Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2024-10-01 01:26:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

switching to full JSON API without POST array use, ensure all JSON operations are done with error detection

Browse Source
This commit is contained in:
El RIDO 2019-05-13 22:31:52 +02:00
parent be1e7babc0
commit cc1c55129f
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92
14 changed files with 187 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
js/privatebin.js
View File

@ -3712,27 +3712,22 @@ jQuery.PrivateBin = (function($, RawDeflate) {
{
let isPost = Object.keys(data).length > 0,
ajaxParams = {
type: isPost ? 'POST' : 'GET',
url: url,
headers: ajaxHeaders,
success: function(result) {
if (result.status === 0) {
success(0, result);
} else if (result.status === 1) {
fail(1, result);
} else {
fail(2, result);
type: isPost ? 'POST' : 'GET',
url: url,
headers: ajaxHeaders,
dataType: 'json',
success: function(result) {
if (result.status === 0) {
success(0, result);
} else if (result.status === 1) {
fail(1, result);
} else {
fail(2, result);
}
}
}
};
};
if (isPost) {
ajaxParams.data = data;
['adata', 'meta'].map(function (key) {
if (data.hasOwnProperty(key)) {
ajaxParams.data[key] = JSON.stringify(data[key]);
}
});
ajaxParams.dataType = 'json';
ajaxParams.data = JSON.stringify(data);
}
$.ajax(ajaxParams).fail(function(jqXHR, textStatus, errorThrown) {
console.error(textStatus, errorThrown);

5
lib/Controller.php
View File

@ -154,6 +154,7 @@ class Controller
* initialize PrivateBin
*
* @access private
* @throws Exception
*/
private function _init()
{
@ -206,7 +207,6 @@ class Controller
);
}
// Ensure content is not too big.
$data = $this->_request->getData();
$isComment = array_key_exists('pasteid', $data) &&
!empty($data['pasteid']) &&
@ -216,6 +216,7 @@ class Controller
return $this->_return_message(1, 'Invalid data.');
}
$sizelimit = $this->_conf->getKey('sizelimit');
// Ensure content is not too big.
if (strlen($data['ct']) > $sizelimit) {
return $this->_return_message(
1,
@ -432,6 +433,6 @@ class Controller
$result['url'] = $this->_urlBase . '?' . $message;
}
$result += $other;
$this->_json = json_encode($result);
$this->_json = Json::encode($result);
}
}

13
lib/Data/Database.php
View File

@ -16,6 +16,7 @@ use Exception;
use PDO;
use PDOException;
use PrivateBin\Controller;
use PrivateBin\Json;
/**
* Database
@ -204,12 +205,12 @@ class Database extends AbstractData
' VALUES(?,?,?,?,?,?,?,?,?)',
array(
$pasteid,
$isVersion1 ? $paste['data'] : json_encode($paste),
$isVersion1 ? $paste['data'] : Json::encode($paste),
$created,
$expire_date,
(int) $opendiscussion,
(int) $burnafterreading,
json_encode($meta),
Json::encode($meta),
$attachment,
$attachmentname,
)
@ -239,7 +240,7 @@ class Database extends AbstractData
return false;
}
// create array
$data = json_decode($paste['data'], true);
$data = Json::decode($paste['data']);
$isVersion2 = array_key_exists('v', $data) && $data['v'] >= 2;
if ($isVersion2) {
self::$_cache[$pasteid] = $data;
@ -249,7 +250,7 @@ class Database extends AbstractData
list($createdKey) = self::_getVersionedKeys(1);
}
$paste['meta'] = json_decode($paste['meta'], true);
$paste['meta'] = Json::decode($paste['meta']);
if (!is_array($paste['meta'])) {
$paste['meta'] = array();
}
@ -338,7 +339,7 @@ class Database extends AbstractData
$data = $comment['data'];
} else {
$version = 2;
$data = json_encode($comment);
$data = Json::encode($comment);
}
list($createdKey, $iconKey) = self::_getVersionedKeys($version);
$meta = $comment['meta'];
@ -382,7 +383,7 @@ class Database extends AbstractData
if (count($rows)) {
foreach ($rows as $row) {
$i = $this->getOpenSlot($comments, (int) $row['postdate']);
$data = json_decode($row['data'], true);
$data = Json::decode($row['data']);
if (array_key_exists('v', $data) && $data['v'] >= 2) {
$version = 2;
$comments[$i] = $data;

