lock file

CHANGELOG.md

@@ -1,3 +1,8 @@
+## v2.6.4
++ Filter on displayable images.
++ Fixed during upload error on php compiled for 32 bit.
++ The generated random strings are now more human readable.
+
 ## v2.6.3
 + Fixed #67.
 + Fixed bad preload statement.

app/Controllers/UploadController.php

@@ -62,7 +62,7 @@ class UploadController extends Controller
 		}
 
 		do {
-			$code = uniqid();
+			$code = humanRandomString();
 		} while ($this->database->query('SELECT COUNT(*) AS `count` FROM `uploads` WHERE `code` = ?', $code)->fetch()->count > 0);
 
 		/** @var \Psr\Http\Message\UploadedFileInterface $file */
@@ -114,8 +114,12 @@ class UploadController extends Controller
 				$size = $filesystem->getSize($media->storage_path);
 
 				$type = explode('/', $media->mimetype)[0];
+				if ($type === 'image' && !isDisplayableImage($media->mimetype)) {
+					$type = 'application';
+					$media->mimetype = 'application/octet-stream';
+				}
 				if ($type === 'text') {
-					if ($size <= (200 * 1024)) {// less than 200 KB
+					if ($size <= (200 * 1024)) { // less than 200 KB
 						$media->text = $filesystem->read($media->storage_path);
 					} else {
 						$type = 'application';

app/Controllers/UserController.php

@@ -81,7 +81,7 @@ class UserController extends Controller
 		}
 
 		do {
-			$userCode = substr(md5(microtime()), rand(0, 26), 5);
+			$userCode = humanRandomString(5);
 		} while ($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `user_code` = ?', $userCode)->fetch()->count > 0);
 
 		$token = $this->generateNewToken();

app/helpers.php

@@ -1,9 +1,8 @@
 <?php
 
-use League\Flysystem\Adapter\Local;
-use League\Flysystem\Filesystem;
-
-require __DIR__ . '/../vendor/autoload.php';
+if (!defined('HUMAN_RANDOM_CHARS')) {
+	define('HUMAN_RANDOM_CHARS', 'bcdfghjklmnpqrstvwxyzBCDFGHJKLMNPQRSTVWXYZaeiouAEIOU');
+}
 
 if (!function_exists('humanFileSize')) {
 	/**
@@ -20,22 +19,63 @@ if (!function_exists('humanFileSize')) {
 	}
 }
 
+if (!function_exists('humanRandomString')) {
+	/**
+	 * @param int $length
+	 * @return string
+	 */
+	function humanRandomString(int $length = 13): string
+	{
+		$result = '';
+		$numberOffset = round($length * 0.2);
+		for ($x = 0; $x < $length - $numberOffset; $x++) {
+			$result .= ($x % 2) ? HUMAN_RANDOM_CHARS[rand(42, 51)] : HUMAN_RANDOM_CHARS[rand(0, 41)];
+		}
+		for ($x = 0; $x < $numberOffset; $x++) {
+			$result .= rand(0, 9);
+		}
+		return $result;
+	}
+}
+
+if (!function_exists('isDisplayableImage')) {
+	/**
+	 * @param string $mime
+	 * @return bool
+	 */
+	function isDisplayableImage(string $mime): bool
+	{
+		return in_array($mime, [
+			'image/apng',
+			'image/bmp',
+			'image/gif',
+			'image/x-icon',
+			'image/jpeg',
+			'image/png',
+			'image/svg',
+			'image/svg+xml',
+			'image/tiff',
+			'image/webp',
+		]);
+	}
+}
+
 if (!function_exists('stringToBytes')) {
 	/**
 	 * @param $str
-	 * @return int|string
+	 * @return float
 	 */
-	function stringToBytes(string $str): int
+	function stringToBytes(string $str): float
 	{
 		$val = trim($str);
 		if (is_numeric($val)) {
-			return (int)$val;
+			return (float)$val;
 		}
 
 		$last = strtolower($val[strlen($val) - 1]);
 		$val = substr($val, 0, -1);
 
