diff --git a/composer.json b/composer.json
index a543d0ca..bf45ebc2 100644
--- a/composer.json
+++ b/composer.json
@@ -1,4 +1,14 @@
{
+ "name": "privatebin/privatebin",
+ "description": "PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bit AES in Galois Counter mode.",
+ "version": "0.22",
+ "repositories": [
+ {
+ "type": "vcs",
+ "url": "https://github.com/PrivateBin/PrivateBin"
+ }
+ ],
+ "license":"zlib-acknowledgement",
"require-dev": {
"phpunit/phpunit": "4.8.*",
"codacy/coverage": "dev-master",
diff --git a/js/privatebin.js b/js/privatebin.js
index 598a425b..d25fb2d6 100644
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -507,7 +507,7 @@ $(function() {
/**
* Get the pastes unique identifier from the URL
- * eg. http://server.com/zero/?c05354954c49a487#xxx --> c05354954c49a487
+ * eg. http://server.com/zero/?c05354954c49a487#c05354954c49a487 returns c05354954c49a487
*
* @return string unique identifier
*/
@@ -589,7 +589,7 @@ $(function() {
this.prettyPrint.html(
prettyPrintOne(text, null, true)
);
- };
+ }
default:
// Convert URLs to clickable links.
helper.urls2links(this.clearText);
diff --git a/lib/RainTPL.php b/lib/RainTPL.php
index a9528ca5..dc09054e 100644
--- a/lib/RainTPL.php
+++ b/lib/RainTPL.php
@@ -321,7 +321,7 @@ class RainTPL{
// file doesn't exsist, or the template was updated, Rain will compile the template
if( !file_exists( $this->tpl['compiled_filename'] ) || ( self::$check_template_update && filemtime($this->tpl['compiled_filename']) < filemtime( $this->tpl['tpl_filename'] ) ) ){
- $this->compileFile( $tpl_basename, $tpl_basedir, $this->tpl['tpl_filename'], PATH . self::$cache_dir, $this->tpl['compiled_filename'] );
+ $this->compileFile( $tpl_basedir, $this->tpl['tpl_filename'], PATH . self::$cache_dir, $this->tpl['compiled_filename'] );
return true;
}
$this->tpl['checked'] = true;
@@ -347,7 +347,6 @@ class RainTPL{
* Compile and write the compiled template file
*
* @access protected
- * @param string $tpl_basename
* @param string $tpl_basedir
* @param string $tpl_filename
* @param string $cache_dir
@@ -355,7 +354,7 @@ class RainTPL{
* @throws RainTpl_Exception
* @return void
*/
- protected function compileFile( $tpl_basename, $tpl_basedir, $tpl_filename, $cache_dir, $compiled_filename ){
+ protected function compileFile( $tpl_basedir, $tpl_filename, $cache_dir, $compiled_filename ){
//read template file
$this->tpl['source'] = $template_code = file_get_contents( $tpl_filename );
@@ -1036,13 +1035,13 @@ class RainTPL{
$e->getTemplateFile()
);
if ($e instanceof RainTpl_SyntaxException) {
- if (null != $e->getTemplateLine()) {
+ if (null !== $e->getTemplateLine()) {
$output .= 'line: ' . $e->getTemplateLine() . '
';
}
- if (null != $e->getTag()) {
+ if (null !== $e->getTag()) {
$output .= 'in tag: ' . htmlspecialchars($e->getTag()) . '
';
}
- if (null != $e->getTemplateLine() && null != $e->getTag()) {
+ if (null !== $e->getTemplateLine() && null !== $e->getTag()) {
$rows=explode("\n", htmlspecialchars($this->tpl['source']));
$rows[$e->getTemplateLine()] = '' . $rows[$e->getTemplateLine()] . '';
$output .= 'template code
' . implode('
', $rows) . '';
@@ -1162,18 +1161,4 @@ class RainTpl_SyntaxException extends RainTpl_Exception{
}
}
-/**
- * shorthand translate function for use in templates
- *
- * alias for i18n::translate()
- *
- * @access public
- * @param string $messageId
- * @param mixed $args one or multiple parameters injected into placeholders
- * @return string
- */
-function t() {
- return call_user_func_array(array('i18n', 'translate'), func_get_args());
-}
-
// -- end
diff --git a/lib/configuration.php b/lib/configuration.php
index 90149341..dca895b6 100644
--- a/lib/configuration.php
+++ b/lib/configuration.php
@@ -29,7 +29,7 @@ class configuration
*
* @var array
*/
- private $_defaults = array(
+ private static $_defaults = array(
'main' => array(
'discussion' => true,
'opendiscussion' => false,
@@ -97,7 +97,7 @@ class configuration
}
}
$opts = '_options';
