updated base64.js to version 2.1.9, using minified version found at

9192c510f5/base64.min.js
kudos Dan Kogai

small improvements to input checking
implementing default values for most configuration options
switching to versioned JS files to avoid version hack used in template
This commit is contained in:
El RIDO 2015-08-16 12:27:06 +02:00
parent 7bc8c14df6
commit 49c6e3c1b6
9 changed files with 62 additions and 33 deletions

View file

@ -8,21 +8,25 @@
; @version 0.18 ; @version 0.18
[main] [main]
; enable or disable discussions ; enable or disable discussions, defaults to true
opendiscussion = true opendiscussion = true
; enable or disable syntax highlighting ; enable or disable syntax highlighting, defaults to true
syntaxhighlighting = true syntaxhighlighting = true
; preselect the burn-after-reading feature by default ; preselect the burn-after-reading feature by default, defaults to false
burnafterreadingselected = false burnafterreadingselected = false
; size limit per paste or comment in bytes, default is 2 Mibibytes ; size limit per paste or comment in bytes, defaults to 2 Mibibytes
sizelimit = 2097152 sizelimit = 2097152
; template to include, default is "page" (tpl/page.html) ; template to include, default is "page" (tpl/page.html)
template = "page" template = "page"
; base64.js library version, defaults to 2.1.9
; use "1.7" if you are upgrading from a ZeroBin Alpha 0.19 installation
base64version = "2.1.9"
[expire] [expire]
; expire value that is selected per default ; expire value that is selected per default
; make sure the value exists in [expire_options] ; make sure the value exists in [expire_options]

1
js/base64-2.1.9.js Normal file
View file

@ -0,0 +1 @@
(function(global){"use strict";var _Base64=global.Base64;var version="2.1.9";var buffer;if(typeof module!=="undefined"&&module.exports){try{buffer=require("buffer").Buffer}catch(err){}}var b64chars="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";var b64tab=function(bin){var t={};for(var i=0,l=bin.length;i<l;i++)t[bin.charAt(i)]=i;return t}(b64chars);var fromCharCode=String.fromCharCode;var cb_utob=function(c){if(c.length<2){var cc=c.charCodeAt(0);return cc<128?c:cc<2048?fromCharCode(192|cc>>>6)+fromCharCode(128|cc&63):fromCharCode(224|cc>>>12&15)+fromCharCode(128|cc>>>6&63)+fromCharCode(128|cc&63)}else{var cc=65536+(c.charCodeAt(0)-55296)*1024+(c.charCodeAt(1)-56320);return fromCharCode(240|cc>>>18&7)+fromCharCode(128|cc>>>12&63)+fromCharCode(128|cc>>>6&63)+fromCharCode(128|cc&63)}};var re_utob=/[\uD800-\uDBFF][\uDC00-\uDFFFF]|[^\x00-\x7F]/g;var utob=function(u){return u.replace(re_utob,cb_utob)};var cb_encode=function(ccc){var padlen=[0,2,1][ccc.length%3],ord=ccc.charCodeAt(0)<<16|(ccc.length>1?ccc.charCodeAt(1):0)<<8|(ccc.length>2?ccc.charCodeAt(2):0),chars=[b64chars.charAt(ord>>>18),b64chars.charAt(ord>>>12&63),padlen>=2?"