PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-12 06:30:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Various fixes

Browse source
This commit is contained in:
Floorb 2021-07-16 09:53:34 -04:00
parent 478692176e
commit 8b4ef628e2
5 changed files with 60 additions and 62 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
config.php
View file

@ -61,7 +61,8 @@ $db_opts = [
];
// Secret key for paste encryption
$sec_key = "8ac67343e7980b16b31e8311d4377bbb";
//$sec_key = "8ac67343e7980b16b31e8311d4377bbb";
$sec_key = '';
define('SECRET', md5($sec_key));
// Set to 1 to enable Apache's mod_rewrite

15
includes/common.php
View file

@ -58,6 +58,17 @@ function getCurrentUser(PDO $conn) : array | null {
return $query->fetch();
}
/**
* Specialization of `htmlentities()` that avoids double escaping and uses UTF-8.
*
* @param string $unescaped String to escape
* @return string HTML-escaped string
*/
function pp_html_escape(string $unescaped) : string {
return htmlentities($unescaped, ENT_QUOTES, 'UTF-8', false);
}
function updatePageViews(PDO $conn) : void {
$ip = $_SERVER['REMOTE_ADDR'];
$date = date('jS F Y');
@ -163,4 +174,6 @@ if (isset($_GET['logout'])) {
$site_ads = getSiteAds($conn);
$total_pastes = getSiteTotalPastes($conn);
$total_page_views = getSiteTotalviews($conn);
$total_unique_views = getSiteTotal_unique_views($conn);
$total_unique_views = getSiteTotal_unique_views($conn);
$current_user = getCurrentUser($conn);

33
includes/functions.php
View file

@ -26,26 +26,19 @@ function timer() {
}
}
function getUserFavs(PDO $conn, string $username) : array {
function getUserFavs(PDO $conn, string $user_id) : array {
$query = $conn->prepare(
"SELECT pins.f_time, pins.m_fav, pins.f_paste, pastes.id, pastes.title, pastes.created_at, pastes.tagsys
FROM pins, pastes
WHERE pins.f_paste = pastes.id AND pins.m_fav = ?");
$query->execute([$username]);
"SELECT pins.f_time, pastes.id, pastes.title, pastes.created_at, pastes.tagsys
FROM pins
INNER JOIN pastes ON pastes.id = pins.paste_id
WHERE pins.user_id = ?");
$query->execute([$user_id]);
return $query->fetchAll();
}
function CountPasteFavs($conn, $fav_id) {
$query = intval($conn->prepare("SELECT COUNT(f_paste) FROM pins WHERE f_paste=?")->fetch(PDO::FETCH_NUM)[0]);
$query->execute([$fav_id]);
return $query->fetchAll();
}
//Can't seem to get working.
function checkFavorite(PDO $conn, int $paste_id, string $username) : string {
$query = $conn->prepare("SELECT 1 FROM pins WHERE m_fav = ? AND f_paste = ?");
$query->execute([$username, $paste_id]);
function checkFavorite(PDO $conn, int $paste_id, int $user_id) : string {
$query = $conn->prepare("SELECT 1 FROM pins WHERE user_id = ? AND paste_id = ?");
$query->execute([$user_id, $paste_id]);
if ($query->fetch()) {
return "<a href='#' id='favorite' class='iconn tool-iconn' data-fid='" . $paste_id . "'><i class='far fa-star fa-lg has-text-grey' title='Favourite'></i></a>";
@ -140,15 +133,15 @@ function getRecentreport($conn, $count) {
}
function getUserRecom($conn, $p_member) {
function getUserRecom(PDO $conn, int $user_id) : array {
$query = $conn->prepare(
"SELECT pastes.id AS id, users.username AS member, title, visible
FROM pastes
INNER JOIN users ON users.username = ?
WHERE visible = '0'
INNER JOIN users ON pastes.user_id = users.id
WHERE pastes.visible = '0' AND users.id = ?
ORDER BY id DESC
LIMIT 0, 5");
$query->execute([$p_member]);
$query->execute([$user_id]);
return $query->fetchAll();
}