- foreach ($this->_defaults as $section => $values)
+ foreach (self::getDefaults() as $section => $values)
{
// fill missing sections with default values
if (!array_key_exists($section, $config) || count($config[$section]) == 0)
@@ -197,6 +197,15 @@ class configuration
return $this->_configuration;
}
+ /**
+ * get default configuration as array
+ *
+ * return array
+ */
+ public static function getDefaults()
+ {
+ return self::$_defaults;
+ }
/**
* get a key from the configuration, typically the main section or all keys
@@ -216,7 +225,6 @@ class configuration
return $this->_configuration[$section][$key];
}
-
/**
* get a section from the configuration, must exist
*
diff --git a/lib/privatebin/db.php b/lib/privatebin/db.php
index 4812250c..2bbc03f6 100644
--- a/lib/privatebin/db.php
+++ b/lib/privatebin/db.php
@@ -102,14 +102,14 @@ class privatebin_db extends privatebin_abstract
$tables = self::$_db->query($tableQuery)->fetchAll(PDO::FETCH_COLUMN, 0);
// create paste table if necessary
- if (!in_array(self::$_prefix . 'paste', $tables))
+ if (!in_array(self::_sanitizeIdentifier('paste'), $tables))
{
self::_createPasteTable();
$db_tables_exist = false;
}
// create comment table if necessary
- if (!in_array(self::$_prefix . 'comment', $tables))
+ if (!in_array(self::_sanitizeIdentifier('comment'), $tables))
{
self::_createCommentTable();
$db_tables_exist = false;
@@ -117,7 +117,7 @@ class privatebin_db extends privatebin_abstract
// create config table if necessary
$db_version = privatebin::VERSION;
- if (!in_array(self::$_prefix . 'config', $tables))
+ if (!in_array(self::_sanitizeIdentifier('config'), $tables))
{
self::_createConfigTable();
// if we only needed to create the config table, the DB is older then 0.22
@@ -190,7 +190,8 @@ class privatebin_db extends privatebin_abstract
unset($meta['attachmentname']);
}
return self::_exec(
- 'INSERT INTO ' . self::$_prefix . 'paste VALUES(?,?,?,?,?,?,?,?,?)',
+ 'INSERT INTO ' . self::_sanitizeIdentifier('paste') .
+ ' VALUES(?,?,?,?,?,?,?,?,?)',
array(
$pasteid,
$paste['data'],
@@ -219,8 +220,8 @@ class privatebin_db extends privatebin_abstract
) {
self::$_cache[$pasteid] = false;
$paste = self::_select(
- 'SELECT * FROM ' . self::$_prefix . 'paste WHERE dataid = ?',
- array($pasteid), true
+ 'SELECT * FROM ' . self::_sanitizeIdentifier('paste') .
+ ' WHERE dataid = ?', array($pasteid), true
);
if(false !== $paste) {
@@ -279,12 +280,12 @@ class privatebin_db extends privatebin_abstract
public function delete($pasteid)
{
self::_exec(
- 'DELETE FROM ' . self::$_prefix . 'paste WHERE dataid = ?',
- array($pasteid)
+ 'DELETE FROM ' . self::_sanitizeIdentifier('paste') .
+ ' WHERE dataid = ?', array($pasteid)
);
self::_exec(
- 'DELETE FROM ' . self::$_prefix . 'comment WHERE pasteid = ?',
- array($pasteid)
+ 'DELETE FROM ' . self::_sanitizeIdentifier('comment') .
+ ' WHERE pasteid = ?', array($pasteid)
);
if (
array_key_exists($pasteid, self::$_cache)
@@ -319,7 +320,8 @@ class privatebin_db extends privatebin_abstract
public function createComment($pasteid, $parentid, $commentid, $comment)
{
return self::_exec(
- 'INSERT INTO ' . self::$_prefix . 'comment VALUES(?,?,?,?,?,?,?)',
+ 'INSERT INTO ' . self::_sanitizeIdentifier('comment') .
+ ' VALUES(?,?,?,?,?,?,?)',
array(
$commentid,
$pasteid,
@@ -342,8 +344,8 @@ class privatebin_db extends privatebin_abstract
public function readComments($pasteid)
{
$rows = self::_select(
- 'SELECT * FROM ' . self::$_prefix . 'comment WHERE pasteid = ?',
- array($pasteid)
+ 'SELECT * FROM ' . self::_sanitizeIdentifier('comment') .
+ ' WHERE pasteid = ?', array($pasteid)
);
// create comment list
@@ -381,8 +383,8 @@ class privatebin_db extends privatebin_abstract
public function existsComment($pasteid, $parentid, $commentid)
{
return (bool) self::_select(
- 'SELECT dataid FROM ' . self::$_prefix . 'comment ' .
- 'WHERE pasteid = ? AND parentid = ? AND dataid = ?',
+ 'SELECT dataid FROM ' . self::_sanitizeIdentifier('comment') .
