Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2024-10-01 01:26:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into pg-tables-query

Browse Source
This commit is contained in:
El RIDO 2024-07-09 21:30:17 +02:00
commit cf95e0b1d1
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92
16 changed files with 462 additions and 450 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/test-results.yml vendored
View File

@ -32,11 +32,7 @@ jobs:
- name: Publish Test Results
uses: EnricoMi/publish-unit-test-result-action@v2
with:
check_name: "Test Results (${{ github.event.workflow_run.event || github.event_name }})"
commit: ${{ github.event.workflow_run.head_sha }}
event_file: artifacts/Event File/event.json
event_name: ${{ github.event.workflow_run.event }}
files: |
artifacts/**/*.xml
artifacts/**/*.trx
artifacts/**/*.json
files: "artifacts/**/*.xml"

19
.github/workflows/tests.yml vendored
View File

@ -7,9 +7,6 @@ jobs:
Composer:
runs-on: ubuntu-latest
# https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#handling-failures
continue-on-error: ${{ matrix.experimental }}
steps:
- name: Checkout
uses: actions/checkout@v4
@ -21,7 +18,8 @@ jobs:
PHPunit:
name: PHP ${{ matrix.php-versions }} unit tests on ${{ matrix.operating-system }}
runs-on: ubuntu-latest
continue-on-error: ${{ matrix.experimental }}
# https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#handling-failures
continue-on-error: "${{ matrix.experimental }}"
strategy:
matrix:
php-versions: ['7.3', '7.4', '8.0', '8.1', '8.2', '8.3']
@ -86,9 +84,9 @@ jobs:
- name: Cache dependencies
uses: actions/cache@v4
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ steps.get-date.outputs.date }}-${{ hashFiles('**/composer.json') }}
restore-keys: ${{ runner.os }}-composer-${{ steps.get-date.outputs.date }}-
path: "${{ steps.composer-cache.outputs.dir }}"
key: "${{ runner.os }}-composer-${{ steps.get-date.outputs.date }}-${{ hashFiles('**/composer.json') }}"
restore-keys: "${{ runner.os }}-composer-${{ steps.get-date.outputs.date }}-"
# composer installation
- name: Unset platform requirement
@ -136,14 +134,14 @@ jobs:
- name: Run unit tests
run: npm run ci-test
working-directory: js
- name: Upload Test Results
if: always()
uses: actions/upload-artifact@v4
with:
name: Test Results (Mocha)
path: js/mocha-results.xml
event_file:
name: "Event File"
runs-on: ubuntu-latest
@ -152,5 +150,4 @@ jobs:
uses: actions/upload-artifact@v4
with:
name: Event File
path: ${{ github.event_path }}
path: "${{ github.event_path }}"

1
.gitignore vendored
View File

@ -28,6 +28,7 @@ vendor/**/build_phar.php
# Ignore local node modules, unit testing logs, api docs and IDE project files
js/node_modules/
js/mocha-results.xml
js/test.log
tst/log/
tst/ConfigurationCombinationsTest.php

8
CHANGELOG.md
View File

@ -1,12 +1,16 @@
# PrivateBin version history
## 1.7.4 (not yet released)
## 1.7.5 (not yet released)
* CHANGED: Simpler PostgreSQL table lookup query (#1361)
## 1.7.4 (2024-07-09)
* CHANGED: Saving markdown pastes uses `.md` extension instead of `.txt` (#1293)
* CHANGED: Enable strict type checking in PHP (#1350)
* CHANGED: Simpler PostgreSQL table lookup query (#1361)
* CHANGED: Various tweaks of the `bootstrap5` template, suggested by the community
* FIXED: Reset password input field on creation of new paste (#1194)
* FIXED: Allow database schema upgrade to skip versions (#1343)
* FIXED: `bootstrap5` dark mode toggle unset on dark browser preference (#1340)
* FIXED: Prevent bypassing YOURLS proxy URL filter, allowing to shorten non-self URLs
## 1.7.3 (2024-05-13)
* CHANGED: Various tweaks of the `bootstrap5` template, suggested by the community

