lock file

This commit is contained in:
Sergio Brighenti 2019-09-15 16:00:12 +02:00
parent 33e8223222
commit 6838ca93c3
10 changed files with 66 additions and 16 deletions

View file

@ -1,3 +1,8 @@
## v2.6.4
+ Filter on displayable images.
+ Fixed during upload error on php compiled for 32 bit.
+ The generated random strings are now more human readable.
## v2.6.3 ## v2.6.3
+ Fixed #67. + Fixed #67.
+ Fixed bad preload statement. + Fixed bad preload statement.

View file

@ -62,7 +62,7 @@ class UploadController extends Controller
} }
do { do {
$code = uniqid(); $code = humanRandomString();
} while ($this->database->query('SELECT COUNT(*) AS `count` FROM `uploads` WHERE `code` = ?', $code)->fetch()->count > 0); } while ($this->database->query('SELECT COUNT(*) AS `count` FROM `uploads` WHERE `code` = ?', $code)->fetch()->count > 0);
/** @var \Psr\Http\Message\UploadedFileInterface $file */ /** @var \Psr\Http\Message\UploadedFileInterface $file */
@ -114,8 +114,12 @@ class UploadController extends Controller
$size = $filesystem->getSize($media->storage_path); $size = $filesystem->getSize($media->storage_path);
$type = explode('/', $media->mimetype)[0]; $type = explode('/', $media->mimetype)[0];
if ($type === 'image' && !isDisplayableImage($media->mimetype)) {
$type = 'application';
$media->mimetype = 'application/octet-stream';
}
if ($type === 'text') { if ($type === 'text') {
if ($size <= (200 * 1024)) {// less than 200 KB if ($size <= (200 * 1024)) { // less than 200 KB
$media->text = $filesystem->read($media->storage_path); $media->text = $filesystem->read($media->storage_path);
} else { } else {
$type = 'application'; $type = 'application';

View file

@ -81,7 +81,7 @@ class UserController extends Controller
} }
do { do {
$userCode = substr(md5(microtime()), rand(0, 26), 5); $userCode = humanRandomString(5);
} while ($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `user_code` = ?', $userCode)->fetch()->count > 0); } while ($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `user_code` = ?', $userCode)->fetch()->count > 0);
$token = $this->generateNewToken(); $token = $this->generateNewToken();

View file

@ -1,9 +1,8 @@
<?php <?php
use League\Flysystem\Adapter\Local; if (!defined('HUMAN_RANDOM_CHARS')) {
use League\Flysystem\Filesystem; define('HUMAN_RANDOM_CHARS', 'bcdfghjklmnpqrstvwxyzBCDFGHJKLMNPQRSTVWXYZaeiouAEIOU');
}
require __DIR__ . '/../vendor/autoload.php';
if (!function_exists('humanFileSize')) { if (!function_exists('humanFileSize')) {
/** /**
@ -20,22 +19,63 @@ if (!function_exists('humanFileSize')) {
} }
} }
if (!function_exists('humanRandomString')) {
/**
* @param int $length
* @return string
*/
function humanRandomString(int $length = 13): string
{
$result = '';
$numberOffset = round($length * 0.2);
for ($x = 0; $x < $length - $numberOffset; $x++) {
$result .= ($x % 2) ? HUMAN_RANDOM_CHARS[rand(42, 51)] : HUMAN_RANDOM_CHARS[rand(0, 41)];
}
for ($x = 0; $x < $numberOffset; $x++) {
$result .= rand(0, 9);
}
return $result;
}
}
if (!function_exists('isDisplayableImage')) {
/**
* @param string $mime
* @return bool
*/
function isDisplayableImage(string $mime): bool
{
return in_array($mime, [
'image/apng',
'image/bmp',
'image/gif',
'image/x-icon',
'image/jpeg',
'image/png',
'image/svg',
'image/svg+xml',
'image/tiff',
'image/webp',
]);
}
}
if (!function_exists('stringToBytes')) { if (!function_exists('stringToBytes')) {
/** /**
* @param $str * @param $str
* @return int|string * @return float
*/ */
function stringToBytes(string $str): int function stringToBytes(string $str): float
{ {
$val = trim($str); $val = trim($str);
if (is_numeric($val)) { if (is_numeric($val)) {
return (int)$val; return (float)$val;
} }
$last = strtolower($val[strlen($val) - 1]); $last = strtolower($val[strlen($val) - 1]);
$val = substr($val, 0, -1); $val = substr($val, 0, -1);
$val = (int)$val; $val = (float)$val;
switch ($last) { switch ($last) {
case 'g': case 'g':
$val *= 1024; $val *= 1024;

