code

.gitignore

@@ -1,3 +1,10 @@
 tmp/temp.tdata
 sitemap.xml
-
+node_modules/
+npm-debug.log
+yarn-error.log
+.yarn/*
+!.yarn/releases
+!.yarn/plugins
+!.yarn/sdks
+!.yarn/versions

api/ajax_pastes.php

@@ -2,7 +2,6 @@
 header('Content-Type: application/json; charset=UTF-8');
 
 define('IN_PONEPASTE', 1);
-//require_once('../includes/config.php');
 require_once('../includes/common.php');
 require_once('../includes/NonRetardedSSP.class.php');
 

assets/bundle.js

@@ -0,0 +1,126 @@
+function htmlToElement(html) {
+    const template = document.createElement('template');
+
+    template.innerHTML = html.trim();
+
+    return template.content.firstChild;
+}
+
+function escapeHtml(unsafe) {
+    return unsafe
+        .replace(/&/g, "&")
+        .replace(/</g, "&lt;")
+        .replace(/>/g, "&gt;")
+        .replace(/"/g, "&quot;")
+        .replace(/'/g, "&#039;");
+}
+
+class TagsInput {
+    constructor(element, options = {}) {
+        this.element = element;
+        this.tags = [];
+        this.options = options;
+
+        this.maxTags = options.maxTags || 10;
+        this.inputNode = null;
+        this.containerNode = null;
+    }
+
+    attach() {
+        this.element.style.display = 'none';
+
+        this.containerNode = htmlToElement('<div class="tags-input"></div>');
+        this.inputNode = htmlToElement('<input class="input" type="text" placeholder="10 tags maximum" value="" />');
+        this.containerNode.appendChild(this.inputNode);
+
+        this.element.parentNode.insertBefore(this.containerNode, this.element.nextSibling);
+
+        /* Handle addition and removal of tags via key-presses */
+        this.containerNode.addEventListener('keydown', this._handleInputKeyUp.bind(this));
+
+        /* Handle deletions by clicking the delete button */
+        this.containerNode.addEventListener('click', this._handleContainerClick.bind(this));
+    }
+
+    detach() {
+        this.tags.clear();
+        this.containerNode.remove();
+        this.element.style.display = 'inline-block';
+    }
+
+    updateHiddenInputValue() {
+        this.element.value = this.tags.join(',');
+    }
+
+    deleteTagNode(node) {
+        this.tags.splice(this.tags.indexOf(node.dataset.value.toLowerCase()), 1);
+        node.remove();
+
+        /* Below the limit? Make sure the input is enabled. */
+        if (this.tags.length < this.maxTags) {
+            this.inputNode.disabled = false;
+        }
+    }
+
+    addTag(tagValue) {
+        tagValue = tagValue.trim();
+
+        /* Tag value is probably not empty and we don't already have the same tag. */
+        if (tagValue !== '' && this.tags.indexOf(tagValue.toLowerCase()) === -1) {
+            this.tags.push(tagValue.toLowerCase());
+
+            this.inputNode.parentNode.insertBefore(
+                htmlToElement('<span class="tag is-info" data-value="' + escapeHtml(tagValue) + '">' + escapeHtml(tagValue) + '<span class="delete is-small" /></span>'),
+                this.inputNode
+            );
+
+            /* Too many tags, disable the input for now. */
+            if (this.tags.length >= this.maxTags) {
+                this.inputNode.disabled = true;
+            }
+        }
+    }
+
+    _handleInputKeyUp(evt) {
+        let tagValue = this.inputNode.value;
+
+        if (evt.key === 'Backspace' && tagValue === '') {
+            // Remove the child
+            if (this.inputNode.previousSibling) {
+                this.deleteTagNode(this.inputNode.previousSibling);
+
+                this.updateHiddenInputValue();
+            }
+        } else if (evt.key === ',') {
+            this.addTag(tagValue);
+
+            this.inputNode.value = '';
+            this.updateHiddenInputValue();
+
+            evt.preventDefault();
+        }
+    }
+
+    _handleContainerClick(evt) {
+        if (evt.target && evt.target.classList.contains('delete')) {
+            this.deleteTagNode(evt.target.closest('.tag'));
+            this.updateHiddenInputValue();
+        }
+    }
+}
+
+class Meme {
+    constructor() {
+        alert('xss');
+    }
+
+    meme() {
+        console.log('meme');
+    }
+}
+
+const meme = new Meme();
+
+meme.meme();
+
+new TagsInput(null);

