updated base64.js to version 2.1.9, using minified version found at

9192c510f5/base64.min.js
kudos Dan Kogai

small improvements to input checking
implementing default values for most configuration options
switching to versioned JS files to avoid version hack used in template

lib/persistence.php

@@ -87,7 +87,8 @@ abstract class persistence
             file_put_contents(
                 $file,
                 'Allow from none' . PHP_EOL .
-                'Deny from all'. PHP_EOL
+                'Deny from all'. PHP_EOL,
+                LOCK_EX
             );
         }
     }

lib/zerobin.php

@@ -110,11 +110,17 @@ class zerobin
             if (!is_file(PATH . $dir . '/.htaccess')) file_put_contents(
                 PATH . $dir . '/.htaccess',
                 'Allow from none' . PHP_EOL .
-                'Deny from all'. PHP_EOL
+                'Deny from all'. PHP_EOL,
+                LOCK_EX
             );
         }
 
         $this->_conf = parse_ini_file(PATH . 'cfg/conf.ini', true);
+        foreach (array('main', 'model') as $section) {
+            if (!array_key_exists($section, $this->_conf)) die(
+                "ZeroBin requires configuration section [$section] to be present in configuration file."
+            );
+        }
         $this->_model = $this->_conf['model']['class'];
     }
 
@@ -171,14 +177,13 @@ class zerobin
         );
 
         // Make sure content is not too big.
+        $sizelimit = (int) $this->_getMainConfig('sizelimit', 2097152);
         if (
-            strlen($data) > $this->_conf['main']['sizelimit']
+            strlen($data) > $sizelimit
         ) $this->_return_message(
             1,
             'Paste is limited to ' .
-            $this->_conf['main']['sizelimit'] .
-            ' ' .
-            filter::size_humanreadable($this->_conf['main']['sizelimit']) .
+            filter::size_humanreadable($sizelimit) .
             ' of encrypted data.'
         );
 
@@ -191,8 +196,9 @@ class zerobin
         // Read expiration date
         if (!empty($_POST['expire']))
         {
-            if (array_key_exists($_POST['expire'], $this->_conf['expire_options'])) {
-                $expire = $this->_conf['expire_options'][$_POST['expire']];
+            $selected_expire = (string) $_POST['expire'];
+            if (array_key_exists($selected_expire, $this->_conf['expire_options'])) {
+                $expire = $this->_conf['expire_options'][$selected_expire];
             } else {
                 $expire = $this->_conf['expire_options'][$this->_conf['expire']['default']];
             }
@@ -203,9 +209,9 @@ class zerobin
         if (!empty($_POST['burnafterreading']))
         {
             $burnafterreading = $_POST['burnafterreading'];
-            if ($burnafterreading != '0')
+            if ($burnafterreading !== '0')
             {
-                if ($burnafterreading != '1') $error = true;
+                if ($burnafterreading !== '1') $error = true;
                 $meta['burnafterreading'] = true;
             }
         }
@@ -214,9 +220,9 @@ class zerobin
         if ($this->_conf['main']['opendiscussion'] && !empty($_POST['opendiscussion']))
         {
             $opendiscussion = $_POST['opendiscussion'];
-            if ($opendiscussion != 0)
+            if ($opendiscussion !== '0')
             {
-                if ($opendiscussion != 1) $error = true;
+                if ($opendiscussion !== '1') $error = true;
                 $meta['opendiscussion'] = true;
             }
         }
@@ -269,8 +275,8 @@ class zerobin
             !empty($_POST['pasteid'])
         )
         {
-            $pasteid  = $_POST['pasteid'];
-            $parentid = $_POST['parentid'];
+            $pasteid  = (string) $_POST['pasteid'];
+            $parentid = (string) $_POST['parentid'];
             if (
                 !filter::is_valid_paste_id($pasteid) ||
                 !filter::is_valid_paste_id($parentid)
@@ -458,19 +464,35 @@ class zerobin
                 $key;
         }
 
-        RainTPL::$path_replace = false;
         $page = new RainTPL;
+        $page::$path_replace = false;
         // we escape it here because ENT_NOQUOTES can't be used in RainTPL templates
         $page->assign('CIPHERDATA', htmlspecialchars($this->_data, ENT_NOQUOTES));
         $page->assign('ERROR', $this->_error);
         $page->assign('STATUS', $this->_status);
         $page->assign('VERSION', self::VERSION);
-        $page->assign('BURNAFTERREADINGSELECTED', $this->_conf['main']['burnafterreadingselected']);
-        $page->assign('OPENDISCUSSION', $this->_conf['main']['opendiscussion']);
-        $page->assign('SYNTAXHIGHLIGHTING', $this->_conf['main']['syntaxhighlighting']);
+        $page->assign('OPENDISCUSSION', $this->_getMainConfig('opendiscussion', true));
+        $page->assign('SYNTAXHIGHLIGHTING', $this->_getMainConfig('syntaxhighlighting', true));
+        $page->assign('BURNAFTERREADINGSELECTED', $this->_getMainConfig('burnafterreadingselected', false));
+        $page->assign('BASE64JSVERSION', $this->_getMainConfig('base64version', '2.1.9'));
         $page->assign('EXPIRE', $expire);
         $page->assign('EXPIREDEFAULT', $this->_conf['expire']['default']);
-        $page->draw($this->_conf['main']['template']);
+        $page->draw($this->_getMainConfig('template', 'page'));
+    }
+
+    /**
+     * get configuration option from [main] section, optionally set a default
+     *
+     * @access private
+     * @param  string $option
+     * @param  mixed $default (optional)
+     * @return mixed
+     */
+    private function _getMainConfig($option, $default = false)
+    {
+        return array_key_exists($option, $this->_conf['main']) ?
+            $this->_conf['main'][$option] :
+            $default;
     }
 
     /**