PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-12 14:40:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Various fixes

Browse source
This commit is contained in:
Floorb 2021-07-16 09:53:34 -04:00
parent 478692176e
commit 8b4ef628e2
5 changed files with 60 additions and 62 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
config.php
View file

@ -61,7 +61,8 @@ $db_opts = [
]; ];
// Secret key for paste encryption // Secret key for paste encryption
$sec_key = "8ac67343e7980b16b31e8311d4377bbb"; //$sec_key = "8ac67343e7980b16b31e8311d4377bbb";
$sec_key = '';
define('SECRET', md5($sec_key)); define('SECRET', md5($sec_key));
// Set to 1 to enable Apache's mod_rewrite // Set to 1 to enable Apache's mod_rewrite

15
includes/common.php
View file

@ -58,6 +58,17 @@ function getCurrentUser(PDO $conn) : array | null {
return $query->fetch(); return $query->fetch();
} }
/**
* Specialization of `htmlentities()` that avoids double escaping and uses UTF-8.
*
* @param string $unescaped String to escape
* @return string HTML-escaped string
*/
function pp_html_escape(string $unescaped) : string {
return htmlentities($unescaped, ENT_QUOTES, 'UTF-8', false);
}
function updatePageViews(PDO $conn) : void { function updatePageViews(PDO $conn) : void {
$ip = $_SERVER['REMOTE_ADDR']; $ip = $_SERVER['REMOTE_ADDR'];
$date = date('jS F Y'); $date = date('jS F Y');
@ -163,4 +174,6 @@ if (isset($_GET['logout'])) {
$site_ads = getSiteAds($conn); $site_ads = getSiteAds($conn);
$total_pastes = getSiteTotalPastes($conn); $total_pastes = getSiteTotalPastes($conn);
$total_page_views = getSiteTotalviews($conn); $total_page_views = getSiteTotalviews($conn);
$total_unique_views = getSiteTotal_unique_views($conn); $total_unique_views = getSiteTotal_unique_views($conn);
$current_user = getCurrentUser($conn);

33
includes/functions.php
View file

@ -26,26 +26,19 @@ function timer() {
} }
} }
function getUserFavs(PDO $conn, string $username) : array { function getUserFavs(PDO $conn, string $user_id) : array {
$query = $conn->prepare( $query = $conn->prepare(
"SELECT pins.f_time, pins.m_fav, pins.f_paste, pastes.id, pastes.title, pastes.created_at, pastes.tagsys "SELECT pins.f_time, pastes.id, pastes.title, pastes.created_at, pastes.tagsys
FROM pins, pastes FROM pins
WHERE pins.f_paste = pastes.id AND pins.m_fav = ?"); INNER JOIN pastes ON pastes.id = pins.paste_id
$query->execute([$username]); WHERE pins.user_id = ?");
$query->execute([$user_id]);
return $query->fetchAll(); return $query->fetchAll();
} }
function CountPasteFavs($conn, $fav_id) { function checkFavorite(PDO $conn, int $paste_id, int $user_id) : string {
$query = intval($conn->prepare("SELECT COUNT(f_paste) FROM pins WHERE f_paste=?")->fetch(PDO::FETCH_NUM)[0]); $query = $conn->prepare("SELECT 1 FROM pins WHERE user_id = ? AND paste_id = ?");
$query->execute([$fav_id]); $query->execute([$user_id, $paste_id]);
return $query->fetchAll();
}
//Can't seem to get working.
function checkFavorite(PDO $conn, int $paste_id, string $username) : string {
$query = $conn->prepare("SELECT 1 FROM pins WHERE m_fav = ? AND f_paste = ?");
$query->execute([$username, $paste_id]);
if ($query->fetch()) { if ($query->fetch()) {
return "<a href='#' id='favorite' class='iconn tool-iconn' data-fid='" . $paste_id . "'><i class='far fa-star fa-lg has-text-grey' title='Favourite'></i></a>"; return "<a href='#' id='favorite' class='iconn tool-iconn' data-fid='" . $paste_id . "'><i class='far fa-star fa-lg has-text-grey' title='Favourite'></i></a>";
@ -140,15 +133,15 @@ function getRecentreport($conn, $count) {
} }
function getUserRecom($conn, $p_member) { function getUserRecom(PDO $conn, int $user_id) : array {
$query = $conn->prepare( $query = $conn->prepare(
"SELECT pastes.id AS id, users.username AS member, title, visible "SELECT pastes.id AS id, users.username AS member, title, visible
FROM pastes FROM pastes
INNER JOIN users ON users.username = ? INNER JOIN users ON pastes.user_id = users.id
WHERE visible = '0' WHERE pastes.visible = '0' AND users.id = ?
ORDER BY id DESC ORDER BY id DESC
LIMIT 0, 5"); LIMIT 0, 5");
$query->execute([$p_member]); $query->execute([$user_id]);
return $query->fetchAll(); return $query->fetchAll();
} }

