Merge branch 'master' into pg-tables-query

This commit is contained in:
El RIDO 2024-07-09 21:30:17 +02:00
commit cf95e0b1d1
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92
16 changed files with 462 additions and 450 deletions

View File

@ -32,11 +32,7 @@ jobs:
- name: Publish Test Results - name: Publish Test Results
uses: EnricoMi/publish-unit-test-result-action@v2 uses: EnricoMi/publish-unit-test-result-action@v2
with: with:
check_name: "Test Results (${{ github.event.workflow_run.event || github.event_name }})"
commit: ${{ github.event.workflow_run.head_sha }} commit: ${{ github.event.workflow_run.head_sha }}
event_file: artifacts/Event File/event.json event_file: artifacts/Event File/event.json
event_name: ${{ github.event.workflow_run.event }} event_name: ${{ github.event.workflow_run.event }}
files: | files: "artifacts/**/*.xml"
artifacts/**/*.xml
artifacts/**/*.trx
artifacts/**/*.json

View File

@ -7,9 +7,6 @@ jobs:
Composer: Composer:
runs-on: ubuntu-latest runs-on: ubuntu-latest
# https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#handling-failures
continue-on-error: ${{ matrix.experimental }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
@ -21,7 +18,8 @@ jobs:
PHPunit: PHPunit:
name: PHP ${{ matrix.php-versions }} unit tests on ${{ matrix.operating-system }} name: PHP ${{ matrix.php-versions }} unit tests on ${{ matrix.operating-system }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
continue-on-error: ${{ matrix.experimental }} # https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#handling-failures
continue-on-error: "${{ matrix.experimental }}"
strategy: strategy:
matrix: matrix:
php-versions: ['7.3', '7.4', '8.0', '8.1', '8.2', '8.3'] php-versions: ['7.3', '7.4', '8.0', '8.1', '8.2', '8.3']
@ -86,9 +84,9 @@ jobs:
- name: Cache dependencies - name: Cache dependencies
uses: actions/cache@v4 uses: actions/cache@v4
with: with:
path: ${{ steps.composer-cache.outputs.dir }} path: "${{ steps.composer-cache.outputs.dir }}"
key: ${{ runner.os }}-composer-${{ steps.get-date.outputs.date }}-${{ hashFiles('**/composer.json') }} key: "${{ runner.os }}-composer-${{ steps.get-date.outputs.date }}-${{ hashFiles('**/composer.json') }}"
restore-keys: ${{ runner.os }}-composer-${{ steps.get-date.outputs.date }}- restore-keys: "${{ runner.os }}-composer-${{ steps.get-date.outputs.date }}-"
# composer installation # composer installation
- name: Unset platform requirement - name: Unset platform requirement
@ -152,5 +150,4 @@ jobs:
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4
with: with:
name: Event File name: Event File
path: ${{ github.event_path }} path: "${{ github.event_path }}"

1
.gitignore vendored
View File

@ -28,6 +28,7 @@ vendor/**/build_phar.php
# Ignore local node modules, unit testing logs, api docs and IDE project files # Ignore local node modules, unit testing logs, api docs and IDE project files
js/node_modules/ js/node_modules/
js/mocha-results.xml
js/test.log js/test.log
tst/log/ tst/log/
tst/ConfigurationCombinationsTest.php tst/ConfigurationCombinationsTest.php

View File

@ -1,12 +1,16 @@
# PrivateBin version history # PrivateBin version history
## 1.7.4 (not yet released) ## 1.7.5 (not yet released)
* CHANGED: Simpler PostgreSQL table lookup query (#1361)
## 1.7.4 (2024-07-09)
* CHANGED: Saving markdown pastes uses `.md` extension instead of `.txt` (#1293) * CHANGED: Saving markdown pastes uses `.md` extension instead of `.txt` (#1293)
* CHANGED: Enable strict type checking in PHP (#1350) * CHANGED: Enable strict type checking in PHP (#1350)
* CHANGED: Simpler PostgreSQL table lookup query (#1361) * CHANGED: Various tweaks of the `bootstrap5` template, suggested by the community
* FIXED: Reset password input field on creation of new paste (#1194) * FIXED: Reset password input field on creation of new paste (#1194)
* FIXED: Allow database schema upgrade to skip versions (#1343) * FIXED: Allow database schema upgrade to skip versions (#1343)
* FIXED: `bootstrap5` dark mode toggle unset on dark browser preference (#1340) * FIXED: `bootstrap5` dark mode toggle unset on dark browser preference (#1340)
* FIXED: Prevent bypassing YOURLS proxy URL filter, allowing to shorten non-self URLs
## 1.7.3 (2024-05-13) ## 1.7.3 (2024-05-13)
* CHANGED: Various tweaks of the `bootstrap5` template, suggested by the community * CHANGED: Various tweaks of the `bootstrap5` template, suggested by the community

