From 244fb66f631fdfe2174cff7c1ea60b69653a48de Mon Sep 17 00:00:00 2001
From: Floorb <132411956+Neetpone@users.noreply.github.com>
Date: Mon, 22 May 2023 14:02:56 -0400
Subject: [PATCH] fix: rules/privacy pages, donate links

---
 public/paste.php                     |   9 +-
 public/privacy.php                   |  10 ++
 public/theme/bulma/css/bulma.min.css |  38 --------
 theme/bulma/common.php               |  19 +++-
 theme/bulma/privacy.php              | 131 +++++++++++++++++++++++++++
 5 files changed, 162 insertions(+), 45 deletions(-)
 create mode 100644 public/privacy.php

diff --git a/public/paste.php b/public/paste.php
index fc7ac8f..4f1c230 100644
--- a/public/paste.php
+++ b/public/paste.php
@@ -89,14 +89,15 @@ if (!can('view', $paste)) {
 }
 
 /* Paste deletion */
-if (false && isset($_POST['delete'])) {
+if (isset($_POST['delete'])) {
     if (!can('delete', $paste)) {
         $error = 'You cannot delete someone else\'s paste!';
         goto Not_Valid_Paste;
     }
-
-    $paste->delete();
-    flashSuccess('Paste deleted.');
+//
+//    $paste->delete();
+//    flashSuccess('Paste deleted.');
+    flashError('Paste deletion is currently disabled.');
     header('Location: ' . urlForMember($current_user));
     die();
 }
diff --git a/public/privacy.php b/public/privacy.php
new file mode 100644
index 0000000..7f670b9
--- /dev/null
+++ b/public/privacy.php
@@ -0,0 +1,10 @@
+<?php
+/** @noinspection PhpDefineCanBeReplacedWithConstInspection */
+define('IN_PONEPASTE', 1);
+require_once(__DIR__ . '/../includes/common.php');
+
+
+$page_title = 'Privacy Policy';
+$page_template = 'privacy';
+require_once(__DIR__ . '/../theme/' . $default_theme . '/common.php');
+
diff --git a/public/theme/bulma/css/bulma.min.css b/public/theme/bulma/css/bulma.min.css
index 2e63877..6adad65 100644
--- a/public/theme/bulma/css/bulma.min.css
+++ b/public/theme/bulma/css/bulma.min.css
@@ -313,44 +313,6 @@ fieldset[disabled] .select select,
 fieldset[disabled] .textarea {
     cursor: not-allowed;
 } /*! minireset.css v0.0.6 | MIT License | github.com/jgthms/minireset.css */
-blockquote,
-body,
-dd,
-dl,
-dt,
-fieldset,
-figure,
-h1,
-h2,
-h3,
-h4,
-h5,
-h6,
-hr,
-html,
-iframe,
-legend,
-li,
-ol,
-p,
-pre,
-textarea,
-ul {
-    margin: 0;
-    padding: 0;
-}
-h1,
-h2,
-h3,
-h4,
-h5,
-h6 {
-    font-size: 100%;
-    font-weight: 400;
-}
-ul {
-    list-style: none;
-}
 button,
 input,
 select,
diff --git a/theme/bulma/common.php b/theme/bulma/common.php
index b4b6462..b7ec822 100644
--- a/theme/bulma/common.php
+++ b/theme/bulma/common.php
@@ -34,6 +34,19 @@ $flashes = getFlashes();
     <link href="/theme/bulma/css/paste.css" rel="stylesheet"/>
     <link href="/theme/bulma/css/table-responsive.css" rel="stylesheet"/>
     <link href="/theme/bulma/css/table-row-orders.css" rel="stylesheet"/>
+    <style>
+        footer h5 {
+            margin: 0;
+            padding: 0;
+        }
+
+        footer .column {
+            margin-top: 0;
+            margin-bottom: 0;
+            padding-top: 0;
+            padding-bottom: 0;
+        }
+    </style>
 </head>
 
 <body>
@@ -258,8 +271,8 @@ $flashes = getFlashes();
                 <div class="columns is-mobile is-centered">
                     <h5 class="title is-5">Support PonePaste</h5>
                 </div>
-                <a href='https://liberapay.com/Ponepaste/donate' target='_blank'><img src='../img/lib.png' alt="LiberaPay logo" /></a>
-                <a href='https://ko-fi.com/V7V02K3I2' target='_blank'><img src='../img/kofi.png' alt="Ko-Fi logo" /></a>
+                <div><a href="https://ko-fi.com/floorbored">Ko-Fi</a></div>
+                <div>Ethereum: <code>0xcB737C41Ed63cF5f3Daf522c2Fbc2C6E293dB825</code></div>