52
paste.php
View file

@ -6,7 +6,7 @@
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
@ -31,13 +31,13 @@ $paste_id = intval(trim($_REQUEST['id']));
updatePageViews($conn);
// Get paste favorite count
$query = $conn->prepare('SELECT COUNT(*) FROM pins WHERE f_paste = ?');
$query = $conn->prepare('SELECT COUNT(*) FROM pins WHERE paste_id = ?');
$query->execute([$paste_id]);
$fav_count = intval($query->fetch(PDO::FETCH_NUM)[0]);
// Get paste info
$query = $conn->prepare(
'SELECT title, content, visible, code, expiry, pastes.password AS password, created_at, updated_at, encrypt, views, tagsys, users.username AS member
'SELECT title, content, visible, code, expiry, pastes.password AS password, created_at, updated_at, encrypt, views, tagsys, users.username AS member, users.id AS user_id
FROM pastes
INNER JOIN users ON users.id = pastes.user_id
WHERE pastes.id = ?');
@ -47,8 +47,6 @@ $row = $query->fetch();
// This is used in the theme files.
$totalpastes = getSiteTotalPastes($conn);
$current_user = getCurrentUser($conn);
if (!$row) {
header('HTTP/1.1 404 Not Found');
$notfound = $lang['notfound']; // "Not found";
@ -60,6 +58,7 @@ if (!$row) {
'title' => $paste_title,
'created_at' => (new DateTime($row['created_at']))->format('jS F Y h:i:s A'),
'updated_at' => (new DateTime($row['updated_at']))->format('jS F Y h:i:s A'),
'user_id' => $row['user_id'],
'member' => $row['member'],
'tags' => $row['tagsys'],
'views' => $row['views'],
@ -69,22 +68,16 @@ if (!$row) {
$p_visible = $row['visible'];
$p_expiry = Trim($row['expiry']);
$p_password = $row['password'];
$p_member = $row['member'];
$p_encrypt = $row['encrypt'];
$p_private_error = '0';
if ($p_visible == "2") {
if ($current_user) {
if ($p_member !== $current_user['id']) {
$notfound = $lang['privatepaste']; //" This is a private paste.";
$p_private_error = '1';
goto Not_Valid_Paste;
}
} else {
$notfound = $lang['privatepaste']; //" This is a private paste. If you created this paste, please login to view it.";
$p_private_error = '1';
goto Not_Valid_Paste;
}
$is_private = $row['visible'] === '2';
$private_error = false;
if ($is_private && (!$current_user || $current_user['id'] !== $row['user_id'])) {
$notfound = $lang['privatepaste']; //" This is a private paste. If you created this paste, please login to view it.";
$private_error = true;
goto Not_Valid_Paste;
}
if (!empty($p_expiry) && $p_expiry !== 'SELF') {
@ -144,19 +137,18 @@ if (!$row) {
// Preprocess
$highlight = array();
$prefix_size = strlen('!highlight!');
if ($prefix_size) {
$lines = explode("\n", $p_content);
$p_content = "";
foreach ($lines as $idx => $line) {
if (substr($line, 0, $prefix_size) == '!highlight!') {
$highlight[] = $idx + 1;
$line = substr($line, $prefix_size);
}
$p_content .= $line . "\n";
$lines = explode("\n", $p_content);
$p_content = "";
foreach ($lines as $idx => $line) {
if (substr($line, 0, $prefix_size) == '!highlight!') {
$highlight[] = $idx + 1;
$line = substr($line, $prefix_size);
}
$p_content = rtrim($p_content);
$p_content .= $line . "\n";
}
$p_content = rtrim($p_content);
// Apply syntax highlight
$p_content = htmlspecialchars_decode($p_content);
if ($paste_code === "pastedown") {
@ -261,7 +253,7 @@ if ($p_password == "NONE") {
Not_Valid_Paste:
// Private paste not valid
if ($p_private_error == '1') {
if ($is_private == '1') {
// Display errors
require_once('theme/' . $default_theme . '/header.php');
require_once('theme/' . $default_theme . '/errors.php');

19
theme/bulma/view.php
View file

@ -178,9 +178,8 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
<div class="column is-4 has-text-right">
<div class="">
<div class="panel-tools">
<?php if (isset($_SESSION['token'])) {
$f_username = $_SESSION['username'];
$fav_paste = checkFavorite($conn, $paste_id, $f_username);
<?php if ($current_user) {
$fav_paste = checkFavorite($conn, $paste_id, $current_user['id']);
}
?>
<a class="icon tool-icon" class="flip" onclick="openreport()"><i
@ -248,26 +247,26 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
} ?>
</div>
<!-- Guests -->
<?php if (!isset($_SESSION['username']) || strcasecmp($_SESSION['username'], $p_member)) { ?>
<?php if (!$current_user || $current_user['id'] !== $paste['user_id']) { ?>
<hr>
<label class="label">More from this Author </label>
<?php
$rec = getUserRecom($conn, $p_member);
$rec = getUserRecom($conn, $paste['user_id']);
foreach ($rec as $index => $row) {
$title = Trim($row['title']);
$p_id = Trim($row['id']);
$p_member = Trim($row['member']);
$titlehov = ($row['title']);
$title = truncate($title, 24, 60);
$long_title = pp_html_escape($row['title']);
$title = pp_html_escape(truncate($row['title'], 24, 60));
?>
<p class="no-margin">
<?php
if ($mod_rewrite == '1') {
echo '<header class="bd-category-header my-1">
<a href="' . $p_id . '" title="' . $title . '">' . $title . ' </a>
<a href="' . $p_id . '" title="' . $long_title . '">' . $title . ' </a>
<p class="subtitle is-7">' . 'by ' . '
<i>' . $p_member . '</i>' . '
<i>' . $row['member'] . '</i>' . '
</p>' .
'</header>';
} else {
@ -462,7 +461,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
<?php echo $lang['encrypt']; ?>
</label>
<?php
if (strcasecmp($_SESSION['username'], $p_member) == 0) {
if ($current_user && ($current_user['id'] === $paste['user_id'])) {
?>
<input class="button is-info" type="submit" name="edit" id="edit"
value="<?php echo $lang['editpaste']; ?>"/>