assets/bundle.min.js

@@ -0,0 +1,2 @@
+function e(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function t(e,t){for(var n=0;n<t.length;n++){var i=t[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(e,i.key,i)}}function n(e,n,i){return n&&t(e.prototype,n),i&&t(e,i),e}function i(e){var t=document.createElement("template");return t.innerHTML=e.trim(),t.content.firstChild}function a(e){return e.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#039;")}var s=function(){function t(n){var i=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};e(this,t),this.element=n,this.tags=[],this.options=i,this.maxTags=i.maxTags||10,this.inputNode=null,this.containerNode=null}return n(t,[{key:"attach",value:function(){this.element.style.display="none",this.containerNode=i('<div class="tags-input"></div>'),this.inputNode=i('<input class="input" type="text" placeholder="10 tags maximum" value="" />'),this.containerNode.appendChild(this.inputNode),this.element.parentNode.insertBefore(this.containerNode,this.element.nextSibling),this.containerNode.addEventListener("keydown",this._handleInputKeyUp.bind(this)),this.containerNode.addEventListener("click",this._handleContainerClick.bind(this))}},{key:"detach",value:function(){this.tags.clear(),this.containerNode.remove(),this.element.style.display="inline-block"}},{key:"updateHiddenInputValue",value:function(){this.element.value=this.tags.join(",")}},{key:"deleteTagNode",value:function(e){this.tags.splice(this.tags.indexOf(e.dataset.value.toLowerCase()),1),e.remove(),this.tags.length<this.maxTags&&(this.inputNode.disabled=!1)}},{key:"addTag",value:function(e){""!==(e=e.trim())&&-1===this.tags.indexOf(e.toLowerCase())&&(this.tags.push(e.toLowerCase()),this.inputNode.parentNode.insertBefore(i('<span class="tag is-info" data-value="'+a(e)+'">'+a(e)+'<span class="delete is-small" /></span>'),this.inputNode),this.tags.length>=this.maxTags&&(this.inputNode.disabled=!0))}},{key:"_handleInputKeyUp",value:function(e){var t=this.inputNode.value;"Backspace"===e.key&&""===t?this.inputNode.previousSibling&&(this.deleteTagNode(this.inputNode.previousSibling),this.updateHiddenInputValue()):","===e.key&&(this.addTag(t),this.inputNode.value="",this.updateHiddenInputValue(),e.preventDefault())}},{key:"_handleContainerClick",value:function(e){e.target&&e.target.classList.contains("delete")&&(this.deleteTagNode(e.target.closest(".tag")),this.updateHiddenInputValue())}}]),t}();(new(function(){function t(){e(this,t),alert("xss")}return n(t,[{key:"meme",value:function(){console.log("meme")}}]),t}())).meme(),new s(null);
+//# sourceMappingURL=bundle.min.js.map

babel.config.json

@@ -0,0 +1,3 @@
+{
+  "presets": ["@babel/preset-env"]
+}

includes/common.php

@@ -117,12 +117,12 @@ $default_theme = $lang_and_theme['theme'];
 // Site permissions
 $site_permissions = $site_info['permissions'];
 
+$site_is_private = false;
+$site_disable_guests = false;
+
 if ($site_permissions) {
     $site_is_private = (bool) $site_permissions['private'];
     $site_disable_guests = (bool) $site_permissions['disable_guest'];
-} else {
-    $site_is_private = false;
-    $site_disable_guests = false;
 }
 
 // CAPTCHA configuration

includes/config.php

@@ -1,18 +1,6 @@
 <?php
-/*
+define("PP_DEBUG", (gethostname() === 'thunderlane'));
- * $ID Project: Paste 2.0 - J.Samuel
+if (PP_DEBUG) {
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 3
- * of the License, or (at your option) any later version.
- * 
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License in LIC.txt for more details.
- */
-if (gethostname() === 'thunderlane') {
     error_reporting(E_ALL);
     ini_set('display_errors', 1);
 }
@@ -32,7 +20,7 @@ $db_user = 'P0nedbAcc0unt';
 $db_pass = '1NWO6Tp17IFz9lbl';
 
