wok rev 14109
Up zerobin (0.17_alpha)
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Sun Feb 24 11:44:36 2013 +0100 (2013-02-24) |
parents | cc1a7a187042 |
children | 7ad0051245b2 |
files | zerobin/receipt zerobin/stuff/zerobin.u |
line diff
1.1 --- a/zerobin/receipt Sun Feb 24 09:19:30 2013 +0100 1.2 +++ b/zerobin/receipt Sun Feb 24 11:44:36 2013 +0100 1.3 @@ -1,7 +1,7 @@ 1.4 # SliTaz package receipt. 1.5 1.6 PACKAGE="zerobin" 1.7 -VERSION="0.15_alpha" 1.8 +VERSION="0.17_alpha" 1.9 CATEGORY="network" 1.10 SHORT_DESC="Online pastebin where the server has zero knowledge of pasted data." 1.11 MAINTAINER="pascal.bellard@slitaz.org"
2.1 --- a/zerobin/stuff/zerobin.u Sun Feb 24 09:19:30 2013 +0100 2.2 +++ b/zerobin/stuff/zerobin.u Sun Feb 24 11:44:36 2013 +0100 2.3 @@ -1,74 +1,51 @@ 2.4 ---- lib/zerobin.js 2.5 -+++ lib/zerobin.js 2.6 -@@ -180,7 +180,12 @@ 2.7 - { 2.8 - if ($('textarea#message').val().length==0) return; // Do not send if no data. 2.9 - showStatus('Sending paste...',spin=true); 2.10 -- var randomkey = sjcl.codec.base64.fromBits(sjcl.random.randomWords(8,0),0); 2.11 -+ var randomkey = (window.location.hash.length > 2) ? 2.12 -+ // force key 2.13 -+ window.location.hash.substring(1) : 2.14 -+ // Generate a random 256 bits key, encoded in base64: 2.15 -+ sjcl.codec.base64.fromBits(sjcl.random.randomWords(8,0),0); 2.16 -+ if (randomkey.charAt(randomkey.length-1)!=='=') randomkey+='='; // Add trailing = if missing. 2.17 - var cipherdata = zeroCipher(randomkey,$('textarea#message').val()); 2.18 - var data_to_send = { data:cipherdata, 2.19 - expire:$('select#pasteExpiration').val(), 2.20 --- index.php 2.21 +++ index.php 2.22 -@@ -16,6 +16,14 @@ 2.23 +@@ -17,6 +17,13 @@ 2.24 $_COOKIE = array_map('stripslashes_deep', $_COOKIE); 2.25 } 2.26 2.27 -+function remote_address() 2.28 -+ 2.29 ++function remote_address() 2.30 +{ 2.31 -+ if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) 2.32 -+ return $_SERVER["HTTP_X_FORWARDED_FOR"]; 2.33 -+ return $_SERVER["REMOTE_ADDR"]; 2.34 ++ if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) 2.35 ++ return $_SERVER["HTTP_X_FORWARDED_FOR"]; 2.36 ++ return $_SERVER["REMOTE_ADDR"]; 2.37 +} 2.38 + 2.39 // trafic_limiter : Make sure the IP address makes at most 1 request every 10 seconds. 2.40 // Will return false if IP address made a call less than 10 seconds ago. 2.41 function trafic_limiter_canPass($ip) 2.42 -@@ -136,7 +144,7 @@ 2.43 - } 2.44 - 2.45 - // Make sure last paste from the IP address was more than 10 seconds ago. 2.46 +@@ -137,7 +144,7 @@ 2.47 + } 2.48 + 2.49 + // Make sure last paste from the IP address was more than 10 seconds ago. 2.50 - if (!trafic_limiter_canPass($_SERVER['REMOTE_ADDR'])) 2.51 + if (!trafic_limiter_canPass(remote_address())) 2.52 { echo json_encode(array('status'=>1,'message'=>'Please wait 10 seconds between each post.')); exit; } 2.53 2.54 // Make sure content is not too big. 2.55 -@@ -191,7 +199,7 @@ 2.56 +@@ -192,7 +199,7 @@ 2.57 // (We assume that if the user did not enter a nickname, he/she wants 2.58 // to be anonymous and we will not generate the vizhash.) 2.59 $vz = new vizhash16x16(); 2.60 - $pngdata = $vz->generate($_SERVER['REMOTE_ADDR']); 2.61 + $pngdata = $vz->generate(remote_address()); 2.62 - if ($pngdata!='') $meta['vizhash'] = 'data:image/png;base64,'.base64_encode($pngdata); 2.63 - // Once the avatar is generated, we do not keep the IP address, nor its hash. 2.64 - } 2.65 -@@ -286,11 +294,11 @@ 2.66 - if ($ERRORMESSAGE=='') // If no error, return the paste. 2.67 - { 2.68 - // We kindly provide the remaining time before expiration (in seconds) 2.69 -- if ($paste->meta->expire_date) $paste->meta->remaining_time = $paste->meta->expire_date - time(); 2.70 -+ if (isset($paste->meta->expire_date)) $paste->meta->remaining_time = $paste->meta->expire_date - time(); 2.71 - 2.72 - $messages = array($paste); // The paste itself is the first in the list of encrypted messages. 2.73 - // If it's a discussion, get all comments. 2.74 -- if ($paste->meta->opendiscussion) 2.75 -+ if (isset($paste->meta->opendiscussion)) 2.76 - { 2.77 - $comments=array(); 2.78 - $datadir = dataid2discussionpath($dataid); 2.79 -@@ -318,7 +326,7 @@ 2.80 - $CIPHERDATA = json_encode($messages); 2.81 - 2.82 - // If the paste was meant to be read only once, delete it. 2.83 -- if ($paste->meta->burnafterreading) deletePaste($dataid); 2.84 -+ if (isset($paste->meta->burnafterreading)) deletePaste($dataid); 2.85 - } 2.86 + if ($pngdata!='') $meta['vizhash'] = 'data:image/png;base64,'.base64_encode($pngdata); 2.87 + // Once the avatar is generated, we do not keep the IP address, nor its hash. 2.88 } 2.89 - else 2.90 +--- js/zerobin.js 2.91 ++++ js/zerobin.js 2.92 +@@ -308,7 +308,13 @@ 2.93 + return; 2.94 + } 2.95 + showStatus('Sending paste...', spin=true); 2.96 +- var randomkey = sjcl.codec.base64.fromBits(sjcl.random.randomWords(8, 0), 0); 2.97 ++ var randomkey = (window.location.hash.length > 2) ? 2.98 ++ // force key 2.99 ++ window.location.hash.substring(1) : 2.100 ++ // Generate a random 256 bits key, encoded in base64: 2.101 ++ sjcl.codec.base64.fromBits(sjcl.random.randomWords(8,0),0); 2.102 ++ if (randomkey.charAt(randomkey.length-1) !== '=') 2.103 ++ randomkey+='='; // Add trailing = if missing. 2.104 + var cipherdata = zeroCipher(randomkey, $('textarea#message').val()); 2.105 + var data_to_send = { data: cipherdata, 2.106 + expire: $('select#pasteExpiration').val(),