Removed option to hide clone button on expiring pastes, since this requires reading the paste for rendering the template, which leaks information on the pastes state

This commit is contained in:
El RIDO 2018-05-27 15:05:31 +02:00
parent 05c1776ada
commit d6f203dc4c
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
7 changed files with 2 additions and 37 deletions

View file

@ -6,6 +6,7 @@
* CHANGED: Minimum required PHP version is 5.4 (#186) * CHANGED: Minimum required PHP version is 5.4 (#186)
* CHANGED: Shipped .htaccess files were updated for Apache 2.4 (#192) * CHANGED: Shipped .htaccess files were updated for Apache 2.4 (#192)
* CHANGED: Cleanup of bootstrap template variants and moved icons to `img` directory * CHANGED: Cleanup of bootstrap template variants and moved icons to `img` directory
* CHANGED: Removed option to hide clone button on expiring pastes, since this requires reading the paste for rendering the template, which leaks information on the pastes state
* **1.1.1 (2017-10-06)** * **1.1.1 (2017-10-06)**
* CHANGED: Switched to `.php` file extension for configuration file, to avoid leaking configuration data in unprotected installation. * CHANGED: Switched to `.php` file extension for configuration file, to avoid leaking configuration data in unprotected installation.
* **1.1 (2016-12-26)** * **1.1 (2016-12-26)**

View file

@ -81,10 +81,6 @@ zerobincompatibility = false
; make sure the value exists in [expire_options] ; make sure the value exists in [expire_options]
default = "1week" default = "1week"
; optionally the "clone" button can be disabled on expiring pastes
; note that this only hides the button, copy & paste is still possible
; clone = false
[expire_options] [expire_options]
; Set each one of these to the number of seconds in the expiration period, ; Set each one of these to the number of seconds in the expiration period,
; or 0 if it should never expire ; or 0 if it should never expire

View file

@ -58,7 +58,6 @@ class Configuration
), ),
'expire' => array( 'expire' => array(
'default' => '1week', 'default' => '1week',
'clone' => true,
), ),
'expire_options' => array( 'expire_options' => array(
'5min' => 300, '5min' => 300,

View file

@ -52,22 +52,6 @@ class PrivateBin
*/ */
private $_conf; private $_conf;
/**
* data
*
* @access private
* @var string
*/
private $_data = '';
/**
* does the paste expire
*
* @access private
* @var bool
*/
private $_doesExpire = false;
/** /**
* error message * error message
* *
@ -370,8 +354,7 @@ class PrivateBin
try { try {
$paste = $this->_model->getPaste($dataid); $paste = $this->_model->getPaste($dataid);
if ($paste->exists()) { if ($paste->exists()) {
$data = $paste->get(); $data = $paste->get();
$this->_doesExpire = property_exists($data, 'meta') && property_exists($data->meta, 'expire_date');
if (property_exists($data->meta, 'salt')) { if (property_exists($data->meta, 'salt')) {
unset($data->meta->salt); unset($data->meta->salt);
} }
@ -440,7 +423,6 @@ class PrivateBin
$page->assign('LANGUAGES', I18n::getLanguageLabels(I18n::getAvailableLanguages())); $page->assign('LANGUAGES', I18n::getLanguageLabels(I18n::getAvailableLanguages()));
$page->assign('EXPIRE', $expire); $page->assign('EXPIRE', $expire);
$page->assign('EXPIREDEFAULT', $this->_conf->getKey('default', 'expire')); $page->assign('EXPIREDEFAULT', $this->_conf->getKey('default', 'expire'));
$page->assign('EXPIRECLONE', !$this->_doesExpire || ($this->_doesExpire && $this->_conf->getKey('clone', 'expire')));
$page->assign('URLSHORTENER', $this->_conf->getKey('urlshortener')); $page->assign('URLSHORTENER', $this->_conf->getKey('urlshortener'));
$page->assign('QRCODE', $this->_conf->getKey('qrcode')); $page->assign('QRCODE', $this->_conf->getKey('qrcode'));
$page->draw($this->_conf->getKey('template')); $page->draw($this->_conf->getKey('template'));