7
lib/I18n.php
View File

@ -156,9 +156,8 @@ class I18n
// load translations
self::$_language = $match;
self::$_translations = ($match == 'en') ? array() : json_decode(
file_get_contents(self::_getPath($match . '.json')),
true
self::$_translations = ($match == 'en') ? array() : Json::decode(
file_get_contents(self::_getPath($match . '.json'))
);
}
@ -244,7 +243,7 @@ class I18n
{
$file = self::_getPath('languages.json');
if (count(self::$_languageLabels) == 0 && is_readable($file)) {
self::$_languageLabels = json_decode(file_get_contents($file), true);
self::$_languageLabels = Json::decode(file_get_contents($file));
}
if (count($languages) == 0) {
return self::$_languageLabels;

32
lib/Json.php
View File

@ -33,9 +33,39 @@ class Json
public static function encode($input)
{
$jsonString = json_encode($input);
self::_detectError();
return $jsonString;
}
/**
* Returns an array with the contents as described in the given JSON input
*
* @access public
* @static
* @param string $input
* @throws Exception
* @return array
*/
public static function decode($input)
{
$array = json_decode($input, true);
self::_detectError();
return $array;
}
/**
* Detects JSON errors and raises an exception if one is found
*
* @access private
* @static
* @throws Exception
* @return void
*/
private static function _detectError()
{
$errorCode = json_last_error();
if ($errorCode === JSON_ERROR_NONE) {
return $jsonString;
return;
}
$message = 'A JSON error occurred';

2
lib/Model/Paste.php
View File

@ -98,7 +98,7 @@ class Paste extends AbstractModel
if (
$this->_store->create(
$this->getId(),
json_decode(json_encode($this->_data), true)
$this->_data
) === false
) {
throw new Exception('Error saving paste. Sorry.', 76);

12
lib/Persistence/DataStore.php
View File

@ -45,7 +45,10 @@ class DataStore extends AbstractPersistence
$filename = substr($filename, strlen($path));
}
try {
self::_store($filename, self::PROTECTION_LINE . PHP_EOL . Json::encode($data));
self::_store(
$filename,
self::PROTECTION_LINE . PHP_EOL . Json::encode($data)
);
return true;
} catch (Exception $e) {
return false;
@ -62,7 +65,12 @@ class DataStore extends AbstractPersistence
*/
public static function get($filename)
{
return json_decode(substr(file_get_contents($filename), strlen(self::PROTECTION_LINE . PHP_EOL)), true);
return Json::decode(
substr(
file_get_contents($filename),
strlen(self::PROTECTION_LINE . PHP_EOL)
)
);
}
/**

12
lib/Request.php
View File

@ -107,10 +107,10 @@ class Request
switch (array_key_exists('REQUEST_METHOD', $_SERVER) ? $_SERVER['REQUEST_METHOD'] : 'GET') {
case 'DELETE':
case 'PUT':
parse_str(file_get_contents(self::$_inputStream), $this->_params);
break;
case 'POST':
$this->_params = $_POST;
$this->_params = Json::decode(
file_get_contents(self::$_inputStream)
);
break;
default:
$this->_params = $_GET;
@ -161,15 +161,15 @@ class Request
public function getData()
{
$data = array(
'adata' => json_decode($this->getParam('adata', '[]'), true),
'adata' => $this->getParam('adata', array()),
);
$required_keys = array('v', 'ct');
$meta = $this->getParam('meta');
$meta = $this->getParam('meta', array());
if (empty($meta)) {
$required_keys[] = 'pasteid';
$required_keys[] = 'parentid';
} else {
$data['meta'] = json_decode($meta, true);
$data['meta'] = $meta;
}
foreach ($required_keys as $key) {
$data[$key] = $this->getParam($key);

