Chapril/paste.chapril.org-privatebin
Chapril/paste.chapril.org-privatebin
25
1
Fork 0
Code Issues Releases Wiki Activity

switching to full JSON API without POST array use, ensure all JSON operations are done with error detection

Browse Source
This commit is contained in:
El RIDO 2019-05-13 22:31:52 +02:00
parent be1e7babc0
commit cc1c55129f
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92
14 changed files with 187 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
js/privatebin.js
View File

@ -3715,6 +3715,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
type: isPost ? 'POST' : 'GET', type: isPost ? 'POST' : 'GET',
url: url, url: url,
headers: ajaxHeaders, headers: ajaxHeaders,
dataType: 'json',
success: function(result) { success: function(result) {
if (result.status === 0) { if (result.status === 0) {
success(0, result); success(0, result);
@ -3726,13 +3727,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
} }
}; };
if (isPost) { if (isPost) {
ajaxParams.data = data; ajaxParams.data = JSON.stringify(data);
['adata', 'meta'].map(function (key) {
if (data.hasOwnProperty(key)) {
ajaxParams.data[key] = JSON.stringify(data[key]);
}
});
ajaxParams.dataType = 'json';
} }
$.ajax(ajaxParams).fail(function(jqXHR, textStatus, errorThrown) { $.ajax(ajaxParams).fail(function(jqXHR, textStatus, errorThrown) {
console.error(textStatus, errorThrown); console.error(textStatus, errorThrown);

5
lib/Controller.php
View File

@ -154,6 +154,7 @@ class Controller
* initialize PrivateBin * initialize PrivateBin
* *
* @access private * @access private
* @throws Exception
*/ */
private function _init() private function _init()
{ {
@ -206,7 +207,6 @@ class Controller
); );
} }
// Ensure content is not too big.
$data = $this->_request->getData(); $data = $this->_request->getData();
$isComment = array_key_exists('pasteid', $data) && $isComment = array_key_exists('pasteid', $data) &&
!empty($data['pasteid']) && !empty($data['pasteid']) &&
@ -216,6 +216,7 @@ class Controller
return $this->_return_message(1, 'Invalid data.'); return $this->_return_message(1, 'Invalid data.');
} }
$sizelimit = $this->_conf->getKey('sizelimit'); $sizelimit = $this->_conf->getKey('sizelimit');
// Ensure content is not too big.
if (strlen($data['ct']) > $sizelimit) { if (strlen($data['ct']) > $sizelimit) {
return $this->_return_message( return $this->_return_message(
1, 1,
@ -432,6 +433,6 @@ class Controller
$result['url'] = $this->_urlBase . '?' . $message; $result['url'] = $this->_urlBase . '?' . $message;
} }
$result += $other; $result += $other;
$this->_json = json_encode($result); $this->_json = Json::encode($result);
} }
} }

13
lib/Data/Database.php
View File

@ -16,6 +16,7 @@ use Exception;
use PDO; use PDO;
use PDOException; use PDOException;
use PrivateBin\Controller; use PrivateBin\Controller;
use PrivateBin\Json;
/** /**
* Database * Database
@ -204,12 +205,12 @@ class Database extends AbstractData
' VALUES(?,?,?,?,?,?,?,?,?)', ' VALUES(?,?,?,?,?,?,?,?,?)',
array( array(
$pasteid, $pasteid,
$isVersion1 ? $paste['data'] : json_encode($paste), $isVersion1 ? $paste['data'] : Json::encode($paste),
$created, $created,
$expire_date, $expire_date,
(int) $opendiscussion, (int) $opendiscussion,
(int) $burnafterreading, (int) $burnafterreading,
json_encode($meta), Json::encode($meta),
$attachment, $attachment,
$attachmentname, $attachmentname,
) )
@ -239,7 +240,7 @@ class Database extends AbstractData
return false; return false;
} }
// create array // create array
$data = json_decode($paste['data'], true); $data = Json::decode($paste['data']);
$isVersion2 = array_key_exists('v', $data) && $data['v'] >= 2; $isVersion2 = array_key_exists('v', $data) && $data['v'] >= 2;
if ($isVersion2) { if ($isVersion2) {
self::$_cache[$pasteid] = $data; self::$_cache[$pasteid] = $data;
@ -249,7 +250,7 @@ class Database extends AbstractData
list($createdKey) = self::_getVersionedKeys(1); list($createdKey) = self::_getVersionedKeys(1);
} }
$paste['meta'] = json_decode($paste['meta'], true); $paste['meta'] = Json::decode($paste['meta']);
if (!is_array($paste['meta'])) { if (!is_array($paste['meta'])) {
$paste['meta'] = array(); $paste['meta'] = array();
} }
@ -338,7 +339,7 @@ class Database extends AbstractData
$data = $comment['data']; $data = $comment['data'];
} else { } else {
$version = 2; $version = 2;
$data = json_encode($comment); $data = Json::encode($comment);
} }
list($createdKey, $iconKey) = self::_getVersionedKeys($version); list($createdKey, $iconKey) = self::_getVersionedKeys($version);
$meta = $comment['meta']; $meta = $comment['meta'];
@ -382,7 +383,7 @@ class Database extends AbstractData
if (count($rows)) { if (count($rows)) {
foreach ($rows as $row) { foreach ($rows as $row) {
$i = $this->getOpenSlot($comments, (int) $row['postdate']); $i = $this->getOpenSlot($comments, (int) $row['postdate']);
$data = json_decode($row['data'], true); $data = Json::decode($row['data']);
if (array_key_exists('v', $data) && $data['v'] >= 2) { if (array_key_exists('v', $data) && $data['v'] >= 2) {
$version = 2; $version = 2;
$comments[$i] = $data; $comments[$i] = $data;