52
paste.php
View file

@ -6,7 +6,7 @@
* modify it under the terms of the GNU General Public License * modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 3 * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version. * of the License, or (at your option) any later version.
* *
* This program is distributed in the hope that it will be useful, * This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
@ -31,13 +31,13 @@ $paste_id = intval(trim($_REQUEST['id']));
updatePageViews($conn); updatePageViews($conn);
// Get paste favorite count // Get paste favorite count
$query = $conn->prepare('SELECT COUNT(*) FROM pins WHERE f_paste = ?'); $query = $conn->prepare('SELECT COUNT(*) FROM pins WHERE paste_id = ?');
$query->execute([$paste_id]); $query->execute([$paste_id]);
$fav_count = intval($query->fetch(PDO::FETCH_NUM)[0]); $fav_count = intval($query->fetch(PDO::FETCH_NUM)[0]);
// Get paste info // Get paste info
$query = $conn->prepare( $query = $conn->prepare(
'SELECT title, content, visible, code, expiry, pastes.password AS password, created_at, updated_at, encrypt, views, tagsys, users.username AS member 'SELECT title, content, visible, code, expiry, pastes.password AS password, created_at, updated_at, encrypt, views, tagsys, users.username AS member, users.id AS user_id
FROM pastes FROM pastes
INNER JOIN users ON users.id = pastes.user_id INNER JOIN users ON users.id = pastes.user_id
WHERE pastes.id = ?'); WHERE pastes.id = ?');
@ -47,8 +47,6 @@ $row = $query->fetch();
// This is used in the theme files. // This is used in the theme files.
$totalpastes = getSiteTotalPastes($conn); $totalpastes = getSiteTotalPastes($conn);
$current_user = getCurrentUser($conn);
if (!$row) { if (!$row) {
header('HTTP/1.1 404 Not Found'); header('HTTP/1.1 404 Not Found');
$notfound = $lang['notfound']; // "Not found"; $notfound = $lang['notfound']; // "Not found";
@ -60,6 +58,7 @@ if (!$row) {
'title' => $paste_title, 'title' => $paste_title,
'created_at' => (new DateTime($row['created_at']))->format('jS F Y h:i:s A'), 'created_at' => (new DateTime($row['created_at']))->format('jS F Y h:i:s A'),
'updated_at' => (new DateTime($row['updated_at']))->format('jS F Y h:i:s A'), 'updated_at' => (new DateTime($row['updated_at']))->format('jS F Y h:i:s A'),
'user_id' => $row['user_id'],
'member' => $row['member'], 'member' => $row['member'],
'tags' => $row['tagsys'], 'tags' => $row['tagsys'],
'views' => $row['views'], 'views' => $row['views'],
@ -69,22 +68,16 @@ if (!$row) {
$p_visible = $row['visible']; $p_visible = $row['visible'];
$p_expiry = Trim($row['expiry']); $p_expiry = Trim($row['expiry']);
$p_password = $row['password']; $p_password = $row['password'];
$p_member = $row['member'];
$p_encrypt = $row['encrypt']; $p_encrypt = $row['encrypt'];
$p_private_error = '0';
if ($p_visible == "2") { $is_private = $row['visible'] === '2';
if ($current_user) { $private_error = false;
if ($p_member !== $current_user['id']) {
$notfound = $lang['privatepaste']; //" This is a private paste."; if ($is_private && (!$current_user || $current_user['id'] !== $row['user_id'])) {
$p_private_error = '1'; $notfound = $lang['privatepaste']; //" This is a private paste. If you created this paste, please login to view it.";
goto Not_Valid_Paste; $private_error = true;
} goto Not_Valid_Paste;
} else {
$notfound = $lang['privatepaste']; //" This is a private paste. If you created this paste, please login to view it.";
$p_private_error = '1';
goto Not_Valid_Paste;
}
} }
if (!empty($p_expiry) && $p_expiry !== 'SELF') { if (!empty($p_expiry) && $p_expiry !== 'SELF') {
@ -144,19 +137,18 @@ if (!$row) {
// Preprocess // Preprocess
$highlight = array(); $highlight = array();
$prefix_size = strlen('!highlight!'); $prefix_size = strlen('!highlight!');
if ($prefix_size) { $lines = explode("\n", $p_content);
$lines = explode("\n", $p_content); $p_content = "";
$p_content = ""; foreach ($lines as $idx => $line) {
foreach ($lines as $idx => $line) { if (substr($line, 0, $prefix_size) == '!highlight!') {
if (substr($line, 0, $prefix_size) == '!highlight!') { $highlight[] = $idx + 1;
$highlight[] = $idx + 1; $line = substr($line, $prefix_size);
$line = substr($line, $prefix_size);
}
$p_content .= $line . "\n";
} }
$p_content = rtrim($p_content); $p_content .= $line . "\n";
} }
$p_content = rtrim($p_content);
// Apply syntax highlight // Apply syntax highlight
$p_content = htmlspecialchars_decode($p_content); $p_content = htmlspecialchars_decode($p_content);
if ($paste_code === "pastedown") { if ($paste_code === "pastedown") {
@ -261,7 +253,7 @@ if ($p_password == "NONE") {
Not_Valid_Paste: Not_Valid_Paste:
// Private paste not valid // Private paste not valid
if ($p_private_error == '1') { if ($is_private == '1') {
// Display errors // Display errors
require_once('theme/' . $default_theme . '/header.php'); require_once('theme/' . $default_theme . '/header.php');
require_once('theme/' . $default_theme . '/errors.php'); require_once('theme/' . $default_theme . '/errors.php');

