From 501b26ef4cc1e36be6ceb994b3571eb0eff964e6 Mon Sep 17 00:00:00 2001
From: Alexander Sulfrian <alexander@sulfrian.net>
Date: Fri, 19 Feb 2010 03:21:07 +0100
Subject: some changes

---
 paste/include/storage/FileStorage.php  |  29 ++++++---
 paste/include/storage/MysqlStorage.php |  13 +++-
 paste/paste.php                        | 110 ++++++++++++++-------------------
 paste/remove.php                       |  65 +++++++------------
 4 files changed, 104 insertions(+), 113 deletions(-)

diff --git a/paste/include/storage/FileStorage.php b/paste/include/storage/FileStorage.php
index 057b5de..5ee2b77 100644
--- a/paste/include/storage/FileStorage.php
+++ b/paste/include/storage/FileStorage.php
@@ -46,27 +46,42 @@ class FileStorage extends StorageEngine
 	{
 		global $config;
 
-		$content = PastifyText($content, $language, $description);
-
 		do {
 			$filename = sha1(date('r') . rand(1000, getrandmax()));
-		} while (file_exists(realpath($storage_path . '/' , $filename)));
+		} while (file_exists($this->storage_path . '/' . $filename));
 
 		if ($config['short_results_path']) {
 			$urlbase = $config['short_results_path'];
 		} else {
-			$urlbase = $config['site_domain'] . $config['site_path'] . '/' . $config['results_dir'];
+			$urlbase = $config['site_domain'] . $config['site_path'] . $this->storage_path;
 		}
-		$content = $this->prepareContent($filename, $urlbase, $content);
 		$filename = $filename . ".html";
 
+                $get_url = $config['site_domain'] . $config['site_path'] . 'get.php?p=' . $filename;
+                $remove_url = $config['site_domain'] . $config['site_path'] . 'remove.php?p=' . $filename . '&t=' . $this->generateToken($filename);
+		$content = PastifyText($content, $language, $description, $get_url, $remove_url);
+
 		// write content
-		$outfile = realpath($storage_path . '/' , $filename);
+		$outfile = $this->storage_path . $filename;
 		$fp = fopen($outfile, "w");
 		fwrite($fp, $content);
 		fclose($fp);
 
-		return $pasteUrl;
+		return $get_url;
+	}
+
+	public function getContent($pid)
+	{
+		global $config;
+
+		if ($config['short_results_path']) {
+                        $urlbase = $config['short_results_path'];
+                } else {
+                        $urlbase = $config['site_domain'] . $config['site_path'] . $this->storage_path;
+                }
+
+		header('Location: ' . $urlbase . $pid);
+		exit;
 	}
 
 	public function delContent($pid)
diff --git a/paste/include/storage/MysqlStorage.php b/paste/include/storage/MysqlStorage.php
index 5dd24c3..bd532b5 100644
--- a/paste/include/storage/MysqlStorage.php
+++ b/paste/include/storage/MysqlStorage.php
@@ -76,6 +76,8 @@ INDEX (nick)
 
 	public function setContent($content, $language, $nick, $description)
 	{
+		global $config;
+
 		$name = sha1(date('r') . rand(1000, getrandmax()));
 		if ($stmt = $this->mysql->prepare(
 			    'INSERT INTO ' . $this->table . '
@@ -94,10 +96,17 @@ INDEX (nick)
 
 			$stmt->close();
 		}
+
+		if (isset($config['short_results_path']))
+			return $config['short_results_path'] . $pid;
+
+		return $config['site_domain'] . $config['site_path'] . 'get.php?p=' . $name;
 	}
 
 	public function getContent($pid)
 	{
+		global $config;
+
 		if ($stmt = $this->mysql->prepare(
 			    'SELECT nick, language, content, description, time FROM ' . $this->table . '
                              WHERE pid = ? LIMIT 1'))
@@ -120,7 +129,9 @@ INDEX (nick)
 
 			$stmt->close();
 
-			echo PastifyText($content, $lang, $description);
+			$get_url = $config['site_domain'] . $config['site_path'] . 'get.php?p=' . $pid;
+			$remove_url = $config['site_domain'] . $config['site_path'] . 'remove.php?p=' . $pid . '&t=' . $this->generateToken($pid);
+			echo PastifyText($content, $lang, $description, $get_url, $remove_url);
 		}
 	}
 
diff --git a/paste/paste.php b/paste/paste.php
index 2c5a8df..3c7891e 100644
--- a/paste/paste.php
+++ b/paste/paste.php
@@ -39,76 +39,60 @@ require_once("include/pastify.inc");
 // check config
 if (!is_subclass_of($config['storage'], 'StorageEngine'))
 {
-   header('HTTP/1.0 503 Service Unavailable');
-   die('Invalid config');
+	header('HTTP/1.0 503 Service Unavailable');
+	die('Invalid config');
 }
 