7
lib/I18n.php
View File

@ -156,9 +156,8 @@ class I18n
// load translations // load translations
self::$_language = $match; self::$_language = $match;
self::$_translations = ($match == 'en') ? array() : json_decode( self::$_translations = ($match == 'en') ? array() : Json::decode(
file_get_contents(self::_getPath($match . '.json')), file_get_contents(self::_getPath($match . '.json'))
true
); );
} }
@ -244,7 +243,7 @@ class I18n
{ {
$file = self::_getPath('languages.json'); $file = self::_getPath('languages.json');
if (count(self::$_languageLabels) == 0 && is_readable($file)) { if (count(self::$_languageLabels) == 0 && is_readable($file)) {
self::$_languageLabels = json_decode(file_get_contents($file), true); self::$_languageLabels = Json::decode(file_get_contents($file));
} }
if (count($languages) == 0) { if (count($languages) == 0) {
return self::$_languageLabels; return self::$_languageLabels;

32
lib/Json.php
View File

@ -33,9 +33,39 @@ class Json
public static function encode($input) public static function encode($input)
{ {
$jsonString = json_encode($input); $jsonString = json_encode($input);
self::_detectError();
return $jsonString;
}
/**
* Returns an array with the contents as described in the given JSON input
*
* @access public
* @static
* @param string $input
* @throws Exception
* @return array
*/
public static function decode($input)
{
$array = json_decode($input, true);
self::_detectError();
return $array;
}
/**
* Detects JSON errors and raises an exception if one is found
*
* @access private
* @static
* @throws Exception
* @return void
*/
private static function _detectError()
{
$errorCode = json_last_error(); $errorCode = json_last_error();
if ($errorCode === JSON_ERROR_NONE) { if ($errorCode === JSON_ERROR_NONE) {
return $jsonString; return;
} }
$message = 'A JSON error occurred'; $message = 'A JSON error occurred';

2
lib/Model/Paste.php
View File

@ -98,7 +98,7 @@ class Paste extends AbstractModel
if ( if (
$this->_store->create( $this->_store->create(
$this->getId(), $this->getId(),
json_decode(json_encode($this->_data), true) $this->_data
) === false ) === false
) { ) {
throw new Exception('Error saving paste. Sorry.', 76); throw new Exception('Error saving paste. Sorry.', 76);

12
lib/Persistence/DataStore.php
View File

@ -45,7 +45,10 @@ class DataStore extends AbstractPersistence
$filename = substr($filename, strlen($path)); $filename = substr($filename, strlen($path));
} }
try { try {
self::_store($filename, self::PROTECTION_LINE . PHP_EOL . Json::encode($data)); self::_store(
$filename,
self::PROTECTION_LINE . PHP_EOL . Json::encode($data)
);
return true; return true;
} catch (Exception $e) { } catch (Exception $e) {
return false; return false;
@ -62,7 +65,12 @@ class DataStore extends AbstractPersistence
*/ */
public static function get($filename) public static function get($filename)
{ {
return json_decode(substr(file_get_contents($filename), strlen(self::PROTECTION_LINE . PHP_EOL)), true); return Json::decode(
substr(
file_get_contents($filename),
strlen(self::PROTECTION_LINE . PHP_EOL)
)
);
} }
/** /**