+ ' WHERE pasteid = ? AND parentid = ? AND dataid = ?',
array($pasteid, $parentid, $commentid), true
);
}
@@ -495,8 +497,8 @@ class privatebin_db extends privatebin_abstract
private static function _getConfig($key)
{
$row = self::_select(
- 'SELECT value FROM ' . self::$_prefix . 'config WHERE id = ?',
- array($key), true
+ 'SELECT value FROM ' . self::_sanitizeIdentifier('config') .
+ ' WHERE id = ?', array($key), true
);
return $row['value'];
}
@@ -534,7 +536,7 @@ class privatebin_db extends privatebin_abstract
{
list($main_key, $after_key) = self::_getPrimaryKeyClauses();
self::$_db->exec(
- 'CREATE TABLE ' . self::$_prefix . 'paste ( ' .
+ 'CREATE TABLE ' . self::_sanitizeIdentifier('paste') . ' ( ' .
"dataid CHAR(16) NOT NULL$main_key, " .
'data BLOB, ' .
'postdate INT, ' .
@@ -558,7 +560,7 @@ class privatebin_db extends privatebin_abstract
{
list($main_key, $after_key) = self::_getPrimaryKeyClauses();
self::$_db->exec(
- 'CREATE TABLE ' . self::$_prefix . 'comment ( ' .
+ 'CREATE TABLE ' . self::_sanitizeIdentifier('comment') . ' ( ' .
"dataid CHAR(16) NOT NULL$main_key, " .
'pasteid CHAR(16), ' .
'parentid CHAR(16), ' .
@@ -568,7 +570,8 @@ class privatebin_db extends privatebin_abstract
"postdate INT$after_key );"
);
self::$_db->exec(
- 'CREATE INDEX parent ON ' . self::$_prefix . 'comment(pasteid);'
+ 'CREATE INDEX parent ON ' . self::_sanitizeIdentifier('comment') .
+ '(pasteid);'
);
}
@@ -583,15 +586,29 @@ class privatebin_db extends privatebin_abstract
{
list($main_key, $after_key) = self::_getPrimaryKeyClauses('id');
self::$_db->exec(
- 'CREATE TABLE ' . self::$_prefix . 'config ( ' .
- "id CHAR(16) NOT NULL$main_key, value TEXT$after_key );"
+ 'CREATE TABLE ' . self::_sanitizeIdentifier('config') .
+ " ( id CHAR(16) NOT NULL$main_key, value TEXT$after_key );"
);
self::_exec(
- 'INSERT INTO ' . self::$_prefix . 'config VALUES(?,?)',
+ 'INSERT INTO ' . self::_sanitizeIdentifier('config') .
+ ' VALUES(?,?)',
array('VERSION', privatebin::VERSION)
);
}
+ /**
+ * sanitizes identifiers
+ *
+ * @access private
+ * @static
+ * @param string $identifier
+ * @return string
+ */
+ private static function _sanitizeIdentifier($identifier)
+ {
+ return self::$_prefix . preg_replace('/[^A-Za-z0-9_]+/', '', $identifier);
+ }
+
/**
* upgrade the database schema from an old version
*
diff --git a/lib/request.php b/lib/request.php
index 6f851e7b..7ada509c 100644
--- a/lib/request.php
+++ b/lib/request.php
@@ -257,4 +257,4 @@ class request
}
return false;
}
-}
\ No newline at end of file
+}
diff --git a/lib/vizhash16x16.php b/lib/vizhash16x16.php
index 381e5b0a..6c87a04a 100644
--- a/lib/vizhash16x16.php
+++ b/lib/vizhash16x16.php
@@ -91,10 +91,11 @@ class vizhash16x16
// We hash the input string.
$hash=hash('sha1',$text.$this->salt).hash('md5',$text.$this->salt);
$hash=$hash.strrev($hash); # more data to make graphics
+ $hashlen=strlen($hash);
// We convert the hash into an array of integers.
$this->VALUES=array();
- for($i=0; $iVALUES,hexdec(substr($hash,$i,2))); }
+ for($i=0; $i<$hashlen; $i=$i+2){ array_push($this->VALUES,hexdec(substr($hash,$i,2))); }
$this->VALUES_INDEX=0; // to walk the array.
// Then use these integers to drive the creation of an image.
diff --git a/tpl/bootstrap-compact.html b/tpl/bootstrap-compact.html
index 71cbcc3e..f6caaaef 100644
--- a/tpl/bootstrap-compact.html
+++ b/tpl/bootstrap-compact.html
@@ -5,7 +5,7 @@
- {function="t('PrivateBin')"}
+ {function="i18n::_('PrivateBin')"}
{if="$SYNTAXHIGHLIGHTING"}
@@ -34,24 +34,24 @@