Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-07-24 07:20:45 -04:00
Code Issues Projects Releases Packages Wiki Activity

finishing changes in models, removing last md5 test cases, tightening up allowed POST data

Browse source
This commit is contained in:
El RIDO 2019-05-06 22:15:21 +02:00
parent 06b90ff48e
commit 76dc01b959
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
7 changed files with 236 additions and 339 deletions
Download patch file Download diff file Expand all files Collapse all files

240
lib/Model/Paste.php
View file

@ -15,7 +15,6 @@ namespace PrivateBin\Model;
use Exception;
use PrivateBin\Controller;
use PrivateBin\Persistence\ServerSalt;
use PrivateBin\FormatV2;
/**
* Paste
@ -28,8 +27,8 @@ class Paste extends AbstractModel
* Get paste data.
*
* @access public
* @throws \Exception
* @return \stdClass
* @throws Exception
* @return array
*/
public function get()
{
@ -39,44 +38,42 @@ class Paste extends AbstractModel
}
// check if paste has expired and delete it if neccessary.
if (property_exists($data->meta, 'expire_date')) {
if ($data->meta->expire_date < time()) {
if (array_key_exists('expire_date', $data['meta'])) {
if ($data['meta']['expire_date'] < time()) {
$this->delete();
throw new Exception(Controller::GENERIC_ERROR, 63);
}
// We kindly provide the remaining time before expiration (in seconds)
$data->meta->remaining_time = $data->meta->expire_date - time();
$data['meta']['time_to_live'] = $data['meta']['expire_date'] - time();
}
// check if non-expired burn after reading paste needs to be deleted
if (property_exists($data->meta, 'burnafterreading') && $data->meta->burnafterreading) {
if (
(array_key_exists('adata', $data) && $data['adata'][3] === 1) ||
(array_key_exists('burnafterreading', $data['meta']) && $data['meta']['burnafterreading'])
) {
$this->delete();
}
// set formatter for for the view.
if (!property_exists($data->meta, 'formatter')) {
// set formatter for the view in version 1 pastes.
if (array_key_exists('data', $data) && !array_key_exists('formatter', $data['meta'])) {
// support < 0.21 syntax highlighting
if (property_exists($data->meta, 'syntaxcoloring') && $data->meta->syntaxcoloring === true) {
$data->meta->formatter = 'syntaxhighlighting';
if (array_key_exists('syntaxcoloring', $data['meta']) && $data['meta']['syntaxcoloring'] === true) {
$data['meta']['formatter'] = 'syntaxhighlighting';
} else {
$data->meta->formatter = $this->_conf->getKey('defaultformatter');
$data['meta']['formatter'] = $this->_conf->getKey('defaultformatter');
}
}
// support old paste format with server wide salt
if (!property_exists($data->meta, 'salt')) {
$data->meta->salt = ServerSalt::get();
}
$data->comments = array_values($this->getComments());
$data->comment_count = count($data->comments);
$data->comment_offset = 0;
$data->{'@context'} = 'js/paste.jsonld';
$this->_data = $data;
// If the paste was meant to be read only once, delete it.
if ($this->isBurnafterreading()) {
$this->delete();
if (!array_key_exists('salt', $data['meta'])) {
$data['meta']['salt'] = ServerSalt::get();
}
$data['comments'] = array_values($this->getComments());
$data['comment_count'] = count($data['comments']);
$data['comment_offset'] = 0;
$data['@context'] = 'js/paste.jsonld';
$this->_data = $data;
return $this->_data;
}
@ -94,8 +91,8 @@ class Paste extends AbstractModel
throw new Exception('You are unlucky. Try again.', 75);
}
$this->_data->meta->postdate = time();
$this->_data->meta->salt = serversalt::generate();
$this->_data['meta']['created'] = time();
$this->_data['meta']['salt'] = serversalt::generate();
// store paste
if (
@ -139,7 +136,7 @@ class Paste extends AbstractModel
* @throws Exception
* @return Comment
*/
public function getComment($parentId, $commentId = null)
public function getComment(string $parentId, string $commentId = '')
{
if (!$this->exists()) {
throw new Exception('Invalid data.', 62);
@ -147,7 +144,7 @@ class Paste extends AbstractModel
$comment = new Comment($this->_conf, $this->_store);
$comment->setPaste($this);
$comment->setParentId($parentId);
if ($commentId !== null) {
if ($commentId !== '') {
$comment->setId($commentId);
}
return $comment;
@ -186,130 +183,6 @@ class Paste extends AbstractModel
);
}
/**
* Set paste's attachment.
*
* @access public
* @param string $attachment
* @throws Exception
*/
public function setAttachment($attachment)
{
if (!$this->_conf->getKey('fileupload') || !FormatV2::isValid($attachment)) {
throw new Exception('Invalid attachment.', 71);
