StarMirror
/
PrivateBin
mirror of https://github.com/PrivateBin/PrivateBin
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

switching to full JSON API without POST array use, ensure all JSON operations are done with error detection

pull/431/head
El RIDO 2019-05-13 22:31:52 +02:00
parent be1e7babc0
commit cc1c55129f
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92
14 changed files with 187 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
js/privatebin.js
View File

@ -3712,27 +3712,22 @@ jQuery.PrivateBin = (function($, RawDeflate) {
{
let isPost = Object.keys(data).length > 0,
ajaxParams = {
type: isPost ? 'POST' : 'GET',
url: url,
headers: ajaxHeaders,
success: function(result) {
if (result.status === 0) {
success(0, result);
} else if (result.status === 1) {
fail(1, result);
} else {
fail(2, result);
type: isPost ? 'POST' : 'GET',
url: url,
headers: ajaxHeaders,
dataType: 'json',
success: function(result) {
if (result.status === 0) {
success(0, result);
} else if (result.status === 1) {
fail(1, result);
} else {
fail(2, result);
}
}
}
};
};
if (isPost) {
ajaxParams.data = data;
['adata', 'meta'].map(function (key) {
if (data.hasOwnProperty(key)) {
ajaxParams.data[key] = JSON.stringify(data[key]);
}
});
ajaxParams.dataType = 'json';
ajaxParams.data = JSON.stringify(data);
}
$.ajax(ajaxParams).fail(function(jqXHR, textStatus, errorThrown) {
console.error(textStatus, errorThrown);

5
lib/Controller.php
View File

@ -154,6 +154,7 @@ class Controller
* initialize PrivateBin
*
* @access private
* @throws Exception
*/
private function _init()
{
@ -206,7 +207,6 @@ class Controller
);
}
// Ensure content is not too big.
$data = $this->_request->getData();
$isComment = array_key_exists('pasteid', $data) &&
!empty($data['pasteid']) &&
@ -216,6 +216,7 @@ class Controller
return $this->_return_message(1, 'Invalid data.');
}
$sizelimit = $this->_conf->getKey('sizelimit');
// Ensure content is not too big.
if (strlen($data['ct']) > $sizelimit) {
return $this->_return_message(
1,
@ -432,6 +433,6 @@ class Controller
$result['url'] = $this->_urlBase . '?' . $message;
}
$result += $other;
$this->_json = json_encode($result);
$this->_json = Json::encode($result);
}
}

13
lib/Data/Database.php
View File

@ -16,6 +16,7 @@ use Exception;
use PDO;
use PDOException;
use PrivateBin\Controller;
use PrivateBin\Json;
/**
* Database
@ -204,12 +205,12 @@ class Database extends AbstractData
' VALUES(?,?,?,?,?,?,?,?,?)',
array(
$pasteid,
$isVersion1 ? $paste['data'] : json_encode($paste),
$isVersion1 ? $paste['data'] : Json::encode($paste),
$created,
$expire_date,
(int) $opendiscussion,
(int) $burnafterreading,
json_encode($meta),
Json::encode($meta),
$attachment,
$attachmentname,
)
@ -239,7 +240,7 @@ class Database extends AbstractData
return false;
}
// create array
$data = json_decode($paste['data'], true);
$data = Json::decode($paste['data']);
$isVersion2 = array_key_exists('v', $data) && $data['v'] >= 2;
if ($isVersion2) {
self::$_cache[$pasteid] = $data;
@ -249,7 +250,7 @@ class Database extends AbstractData
list($createdKey) = self::_getVersionedKeys(1);
}
$paste['meta'] = json_decode($paste['meta'], true);
$paste['meta'] = Json::decode($paste['meta']);
if (!is_array($paste['meta'])) {
$paste['meta'] = array();
}
@ -338,7 +339,7 @@ class Database extends AbstractData
$data = $comment['data'];
} else {
$version = 2;
$data = json_encode($comment);
$data = Json::encode($comment);
}
list($createdKey, $iconKey) = self::_getVersionedKeys($version);
$meta = $comment['meta'];
@ -382,7 +383,7 @@ class Database extends AbstractData
if (count($rows)) {
foreach ($rows as $row) {
$i = $this->getOpenSlot($comments, (int) $row['postdate']);
$data = json_decode($row['data'], true);
$data = Json::decode($row['data']);
if (array_key_exists('v', $data) && $data['v'] >= 2) {
$version = 2;
$comments[$i] = $data;