             </div>
             <div class="column">
                 <hr>
@@ -278,7 +291,7 @@ $flashes = getFlashes();
                         <ul>
                             <li><a href="/page/tags" target="_blank">Tag Guide</a></li>
                             <li><a href="/page/transparency " target="_blank">Transparency</a></li>
-                            <li><a href="https://liberapay.com/Ponepaste" target="_blank">Donate </a></li>
+                            <li><a href="https://ko-fi.com/floorbored" target="_blank">Donate</a></li>
                         </ul>
                     </div>
                 </div>
diff --git a/theme/bulma/privacy.php b/theme/bulma/privacy.php
index e69de29..734802c 100644
--- a/theme/bulma/privacy.php
+++ b/theme/bulma/privacy.php
@@ -0,0 +1,131 @@
+<main class="bd-main">
+    <div class="bd-main-container container">
+        <div class="bd-lead">
+            <div class="rule">
+                <h2>The short version</h2>
+                <p>
+                    We collect only the <em>bare minimum</em> amount of information that is necessary to protect
+                    the service against abuse. We <em>do not sell</em> your information to third parties, and we
+                    only use it as this document describes. We aim to be compliant with the <a
+                        href="https://gdpr-info.eu/" rel="external noopener" target="_blank">EU <abbr
+                            title="General Data Protection Regulation">GDPR</abbr></a>.
+                </p>
+            </div>
+            <div class="rule">
+                <h2>What information we collect and why</h2>
+                <h3>Information from server logs</h3>
+                <p>We collect the following information (in web server logs) from every visitor:</p>
+                <ul>
+                    <li>The visitor's Internet Protocol (IP) address</li>
+                    <li>The date and time of the request</li>
+                    <li>The page that was requested</li>
+                    <li>The user agent string of the visitor's browser</li>
+                </ul>
+                <p>These items are collected to ensure the security of the service, and are deleted after 14
+                    days to balance our "legitimate interest" (as mentioned in the GDPR) of security with user
+                    privacy.</p>
+                <h3>Information in cookies</h3>
+                <p>Our cookies for any users of the service may contain:</p>
+                <ul>
+                    <li>A unique PHP session token</li>
+                    <li>One or more "flash" messages (temporary notifications of an action's success or failure,
+                        to be displayed at the top of the next page load and then deleted)
+                    </li>
+                </ul>
+                <p>Additionally, cookies of users that are logged into the service may contain:</p>
+                <ul>
+                    <li>A random authentication secret ("remember me" token) unique to the user to persist their login</li>
+                </ul>
+                <p>These data are required for authentication, user security, or customization, which are all
+                    "legitimate interests" as above, and thus we cannot ask for consent to use these
+                    cookies.</p>
+                <h3>Information in user-submitted content</h3>
+                <p>
+                    User-submitted content is considered to collectively refer to any content that you may
+                    submit to the site, which includes, but is not limited to: comments, images, messsages,
+                    posts, reports, source changes, tag changes, and votes.
