PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-12 06:30:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

General cleanup in process of checking for XSS

Browse source
This commit is contained in:
Floorb 2022-03-26 23:24:51 -04:00
parent b338781d67
commit ec425ce1a2
5 changed files with 49 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
theme/bulma/errors.php
View file

@ -15,7 +15,7 @@
<form action="" method="post">
<div class="field has-addons">
<div class="control">
<input type="hidden" name="id" value="<?php echo $paste_id; ?>"/>
<input type="hidden" name="id" value="<?= $paste_id; ?>"/>
<input type="password" class="input" name="mypass"
placeholder="Password" />
</div>

35
theme/bulma/login.php
View file

@ -3,25 +3,24 @@
<div class="bd-main-container container">
<div class="bd-duo">
<div class="bd-lead">
<?php
// Logged in
if (isset($success)) {
echo '<div class="notification is-success"><i class="fa fa-exclamation-circle"></i> ' . $success . '</div>';
if (isset($new_password)) {
echo '<p>Your new password is as follows:</p>';
echo "<code>${new_password}</code><br>";
}
<?php if (isset($success)): ?>
<div class="notification is-success"><i class="fa fa-exclamation-circle" aria-hidden="true"></i><?= pp_html_escape($success); ?></div>
<?php if (isset($new_password)): ?>
<p>Your new password is as follows:</p>
<code><?= pp_html_escape($new_password); ?></code>
<br>
<?php endif; ?>
if (isset($recovery_code)) {
echo '<br><span class="tag is-danger is-medium">IMPORTANT!</span>';
echo '<p><b>If you wish to recover your account later, you will need the following code. Store it in a safe place!</b></p>';
echo "<code id='recovery'>${recovery_code}</code>";
echo '<p>If you do not save this code and you forget your password, there is no way to get your account back!</p>';
}
} // Errors
elseif (isset($error)) {
echo '<div class="notification is-info"><i class="fa fa-exclamation-circle" aria-hidden=" true"></i> ' . $error . '</p></div>';
}
<?php if (isset($recovery_code)): ?>
<br><span class="tag is-danger is-medium">IMPORTANT!</span>
<p><b>If you wish to recover your account later, you will need the following code. Store it in a safe place!</b></p>
<code id="recovery"><?= pp_html_escape($recovery_code); ?></code>
<p>If you do not save this code, and you forget your password, there is no way to get your account back!</p>
<?php endif; ?>
<?php elseif (isset($error)): ?>
<div class="notification is-info"><i class="fa fa-exclamation-circle" aria-hidden="true"></i><?= pp_html_escape($error); ?></p></div>
<?php endif; ?>
<?php
// Login page
if (isset($_GET['login'])) {
?>

2
theme/bulma/profile.php
View file

@ -10,7 +10,7 @@
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($success)) {
echo ' <div class="notification is-success"><i class="fa fa-exclamation-circle" aria-hidden=" true"></i>
echo ' <div class="notification is-success"><i class="fa fa-exclamation-circle" aria-hidden=" rue"></i>
' . $success . '
</div>';
} elseif (isset($error)) {

56
theme/bulma/view.php
View file

@ -99,18 +99,25 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
<div class="columns is-multiline">
<div class="column is-4">
<span class="tag is-normal"><i class="fa fa-code fa-lg"
aria-hidden="true"></i>&nbsp;&nbsp;<?php echo strtoupper($paste['code']); ?></span>
aria-hidden="true"></i>&nbsp;&nbsp;<?php echo strtoupper(pp_html_escape($paste['code'])); ?></span>
<span class="tag is-normal"><i class="fa fa-eye fa-lg"
aria-hidden="true"></i>&nbsp;&nbsp;<?php echo $paste['views']; ?></span>
<span class="tag is-normal"><i class="fa fa-star fa-lg"
aria-hidden="true"></i>&nbsp;&nbsp;<?php echo $fav_count; ?></span>
<br>
<span class="tag is-normal"><i class="fa fa-file-word fa-lg" aria-hidden="true"></i>&nbsp;&nbsp; <?php $wordcount = str_word_count($op_content);
echo $wordcount ?></span>
<span class="tag is-normal"><i class="fa fa-hdd fa-lg"
aria-hidden="true"></i>&nbsp;&nbsp;<?php $pastesize = strlen($op_content);
echo formatBytes($pastesize) ?></span>
<span class="tag is-normal"><i class="fa fa-list-ol fa-lg" aria-hidden="true"></i>&nbsp;&nbsp;<?php echo substr_count($op_content, "\n") + 1; ?></span>
<span class="tag is-normal">
<i class="fa fa-file-word fa-lg" aria-hidden="true"></i>
&nbsp;&nbsp;
<?= str_word_count($op_content); ?>
</span>
<span class="tag is-normal">
<i class="fa fa-hdd fa-lg" aria-hidden="true"></i>
<?= formatBytes(strlen($op_content)) ?>
</span>
<span class="tag is-normal">
<i class="fa fa-list-ol fa-lg" aria-hidden="true"></i>&nbsp;&nbsp;
<?php echo substr_count($op_content, "\n") + 1; ?>
</span>
</div>
<div class="column is-4 has-text-centered">
<h1 class="title is-6" style="margin-bottom:0;"><?= $paste['title'] ?></h1>
@ -240,19 +247,14 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
<div class="select">
<div class="select">
<select data-live-search="true" name="format">
<?php // Show popular GeSHi formats
foreach (PP_HIGHLIGHT_FORMATS as $code => $name) {
$sel = ($paste['code'] == $code) ? 'selected="selected"' : ' ';
echo '<option ' . $sel . ' value="' . $code . '">' . $name . '</option>';
}
?>
<?= optionsForSelect(array_values(PP_HIGHLIGHT_FORMATS), array_keys(PP_HIGHLIGHT_FORMATS), $paste->code); ?>
</select>
</div>
</div>
</div>
<div class="level-item is-pulled-left mx-1">
<input class="button is-info" type="hidden" name="paste_id"
value="<?php echo $paste_id; ?>"/>
value="<?= $paste->id; ?>"/>
</div>
<div class="level-item is-pulled-left mx-1">
<a class="button"
@ -264,8 +266,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
<!-- Text area -->
<textarea style="line-height: 1.2;" class="textarea mx-1" rows="13" id="code"
name="paste_data" onkeyup="countChars(this);"
onkeydown="return catchTab(this,event)"
placeholder="helloworld"><?php echo htmlentities($op_content, ENT_QUOTES, 'UTF-8'); ?></textarea>
onkeydown="return catchTab(this,event)"><?= pp_html_escape($op_content); ?></textarea>
<p id="charNum"><b>File Size: </b><span style="color: green;">1000/1000Kb</span></p>
<br>
@ -317,19 +318,16 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
<!-- Visibility -->
<div class="select">
<select name="visibility">
<option value="0" <?php echo ($p_visible == "0") ? 'selected="selected"' : ''; ?>>
Public
</option>
<option value="1" <?php echo ($p_visible == "1") ? 'selected="selected"' : ''; ?>>
Unlisted
</option>
<?php if ($current_user) { ?>
<option value="2" <?php echo ($p_visible == "2") ? 'selected="selected"' : ''; ?>>
Private
</option>
<?php } else { ?>
<option disabled>Private</option>
<?php } ?>
<?php
$visibility_names = ['Public', 'Unlisted'];
$visibility_codes = ['0', '1'];
if ($current_user) {
$visibility_names[] = 'Private';
$visibility_codes[] = '2';
}
echo optionsForSelect($visibility_names, $visibility_codes, $p_visible);
?>
</select>
</div>
</div>