2021-07-10 19:18:17 +01:00
|
|
|
<?php
|
|
|
|
|
/*
|
|
|
|
|
* Paste <https://github.com/jordansamuel/PASTE>
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
|
* as published by the Free Software Foundation; either version 3
|
|
|
|
|
* of the License, or (at your option) any later version.
|
2021-07-16 09:53:34 -04:00
|
|
|
*
|
2021-07-10 19:18:17 +01:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License in GPL.txt for more details.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
// UTF-8
|
|
|
|
|
header('Content-Type: text/html; charset=utf-8');
|
|
|
|
|
|
|
|
|
|
// Required functions
|
2021-07-11 11:54:37 -04:00
|
|
|
define('IN_PONEPASTE', 1);
|
2021-07-10 18:21:03 -04:00
|
|
|
require_once('includes/common.php');
|
2021-07-10 19:18:17 +01:00
|
|
|
require_once('includes/geshi.php');
|
|
|
|
|
require_once('includes/functions.php');
|
2021-08-05 08:18:32 -04:00
|
|
|
require_once('includes/Tag.class.php');
|
|
|
|
|
require_once('includes/passwords.php');
|
2021-07-10 19:18:17 +01:00
|
|
|
|
2021-07-11 12:18:57 -04:00
|
|
|
require_once('includes/Parsedown/Parsedown.php');
|
|
|
|
|
require_once('includes/Parsedown/ParsedownExtra.php');
|
|
|
|
|
require_once('includes/Parsedown/SecureParsedown.php');
|
2021-07-10 19:18:17 +01:00
|
|
|
|
2021-08-17 13:26:26 -04:00
|
|
|
function rawView($content, $p_code) {
|
|
|
|
|
if ($p_code) {
|
|
|
|
|
header('Content-Type: text/plain');
|
|
|
|
|
echo $content;
|
|
|
|
|
} else {
|
|
|
|
|
header('HTTP/1.1 404 Not Found');
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-11 11:54:37 -04:00
|
|
|
$paste_id = intval(trim($_REQUEST['id']));
|
2021-07-10 19:18:17 +01:00
|
|
|
|
2021-07-10 18:21:03 -04:00
|
|
|
updatePageViews($conn);
|
2021-07-10 19:18:17 +01:00
|
|
|
|
2021-07-11 11:54:37 -04:00
|
|
|
// Get paste favorite count
|
2021-07-16 09:53:34 -04:00
|
|
|
$query = $conn->prepare('SELECT COUNT(*) FROM pins WHERE paste_id = ?');
|
2021-07-11 11:54:37 -04:00
|
|
|
$query->execute([$paste_id]);
|
|
|
|
|
$fav_count = intval($query->fetch(PDO::FETCH_NUM)[0]);
|
2021-07-10 19:18:17 +01:00
|
|
|
|
2021-07-10 18:21:03 -04:00
|
|
|
// Get paste info
|
2021-08-05 08:18:32 -04:00
|
|
|
$row = $conn->querySelectOne(
|
2021-08-13 16:43:38 -04:00
|
|
|
'SELECT title, content, visible, code, expiry, pastes.password AS password, created_at, updated_at, encrypt, views, users.username AS member, users.id AS user_id
|
2021-07-14 04:24:14 -04:00
|
|
|
FROM pastes
|
|
|
|
|
INNER JOIN users ON users.id = pastes.user_id
|
2021-08-05 08:18:32 -04:00
|
|
|
WHERE pastes.id = ?', [$paste_id]);
|
|
|
|
|
|
2021-07-11 11:54:37 -04:00
|
|
|
|
|
|
|
|
// This is used in the theme files.
