e) {
$supportsDropColumn = false; $supportsDropColumn = false;
} }

9
lib/Data/Filesystem.php
View file

@ -69,10 +69,7 @@ class Filesystem extends AbstractData
public function __construct(array $options) public function __construct(array $options)
{ {
// if given update the data directory // if given update the data directory
if ( if (array_key_exists('dir', $options)) {
is_array($options) &&
array_key_exists('dir', $options)
) {
$this->_path = $options['dir']; $this->_path = $options['dir'];
} }
} }
@ -315,7 +312,7 @@ class Filesystem extends AbstractData
$file = $this->_path . DIRECTORY_SEPARATOR . 'salt.php'; $file = $this->_path . DIRECTORY_SEPARATOR . 'salt.php';
if (is_readable($file)) { if (is_readable($file)) {
$items = explode('|', file_get_contents($file)); $items = explode('|', file_get_contents($file));
if (is_array($items) && count($items) == 3) { if (count($items) == 3) {
return $items[1]; return $items[1];
} }
} }
@ -505,7 +502,7 @@ class Filesystem extends AbstractData
if ($fileCreated === false || $writtenBytes === false || $writtenBytes < strlen($data)) { if ($fileCreated === false || $writtenBytes === false || $writtenBytes < strlen($data)) {
return false; return false;
} }
@chmod($filename, 0640); // protect file from access by other users on the host chmod($filename, 0640); // protect file from access by other users on the host
return true; return true;
} }

6
lib/Data/GoogleCloudStorage.php
View file

@ -62,13 +62,13 @@ class GoogleCloudStorage extends AbstractData
if (getenv('PRIVATEBIN_GCS_BUCKET')) { if (getenv('PRIVATEBIN_GCS_BUCKET')) {
$bucket = getenv('PRIVATEBIN_GCS_BUCKET'); $bucket = getenv('PRIVATEBIN_GCS_BUCKET');
} }
if (is_array($options) && array_key_exists('bucket', $options)) { if (array_key_exists('bucket', $options)) {
$bucket = $options['bucket']; $bucket = $options['bucket'];
} }
if (is_array($options) && array_key_exists('prefix', $options)) { if (array_key_exists('prefix', $options)) {
$this->_prefix = $options['prefix']; $this->_prefix = $options['prefix'];
} }
if (is_array($options) && array_key_exists('uniformacl', $options)) { if (array_key_exists('uniformacl', $options)) {
$this->_uniformacl = $options['uniformacl']; $this->_uniformacl = $options['uniformacl'];
} }

53
lib/Data/S3Storage.php
View file

@ -81,33 +81,31 @@ class S3Storage extends AbstractData
*/ */
public function __construct(array $options) public function __construct(array $options)
{ {
if (is_array($options)) { // AWS SDK will try to load credentials from environment if credentials are not passed via configuration
// AWS SDK will try to load credentials from environment if credentials are not passed via configuration // ref: https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials.html#default-credential-chain
// ref: https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials.html#default-credential-chain if (isset($options['accesskey']) && isset($options['secretkey'])) {
if (isset($options['accesskey']) && isset($options['secretkey'])) { $this->_options['credentials'] = array();
$this->_options['credentials'] = array();
$this->_options['credentials']['key'] = $options['accesskey']; $this->_options['credentials']['key'] = $options['accesskey'];
$this->_options['credentials']['secret'] = $options['secretkey']; $this->_options['credentials']['secret'] = $options['secretkey'];
} }
if (array_key_exists('region', $options)) { if (array_key_exists('region', $options)) {
$this->_options['region'] = $options['region']; $this->_options['region'] = $options['region'];
} }
if (array_key_exists('version', $options)) { if (array_key_exists('version', $options)) {
$this->_options['version'] = $options['version']; $this->_options['version'] = $options['version'];
} }
if (array_key_exists('endpoint', $options)) { if (array_key_exists('endpoint', $options)) {
$this->_options['endpoint'] = $options['endpoint']; $this->_options['endpoint'] = $options['endpoint'];
} }
if (array_key_exists('use_path_style_endpoint', $options)) { if (array_key_exists('use_path_style_endpoint', $options)) {
$this->_options['use_path_style_endpoint'] = filter_var($options['use_path_style_endpoint'], FILTER_VALIDATE_BOOLEAN); $this->_options['use_path_style_endpoint'] = filter_var($options['use_path_style_endpoint'], FILTER_VALIDATE_BOOLEAN);
} }
if (array_key_exists('bucket', $options)) { if (array_key_exists('bucket', $options)) {
$this->_bucket = $options['bucket']; $this->_bucket = $options['bucket'];
} }
if (array_key_exists('prefix', $options)) { if (array_key_exists('prefix', $options)) {
$this->_prefix = $options['prefix']; $this->_prefix = $options['prefix'];
}
} }
$this->_client = new S3Client($this->_options); $this->_client = new S3Client($this->_options);
@ -285,7 +283,8 @@ class S3Storage extends AbstractData
'Bucket' => $this->_bucket, 'Bucket' => $this->_bucket,
'Key' => $entry['Key'], 'Key' => $entry['Key'],
)); ));
$body = JSON::decode($object['Body']->getContents()); $data = $object['Body']->getContents();
$body = JSON::decode($data);
$items = explode('/', $entry['Key']); $items = explode('/', $entry['Key']);
$body['id'] = $items[3]; $body['id'] = $items[3];
$body['parentid'] = $items[2]; $body['parentid'] = $items[2];

3
lib/Vizhash16x16.php
View file

@ -93,6 +93,9 @@ class Vizhash16x16
// Then use these integers to drive the creation of an image. // Then use these integers to drive the creation of an image.
$image = imagecreatetruecolor($this->width, $this->height); $image = imagecreatetruecolor($this->width, $this->height);
if ($image === false) {
return '';
}
$r = $r0 = $this->getInt(); $r = $r0 = $this->getInt();
$g = $g0 = $this->getInt(); $g = $g0 = $this->getInt();