12
lib/Request.php
View File

@ -107,10 +107,10 @@ class Request
switch (array_key_exists('REQUEST_METHOD', $_SERVER) ? $_SERVER['REQUEST_METHOD'] : 'GET') { switch (array_key_exists('REQUEST_METHOD', $_SERVER) ? $_SERVER['REQUEST_METHOD'] : 'GET') {
case 'DELETE': case 'DELETE':
case 'PUT': case 'PUT':
parse_str(file_get_contents(self::$_inputStream), $this->_params);
break;
case 'POST': case 'POST':
$this->_params = $_POST; $this->_params = Json::decode(
file_get_contents(self::$_inputStream)
);
break; break;
default: default:
$this->_params = $_GET; $this->_params = $_GET;
@ -161,15 +161,15 @@ class Request
public function getData() public function getData()
{ {
$data = array( $data = array(
'adata' => json_decode($this->getParam('adata', '[]'), true), 'adata' => $this->getParam('adata', array()),
); );
$required_keys = array('v', 'ct'); $required_keys = array('v', 'ct');
$meta = $this->getParam('meta'); $meta = $this->getParam('meta', array());
if (empty($meta)) { if (empty($meta)) {
$required_keys[] = 'pasteid'; $required_keys[] = 'pasteid';
$required_keys[] = 'parentid'; $required_keys[] = 'parentid';
} else { } else {
$data['meta'] = json_decode($meta, true); $data['meta'] = $meta;
} }
foreach ($required_keys as $key) { foreach ($required_keys as $key) {
$data[$key] = $this->getParam($key); $data[$key] = $this->getParam($key);

2
tpl/bootstrap.php
View File

@ -71,7 +71,7 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-vFGSFJnVh1RWRo5e1F4ig6UBs3QnPfM8hZ9CnnTN9QTWtLY/urdVWSJFZYAqzU3zADw0LvqS/GxJnkkza0tTzQ==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-YCn+cUn5IWzAnD+URrUMfDVZ9SjPtPw//qVIYf7ZIMxmh+oODCN/NbZq30K/8ldA1Al0udP5RQg4PyE6j6wdBQ==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->

2
tpl/page.php
View File

@ -49,7 +49,7 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-vFGSFJnVh1RWRo5e1F4ig6UBs3QnPfM8hZ9CnnTN9QTWtLY/urdVWSJFZYAqzU3zADw0LvqS/GxJnkkza0tTzQ==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-YCn+cUn5IWzAnD+URrUMfDVZ9SjPtPw//qVIYf7ZIMxmh+oODCN/NbZq30K/8ldA1Al0udP5RQg4PyE6j6wdBQ==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->

13
tst/Bootstrap.php
View File

@ -166,12 +166,9 @@ class Helper
* @param array $meta * @param array $meta
* @return array * @return array
*/ */
public static function getPastePostJson($version = 2, array $meta = array()) public static function getPasteJson($version = 2, array $meta = array())
{ {
$example = self::getPastePost($version, $meta); return json_encode(self::getPastePost($version, $meta));
$example['adata'] = json_encode($example['adata']);
$example['meta'] = json_encode($example['meta']);
return $example;
} }
/** /**
@ -223,11 +220,9 @@ class Helper
* @param int $version * @param int $version
* @return array * @return array
*/ */
public static function getCommentPostJson() public static function getCommentJson()
{ {
$example = self::getCommentPost(); return json_encode(self::getCommentPost());
$example['adata'] = json_encode($example['adata']);
return $example;
} }
/** /**

