diff --git a/lib/Data/Filesystem.php b/lib/Data/Filesystem.php index 1f00b577..0c152316 100644 --- a/lib/Data/Filesystem.php +++ b/lib/Data/Filesystem.php @@ -22,6 +22,22 @@ use PrivateBin\Json; */ class Filesystem extends AbstractData { + /** + * glob() pattern of the two folder levels and the paste files under the + * configured path. Needs to return both files with and without .php suffix, + * so they can be hardened by _prependRename(), which is hooked into exists(). + * + * > Note that wildcard patterns are not regular expressions, although they + * > are a bit similar. + * + * @link https://man7.org/linux/man-pages/man7/glob.7.html + * @const string + */ + const PASTE_FILE_PATTERN = DIRECTORY_SEPARATOR . '[a-f0-9][a-f0-9]' . + DIRECTORY_SEPARATOR . '[a-f0-9][a-f0-9]' . DIRECTORY_SEPARATOR . + '[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]' . + '[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]*'; + /** * first line in paste or comment files, to protect their contents from browsing exposed data directories * @@ -341,10 +357,9 @@ class Filesystem extends AbstractData protected function _getExpiredPastes($batchsize) { $pastes = array(); - $files = $this->_getPasteIterator(); $count = 0; $time = time(); - foreach ($files as $file) { + foreach ($this->_getPasteIterator() as $file) { if ($file->isDir()) { continue; } @@ -372,8 +387,7 @@ class Filesystem extends AbstractData public function getAllPastes() { $pastes = array(); - $files = $this->_getPasteIterator(); - foreach ($files as $file) { + foreach ($this->_getPasteIterator() as $file) { if ($file->isFile()) { $pastes[] = $file->getBasename('.php'); } @@ -419,19 +433,16 @@ class Filesystem extends AbstractData /** * Get an iterator matching paste files. + * + * Note that creating the iterator issues the glob() call, so we can't pre- + * generate this object before files that should get matched exist. * * @access private * @return \GlobIterator */ private function _getPasteIterator() { - return new \GlobIterator($this->_path . DIRECTORY_SEPARATOR . - '[a-f0-9][a-f0-9]' . DIRECTORY_SEPARATOR . - '[a-f0-9][a-f0-9]' . DIRECTORY_SEPARATOR . - '[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]' . - '[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]*'); - // need to return both files with and without .php suffix, so they can - // be hardened by _prependRename(), which is hooked into exists() + return new \GlobIterator($this->_path . self::PASTE_FILE_PATTERN); } /** diff --git a/lib/View.php b/lib/View.php index c6332a33..d35906fb 100644 --- a/lib/View.php +++ b/lib/View.php @@ -6,7 +6,7 @@ * * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) - * @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License + * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License * @version 1.4.0 */ diff --git a/lib/Vizhash16x16.php b/lib/Vizhash16x16.php index 351ba969..34d09cd6 100644 --- a/lib/Vizhash16x16.php +++ b/lib/Vizhash16x16.php @@ -5,7 +5,7 @@ * Visual Hash implementation in php4+GD, * stripped down and modified version for PrivateBin * - * @link http://sebsauvage.net/wiki/doku.php?id=php:vizhash_gd + * @link https://sebsauvage.net/wiki/doku.php?id=php:vizhash_gd * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License * @version 0.0.5 beta PrivateBin 1.4.0 @@ -166,7 +166,7 @@ class Vizhash16x16 * Gradient function * * taken from: - * http://www.supportduweb.com/scripts_tutoriaux-code-source-41-gd-faire-un-degrade-en-php-gd-fonction-degrade-imagerie.html + * @link https://www.supportduweb.com/scripts_tutoriaux-code-source-41-gd-faire-un-degrade-en-php-gd-fonction-degrade-imagerie.html * * @access private * @param resource $img