View File

@ -1,7 +1,7 @@
.PHONY: all coverage coverage-js coverage-php doc doc-js doc-php increment sign test test-js test-php help .PHONY: all coverage coverage-js coverage-php doc doc-js doc-php increment sign test test-js test-php help
CURRENT_VERSION = 1.7.3 CURRENT_VERSION = 1.7.4
VERSION ?= 1.7.4 VERSION ?= 1.7.5
VERSION_FILES = README.md SECURITY.md doc/Installation.md js/package*.json lib/Controller.php Makefile VERSION_FILES = README.md SECURITY.md doc/Installation.md js/package*.json lib/Controller.php Makefile
REGEX_CURRENT_VERSION := $(shell echo $(CURRENT_VERSION) | sed "s/\./\\\./g") REGEX_CURRENT_VERSION := $(shell echo $(CURRENT_VERSION) | sed "s/\./\\\./g")
REGEX_VERSION := $(shell echo $(VERSION) | sed "s/\./\\\./g") REGEX_VERSION := $(shell echo $(VERSION) | sed "s/\./\\\./g")

View File

@ -1,6 +1,6 @@
# [![PrivateBin](https://cdn.rawgit.com/PrivateBin/assets/master/images/preview/logoSmall.png)](https://privatebin.info/) # [![PrivateBin](https://cdn.rawgit.com/PrivateBin/assets/master/images/preview/logoSmall.png)](https://privatebin.info/)
*Current version: 1.7.3* *Current version: 1.7.4*
**PrivateBin** is a minimalist, open source online **PrivateBin** is a minimalist, open source online
[pastebin](https://en.wikipedia.org/wiki/Pastebin) [pastebin](https://en.wikipedia.org/wiki/Pastebin)

View File

@ -4,8 +4,8 @@
| Version | Supported | | Version | Supported |
| ------- | ------------------ | | ------- | ------------------ |
| 1.7.3 | :heavy_check_mark: | | 1.7.4 | :heavy_check_mark: |
| < 1.7.3 | :x: | | < 1.7.4 | :x: |
## Reporting a Vulnerability ## Reporting a Vulnerability

View File

@ -36,6 +36,10 @@
margin-bottom: 10px; margin-bottom: 10px;
} }
#message {
height: 70vh;
}
#message, .replymessage { #message, .replymessage {
font-family: monospace; font-family: monospace;
resize: vertical; resize: vertical;