4
Makefile
View File

@ -1,7 +1,7 @@
.PHONY: all coverage coverage-js coverage-php doc doc-js doc-php increment sign test test-js test-php help
CURRENT_VERSION = 1.7.3
VERSION ?= 1.7.4
CURRENT_VERSION = 1.7.4
VERSION ?= 1.7.5
VERSION_FILES = README.md SECURITY.md doc/Installation.md js/package*.json lib/Controller.php Makefile
REGEX_CURRENT_VERSION := $(shell echo $(CURRENT_VERSION) | sed "s/\./\\\./g")
REGEX_VERSION := $(shell echo $(VERSION) | sed "s/\./\\\./g")

2
README.md
View File

@ -1,6 +1,6 @@
# [![PrivateBin](https://cdn.rawgit.com/PrivateBin/assets/master/images/preview/logoSmall.png)](https://privatebin.info/)
*Current version: 1.7.3*
*Current version: 1.7.4*
**PrivateBin** is a minimalist, open source online
[pastebin](https://en.wikipedia.org/wiki/Pastebin)

4
SECURITY.md
View File

@ -4,8 +4,8 @@
| Version | Supported |
| ------- | ------------------ |
| 1.7.3 | :heavy_check_mark: |
| < 1.7.3 | :x: |
| 1.7.4 | :heavy_check_mark: |
| < 1.7.4 | :x: |
## Reporting a Vulnerability

4
css/bootstrap5/privatebin.css
View File

@ -36,6 +36,10 @@
margin-bottom: 10px;
}
#message {
height: 70vh;
}
#message, .replymessage {
font-family: monospace;
resize: vertical;

