From 8b4ef628e206b168b33cf772707183e68939b69e Mon Sep 17 00:00:00 2001
From: Floorb <132411956+Neetpone@users.noreply.github.com>
Date: Fri, 16 Jul 2021 09:53:34 -0400
Subject: [PATCH] Various fixes

---
 config.php             |  3 ++-
 includes/common.php    | 15 +++++++++++-
 includes/functions.php | 33 +++++++++++----------------
 paste.php              | 52 ++++++++++++++++++------------------------
 theme/bulma/view.php   | 19 ++++++++-------
 5 files changed, 60 insertions(+), 62 deletions(-)

diff --git a/config.php b/config.php
index 11cbde5..fd04da9 100644
--- a/config.php
+++ b/config.php
@@ -61,7 +61,8 @@ $db_opts = [
 ];
 
 // Secret key for paste encryption
-$sec_key = "8ac67343e7980b16b31e8311d4377bbb";
+//$sec_key = "8ac67343e7980b16b31e8311d4377bbb";
+$sec_key = '';
 define('SECRET', md5($sec_key));
 
 // Set to 1 to enable Apache's mod_rewrite
diff --git a/includes/common.php b/includes/common.php
index 78dc49d..f683fc0 100644
--- a/includes/common.php
+++ b/includes/common.php
@@ -58,6 +58,17 @@ function getCurrentUser(PDO $conn) : array | null {
     return $query->fetch();
 }
 
+
+/**
+ * Specialization of `htmlentities()` that avoids double escaping and uses UTF-8.
+ *
+ * @param string $unescaped String to escape
+ * @return string HTML-escaped string
+ */
+function pp_html_escape(string $unescaped) : string {
+    return htmlentities($unescaped, ENT_QUOTES, 'UTF-8', false);
+}
+
 function updatePageViews(PDO $conn) : void {
     $ip = $_SERVER['REMOTE_ADDR'];
     $date = date('jS F Y');
@@ -163,4 +174,6 @@ if (isset($_GET['logout'])) {
 $site_ads = getSiteAds($conn);
 $total_pastes = getSiteTotalPastes($conn);
 $total_page_views = getSiteTotalviews($conn);
-$total_unique_views = getSiteTotal_unique_views($conn);
\ No newline at end of file
+$total_unique_views = getSiteTotal_unique_views($conn);
+
+$current_user = getCurrentUser($conn);
diff --git a/includes/functions.php b/includes/functions.php
index 7e35008..9a43dd2 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -26,26 +26,19 @@ function timer() {
     }
 }
 
-function getUserFavs(PDO $conn, string $username) : array {
+function getUserFavs(PDO $conn, string $user_id) : array {
     $query = $conn->prepare(
-        "SELECT pins.f_time, pins.m_fav, pins.f_paste, pastes.id, pastes.title, pastes.created_at, pastes.tagsys
-            FROM pins, pastes
-            WHERE pins.f_paste = pastes.id AND pins.m_fav = ?");
-    $query->execute([$username]);
+        "SELECT pins.f_time, pastes.id, pastes.title, pastes.created_at, pastes.tagsys
+            FROM pins
+            INNER JOIN pastes ON pastes.id = pins.paste_id
+            WHERE pins.user_id = ?");
+    $query->execute([$user_id]);
     return $query->fetchAll();
 }
 
-function CountPasteFavs($conn, $fav_id) {
-$query = intval($conn->prepare("SELECT COUNT(f_paste) FROM pins WHERE f_paste=?")->fetch(PDO::FETCH_NUM)[0]);
-    $query->execute([$fav_id]);
-    return $query->fetchAll();
-}
-
-
-//Can't seem to get working.
-function checkFavorite(PDO $conn, int $paste_id, string $username) : string {
-    $query = $conn->prepare("SELECT 1 FROM pins WHERE m_fav = ? AND f_paste = ?");
-    $query->execute([$username, $paste_id]);
+function checkFavorite(PDO $conn, int $paste_id, int $user_id) : string {
+    $query = $conn->prepare("SELECT 1 FROM pins WHERE user_id = ? AND paste_id = ?");
+    $query->execute([$user_id, $paste_id]);
 
     if ($query->fetch()) {
         return "<a  href='#' id='favorite' class='iconn tool-iconn' data-fid='" . $paste_id . "'><i class='far fa-star fa-lg has-text-grey' title='Favourite'></i></a>";
@@ -140,15 +133,15 @@ function getRecentreport($conn, $count) {
 }
 