View File

@ -201,7 +201,7 @@ CREATE INDEX parent ON prefix_comment(pasteid);
CREATE TABLE prefix_config ( CREATE TABLE prefix_config (
id CHAR(16) NOT NULL, value TEXT, PRIMARY KEY (id) id CHAR(16) NOT NULL, value TEXT, PRIMARY KEY (id)
); );
INSERT INTO prefix_config VALUES('VERSION', '1.7.3'); INSERT INTO prefix_config VALUES('VERSION', '1.7.4');
``` ```
In **PostgreSQL**, the `data`, `attachment`, `nickname` and `vizhash` columns In **PostgreSQL**, the `data`, `attachment`, `nickname` and `vizhash` columns

4
js/package-lock.json generated
View File

@ -1,12 +1,12 @@
{ {
"name": "privatebin", "name": "privatebin",
"version": "1.7.3", "version": "1.7.4",
"lockfileVersion": 2, "lockfileVersion": 2,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "privatebin", "name": "privatebin",
"version": "1.7.3", "version": "1.7.4",
"license": "zlib-acknowledgement", "license": "zlib-acknowledgement",
"devDependencies": { "devDependencies": {
"@peculiar/webcrypto": "^1.1.1", "@peculiar/webcrypto": "^1.1.1",

View File

@ -1,6 +1,6 @@
{ {
"name": "privatebin", "name": "privatebin",
"version": "1.7.3", "version": "1.7.4",
"description": "PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bit AES in Galois Counter mode (GCM).", "description": "PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bit AES in Galois Counter mode (GCM).",
"main": "privatebin.js", "main": "privatebin.js",
"directories": { "directories": {
@ -16,7 +16,7 @@
}, },
"scripts": { "scripts": {
"test": "mocha", "test": "mocha",
"ci-test": "mocha --reporter-option output=mocha-results.xml" "ci-test": "mocha --reporter xunit --reporter-option output=mocha-results.xml"
}, },
"repository": { "repository": {
"type": "git", "type": "git",

View File

@ -27,7 +27,7 @@ class Controller
* *
* @const string * @const string
*/ */
const VERSION = '1.7.3'; const VERSION = '1.7.4';
/** /**
* minimal required PHP version * minimal required PHP version

View File

@ -47,7 +47,7 @@ class YourlsProxy
*/ */
public function __construct(Configuration $conf, $link) public function __construct(Configuration $conf, $link)
{ {
if (strpos($link, $conf->getKey('basepath') . '?') === false) { if (strpos($link, $conf->getKey('basepath') . '?') !== 0) {
$this->_error = 'Trying to shorten a URL that isn\'t pointing at our instance.'; $this->_error = 'Trying to shorten a URL that isn\'t pointing at our instance.';
return; return;
} }

View File

@ -28,94 +28,386 @@ require PATH . 'vendor/autoload.php';
Helper::updateSubresourceIntegrity(); Helper::updateSubresourceIntegrity();
/** /**
* Class StorageClientStub provides a limited stub for performing the unit test * Class Helper provides unit tests pastes and comments of various formats
*/ */
class StorageClientStub extends StorageClient class Helper
{ {
private $_config = null; /**
private $_connection = null; * example ID of a paste
private static $_buckets = array(); *
* @var string
*/
private static $pasteid = '5b65a01b43987bc2';
public function __construct(array $config = array()) /**
{ * example paste version 1
$this->_config = $config; *
$this->_connection = new ConnectionInterfaceStub(); * @var array
} */
private static $pasteV1 = array(
'data' => '{"iv":"EN39/wd5Nk8HAiSG2K5AsQ","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"QKN1DBXe5PI","ct":"8hA83xDdXjD7K2qfmw5NdA"}',
'attachment' => '{"iv":"Pd4pOKWkmDTT9uPwVwd5Ag","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"6nOCU3peNDclDDpFtJEBKA"}',
'attachmentname' => '{"iv":"76MkAtOGC4oFogX/aSMxRA","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"b6Ae/U1xJdsX/+lATud4sQ"}',
'meta' => array(
'formatter' => 'plaintext',
'postdate' => 1344803344,
'opendiscussion' => true,
),
);
public function bucket($name, $userProject = false) /**
* example paste version 2
*
* @var array
*/
private static $pasteV2 = array(
'adata' => array(
array(
'gMSNoLOk4z0RnmsYwXZ8mw==',
'TZO+JWuIuxs=',
100000,
256,
128,
'aes',
'gcm',
'zlib',
),
'plaintext',
1,
0,
),
'meta' => array(
'expire' => '5min',
),
'v' => 2,
'ct' => 'ME5JF/YBEijp2uYMzLZozbKtWc5wfy6R59NBb7SmRig=',
);
/**
* example ID of a comment
*
* @var string
*/
private static $commentid = '5a52eebf11c4c94b';
/**
* example comment
*
* @var array
*/
private static $commentV1 = array(