2
doc/Installation.md
View File

@ -201,7 +201,7 @@ CREATE INDEX parent ON prefix_comment(pasteid);
CREATE TABLE prefix_config (
id CHAR(16) NOT NULL, value TEXT, PRIMARY KEY (id)
);
INSERT INTO prefix_config VALUES('VERSION', '1.7.3');
INSERT INTO prefix_config VALUES('VERSION', '1.7.4');
```
In **PostgreSQL**, the `data`, `attachment`, `nickname` and `vizhash` columns

4
js/package-lock.json generated
View File

@ -1,12 +1,12 @@
{
"name": "privatebin",
"version": "1.7.3",
"version": "1.7.4",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "privatebin",
"version": "1.7.3",
"version": "1.7.4",
"license": "zlib-acknowledgement",
"devDependencies": {
"@peculiar/webcrypto": "^1.1.1",

4
js/package.json
View File

@ -1,6 +1,6 @@
{
"name": "privatebin",
"version": "1.7.3",
"version": "1.7.4",
"description": "PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bit AES in Galois Counter mode (GCM).",
"main": "privatebin.js",
"directories": {
@ -16,7 +16,7 @@
},
"scripts": {
"test": "mocha",
"ci-test": "mocha --reporter-option output=mocha-results.xml"
"ci-test": "mocha --reporter xunit --reporter-option output=mocha-results.xml"
},
"repository": {
"type": "git",

2
lib/Controller.php
View File

@ -27,7 +27,7 @@ class Controller
*
* @const string
*/
const VERSION = '1.7.3';
const VERSION = '1.7.4';
/**
* minimal required PHP version

2
lib/YourlsProxy.php
View File

@ -47,7 +47,7 @@ class YourlsProxy
*/
public function __construct(Configuration $conf, $link)
{
if (strpos($link, $conf->getKey('basepath') . '?') === false) {
if (strpos($link, $conf->getKey('basepath') . '?') !== 0) {
$this->_error = 'Trying to shorten a URL that isn\'t pointing at our instance.';
return;
}

840
tst/Bootstrap.php
View File

@ -28,94 +28,386 @@ require PATH . 'vendor/autoload.php';
Helper::updateSubresourceIntegrity();
/**
* Class StorageClientStub provides a limited stub for performing the unit test
* Class Helper provides unit tests pastes and comments of various formats
*/
class StorageClientStub extends StorageClient
class Helper
{
private $_config = null;
private $_connection = null;
private static $_buckets = array();
/**
* example ID of a paste
*
* @var string
*/
private static $pasteid = '5b65a01b43987bc2';
public function __construct(array $config = array())
{
$this->_config = $config;
$this->_connection = new ConnectionInterfaceStub();
}
/**
* example paste version 1
*
* @var array
*/
private static $pasteV1 = array(
'data' => '{"iv":"EN39/wd5Nk8HAiSG2K5AsQ","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"QKN1DBXe5PI","ct":"8hA83xDdXjD7K2qfmw5NdA"}',
'attachment' => '{"iv":"Pd4pOKWkmDTT9uPwVwd5Ag","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"6nOCU3peNDclDDpFtJEBKA"}',
'attachmentname' => '{"iv":"76MkAtOGC4oFogX/aSMxRA","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"b6Ae/U1xJdsX/+lATud4sQ"}',
'meta' => array(
'formatter' => 'plaintext',
'postdate' => 1344803344,
'opendiscussion' => true,
),
);
public function bucket($name, $userProject = false)
/**
* example paste version 2
*
* @var array
*/
private static $pasteV2 = array(
'adata' => array(
array(
'gMSNoLOk4z0RnmsYwXZ8mw==',
'TZO+JWuIuxs=',
100000,
256,
128,
'aes',
'gcm',
'zlib',
),
'plaintext',
1,
0,
),
'meta' => array(
'expire' => '5min',
),
'v' => 2,
'ct' => 'ME5JF/YBEijp2uYMzLZozbKtWc5wfy6R59NBb7SmRig=',
);
/**
* example ID of a comment
*
* @var string
*/
private static $commentid = '5a52eebf11c4c94b';
/**
* example comment
*
* @var array
*/
private static $commentV1 = array(
'data' => '{"iv":"Pd4pOKWkmDTT9uPwVwd5Ag","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"6nOCU3peNDclDDpFtJEBKA"}',
'meta' => array(
'nickname' => '{"iv":"76MkAtOGC4oFogX/aSMxRA","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"b6Ae/U1xJdsX/+lATud4sQ"}',
'vizhash' => 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAABGUlEQVQokWOsl5/94983CNKQMjnxaOePf98MeKwPfNjkLZ3AgARab6b9+PeNEVnDj3/ff/z7ZiHnzsDA8Pv7H2TVPJw8EAYLAwb48OaVgIgYKycLsrYv378wMDB8//qdCVMDRA9EKSsnCwRBxNsepaLboMFlyMDAICAi9uHNK24GITQ/MDAwoNhgIGMLtwGrzegaLjw5jMz9+vUdnN17uwDCQDhJgk0O07yvX9+teDX1x79v6DYIsIjgcgMaYGFgYOBg4kJx2JejkAiBxAw+PzAwMNz4dp6wDXDw4MdNNOl0rWYsNkD89OLXI/xmo9sgzatJjAYmBgYGDiauD3/ePP18nVgb4MF89+M5ZX6js293wUMpnr8KTQMAxsCJnJ30apMAAAAASUVORK5CYII=',