 
-function getUserRecom($conn, $p_member) {
+function getUserRecom(PDO $conn, int $user_id) : array {
     $query = $conn->prepare(
         "SELECT pastes.id AS id, users.username AS member, title, visible
             FROM pastes
-            INNER JOIN users ON users.username = ?
-            WHERE visible = '0'
+            INNER JOIN users ON pastes.user_id = users.id
+            WHERE pastes.visible = '0' AND users.id = ?
             ORDER BY id DESC
             LIMIT 0, 5");
-    $query->execute([$p_member]);
+    $query->execute([$user_id]);
     return $query->fetchAll();
 }
 
diff --git a/paste.php b/paste.php
index ac812e1..6173222 100644
--- a/paste.php
+++ b/paste.php
@@ -6,7 +6,7 @@
  * modify it under the terms of the GNU General Public License
  * as published by the Free Software Foundation; either version 3
  * of the License, or (at your option) any later version.
- * 
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
@@ -31,13 +31,13 @@ $paste_id = intval(trim($_REQUEST['id']));
 updatePageViews($conn);
 
 // Get paste favorite count
-$query = $conn->prepare('SELECT COUNT(*) FROM pins WHERE f_paste = ?');
+$query = $conn->prepare('SELECT COUNT(*) FROM pins WHERE paste_id = ?');
 $query->execute([$paste_id]);
 $fav_count = intval($query->fetch(PDO::FETCH_NUM)[0]);
 
 // Get paste info
 $query = $conn->prepare(
-    'SELECT title, content, visible, code, expiry, pastes.password AS password, created_at, updated_at, encrypt, views, tagsys, users.username AS member
+    'SELECT title, content, visible, code, expiry, pastes.password AS password, created_at, updated_at, encrypt, views, tagsys, users.username AS member, users.id AS user_id
         FROM pastes
         INNER JOIN users ON users.id = pastes.user_id
         WHERE pastes.id = ?');
@@ -47,8 +47,6 @@ $row = $query->fetch();
 // This is used in the theme files.
 $totalpastes = getSiteTotalPastes($conn);
 
-$current_user = getCurrentUser($conn);
-
 if (!$row) {
     header('HTTP/1.1 404 Not Found');
     $notfound = $lang['notfound']; // "Not found";
@@ -60,6 +58,7 @@ if (!$row) {
         'title' => $paste_title,
         'created_at' => (new DateTime($row['created_at']))->format('jS F Y h:i:s A'),
         'updated_at' => (new DateTime($row['updated_at']))->format('jS F Y h:i:s A'),
+        'user_id' => $row['user_id'],
         'member' => $row['member'],
         'tags' => $row['tagsys'],
         'views' => $row['views'],
@@ -69,22 +68,16 @@ if (!$row) {
     $p_visible = $row['visible'];
     $p_expiry = Trim($row['expiry']);
     $p_password = $row['password'];
-    $p_member = $row['member'];
     $p_encrypt = $row['encrypt'];
 
-    $p_private_error = '0';
-    if ($p_visible == "2") {
-        if ($current_user) {
-            if ($p_member !== $current_user['id']) {
-                $notfound = $lang['privatepaste']; //" This is a private paste.";
-                $p_private_error = '1';
-                goto Not_Valid_Paste;
-            }
-        } else {
-            $notfound = $lang['privatepaste']; //" This is a private paste. If you created this paste, please login to view it.";
-            $p_private_error = '1';
-            goto Not_Valid_Paste;
-        }
+
+    $is_private = $row['visible'] === '2';
+    $private_error = false;
+
+    if ($is_private && (!$current_user || $current_user['id'] !== $row['user_id'])) {
+        $notfound = $lang['privatepaste']; //" This is a private paste. If you created this paste, please login to view it.";
+        $private_error = true;
+        goto Not_Valid_Paste;
     }
 