126
tst/ControllerTest.php
View File

@ -4,6 +4,7 @@ use PrivateBin\Controller;
use PrivateBin\Data\Filesystem; use PrivateBin\Data\Filesystem;
use PrivateBin\Persistence\ServerSalt; use PrivateBin\Persistence\ServerSalt;
use PrivateBin\Persistence\TrafficLimiter; use PrivateBin\Persistence\TrafficLimiter;
use PrivateBin\Request;
class ControllerTest extends PHPUnit_Framework_TestCase class ControllerTest extends PHPUnit_Framework_TestCase
{ {
@ -131,10 +132,13 @@ class ControllerTest extends PHPUnit_Framework_TestCase
*/ */
public function testHtaccess() public function testHtaccess()
{ {
$file = $this->_path . DIRECTORY_SEPARATOR . '.htaccess'; $htaccess = $this->_path . DIRECTORY_SEPARATOR . '.htaccess';
@unlink($file); @unlink($htaccess);
$_POST = Helper::getPastePostJson(); $paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
@ -142,7 +146,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
new Controller; new Controller;
ob_end_clean(); ob_end_clean();
$this->assertFileExists($file, 'htaccess recreated'); $this->assertFileExists($htaccess, 'htaccess recreated');
} }
/** /**
@ -163,7 +167,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true); $options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0; $options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options); Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson(); $paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
@ -190,7 +197,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true); $options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0; $options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options); Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson(2, array('expire' => 25)); $paste = Helper::getPasteJson(2, array('expire' => 25));
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
@ -219,7 +229,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options['main']['sizelimit'] = 10; $options['main']['sizelimit'] = 10;
$options['traffic']['limit'] = 0; $options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options); Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson(); $paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
@ -240,7 +253,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true); $options = parse_ini_file(CONF, true);
$options['traffic']['header'] = 'X_FORWARDED_FOR'; $options['traffic']['header'] = 'X_FORWARDED_FOR';
Helper::createIniFile(CONF, $options); Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson(); $paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_FORWARDED_FOR'] = '::2'; $_SERVER['HTTP_X_FORWARDED_FOR'] = '::2';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
@ -269,7 +285,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options['traffic']['limit'] = 0; $options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options); Helper::createIniFile(CONF, $options);
$this->_model->create(Helper::getPasteId(), Helper::getPaste()); $this->_model->create(Helper::getPasteId(), Helper::getPaste());
$_POST = Helper::getPastePostJson(); $paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
@ -290,9 +309,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true); $options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0; $options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options); Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson(); $paste = Helper::getPasteJson();
$_POST['expire'] = '5min'; $file = tempnam(sys_get_temp_dir(), 'FOO');
$_POST['formatter'] = 'foo'; file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
@ -321,9 +341,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true); $options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0; $options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options); Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson(); $paste = Helper::getPasteJson();
$_POST['expire'] = '5min'; $file = tempnam(sys_get_temp_dir(), 'FOO');
$_POST['opendiscussion'] = '1'; file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
@ -353,8 +374,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true); $options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0; $options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options); Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson(); $paste = Helper::getPasteJson(2, array('expire' => 'foo'));
$_POST['expire'] = 'foo'; $file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
@ -381,10 +404,11 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true); $options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0; $options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options); Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson(); $paste = Helper::getPastePost();
$adata = Helper::getPaste()['adata']; $paste['adata'][3] = 'neither 1 nor 0';
$adata[3] = 'neither 1 nor 0'; $file = tempnam(sys_get_temp_dir(), 'FOO');
$_POST['adata'] = json_encode($adata); file_put_contents($file, json_encode($paste));
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
@ -405,10 +429,11 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true); $options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0; $options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options); Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson(); $paste = Helper::getPastePost();
$adata = Helper::getPaste()['adata']; $paste['adata'][2] = 'neither 1 nor 0';
$adata[2] = 'neither 1 nor 0'; $file = tempnam(sys_get_temp_dir(), 'FOO');
$_POST['adata'] = json_encode($adata); file_put_contents($file, json_encode($paste));
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
@ -426,21 +451,20 @@ class ControllerTest extends PHPUnit_Framework_TestCase
* silently removed, check that this case is handled * silently removed, check that this case is handled
* *
* @runInSeparateProcess * @runInSeparateProcess
* @expectedException Exception
* @expectedExceptionCode 90
*/ */
public function testCreateBrokenUpload() public function testCreateBrokenUpload()
{ {
$_POST = Helper::getPastePostJson(); $paste = substr(Helper::getPasteJson(), 0, -10);
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
$_POST['ct'] = ' ';
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste does not exists before posting data'); $this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste does not exists before posting data');
ob_start();
new Controller; new Controller;
$content = ob_get_contents();
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data'); $this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data');
} }
@ -449,7 +473,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
*/ */
public function testCreateTooSoon() public function testCreateTooSoon()
{ {
$_POST = Helper::getPastePostJson(); $paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
@ -474,7 +501,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true); $options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0; $options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options); Helper::createIniFile(CONF, $options);
$_POST = Helper::getCommentPostJson(); $comment = Helper::getCommentJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $comment);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
@ -496,8 +526,11 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true); $options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0; $options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options); Helper::createIniFile(CONF, $options);
$_POST = Helper::getCommentPostJson(); $comment = Helper::getCommentPost();
$_POST['parentid'] = 'foo'; $comment['parentid'] = 'foo';
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, json_encode($comment));
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
@ -519,7 +552,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true); $options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0; $options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options); Helper::createIniFile(CONF, $options);
$_POST = Helper::getCommentPostJson(); $comment = Helper::getCommentJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $comment);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
@ -543,7 +579,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true); $options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0; $options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options); Helper::createIniFile(CONF, $options);
$_POST = Helper::getCommentPostJson(); $comment = Helper::getCommentJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $comment);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
@ -567,7 +606,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$this->_model->create(Helper::getPasteId(), Helper::getPaste()); $this->_model->create(Helper::getPasteId(), Helper::getPaste());
$this->_model->createComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId(), Helper::getComment()); $this->_model->createComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId(), Helper::getComment());
$this->assertTrue($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId()), 'comment exists before posting data'); $this->assertTrue($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId()), 'comment exists before posting data');
$_POST = Helper::getCommentPostJson(); $comment = Helper::getCommentJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $comment);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
@ -829,7 +871,11 @@ class ControllerTest extends PHPUnit_Framework_TestCase
{ {
$this->_model->create(Helper::getPasteId(), Helper::getPaste()); $this->_model->create(Helper::getPasteId(), Helper::getPaste());
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data'); $this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
$_POST['deletetoken'] = 'burnafterreading'; $file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, json_encode(array(
'deletetoken' => 'burnafterreading',
)));
Request::setInputStream($file);
$_SERVER['QUERY_STRING'] = Helper::getPasteId(); $_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = ''; $_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';

