diff options
| author | Alexander Sulfrian <alexander@sulfrian.net> | 2010-05-30 16:59:08 +0200 |
|---|---|---|
| committer | Alexander Sulfrian <alexander@sulfrian.net> | 2010-05-30 16:59:08 +0200 |
| commit | 70f9089fcfb857da0864ec0701f2a886b5e1dbff (patch) | |
| tree | 3a25fe86cf1d1da77781a320d20db7c079c1c5dd /paste/include | |
| parent | 1727e589f05ee351fb45a4a94cd5eeba13b5ef7c (diff) | |
| download | rafb-nopaste-70f9089fcfb857da0864ec0701f2a886b5e1dbff.tar.gz rafb-nopaste-70f9089fcfb857da0864ec0701f2a886b5e1dbff.tar.xz rafb-nopaste-70f9089fcfb857da0864ec0701f2a886b5e1dbff.zip | |
fix bug allowing every one to delete the paste
with the mysql storage back end on every call the delete token
was regenerated so, that every one could delete the paste
Diffstat (limited to 'paste/include')
| -rw-r--r-- | paste/include/storage/MysqlStorage.php | 6 | ||||
| -rw-r--r-- | paste/include/storage/StorageEngine.php | 10 |
2 files changed, 11 insertions, 5 deletions
diff --git a/paste/include/storage/MysqlStorage.php b/paste/include/storage/MysqlStorage.php index 8e16536..fe28007 100644 --- a/paste/include/storage/MysqlStorage.php +++ b/paste/include/storage/MysqlStorage.php @@ -114,7 +114,7 @@ INDEX (nick) global $config; if ($stmt = $this->mysql->prepare( - 'SELECT nick, language, content, description, time FROM ' . $this->table . ' + 'SELECT nick, language, content, description, time, remote FROM ' . $this->table . ' WHERE pid = ? LIMIT 1')) { $stmt->bind_param('s', $pid); @@ -126,7 +126,7 @@ INDEX (nick) $this->mysql->error); } - $stmt->bind_result($nick, $lang, $content, $description, $time); + $stmt->bind_result($nick, $lang, $content, $description, $time, $remote); if (!$stmt->fetch()) { header('HTTP/1.0 404 Not Found'); @@ -139,7 +139,7 @@ INDEX (nick) if (isset($config['short_results_path'])) $get_url = $config['short_results_path'] . $pid . '.html'; - $remove_url = $config['site_domain'] . $config['site_path'] . 'remove.php?p=' . $pid . '&t=' . $this->generateToken($pid); + $remove_url = $config['site_domain'] . $config['site_path'] . 'remove.php?p=' . $pid . '&t=' . $this->generateToken($pid, $remote); echo PastifyText($content, $lang, $description, $get_url, $remove_url); } } diff --git a/paste/include/storage/StorageEngine.php b/paste/include/storage/StorageEngine.php index db6e34b..09e1676 100644 --- a/paste/include/storage/StorageEngine.php +++ b/paste/include/storage/StorageEngine.php @@ -38,11 +38,17 @@ abstract class StorageEngine abstract public function getContent($pid); abstract public function delContent($pid); - public function generateToken($name) + public function generateToken($name, $remote = '') { global $config; - $ipAddr = $_SERVER["REMOTE_ADDR"]; + if (! empty($remote)) { + $ipAddr = $remote; + } + else { + $ipAddr = $_SERVER["REMOTE_ADDR"]; + } + return sha1($name . $ipAddr . $config['token_salt']); } } |