Merge remote-tracking branch 'origin/master' into php8

This commit is contained in:
github-actions[bot] 2022-11-18 04:37:18 +00:00
commit e888877f23
3 changed files with 25 additions and 14 deletions

View File

@ -22,6 +22,22 @@ use PrivateBin\Json;
*/ */
class Filesystem extends AbstractData class Filesystem extends AbstractData
{ {
/**
* glob() pattern of the two folder levels and the paste files under the
* configured path. Needs to return both files with and without .php suffix,
* so they can be hardened by _prependRename(), which is hooked into exists().
*
* > Note that wildcard patterns are not regular expressions, although they
* > are a bit similar.
*
* @link https://man7.org/linux/man-pages/man7/glob.7.html
* @const string
*/
const PASTE_FILE_PATTERN = DIRECTORY_SEPARATOR . '[a-f0-9][a-f0-9]' .
DIRECTORY_SEPARATOR . '[a-f0-9][a-f0-9]' . DIRECTORY_SEPARATOR .
'[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]' .
'[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]*';
/** /**
* first line in paste or comment files, to protect their contents from browsing exposed data directories * first line in paste or comment files, to protect their contents from browsing exposed data directories
* *
@ -341,10 +357,9 @@ class Filesystem extends AbstractData
protected function _getExpiredPastes($batchsize) protected function _getExpiredPastes($batchsize)
{ {
$pastes = array(); $pastes = array();
$files = $this->_getPasteIterator();
$count = 0; $count = 0;
$time = time(); $time = time();
foreach ($files as $file) { foreach ($this->_getPasteIterator() as $file) {
if ($file->isDir()) { if ($file->isDir()) {
continue; continue;
} }
@ -372,8 +387,7 @@ class Filesystem extends AbstractData
public function getAllPastes() public function getAllPastes()
{ {
$pastes = array(); $pastes = array();
$files = $this->_getPasteIterator(); foreach ($this->_getPasteIterator() as $file) {
foreach ($files as $file) {
if ($file->isFile()) { if ($file->isFile()) {
$pastes[] = $file->getBasename('.php'); $pastes[] = $file->getBasename('.php');
} }
@ -420,18 +434,15 @@ class Filesystem extends AbstractData
/** /**
* Get an iterator matching paste files. * Get an iterator matching paste files.
* *
* Note that creating the iterator issues the glob() call, so we can't pre-
* generate this object before files that should get matched exist.
*
* @access private * @access private
* @return \GlobIterator * @return \GlobIterator
*/ */
private function _getPasteIterator() private function _getPasteIterator()
{ {
return new \GlobIterator($this->_path . DIRECTORY_SEPARATOR . return new \GlobIterator($this->_path . self::PASTE_FILE_PATTERN);
'[a-f0-9][a-f0-9]' . DIRECTORY_SEPARATOR .
'[a-f0-9][a-f0-9]' . DIRECTORY_SEPARATOR .
'[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]' .
'[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]*');
// need to return both files with and without .php suffix, so they can
// be hardened by _prependRename(), which is hooked into exists()
} }
/** /**

View File

@ -6,7 +6,7 @@
* *
* @link https://github.com/PrivateBin/PrivateBin * @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.4.0 * @version 1.4.0
*/ */

View File

@ -5,7 +5,7 @@
* Visual Hash implementation in php4+GD, * Visual Hash implementation in php4+GD,
* stripped down and modified version for PrivateBin * stripped down and modified version for PrivateBin
* *
* @link http://sebsauvage.net/wiki/doku.php?id=php:vizhash_gd * @link https://sebsauvage.net/wiki/doku.php?id=php:vizhash_gd
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 0.0.5 beta PrivateBin 1.4.0 * @version 0.0.5 beta PrivateBin 1.4.0
@ -166,7 +166,7 @@ class Vizhash16x16
* Gradient function * Gradient function
* *
* taken from: * taken from:
* http://www.supportduweb.com/scripts_tutoriaux-code-source-41-gd-faire-un-degrade-en-php-gd-fonction-degrade-imagerie.html * @link https://www.supportduweb.com/scripts_tutoriaux-code-source-41-gd-faire-un-degrade-en-php-gd-fonction-degrade-imagerie.html
* *
* @access private * @access private
* @param resource $img * @param resource $img