2
tpl/bootstrap.php
View File

@ -71,7 +71,7 @@ if ($MARKDOWN):
endif;
?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-vFGSFJnVh1RWRo5e1F4ig6UBs3QnPfM8hZ9CnnTN9QTWtLY/urdVWSJFZYAqzU3zADw0LvqS/GxJnkkza0tTzQ==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-YCn+cUn5IWzAnD+URrUMfDVZ9SjPtPw//qVIYf7ZIMxmh+oODCN/NbZq30K/8ldA1Al0udP5RQg4PyE6j6wdBQ==" crossorigin="anonymous"></script>
<!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]-->

2
tpl/page.php
View File

@ -49,7 +49,7 @@ if ($MARKDOWN):
endif;
?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-vFGSFJnVh1RWRo5e1F4ig6UBs3QnPfM8hZ9CnnTN9QTWtLY/urdVWSJFZYAqzU3zADw0LvqS/GxJnkkza0tTzQ==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-YCn+cUn5IWzAnD+URrUMfDVZ9SjPtPw//qVIYf7ZIMxmh+oODCN/NbZq30K/8ldA1Al0udP5RQg4PyE6j6wdBQ==" crossorigin="anonymous"></script>
<!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]-->

13
tst/Bootstrap.php
View File

@ -166,12 +166,9 @@ class Helper
* @param array $meta
* @return array
*/
public static function getPastePostJson($version = 2, array $meta = array())
public static function getPasteJson($version = 2, array $meta = array())
{
$example = self::getPastePost($version, $meta);
$example['adata'] = json_encode($example['adata']);
$example['meta'] = json_encode($example['meta']);
return $example;
return json_encode(self::getPastePost($version, $meta));
}
/**
@ -223,11 +220,9 @@ class Helper
* @param int $version
* @return array
*/
public static function getCommentPostJson()
public static function getCommentJson()
{
$example = self::getCommentPost();
$example['adata'] = json_encode($example['adata']);
return $example;
return json_encode(self::getCommentPost());
}
/**

126
tst/ControllerTest.php
View File

@ -4,6 +4,7 @@ use PrivateBin\Controller;
use PrivateBin\Data\Filesystem;
use PrivateBin\Persistence\ServerSalt;
use PrivateBin\Persistence\TrafficLimiter;
use PrivateBin\Request;
class ControllerTest extends PHPUnit_Framework_TestCase
{
@ -131,10 +132,13 @@ class ControllerTest extends PHPUnit_Framework_TestCase
*/
public function testHtaccess()
{
$file = $this->_path . DIRECTORY_SEPARATOR . '.htaccess';
@unlink($file);
$htaccess = $this->_path . DIRECTORY_SEPARATOR . '.htaccess';
@unlink($htaccess);
$_POST = Helper::getPastePostJson();
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -142,7 +146,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
new Controller;
ob_end_clean();
$this->assertFileExists($file, 'htaccess recreated');
$this->assertFileExists($htaccess, 'htaccess recreated');
}
/**
@ -163,7 +167,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson();
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -190,7 +197,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson(2, array('expire' => 25));
$paste = Helper::getPasteJson(2, array('expire' => 25));
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -219,7 +229,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options['main']['sizelimit'] = 10;
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson();
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -240,7 +253,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['header'] = 'X_FORWARDED_FOR';
Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson();
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_FORWARDED_FOR'] = '::2';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
@ -269,7 +285,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
$_POST = Helper::getPastePostJson();
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -290,9 +309,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson();
$_POST['expire'] = '5min';
$_POST['formatter'] = 'foo';
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -321,9 +341,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson();
$_POST['expire'] = '5min';
$_POST['opendiscussion'] = '1';
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -353,8 +374,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson();
$_POST['expire'] = 'foo';
$paste = Helper::getPasteJson(2, array('expire' => 'foo'));
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -381,10 +404,11 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson();
$adata = Helper::getPaste()['adata'];
$adata[3] = 'neither 1 nor 0';
$_POST['adata'] = json_encode($adata);
$paste = Helper::getPastePost();
$paste['adata'][3] = 'neither 1 nor 0';
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, json_encode($paste));
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -405,10 +429,11 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson();
$adata = Helper::getPaste()['adata'];
$adata[2] = 'neither 1 nor 0';
$_POST['adata'] = json_encode($adata);
$paste = Helper::getPastePost();
$paste['adata'][2] = 'neither 1 nor 0';
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, json_encode($paste));
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -426,21 +451,20 @@ class ControllerTest extends PHPUnit_Framework_TestCase
* silently removed, check that this case is handled
*
* @runInSeparateProcess
* @expectedException Exception
* @expectedExceptionCode 90
*/
public function testCreateBrokenUpload()
{
$_POST = Helper::getPastePostJson();
$paste = substr(Helper::getPasteJson(), 0, -10);
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
$_POST['ct'] = ' ';
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste does not exists before posting data');
ob_start();
new Controller;
$content = ob_get_contents();
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data');
}
@ -449,7 +473,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
*/
public function testCreateTooSoon()
{
$_POST = Helper::getPastePostJson();
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -474,7 +501,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getCommentPostJson();
$comment = Helper::getCommentJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $comment);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -496,8 +526,11 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getCommentPostJson();
$_POST['parentid'] = 'foo';
$comment = Helper::getCommentPost();
$comment['parentid'] = 'foo';
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, json_encode($comment));
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -519,7 +552,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getCommentPostJson();
$comment = Helper::getCommentJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $comment);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -543,7 +579,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getCommentPostJson();
$comment = Helper::getCommentJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $comment);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -567,7 +606,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
$this->_model->createComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId(), Helper::getComment());
$this->assertTrue($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId()), 'comment exists before posting data');
$_POST = Helper::getCommentPostJson();
$comment = Helper::getCommentJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $comment);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -829,7 +871,11 @@ class ControllerTest extends PHPUnit_Framework_TestCase
{
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
$_POST['deletetoken'] = 'burnafterreading';
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, json_encode(array(
'deletetoken' => 'burnafterreading',
)));
Request::setInputStream($file);
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';