=":b64chars.charAt(ord>>>6&63),padlen>=1?"=":b64chars.charAt(ord&63)];return chars.join("")};var btoa=global.btoa?function(b){return global.btoa(b)}:function(b){return b.replace(/[\s\S]{1,3}/g,cb_encode)};var _encode=buffer?function(u){return(u.constructor===buffer.constructor?u:new buffer(u)).toString("base64")}:function(u){return btoa(utob(u))};var encode=function(u,urisafe){return!urisafe?_encode(String(u)):_encode(String(u)).replace(/[+\/]/g,function(m0){return m0=="+"?"-":"_"}).replace(/=/g,"")};var encodeURI=function(u){return encode(u,true)};var re_btou=new RegExp(["[À-ß][€-¿]","[à-ï][€-¿]{2}","[ð-÷][€-¿]{3}"].join("|"),"g");var cb_btou=function(cccc){switch(cccc.length){case 4:var cp=(7&cccc.charCodeAt(0))<<18|(63&cccc.charCodeAt(1))<<12|(63&cccc.charCodeAt(2))<<6|63&cccc.charCodeAt(3),offset=cp-65536;return fromCharCode((offset>>>10)+55296)+fromCharCode((offset&1023)+56320);case 3:return fromCharCode((15&cccc.charCodeAt(0))<<12|(63&cccc.charCodeAt(1))<<6|63&cccc.charCodeAt(2));default:return fromCharCode((31&cccc.charCodeAt(0))<<6|63&cccc.charCodeAt(1))}};var btou=function(b){return b.replace(re_btou,cb_btou)};var cb_decode=function(cccc){var len=cccc.length,padlen=len%4,n=(len>0?b64tab[cccc.charAt(0)]<<18:0)|(len>1?b64tab[cccc.charAt(1)]<<12:0)|(len>2?b64tab[cccc.charAt(2)]<<6:0)|(len>3?b64tab[cccc.charAt(3)]:0),chars=[fromCharCode(n>>>16),fromCharCode(n>>>8&255),fromCharCode(n&255)];chars.length-=[0,0,2,1][padlen];return chars.join("")};var atob=global.atob?function(a){return global.atob(a)}:function(a){return a.replace(/[\s\S]{1,4}/g,cb_decode)};var _decode=buffer?function(a){return(a.constructor===buffer.constructor?a:new buffer(a,"base64")).toString()}:function(a){return btou(atob(a))};var decode=function(a){return _decode(String(a).replace(/[-_]/g,function(m0){return m0=="-"?"+":"/"}).replace(/[^A-Za-z0-9\+\/]/g,""))};var noConflict=function(){var Base64=global.Base64;global.Base64=_Base64;return Base64};global.Base64={VERSION:version,atob:atob,btoa:btoa,fromBase64:decode,toBase64:encode,utob:utob,encode:encode,encodeURI:encodeURI,btou:btou,decode:decode,noConflict:noConflict};if(typeof Object.defineProperty==="function"){var noEnum=function(v){return{value:v,enumerable:false,writable:true,configurable:true}};global.Base64.extendString=function(){Object.defineProperty(String.prototype,"fromBase64",noEnum(function(){return decode(this)}));Object.defineProperty(String.prototype,"toBase64",noEnum(function(urisafe){return encode(this,urisafe)}));Object.defineProperty(String.prototype,"toBase64URI",noEnum(function(){return encode(this,true)}))}}if(global["Meteor"]){Base64=global.Base64}})(this);

