PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-12 14:40:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

General cleanup in process of checking for XSS

Browse source
This commit is contained in:
Floorb 2022-03-26 23:24:51 -04:00
parent b338781d67
commit ec425ce1a2
5 changed files with 49 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
theme/bulma/errors.php
View file

@ -15,7 +15,7 @@
<form action="" method="post"> <form action="" method="post">
<div class="field has-addons"> <div class="field has-addons">
<div class="control"> <div class="control">
<input type="hidden" name="id" value="<?php echo $paste_id; ?>"/> <input type="hidden" name="id" value="<?= $paste_id; ?>"/>
<input type="password" class="input" name="mypass" <input type="password" class="input" name="mypass"
placeholder="Password" /> placeholder="Password" />
</div> </div>

35
theme/bulma/login.php
View file

@ -3,25 +3,24 @@
<div class="bd-main-container container"> <div class="bd-main-container container">
<div class="bd-duo"> <div class="bd-duo">
<div class="bd-lead"> <div class="bd-lead">
<?php <?php if (isset($success)): ?>
// Logged in <div class="notification is-success"><i class="fa fa-exclamation-circle" aria-hidden="true"></i><?= pp_html_escape($success); ?></div>
if (isset($success)) { <?php if (isset($new_password)): ?>
echo '<div class="notification is-success"><i class="fa fa-exclamation-circle"></i> ' . $success . '</div>'; <p>Your new password is as follows:</p>
if (isset($new_password)) { <code><?= pp_html_escape($new_password); ?></code>
echo '<p>Your new password is as follows:</p>'; <br>
echo "<code>${new_password}</code><br>"; <?php endif; ?>
}
if (isset($recovery_code)) { <?php if (isset($recovery_code)): ?>
echo '<br><span class="tag is-danger is-medium">IMPORTANT!</span>'; <br><span class="tag is-danger is-medium">IMPORTANT!</span>
echo '<p><b>If you wish to recover your account later, you will need the following code. Store it in a safe place!</b></p>'; <p><b>If you wish to recover your account later, you will need the following code. Store it in a safe place!</b></p>
echo "<code id='recovery'>${recovery_code}</code>"; <code id="recovery"><?= pp_html_escape($recovery_code); ?></code>
echo '<p>If you do not save this code and you forget your password, there is no way to get your account back!</p>'; <p>If you do not save this code, and you forget your password, there is no way to get your account back!</p>
} <?php endif; ?>
} // Errors <?php elseif (isset($error)): ?>
elseif (isset($error)) { <div class="notification is-info"><i class="fa fa-exclamation-circle" aria-hidden="true"></i><?= pp_html_escape($error); ?></p></div>
echo '<div class="notification is-info"><i class="fa fa-exclamation-circle" aria-hidden=" true"></i> ' . $error . '</p></div>'; <?php endif; ?>
} <?php
// Login page // Login page
if (isset($_GET['login'])) { if (isset($_GET['login'])) {
?> ?>

4
theme/bulma/profile.php
View file

@ -10,11 +10,11 @@
<?php <?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($success)) { if (isset($success)) {
echo ' <div class="notification is-success"><i class="fa fa-exclamation-circle" aria-hidden=" true"></i> echo ' <div class="notification is-success"><i class="fa fa-exclamation-circle" aria-hidden=" rue"></i>
' . $success . ' ' . $success . '
</div>'; </div>';
} elseif (isset($error)) { } elseif (isset($error)) {
echo ' <div class="notification is-danger"><i class="fa fa-exclamation-circle" aria-hidden=" true"></i> echo ' <div class="notification is-danger"><i class="fa fa-exclamation-circle" aria-hidden="true"></i>
' . $error . ' ' . $error . '
</div>'; </div>';
} }

4
theme/bulma/user_profile.php
View file

@ -60,9 +60,9 @@
outputBadges($paste_view_badges, $profile_total_paste_views, 'total_views'); outputBadges($paste_view_badges, $profile_total_paste_views, 'total_views');
if (($profile_total_unlisted >= 5) && ($profile_total_unlisted <= 9)) { if (($profile_total_unlisted >= 5) && ($profile_total_unlisted <= 9)) {
echo '<img src = "/img/badges/pastehidden.png" title="[ShadowWriter] Have more than Five unlisted pastes" style="margin:5px">'; echo '<img src="/img/badges/pastehidden.png" title="[ShadowWriter] Have more than Five unlisted pastes" style="margin:5px">';
} elseif ($profile_total_unlisted >= 10) { } elseif ($profile_total_unlisted >= 10) {
echo '<img src = "/img/badges/pastehidden.png" title="[Ghostwriter] Have more than Ten unlisted pastes" style="margin:5px">'; echo '<img src="/img/badges/pastehidden.png" title="[Ghostwriter] Have more than Ten unlisted pastes" style="margin:5px">';
} }
?> ?>