|
|
|
|
|
$totalpastes = getSiteTotalPastes($conn);
|
|
|
|
|
|
2021-08-19 14:54:05 -04:00
|
|
|
$notfound = null;
|
|
|
|
|
$is_private = false;
|
|
|
|
|
|
|
|
|
|
if ($row === null) {
|
2021-07-11 11:54:37 -04:00
|
|
|
header('HTTP/1.1 404 Not Found');
|
|
|
|
|
$notfound = $lang['notfound']; // "Not found";
|
2021-08-19 14:54:05 -04:00
|
|
|
goto Not_Valid_Paste;
|
2021-07-11 11:54:37 -04:00
|
|
|
} else {
|
2021-08-19 14:50:56 -04:00
|
|
|
$paste_owner_id = (int) $row['user_id'];
|
2021-07-14 14:20:43 -04:00
|
|
|
$paste_title = $row['title'];
|
|
|
|
|
$paste_code = $row['code'];
|
|
|
|
|
|
|
|
|
|
$paste = [
|
|
|
|
|
'title' => $paste_title,
|
|
|
|
|
'created_at' => (new DateTime($row['created_at']))->format('jS F Y h:i:s A'),
|
|
|
|
|
'updated_at' => (new DateTime($row['updated_at']))->format('jS F Y h:i:s A'),
|
2021-08-19 14:50:56 -04:00
|
|
|
'user_id' => $paste_owner_id,
|
2021-07-14 14:20:43 -04:00
|
|
|
'member' => $row['member'],
|
|
|
|
|
'views' => $row['views'],
|
2021-08-05 08:18:32 -04:00
|
|
|
'code' => $paste_code,
|
|
|
|
|
'tags' => getPasteTags($conn, $paste_id)
|
2021-07-14 14:20:43 -04:00
|
|
|
];
|
2021-08-17 10:05:37 -04:00
|
|
|
|
2021-07-12 09:03:02 -04:00
|
|
|
$p_content = $row['content'];
|
|
|
|
|
$p_visible = $row['visible'];
|
|
|
|
|
$p_expiry = Trim($row['expiry']);
|
2021-07-11 11:54:37 -04:00
|
|
|
$p_password = $row['password'];
|
2021-08-17 13:26:26 -04:00
|
|
|
$p_encrypt = (bool) $row['encrypt'];
|
2021-07-11 11:54:37 -04:00
|
|
|
|
2021-07-16 09:53:34 -04:00
|
|
|
|
|
|
|
|
$is_private = $row['visible'] === '2';
|
|
|
|
|
$private_error = false;
|
|
|
|
|
|
2021-08-19 14:50:56 -04:00
|
|
|
if ($is_private && (!$current_user || $current_user->user_id !== $paste_owner_id)) {
|
2021-07-16 09:53:34 -04:00
|
|
|
$notfound = $lang['privatepaste']; //" This is a private paste. If you created this paste, please login to view it.";
|
|
|
|
|
$private_error = true;
|
|
|
|
|
goto Not_Valid_Paste;
|
2021-07-10 19:18:17 +01:00
|
|
|
}
|
2021-07-11 11:54:37 -04:00
|
|
|
|
|
|
|
|
if (!empty($p_expiry) && $p_expiry !== 'SELF') {
|
2021-07-12 09:03:02 -04:00
|
|
|
$input_time = $p_expiry;
|
2021-07-10 19:18:17 +01:00
|
|
|
$current_time = mktime(date("H"), date("i"), date("s"), date("n"), date("j"), date("Y"));
|
|
|
|
|
if ($input_time < $current_time) {
|
2021-07-12 09:03:02 -04:00
|
|
|
$notfound = $lang['expired'];
|
2021-07-10 19:18:17 +01:00
|
|
|
$p_private_error = 1;
|
|
|
|
|
goto Not_Valid_Paste;
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-07-11 11:54:37 -04:00
|
|
|
|
2021-08-19 19:44:03 +01:00
|
|
|
if ($p_encrypt == 1) {
|
2021-08-17 13:26:26 -04:00
|
|
|
$p_content = openssl_decrypt($p_content, PP_ENCRYPTION_ALGO, PP_ENCRYPTION_KEY);
|