17
tst/JsonApiTest.php
View File

@ -48,7 +48,10 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true); $options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0; $options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options); Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson(); $paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1'; $_SERVER['REMOTE_ADDR'] = '::1';
@ -77,9 +80,9 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true); $options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0; $options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options); Helper::createIniFile(CONF, $options);
$paste = Helper::getPastePostJson(); $paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO'); $file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, http_build_query($paste)); file_put_contents($file, $paste);
Request::setInputStream($file); Request::setInputStream($file);
$_SERVER['QUERY_STRING'] = Helper::getPasteId(); $_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = ''; $_GET[Helper::getPasteId()] = '';
@ -113,7 +116,7 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data'); $this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
$paste = $this->_model->read(Helper::getPasteId()); $paste = $this->_model->read(Helper::getPasteId());
$file = tempnam(sys_get_temp_dir(), 'FOO'); $file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, http_build_query(array( file_put_contents($file, json_encode(array(
'deletetoken' => hash_hmac('sha256', Helper::getPasteId(), $paste['meta']['salt']), 'deletetoken' => hash_hmac('sha256', Helper::getPasteId(), $paste['meta']['salt']),
))); )));
Request::setInputStream($file); Request::setInputStream($file);
@ -139,10 +142,12 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
$this->_model->create(Helper::getPasteId(), Helper::getPaste()); $this->_model->create(Helper::getPasteId(), Helper::getPaste());
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data'); $this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
$paste = $this->_model->read(Helper::getPasteId()); $paste = $this->_model->read(Helper::getPasteId());
$_POST = array( $file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, json_encode(array(
'pasteid' => Helper::getPasteId(), 'pasteid' => Helper::getPasteId(),
'deletetoken' => hash_hmac('sha256', Helper::getPasteId(), $paste['meta']['salt']), 'deletetoken' => hash_hmac('sha256', Helper::getPasteId(), $paste['meta']['salt']),
); )));
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
ob_start(); ob_start();

10
tst/RequestTest.php
View File

@ -93,7 +93,7 @@ class RequestTest extends PHPUnit_Framework_TestCase
$_SERVER['REQUEST_METHOD'] = 'PUT'; $_SERVER['REQUEST_METHOD'] = 'PUT';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$file = tempnam(sys_get_temp_dir(), 'FOO'); $file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, 'ct=foo'); file_put_contents($file, '{"ct":"foo"}');
Request::setInputStream($file); Request::setInputStream($file);
$request = new Request; $request = new Request;
unlink($file); unlink($file);
@ -107,7 +107,9 @@ class RequestTest extends PHPUnit_Framework_TestCase
$this->reset(); $this->reset();
$_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['HTTP_ACCEPT'] = 'application/json, text/javascript, */*; q=0.01'; $_SERVER['HTTP_ACCEPT'] = 'application/json, text/javascript, */*; q=0.01';
$_POST['ct'] = 'foo'; $file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, '{"ct":"foo"}');
Request::setInputStream($file);
$request = new Request; $request = new Request;
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call'); $this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
$this->assertEquals('create', $request->getOperation()); $this->assertEquals('create', $request->getOperation());
@ -136,7 +138,9 @@ class RequestTest extends PHPUnit_Framework_TestCase
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['QUERY_STRING'] = $id; $_SERVER['QUERY_STRING'] = $id;
$_GET = array($id => ''); $_GET = array($id => '');
$_POST['deletetoken'] = 'bar'; $file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, '{"deletetoken":"bar"}');
Request::setInputStream($file);
$request = new Request; $request = new Request;
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call'); $this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
$this->assertEquals('delete', $request->getOperation()); $this->assertEquals('delete', $request->getOperation());