'postdate' => 1344803528,
),
);
/**
* JS files and their SRI hashes
*
* @var array
*/
private static $hashes = array();
/**
* get example paste ID
*
* @return string
*/
public static function getPasteId()
{
if (!key_exists($name, self::$_buckets)) {
$b = new BucketStub($this->_connection, $name, array(), $this);
self::$_buckets[$name] = $b;
}
return self::$_buckets[$name];
return self::$pasteid;
}
/**
* @throws \Google\Cloud\Core\Exception\NotFoundException
* get example paste, as stored on server
*
* @param int $version
* @param array $meta
* @return array
*/
public function deleteBucket($name)
public static function getPaste($version = 2, array $meta = array())
{
if (key_exists($name, self::$_buckets)) {
unset(self::$_buckets[$name]);
$example = self::getPasteWithAttachment($version, $meta);
// v1 has the attachment stored in a separate property
if ($version === 1) {
unset($example['attachment'], $example['attachmentname']);
}
return $example;
}
/**
* get example paste with attachment, as stored on server
*
* @param int $version
* @param array $meta
* @return array
*/
public static function getPasteWithAttachment($version = 2, array $meta = array())
{
$example = $version === 1 ? self::$pasteV1 : self::$pasteV2;
$example['meta']['salt'] = ServerSalt::generate();
$example['meta'] = array_merge($example['meta'], $meta);
return $example;
}
/**
* get example paste, as decoded from POST by the request object
*
* @param int $version
* @param array $meta
* @return array
*/
public static function getPastePost($version = 2, array $meta = array())
{
$example = self::getPaste($version, $meta);
if ($version == 2) {
$example['meta'] = array('expire' => $example['meta']['expire']);
} else {
throw new NotFoundException();
unset($example['meta']['postdate']);
}
return $example;
}
/**
* get example paste, as received via POST by the user
*
* @param int $version
* @param array $meta
* @return array
*/
public static function getPasteJson($version = 2, array $meta = array())
{
return json_encode(self::getPastePost($version, $meta));
}
/**
* get example paste ID
*
* @return string
*/
public static function getCommentId()
{
return self::$commentid;
}
/**
* get example comment, as stored on server
*
* @param int $version
* @param array $meta
* @return array
*/
public static function getComment($version = 2, array $meta = array())
{
$example = $version === 1 ? self::$commentV1 : self::$pasteV2;
if ($version === 2) {
$example['adata'] = $example['adata'][0];
$example['pasteid'] = $example['parentid'] = self::getPasteId();
$example['meta']['created'] = self::$commentV1['meta']['postdate'];
$example['meta']['icon'] = self::$commentV1['meta']['vizhash'];
unset($example['meta']['expire']);
}
$example['meta'] = array_merge($example['meta'], $meta);
return $example;
}
/**
* get example comment, as decoded from POST by the request object
*
* @param int $version
* @return array
*/
public static function getCommentPost()
{
$example = self::getComment();
unset($example['meta']);
return $example;
}
/**
* get example comment, as received via POST by user
*
* @param int $version
* @return array
*/
public static function getCommentJson()
{
return json_encode(self::getCommentPost());
}
/**
* delete directory and all its contents recursively
*
* @param string $path
* @throws Exception
*/
public static function rmDir($path)
{
if (is_dir($path)) {
$path .= DIRECTORY_SEPARATOR;
$dir = dir($path);
while (false !== ($file = $dir->read())) {
if ($file != '.' && $file != '..') {
if (is_dir($path . $file)) {
self::rmDir($path . $file);
} elseif (is_file($path . $file)) {
if (!unlink($path . $file)) {
throw new Exception('Error deleting file "' . $path . $file . '".');
}
}
}
}
$dir->close();
if (!rmdir($path)) {
throw new Exception('Error deleting directory "' . $path . '".');
}
}
}
public function buckets(array $options = array())
/**
* create a backup of the config file