2021-07-10 19:18:17 +01:00
|
|
|
}
|
2021-07-11 11:54:37 -04:00
|
|
|
|
2021-08-19 14:50:56 -04:00
|
|
|
$op_content = trim(htmlspecialchars_decode($p_content));
|
2021-07-11 11:54:37 -04:00
|
|
|
|
|
|
|
|
// Download the paste
|
2021-07-10 19:18:17 +01:00
|
|
|
if (isset($_GET['download'])) {
|
2021-08-05 08:18:32 -04:00
|
|
|
if ($p_password == "NONE" || $p_password === null) {
|
2021-07-14 14:20:43 -04:00
|
|
|
doDownload($paste_id, $paste_title, $p_member, $op_content, $paste_code);
|
2021-07-10 19:18:17 +01:00
|
|
|
exit();
|
|
|
|
|
} else {
|
|
|
|
|
if (isset($_GET['password'])) {
|
2021-07-17 12:33:08 -04:00
|
|
|
if (pp_password_verify($_GET['password'], $p_password)) {
|
2021-07-14 14:20:43 -04:00
|
|
|
doDownload($paste_id, $paste_title, $p_member, $op_content, $paste_code);
|
2021-07-10 19:18:17 +01:00
|
|
|
exit();
|
|
|
|
|
} else {
|
|
|
|
|
$error = $lang['wrongpassword']; // 'Wrong password';
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$error = $lang['pwdprotected']; // 'Password protected paste';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-07-11 11:54:37 -04:00
|
|
|
|
|
|
|
|
// Raw view
|
2021-07-10 19:18:17 +01:00
|
|
|
if (isset($_GET['raw'])) {
|
2021-08-05 08:18:32 -04:00
|
|
|
if ($p_password == "NONE" || $p_password === null) {
|
2021-08-17 13:26:26 -04:00
|
|
|
rawView($op_content, $paste_code);
|
2021-07-10 19:18:17 +01:00
|
|
|
exit();
|
|
|
|
|
} else {
|
|
|
|
|
if (isset($_GET['password'])) {
|
2021-07-17 12:33:08 -04:00
|
|
|
if (pp_password_verify($_GET['password'], $p_password)) {
|
2021-08-17 13:26:26 -04:00
|
|
|
rawView($op_content, $paste_code);
|
2021-07-10 19:18:17 +01:00
|
|
|
exit();
|
|
|
|
|
} else {
|
|
|
|
|
$error = $lang['wrongpassword']; // 'Wrong password';
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$error = $lang['pwdprotected']; // 'Password protected paste';
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-07-11 11:54:37 -04:00
|
|
|
}
|
|
|
|
|
|
2021-07-10 19:18:17 +01:00
|
|
|
// Preprocess
|
2021-07-12 09:03:02 -04:00
|
|
|
$highlight = array();
|
2021-07-10 19:18:17 +01:00
|
|
|
$prefix_size = strlen('!highlight!');
|
2021-07-16 09:53:34 -04:00
|
|
|
$lines = explode("\n", $p_content);
|
|
|
|
|
$p_content = "";
|
|
|
|
|
foreach ($lines as $idx => $line) {
|
|
|
|
|
if (substr($line, 0, $prefix_size) == '!highlight!') {
|
|
|
|
|
$highlight[] = $idx + 1;
|
|
|
|
|
$line = substr($line, $prefix_size);
|
2021-07-10 19:18:17 +01:00
|
|
|
}
|
2021-07-16 09:53:34 -04:00
|
|
|
$p_content .= $line . "\n";
|
2021-07-11 11:54:37 -04:00
|
|
|
}
|
|
|
|
|
|
2021-07-16 09:53:34 -04:00
|
|
|
$p_content = rtrim($p_content);
|
|
|
|
|
|
2021-07-10 19:18:17 +01:00
|
|
|
// Apply syntax highlight
|
|
|
|
|