'data' => '{"iv":"Pd4pOKWkmDTT9uPwVwd5Ag","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"6nOCU3peNDclDDpFtJEBKA"}',
'meta' => array(
'nickname' => '{"iv":"76MkAtOGC4oFogX/aSMxRA","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"b6Ae/U1xJdsX/+lATud4sQ"}',
'vizhash' => 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAABGUlEQVQokWOsl5/94983CNKQMjnxaOePf98MeKwPfNjkLZ3AgARab6b9+PeNEVnDj3/ff/z7ZiHnzsDA8Pv7H2TVPJw8EAYLAwb48OaVgIgYKycLsrYv378wMDB8//qdCVMDRA9EKSsnCwRBxNsepaLboMFlyMDAICAi9uHNK24GITQ/MDAwoNhgIGMLtwGrzegaLjw5jMz9+vUdnN17uwDCQDhJgk0O07yvX9+teDX1x79v6DYIsIjgcgMaYGFgYOBg4kJx2JejkAiBxAw+PzAwMNz4dp6wDXDw4MdNNOl0rWYsNkD89OLXI/xmo9sgzatJjAYmBgYGDiauD3/ePP18nVgb4MF89+M5ZX6js293wUMpnr8KTQMAxsCJnJ30apMAAAAASUVORK5CYII=',
'postdate' => 1344803528,
),
);
/**
* JS files and their SRI hashes
*
* @var array
*/
private static $hashes = array();
/**
* get example paste ID
*
* @return string
*/
public static function getPasteId()
{ {
if (!key_exists($name, self::$_buckets)) { return self::$pasteid;
$b = new BucketStub($this->_connection, $name, array(), $this);
self::$_buckets[$name] = $b;
}
return self::$_buckets[$name];
} }
/** /**
* @throws \Google\Cloud\Core\Exception\NotFoundException * get example paste, as stored on server
*
* @param int $version
* @param array $meta
* @return array
*/ */
public function deleteBucket($name) public static function getPaste($version = 2, array $meta = array())
{ {
if (key_exists($name, self::$_buckets)) { $example = self::getPasteWithAttachment($version, $meta);
unset(self::$_buckets[$name]); // v1 has the attachment stored in a separate property
if ($version === 1) {
unset($example['attachment'], $example['attachmentname']);
}
return $example;
}
/**
* get example paste with attachment, as stored on server
*
* @param int $version
* @param array $meta
* @return array
*/
public static function getPasteWithAttachment($version = 2, array $meta = array())
{
$example = $version === 1 ? self::$pasteV1 : self::$pasteV2;
$example['meta']['salt'] = ServerSalt::generate();
$example['meta'] = array_merge($example['meta'], $meta);
return $example;
}
/**
* get example paste, as decoded from POST by the request object
*
* @param int $version
* @param array $meta
* @return array
*/
public static function getPastePost($version = 2, array $meta = array())
{
$example = self::getPaste($version, $meta);
if ($version == 2) {
$example['meta'] = array('expire' => $example['meta']['expire']);
} else { } else {
throw new NotFoundException(); unset($example['meta']['postdate']);
}
return $example;
}
/**
* get example paste, as received via POST by the user
*
* @param int $version
* @param array $meta
* @return array
*/
public static function getPasteJson($version = 2, array $meta = array())
{
return json_encode(self::getPastePost($version, $meta));
}
/**
* get example paste ID
*
* @return string
*/
public static function getCommentId()
{
return self::$commentid;
}
/**
* get example comment, as stored on server
*
* @param int $version
* @param array $meta
* @return array
*/
public static function getComment($version = 2, array $meta = array())
{
$example = $version === 1 ? self::$commentV1 : self::$pasteV2;
if ($version === 2) {
$example['adata'] = $example['adata'][0];
$example['pasteid'] = $example['parentid'] = self::getPasteId();
$example['meta']['created'] = self::$commentV1['meta']['postdate'];
$example['meta']['icon'] = self::$commentV1['meta']['vizhash'];
unset($example['meta']['expire']);
}
$example['meta'] = array_merge($example['meta'], $meta);
return $example;
}
/**
* get example comment, as decoded from POST by the request object
*
* @param int $version
* @return array
*/
public static function getCommentPost()
{
$example = self::getComment();
unset($example['meta']);
return $example;
}
/**
* get example comment, as received via POST by user
*
* @param int $version
* @return array
*/
public static function getCommentJson()
{
return json_encode(self::getCommentPost());
}
/**
* delete directory and all its contents recursively
*
* @param string $path
* @throws Exception
*/
public static function rmDir($path)
{
if (is_dir($path)) {
$path .= DIRECTORY_SEPARATOR;
$dir = dir($path);
while (false !== ($file = $dir->read())) {
if ($file != '.' && $file != '..') {
if (is_dir($path . $file)) {