     if (!empty($p_expiry) && $p_expiry !== 'SELF') {
@@ -144,19 +137,18 @@ if (!$row) {
     // Preprocess
     $highlight = array();
     $prefix_size = strlen('!highlight!');
-    if ($prefix_size) {
-        $lines = explode("\n", $p_content);
-        $p_content = "";
-        foreach ($lines as $idx => $line) {
-            if (substr($line, 0, $prefix_size) == '!highlight!') {
-                $highlight[] = $idx + 1;
-                $line = substr($line, $prefix_size);
-            }
-            $p_content .= $line . "\n";
+    $lines = explode("\n", $p_content);
+    $p_content = "";
+    foreach ($lines as $idx => $line) {
+        if (substr($line, 0, $prefix_size) == '!highlight!') {
+            $highlight[] = $idx + 1;
+            $line = substr($line, $prefix_size);
         }
-        $p_content = rtrim($p_content);
+        $p_content .= $line . "\n";
     }
 
+    $p_content = rtrim($p_content);
+
     // Apply syntax highlight
     $p_content = htmlspecialchars_decode($p_content);
     if ($paste_code === "pastedown") {
@@ -261,7 +253,7 @@ if ($p_password == "NONE") {
 
 Not_Valid_Paste:
 // Private paste not valid
-if ($p_private_error == '1') {
+if ($is_private == '1') {
     // Display errors
     require_once('theme/' . $default_theme . '/header.php');
     require_once('theme/' . $default_theme . '/errors.php');
diff --git a/theme/bulma/view.php b/theme/bulma/view.php
index 347195d..35b719b 100644
--- a/theme/bulma/view.php
+++ b/theme/bulma/view.php
@@ -178,9 +178,8 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
                         <div class="column is-4 has-text-right">
                             <div class="">
                                 <div class="panel-tools">
-                                    <?php if (isset($_SESSION['token'])) {
-                                        $f_username = $_SESSION['username'];
-                                        $fav_paste = checkFavorite($conn, $paste_id, $f_username);
+                                    <?php if ($current_user) {
+                                        $fav_paste = checkFavorite($conn, $paste_id, $current_user['id']);
                                     }
                                     ?>
                                     <a class="icon tool-icon" class="flip" onclick="openreport()"><i
@@ -248,26 +247,26 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
                     } ?>
                 </div>
                 <!-- Guests -->
-                <?php if (!isset($_SESSION['username']) || strcasecmp($_SESSION['username'], $p_member)) { ?>
+                <?php if (!$current_user || $current_user['id'] !== $paste['user_id']) { ?>
                     <hr>
                     <label class="label">More from this Author </label>
                     <?php
-                    $rec = getUserRecom($conn, $p_member);
+                    $rec = getUserRecom($conn, $paste['user_id']);
                     foreach ($rec as $index => $row) {
                         $title = Trim($row['title']);
                         $p_id = Trim($row['id']);
-                        $p_member = Trim($row['member']);
                         $titlehov = ($row['title']);
-                        $title = truncate($title, 24, 60);
+                        $long_title = pp_html_escape($row['title']);
+                        $title = pp_html_escape(truncate($row['title'], 24, 60));
                         ?>
 
                         <p class="no-margin">
                         <?php
                         if ($mod_rewrite == '1') {
                             echo '<header class="bd-category-header my-1">
-									<a href="' . $p_id . '" title="' . $title . '">' . $title . ' </a>
+									<a href="' . $p_id . '" title="' . $long_title . '">' . $title . ' </a>
 									<p class="subtitle is-7">' . 'by ' . '
-										<i>' . $p_member . '</i>' . '
+										<i>' . $row['member'] . '</i>' . '
 									</p>' .
                                 '</header>';
                         } else {
@@ -462,7 +461,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
                                             <?php echo $lang['encrypt']; ?>
                                         </label>
                                         <?php
-                                        if (strcasecmp($_SESSION['username'], $p_member) == 0) {
+                                        if ($current_user && ($current_user['id'] === $paste['user_id'])) {
                                             ?>
                                             <input class="button is-info" type="submit" name="edit" id="edit"
                                                    value="<?php echo $lang['editpaste']; ?>"/>