56
theme/bulma/view.php
View file

@ -99,18 +99,25 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
<div class="columns is-multiline"> <div class="columns is-multiline">
<div class="column is-4"> <div class="column is-4">
<span class="tag is-normal"><i class="fa fa-code fa-lg" <span class="tag is-normal"><i class="fa fa-code fa-lg"
aria-hidden="true"></i>&nbsp;&nbsp;<?php echo strtoupper($paste['code']); ?></span> aria-hidden="true"></i>&nbsp;&nbsp;<?php echo strtoupper(pp_html_escape($paste['code'])); ?></span>
<span class="tag is-normal"><i class="fa fa-eye fa-lg" <span class="tag is-normal"><i class="fa fa-eye fa-lg"
aria-hidden="true"></i>&nbsp;&nbsp;<?php echo $paste['views']; ?></span> aria-hidden="true"></i>&nbsp;&nbsp;<?php echo $paste['views']; ?></span>
<span class="tag is-normal"><i class="fa fa-star fa-lg" <span class="tag is-normal"><i class="fa fa-star fa-lg"
aria-hidden="true"></i>&nbsp;&nbsp;<?php echo $fav_count; ?></span> aria-hidden="true"></i>&nbsp;&nbsp;<?php echo $fav_count; ?></span>
<br> <br>
<span class="tag is-normal"><i class="fa fa-file-word fa-lg" aria-hidden="true"></i>&nbsp;&nbsp; <?php $wordcount = str_word_count($op_content); <span class="tag is-normal">
echo $wordcount ?></span> <i class="fa fa-file-word fa-lg" aria-hidden="true"></i>
<span class="tag is-normal"><i class="fa fa-hdd fa-lg" &nbsp;&nbsp;
aria-hidden="true"></i>&nbsp;&nbsp;<?php $pastesize = strlen($op_content); <?= str_word_count($op_content); ?>
echo formatBytes($pastesize) ?></span> </span>
<span class="tag is-normal"><i class="fa fa-list-ol fa-lg" aria-hidden="true"></i>&nbsp;&nbsp;<?php echo substr_count($op_content, "\n") + 1; ?></span> <span class="tag is-normal">
<i class="fa fa-hdd fa-lg" aria-hidden="true"></i>
<?= formatBytes(strlen($op_content)) ?>
</span>
<span class="tag is-normal">
<i class="fa fa-list-ol fa-lg" aria-hidden="true"></i>&nbsp;&nbsp;
<?php echo substr_count($op_content, "\n") + 1; ?>
</span>
</div> </div>
<div class="column is-4 has-text-centered"> <div class="column is-4 has-text-centered">
<h1 class="title is-6" style="margin-bottom:0;"><?= $paste['title'] ?></h1> <h1 class="title is-6" style="margin-bottom:0;"><?= $paste['title'] ?></h1>
@ -240,19 +247,14 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
<div class="select"> <div class="select">
<div class="select"> <div class="select">
<select data-live-search="true" name="format"> <select data-live-search="true" name="format">
<?php // Show popular GeSHi formats <?= optionsForSelect(array_values(PP_HIGHLIGHT_FORMATS), array_keys(PP_HIGHLIGHT_FORMATS), $paste->code); ?>
foreach (PP_HIGHLIGHT_FORMATS as $code => $name) {
$sel = ($paste['code'] == $code) ? 'selected="selected"' : ' ';
echo '<option ' . $sel . ' value="' . $code . '">' . $name . '</option>';
}
?>
</select> </select>
</div> </div>
</div> </div>
</div> </div>
<div class="level-item is-pulled-left mx-1"> <div class="level-item is-pulled-left mx-1">
<input class="button is-info" type="hidden" name="paste_id" <input class="button is-info" type="hidden" name="paste_id"
value="<?php echo $paste_id; ?>"/> value="<?= $paste->id; ?>"/>
</div> </div>
<div class="level-item is-pulled-left mx-1"> <div class="level-item is-pulled-left mx-1">
<a class="button" <a class="button"
@ -264,8 +266,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
<!-- Text area --> <!-- Text area -->
<textarea style="line-height: 1.2;" class="textarea mx-1" rows="13" id="code" <textarea style="line-height: 1.2;" class="textarea mx-1" rows="13" id="code"
name="paste_data" onkeyup="countChars(this);" name="paste_data" onkeyup="countChars(this);"
onkeydown="return catchTab(this,event)" onkeydown="return catchTab(this,event)"><?= pp_html_escape($op_content); ?></textarea>
placeholder="helloworld"><?php echo htmlentities($op_content, ENT_QUOTES, 'UTF-8'); ?></textarea>
<p id="charNum"><b>File Size: </b><span style="color: green;">1000/1000Kb</span></p> <p id="charNum"><b>File Size: </b><span style="color: green;">1000/1000Kb</span></p>
<br> <br>
@ -317,19 +318,16 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
<!-- Visibility --> <!-- Visibility -->
<div class="select"> <div class="select">
<select name="visibility"> <select name="visibility">
<option value="0" <?php echo ($p_visible == "0") ? 'selected="selected"' : ''; ?>> <?php
Public $visibility_names = ['Public', 'Unlisted'];
</option> $visibility_codes = ['0', '1'];
<option value="1" <?php echo ($p_visible == "1") ? 'selected="selected"' : ''; ?>> if ($current_user) {
Unlisted $visibility_names[] = 'Private';
</option> $visibility_codes[] = '2';
<?php if ($current_user) { ?> }
<option value="2" <?php echo ($p_visible == "2") ? 'selected="selected"' : ''; ?>>
Private echo optionsForSelect($visibility_names, $visibility_codes, $p_visible);
</option> ?>
<?php } else { ?>
<option disabled>Private</option>
<?php } ?>
</select> </select>
</div> </div>
</div> </div>