diff options
Diffstat (limited to 'paste/include')
-rw-r--r-- | paste/include/createpage.inc | 139 |
1 files changed, 108 insertions, 31 deletions
diff --git a/paste/include/createpage.inc b/paste/include/createpage.inc index 0e47b2e..f1a16aa 100644 --- a/paste/include/createpage.inc +++ b/paste/include/createpage.inc @@ -33,45 +33,122 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -function CreatePage($input) +abstract class StorageEngine { - list($text) = $input; + abstract public function setContent($content); - $result_dir = $Config['results_dir']; - $tmpfname = tempnam ("$result_dir/", ""); + public function generateToken($name) + { + global $config; - # I can't remember why I tacked on 2 random digits. - $outbase = $tmpfname . rand(10, 99); - $outfile = $outbase . ".html"; + $ipAddr = $_SERVER["REMOTE_ADDR"]; + return sha1($name . $ipAddr . $config['token_salt']); + } - $ipAddr = $_SERVER["REMOTE_ADDR"]; - $pasteID = basename($outbase); + public function prepareContent($name, $baseUrl, $content) + { + $content = preg_replace("/=\{this-paste-url\}/", + $baseUrl . '/' . $name, $content); - $token = sha1($pasteID . $ipAddr . $Config['token_salt']); + $content = preg_replace("/=\{remove-paste-url\}/", $baseUrl + . '/' . 'remove.php?id=' . $name + . '&t=' . $this->generateToken(), + $content); - # There is probably a better way to do this. tempnam() creates the - # temporary file in the results directory, but we then need to strip - # this off the front of the filename to make a shorter url. - $rawout = $outfile; - $rawout = preg_replace("/$result_dir\//", "", $rawout); - - if ($Config['short_results_path']) { - $urlbase = $Config['short_results_path']; - } else { - $urlbase = $Config['site_domain'] . $Config['site_path'] . '/' . $Config['results_dir']; - } - $pasteUrl = $urlbase . $rawout; - - $text = preg_replace("/=\{this-paste-url\}/", $pasteUrl, $text); - $text = preg_replace("/=\{remove-paste-url\}/", $Config['site_domain'] . $Config['site_path'] . "remove.php?p=$pasteID&t=$token", $text); - - $fp = fopen($outfile, "w"); - fwrite($fp, $text); - fclose($fp); + return $content; + } +} - unlink($tmpfname); +class FileStorage extends StorageEngine +{ + private $storage_path; + + function __construct($path) { + $this->storage_path = $path; + } + + public function setContent($content) + { + global $config; + + do { + $filename = sha1(date('r') . rand(1000)); + } while (file_exists(realpath($storage_path . '/' , $filename))); + + if ($config['short_results_path']) { + $urlbase = $config['short_results_path']; + } else { + $urlbase = $config['site_domain'] . $config['site_path'] . '/' . $config['results_dir']; + } + $content = $this->prepareContent($filename, $urlbase, $content); + $filename = $filename . ".html"; + + // write content + $outfile = realpath($storage_path . '/' , $filename); + $fp = fopen($outfile, "w"); + fwrite($fp, $content); + fclose($fp); + + return $pasteUrl; + } +} - return $pasteUrl; +class MysqlStorage extends StorageEngine +{ + private $mysql; + private $table; + + function __construct($host, $user, $password, $database, $table) { + $this->mysql = new mysqli($host, $user, $password, $database); + if ($this->mysql->connect_error) { + header('HTTP/1.0 503 Service Unavailable'); + die('MySQL Connect Error (' + . $this->mysql->connect_errno . ') ' + . $this->mysql->connect_error); + } + + $this->table = $table; + if (! $this->mysql->query("CREATE TABLE IF NOT EXISTS $table ( +pid VARCHAR(40) PRIMARY KEY, +content MEDIUMTEXT, +FULLTEXT INDEX (content) +);")) + { + header('HTTP/1.0 503 Service Unavailable'); + die('MySQL Error (' . $this->mysql->errno . ') ' . + $this->mysql->error); + } + } + + function __destruct() + { + if ($this->mysql) + $this->mysql->close(); + } + + public function setContent($content) + { + $name = sha1(date('r') . rand(1000)); + + if ($config['short_results_path']) { + $urlbase = $config['short_results_path']; + } else { + $urlbase = $config['site_domain'] . $config['site_path'] . '/' . $config['results_dir']; + } + $content = $this->prepareContent($name, $urlbase . 'get.php?id=' . $name, $content); + + if ($stmt = $this->mysql->prepare( + 'INSERT INTO ? (pid, content) VALUES (?, ?)')) { + + /* bind parameters for markers */ + $stmt->bind_param("sb", $name, $content); + + /* execute query */ + $stmt->execute(); + + $stmt->close(); + } + } } ?> |