View file

View file

@ -87,7 +87,8 @@ abstract class persistence
file_put_contents( file_put_contents(
$file, $file,
'Allow from none' . PHP_EOL . 'Allow from none' . PHP_EOL .
'Deny from all'. PHP_EOL 'Deny from all'. PHP_EOL,
LOCK_EX
); );
} }
} }

View file

@ -110,11 +110,17 @@ class zerobin
if (!is_file(PATH . $dir . '/.htaccess')) file_put_contents( if (!is_file(PATH . $dir . '/.htaccess')) file_put_contents(
PATH . $dir . '/.htaccess', PATH . $dir . '/.htaccess',
'Allow from none' . PHP_EOL . 'Allow from none' . PHP_EOL .
'Deny from all'. PHP_EOL 'Deny from all'. PHP_EOL,
LOCK_EX
); );
} }
$this->_conf = parse_ini_file(PATH . 'cfg/conf.ini', true); $this->_conf = parse_ini_file(PATH . 'cfg/conf.ini', true);
foreach (array('main', 'model') as $section) {
if (!array_key_exists($section, $this->_conf)) die(
"ZeroBin requires configuration section [$section] to be present in configuration file."
);
}
$this->_model = $this->_conf['model']['class']; $this->_model = $this->_conf['model']['class'];
} }
@ -171,14 +177,13 @@ class zerobin
); );
// Make sure content is not too big. // Make sure content is not too big.
$sizelimit = (int) $this->_getMainConfig('sizelimit', 2097152);
if ( if (
strlen($data) > $this->_conf['main']['sizelimit'] strlen($data) > $sizelimit
) $this->_return_message( ) $this->_return_message(
1, 1,
'Paste is limited to ' . 'Paste is limited to ' .
$this->_conf['main']['sizelimit'] . filter::size_humanreadable($sizelimit) .
' ' .
filter::size_humanreadable($this->_conf['main']['sizelimit']) .
' of encrypted data.' ' of encrypted data.'
); );
@ -191,8 +196,9 @@ class zerobin
// Read expiration date // Read expiration date
if (!empty($_POST['expire'])) if (!empty($_POST['expire']))
{ {
if (array_key_exists($_POST['expire'], $this->_conf['expire_options'])) { $selected_expire = (string) $_POST['expire'];
$expire = $this->_conf['expire_options'][$_POST['expire']]; if (array_key_exists($selected_expire, $this->_conf['expire_options'])) {
$expire = $this->_conf['expire_options'][$selected_expire];
} else { } else {
$expire = $this->_conf['expire_options'][$this->_conf['expire']['default']]; $expire = $this->_conf['expire_options'][$this->_conf['expire']['default']];
} }
@ -203,9 +209,9 @@ class zerobin
if (!empty($_POST['burnafterreading'])) if (!empty($_POST['burnafterreading']))
{ {
$burnafterreading = $_POST['burnafterreading']; $burnafterreading = $_POST['burnafterreading'];
if ($burnafterreading != '0') if ($burnafterreading !== '0')
{ {
if ($burnafterreading != '1') $error = true; if ($burnafterreading !== '1') $error = true;
$meta['burnafterreading'] = true; $meta['burnafterreading'] = true;
} }
} }
@ -214,9 +220,9 @@ class zerobin
if ($this->_conf['main']['opendiscussion'] && !empty($_POST['opendiscussion'])) if ($this->_conf['main']['opendiscussion'] && !empty($_POST['opendiscussion']))
{ {
$opendiscussion = $_POST['opendiscussion']; $opendiscussion = $_POST['opendiscussion'];
if ($opendiscussion != 0) if ($opendiscussion !== '0')
{ {
if ($opendiscussion != 1) $error = true; if ($opendiscussion !== '1') $error = true;
$meta['opendiscussion'] = true; $meta['opendiscussion'] = true;
} }
} }
@ -269,8 +275,8 @@ class zerobin
!empty($_POST['pasteid']) !empty($_POST['pasteid'])
) )
{ {
$pasteid = $_POST['pasteid']; $pasteid = (string) $_POST['pasteid'];
$parentid = $_POST['parentid']; $parentid = (string) $_POST['parentid'];
if ( if (
!filter::is_valid_paste_id($pasteid) || !filter::is_valid_paste_id($pasteid) ||
!filter::is_valid_paste_id($parentid) !filter::is_valid_paste_id($parentid)
@ -458,19 +464,35 @@ class zerobin
$key; $key;
} }
RainTPL::$path_replace = false;
$page = new RainTPL; $page = new RainTPL;
$page::$path_replace = false;
// we escape it here because ENT_NOQUOTES can't be used in RainTPL templates // we escape it here because ENT_NOQUOTES can't be used in RainTPL templates
$page->assign('CIPHERDATA', htmlspecialchars($this->_data, ENT_NOQUOTES)); $page->assign('CIPHERDATA', htmlspecialchars($this->_data, ENT_NOQUOTES));
$page->assign('ERROR', $this->_error); $page->assign('ERROR', $this->_error);
$page->assign('STATUS', $this->_status); $page->assign('STATUS', $this->_status);
$page->assign('VERSION', self::VERSION); $page->assign('VERSION', self::VERSION);
$page->assign('BURNAFTERREADINGSELECTED', $this->_conf['main']['burnafterreadingselected']); $page->assign('OPENDISCUSSION', $this->_getMainConfig('opendiscussion', true));
$page->assign('OPENDISCUSSION', $this->_conf['main']['opendiscussion']); $page->assign('SYNTAXHIGHLIGHTING', $this->_getMainConfig('syntaxhighlighting', true));
$page->assign('SYNTAXHIGHLIGHTING', $this->_conf['main']['syntaxhighlighting']); $page->assign('BURNAFTERREADINGSELECTED', $this->_getMainConfig('burnafterreadingselected', false));
$page->assign('BASE64JSVERSION', $this->_getMainConfig('base64version', '2.1.9'));
$page->assign('EXPIRE', $expire); $page->assign('EXPIRE', $expire);
$page->assign('EXPIREDEFAULT', $this->_conf['expire']['default']); $page->assign('EXPIREDEFAULT', $this->_conf['expire']['default']);
$page->draw($this->_conf['main']['template']); $page->draw($this->_getMainConfig('template', 'page'));
}
/**
* get configuration option from [main] section, optionally set a default
*
* @access private
* @param string $option
* @param mixed $default (optional)
* @return mixed
*/
private function _getMainConfig($option, $default = false)
{
return array_key_exists($option, $this->_conf['main']) ?
$this->_conf['main'][$option] :
$default;
} }
/** /**