$p_content = htmlspecialchars_decode($p_content);
|
2021-07-14 14:20:43 -04:00
|
|
|
if ($paste_code === "pastedown") {
|
2021-07-10 19:18:17 +01:00
|
|
|
$Parsedown = new Parsedown();
|
|
|
|
|
$Parsedown->setSafeMode(true);
|
2021-07-12 09:03:02 -04:00
|
|
|
$p_content = $Parsedown->text($p_content);
|
2021-07-10 19:18:17 +01:00
|
|
|
} else {
|
2021-07-14 14:20:43 -04:00
|
|
|
$geshi = new GeSHi($p_content, $paste_code, 'includes/geshi/');
|
2021-07-11 11:54:37 -04:00
|
|
|
|
2021-07-10 19:18:17 +01:00
|
|
|
$geshi->enable_classes();
|
|
|
|
|
$geshi->set_header_type(GESHI_HEADER_DIV);
|
|
|
|
|
$geshi->set_line_style('color: #aaaaaa; width:auto;');
|
|
|
|
|
$geshi->set_code_style('color: #757584;');
|
|
|
|
|
if (count($highlight)) {
|
|
|
|
|
$geshi->enable_line_numbers(GESHI_NORMAL_LINE_NUMBERS);
|
|
|
|
|
$geshi->highlight_lines_extra($highlight);
|
|
|
|
|
$geshi->set_highlight_lines_extra_style('color:#399bff;background:rgba(38,92,255,0.14);');
|
|
|
|
|
} else {
|
|
|
|
|
$geshi->enable_line_numbers(GESHI_FANCY_LINE_NUMBERS, 2);
|
|
|
|
|
}
|
|
|
|
|
$p_content = $geshi->parse_code();
|
2021-07-12 09:03:02 -04:00
|
|
|
$style = $geshi->get_stylesheet();
|
2021-07-10 19:18:17 +01:00
|
|
|
$ges_style = '<style>' . $style . '</style>';
|
|
|
|
|
}
|
2021-07-11 11:54:37 -04:00
|
|
|
|
|
|
|
|
// Embed view after GeSHI is applied so that $p_code is syntax highlighted as it should be.
|
2021-07-10 19:18:17 +01:00
|
|
|
if (isset($_GET['embed'])) {
|
2021-08-05 08:18:32 -04:00
|
|
|
if ($p_password == "NONE" || $p_password === null) {
|
2021-07-14 14:20:43 -04:00
|
|
|
embedView($paste_id, $paste_title, $p_content, $paste_code, $title, $baseurl, $ges_style, $lang);
|
2021-07-10 19:18:17 +01:00
|
|
|
exit();
|
|
|
|
|
} else {
|
2021-07-12 09:03:02 -04:00
|
|
|
if (isset($_GET['password'])) {
|
2021-07-17 12:33:08 -04:00
|
|
|
if (pp_password_verify($_GET['password'], $p_password)) {
|
2021-07-14 14:20:43 -04:00
|
|
|
embedView($paste_id, $paste_title, $p_content, $paste_code, $title, $p_baseurl, $ges_style, $lang);
|
2021-07-10 19:18:17 +01:00
|
|
|
exit();
|
|
|
|
|
} else {
|
|
|
|
|
$error = $lang['wrongpassword']; // 'Wrong password';
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$error = $lang['pwdprotected']; // 'Password protected paste';
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-07-11 11:54:37 -04:00
|
|
|
}
|
2021-07-10 19:18:17 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
require_once('theme/' . $default_theme . '/header.php');
|
2021-08-05 08:18:32 -04:00
|
|
|
if ($p_password == "NONE" || $p_password === null) {
|
2021-07-10 19:18:17 +01:00
|
|
|
// No password & diplay the paste
|
2021-07-12 09:03:02 -04:00
|
|
|
|
2021-07-10 19:18:17 +01:00
|
|
|
// Set download URL
