george/PrivateBin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

implementing request refactoring, beginning JS changes for JSON API, but

Browse Source 
discovered that DELETE and PUT are not available on all webservers by
default
This commit is contained in:
El RIDO
2015-09-27 20:34:39 +02:00
parent 6b7dc44039
commit 7ec94e0db5
5 changed files with 340 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

160
lib/request.php Normal file
View File

@@ -0,0 +1,160 @@
<?php
/**
* ZeroBin
*
* a zero-knowledge paste bin
*
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 0.21.1
*/
/**
* request
*
* parses request parameters and provides helper functions for routing
*/
class request
{
/**
* Input stream to use for PUT parameter parsing.
*
* @access private
* @var string
*/
private $_inputStream = 'php://input';
/**
* Operation to perform.
*
* @access private
* @var string
*/
private $_operation = 'view';
/**
* Request parameters.
*
* @access private
* @var array
*/
private $_params = array();
/**
* If we are in a JSON API context.
*
* @access private
* @var bool
*/
private $_isJsonApi = false;
/**
* Constructor.
*
* @access public
* @return void
*/
public function __construct()
{
// in case stupid admin has left magic_quotes enabled in php.ini (for PHP < 5.4)
if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
{
$_POST = array_map('filter::stripslashes_deep', $_POST);
$_GET = array_map('filter::stripslashes_deep', $_GET);
$_COOKIE = array_map('filter::stripslashes_deep', $_COOKIE);
}
// decide if we are in JSON API or HTML context
if (
(array_key_exists('HTTP_X_REQUESTED_WITH', $_SERVER) &&
$_SERVER['HTTP_X_REQUESTED_WITH'] == 'JSONHttpRequest') ||
(array_key_exists('HTTP_ACCEPT', $_SERVER) &&
strpos($_SERVER['HTTP_ACCEPT'], 'application/json') !== false)
)
{
$this->_isJsonApi = true;
}
// parse parameters, depending on request type
switch (array_key_exists('REQUEST_METHOD', $_SERVER) ? $_SERVER['REQUEST_METHOD'] : 'GET')
{
case 'PUT':
parse_str(file_get_contents($this->_inputStream), $this->_params);
break;
case 'POST':
$this->_params = $_POST;
break;
default:
$this->_params = $_GET;
}
// prepare paremeters, depending on current operation
if (
(array_key_exists('data', $this->_params) && !empty($this->_params['data'])) ||
(array_key_exists('attachment', $this->_params) && !empty($this->_params['attachment']))
)
{
$this->_operation = 'create';
}
elseif (
array_key_exists('pasteid', $this->_params) && !empty($this->_params['pasteid']) &&
array_key_exists('deletetoken', $this->_params) && !empty($this->_params['deletetoken'])
)
{
$this->_operation = 'delete';
}
// display an existing paste
elseif (array_key_exists('QUERY_STRING', $_SERVER) && !empty($_SERVER['QUERY_STRING']))
{
$this->_operation = 'read';
$this->_params['pasteid'] = $_SERVER['QUERY_STRING'];
}
}
/**
* Get current operation.
*
* @access public
* @return string
*/
public function getOperation()
{
return $this->_operation;
}
/**
* Get a request parameter.
*
* @access public
* @param string $param
* @param string $default
* @return string
*/
public function getParam($param, $default = '')
{
return array_key_exists($param, $this->_params) ? $this->_params[$param] : $default;
}
/**
* If we are in a JSON API context.
*
* @access public
* @return bool
*/
public function isJsonApiCall()
{
return $this->_isJsonApi;
}
/**
* Override the default input stream source
*
* @param unknown $input
*/
public function setInputStream($input)
{
$this->_inputStream = $input;
$this->__construct();
}
}

