fix display of v2 pastes in JS, fixing parsing of comments in PHP, avoid exposing expiration date (we provide time_to_live, would allow calculation of creation date of paste)

This commit is contained in:
El RIDO 2019-05-15 07:44:03 +02:00
parent cc1c55129f
commit 09162a3c57
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
10 changed files with 136 additions and 92 deletions

View file

@ -1621,11 +1621,11 @@ jQuery.PrivateBin = (function($, RawDeflate) {
*
* @name PasteStatus.showRemainingTime
* @function
* @param {object} pasteMetaData
* @param {object} paste
*/
me.showRemainingTime = function(pasteMetaData)
me.showRemainingTime = function(paste)
{
if (pasteMetaData.burnafterreading) {
if ((paste.adata && paste.adata[3]) || paste.meta.burnafterreading) {
// display paste "for your eyes only" if it is deleted
// the paste has been deleted when the JSON with the ciphertext
@ -1637,9 +1637,9 @@ jQuery.PrivateBin = (function($, RawDeflate) {
// discourage cloning (it cannot really be prevented)
TopNav.hideCloneButton();
} else if (pasteMetaData.expire_date) {
} else if (paste.meta.time_to_live || paste.meta.remaining_time) {
// display paste expiration
let expiration = Helper.secondsToHuman(pasteMetaData.time_to_live || pasteMetaData.remaining_time),
let expiration = Helper.secondsToHuman(paste.meta.time_to_live || paste.meta.remaining_time),
expirationLabel = [
'This document will expire in %d ' + expiration[1] + '.',
'This document will expire in %d ' + expiration[1] + 's.'
@ -2885,14 +2885,14 @@ jQuery.PrivateBin = (function($, RawDeflate) {
// set date
$commentEntry.find('span.commentdate')
.text(' (' + (new Date(comment.meta.postdate * 1000).toLocaleString()) + ')')
.text(' (' + (new Date((comment.meta.created || comment.meta.postdate) * 1000).toLocaleString()) + ')')
.attr('title', 'CommentID: ' + comment.id);
// if an avatar is available, display it
if (comment.meta.vizhash) {
if (comment.meta.icon || comment.meta.vizhash) {
$commentEntry.find('span.nickname')
.before(
'<img src="' + comment.meta.vizhash + '" class="vizhash" /> '
'<img src="' + (comment.meta.icon || comment.meta.vizhash) + '" class="vizhash" /> '
);
$(document).on('languageLoaded', function () {
$commentEntry.find('img.vizhash')
@ -4038,6 +4038,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
}
await ServerInteraction.setCipherMessage(cipherMessage).catch(Alert.showError);
ServerInteraction.run();
};
/**
@ -4246,7 +4247,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
if (paste.comments[i].hasOwnProperty('v') && paste.comments[i].v === 2) {
// version 2 comment
commentDecryptionPromises.push(
CryptTool.decipher(key, password, paste.comments[i].ct)
CryptTool.decipher(key, password, [paste.comments[i].ct, paste.comments[i].adata])
.then((commentJson) => {
const commentMessage = JSON.parse(commentJson);
return [
@ -4335,12 +4336,12 @@ jQuery.PrivateBin = (function($, RawDeflate) {
decryptionPromises.push(decryptPaste(paste, key, password))
// if the discussion is opened on this paste, display it
if (paste.meta.opendiscussion) {
if ((paste.adata && paste.adata[2]) || paste.meta.opendiscussion) {
decryptionPromises.push(decryptComments(paste, key, password));
}
// shows the remaining time (until) deletion
PasteStatus.showRemainingTime(paste.meta);
PasteStatus.showRemainingTime(paste);
Promise.all(decryptionPromises)
.then(() => {