7
lib/I18n.php
View File

@ -156,9 +156,8 @@ class I18n
// load translations
self::$_language = $match;
self::$_translations = ($match == 'en') ? array() : json_decode(
file_get_contents(self::_getPath($match . '.json')),
true
self::$_translations = ($match == 'en') ? array() : Json::decode(
file_get_contents(self::_getPath($match . '.json'))
);
}
@ -244,7 +243,7 @@ class I18n
{
$file = self::_getPath('languages.json');
if (count(self::$_languageLabels) == 0 && is_readable($file)) {
self::$_languageLabels = json_decode(file_get_contents($file), true);
self::$_languageLabels = Json::decode(file_get_contents($file));
}
if (count($languages) == 0) {
return self::$_languageLabels;

32
lib/Json.php
View File

@ -33,9 +33,39 @@ class Json
public static function encode($input)
{
$jsonString = json_encode($input);
self::_detectError();
return $jsonString;
}
/**
* Returns an array with the contents as described in the given JSON input
*
* @access public
* @static
* @param string $input
* @throws Exception
* @return array
*/
public static function decode($input)
{
$array = json_decode($input, true);
self::_detectError();
return $array;
}
/**
* Detects JSON errors and raises an exception if one is found
*
* @access private
* @static
* @throws Exception
* @return void
*/
private static function _detectError()
{
$errorCode = json_last_error();
if ($errorCode === JSON_ERROR_NONE) {
return $jsonString;
return;
}
$message = 'A JSON error occurred';

2
lib/Model/Paste.php
View File

@ -98,7 +98,7 @@ class Paste extends AbstractModel
if (
$this->_store->create(
$this->getId(),
json_decode(json_encode($this->_data), true)
$this->_data
) === false
) {
throw new Exception('Error saving paste. Sorry.', 76);

12
lib/Persistence/DataStore.php
View File

@ -45,7 +45,10 @@ class DataStore extends AbstractPersistence
$filename = substr($filename, strlen($path));
}
try {
self::_store($filename, self::PROTECTION_LINE . PHP_EOL . Json::encode($data));
self::_store(
$filename,
self::PROTECTION_LINE . PHP_EOL . Json::encode($data)
);
return true;
} catch (Exception $e) {
return false;
@ -62,7 +65,12 @@ class DataStore extends AbstractPersistence
*/
public static function get($filename)
{
return json_decode(substr(file_get_contents($filename), strlen(self::PROTECTION_LINE . PHP_EOL)), true);
return Json::decode(
substr(
file_get_contents($filename),
strlen(self::PROTECTION_LINE . PHP_EOL)
)
);
}
/**

12
lib/Request.php
View File

@ -107,10 +107,10 @@ class Request
switch (array_key_exists('REQUEST_METHOD', $_SERVER) ? $_SERVER['REQUEST_METHOD'] : 'GET') {
case 'DELETE':
case 'PUT':
parse_str(file_get_contents(self::$_inputStream), $this->_params);
break;
case 'POST':
$this->_params = $_POST;
$this->_params = Json::decode(
file_get_contents(self::$_inputStream)
);
break;
default:
$this->_params = $_GET;
@ -161,15 +161,15 @@ class Request
public function getData()
{
$data = array(
'adata' => json_decode($this->getParam('adata', '[]'), true),
'adata' => $this->getParam('adata', array()),
);
$required_keys = array('v', 'ct');
$meta = $this->getParam('meta');
$meta = $this->getParam('meta', array());
if (empty($meta)) {
$required_keys[] = 'pasteid';
$required_keys[] = 'parentid';
} else {
$data['meta'] = json_decode($meta, true);
$data['meta'] = $meta;
}
foreach ($required_keys as $key) {
$data[$key] = $this->getParam($key);

2
tpl/bootstrap.php
View File

@ -71,7 +71,7 @@ if ($MARKDOWN):
endif;
?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-vFGSFJnVh1RWRo5e1F4ig6UBs3QnPfM8hZ9CnnTN9QTWtLY/urdVWSJFZYAqzU3zADw0LvqS/GxJnkkza0tTzQ==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-YCn+cUn5IWzAnD+URrUMfDVZ9SjPtPw//qVIYf7ZIMxmh+oODCN/NbZq30K/8ldA1Al0udP5RQg4PyE6j6wdBQ==" crossorigin="anonymous"></script>
<!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]-->