self::rmDir($path . $file);
} elseif (is_file($path . $file)) {
if (!unlink($path . $file)) {
throw new Exception('Error deleting file "' . $path . $file . '".');
}
}
}
}
$dir->close();
if (!rmdir($path)) {
throw new Exception('Error deleting directory "' . $path . '".');
}
} }
} }
public function buckets(array $options = array()) /**
* create a backup of the config file
*
* @return void
*/
public static function confBackup()
{ {
throw new BadMethodCallException('not supported by this stub'); if (!is_file(CONF . '.bak') && is_file(CONF)) {
} rename(CONF, CONF . '.bak');
}
public function registerStreamWrapper($protocol = null) if (!is_file(CONF_SAMPLE . '.bak') && is_file(CONF_SAMPLE)) {
{ copy(CONF_SAMPLE, CONF_SAMPLE . '.bak');
throw new BadMethodCallException('not supported by this stub'); }
} }
public function unregisterStreamWrapper($protocol = null) /**
{ * restor backup of the config file
throw new BadMethodCallException('not supported by this stub'); *
} * @return void
*/
public function signedUrlUploader($uri, $data, array $options = array()) public static function confRestore()
{ {
throw new BadMethodCallException('not supported by this stub'); if (is_file(CONF . '.bak')) {
} rename(CONF . '.bak', CONF);
}
public function timestamp(\DateTimeInterface $timestamp, $nanoSeconds = null) if (is_file(CONF_SAMPLE . '.bak')) {
{ rename(CONF_SAMPLE . '.bak', CONF_SAMPLE);
throw new BadMethodCallException('not supported by this stub'); }
} }
public function getServiceAccount(array $options = array()) /**
{ * create ini file
throw new BadMethodCallException('not supported by this stub'); *
} * @param string $pathToFile
* @param array $values
public function hmacKeys(array $options = array()) */
{ public static function createIniFile($pathToFile, array $values)
throw new BadMethodCallException('not supported by this stub'); {
} if (count($values)) {
@unlink($pathToFile);
public function hmacKey($accessId, $projectId = null, array $metadata = array()) $ini = fopen($pathToFile, 'a');
{ foreach ($values as $section => $options) {
throw new BadMethodCallException('not supported by this stub'); fwrite($ini, "[$section]" . PHP_EOL);
} foreach ($options as $option => $setting) {
if (is_null($setting)) {
public function createHmacKey($serviceAccountEmail, array $options = array()) continue;
{ } elseif (is_string($setting)) {
throw new BadMethodCallException('not supported by this stub'); $setting = '"' . $setting . '"';
} } elseif (is_array($setting)) {
foreach ($setting as $key => $value) {
public function createBucket($name, array $options = array()) if (is_null($value)) {
{ $value = 'null';
if (key_exists($name, self::$_buckets)) { } elseif (is_string($value)) {
throw new BadRequestException('already exists'); $value = '"' . $value . '"';
} else {
$value = var_export($value, true);
}
fwrite($ini, $option . "[$key] = $value" . PHP_EOL);
}
continue;
} else {
$setting = var_export($setting, true);
}
fwrite($ini, "$option = $setting" . PHP_EOL);
}
fwrite($ini, PHP_EOL);
}
fclose($ini);
}
}
/**
* a var_export that returns arrays without line breaks
* by linus@flowingcreativity.net via php.net
*
* @param mixed $var
* @param bool $return
* @return void|string
*/
public static function varExportMin($var, $return = false)
{
if (is_array($var)) {
$toImplode = array();
foreach ($var as $key => $value) {
$toImplode[] = var_export($key, true) . ' => ' . self::varExportMin($value, true);
}
$code = 'array(' . implode(', ', $toImplode) . ')';
if ($return) {
return $code;
} else {
echo $code;
}
} else {
return var_export($var, $return);
}
}
/**
* update all templates with the latest SRI hashes for all JS files
*
* @return void
*/
public static function updateSubresourceIntegrity()
{
$dir = dir(PATH . 'js');
while (false !== ($file = $dir->read())) {
if (substr($file, -3) === '.js') {
self::$hashes[$file] = base64_encode(
hash('sha512', file_get_contents(
PATH . 'js' . DIRECTORY_SEPARATOR . $file
), true)
);
}
}
$dir = dir(PATH . 'tpl');
while (false !== ($file = $dir->read())) {
if (substr($file, -4) === '.php') {
$content = file_get_contents(
PATH . 'tpl' . DIRECTORY_SEPARATOR . $file
);
$content = preg_replace_callback(
'#<script ([^>]+) src="js/([a-z0-9.-]+.js)([^"]*)"( integrity="[^"]+" crossorigin="[^"]+")?></script>#',