View file

@ -164,15 +164,9 @@ else:
endif; endif;
?> ?>
</button> </button>
<?php
if ($EXPIRECLONE):
?>
<button id="clonebutton" type="button" class="hidden btn btn-<?php echo $isDark ? 'warning' : 'default'; ?> navbar-btn"> <button id="clonebutton" type="button" class="hidden btn btn-<?php echo $isDark ? 'warning' : 'default'; ?> navbar-btn">
<span class="glyphicon glyphicon-duplicate" aria-hidden="true"></span> <?php echo I18n::_('Clone'), PHP_EOL; ?> <span class="glyphicon glyphicon-duplicate" aria-hidden="true"></span> <?php echo I18n::_('Clone'), PHP_EOL; ?>
</button> </button>
<?php
endif;
?>
<button id="rawtextbutton" type="button" class="hidden btn btn-<?php echo $isDark ? 'warning' : 'default'; ?> navbar-btn"> <button id="rawtextbutton" type="button" class="hidden btn btn-<?php echo $isDark ? 'warning' : 'default'; ?> navbar-btn">
<span class="glyphicon glyphicon-text-background" aria-hidden="true"></span> <?php echo I18n::_('Raw text'), PHP_EOL; ?> <span class="glyphicon glyphicon-text-background" aria-hidden="true"></span> <?php echo I18n::_('Raw text'), PHP_EOL; ?>
</button> </button>

View file

@ -98,13 +98,7 @@ endif;
<button id="newbutton" class="reloadlink hidden"><img src="img/icon_new.png" width="11" height="15" alt="" /><?php echo I18n::_('New'); ?></button> <button id="newbutton" class="reloadlink hidden"><img src="img/icon_new.png" width="11" height="15" alt="" /><?php echo I18n::_('New'); ?></button>
<button id="retrybutton" class="reloadlink hidden"><?php echo I18n::_('Retry'), PHP_EOL; ?></button> <button id="retrybutton" class="reloadlink hidden"><?php echo I18n::_('Retry'), PHP_EOL; ?></button>
<button id="sendbutton" class="hidden"><img src="img/icon_send.png" width="18" height="15" alt="" /><?php echo I18n::_('Send'); ?></button> <button id="sendbutton" class="hidden"><img src="img/icon_send.png" width="18" height="15" alt="" /><?php echo I18n::_('Send'); ?></button>
<?php
if ($EXPIRECLONE):
?>
<button id="clonebutton" class="hidden"><img src="img/icon_clone.png" width="15" height="17" alt="" /><?php echo I18n::_('Clone'); ?></button> <button id="clonebutton" class="hidden"><img src="img/icon_clone.png" width="15" height="17" alt="" /><?php echo I18n::_('Clone'); ?></button>
<?php
endif;
?>
<button id="rawtextbutton" class="hidden"><img src="img/icon_raw.png" width="15" height="15" alt="" /><?php echo I18n::_('Raw text'); ?></button> <button id="rawtextbutton" class="hidden"><img src="img/icon_raw.png" width="15" height="15" alt="" /><?php echo I18n::_('Raw text'); ?></button>
<?php <?php
if ($QRCODE): if ($QRCODE):

View file

@ -53,7 +53,6 @@ class ViewTest extends PHPUnit_Framework_TestCase
$page->assign('LANGUAGES', I18n::getLanguageLabels(I18n::getAvailableLanguages())); $page->assign('LANGUAGES', I18n::getLanguageLabels(I18n::getAvailableLanguages()));
$page->assign('EXPIRE', self::$expire); $page->assign('EXPIRE', self::$expire);
$page->assign('EXPIREDEFAULT', self::$expire_default); $page->assign('EXPIREDEFAULT', self::$expire_default);
$page->assign('EXPIRECLONE', true);
$page->assign('URLSHORTENER', ''); $page->assign('URLSHORTENER', '');
$page->assign('QRCODE', true); $page->assign('QRCODE', true);