100
lib/zerobin.php
View File

@@ -87,6 +87,14 @@ class zerobin
*/
private $_model;
/**
* request
*
* @access private
* @var request
*/
private $_request;
/**
* constructor
*
@@ -102,38 +110,27 @@ class zerobin
throw new Exception(i18n::_('ZeroBin requires php 5.2.6 or above to work. Sorry.'), 1);
}
// in case stupid admin has left magic_quotes enabled in php.ini
if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
{
$_POST = array_map('filter::stripslashes_deep', $_POST);
$_GET = array_map('filter::stripslashes_deep', $_GET);
$_COOKIE = array_map('filter::stripslashes_deep', $_COOKIE);
}
// load config from ini file
$this->_init();
// create new paste or comment
if (
(array_key_exists('data', $_POST) && !empty($_POST['data'])) ||
(array_key_exists('attachment', $_POST) && !empty($_POST['attachment']))
)
switch ($this->_request->getOperation())
{
$this->_create();
}
// delete an existing paste
elseif (!empty($_GET['deletetoken']) && !empty($_GET['pasteid']))
{
$this->_delete($_GET['pasteid'], $_GET['deletetoken']);
}
// display an existing paste
elseif (!empty($_SERVER['QUERY_STRING']))
{
$this->_read($_SERVER['QUERY_STRING']);
case 'create':
$this->_create();
break;
case 'delete':
$this->_delete(
$this->_request->getParam('pasteid'),
$this->_request->getParam('deletetoken')
);
break;
case 'read':
$this->_read($this->_request->getParam('pasteid'));
break;
}
// output JSON or HTML
if (strlen($this->_json))
if ($this->_request->isJsonApiCall())
{
header('Content-type: application/json');
echo $this->_json;
@@ -164,6 +161,7 @@ class zerobin
$this->_conf = new configuration;
$this->_model = new model($this->_conf);
$this->_request = new request;
}
/**
@@ -199,11 +197,9 @@ class zerobin
)
);
$has_attachment = array_key_exists('attachment', $_POST);
$has_attachmentname = $has_attachment && array_key_exists('attachmentname', $_POST) && !empty($_POST['attachmentname']);
$data = array_key_exists('data', $_POST) ? $_POST['data'] : '';
$attachment = $has_attachment ? $_POST['attachment'] : '';
$attachmentname = $has_attachmentname ? $_POST['attachmentname'] : '';
$data = $this->_request->getParam('data');
$attachment = $this->_request->getParam('attachment');
$attachmentname = $this->_request->getParam('attachmentname');
// Ensure content is not too big.
$sizelimit = $this->_conf->getKey('sizelimit');
@@ -218,18 +214,17 @@ class zerobin
);
// The user posts a comment.
if (
array_key_exists('parentid', $_POST) && !empty($_POST['parentid']) &&
array_key_exists('pasteid', $_POST) && !empty($_POST['pasteid'])
)
$pasteid = $this->_request->getParam('pasteid');
$parentid = $this->_request->getParam('parentid');
if (!empty($pasteid) && !empty($parentid))
{
$paste = $this->_model->getPaste($_POST['pasteid']);
$paste = $this->_model->getPaste($pasteid);
if ($paste->exists()) {
try {
$comment = $paste->getComment($_POST['parentid']);
$comment = $paste->getComment($parentid);
if (array_key_exists('nickname', $_POST) && !empty($_POST['nickname'])
) $comment->setNickname($_POST['nickname']);
$nickname = $this->_request->getParam('nickname');
if (!empty($nickname)) $comment->setNickname($nickname);
$comment->setData($data);
$comment->store();
@@ -248,24 +243,24 @@ class zerobin
{
$paste = $this->_model->getPaste();
try {
if ($has_attachment)
if (!empty($attachment))
{
$paste->setAttachment($attachment);
if ($has_attachmentname)
if (!empty($attachmentname))
$paste->setAttachmentName($attachmentname);
}
if (array_key_exists('expire', $_POST) && !empty($_POST['expire'])
) $paste->setExpiration($_POST['expire']);
$expire = $this->_request->getParam('expire');
if (!empty($expire)) $paste->setExpiration($expire);
if (array_key_exists('burnafterreading', $_POST) && !empty($_POST['burnafterreading'])
) $paste->setBurnafterreading($_POST['burnafterreading']);
$burnafterreading = $this->_request->getParam('burnafterreading');
if (!empty($burnafterreading)) $paste->setBurnafterreading($burnafterreading);
if (array_key_exists('opendiscussion', $_POST) && !empty($_POST['opendiscussion'])
) $paste->setOpendiscussion($_POST['opendiscussion']);
$opendiscussion = $this->_request->getParam('opendiscussion');
if (!empty($opendiscussion)) $paste->setOpendiscussion($opendiscussion);
if (array_key_exists('formatter', $_POST) && !empty($_POST['formatter'])
) $paste->setFormatter($_POST['formatter']);
$formatter = $this->_request->getParam('formatter');
if (!empty($formatter)) $paste->setFormatter($formatter);
$paste->setData($data);
$paste->store();
@@ -339,12 +334,6 @@ class zerobin
*/
private function _read($dataid)
{
$isJson = false;
if (($pos = strpos($dataid, '&json')) !== false) {
$isJson = true;
$dataid = substr($dataid, 0, $pos);
}
try {
$paste = $this->_model->getPaste($dataid);
if ($paste->exists())
@@ -362,10 +351,9 @@ class zerobin
}
} catch (Exception $e) {
$this->_error = $e->getMessage();
return;
}
if ($isJson)
if ($this->_request->isJsonApiCall())
{
if (strlen($this->_error))
{