function ($matches) {
if (array_key_exists($matches[2], Helper::$hashes)) {
return '<script ' . $matches[1] . ' src="js/' .
$matches[2] . $matches[3] .
'" integrity="sha512-' . Helper::$hashes[$matches[2]] .
'" crossorigin="anonymous"></script>';
} else {
return $matches[0];
}
},
$content
);
file_put_contents(
PATH . 'tpl' . DIRECTORY_SEPARATOR . $file,
$content
);
}
} }
$b = new BucketStub($this->_connection, $name, array(), $this);
self::$_buckets[$name] = $b;
return $b;
} }
} }
@ -610,385 +902,93 @@ class ConnectionInterfaceStub implements ConnectionInterface
} }
/** /**
* Class Helper provides unit tests pastes and comments of various formats * Class StorageClientStub provides a limited stub for performing the unit test
*/ */
class Helper class StorageClientStub extends StorageClient
{ {
/** private $_config = null;
* example ID of a paste private $_connection = null;
* private static $_buckets = array();
* @var string
*/
private static $pasteid = '5b65a01b43987bc2';
/** public function __construct(array $config = array())
* example paste version 1
*
* @var array
*/
private static $pasteV1 = array(
'data' => '{"iv":"EN39/wd5Nk8HAiSG2K5AsQ","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"QKN1DBXe5PI","ct":"8hA83xDdXjD7K2qfmw5NdA"}',
'attachment' => '{"iv":"Pd4pOKWkmDTT9uPwVwd5Ag","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"6nOCU3peNDclDDpFtJEBKA"}',
'attachmentname' => '{"iv":"76MkAtOGC4oFogX/aSMxRA","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"b6Ae/U1xJdsX/+lATud4sQ"}',
'meta' => array(
'formatter' => 'plaintext',
'postdate' => 1344803344,
'opendiscussion' => true,
),
);
/**
* example paste version 2
*
* @var array
*/
private static $pasteV2 = array(
'adata' => array(
array(
'gMSNoLOk4z0RnmsYwXZ8mw==',
'TZO+JWuIuxs=',
100000,
256,
128,
'aes',
'gcm',
'zlib',
),
'plaintext',
1,
0,
),
'meta' => array(
'expire' => '5min',
),
'v' => 2,
'ct' => 'ME5JF/YBEijp2uYMzLZozbKtWc5wfy6R59NBb7SmRig=',
);
/**
* example ID of a comment
*
* @var string
*/
private static $commentid = '5a52eebf11c4c94b';
/**
* example comment
*
* @var array
*/
private static $commentV1 = array(
'data' => '{"iv":"Pd4pOKWkmDTT9uPwVwd5Ag","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"6nOCU3peNDclDDpFtJEBKA"}',
'meta' => array(
'nickname' => '{"iv":"76MkAtOGC4oFogX/aSMxRA","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"b6Ae/U1xJdsX/+lATud4sQ"}',
'vizhash' => 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAABGUlEQVQokWOsl5/94983CNKQMjnxaOePf98MeKwPfNjkLZ3AgARab6b9+PeNEVnDj3/ff/z7ZiHnzsDA8Pv7H2TVPJw8EAYLAwb48OaVgIgYKycLsrYv378wMDB8//qdCVMDRA9EKSsnCwRBxNsepaLboMFlyMDAICAi9uHNK24GITQ/MDAwoNhgIGMLtwGrzegaLjw5jMz9+vUdnN17uwDCQDhJgk0O07yvX9+teDX1x79v6DYIsIjgcgMaYGFgYOBg4kJx2JejkAiBxAw+PzAwMNz4dp6wDXDw4MdNNOl0rWYsNkD89OLXI/xmo9sgzatJjAYmBgYGDiauD3/ePP18nVgb4MF89+M5ZX6js293wUMpnr8KTQMAxsCJnJ30apMAAAAASUVORK5CYII=',
'postdate' => 1344803528,
),
);
/**
* JS files and their SRI hashes
*
* @var array
*/
private static $hashes = array();
/**
* get example paste ID
*
* @return string
*/
public static function getPasteId()
{ {
return self::$pasteid; $this->_config = $config;
$this->_connection = new ConnectionInterfaceStub();
} }
/** public function bucket($name, $userProject = false)
* get example paste, as stored on server
*
* @param int $version
* @param array $meta
* @return array
*/
public static function getPaste($version = 2, array $meta = array())
{ {
$example = self::getPasteWithAttachment($version, $meta); if (!key_exists($name, self::$_buckets)) {
// v1 has the attachment stored in a separate property $b = new BucketStub($this->_connection, $name, array(), $this);
if ($version === 1) { self::$_buckets[$name] = $b;
unset($example['attachment'], $example['attachmentname']);
} }
return $example; return self::$_buckets[$name];
} }
/** /**
* get example paste with attachment, as stored on server * @throws \Google\Cloud\Core\Exception\NotFoundException
*
* @param int $version
* @param array $meta
* @return array
*/ */
public static function getPasteWithAttachment($version = 2, array $meta = array()) public function deleteBucket($name)
{ {
$example = $version === 1 ? self::$pasteV1 : self::$pasteV2; if (key_exists($name, self::$_buckets)) {
