lock file

2019-09-15 16:00:12 +02:00 · 2019-09-15 16:00:12 +02:00 · 6838ca93c3
commit 6838ca93c3
parent 33e8223222
10 changed files with 66 additions and 16 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,8 @@
+## v2.6.4
+ Filter on displayable images.
+ Fixed during upload error on php compiled for 32 bit.
+ The generated random strings are now more human readable.
+
 ## v2.6.3
 + Fixed #67.
 + Fixed bad preload statement.
--- a/app/Controllers/UploadController.php
+++ b/app/Controllers/UploadController.php
@ -62,7 +62,7 @@ class UploadController extends Controller
 		}

 		do {
-			$code = uniqid();
+			$code = humanRandomString();
 		} while ($this->database->query('SELECT COUNT(*) AS `count` FROM `uploads` WHERE `code` = ?', $code)->fetch()->count > 0);

 		/** @var \Psr\Http\Message\UploadedFileInterface $file */
@ -114,8 +114,12 @@ class UploadController extends Controller
 				$size = $filesystem->getSize($media->storage_path);

 				$type = explode('/', $media->mimetype)[0];
+				if ($type === 'image' && !isDisplayableImage($media->mimetype)) {
+					$type = 'application';
+					$media->mimetype = 'application/octet-stream';
+				}
 				if ($type === 'text') {
-					if ($size <= (200 * 1024)) {// less than 200 KB
+					if ($size <= (200 * 1024)) { // less than 200 KB
 						$media->text = $filesystem->read($media->storage_path);
 					} else {
 						$type = 'application';
--- a/app/Controllers/UserController.php
+++ b/app/Controllers/UserController.php
@ -81,7 +81,7 @@ class UserController extends Controller
 		}

 		do {
-			$userCode = substr(md5(microtime()), rand(0, 26), 5);
+			$userCode = humanRandomString(5);
 		} while ($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `user_code` = ?', $userCode)->fetch()->count > 0);

 		$token = $this->generateNewToken();
--- a/app/helpers.php
+++ b/app/helpers.php
@ -1,9 +1,8 @@
 <?php

-use League\Flysystem\Adapter\Local;
-use League\Flysystem\Filesystem;
-
-require __DIR__ . '/../vendor/autoload.php';
+if (!defined('HUMAN_RANDOM_CHARS')) {
+	define('HUMAN_RANDOM_CHARS', 'bcdfghjklmnpqrstvwxyzBCDFGHJKLMNPQRSTVWXYZaeiouAEIOU');
+}

 if (!function_exists('humanFileSize')) {
 	/**
@ -20,22 +19,63 @@ if (!function_exists('humanFileSize')) {
 	}
 }

+if (!function_exists('humanRandomString')) {
+	/**
+	 * @param int $length
+	 * @return string
+	 */
+	function humanRandomString(int $length = 13): string
+	{
+		$result = '';
+		$numberOffset = round($length * 0.2);
+		for ($x = 0; $x < $length - $numberOffset; $x++) {
+			$result .= ($x % 2) ? HUMAN_RANDOM_CHARS[rand(42, 51)] : HUMAN_RANDOM_CHARS[rand(0, 41)];
+		}
+		for ($x = 0; $x < $numberOffset; $x++) {
+			$result .= rand(0, 9);
+		}
+		return $result;
+	}
+}
+
+if (!function_exists('isDisplayableImage')) {
+	/**
+	 * @param string $mime
+	 * @return bool
+	 */
+	function isDisplayableImage(string $mime): bool
+	{
+		return in_array($mime, [
+			'image/apng',
+			'image/bmp',
+			'image/gif',
+			'image/x-icon',
+			'image/jpeg',
+			'image/png',
+			'image/svg',
+			'image/svg+xml',
+			'image/tiff',
+			'image/webp',
+		]);
+	}
+}
+
 if (!function_exists('stringToBytes')) {
 	/**
 	 * @param $str
-	 * @return int|string
+	 * @return float
 	 */
-	function stringToBytes(string $str): int
+	function stringToBytes(string $str): float
 	{
 		$val = trim($str);
 		if (is_numeric($val)) {
-			return (int)$val;
+			return (float)$val;
 		}