*
* @return void
*/
public static function confBackup()
{
throw new BadMethodCallException('not supported by this stub');
}
public function registerStreamWrapper($protocol = null)
{
throw new BadMethodCallException('not supported by this stub');
}
public function unregisterStreamWrapper($protocol = null)
{
throw new BadMethodCallException('not supported by this stub');
}
public function signedUrlUploader($uri, $data, array $options = array())
{
throw new BadMethodCallException('not supported by this stub');
}
public function timestamp(\DateTimeInterface $timestamp, $nanoSeconds = null)
{
throw new BadMethodCallException('not supported by this stub');
}
public function getServiceAccount(array $options = array())
{
throw new BadMethodCallException('not supported by this stub');
}
public function hmacKeys(array $options = array())
{
throw new BadMethodCallException('not supported by this stub');
}
public function hmacKey($accessId, $projectId = null, array $metadata = array())
{
throw new BadMethodCallException('not supported by this stub');
}
public function createHmacKey($serviceAccountEmail, array $options = array())
{
throw new BadMethodCallException('not supported by this stub');
}
public function createBucket($name, array $options = array())
{
if (key_exists($name, self::$_buckets)) {
throw new BadRequestException('already exists');
if (!is_file(CONF . '.bak') && is_file(CONF)) {
rename(CONF, CONF . '.bak');
}
if (!is_file(CONF_SAMPLE . '.bak') && is_file(CONF_SAMPLE)) {
copy(CONF_SAMPLE, CONF_SAMPLE . '.bak');
}
}
/**
* restor backup of the config file
*
* @return void
*/
public static function confRestore()
{
if (is_file(CONF . '.bak')) {
rename(CONF . '.bak', CONF);
}
if (is_file(CONF_SAMPLE . '.bak')) {
rename(CONF_SAMPLE . '.bak', CONF_SAMPLE);
}
}
/**
* create ini file
*
* @param string $pathToFile
* @param array $values
*/
public static function createIniFile($pathToFile, array $values)
{
if (count($values)) {
@unlink($pathToFile);
$ini = fopen($pathToFile, 'a');
foreach ($values as $section => $options) {
fwrite($ini, "[$section]" . PHP_EOL);
foreach ($options as $option => $setting) {
if (is_null($setting)) {
continue;
} elseif (is_string($setting)) {
$setting = '"' . $setting . '"';
} elseif (is_array($setting)) {
foreach ($setting as $key => $value) {
if (is_null($value)) {
$value = 'null';
} elseif (is_string($value)) {
$value = '"' . $value . '"';
} else {
$value = var_export($value, true);
}
fwrite($ini, $option . "[$key] = $value" . PHP_EOL);
}
continue;
} else {
$setting = var_export($setting, true);
}
fwrite($ini, "$option = $setting" . PHP_EOL);
}
fwrite($ini, PHP_EOL);
}
fclose($ini);
}
}
/**
* a var_export that returns arrays without line breaks
* by linus@flowingcreativity.net via php.net
*
* @param mixed $var
* @param bool $return
* @return void|string
*/
public static function varExportMin($var, $return = false)
{
if (is_array($var)) {
$toImplode = array();
foreach ($var as $key => $value) {
$toImplode[] = var_export($key, true) . ' => ' . self::varExportMin($value, true);
}
$code = 'array(' . implode(', ', $toImplode) . ')';
if ($return) {
return $code;
} else {
echo $code;
}
} else {
return var_export($var, $return);
}
}
/**
* update all templates with the latest SRI hashes for all JS files
*
* @return void
*/
public static function updateSubresourceIntegrity()
{
$dir = dir(PATH . 'js');
while (false !== ($file = $dir->read())) {
if (substr($file, -3) === '.js') {
self::$hashes[$file] = base64_encode(
hash('sha512', file_get_contents(
PATH . 'js' . DIRECTORY_SEPARATOR . $file
), true)
);
}
}
$dir = dir(PATH . 'tpl');
while (false !== ($file = $dir->read())) {
if (substr($file, -4) === '.php') {
$content = file_get_contents(
PATH . 'tpl' . DIRECTORY_SEPARATOR . $file
);
$content = preg_replace_callback(
'#<script ([^>]+) src="js/([a-z0-9.-]+.js)([^"]*)"( integrity="[^"]+" crossorigin="[^"]+")?></script>#',
function ($matches) {
if (array_key_exists($matches[2], Helper::$hashes)) {
return '<script ' . $matches[1] . ' src="js/' .
$matches[2] . $matches[3] .
