extracting only the 16 hex characters of the query string as paste ID, addressing #396

This commit is contained in:
El RIDO 2019-01-20 12:20:37 +01:00
parent cc53d95ed1
commit 79a858f176
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
5 changed files with 7 additions and 5 deletions

View file

@ -745,7 +745,7 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
{
if (id === null) {
// Attention: This also returns the delete token inside of the ID, if it is specified
id = window.location.search.substring(1);
id = (window.location.search.match(/[a-z0-9]{16}/) || [''])[0];
if (id === '') {
throw 'no paste id given';

View file

@ -16,7 +16,7 @@ describe('Prompt', function () {
'string',
function (password) {
password = password.replace(/\r+/g, '');
var clean = jsdom('', {url: 'ftp://example.com/?0'});
var clean = jsdom('', {url: 'ftp://example.com/?0000000000000000'});
$('body').html(
'<div id="passwordmodal" class="modal fade" role="dialog">' +
'<div class="modal-dialog"><div class="modal-content">' +

View file

@ -100,7 +100,9 @@ class Request
array_key_exists('QUERY_STRING', $_SERVER) &&
!empty($_SERVER['QUERY_STRING'])
) {
$this->_params['pasteid'] = $_SERVER['QUERY_STRING'];
$this->_params['pasteid'] = preg_match(
'/[a-f0-9]{16}/', $_SERVER['QUERY_STRING'], $match
) ? $match[0] : 'invalid id';
}
// prepare operation, depending on current parameters

View file

@ -76,7 +76,7 @@ if ($MARKDOWN):
endif;
?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-gFuGN7PD3lRe5ZTe/S2NfugOrjqNWYgEwBmb3Grk2EVckz1UbqVPs8+PQp6SmQ0preKNpXC50omnwGh4MPkoRg==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-qY0AJdr7OzoJBiuVUO9w1HZv8WXoYpbCocgvHW+gMMic9CDU/pwohPkdqbaTh4SkHpRQ8cNpRO7ezTyBs0KMbA==" crossorigin="anonymous"></script>
<!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]-->

View file

@ -54,7 +54,7 @@ if ($MARKDOWN):
endif;
?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-gFuGN7PD3lRe5ZTe/S2NfugOrjqNWYgEwBmb3Grk2EVckz1UbqVPs8+PQp6SmQ0preKNpXC50omnwGh4MPkoRg==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-qY0AJdr7OzoJBiuVUO9w1HZv8WXoYpbCocgvHW+gMMic9CDU/pwohPkdqbaTh4SkHpRQ8cNpRO7ezTyBs0KMbA==" crossorigin="anonymous"></script>
<!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]-->