View file

@ -85,7 +85,7 @@ foreach ($files as $file) {
} }
if (isset($argv[1]) && $argv[1] === '--install') { if (isset($argv[1]) && $argv[1] === '--install') {
DB::doQuery("INSERT INTO `users` (`email`, `username`, `password`, `is_admin`, `user_code`) VALUES ('admin@example.com', 'admin', ?, 1, ?)", [password_hash('admin', PASSWORD_DEFAULT), substr(md5(microtime()), rand(0, 26), 5)]); DB::doQuery("INSERT INTO `users` (`email`, `username`, `password`, `is_admin`, `user_code`) VALUES ('admin@example.com', 'admin', ?, 1, ?)", [password_hash('admin', PASSWORD_DEFAULT), humanRandomString(5)]);
} }
if (file_exists(__DIR__ . '/../install')) { if (file_exists(__DIR__ . '/../install')) {

View file

@ -159,6 +159,7 @@ $container['view'] = function ($container) use (&$config) {
$view->getEnvironment()->addFunction(new TwigFunction('asset', 'asset')); $view->getEnvironment()->addFunction(new TwigFunction('asset', 'asset'));
$view->getEnvironment()->addFunction(new TwigFunction('mime2font', 'mime2font')); $view->getEnvironment()->addFunction(new TwigFunction('mime2font', 'mime2font'));
$view->getEnvironment()->addFunction(new TwigFunction('queryParams', 'queryParams')); $view->getEnvironment()->addFunction(new TwigFunction('queryParams', 'queryParams'));
$view->getEnvironment()->addFunction(new TwigFunction('isDisplayableImage', 'isDisplayableImage'));
return $view; return $view;
}; };

View file

@ -1,6 +1,6 @@
{ {
"name": "sergix44/xbackbone", "name": "sergix44/xbackbone",
"version": "2.6.3", "version": "2.6.4",
"description": "A lightweight ShareX PHP backend", "description": "A lightweight ShareX PHP backend",
"type": "project", "type": "project",
"require": { "require": {

View file

@ -305,7 +305,7 @@ $app->post('/', function (Request $request, Response $response) use (&$config) {
// if not installed, create the default admin account // if not installed, create the default admin account
if (!$installed) { if (!$installed) {
DB::doQuery("INSERT INTO `users` (`email`, `username`, `password`, `is_admin`, `user_code`) VALUES (?, 'admin', ?, 1, ?)", [$request->getParam('email'), password_hash($request->getParam('password'), PASSWORD_DEFAULT), substr(md5(microtime()), rand(0, 26), 5)]); DB::doQuery("INSERT INTO `users` (`email`, `username`, `password`, `is_admin`, `user_code`) VALUES (?, 'admin', ?, 1, ?)", [$request->getParam('email'), password_hash($request->getParam('password'), PASSWORD_DEFAULT), humanRandomString(5)]);
} }
// post install cleanup // post install cleanup

View file

@ -30,7 +30,7 @@
{% for media in medias %} {% for media in medias %}
<tr id="media_{{ media.id }}"> <tr id="media_{{ media.id }}">
<td class="text-center"> <td class="text-center">
{% if media.mimetype starts with 'image' %} {% if isDisplayableImage(media.mimetype) %}
{% if media.username is not null %} {% if media.username is not null %}
<img src="{{ urlFor('/' ~ media.user_code ~ '/' ~ media.code ~ '.' ~ media.extension ~ '/raw?width=256&height=128') }}" class="img-fluid rounded admin-img"> <img src="{{ urlFor('/' ~ media.user_code ~ '/' ~ media.code ~ '.' ~ media.extension ~ '/raw?width=256&height=128') }}" class="img-fluid rounded admin-img">
{% else %} {% else %}

View file

@ -12,7 +12,7 @@
{% for media in medias %} {% for media in medias %}
<div class="col-md-4" id="media_{{ media.id }}"> <div class="col-md-4" id="media_{{ media.id }}">
<div class="card mb-4 shadow-sm"> <div class="card mb-4 shadow-sm">
{% if media.mimetype starts with 'image' %} {% if isDisplayableImage(media.mimetype) %}
<img class="card-img" src="{{ urlFor('/' ~ media.user_code ~ '/' ~ media.code ~ '.' ~ media.extension ~ '/raw?width=286&height=219') }}" alt="Card image"> <img class="card-img" src="{{ urlFor('/' ~ media.user_code ~ '/' ~ media.code ~ '.' ~ media.extension ~ '/raw?width=286&height=219') }}" alt="Card image">
{% else %} {% else %}
<div class="text-center" style="font-size: 178px;"><i class="far {{ mime2font(media.mimetype) }} mb-4 mt-4"></i></div> <div class="text-center" style="font-size: 178px;"><i class="far {{ mime2font(media.mimetype) }} mb-4 mt-4"></i></div>