'" integrity="sha512-' . Helper::$hashes[$matches[2]] .
'" crossorigin="anonymous"></script>';
} else {
return $matches[0];
}
},
$content
);
file_put_contents(
PATH . 'tpl' . DIRECTORY_SEPARATOR . $file,
$content
);
}
}
$b = new BucketStub($this->_connection, $name, array(), $this);
self::$_buckets[$name] = $b;
return $b;
}
}
@ -610,385 +902,93 @@ class ConnectionInterfaceStub implements ConnectionInterface
}
/**
* Class Helper provides unit tests pastes and comments of various formats
* Class StorageClientStub provides a limited stub for performing the unit test
*/
class Helper
class StorageClientStub extends StorageClient
{
/**
* example ID of a paste
*
* @var string
*/
private static $pasteid = '5b65a01b43987bc2';
private $_config = null;
private $_connection = null;
private static $_buckets = array();
/**
* example paste version 1
*
* @var array
*/
private static $pasteV1 = array(
'data' => '{"iv":"EN39/wd5Nk8HAiSG2K5AsQ","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"QKN1DBXe5PI","ct":"8hA83xDdXjD7K2qfmw5NdA"}',
'attachment' => '{"iv":"Pd4pOKWkmDTT9uPwVwd5Ag","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"6nOCU3peNDclDDpFtJEBKA"}',
'attachmentname' => '{"iv":"76MkAtOGC4oFogX/aSMxRA","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"b6Ae/U1xJdsX/+lATud4sQ"}',
'meta' => array(
'formatter' => 'plaintext',
'postdate' => 1344803344,
'opendiscussion' => true,
),
);
/**
* example paste version 2
*
* @var array
*/
private static $pasteV2 = array(
'adata' => array(
array(
'gMSNoLOk4z0RnmsYwXZ8mw==',
'TZO+JWuIuxs=',
100000,
256,
128,
'aes',
'gcm',
'zlib',
),
'plaintext',
1,
0,
),
'meta' => array(
'expire' => '5min',
),
'v' => 2,
'ct' => 'ME5JF/YBEijp2uYMzLZozbKtWc5wfy6R59NBb7SmRig=',
);
/**
* example ID of a comment
*
* @var string
*/
private static $commentid = '5a52eebf11c4c94b';
/**
* example comment
*
* @var array
*/
private static $commentV1 = array(
'data' => '{"iv":"Pd4pOKWkmDTT9uPwVwd5Ag","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"6nOCU3peNDclDDpFtJEBKA"}',
'meta' => array(
'nickname' => '{"iv":"76MkAtOGC4oFogX/aSMxRA","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"b6Ae/U1xJdsX/+lATud4sQ"}',
'vizhash' => 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAABGUlEQVQokWOsl5/94983CNKQMjnxaOePf98MeKwPfNjkLZ3AgARab6b9+PeNEVnDj3/ff/z7ZiHnzsDA8Pv7H2TVPJw8EAYLAwb48OaVgIgYKycLsrYv378wMDB8//qdCVMDRA9EKSsnCwRBxNsepaLboMFlyMDAICAi9uHNK24GITQ/MDAwoNhgIGMLtwGrzegaLjw5jMz9+vUdnN17uwDCQDhJgk0O07yvX9+teDX1x79v6DYIsIjgcgMaYGFgYOBg4kJx2JejkAiBxAw+PzAwMNz4dp6wDXDw4MdNNOl0rWYsNkD89OLXI/xmo9sgzatJjAYmBgYGDiauD3/ePP18nVgb4MF89+M5ZX6js293wUMpnr8KTQMAxsCJnJ30apMAAAAASUVORK5CYII=',
'postdate' => 1344803528,
),
);
/**
* JS files and their SRI hashes
*
* @var array
*/
private static $hashes = array();
/**
* get example paste ID
*
* @return string
*/
public static function getPasteId()
public function __construct(array $config = array())
{
return self::$pasteid;
$this->_config = $config;
$this->_connection = new ConnectionInterfaceStub();
}
/**
* get example paste, as stored on server
*
* @param int $version
* @param array $meta
* @return array
*/
public static function getPaste($version = 2, array $meta = array())
public function bucket($name, $userProject = false)
{
$example = self::getPasteWithAttachment($version, $meta);
// v1 has the attachment stored in a separate property
if ($version === 1) {
unset($example['attachment'], $example['attachmentname']);
if (!key_exists($name, self::$_buckets)) {
$b = new BucketStub($this->_connection, $name, array(), $this);
self::$_buckets[$name] = $b;
}
return $example;
return self::$_buckets[$name];
}
/**
* get example paste with attachment, as stored on server
*
* @param int $version
* @param array $meta
* @return array
* @throws \Google\Cloud\Core\Exception\NotFoundException
*/
public static function getPasteWithAttachment($version = 2, array $meta = array())
public function deleteBucket($name)
{
$example = $version === 1 ? self::$pasteV1 : self::$pasteV2;
$example['meta']['salt'] = ServerSalt::generate();