View file

@ -44,7 +44,45 @@ describe('PasteStatus', function () {
});
jsc.property(
'shows burn after reading message or remaining time',
'shows burn after reading message or remaining time v1',
'bool',
'nat',
jsc.nearray(common.jscA2zString()),
jsc.nearray(common.jscA2zString()),
jsc.nearray(common.jscQueryString()),
'string',
function (
burnafterreading, remainingTime,
schema, address, query, fragment
) {
var clean = jsdom('', {
url: schema.join('') + '://' + address.join('') +
'/?' + query.join('') + '#' + fragment
}),
result;
$('body').html('<div id="remainingtime" class="hidden"></div>');
$.PrivateBin.PasteStatus.init();
$.PrivateBin.PasteStatus.showRemainingTime({'meta': {
'burnafterreading': burnafterreading,
'remaining_time': remainingTime
}});
if (burnafterreading) {
result = $('#remainingtime').hasClass('foryoureyesonly') &&
!$('#remainingtime').hasClass('hidden');
} else if (remainingTime) {
result =!$('#remainingtime').hasClass('foryoureyesonly') &&
!$('#remainingtime').hasClass('hidden');
} else {
result = $('#remainingtime').hasClass('hidden') &&
!$('#remainingtime').hasClass('foryoureyesonly');
}
clean();
return result;
}
);
jsc.property(
'shows burn after reading message or remaining time v2',
'bool',
'nat',
jsc.nearray(common.jscA2zString()),
@ -63,9 +101,10 @@ describe('PasteStatus', function () {
$('body').html('<div id="remainingtime" class="hidden"></div>');
$.PrivateBin.PasteStatus.init();
$.PrivateBin.PasteStatus.showRemainingTime({
'burnafterreading': burnafterreading,
'remaining_time': remainingTime,
'expire_date': remainingTime ? ((new Date()).getTime() / 1000) + remainingTime : 0
'adata': [null, null, null, burnafterreading],
'meta': {
'time_to_live': remainingTime
}
});
if (burnafterreading) {
result = $('#remainingtime').hasClass('foryoureyesonly') &&

View file

@ -213,7 +213,7 @@ class Controller
array_key_exists('parentid', $data) &&
!empty($data['parentid']);
if (!FormatV2::isValid($data, $isComment)) {
return $this->_return_message(1, 'Invalid data.');
return $this->_return_message(1, I18n::_('Invalid data.'));
}
$sizelimit = $this->_conf->getKey('sizelimit');
// Ensure content is not too big.
@ -240,7 +240,7 @@ class Controller
}
$this->_return_message(0, $comment->getId());
} else {
$this->_return_message(1, 'Invalid data.');
$this->_return_message(1, I18n::_('Invalid data.'));
}
}
// The user posts a standard paste.

View file

@ -52,13 +52,15 @@ class FormatV2
}
}
$cipherParams = $isComment ? $message['adata'] : $message['adata'][0];
// Make sure some fields are base64 data:
// - initialization vector
if (!base64_decode($message['adata'][0][0], true)) {
if (!base64_decode($cipherParams[0], true)) {
return false;
}
// - salt
if (!base64_decode($message['adata'][0][1], true)) {
if (!base64_decode($cipherParams[1], true)) {
return false;
}
// - cipher text
@ -68,11 +70,11 @@ class FormatV2
// Make sure some fields have a reasonable size:
// - initialization vector
if (strlen($message['adata'][0][0]) > 24) {
if (strlen($cipherParams[0]) > 24) {
return false;
}
// - salt
if (strlen($message['adata'][0][1]) > 14) {
if (strlen($cipherParams[1]) > 14) {
return false;
}
@ -82,27 +84,27 @@ class FormatV2
return false;
}
// - iterations, refuse less then 10000 iterations (minimum NIST recommendation)
if (!is_int($message['adata'][0][2]) || $message['adata'][0][2] <= 10000) {
if (!is_int($cipherParams[2]) || $cipherParams[2] <= 10000) {
return false;
}
// - key size
if (!in_array($message['adata'][0][3], array(128, 192, 256), true)) {
if (!in_array($cipherParams[3], array(128, 192, 256), true)) {
return false;
}
// - tag size
if (!in_array($message['adata'][0][4], array(64, 96, 128), true)) {
if (!in_array($cipherParams[4], array(64, 96, 128), true)) {
return false;
}
// - algorithm, must be AES
if ($message['adata'][0][5] !== 'aes') {
if ($cipherParams[5] !== 'aes') {
return false;
}
// - mode
if (!in_array($message['adata'][0][6], array('ctr', 'cbc', 'gcm'), true)) {
if (!in_array($cipherParams[6], array('ctr', 'cbc', 'gcm'), true)) {
return false;
}
// - compression
if (!in_array($message['adata'][0][7], array('zlib', 'none'), true)) {
if (!in_array($cipherParams[7], array('zlib', 'none'), true)) {
return false;
}