$example['meta']['salt'] = ServerSalt::generate(); unset(self::$_buckets[$name]);
$example['meta'] = array_merge($example['meta'], $meta);
return $example;
}
/**
* get example paste, as decoded from POST by the request object
*
* @param int $version
* @param array $meta
* @return array
*/
public static function getPastePost($version = 2, array $meta = array())
{
$example = self::getPaste($version, $meta);
if ($version == 2) {
$example['meta'] = array('expire' => $example['meta']['expire']);
} else { } else {
unset($example['meta']['postdate']); throw new NotFoundException();
}
return $example;
}
/**
* get example paste, as received via POST by the user
*
* @param int $version
* @param array $meta
* @return array
*/
public static function getPasteJson($version = 2, array $meta = array())
{
return json_encode(self::getPastePost($version, $meta));
}
/**
* get example paste ID
*
* @return string
*/
public static function getCommentId()
{
return self::$commentid;
}
/**
* get example comment, as stored on server
*
* @param int $version
* @param array $meta
* @return array
*/
public static function getComment($version = 2, array $meta = array())
{
$example = $version === 1 ? self::$commentV1 : self::$pasteV2;
if ($version === 2) {
$example['adata'] = $example['adata'][0];
$example['pasteid'] = $example['parentid'] = self::getPasteId();
$example['meta']['created'] = self::$commentV1['meta']['postdate'];
$example['meta']['icon'] = self::$commentV1['meta']['vizhash'];
unset($example['meta']['expire']);
}
$example['meta'] = array_merge($example['meta'], $meta);
return $example;
}
/**
* get example comment, as decoded from POST by the request object
*
* @param int $version
* @return array
*/
public static function getCommentPost()
{
$example = self::getComment();
unset($example['meta']);
return $example;
}
/**
* get example comment, as received via POST by user
*
* @param int $version
* @return array
*/
public static function getCommentJson()
{
return json_encode(self::getCommentPost());
}
/**
* delete directory and all its contents recursively
*
* @param string $path
* @throws Exception
*/
public static function rmDir($path)
{
if (is_dir($path)) {
$path .= DIRECTORY_SEPARATOR;
$dir = dir($path);
while (false !== ($file = $dir->read())) {
if ($file != '.' && $file != '..') {
if (is_dir($path . $file)) {
self::rmDir($path . $file);
} elseif (is_file($path . $file)) {
if (!unlink($path . $file)) {
throw new Exception('Error deleting file "' . $path . $file . '".');
}
}
}
}
$dir->close();
if (!rmdir($path)) {
throw new Exception('Error deleting directory "' . $path . '".');
}
} }
} }
/** public function buckets(array $options = array())
* create a backup of the config file
*
* @return void
*/
public static function confBackup()
{ {
if (!is_file(CONF . '.bak') && is_file(CONF)) { throw new BadMethodCallException('not supported by this stub');
rename(CONF, CONF . '.bak');
}
if (!is_file(CONF_SAMPLE . '.bak') && is_file(CONF_SAMPLE)) {
copy(CONF_SAMPLE, CONF_SAMPLE . '.bak');
}
} }
/** public function registerStreamWrapper($protocol = null)
* restor backup of the config file
*
* @return void
*/
public static function confRestore()
{ {
if (is_file(CONF . '.bak')) { throw new BadMethodCallException('not supported by this stub');
rename(CONF . '.bak', CONF);
}
if (is_file(CONF_SAMPLE . '.bak')) {
rename(CONF_SAMPLE . '.bak', CONF_SAMPLE);
}
} }
/** public function unregisterStreamWrapper($protocol = null)
* create ini file
*
* @param string $pathToFile
* @param array $values
*/
public static function createIniFile($pathToFile, array $values)
{ {
if (count($values)) { throw new BadMethodCallException('not supported by this stub');
@unlink($pathToFile);
$ini = fopen($pathToFile, 'a');
foreach ($values as $section => $options) {
fwrite($ini, "[$section]" . PHP_EOL);
foreach ($options as $option => $setting) {
if (is_null($setting)) {
continue;
} elseif (is_string($setting)) {
$setting = '"' . $setting . '"';
} elseif (is_array($setting)) {
foreach ($setting as $key => $value) {
if (is_null($value)) {
$value = 'null';
} elseif (is_string($value)) {
$value = '"' . $value . '"';
} else {
$value = var_export($value, true);
}
fwrite($ini, $option . "[$key] = $value" . PHP_EOL);
}
continue;
} else {
$setting = var_export($setting, true);
}
