diff options
-rw-r--r-- | paste/include/storage/FileStorage.php | 29 | ||||
-rw-r--r-- | paste/include/storage/MysqlStorage.php | 13 | ||||
-rw-r--r-- | paste/paste.php | 110 | ||||
-rw-r--r-- | paste/remove.php | 65 |
4 files changed, 104 insertions, 113 deletions
diff --git a/paste/include/storage/FileStorage.php b/paste/include/storage/FileStorage.php index 057b5de..5ee2b77 100644 --- a/paste/include/storage/FileStorage.php +++ b/paste/include/storage/FileStorage.php @@ -46,27 +46,42 @@ class FileStorage extends StorageEngine { global $config; - $content = PastifyText($content, $language, $description); - do { $filename = sha1(date('r') . rand(1000, getrandmax())); - } while (file_exists(realpath($storage_path . '/' , $filename))); + } while (file_exists($this->storage_path . '/' . $filename)); if ($config['short_results_path']) { $urlbase = $config['short_results_path']; } else { - $urlbase = $config['site_domain'] . $config['site_path'] . '/' . $config['results_dir']; + $urlbase = $config['site_domain'] . $config['site_path'] . $this->storage_path; } - $content = $this->prepareContent($filename, $urlbase, $content); $filename = $filename . ".html"; + $get_url = $config['site_domain'] . $config['site_path'] . 'get.php?p=' . $filename; + $remove_url = $config['site_domain'] . $config['site_path'] . 'remove.php?p=' . $filename . '&t=' . $this->generateToken($filename); + $content = PastifyText($content, $language, $description, $get_url, $remove_url); + // write content - $outfile = realpath($storage_path . '/' , $filename); + $outfile = $this->storage_path . $filename; $fp = fopen($outfile, "w"); fwrite($fp, $content); fclose($fp); - return $pasteUrl; + return $get_url; + } + + public function getContent($pid) + { + global $config; + + if ($config['short_results_path']) { + $urlbase = $config['short_results_path']; + } else { + $urlbase = $config['site_domain'] . $config['site_path'] . $this->storage_path; + } + + header('Location: ' . $urlbase . $pid); + exit; } public function delContent($pid) diff --git a/paste/include/storage/MysqlStorage.php b/paste/include/storage/MysqlStorage.php index 5dd24c3..bd532b5 100644 --- a/paste/include/storage/MysqlStorage.php +++ b/paste/include/storage/MysqlStorage.php @@ -76,6 +76,8 @@ INDEX (nick) public function setContent($content, $language, $nick, $description) { + global $config; + $name = sha1(date('r') . rand(1000, getrandmax())); if ($stmt = $this->mysql->prepare( 'INSERT INTO ' . $this->table . ' @@ -94,10 +96,17 @@ INDEX (nick) $stmt->close(); } + + if (isset($config['short_results_path'])) + return $config['short_results_path'] . $pid; + + return $config['site_domain'] . $config['site_path'] . 'get.php?p=' . $name; } public function getContent($pid) { + global $config; + if ($stmt = $this->mysql->prepare( 'SELECT nick, language, content, description, time FROM ' . $this->table . ' WHERE pid = ? LIMIT 1')) @@ -120,7 +129,9 @@ INDEX (nick) $stmt->close(); - echo PastifyText($content, $lang, $description); + $get_url = $config['site_domain'] . $config['site_path'] . 'get.php?p=' . $pid; + $remove_url = $config['site_domain'] . $config['site_path'] . 'remove.php?p=' . $pid . '&t=' . $this->generateToken($pid); + echo PastifyText($content, $lang, $description, $get_url, $remove_url); } } diff --git a/paste/paste.php b/paste/paste.php index 2c5a8df..3c7891e 100644 --- a/paste/paste.php +++ b/paste/paste.php @@ -39,76 +39,60 @@ require_once("include/pastify.inc"); // check config if (!is_subclass_of($config['storage'], 'StorageEngine')) { - header('HTTP/1.0 503 Service Unavailable'); - die('Invalid config'); + header('HTTP/1.0 503 Service Unavailable'); + die('Invalid config'); } $refererurl = $_SERVER['HTTP_REFERER']; $refererurl = preg_replace("/\/[^\/]*$/", "", $refererurl); -$thisurl = "http://" . $_SERVER['HTTP_HOST']; -$thisurl .