19
theme/bulma/view.php
View file

@ -178,9 +178,8 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
<div class="column is-4 has-text-right"> <div class="column is-4 has-text-right">
<div class=""> <div class="">
<div class="panel-tools"> <div class="panel-tools">
<?php if (isset($_SESSION['token'])) { <?php if ($current_user) {
$f_username = $_SESSION['username']; $fav_paste = checkFavorite($conn, $paste_id, $current_user['id']);
$fav_paste = checkFavorite($conn, $paste_id, $f_username);
} }
?> ?>
<a class="icon tool-icon" class="flip" onclick="openreport()"><i <a class="icon tool-icon" class="flip" onclick="openreport()"><i
@ -248,26 +247,26 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
} ?> } ?>
</div> </div>
<!-- Guests --> <!-- Guests -->
<?php if (!isset($_SESSION['username']) || strcasecmp($_SESSION['username'], $p_member)) { ?> <?php if (!$current_user || $current_user['id'] !== $paste['user_id']) { ?>
<hr> <hr>
<label class="label">More from this Author </label> <label class="label">More from this Author </label>
<?php <?php
$rec = getUserRecom($conn, $p_member); $rec = getUserRecom($conn, $paste['user_id']);
foreach ($rec as $index => $row) { foreach ($rec as $index => $row) {
$title = Trim($row['title']); $title = Trim($row['title']);
$p_id = Trim($row['id']); $p_id = Trim($row['id']);
$p_member = Trim($row['member']);
$titlehov = ($row['title']); $titlehov = ($row['title']);
$title = truncate($title, 24, 60); $long_title = pp_html_escape($row['title']);
$title = pp_html_escape(truncate($row['title'], 24, 60));
?> ?>
<p class="no-margin"> <p class="no-margin">
<?php <?php
if ($mod_rewrite == '1') { if ($mod_rewrite == '1') {
echo '<header class="bd-category-header my-1"> echo '<header class="bd-category-header my-1">
<a href="' . $p_id . '" title="' . $title . '">' . $title . ' </a> <a href="' . $p_id . '" title="' . $long_title . '">' . $title . ' </a>
<p class="subtitle is-7">' . 'by ' . ' <p class="subtitle is-7">' . 'by ' . '
<i>' . $p_member . '</i>' . ' <i>' . $row['member'] . '</i>' . '
</p>' . </p>' .
'</header>'; '</header>';
} else { } else {
@ -462,7 +461,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
<?php echo $lang['encrypt']; ?> <?php echo $lang['encrypt']; ?>
</label> </label>
<?php <?php
if (strcasecmp($_SESSION['username'], $p_member) == 0) { if ($current_user && ($current_user['id'] === $paste['user_id'])) {
?> ?>
<input class="button is-info" type="submit" name="edit" id="edit" <input class="button is-info" type="submit" name="edit" id="edit"
value="<?php echo $lang['editpaste']; ?>"/> value="<?php echo $lang['editpaste']; ?>"/>