-		$val = (int)$val;
+		$val = (float)$val;
 		switch ($last) {
 			case 'g':
 				$val *= 1024;

bin/migrate

@@ -85,7 +85,7 @@ foreach ($files as $file) {
 }
 
 if (isset($argv[1]) && $argv[1] === '--install') {
-	DB::doQuery("INSERT INTO `users` (`email`, `username`, `password`, `is_admin`, `user_code`) VALUES ('admin@example.com', 'admin', ?, 1, ?)", [password_hash('admin', PASSWORD_DEFAULT), substr(md5(microtime()), rand(0, 26), 5)]);
+	DB::doQuery("INSERT INTO `users` (`email`, `username`, `password`, `is_admin`, `user_code`) VALUES ('admin@example.com', 'admin', ?, 1, ?)", [password_hash('admin', PASSWORD_DEFAULT), humanRandomString(5)]);
 }
 
 if (file_exists(__DIR__ . '/../install')) {

bootstrap/app.php

@@ -159,6 +159,7 @@ $container['view'] = function ($container) use (&$config) {
 	$view->getEnvironment()->addFunction(new TwigFunction('asset', 'asset'));
 	$view->getEnvironment()->addFunction(new TwigFunction('mime2font', 'mime2font'));
 	$view->getEnvironment()->addFunction(new TwigFunction('queryParams', 'queryParams'));
+	$view->getEnvironment()->addFunction(new TwigFunction('isDisplayableImage', 'isDisplayableImage'));
 	return $view;
 };
 

composer.json

@@ -1,6 +1,6 @@
 {
   "name": "sergix44/xbackbone",
-  "version": "2.6.3",
+  "version": "2.6.4",
   "description": "A lightweight ShareX PHP backend",
   "type": "project",
   "require": {

install/index.php

@@ -305,7 +305,7 @@ $app->post('/', function (Request $request, Response $response) use (&$config) {
 
 	// if not installed, create the default admin account
 	if (!$installed) {
-		DB::doQuery("INSERT INTO `users` (`email`, `username`, `password`, `is_admin`, `user_code`) VALUES (?, 'admin', ?, 1, ?)", [$request->getParam('email'), password_hash($request->getParam('password'), PASSWORD_DEFAULT), substr(md5(microtime()), rand(0, 26), 5)]);
+		DB::doQuery("INSERT INTO `users` (`email`, `username`, `password`, `is_admin`, `user_code`) VALUES (?, 'admin', ?, 1, ?)", [$request->getParam('email'), password_hash($request->getParam('password'), PASSWORD_DEFAULT), humanRandomString(5)]);
 	}
 
 	// post install cleanup

resources/templates/dashboard/admin.twig

@@ -30,7 +30,7 @@
                                     {% for media in medias %}
                                         <tr id="media_{{ media.id }}">
                                             <td class="text-center">
-                                                {% if media.mimetype starts with 'image' %}
+                                                {% if isDisplayableImage(media.mimetype) %}
                                                     {% if media.username is not null %}
                                                         <img src="{{ urlFor('/' ~ media.user_code ~ '/' ~ media.code ~ '.' ~ media.extension ~ '/raw?width=256&height=128') }}" class="img-fluid rounded admin-img">
                                                     {% else %}

resources/templates/dashboard/home.twig

@@ -12,7 +12,7 @@
                 {% for media in medias %}
                     <div class="col-md-4" id="media_{{ media.id }}">
                         <div class="card mb-4 shadow-sm">
-                            {% if media.mimetype starts with 'image' %}
+                            {% if isDisplayableImage(media.mimetype) %}
                                 <img class="card-img" src="{{ urlFor('/' ~ media.user_code ~ '/' ~ media.code ~ '.' ~ media.extension ~ '/raw?width=286&height=219') }}" alt="Card image">
                             {% else %}
                                 <div class="text-center" style="font-size: 178px;"><i class="far {{ mime2font(media.mimetype) }} mb-4 mt-4"></i></div>