$example['meta'] = array_merge($example['meta'], $meta);
return $example;
}
/**
* get example paste, as decoded from POST by the request object
*
* @param int $version
* @param array $meta
* @return array
*/
public static function getPastePost($version = 2, array $meta = array())
{
$example = self::getPaste($version, $meta);
if ($version == 2) {
$example['meta'] = array('expire' => $example['meta']['expire']);
if (key_exists($name, self::$_buckets)) {
unset(self::$_buckets[$name]);
} else {
unset($example['meta']['postdate']);
}
return $example;
}
/**
* get example paste, as received via POST by the user
*
* @param int $version
* @param array $meta
* @return array
*/
public static function getPasteJson($version = 2, array $meta = array())
{
return json_encode(self::getPastePost($version, $meta));
}
/**
* get example paste ID
*
* @return string
*/
public static function getCommentId()
{
return self::$commentid;
}
/**
* get example comment, as stored on server
*
* @param int $version
* @param array $meta
* @return array
*/
public static function getComment($version = 2, array $meta = array())
{
$example = $version === 1 ? self::$commentV1 : self::$pasteV2;
if ($version === 2) {
$example['adata'] = $example['adata'][0];
$example['pasteid'] = $example['parentid'] = self::getPasteId();
$example['meta']['created'] = self::$commentV1['meta']['postdate'];
$example['meta']['icon'] = self::$commentV1['meta']['vizhash'];
unset($example['meta']['expire']);
}
$example['meta'] = array_merge($example['meta'], $meta);
return $example;
}
/**
* get example comment, as decoded from POST by the request object
*
* @param int $version
* @return array
*/
public static function getCommentPost()
{
$example = self::getComment();
unset($example['meta']);
return $example;
}
/**
* get example comment, as received via POST by user
*
* @param int $version
* @return array
*/
public static function getCommentJson()
{
return json_encode(self::getCommentPost());
}
/**
* delete directory and all its contents recursively
*
* @param string $path
* @throws Exception
*/
public static function rmDir($path)
{
if (is_dir($path)) {
$path .= DIRECTORY_SEPARATOR;
$dir = dir($path);
while (false !== ($file = $dir->read())) {
if ($file != '.' && $file != '..') {
if (is_dir($path . $file)) {
self::rmDir($path . $file);
} elseif (is_file($path . $file)) {
if (!unlink($path . $file)) {
throw new Exception('Error deleting file "' . $path . $file . '".');
}
}
}
}
$dir->close();
if (!rmdir($path)) {
throw new Exception('Error deleting directory "' . $path . '".');
}
throw new NotFoundException();
}
}
/**
* create a backup of the config file
*
* @return void
*/
public static function confBackup()
public function buckets(array $options = array())
{
if (!is_file(CONF . '.bak') && is_file(CONF)) {
rename(CONF, CONF . '.bak');
}
if (!is_file(CONF_SAMPLE . '.bak') && is_file(CONF_SAMPLE)) {
copy(CONF_SAMPLE, CONF_SAMPLE . '.bak');
}
throw new BadMethodCallException('not supported by this stub');
}
/**
* restor backup of the config file
*
* @return void
*/
public static function confRestore()
public function registerStreamWrapper($protocol = null)
{
if (is_file(CONF . '.bak')) {
rename(CONF . '.bak', CONF);
}
if (is_file(CONF_SAMPLE . '.bak')) {
rename(CONF_SAMPLE . '.bak', CONF_SAMPLE);
}
throw new BadMethodCallException('not supported by this stub');
}
/**
* create ini file
*
* @param string $pathToFile
* @param array $values
*/
public static function createIniFile($pathToFile, array $values)
public function unregisterStreamWrapper($protocol = null)
{
if (count($values)) {
@unlink($pathToFile);
$ini = fopen($pathToFile, 'a');
foreach ($values as $section => $options) {
fwrite($ini, "[$section]" . PHP_EOL);
foreach ($options as $option => $setting) {
if (is_null($setting)) {
continue;
} elseif (is_string($setting)) {
$setting = '"' . $setting . '"';
} elseif (is_array($setting)) {
foreach ($setting as $key => $value) {
if (is_null($value)) {
$value = 'null';
} elseif (is_string($value)) {
$value = '"' . $value . '"';
} else {
$value = var_export($value, true);
}
