StarMirror
/
PrivateBin
mirror of https://github.com/PrivateBin/PrivateBin
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into php8

pull/1121/head
github-actions[bot] 2022-11-18 04:37:18 +00:00
parent 46c0fc851c 4056057a3c
commit e888877f23
3 changed files with 25 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
lib/Data/Filesystem.php
View File

@ -22,6 +22,22 @@ use PrivateBin\Json;
*/
class Filesystem extends AbstractData
{
/**
* glob() pattern of the two folder levels and the paste files under the
* configured path. Needs to return both files with and without .php suffix,
* so they can be hardened by _prependRename(), which is hooked into exists().
*
* > Note that wildcard patterns are not regular expressions, although they
* > are a bit similar.
*
* @link https://man7.org/linux/man-pages/man7/glob.7.html
* @const string
*/
const PASTE_FILE_PATTERN = DIRECTORY_SEPARATOR . '[a-f0-9][a-f0-9]' .
DIRECTORY_SEPARATOR . '[a-f0-9][a-f0-9]' . DIRECTORY_SEPARATOR .
'[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]' .
'[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]*';
/**
* first line in paste or comment files, to protect their contents from browsing exposed data directories
*
@ -341,10 +357,9 @@ class Filesystem extends AbstractData
protected function _getExpiredPastes($batchsize)
{
$pastes = array();
$files = $this->_getPasteIterator();
$count = 0;
$time = time();
foreach ($files as $file) {
foreach ($this->_getPasteIterator() as $file) {
if ($file->isDir()) {
continue;
}
@ -372,8 +387,7 @@ class Filesystem extends AbstractData
public function getAllPastes()
{
$pastes = array();
$files = $this->_getPasteIterator();
foreach ($files as $file) {
foreach ($this->_getPasteIterator() as $file) {
if ($file->isFile()) {
$pastes[] = $file->getBasename('.php');
}
@ -419,19 +433,16 @@ class Filesystem extends AbstractData
/**
* Get an iterator matching paste files.
*
* Note that creating the iterator issues the glob() call, so we can't pre-
* generate this object before files that should get matched exist.
*
* @access private
* @return \GlobIterator
*/
private function _getPasteIterator()
{
return new \GlobIterator($this->_path . DIRECTORY_SEPARATOR .
'[a-f0-9][a-f0-9]' . DIRECTORY_SEPARATOR .
'[a-f0-9][a-f0-9]' . DIRECTORY_SEPARATOR .
'[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]' .
'[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]*');
// need to return both files with and without .php suffix, so they can
// be hardened by _prependRename(), which is hooked into exists()
return new \GlobIterator($this->_path . self::PASTE_FILE_PATTERN);
}
/**

2
lib/View.php
View File

@ -6,7 +6,7 @@
*
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.4.0
*/

4
lib/Vizhash16x16.php
View File

@ -5,7 +5,7 @@
* Visual Hash implementation in php4+GD,
* stripped down and modified version for PrivateBin
*
* @link http://sebsauvage.net/wiki/doku.php?id=php:vizhash_gd
* @link https://sebsauvage.net/wiki/doku.php?id=php:vizhash_gd
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 0.0.5 beta PrivateBin 1.4.0
@ -166,7 +166,7 @@ class Vizhash16x16
* Gradient function
*
* taken from:
* http://www.supportduweb.com/scripts_tutoriaux-code-source-41-gd-faire-un-degrade-en-php-gd-fonction-degrade-imagerie.html
* @link https://www.supportduweb.com/scripts_tutoriaux-code-source-41-gd-faire-un-degrade-en-php-gd-fonction-degrade-imagerie.html
*
* @access private
* @param resource $img