2
tpl/page.php
View File

@ -49,7 +49,7 @@ if ($MARKDOWN):
endif;
?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-vFGSFJnVh1RWRo5e1F4ig6UBs3QnPfM8hZ9CnnTN9QTWtLY/urdVWSJFZYAqzU3zADw0LvqS/GxJnkkza0tTzQ==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-YCn+cUn5IWzAnD+URrUMfDVZ9SjPtPw//qVIYf7ZIMxmh+oODCN/NbZq30K/8ldA1Al0udP5RQg4PyE6j6wdBQ==" crossorigin="anonymous"></script>
<!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]-->

13
tst/Bootstrap.php
View File

@ -166,12 +166,9 @@ class Helper
* @param array $meta
* @return array
*/
public static function getPastePostJson($version = 2, array $meta = array())
public static function getPasteJson($version = 2, array $meta = array())
{
$example = self::getPastePost($version, $meta);
$example['adata'] = json_encode($example['adata']);
$example['meta'] = json_encode($example['meta']);
return $example;
return json_encode(self::getPastePost($version, $meta));
}
/**
@ -223,11 +220,9 @@ class Helper
* @param int $version
* @return array
*/
public static function getCommentPostJson()
public static function getCommentJson()
{
$example = self::getCommentPost();
$example['adata'] = json_encode($example['adata']);
return $example;
return json_encode(self::getCommentPost());
}
/**

126
tst/ControllerTest.php
View File

@ -4,6 +4,7 @@ use PrivateBin\Controller;
use PrivateBin\Data\Filesystem;
use PrivateBin\Persistence\ServerSalt;
use PrivateBin\Persistence\TrafficLimiter;
use PrivateBin\Request;
class ControllerTest extends PHPUnit_Framework_TestCase
{
@ -131,10 +132,13 @@ class ControllerTest extends PHPUnit_Framework_TestCase
*/
public function testHtaccess()
{
$file = $this->_path . DIRECTORY_SEPARATOR . '.htaccess';
@unlink($file);
$htaccess = $this->_path . DIRECTORY_SEPARATOR . '.htaccess';
@unlink($htaccess);
$_POST = Helper::getPastePostJson();
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -142,7 +146,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
new Controller;
ob_end_clean();
$this->assertFileExists($file, 'htaccess recreated');
$this->assertFileExists($htaccess, 'htaccess recreated');
}
/**
@ -163,7 +167,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson();
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -190,7 +197,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson(2, array('expire' => 25));
$paste = Helper::getPasteJson(2, array('expire' => 25));
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -219,7 +229,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options['main']['sizelimit'] = 10;
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson();
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -240,7 +253,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['header'] = 'X_FORWARDED_FOR';
Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson();
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_FORWARDED_FOR'] = '::2';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
@ -269,7 +285,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
$_POST = Helper::getPastePostJson();
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -290,9 +309,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson();
$_POST['expire'] = '5min';
$_POST['formatter'] = 'foo';
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -321,9 +341,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson();
$_POST['expire'] = '5min';
$_POST['opendiscussion'] = '1';
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -353,8 +374,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson();
$_POST['expire'] = 'foo';
$paste = Helper::getPasteJson(2, array('expire' => 'foo'));
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -381,10 +404,11 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson();
$adata = Helper::getPaste()['adata'];
$adata[3] = 'neither 1 nor 0';
$_POST['adata'] = json_encode($adata);
$paste = Helper::getPastePost();
$paste['adata'][3] = 'neither 1 nor 0';
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, json_encode($paste));
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -405,10 +429,11 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson();
$adata = Helper::getPaste()['adata'];
$adata[2] = 'neither 1 nor 0';
$_POST['adata'] = json_encode($adata);
$paste = Helper::getPastePost();
$paste['adata'][2] = 'neither 1 nor 0';
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, json_encode($paste));
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -426,21 +451,20 @@ class ControllerTest extends PHPUnit_Framework_TestCase
* silently removed, check that this case is handled
*
* @runInSeparateProcess
* @expectedException Exception
* @expectedExceptionCode 90
*/
public function testCreateBrokenUpload()
{
$_POST = Helper::getPastePostJson();
$paste = substr(Helper::getPasteJson(), 0, -10);
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
$_POST['ct'] = ' ';
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste does not exists before posting data');
ob_start();
new Controller;
$content = ob_get_contents();
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs error status');
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data');
}
@ -449,7 +473,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
*/
public function testCreateTooSoon()
{
$_POST = Helper::getPastePostJson();
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -474,7 +501,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getCommentPostJson();
$comment = Helper::getCommentJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $comment);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -496,8 +526,11 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getCommentPostJson();
$_POST['parentid'] = 'foo';
$comment = Helper::getCommentPost();
$comment['parentid'] = 'foo';
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, json_encode($comment));
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -519,7 +552,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getCommentPostJson();
$comment = Helper::getCommentJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $comment);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -543,7 +579,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getCommentPostJson();
$comment = Helper::getCommentJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $comment);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -567,7 +606,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
$this->_model->createComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId(), Helper::getComment());
$this->assertTrue($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId()), 'comment exists before posting data');
$_POST = Helper::getCommentPostJson();
$comment = Helper::getCommentJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $comment);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -829,7 +871,11 @@ class ControllerTest extends PHPUnit_Framework_TestCase
{
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
$_POST['deletetoken'] = 'burnafterreading';
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, json_encode(array(
'deletetoken' => 'burnafterreading',
)));
Request::setInputStream($file);
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';

