From d6f203dc4cd6770c0405e28466e48feae02f6c6f Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sun, 27 May 2018 15:05:31 +0200 Subject: [PATCH] Removed option to hide clone button on expiring pastes, since this requires reading the paste for rendering the template, which leaks information on the pastes state --- CHANGELOG.md | 1 + cfg/conf.sample.php | 4 ---- lib/Configuration.php | 1 - lib/PrivateBin.php | 20 +------------------- tpl/bootstrap.php | 6 ------ tpl/page.php | 6 ------ tst/ViewTest.php | 1 - 7 files changed, 2 insertions(+), 37 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8e77d866..ff497129 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ * CHANGED: Minimum required PHP version is 5.4 (#186) * CHANGED: Shipped .htaccess files were updated for Apache 2.4 (#192) * CHANGED: Cleanup of bootstrap template variants and moved icons to `img` directory + * CHANGED: Removed option to hide clone button on expiring pastes, since this requires reading the paste for rendering the template, which leaks information on the pastes state * **1.1.1 (2017-10-06)** * CHANGED: Switched to `.php` file extension for configuration file, to avoid leaking configuration data in unprotected installation. * **1.1 (2016-12-26)** diff --git a/cfg/conf.sample.php b/cfg/conf.sample.php index 145529a8..0f71c87d 100644 --- a/cfg/conf.sample.php +++ b/cfg/conf.sample.php @@ -81,10 +81,6 @@ zerobincompatibility = false ; make sure the value exists in [expire_options] default = "1week" -; optionally the "clone" button can be disabled on expiring pastes -; note that this only hides the button, copy & paste is still possible -; clone = false - [expire_options] ; Set each one of these to the number of seconds in the expiration period, ; or 0 if it should never expire diff --git a/lib/Configuration.php b/lib/Configuration.php index 35c0960f..48105692 100644 --- a/lib/Configuration.php +++ b/lib/Configuration.php @@ -58,7 +58,6 @@ class Configuration ), 'expire' => array( 'default' => '1week', - 'clone' => true, ), 'expire_options' => array( '5min' => 300, diff --git a/lib/PrivateBin.php b/lib/PrivateBin.php index ef35301f..33802e1d 100644 --- a/lib/PrivateBin.php +++ b/lib/PrivateBin.php @@ -52,22 +52,6 @@ class PrivateBin */ private $_conf; - /** - * data - * - * @access private - * @var string - */ - private $_data = ''; - - /** - * does the paste expire - * - * @access private - * @var bool - */ - private $_doesExpire = false; - /** * error message * @@ -370,8 +354,7 @@ class PrivateBin try { $paste = $this->_model->getPaste($dataid); if ($paste->exists()) { - $data = $paste->get(); - $this->_doesExpire = property_exists($data, 'meta') && property_exists($data->meta, 'expire_date'); + $data = $paste->get(); if (property_exists($data->meta, 'salt')) { unset($data->meta->salt); } @@ -440,7 +423,6 @@ class PrivateBin $page->assign('LANGUAGES', I18n::getLanguageLabels(I18n::getAvailableLanguages())); $page->assign('EXPIRE', $expire); $page->assign('EXPIREDEFAULT', $this->_conf->getKey('default', 'expire')); - $page->assign('EXPIRECLONE', !$this->_doesExpire || ($this->_doesExpire && $this->_conf->getKey('clone', 'expire'))); $page->assign('URLSHORTENER', $this->_conf->getKey('urlshortener')); $page->assign('QRCODE', $this->_conf->getKey('qrcode')); $page->draw($this->_conf->getKey('template')); diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php index 9f600606..605737ff 100644 --- a/tpl/bootstrap.php +++ b/tpl/bootstrap.php @@ -164,15 +164,9 @@ else: endif; ?> - - diff --git a/tpl/page.php b/tpl/page.php index d2b04fc8..5533f550 100644 --- a/tpl/page.php +++ b/tpl/page.php @@ -98,13 +98,7 @@ endif; - - assign('LANGUAGES', I18n::getLanguageLabels(I18n::getAvailableLanguages())); $page->assign('EXPIRE', self::$expire); $page->assign('EXPIREDEFAULT', self::$expire_default); - $page->assign('EXPIRECLONE', true); $page->assign('URLSHORTENER', ''); $page->assign('QRCODE', true);