diff --git a/js/comment.jsonld b/js/comment.jsonld new file mode 100644 index 00000000..237cf2ec --- /dev/null +++ b/js/comment.jsonld @@ -0,0 +1,10 @@ +{ + "@context": { + "status": "http://schema.org/Integer", + "id": "http://schema.org/name", + "url: { + "@id": "http://schema.org/url", + "@type": "@id" + } + } +} \ No newline at end of file diff --git a/js/paste.jsonld b/js/paste.jsonld new file mode 100644 index 00000000..8f11acae --- /dev/null +++ b/js/paste.jsonld @@ -0,0 +1,11 @@ +{ + "@context": { + "status": http://schema.org/Integer", + "id": "http://schema.org/name", + "deletetoken": "http://schema.org/Text", + "url: { + "@id": "http://schema.org/url", + "@type": "@id" + } + } +} \ No newline at end of file diff --git a/js/zerobin.js b/js/zerobin.js index 02872acf..70e0262f 100644 --- a/js/zerobin.js +++ b/js/zerobin.js @@ -671,9 +671,11 @@ $(function() { } if (comments[0].meta.burnafterreading) { + // unfortunately many web servers don't support DELETE (and PUT) out of the box $.ajax({ - // type: 'DELETE', // unfortunately many web servers will not support DELETE and PUT by default - url: this.scriptLocation() + '?pasteid=' + this.pasteID() + '&deletetoken=burnafterreading', + type: 'POST', + url: this.scriptLocation() + '?' + this.pasteID(), + data: {deletetoken: 'burnafterreading'}, dataType: 'json', headers: this.headers }) diff --git a/lib/request.php b/lib/request.php index 5edd74d8..ca531200 100644 --- a/lib/request.php +++ b/lib/request.php @@ -79,8 +79,8 @@ class request // parse parameters, depending on request type switch (array_key_exists('REQUEST_METHOD', $_SERVER) ? $_SERVER['REQUEST_METHOD'] : 'GET') { + case 'DELETE': case 'PUT': - $this->_operation = 'create'; parse_str(file_get_contents(self::$_inputStream), $this->_params); break; case 'POST': @@ -89,8 +89,12 @@ class request default: $this->_params = $_GET; } + if (array_key_exists('QUERY_STRING', $_SERVER) && !empty($_SERVER['QUERY_STRING'])) + { + $this->_params['pasteid'] = $_SERVER['QUERY_STRING']; + } - // prepare parameters, depending on current operation + // prepare operation, depending on current parameters if ( (array_key_exists('data', $this->_params) && !empty($this->_params['data'])) || (array_key_exists('attachment', $this->_params) && !empty($this->_params['attachment'])) @@ -98,18 +102,17 @@ class request { $this->_operation = 'create'; } - elseif ( - array_key_exists('pasteid', $this->_params) && !empty($this->_params['pasteid']) && - array_key_exists('deletetoken', $this->_params) && !empty($this->_params['deletetoken']) - ) + elseif (array_key_exists('pasteid', $this->_params) && !empty($this->_params['pasteid'])) { - $this->_operation = 'delete'; - } - // display an existing paste - elseif (array_key_exists('QUERY_STRING', $_SERVER) && !empty($_SERVER['QUERY_STRING'])) - { - if ($this->_operation != 'create') $this->_operation = 'read'; - $this->_params['pasteid'] = $_SERVER['QUERY_STRING']; + if (array_key_exists('deletetoken', $this->_params) && !empty($this->_params['deletetoken'])) + { + $this->_operation = 'delete'; + } + else + { + $this->_operation = 'read'; + } + } } diff --git a/lib/zerobin.php b/lib/zerobin.php index 0de26bb9..206d730b 100644 --- a/lib/zerobin.php +++ b/lib/zerobin.php @@ -446,6 +446,10 @@ class zerobin else { $result['id'] = $message; + $result['url'] = ( + array_key_exists('REQUEST_URI', $_SERVER) ? $_SERVER['REQUEST_URI'] : '/' + ) . '?' . $message; + $result['@context'] = 'js/paste.jsonld'; } $result += $other; $this->_json = json_encode($result); diff --git a/tst/jsonApi.php b/tst/jsonApi.php index 6bedf0d5..ffd5b16b 100644 --- a/tst/jsonApi.php +++ b/tst/jsonApi.php @@ -65,9 +65,9 @@ class jsonApiTest extends PHPUnit_Framework_TestCase $options['traffic']['limit'] = 0; helper::confBackup(); helper::createIniFile(CONF, $options); - $file = tempnam(sys_get_temp_dir(), 'FOO'); $paste = helper::getPaste(); unset($paste['meta']); + $file = tempnam(sys_get_temp_dir(), 