From b49951e4d505c9be4b97dcfc9fe2690647ae0992 Mon Sep 17 00:00:00 2001 From: Floorb <132411956+Neetpone@users.noreply.github.com> Date: Tue, 11 Jul 2023 03:45:51 -0400 Subject: [PATCH] feat: disable passworded pastes for guests --- public/index.php | 15 +++++++++------ theme/bulma/main.php | 2 +- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/public/index.php b/public/index.php index 9118638..1e7ee5f 100644 --- a/public/index.php +++ b/public/index.php @@ -116,14 +116,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { $paste_visibility = $_POST['visibility']; $paste_code = $_POST['format']; $paste_password = $_POST['pass']; - - $p_expiry = trim(htmlspecialchars($_POST['paste_expire_date'])); $tag_input = $_POST['tag_input']; - if (empty($paste_password)) { - $paste_password = null; - } else { + if (!empty($paste_password)) { + if (!$current_user) { + $error = 'You must be logged in to create a password-protected paste.'; + goto OutPut; + } + $paste_password = password_hash($paste_password, PASSWORD_DEFAULT); + } else { + $paste_password = null; } $paste_content = openssl_encrypt( @@ -133,7 +136,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { ); // Set expiry time - $expires = calculatePasteExpiry($p_expiry); + $expires = calculatePasteExpiry(trim($_POST['paste_expire_date'])); // Edit existing paste or create new? if ($editing) { diff --git a/theme/bulma/main.php b/theme/bulma/main.php index d525cde..84136b6 100644 --- a/theme/bulma/main.php +++ b/theme/bulma/main.php @@ -140,7 +140,7 @@
value=""/>