|
2021-07-26 17:41:54 -04:00
|
|
|
if (PP_MOD_REWRITE) {
|
2021-07-12 09:03:02 -04:00
|
|
|
$p_download = "download/$paste_id";
|
|
|
|
|
$p_raw = "raw/$paste_id";
|
|
|
|
|
$p_embed = "embed/$paste_id";
|
|
|
|
|
} else {
|
2021-07-26 17:41:54 -04:00
|
|
|
$p_download = "paste.php?download&id=$paste_id";
|
|
|
|
|
$p_raw = "paste.php?raw&id=$paste_id";
|
2021-07-12 09:03:02 -04:00
|
|
|
$p_embed = "paste.php?embed&id=$paste_id";
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-26 17:41:54 -04:00
|
|
|
|
2021-07-19 18:38:13 -04:00
|
|
|
// View counter
|
2021-08-13 16:54:06 -04:00
|
|
|
if (@$_SESSION['not_unique'] !== $paste_id) {
|
2021-07-12 09:03:02 -04:00
|
|
|
$_SESSION['not_unique'] = $paste_id;
|
2021-07-20 12:15:41 -04:00
|
|
|
$conn->query("UPDATE pastes SET views = (views + 1) where id = ?", [$paste_id]);
|
2021-07-12 09:03:02 -04:00
|
|
|
}
|
|
|
|
|
|
2021-07-10 19:18:17 +01:00
|
|
|
// Theme
|
|
|
|
|
require_once('theme/' . $default_theme . '/view.php');
|
|
|
|
|
if ($p_expiry == "SELF") {
|
2021-07-20 12:15:41 -04:00
|
|
|
$conn->query('DELETE FROM pastes WHERE id = ?', [$paste_id]);
|
2021-07-10 19:18:17 +01:00
|
|
|
}
|
|
|
|
|
} else {
|
2021-07-17 12:36:21 -04:00
|
|
|
$p_download = "paste.php?download&id=$paste_id&password=" . pp_password_hash(isset($_POST['mypass']));
|
|
|
|
|
$p_raw = "paste.php?raw&id=$paste_id&password=" . pp_password_hash(isset($_POST['mypass']));
|
2021-07-10 19:18:17 +01:00
|
|
|
// Check password
|
|
|
|
|
if (isset($_POST['mypass'])) {
|
2021-07-17 12:33:08 -04:00
|
|
|
if (pp_password_verify($_POST['mypass'], $p_password)) {
|
2021-07-10 19:18:17 +01:00
|
|
|
// Theme
|
|
|
|
|
require_once('theme/' . $default_theme . '/view.php');
|
|
|
|
|
if ($p_expiry == "SELF") {
|
2021-07-19 18:38:13 -04:00
|
|
|
$conn->prepare('DELETE FROM pastes WHERE id = ?')
|
|
|
|
|
->execute([$paste_id]);
|
2021-07-10 19:18:17 +01:00
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$error = $lang['wrongpwd']; //"Password is wrong";
|
|
|
|
|
require_once('theme/' . $default_theme . '/errors.php');
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
// Display errors
|
|
|
|
|
require_once('theme/' . $default_theme . '/errors.php');
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Not_Valid_Paste:
|
|
|
|
|
// Private paste not valid
|
2021-08-19 14:54:05 -04:00
|
|
|
if ($is_private || $notfound) {
|
2021-07-10 19:18:17 +01:00
|
|
|
// Display errors
|
|
|
|
|
require_once('theme/' . $default_theme . '/header.php');
|
|
|
|
|
require_once('theme/' . $default_theme . '/errors.php');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Footer
|
|
|
|
|
require_once('theme/' . $default_theme . '/footer.php');
|
2021-07-14 14:20:43 -04:00
|
|
|
|