View file

@ -45,6 +45,7 @@ class Paste extends AbstractModel
}
// We kindly provide the remaining time before expiration (in seconds)
$data['meta']['time_to_live'] = $data['meta']['expire_date'] - time();
unset($data['meta']['expire_date']);
}
// check if non-expired burn after reading paste needs to be deleted

View file

@ -71,7 +71,7 @@ if ($MARKDOWN):
endif;
?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-YCn+cUn5IWzAnD+URrUMfDVZ9SjPtPw//qVIYf7ZIMxmh+oODCN/NbZq30K/8ldA1Al0udP5RQg4PyE6j6wdBQ==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-h1C1N6TZ+iqfDWbftNalmtkkjmOfeFM7UB5ozNkH7zvaE4LkyCxhpvMGLObFycpCdA0W7VF8nVoLhRkRTmrQmg==" crossorigin="anonymous"></script>
<!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]-->

View file

@ -49,7 +49,7 @@ if ($MARKDOWN):
endif;
?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-YCn+cUn5IWzAnD+URrUMfDVZ9SjPtPw//qVIYf7ZIMxmh+oODCN/NbZq30K/8ldA1Al0udP5RQg4PyE6j6wdBQ==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-h1C1N6TZ+iqfDWbftNalmtkkjmOfeFM7UB5ozNkH7zvaE4LkyCxhpvMGLObFycpCdA0W7VF8nVoLhRkRTmrQmg==" crossorigin="anonymous"></script>
<!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]-->

View file

@ -192,6 +192,7 @@ class Helper
{
$example = $version === 1 ? self::$commentV1 : self::$pasteV2;
if ($version === 2) {
$example['adata'] = $example['adata'][0];
$example['pasteid'] = $example['parentid'] = self::getPasteId();
$example['meta']['created'] = self::$commentV1['meta']['postdate'];
$example['meta']['icon'] = self::$commentV1['meta']['vizhash'];