17
tst/JsonApiTest.php
View File

@ -48,7 +48,10 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson();
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -77,9 +80,9 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$paste = Helper::getPastePostJson();
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, http_build_query($paste));
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
@ -113,7 +116,7 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
$paste = $this->_model->read(Helper::getPasteId());
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, http_build_query(array(
file_put_contents($file, json_encode(array(
'deletetoken' => hash_hmac('sha256', Helper::getPasteId(), $paste['meta']['salt']),
)));
Request::setInputStream($file);
@ -139,10 +142,12 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
$paste = $this->_model->read(Helper::getPasteId());
$_POST = array(
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, json_encode(array(
'pasteid' => Helper::getPasteId(),
'deletetoken' => hash_hmac('sha256', Helper::getPasteId(), $paste['meta']['salt']),
);
)));
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
ob_start();

14
tst/RequestTest.php
View File

@ -93,7 +93,7 @@ class RequestTest extends PHPUnit_Framework_TestCase
$_SERVER['REQUEST_METHOD'] = 'PUT';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, 'ct=foo');
file_put_contents($file, '{"ct":"foo"}');
Request::setInputStream($file);
$request = new Request;
unlink($file);
@ -107,8 +107,10 @@ class RequestTest extends PHPUnit_Framework_TestCase
$this->reset();
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['HTTP_ACCEPT'] = 'application/json, text/javascript, */*; q=0.01';
$_POST['ct'] = 'foo';
$request = new Request;
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, '{"ct":"foo"}');
Request::setInputStream($file);
$request = new Request;
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
$this->assertEquals('create', $request->getOperation());
$this->assertEquals('foo', $request->getParam('ct'));
@ -136,8 +138,10 @@ class RequestTest extends PHPUnit_Framework_TestCase
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['QUERY_STRING'] = $id;
$_GET = array($id => '');
$_POST['deletetoken'] = 'bar';
$request = new Request;
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, '{"deletetoken":"bar"}');
Request::setInputStream($file);
$request = new Request;
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
$this->assertEquals('delete', $request->getOperation());
$this->assertEquals($id, $request->getParam('pasteid'));