summaryrefslogtreecommitdiffstats
path: root/paste
diff options
context:
space:
mode:
Diffstat (limited to 'paste')
-rw-r--r--paste/include/storage/FileStorage.php29
-rw-r--r--paste/include/storage/MysqlStorage.php13
-rw-r--r--paste/paste.php110
-rw-r--r--paste/remove.php65
4 files changed, 104 insertions, 113 deletions
diff --git a/paste/include/storage/FileStorage.php b/paste/include/storage/FileStorage.php
index 057b5de..5ee2b77 100644
--- a/paste/include/storage/FileStorage.php
+++ b/paste/include/storage/FileStorage.php
@@ -46,27 +46,42 @@ class FileStorage extends StorageEngine
{
global $config;
- $content = PastifyText($content, $language, $description);
-
do {
$filename = sha1(date('r') . rand(1000, getrandmax()));
- } while (file_exists(realpath($storage_path . '/' , $filename)));
+ } while (file_exists($this->storage_path . '/' . $filename));
if ($config['short_results_path']) {
$urlbase = $config['short_results_path'];
} else {
- $urlbase = $config['site_domain'] . $config['site_path'] . '/' . $config['results_dir'];
+ $urlbase = $config['site_domain'] . $config['site_path'] . $this->storage_path;
}
- $content = $this->prepareContent($filename, $urlbase, $content);
$filename = $filename . ".html";
+ $get_url = $config['site_domain'] . $config['site_path'] . 'get.php?p=' . $filename;
+ $remove_url = $config['site_domain'] . $config['site_path'] . 'remove.php?p=' . $filename . '&t=' . $this->generateToken($filename);
+ $content = PastifyText($content, $language, $description, $get_url, $remove_url);
+
// write content
- $outfile = realpath($storage_path . '/' , $filename);
+ $outfile = $this->storage_path . $filename;
$fp = fopen($outfile, "w");
fwrite($fp, $content);
fclose($fp);
- return $pasteUrl;
+ return $get_url;
+ }
+
+ public function getContent($pid)
+ {
+ global $config;
+
+ if ($config['short_results_path']) {
+ $urlbase = $config['short_results_path'];
+ } else {
+ $urlbase = $config['site_domain'] . $config['site_path'] . $this->storage_path;
+ }
+
+ header('Location: ' . $urlbase . $pid);
+ exit;
}
public function delContent($pid)
diff --git a/paste/include/storage/MysqlStorage.php b/paste/include/storage/MysqlStorage.php
index 5dd24c3..bd532b5 100644
--- a/paste/include/storage/MysqlStorage.php
+++ b/paste/include/storage/MysqlStorage.php
@@ -76,6 +76,8 @@ INDEX (nick)
public function setContent($content, $language, $nick, $description)
{
+ global $config;
+
$name = sha1(date('r') . rand(1000, getrandmax()));
if ($stmt = $this->mysql->prepare(
'INSERT INTO ' . $this->table . '
@@ -94,10 +96,17 @@ INDEX (nick)
$stmt->close();
}
+
+ if (isset($config['short_results_path']))
+ return $config['short_results_path'] . $pid;
+
+ return $config['site_domain'] . $config['site_path'] . 'get.php?p=' . $name;
}
public function getContent($pid)
{
+ global $config;
+
if ($stmt = $this->mysql->prepare(
'SELECT nick, language, content, description, time FROM ' . $this->table . '
WHERE pid = ? LIMIT 1'))
@@ -120,7 +129,9 @@ INDEX (nick)
$stmt->close();
- echo PastifyText($content, $lang, $description);
+ $get_url = $config['site_domain'] . $config['site_path'] . 'get.php?p=' . $pid;
+ $remove_url = $config['site_domain'] . $config['site_path'] . 'remove.php?p=' . $pid . '&t=' . $this->generateToken($pid);
+ echo PastifyText($content, $lang, $description, $get_url, $remove_url);
}
}
diff --git a/paste/paste.php b/paste/paste.php
index 2c5a8df..3c7891e 100644
--- a/paste/paste.php
+++ b/paste/paste.php
@@ -39,76 +39,60 @@ require_once("include/pastify.inc");
// check config
if (!is_subclass_of($config['storage'], 'StorageEngine'))
{
- header('HTTP/1.0 503 Service Unavailable');
- die('Invalid config');
+ header('HTTP/1.0 503 Service Unavailable');
+ die('Invalid config');
}
$refererurl = $_SERVER['HTTP_REFERER'];
$refererurl = preg_replace("/\/[^\/]*$/", "", $refererurl);
-$thisurl = "http://" . $_SERVER['HTTP_HOST'];
-$thisurl .= $_SERVER['PHP_SELF'];
-$thisurl = preg_replace("/\/[^\/]*$/", "", $thisurl);
-
if (isset($_POST['text']) && "" != ($ttemp = rtrim($_POST['text'])))
{
- $url = "";
- $baseurl = $_SERVER['PHP_SELF'];
- $baseurl = preg_replace("/\/[^\/]*$/", "", $baseurl);
-
- $text = $ttemp;
-
- // Figure out if the post specified a syntax highlighting language