fwrite($ini, $option . "[$key] = $value" . PHP_EOL);
}
continue;
} else {
$setting = var_export($setting, true);
}
fwrite($ini, "$option = $setting" . PHP_EOL);
}
fwrite($ini, PHP_EOL);
}
fclose($ini);
}
throw new BadMethodCallException('not supported by this stub');
}
/**
* a var_export that returns arrays without line breaks
* by linus@flowingcreativity.net via php.net
*
* @param mixed $var
* @param bool $return
* @return void|string
*/
public static function varExportMin($var, $return = false)
public function signedUrlUploader($uri, $data, array $options = array())
{
if (is_array($var)) {
$toImplode = array();
foreach ($var as $key => $value) {
$toImplode[] = var_export($key, true) . ' => ' . self::varExportMin($value, true);
}
$code = 'array(' . implode(', ', $toImplode) . ')';
if ($return) {
return $code;
} else {
echo $code;
}
} else {
return var_export($var, $return);
}
throw new BadMethodCallException('not supported by this stub');
}
/**
* update all templates with the latest SRI hashes for all JS files
*
* @return void
*/
public static function updateSubresourceIntegrity()
public function timestamp(\DateTimeInterface $timestamp, $nanoSeconds = null)
{
$dir = dir(PATH . 'js');
while (false !== ($file = $dir->read())) {
if (substr($file, -3) === '.js') {
self::$hashes[$file] = base64_encode(
hash('sha512', file_get_contents(
PATH . 'js' . DIRECTORY_SEPARATOR . $file
), true)
);
}
}
throw new BadMethodCallException('not supported by this stub');
}
$dir = dir(PATH . 'tpl');
while (false !== ($file = $dir->read())) {
if (substr($file, -4) === '.php') {
$content = file_get_contents(
PATH . 'tpl' . DIRECTORY_SEPARATOR . $file
);
$content = preg_replace_callback(
'#<script ([^>]+) src="js/([a-z0-9.-]+.js)([^"]*)"( integrity="[^"]+" crossorigin="[^"]+")?></script>#',
function ($matches) {
if (array_key_exists($matches[2], Helper::$hashes)) {
return '<script ' . $matches[1] . ' src="js/' .
$matches[2] . $matches[3] .
'" integrity="sha512-' . Helper::$hashes[$matches[2]] .
'" crossorigin="anonymous"></script>';
} else {
return $matches[0];
}
},
$content
);
file_put_contents(
PATH . 'tpl' . DIRECTORY_SEPARATOR . $file,
$content
);
}
public function getServiceAccount(array $options = array())
{
throw new BadMethodCallException('not supported by this stub');
}
public function hmacKeys(array $options = array())
{
throw new BadMethodCallException('not supported by this stub');
}
public function hmacKey($accessId, $projectId = null, array $metadata = array())
{
throw new BadMethodCallException('not supported by this stub');
}
public function createHmacKey($serviceAccountEmail, array $options = array())
{
throw new BadMethodCallException('not supported by this stub');
}
public function createBucket($name, array $options = array())
{
if (key_exists($name, self::$_buckets)) {
throw new BadRequestException('already exists');
}
$b = new BucketStub($this->_connection, $name, array(), $this);
self::$_buckets[$name] = $b;
return $b;
}
}

3
tst/JsonApiTest.php
View File

@ -325,6 +325,9 @@ class JsonApiTest extends TestCase
*/
public function testShortenViaYourlsFailure()
{
$options = parse_ini_file(CONF, true);
$options['main']['basepath'] = 'https://example.com/path'; // missing slash gets added by Configuration constructor
Helper::createIniFile(CONF, $options);
$_SERVER['REQUEST_URI'] = '/path/shortenviayourls?link=https%3A%2F%2Fexample.com%2Fpath%2F%3Ffoo%23bar';
$_GET['link'] = 'https://example.com/path/?foo#bar';
ob_start();

7
tst/YourlsProxyTest.php
View File

@ -54,6 +54,13 @@ class YourlsProxyTest extends TestCase
$this->assertEquals($yourls->getError(), 'Trying to shorten a URL that isn\'t pointing at our instance.');
}
public function testSneakyForeignUrl()
{
$yourls = new YourlsProxy($this->_conf, 'https://other.example.com/?q=https://example.com/?foo#bar');
$this->assertTrue($yourls->isError());
$this->assertEquals($yourls->getError(), 'Trying to shorten a URL that isn\'t pointing at our instance.');
}
public function testYourlsError()
{
// when statusCode is not 200, shorturl may not have been set