17
tst/JsonApiTest.php
View File

@ -48,7 +48,10 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$_POST = Helper::getPastePostJson();
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['REMOTE_ADDR'] = '::1';
@ -77,9 +80,9 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
$options = parse_ini_file(CONF, true);
$options['traffic']['limit'] = 0;
Helper::createIniFile(CONF, $options);
$paste = Helper::getPastePostJson();
$paste = Helper::getPasteJson();
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, http_build_query($paste));
file_put_contents($file, $paste);
Request::setInputStream($file);
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_GET[Helper::getPasteId()] = '';
@ -113,7 +116,7 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
$paste = $this->_model->read(Helper::getPasteId());
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, http_build_query(array(
file_put_contents($file, json_encode(array(
'deletetoken' => hash_hmac('sha256', Helper::getPasteId(), $paste['meta']['salt']),
)));
Request::setInputStream($file);
@ -139,10 +142,12 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
$paste = $this->_model->read(Helper::getPasteId());
$_POST = array(
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, json_encode(array(
'pasteid' => Helper::getPasteId(),
'deletetoken' => hash_hmac('sha256', Helper::getPasteId(), $paste['meta']['salt']),
);
)));
Request::setInputStream($file);
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
ob_start();

14
tst/RequestTest.php
View File

@ -93,7 +93,7 @@ class RequestTest extends PHPUnit_Framework_TestCase
$_SERVER['REQUEST_METHOD'] = 'PUT';
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, 'ct=foo');
file_put_contents($file, '{"ct":"foo"}');
Request::setInputStream($file);
$request = new Request;
unlink($file);
@ -107,8 +107,10 @@ class RequestTest extends PHPUnit_Framework_TestCase
$this->reset();
$_SERVER['REQUEST_METHOD'] = 'POST';
$_SERVER['HTTP_ACCEPT'] = 'application/json, text/javascript, */*; q=0.01';
$_POST['ct'] = 'foo';
$request = new Request;
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, '{"ct":"foo"}');
Request::setInputStream($file);
$request = new Request;
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
$this->assertEquals('create', $request->getOperation());
$this->assertEquals('foo', $request->getParam('ct'));
@ -136,8 +138,10 @@ class RequestTest extends PHPUnit_Framework_TestCase
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['QUERY_STRING'] = $id;
$_GET = array($id => '');
$_POST['deletetoken'] = 'bar';
$request = new Request;
$file = tempnam(sys_get_temp_dir(), 'FOO');
file_put_contents($file, '{"deletetoken":"bar"}');
Request::setInputStream($file);
$request = new Request;
$this->assertTrue($request->isJsonApiCall(), 'is JSON Api call');
$this->assertEquals('delete', $request->getOperation());
$this->assertEquals($id, $request->getParam('pasteid'));