}
$this->_data->meta->attachment = $attachment;
}
/**
* Set paste's attachment name.
*
* @access public
* @param string $attachmentname
* @throws Exception
*/
public function setAttachmentName($attachmentname)
{
if (!$this->_conf->getKey('fileupload') || !FormatV2::isValid($attachmentname)) {
throw new Exception('Invalid attachment.', 72);
}
$this->_data->meta->attachmentname = $attachmentname;
}
/**
* Set paste expiration.
*
* @access public
* @param string $expiration
*/
public function setExpiration($expiration)
{
$expire_options = $this->_conf->getSection('expire_options');
if (array_key_exists($expiration, $expire_options)) {
$expire = $expire_options[$expiration];
} else {
// using getKey() to ensure a default value is present
$expire = $this->_conf->getKey($this->_conf->getKey('default', 'expire'), 'expire_options');
}
if ($expire > 0) {
$this->_data->meta->expire_date = time() + $expire;
}
}
/**
* Set paste's burn-after-reading type.
*
* @access public
* @param string $burnafterreading
* @throws Exception
*/
public function setBurnafterreading($burnafterreading = '1')
{
if ($burnafterreading === '0') {
$this->_data->meta->burnafterreading = false;
} else {
if ($burnafterreading !== '1') {
throw new Exception('Invalid data.', 73);
}
$this->_data->meta->burnafterreading = true;
$this->_data->meta->opendiscussion = false;
}
}
/**
* Set paste's discussion state.
*
* @access public
* @param string $opendiscussion
* @throws Exception
*/
public function setOpendiscussion($opendiscussion = '1')
{
if (
!$this->_conf->getKey('discussion') ||
$this->isBurnafterreading() ||
$opendiscussion === '0'
) {
$this->_data->meta->opendiscussion = false;
} else {
if ($opendiscussion !== '1') {
throw new Exception('Invalid data.', 74);
}
$this->_data->meta->opendiscussion = true;
}
}
/**
* Set paste's format.
*
* @access public
* @param string $format
* @throws Exception
*/
public function setFormatter($format)
{
if (!array_key_exists($format, $this->_conf->getSection('formatter_options'))) {
$format = $this->_conf->getKey('defaultformatter');
}
$this->_data->meta->formatter = $format;
}
/**
* Check if paste is of burn-after-reading type.
*
* @access public
* @throws Exception
* @return bool
*/
public function isBurnafterreading()
{
if (!property_exists($this->_data, 'data')) {
$this->get();
}
return property_exists($this->_data->meta, 'burnafterreading') &&
$this->_data->meta->burnafterreading === true;
}
/**
* Check if paste has discussions enabled.
*
@ -319,10 +192,67 @@ class Paste extends AbstractModel
*/
public function isOpendiscussion()
{
if (!property_exists($this->_data, 'data')) {
if (!array_key_exists('adata', $this->_data) && !array_key_exists('data', $this->_data)) {
$this->get();
}
return property_exists($this->_data->meta, 'opendiscussion') &&
$this->_data->meta->opendiscussion === true;
return (
(array_key_exists('adata', $this->_data) && $this->_data['adata'][2] === 1) ||
(array_key_exists('opendiscussion', $this->_data['meta']) && $this->_data['meta']['opendiscussion'])
);
}
/**
* Sanitizes data to conform with current configuration.
*
* @access protected
* @param array $data
* @return array
*/
protected function _sanitize(array $data)
{
$expiration = $data['meta']['expire'];
unset($data['meta']['expire']);
$expire_options = $this->_conf->getSection('expire_options');
if (array_key_exists($expiration, $expire_options)) {
$expire = $expire_options[$expiration];
} else {
// using getKey() to ensure a default value is present
$expire = $this->_conf->getKey($this->_conf->getKey('default', 'expire'), 'expire_options');
}
if ($expire > 0) {
$data['meta']['expire_date'] = time() + $expire;
}
return $data;
}
/**
* Validate data.
*
* @access protected
* @param array $data
* @throws Exception
*/
protected function _validate(array $data)
{
// reject invalid or disabled formatters
if (!array_key_exists($data['adata'][1], $this->_conf->getSection('formatter_options'))) {
throw new Exception('Invalid data.', 75);
}
// discussion requested, but disabled in config or burn after reading requested as well, or invalid integer
if (
($data['adata'][2] === 1 && ( // open discussion flag
!$this->_conf->getKey('discussion') ||
$data['adata'][3] === 1 // burn after reading flag
)) ||
($data['adata'][2] !== 0 && $data['adata'][2] !== 1)
) {
throw new Exception('Invalid data.', 74);
}
// reject invalid burn after reading
if ($data['adata'][3] !== 0 && $data['adata'][3] !== 1) {
throw new Exception('Invalid data.', 73);
}
}
}