- if (isset($_POST['lang']) && "" != ($ltemp = rtrim($_POST['lang'])))
- {
- $language = $ltemp;
- if (strlen($language) > 20)
- $language = substr($language, 0, 20);
- $language = stripslashes($language);
- $language = strip_tags($language);
- $language = htmlspecialchars($language, ENT_QUOTES);
- }
- else
- {
- $language = 'Plain Text';
- }
-
-
- // Add a description if available
- if (isset($_POST['desc']) && "" != ($dtemp = rtrim($_POST['desc'])))
- {
- $desc = stripslashes($dtemp);
- if (strlen($desc) > 80)
- {
- $desc = substr($desc, 0, 76);
- $desc .= " ...";
- }
- $desc = strip_tags($desc);
- $desc = htmlspecialchars($desc, ENT_QUOTES);
- if ("" == $desc)
- $desc = "No description";
- }
- else
- $desc = "No description";
-
-
- if (get_magic_quotes_gpc())
- $text = stripslashes($text);
-
- $url = $config['storage']->setContent($text, $language, $nick, $desc);
-
- // Note: this function was pretty specific to my implementation. It stored
- // paste metadata about the language used, description, and URL, as well as
- // a timestamp (but the raw pastes were never preserved - they always expired
- // as promised after 24 hours)
- //add_to_db($desc, $language, $url);
-
- Header("Location: $url");
-}
-else
-{
- header("Location: " . $_SERVER['HTTP_REFERER']);
- exit;
+ $text = $ttemp;
+
+ // Figure out if the post specified a syntax highlighting language
+ if (isset($_POST['lang']) && "" != ($ltemp = rtrim($_POST['lang'])))
+ {
+ $language = $ltemp;
+ if (strlen($language) > 20)
+ $language = substr($language, 0, 20);
+
+ $language = stripslashes($language);
+ $language = strip_tags($language);
+ $language = htmlspecialchars($language, ENT_QUOTES);
+ }
+ else
+ {
+ $language = 'Plain Text';
+ }
+
+ // Add a description if available
+ if (isset($_POST['desc']) && "" != ($dtemp = rtrim($_POST['desc'])))
+ {
+ $desc = stripslashes($dtemp);
+ if (strlen($desc) > 80)
+ {
+ $desc = substr($desc, 0, 76) . '...';
+ }
+
+ $desc = strip_tags($desc);
+ $desc = htmlspecialchars($desc, ENT_QUOTES);
+ if ("" == $desc)
+ $desc = "No description";
+ }
+ else
+ $desc = "No description";
+
+
+ if (get_magic_quotes_gpc())
+ $text = stripslashes($text);
+
+ $url = $config['storage']->setContent($text, $language, $nick, $desc);
+ header('Location: ' . $url);
+ exit;
}
+header('Location: ' . $_SERVER['HTTP_REFERER']);
+exit;
+
?>
diff --git a/paste/remove.php b/paste/remove.php
index 80e8bd6..783f339 100644
--- a/paste/remove.php
+++ b/paste/remove.php
@@ -32,46 +32,27 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
- require('config.php');
-
- function removePaste($pasteID) {
- $errOld = error_reporting(0);
- $return = 1;
-
- $resultDir = $_SERVER['DOCUMENT_ROOT'] . $Config['site_path'] . $Config['results_dir'];
-
- $filenameHTML = "$resultDir/$pasteID.html";
-
- if (file_exists($filenameHTML)) {
-
- if (unlink($filenameHTML)) {
- } else {
- print "Failed to remove $filenameHTML<br/>\n";
- $return = 0;
- }
- }
- error_reporting($errOld);
- return $return;
- }
-
- print "<title>Admin - Remove a paste</title>\n";
-
- $ipAddr = $_SERVER["REMOTE_ADDR"];
- if (isset($_REQUEST["p"]) && isset($_REQUEST["t"])) {
- $pasteID = $_REQUEST["p"];
- $token = $_REQUEST["t"];
- $tokenMatch = sha1($pasteID . $ipAddr . $Config['token_salt']);
- if ($token == $tokenMatch) {
- $result = removePaste($pasteID);
- if ($result) {
- print "Your paste has been removed.";
- } else {
- print "Sorry, we encountered a problem trying to remove this paste.";
- }
- } else {
- print "Sorry, you are not authorized to remove this paste.";
- }
- }
-
-
+require('config.php');
+
+// check config
+if (!is_subclass_of($config['storage'], 'StorageEngine'))
+{
+ header('HTTP/1.0 503 Service Unavailable');
+ die('Invalid config');
+}
+
+if (isset($_REQUEST["p"]) && isset($_REQUEST["t"])) {
+ $pid = $_REQUEST["p"];
+ $token = $_REQUEST["t"];
+ $tokenMatch = $config['storage']->generateToken($pid);
+
+ if ($token == $tokenMatch) {
+ $config['storage']->delContent($pid);
+ echo '<html><head><title>Admin - Remove a paste</title></head><body>Your paste has been removed.</body></html>';
+ exit;
+ }
+}
+
+echo '<html><head><title>Admin - Remove a paste</title></head><body>Sorry, you are not authorized to remove this paste.</body></html>';
+
?>