'FOO'); file_put_contents($file, http_build_query($paste)); request::setInputStream($file); $_SERVER['QUERY_STRING'] = helper::getPasteId(); @@ -89,4 +89,51 @@ class jsonApiTest extends PHPUnit_Framework_TestCase $this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data'); } + /** + * @runInSeparateProcess + */ + public function testDelete() + { + $this->reset(); + $this->_model->create(helper::getPasteId(), helper::getPaste()); + $this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists before deleting data'); + $file = tempnam(sys_get_temp_dir(), 'FOO'); + file_put_contents($file, http_build_query(array( + 'deletetoken' => hash_hmac('sha1', helper::getPasteId(), serversalt::get()), + ))); + request::setInputStream($file); + $_SERVER['QUERY_STRING'] = helper::getPasteId(); + $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; + $_SERVER['REQUEST_METHOD'] = 'DELETE'; + ob_start(); + new zerobin; + $content = ob_get_contents(); + $response = json_decode($content, true); + $this->assertEquals(0, $response['status'], 'outputs status'); + $this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste successfully deleted'); + } + + /** + * @runInSeparateProcess + */ + public function testDeleteWithPost() + { + $this->reset(); + $this->_model->create(helper::getPasteId(), helper::getPaste()); + $this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists before deleting data'); + $_POST = array( + 'action' => 'delete', + 'deletetoken' => hash_hmac('sha1', helper::getPasteId(), serversalt::get()), + ); + $_SERVER['QUERY_STRING'] = helper::getPasteId(); + $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; + $_SERVER['REQUEST_METHOD'] = 'POST'; + ob_start(); + new zerobin; + $content = ob_get_contents(); + $response = json_decode($content, true); + $this->assertEquals(0, $response['status'], 'outputs status'); + $this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste successfully deleted'); + } + } \ No newline at end of file diff --git a/tst/request.php b/tst/request.php index eb76f37a..0df21927 100644 --- a/tst/request.php +++ b/tst/request.php @@ -94,10 +94,10 @@ class requestTest extends PHPUnit_Framework_TestCase public function testApiDelete() { $this->reset(); - $_SERVER['REQUEST_METHOD'] = 'DELETE'; + $_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; - $_GET['pasteid'] = 'foo'; - $_GET['deletetoken'] = 'bar'; + $_SERVER['QUERY_STRING'] = 'foo'; + $_POST['deletetoken'] = 'bar'; $request = new request; $this->assertTrue($request->isJsonApiCall(), 'is JSON Api call'); $this->assertEquals('delete', $request->getOperation()); diff --git a/tst/zerobin.php b/tst/zerobin.php index e92378d0..68445356 100644 --- a/tst/zerobin.php +++ b/tst/zerobin.php @@ -862,10 +862,10 @@ class zerobinTest extends PHPUnit_Framework_TestCase $burnPaste = helper::getPaste(array('burnafterreading' => true)); $this->_model->create(helper::getPasteId(), $burnPaste); $this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists before deleting data'); - $_GET['pasteid'] = helper::getPasteId(); - $_GET['deletetoken'] = 'burnafterreading'; + $_POST['deletetoken'] = 'burnafterreading'; + $_SERVER['QUERY_STRING'] = helper::getPasteId(); $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; - $_SERVER['REQUEST_METHOD'] = 'DELETE'; + $_SERVER['REQUEST_METHOD'] = 'POST'; ob_start(); new zerobin; $content = ob_get_contents(); @@ -882,10 +882,10 @@ class zerobinTest extends PHPUnit_Framework_TestCase $this->reset(); $this->_model->create(helper::getPasteId(), helper::getPaste()); $this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists before deleting data'); - $_GET['pasteid'] = helper::getPasteId(); - $_GET['deletetoken'] = 'burnafterreading'; + $_POST['deletetoken'] = 'burnafterreading'; + $_SERVER['QUERY_STRING'] = helper::getPasteId(); $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; - $_SERVER['REQUEST_METHOD'] = 'DELETE'; + $_SERVER['REQUEST_METHOD'] = 'POST'; ob_start(); new zerobin; $content = ob_get_contents();