+                </p>
+                <p>User-submitted content by users (authenticated or not) may contain any or all the following
+                    information:</p>
+                <ul>
+                    <li>The IP address at the time of submission</li>
+                    <li>The browser user agent string</li>
+                    <li>The page that initiated the submission</li>
+                </ul>
+                <p>These items are only used for the "legitimate interests" of identifying and controlling abuse
+                    of the service and are not shared with any external party.</p>
+            </div>
+            <div class="rule">
+                <h2>Information from users with accounts</h2>
+                <p>If you <strong>create an account</strong> we require some basic information at the time of
+                    account creation. You will be asked to provide:</p>
+                <ul>
+                    <li>a username, shown on your profile and generally only visible to you and site staff</li>
+                    <li>a password, stored only as a cryptographic hash</li>
+                </ul>
+                <p>We also store your IP address whenever you log in for security reasons.</p>
+            </div>
+            <div class="rule">
+                <h2>Information that we do not collect</h2>
+                <p>
+                    <em>We do not intentionally collect personal information</em>, but users may include it in
+                    user-submitted content. We will remove personal information if we deem it too sensitive.
+                    Inform us if you believe shared information is too sensitive.
+                </p>
+                <p>This is especially important because information shared in public user-submitted content may
+                    be indexed by search engines or used by third parties without your consent.</p>
+            </div>
+            <div class="rule">
+                <h2>Information that may potentially be shared with third parties</h2>
+                <p>
+                    We do not in any way share individual account information with third parties unless legally
+                    compelled to do so.
+                </p>
+                <p>Most of the site is public-facing, and third parties may access and use it.</p>
+            </div>
+            <div class="rule">
+                <h2>How we secure your information</h2>
+                <p>We take <em>all measures reasonably necessary</em> to protect account information from
+                    unauthorized access, alteration, or destruction.</p>
+                <p>
+                    While in transit, your data are <em>always</em> protected by the latest version of <a
+                        href="https://en.wikipedia.org/wiki/Transport_Layer_Security" rel="external noopener"
+                        target="_blank">Transport Layer Security (TLS)</a> our software supports.
+                    To protect user data on our servers, we strictly limit access, and require the use of
+                    elliptic <a href="https://en.wikipedia.org/wiki/Curve25519" rel="external noopener"
+                                target="_blank">Ed25519</a> or 4096-bit <a
+                        href="https://en.wikipedia.org/wiki/RSA_(cryptosystem)" rel="external noopener"
+                        target="_blank">RSA</a> keys for server login.
+                </p>
+                <p>
+                    HTTPS is required for <em>all connections</em> to our service. Our cookies use a "<a
+                        href="https://en.wikipedia.org/wiki/Secure_cookie" rel="external noopener"
+                        target="_blank">secure</a>" setting and may only be transmitted privately to us. We use
+                    a restrictive <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP"
+                                     rel="external noopener" target="_blank">Content Security Policy (CSP)</a>
+                    to protect against page hijacking and information leakage to third parties, an image proxy
+                    server to avoid leaking user IP address information from embedded images on the site, a <a
+                        href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS" rel="external noopener"
+                        target="_blank">Cross-Origin Resource Sharing (CORS)</a> policy to restrict third-party
+                    usage, a strict <a
+                        href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy"
+                        rel="external noopener" target="_blank">Referrer-Policy</a> to prevent leaking data for
+                    external links, and a frame policy to prevent clickjacking.
+                </p>
+                <p>Passwords are hashed using <a href="https://en.wikipedia.org/wiki/Bcrypt"
+                                                 rel="external noopener" target="_blank">bcrypt</a> at
+                    2<sup>10</sup> iterations with a 128-bit per-user salt.</p>
+                <p>No method of transmission, or method of electronic storage, is 100% secure. Therefore, we
+                    cannot guarantee its absolute security; we only make our best effort.</p>
+            </div>
+            <div class="rule">
+                <h2>Resolving complaints</h2>
+                <p>
+                    If you have concerns about the way we are handling your personal information, please let us
+                    know immediately. You may contact us via email directly at <a
+                        href="mailto:admin@ponepaste.org">admin@ponepaste.org</a>.
+                </p>
+            </div>
+        </div>
+    </div>
+</main>
\ No newline at end of file