 $refererurl = $_SERVER['HTTP_REFERER'];
 $refererurl = preg_replace("/\/[^\/]*$/", "", $refererurl);
-$thisurl = "http://" . $_SERVER['HTTP_HOST'];
-$thisurl .= $_SERVER['PHP_SELF'];
-$thisurl = preg_replace("/\/[^\/]*$/", "", $thisurl);
-
 
 if (isset($_POST['text']) && "" != ($ttemp = rtrim($_POST['text'])))
 {
-    $url = "";
-    $baseurl = $_SERVER['PHP_SELF'];
-    $baseurl = preg_replace("/\/[^\/]*$/", "", $baseurl);
-
-    $text = $ttemp;
-
-    // Figure out if the post specified a syntax highlighting language
-    if (isset($_POST['lang']) && "" != ($ltemp = rtrim($_POST['lang'])))
-    {
-        $language = $ltemp;
-        if (strlen($language) > 20)
-            $language = substr($language, 0, 20);
-        $language = stripslashes($language);
-        $language = strip_tags($language);
-        $language = htmlspecialchars($language, ENT_QUOTES);
-    }
-    else
-    {
-        $language = 'Plain Text';
-    }
-
-
-    // Add a description if available
-    if (isset($_POST['desc']) && "" != ($dtemp = rtrim($_POST['desc'])))
-    {
-        $desc = stripslashes($dtemp);
-        if (strlen($desc) > 80)
-        {
-            $desc = substr($desc, 0, 76);
-            $desc .= " ...";
-        }
-        $desc = strip_tags($desc);
-        $desc = htmlspecialchars($desc, ENT_QUOTES);
-        if ("" == $desc)
-            $desc = "No description";
-    }
-    else
-        $desc = "No description";
-
-
-    if (get_magic_quotes_gpc())
-        $text = stripslashes($text);
-
-    $url = $config['storage']->setContent($text, $language, $nick, $desc);
-
-    // Note: this function was pretty specific to my implementation. It stored
-    // paste metadata about the language used, description, and URL, as well as
-    // a timestamp (but the raw pastes were never preserved - they always expired
-    // as promised after 24 hours)
-    //add_to_db($desc, $language, $url);
-
-    Header("Location: $url");
-}
-else
-{
-    header("Location: " . $_SERVER['HTTP_REFERER']);
-    exit;
+	$text = $ttemp;
+
+	// Figure out if the post specified a syntax highlighting language
+	if (isset($_POST['lang']) && "" != ($ltemp = rtrim($_POST['lang'])))
+	{
+		$language = $ltemp;
+		if (strlen($language) > 20)
+			$language = substr($language, 0, 20);
+
+		$language = stripslashes($language);
+		$language = strip_tags($language);
+		$language = htmlspecialchars($language, ENT_QUOTES);
+	}
+	else
+	{
+		$language = 'Plain Text';
+	}
+
+	// Add a description if available
+	if (isset($_POST['desc']) && "" != ($dtemp = rtrim($_POST['desc'])))
+	{
+		$desc = stripslashes($dtemp);
+		if (strlen($desc) > 80)
+		{
+			$desc = substr($desc, 0, 76) . '...';
+		}
+
+		$desc = strip_tags($desc);
+		$desc = htmlspecialchars($desc, ENT_QUOTES);
+		if ("" == $desc)
+			$desc = "No description";
+	}
+	else
+		$desc = "No description";
+
+
+	if (get_magic_quotes_gpc())
+		$text = stripslashes($text);
+
+	$url = $config['storage']->setContent($text, $language, $nick, $desc);
+	header('Location: ' . $url);
+	exit;
 }
 
+header('Location: ' . $_SERVER['HTTP_REFERER']);
+exit;
+
 ?>
diff --git a/paste/remove.php b/paste/remove.php
index 80e8bd6..783f339 100644
--- a/paste/remove.php
+++ b/paste/remove.php
@@ -32,46 +32,27 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
-  require('config.php');
-
-  function removePaste($pasteID) {
-    $errOld = error_reporting(0);
-    $return = 1;
-
-    $resultDir = $_SERVER['DOCUMENT_ROOT'] . $Config['site_path'] . $Config['results_dir'];
-
-    $filenameHTML = "$resultDir/$pasteID.html";
-
-    if (file_exists($filenameHTML)) {
-
-      if (unlink($filenameHTML)) {
-      } else {
-        print "Failed to remove $filenameHTML<br/>\n";
-        $return = 0;
-      }
-    }
-    error_reporting($errOld);
-    return $return;
-  }
-
-  print "<title>Admin - Remove a paste</title>\n";
-
-  $ipAddr = $_SERVER["REMOTE_ADDR"];
-  if (isset($_REQUEST["p"]) && isset($_REQUEST["t"])) {
-    $pasteID = $_REQUEST["p"];
-    $token = $_REQUEST["t"];
-    $tokenMatch = sha1($pasteID . $ipAddr . $Config['token_salt']);
-    if ($token == $tokenMatch) {
-      $result = removePaste($pasteID);
-      if ($result) {
-        print "Your paste has been removed.";
-      } else {
-        print "Sorry, we encountered a problem trying to remove this paste.";
-      }
-    } else {
-      print "Sorry, you are not authorized to remove this paste.";
-    }
-  }
-
-
+require('config.php');
+
+// check config
+if (!is_subclass_of($config['storage'], 'StorageEngine'))
+{
+   header('HTTP/1.0 503 Service Unavailable');
+   die('Invalid config');
+}
+
+if (isset($_REQUEST["p"]) && isset($_REQUEST["t"])) {
+	$pid = $_REQUEST["p"];
+	$token = $_REQUEST["t"];
+	$tokenMatch = $config['storage']->generateToken($pid);
+
+	if ($token == $tokenMatch) {
+		$config['storage']->delContent($pid);
+		echo '<html><head><title>Admin - Remove a paste</title></head><body>Your paste has been removed.</body></html>';
+		exit;
+	}
+}
+
+echo '<html><head><title>Admin - Remove a paste</title></head><body>Sorry, you are not authorized to remove this paste.</body></html>';
+	
 ?>
-- 
cgit v1.2.3