 // I'm sorry, I didn't want to edit this file and check it in, but I may need to make other changes to it, so I did this
-if (gethostname() === 'thunderlane') {
+if (PP_DEBUG) {
     $db_host = 'localhost';
     $db_schema = 'ponepaste';
     $db_user = 'ponepaste';

js/main.js

@@ -0,0 +1,17 @@
+import  { TagsInput } from './tag_input';
+
+class Meme {
+    constructor() {
+        alert('xss');
+    }
+
+    meme() {
+        console.log('meme');
+    }
+}
+
+const meme = new Meme();
+
+meme.meme();
+
+new TagsInput(null);

js/tag_input.js

@@ -108,3 +108,5 @@ class TagsInput {
         }
     }
 }
+
+export { TagsInput };

package.json

@@ -0,0 +1,15 @@
+{
+  "devDependencies": {
+    "@babel/core": "^7.15.0",
+    "@babel/preset-env": "^7.15.0",
+    "@rollup/plugin-babel": "^5.3.0",
+    "rollup": "^2.56.3",
+    "rollup-plugin-terser": "^7.0.2"
+  },
+  "name": "punishedponepaste",
+  "version": "1.0.0",
+  "main": "index.js",
+  "repository": "git@github.com:aftercase/punishedponepaste.git",
+  "author": "AppleDash <pet@feather.horse>",
+  "license": "MIT"
+}

rollup.config.js

@@ -0,0 +1,18 @@
+import { getBabelOutputPlugin } from '@rollup/plugin-babel';
+import { terser } from 'rollup-plugin-terser';
+
+export default {
+    input: 'js/main.js',
+    output: [
+        {
+            file: 'assets/bundle.js',
+            format: 'esm'
+        },
+        {
+            file: 'assets/bundle.min.js',
+            format: 'esm',
+            plugins: [getBabelOutputPlugin({ presets: ['@babel/preset-env'] }), terser()],
+            sourcemap: true
+        }
+    ]
+};

theme/bulma/common.php

@@ -5,19 +5,14 @@ if (!in_array($page_template . '.php', $template_candidates)) {
     die('Failed to find template');
 }
 
-//$page_content = ob_get_clean();
+$start = microtime(true);
-$date = time();
-$statrttime = microtime();
-$time = explode(' ', $statrttime);
-$time = $time[1] + $time[0];
-$start = $time;
 ?>
 
 <!DOCTYPE html>
 <html lang="<?php echo basename($default_lang, ".php"); ?>">
 <head>
-    <meta charset="UTF-8"/>
+    <meta charset="UTF-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
 
     <title>
         <?php
@@ -43,6 +38,7 @@ $start = $time;
     <script src="//<?= $baseurl ?>/theme/bulma/js/datatables.min.js"></script>
     <script src="//<?= $baseurl ?>/theme/bulma/js/table-responsive.js"></script>
     <script src="//<?= $baseurl ?>/theme/bulma/js/table-reorder.js"></script>
+    <script src="//<?= $baseurl ?>/assets/<?= PP_DEBUG ? 'bundle.js' : 'bundle.min.js' ?>"></script>
 </head>
 
 <body>
@@ -209,8 +205,7 @@ $start = $time;
 								</span>
                         </div>
                     </div>
-                    <input class="button is-link is-fullwidth my-4" type="submit" name="signin" value="Login"
+                    <input class="button is-link is-fullwidth my-4" type="submit" name="signin" value="Login"/>
-                           value="<?php echo md5($date . $ip); ?>">
                     <div class="checkbox checkbox-primary">
                         <input id="rememberme" name="remember_me" type="checkbox" checked="">
                         <label for="rememberme">
@@ -321,24 +316,10 @@ $start = $time;
                 <div class="columns">
                     <div class="column">
                         <ul>
-                            <li> <?php
+                            <li>Page load: <?= round((microtime(true) - $start), 4) ?>s</li>
-                                $endtime = microtime();
+                            <li>Page Hits Today: <?= $total_page_views ?></li>
-                                $time = explode(' ', $endtime);
+                            <li>Unique Visitors Today: <?= $total_unique_views ?></li>
-                                $time = $time[1] + $time[0];
+                            <li>Total Pastes: <?= $total_pastes ?></li>
-                                $finish = $time;
-                                $total_time = round(($finish - $start), 4);
-                                echo 'Page load: ' . $total_time . 's';
-                                ?>
-                            </li>
-                            <li>
-                                <?php echo 'Page Hits Today: ' . $total_page_views . ''; ?>
-                            </li>
-                            <li>
-                                <?php echo 'Unique Visitors Today: ' . $total_unique_views . ''; ?>
-                            </li>
-                            <li>
-                                <?php echo 'Total Pastes: ' . $total_pastes . ''; ?>
-                            </li>
                         </ul>
                     </div>
                 </div>