View file

@ -8,7 +8,7 @@ use PrivateBin\Request;
class ControllerTest extends PHPUnit_Framework_TestCase
{
protected $_model;
protected $_data;
protected $_path;
@ -16,7 +16,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
{
/* Setup Routine */
$this->_path = sys_get_temp_dir() . DIRECTORY_SEPARATOR . 'privatebin_data';
$this->_model = Filesystem::getInstance(array('dir' => $this->_path));
$this->_data = Filesystem::getInstance(array('dir' => $this->_path));
$this->reset();
}
@ -33,8 +33,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$_POST = array();
$_GET = array();
$_SERVER = array();
if ($this->_model->exists(Helper::getPasteId())) {
$this->_model->delete(Helper::getPasteId());
if ($this->_data->exists(Helper::getPasteId())) {
$this->_data->delete(Helper::getPasteId());
}
$options = parse_ini_file(CONF_SAMPLE, true);
$options['purge']['dir'] = $this->_path;
@ -180,8 +180,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
$paste = $this->_model->read($response['id']);
$this->assertTrue($this->_data->exists($response['id']), 'paste exists after posting data');
$paste = $this->_data->read($response['id']);
$this->assertEquals(
hash_hmac('sha256', $response['id'], $paste['meta']['salt']),
$response['deletetoken'],
@ -211,8 +211,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
$paste = $this->_model->read($response['id']);
$this->assertTrue($this->_data->exists($response['id']), 'paste exists after posting data');
$paste = $this->_data->read($response['id']);
$this->assertEquals(
hash_hmac('sha256', $response['id'], $paste['meta']['salt']),
$response['deletetoken'],
@ -242,7 +242,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data');
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste exists after posting data');
}
/**
@ -267,8 +267,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
$paste = $this->_model->read($response['id']);
$this->assertTrue($this->_data->exists($response['id']), 'paste exists after posting data');
$paste = $this->_data->read($response['id']);
$this->assertEquals(
hash_hmac('sha256', $response['id'], $paste['meta']['salt']),
$response['deletetoken'],
@ -284,7 +284,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
$this->_data->create(Helper::getPasteId(), Helper::getPaste());
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
@ -298,7 +298,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data');
$this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists after posting data');
}
/**
@ -323,8 +323,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
$paste = $this->_model->read($response['id']);
$this->assertTrue($this->_data->exists($response['id']), 'paste exists after posting data');
$paste = $this->_data->read($response['id']);
$this->assertEquals(
hash_hmac('sha256', $response['id'], $paste['meta']['salt']),
$response['deletetoken'],
@ -355,8 +355,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
$paste = $this->_model->read($response['id']);
$this->assertTrue($this->_data->exists($response['id']), 'paste exists after posting data');
$paste = $this->_data->read($response['id']);
$this->assertEquals(
hash_hmac('sha256', $response['id'], $paste['meta']['salt']),
$response['deletetoken'],
@ -387,8 +387,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
$paste = $this->_model->read($response['id']);
$this->assertTrue($this->_data->exists($response['id']), 'paste exists after posting data');
$paste = $this->_data->read($response['id']);
$this->assertEquals(
hash_hmac('sha256', $response['id'], $paste['meta']['salt']),
$response['deletetoken'],
@ -418,7 +418,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data');
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste exists after posting data');
}
/**
@ -443,7 +443,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data');
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste exists after posting data');
}
/**
@ -463,9 +463,9 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste does not exists before posting data');
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste does not exists before posting data');
new Controller;
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data');
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste exists after posting data');
}
/**
@ -483,14 +483,14 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_start();
new Controller;
ob_end_clean();
$this->_model->delete(Helper::getPasteId());
$this->_data->delete(Helper::getPasteId());
ob_start();
new Controller;
$content = ob_get_contents();
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data');
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste exists after posting data');
}
/**
@ -508,14 +508,14 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
$this->_data->create(Helper::getPasteId(), Helper::getPaste());
ob_start();
new Controller;
$content = ob_get_contents();
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status');
$this->assertTrue($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), $response['id']), 'paste exists after posting data');
$this->assertTrue($this->_data->existsComment(Helper::getPasteId(), Helper::getPasteId(), $response['id']), 'paste exists after posting data');
}
/**
@ -534,14 +534,14 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
$this->_data->create(Helper::getPasteId(), Helper::getPaste());
ob_start();
new Controller;
$content = ob_get_contents();
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertFalse($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'paste exists after posting data');
$this->assertFalse($this->_data->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'paste exists after posting data');
}
/**
@ -561,14 +561,14 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$_SERVER['REMOTE_ADDR'] = '::1';
$paste = Helper::getPaste();
$paste['adata'][2] = 0;
$this->_model->create(Helper::getPasteId(), $paste);
$this->_data->create(Helper::getPasteId(), $paste);
ob_start();
new Controller;
$content = ob_get_contents();
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertFalse($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'paste exists after posting data');
$this->assertFalse($this->_data->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'paste exists after posting data');
}
/**
@ -592,7 +592,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertFalse($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'paste exists after posting data');
$this->assertFalse($this->_data->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'paste exists after posting data');
}
/**
@ -603,9 +603,9 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
$this->_model->createComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId(), Helper::getComment());
$this->assertTrue($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId()), 'comment exists before posting data');
$this->_data->create(Helper::getPasteId(), Helper::getPaste());
$this->_data->createComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId(), Helper::getComment());
$this->assertTrue($this->_data->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId()), 'comment exists before posting data');
$comment = Helper::getCommentJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $comment);
@ -619,7 +619,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertTrue($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId()), 'paste exists after posting data');