fwrite($ini, "$option = $setting" . PHP_EOL);
}
fwrite($ini, PHP_EOL);
}
fclose($ini);
}
} }
/** public function signedUrlUploader($uri, $data, array $options = array())
* a var_export that returns arrays without line breaks
* by linus@flowingcreativity.net via php.net
*
* @param mixed $var
* @param bool $return
* @return void|string
*/
public static function varExportMin($var, $return = false)
{ {
if (is_array($var)) { throw new BadMethodCallException('not supported by this stub');
$toImplode = array();
foreach ($var as $key => $value) {
$toImplode[] = var_export($key, true) . ' => ' . self::varExportMin($value, true);
}
$code = 'array(' . implode(', ', $toImplode) . ')';
if ($return) {
return $code;
} else {
echo $code;
}
} else {
return var_export($var, $return);
}
} }
/** public function timestamp(\DateTimeInterface $timestamp, $nanoSeconds = null)
* update all templates with the latest SRI hashes for all JS files
*
* @return void
*/
public static function updateSubresourceIntegrity()
{ {
$dir = dir(PATH . 'js'); throw new BadMethodCallException('not supported by this stub');
while (false !== ($file = $dir->read())) { }
if (substr($file, -3) === '.js') {
self::$hashes[$file] = base64_encode(
hash('sha512', file_get_contents(
PATH . 'js' . DIRECTORY_SEPARATOR . $file
), true)
);
}
}
$dir = dir(PATH . 'tpl'); public function getServiceAccount(array $options = array())
while (false !== ($file = $dir->read())) { {
if (substr($file, -4) === '.php') { throw new BadMethodCallException('not supported by this stub');
$content = file_get_contents( }
PATH . 'tpl' . DIRECTORY_SEPARATOR . $file
); public function hmacKeys(array $options = array())
$content = preg_replace_callback( {
'#<script ([^>]+) src="js/([a-z0-9.-]+.js)([^"]*)"( integrity="[^"]+" crossorigin="[^"]+")?></script>#', throw new BadMethodCallException('not supported by this stub');
function ($matches) { }
if (array_key_exists($matches[2], Helper::$hashes)) {
return '<script ' . $matches[1] . ' src="js/' . public function hmacKey($accessId, $projectId = null, array $metadata = array())
$matches[2] . $matches[3] . {
'" integrity="sha512-' . Helper::$hashes[$matches[2]] . throw new BadMethodCallException('not supported by this stub');
'" crossorigin="anonymous"></script>'; }
} else {
return $matches[0]; public function createHmacKey($serviceAccountEmail, array $options = array())
} {
}, throw new BadMethodCallException('not supported by this stub');
$content }
);
file_put_contents( public function createBucket($name, array $options = array())
PATH . 'tpl' . DIRECTORY_SEPARATOR . $file, {
$content if (key_exists($name, self::$_buckets)) {
); throw new BadRequestException('already exists');
}
} }
$b = new BucketStub($this->_connection, $name, array(), $this);
self::$_buckets[$name] = $b;
return $b;
} }
} }

View File

@ -325,6 +325,9 @@ class JsonApiTest extends TestCase
*/ */
public function testShortenViaYourlsFailure() public function testShortenViaYourlsFailure()
{ {
$options = parse_ini_file(CONF, true);
$options['main']['basepath'] = 'https://example.com/path'; // missing slash gets added by Configuration constructor
Helper::createIniFile(CONF, $options);
$_SERVER['REQUEST_URI'] = '/path/shortenviayourls?link=https%3A%2F%2Fexample.com%2Fpath%2F%3Ffoo%23bar'; $_SERVER['REQUEST_URI'] = '/path/shortenviayourls?link=https%3A%2F%2Fexample.com%2Fpath%2F%3Ffoo%23bar';
$_GET['link'] = 'https://example.com/path/?foo#bar'; $_GET['link'] = 'https://example.com/path/?foo#bar';
ob_start(); ob_start();

View File

@ -54,6 +54,13 @@ class YourlsProxyTest extends TestCase
$this->assertEquals($yourls->getError(), 'Trying to shorten a URL that isn\'t pointing at our instance.'); $this->assertEquals($yourls->getError(), 'Trying to shorten a URL that isn\'t pointing at our instance.');
} }
public function testSneakyForeignUrl()
{
$yourls = new YourlsProxy($this->_conf, 'https://other.example.com/?q=https://example.com/?foo#bar');
$this->assertTrue($yourls->isError());
$this->assertEquals($yourls->getError(), 'Trying to shorten a URL that isn\'t pointing at our instance.');
}
public function testYourlsError() public function testYourlsError()
{ {
// when statusCode is not 200, shorturl may not have been set // when statusCode is not 200, shorturl may not have been set