 		$last = strtolower($val[strlen($val) - 1]);
 		$val = substr($val, 0, -1);

-		$val = (int)$val;
+		$val = (float)$val;
 		switch ($last) {
 			case 'g':
 				$val *= 1024;
--- a/bin/migrate
+++ b/bin/migrate
@ -85,7 +85,7 @@ foreach ($files as $file) {
 }

 if (isset($argv[1]) && $argv[1] === '--install') {
-	DB::doQuery("INSERT INTO `users` (`email`, `username`, `password`, `is_admin`, `user_code`) VALUES ('admin@example.com', 'admin', ?, 1, ?)", [password_hash('admin', PASSWORD_DEFAULT), substr(md5(microtime()), rand(0, 26), 5)]);
+	DB::doQuery("INSERT INTO `users` (`email`, `username`, `password`, `is_admin`, `user_code`) VALUES ('admin@example.com', 'admin', ?, 1, ?)", [password_hash('admin', PASSWORD_DEFAULT), humanRandomString(5)]);
 }

 if (file_exists(__DIR__ . '/../install')) {
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@ -159,6 +159,7 @@ $container['view'] = function ($container) use (&$config) {
 	$view->getEnvironment()->addFunction(new TwigFunction('asset', 'asset'));
 	$view->getEnvironment()->addFunction(new TwigFunction('mime2font', 'mime2font'));
 	$view->getEnvironment()->addFunction(new TwigFunction('queryParams', 'queryParams'));
+	$view->getEnvironment()->addFunction(new TwigFunction('isDisplayableImage', 'isDisplayableImage'));
 	return $view;
 };

--- a/composer.json
+++ b/composer.json
@ -1,6 +1,6 @@
 {
  "name": "sergix44/xbackbone",
-  "version": "2.6.3",
+  "version": "2.6.4",
  "description": "A lightweight ShareX PHP backend",
  "type": "project",
  "require": {
--- a/install/index.php
+++ b/install/index.php
@ -305,7 +305,7 @@ $app->post('/', function (Request $request, Response $response) use (&$config) {

 	// if not installed, create the default admin account
 	if (!$installed) {
-		DB::doQuery("INSERT INTO `users` (`email`, `username`, `password`, `is_admin`, `user_code`) VALUES (?, 'admin', ?, 1, ?)", [$request->getParam('email'), password_hash($request->getParam('password'), PASSWORD_DEFAULT), substr(md5(microtime()), rand(0, 26), 5)]);
+		DB::doQuery("INSERT INTO `users` (`email`, `username`, `password`, `is_admin`, `user_code`) VALUES (?, 'admin', ?, 1, ?)", [$request->getParam('email'), password_hash($request->getParam('password'), PASSWORD_DEFAULT), humanRandomString(5)]);
 	}

 	// post install cleanup
--- a/resources/templates/dashboard/admin.twig
+++ b/resources/templates/dashboard/admin.twig
@ -30,7 +30,7 @@
                                    {% for media in medias %}
                                        <tr id="media_{{ media.id }}">
                                            <td class="text-center">
-                                                {% if media.mimetype starts with 'image' %}
+                                                {% if isDisplayableImage(media.mimetype) %}
                                                    {% if media.username is not null %}
                                                        <img src="{{ urlFor('/' ~ media.user_code ~ '/' ~ media.code ~ '.' ~ media.extension ~ '/raw?width=256&height=128') }}" class="img-fluid rounded admin-img">
                                                    {% else %}
--- a/resources/templates/dashboard/home.twig
+++ b/resources/templates/dashboard/home.twig
@ -12,7 +12,7 @@
                {% for media in medias %}
                    <div class="col-md-4" id="media_{{ media.id }}">
                        <div class="card mb-4 shadow-sm">
-                            {% if media.mimetype starts with 'image' %}
+                            {% if isDisplayableImage(media.mimetype) %}
                                <img class="card-img" src="{{ urlFor('/' ~ media.user_code ~ '/' ~ media.code ~ '.' ~ media.extension ~ '/raw?width=286&height=219') }}" alt="Card image">
                            {% else %}
                                <div class="text-center" style="font-size: 178px;"><i class="far {{ mime2font(media.mimetype) }} mb-4 mt-4"></i></div>