= $_SERVER['PHP_SELF']; -$thisurl = preg_replace("/\/[^\/]*$/", "", $thisurl); - if (isset($_POST['text']) && "" != ($ttemp = rtrim($_POST['text']))) { - $url = ""; - $baseurl = $_SERVER['PHP_SELF']; - $baseurl = preg_replace("/\/[^\/]*$/", "", $baseurl); - - $text = $ttemp; - - // Figure out if the post specified a syntax highlighting language - if (isset($_POST['lang']) && "" != ($ltemp = rtrim($_POST['lang']))) - { - $language = $ltemp; - if (strlen($language) > 20) - $language = substr($language, 0, 20); - $language = stripslashes($language); - $language = strip_tags($language); - $language = htmlspecialchars($language, ENT_QUOTES); - } - else - { - $language = 'Plain Text'; - } - - - // Add a description if available - if (isset($_POST['desc']) && "" != ($dtemp = rtrim($_POST['desc']))) - { - $desc = stripslashes($dtemp); - if (strlen($desc) > 80) - { - $desc = substr($desc, 0, 76); - $desc .= " ..."; - } - $desc = strip_tags($desc); - $desc = htmlspecialchars($desc, ENT_QUOTES); - if ("" == $desc) - $desc = "No description"; - } - else - $desc = "No description"; - - - if (get_magic_quotes_gpc()) - $text = stripslashes($text); - - $url = $config['storage']->setContent($text, $language, $nick, $desc); - - // Note: this function was pretty specific to my implementation. It stored - // paste metadata about the language used, description, and URL, as well as - // a timestamp (but the raw pastes were never preserved - they always expired - // as promised after 24 hours) - //add_to_db($desc, $language, $url); - - Header("Location: $url"); -} -else -{ - header("Location: " . $_SERVER['HTTP_REFERER']); - exit; + $text = $ttemp; + + // Figure out if the post specified a syntax highlighting language + if (isset($_POST['lang']) && "" != ($ltemp = rtrim($_POST['lang']))) + { + $language = $ltemp; + if (strlen($language) > 20) + $language = substr($language, 0, 20); + + $language = stripslashes($language); + $language = strip_tags($language); + $language = htmlspecialchars($language, ENT_QUOTES); + } + else + { + $language = 'Plain Text'; + } + + // Add a description if available + if (isset($_POST['desc']) && "" != ($dtemp = rtrim($_POST['desc']))) + { + $desc = stripslashes($dtemp); + if (strlen($desc) > 80) + { + $desc = substr($desc, 0, 76) . '...'; + } + + $desc = strip_tags($desc); + $desc = htmlspecialchars($desc, ENT_QUOTES); + if ("" == $desc) + $desc = "No description"; + } + else + $desc = "No description"; + + + if (get_magic_quotes_gpc()) + $text = stripslashes($text); + + $url = $config['storage']->setContent($text, $language, $nick, $desc); + header('Location: ' . $url); + exit; } +header('Location: ' . $_SERVER['HTTP_REFERER']); +exit; + ?> diff --git a/paste/remove.php b/paste/remove.php index 80e8bd6..783f339 100644 --- a/paste/remove.php +++ b/paste/remove.php @@ -32,46 +32,27 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - require('config.php'); - - function removePaste($pasteID) { - $errOld = error_reporting(0); - $return = 1; - - $resultDir = $_SERVER['DOCUMENT_ROOT'] . $Config['site_path'] . $Config['results_dir']; - - $filenameHTML = "$resultDir/$pasteID.html"; - - if (file_exists($filenameHTML)) { - - if (unlink($filenameHTML)) { - } else { - print "Failed to remove $filenameHTML<br/>\n"; - $return = 0; - } - } - error_reporting($errOld); - return $return; - } - - print "<title>Admin - Remove a paste</title>\n"; - - $ipAddr = $_SERVER["REMOTE_ADDR"]; - if (isset($_REQUEST["p"]) && isset($_REQUEST["t"])) { - $pasteID = $_REQUEST["p"]; - $token = $_REQUEST["t"]; - $tokenMatch = sha1($pasteID . $ipAddr . $Config['token_salt']); - if ($token == $tokenMatch) { - $result = removePaste($pasteID); - if ($result) { - print "Your paste has been removed."; - } else { - print "Sorry, we encountered a problem trying to remove this paste."; - } - } else { - print "Sorry, you are not authorized to remove this paste."; - } - } - - +require('config.php'); + +// check config +if (!is_subclass_of($config['storage'], 'StorageEngine')) +{ + header('HTTP/1.0 503 Service Unavailable'); + die('Invalid config'); +} + +if (isset($_REQUEST["p"]) && isset($_REQUEST["t"])) { + $pid = $_REQUEST["p"]; + $token = $_REQUEST["t"]; + $tokenMatch = $config['storage']->generateToken($pid); + + if ($token == $tokenMatch) { + $config['storage']->delContent($pid); + echo '<html><head><title>Admin - Remove a paste</title></head><body>Your paste has been removed.</body></html>'; + exit; + } +} + +echo '<html><head><title>Admin - Remove a paste</title></head><body>Sorry, you are not authorized to remove this paste.</body></html>'; + ?> |