View file

@ -4,15 +4,15 @@
<meta charset="utf-8" /> <meta charset="utf-8" />
<meta name="robots" content="noindex" /> <meta name="robots" content="noindex" />
<title>ZeroBin</title> <title>ZeroBin</title>
<link type="text/css" rel="stylesheet" href="css/zerobin.css?{$VERSION|rawurlencode}#" /> <link type="text/css" rel="stylesheet" href="css/zerobin.css?{$VERSION|rawurlencode}" />{if="$SYNTAXHIGHLIGHTING"}
<link type="text/css" rel="stylesheet" href="css/prettify.css?{$VERSION|rawurlencode}#" /> <link type="text/css" rel="stylesheet" href="css/prettify.css?{$VERSION|rawurlencode}" />{/if}
<script type="text/javascript" src="js/jquery.js?{$VERSION|rawurlencode}#"></script> <script type="text/javascript" src="js/jquery-1.11.3.js"></script>
<script type="text/javascript" src="js/sjcl.js?{$VERSION|rawurlencode}#"></script> <script type="text/javascript" src="js/sjcl-1.0.2.js"></script>
<script type="text/javascript" src="js/base64.js?{$VERSION|rawurlencode}#"></script> <script type="text/javascript" src="js/base64-{$BASE64JSVERSION}.js"></script>
<script type="text/javascript" src="js/rawdeflate.js?{$VERSION|rawurlencode}#"></script> <script type="text/javascript" src="js/rawdeflate.js?{$VERSION|rawurlencode}"></script>
<script type="text/javascript" src="js/rawinflate.js?{$VERSION|rawurlencode}#"></script>{if="$SYNTAXHIGHLIGHTING"} <script type="text/javascript" src="js/rawinflate.js?{$VERSION|rawurlencode}"></script>{if="$SYNTAXHIGHLIGHTING"}
<script type="text/javascript" src="js/prettify.js?{$VERSION|rawurlencode}#"></script>{/if} <script type="text/javascript" src="js/prettify.js?{$VERSION|rawurlencode}"></script>{/if}
<script type="text/javascript" src="js/zerobin.js?{$VERSION|rawurlencode}#"></script> <script type="text/javascript" src="js/zerobin.js?{$VERSION|rawurlencode}"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style> body {padding-left:60px;padding-right:60px;} div#ienotice {display:block;} </style> <style> body {padding-left:60px;padding-right:60px;} div#ienotice {display:block;} </style>
<![endif]--> <![endif]-->

View file

@ -24,8 +24,8 @@ class RainTPLTest extends PHPUnit_Framework_TestCase
/* Setup Routine */ /* Setup Routine */
$page = new RainTPL; $page = new RainTPL;
$page::configure(array('cache_dir' => 'tmp/')); $page::configure(array('cache_dir' => 'tmp/'));
$page::$path_replace = false;
$page = new RainTPL;
// We escape it here because ENT_NOQUOTES can't be used in RainTPL templates. // We escape it here because ENT_NOQUOTES can't be used in RainTPL templates.
$page->assign('CIPHERDATA', htmlspecialchars(self::$data, ENT_NOQUOTES)); $page->assign('CIPHERDATA', htmlspecialchars(self::$data, ENT_NOQUOTES));
$page->assign('ERROR', self::$error); $page->assign('ERROR', self::$error);
@ -34,6 +34,7 @@ class RainTPLTest extends PHPUnit_Framework_TestCase
$page->assign('BURNAFTERREADINGSELECTED', false); $page->assign('BURNAFTERREADINGSELECTED', false);
$page->assign('OPENDISCUSSION', false); $page->assign('OPENDISCUSSION', false);
$page->assign('SYNTAXHIGHLIGHTING', true); $page->assign('SYNTAXHIGHLIGHTING', true);
$page->assign('BASE64JSVERSION', '2.1.9');
$page->assign('EXPIRE', self::$expire); $page->assign('EXPIRE', self::$expire);
$page->assign('EXPIREDEFAULT', self::$expire_default); $page->assign('EXPIREDEFAULT', self::$expire_default);
ob_start(); ob_start();