$this->assertTrue($this->_data->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId()), 'paste exists after posting data');
}
/**
@ -662,7 +662,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
public function testReadExpired()
{
$expiredPaste = Helper::getPaste(2, array('expire_date' => 1344803344));
$this->_model->create(Helper::getPasteId(), $expiredPaste);
$this->_data->create(Helper::getPasteId(), $expiredPaste);
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
@ -682,7 +682,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
{
$paste = Helper::getPaste();
$paste['adata'][3] = 1;
$this->_model->create(Helper::getPasteId(), $paste);
$this->_data->create(Helper::getPasteId(), $paste);
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
@ -702,7 +702,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$this->assertEquals(0, $response['comment_count'], 'outputs comment_count correctly');
$this->assertEquals(0, $response['comment_offset'], 'outputs comment_offset correctly');
// by default it will be deleted instantly after it is read
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after reading');
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste exists after reading');
}
/**
@ -711,7 +711,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
public function testReadJson()
{
$paste = Helper::getPaste();
$this->_model->create(Helper::getPasteId(), $paste);
$this->_data->create(Helper::getPasteId(), $paste);
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
@ -743,7 +743,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
'postdate' => $paste['meta']['postdate'],
'opendiscussion' => $paste['meta']['opendiscussion'],
);
$this->_model->create(Helper::getPasteId(), $paste);
$this->_data->create(Helper::getPasteId(), $paste);
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
@ -770,8 +770,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
{
$burnPaste = Helper::getPaste();
$burnPaste['adata'][3] = 1;
$this->_model->create(Helper::getPasteId(), $burnPaste);
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
$this->_data->create(Helper::getPasteId(), $burnPaste);
$this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists before deleting data');
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
@ -781,7 +781,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(0, $response['status'], 'outputs status');
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste successfully deleted');
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste successfully deleted');
}
/**
@ -789,9 +789,9 @@ class ControllerTest extends PHPUnit_Framework_TestCase
*/
public function testDelete()
{
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
$paste = $this->_model->read(Helper::getPasteId());
$this->_data->create(Helper::getPasteId(), Helper::getPaste());
$this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists before deleting data');
$paste = $this->_data->read(Helper::getPasteId());
$_GET['pasteid'] = Helper::getPasteId();
$_GET['deletetoken'] = hash_hmac('sha256', Helper::getPasteId(), $paste['meta']['salt']);
ob_start();
@ -803,7 +803,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$content,
'outputs deleted status correctly'
);
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste successfully deleted');
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste successfully deleted');
}
/**
@ -811,7 +811,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
*/
public function testDeleteInvalidId()
{
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
$this->_data->create(Helper::getPasteId(), Helper::getPaste());
$_GET['pasteid'] = 'foo';
$_GET['deletetoken'] = 'bar';
ob_start();
@ -823,7 +823,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$content,
'outputs delete error correctly'
);
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists after failing to delete data');
$this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists after failing to delete data');
}
/**
@ -849,7 +849,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
*/
public function testDeleteInvalidToken()
{
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
$this->_data->create(Helper::getPasteId(), Helper::getPaste());
$_GET['pasteid'] = Helper::getPasteId();
$_GET['deletetoken'] = 'bar';
ob_start();
@ -861,7 +861,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$content,
'outputs delete error correctly'
);
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists after failing to delete data');
$this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists after failing to delete data');
}
/**
@ -869,8 +869,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
*/
public function testDeleteInvalidBurnAfterReading()
{
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
$this->_data->create(Helper::getPasteId(), Helper::getPaste());
$this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists before deleting data');
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, json_encode(array(
'deletetoken' => 'burnafterreading',
@ -886,7 +886,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs status');
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists after failing to delete data');
$this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists after failing to delete data');
}
/**
@ -895,9 +895,9 @@ class ControllerTest extends PHPUnit_Framework_TestCase
public function testDeleteExpired()
{
$expiredPaste = Helper::getPaste(2, array('expire_date' => 1000));
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste does not exist before being created');
$this->_model->create(Helper::getPasteId(), $expiredPaste);
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste does not exist before being created');
$this->_data->create(Helper::getPasteId(), $expiredPaste);
$this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists before deleting data');
$_GET['pasteid'] = Helper::getPasteId();
$_GET['deletetoken'] = 'does not matter in this context, but has to be set';
ob_start();
@ -909,7 +909,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$content,
'outputs error correctly'
);
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste successfully deleted');
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste successfully deleted');
}
/**
@ -919,8 +919,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
{
$paste = Helper::getPaste();
unset($paste['meta']['salt']);
$this->_model->create(Helper::getPasteId(), $paste);
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
$this->_data->create(Helper::getPasteId(), $paste);
$this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists before deleting data');
$_GET['pasteid'] = Helper::getPasteId();
$_GET['deletetoken'] = hash_hmac('sha256', Helper::getPasteId(), ServerSalt::get());
ob_start();
@ -932,6 +932,6 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$content,
'outputs deleted status correctly'
);
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste successfully deleted');
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste successfully deleted');
}
}

View file

@ -23,7 +23,7 @@ class ControllerWithDbTest extends ControllerTest
mkdir($this->_path);
}
$this->_options['dsn'] = 'sqlite:' . $this->_path . DIRECTORY_SEPARATOR . 'tst.sq3';
$this->_model = Database::getInstance($this->_options);
$this->_data = Database::getInstance($this->_options);
$this->reset();
}