diff --git a/includes/Models/Paste.php b/includes/Models/Paste.php index 246c1cf..a21c5ed 100644 --- a/includes/Models/Paste.php +++ b/includes/Models/Paste.php @@ -12,6 +12,10 @@ class Paste extends Model { protected $table = 'pastes'; protected $guarded = []; + protected $casts = [ + 'visible' => 'integer', + 'encrypt' => 'boolean' + ]; public function user() { return $this->belongsTo(User::class); diff --git a/index.php b/index.php index a1ae1ea..4b949f2 100644 --- a/index.php +++ b/index.php @@ -81,6 +81,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { $error = validatePasteFields(); + if ($error !== null) { goto OutPut; } @@ -92,6 +93,16 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { goto OutPut; } + $tags = Tag::parseTagInput($tag_input); + + if (count($tags) < 1) { + $error = 'You must specify at least 1 tag.'; + goto OutPut; + } elseif (count($tags) > 32) { + $error = 'You must specify at most 32 tags.'; + goto OutPut; + } + $editing = isset($_POST['edit']); $paste_title = trim($_POST['title']); @@ -126,20 +137,18 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { // Edit existing paste or create new? if ($editing) { $paste = Paste::find($_POST['paste_id']); - if ($current_user && - $current_user->id === $paste->user_id) { - $paste_id = $paste->id; + if (can('edit', $paste)) { $paste->update([ - 'title' => $paste_title, - 'content' => $paste_content, - 'visible' => $paste_visibility, - 'code' => $paste_code, - 'expiry' => $expires, - 'password' => $paste_password, - 'ip' => $ip + 'title' => $paste_title, + 'content' => $paste_content, + 'visible' => $paste_visibility, + 'code' => $paste_code, + 'expiry' => $expires, + 'password' => $paste_password, + 'ip' => $ip ]); - $paste->replaceTags(Tag::parseTagInput($tag_input)); + $paste->replaceTags($tags); $redis->del('ajax_pastes'); /* Expire from Redis so the edited paste shows up */ } else { $error = 'You must be logged in to do that.'; @@ -161,13 +170,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { $paste->user()->associate($paste_owner); $paste->save(); - $paste->replaceTags(Tag::parseTagInput($tag_input)); + $paste->replaceTags($tags); - $paste_id = $new_paste->id; - - if ($p_visible == '0') { + if ($paste_visibility == Paste::VISIBILITY_PUBLIC) { addToSitemap($paste, $priority, $changefreq); } + $redis->del('ajax_pastes'); /* Expire from Redis so the new paste shows up */ } diff --git a/login.php b/login.php index 7273d92..a061515 100644 --- a/login.php +++ b/login.php @@ -104,7 +104,7 @@ if (isset($_POST['forgot'])) { if (empty($_POST['password']) || empty($_POST['username'])) { $error = 'All fields must be filled out.'; } elseif (strlen($username) > 25) { - $error = 'Username too long.'; // "Username already taken."; + $error = 'Username too long.'; } elseif (!preg_match('/^[A-Za-z0-9._\\-]+$/', $username)) { $error = 'Username is invalid - please use A-Za-z0-9, periods, hyphens, and underscores only.'; } else { diff --git a/paste.php b/paste.php index abb903b..e8b5f40 100644 --- a/paste.php +++ b/paste.php @@ -35,14 +35,12 @@ function getUserRecommended(User $user) { return $query->fetchAll();*/ } -$paste_id = intval(trim($_REQUEST['id'])); - updatePageViews(); // This is used in the theme files. $totalpastes = Paste::count(); -$paste = Paste::with('user')->find($paste_id); +$paste = Paste::with('user')->find((int) trim($_REQUEST['id'])); $is_private = false; $error = null; @@ -73,12 +71,10 @@ $using_highlighter = $paste_code !== 'pastedown'; $fav_count = $paste->favouriters()->count(); $p_content = $paste->content; -$p_visible = $paste->visible; $p_password = $paste->password; -$p_encrypt = (bool) $paste->encrypt; $paste_is_favourited = $current_user !== null && $current_user->favourites->where('id', $paste->id)->count() === 1; -$is_private = $p_visible === '2'; +$is_private = $paste->visible === Paste::VISIBILITY_PRIVATE; if (!can('view', $paste)) { $error = 'This is a private paste. If you created this paste, please log in to view it.'; @@ -118,13 +114,13 @@ if ($password_required && !in_array($paste->id, $password_ok_pastes)) { } if (PP_MOD_REWRITE) { - $p_download = "download/$paste_id"; - $p_raw = "raw/$paste_id"; - $p_embed = "embed/$paste_id"; + $p_download = "download/$paste->id"; + $p_raw = "raw/$paste->id"; + $p_embed = "embed/$paste->id"; } else { - $p_download = "paste.php?download&id=$paste_id"; - $p_raw = "paste.php?raw&id=$paste_id"; - $p_embed = "paste.php?embed&id=$paste_id"; + $p_download = "paste.php?download&id=$paste->id"; + $p_raw = "paste.php?raw&id=$paste->id"; + $p_embed = "paste.php?embed&id=$paste->id"; } /* Expiry */ @@ -150,7 +146,7 @@ if (isset($_POST['fave']) && $current_user) { $paste_is_favourited = !$paste_is_favourited; } -if ($p_encrypt == 1) { +if ($paste->encrypt) { $p_content = openssl_decrypt($p_content, PP_ENCRYPTION_ALGO, PP_ENCRYPTION_KEY); } @@ -202,13 +198,13 @@ if ($paste_code === "pastedown") { // Embed view after highlighting is applied so that $p_code is syntax highlighted as it should be. if (isset($_GET['embed'])) { - embedView($paste_id, $paste_title, $p_content, $title); + embedView($paste->id, $paste->title, $p_content, $title); exit(); } // View counter -if (!isRequesterLikelyBot() && @$_SESSION['not_unique'] !== $paste_id) { - $_SESSION['not_unique'] = $paste_id; +if (!isRequesterLikelyBot() && @$_SESSION['not_unique'] !== $paste->id) { + $_SESSION['not_unique'] = $paste->id; $paste->views += 1; $paste->save(); } diff --git a/profile.php b/profile.php index ea46209..578eb75 100644 --- a/profile.php +++ b/profile.php @@ -6,7 +6,7 @@ require_once('includes/passwords.php'); use PonePaste\Models\Paste; if ($current_user === null) { - header("Location: ./login.php"); + header("Location: /login"); die(); } diff --git a/theme/bulma/common.php b/theme/bulma/common.php index 409e4f0..1eed5c1 100644 --- a/theme/bulma/common.php +++ b/theme/bulma/common.php @@ -176,7 +176,7 @@ $flashes = getFlashes();