From: Banana <banana@mirage>
Date: Sat, 21 Dec 2019 17:23:25 +0000 (+0100)
Subject: updated default files. Updated documentation
X-Git-Tag: v0.2-beta~11
X-Git-Url: http://91.132.146.200/gitweb/?a=commitdiff_plain;h=b49c6884c1e4e4d611885955c639f79eea71df14;p=selfpaste.git

updated default files. Updated documentation
---

diff --git a/client/selfpaste.default.sh b/client/selfpaste.default.sh
index b6696a7..e35c7c7 100644
--- a/client/selfpaste.default.sh
+++ b/client/selfpaste.default.sh
@@ -8,17 +8,35 @@
 #
 # 2019 https://www.bananas-playground.net/projekt/selfpaste
 
+command -v curl >/dev/null 2>&1 || { echo >&2 "I require curl (https://curl.haxx.se/) but it's not installed.  Aborting."; exit 1; }
+command -v jq >/dev/null 2>&1 || { echo >&2 "I require jq (https://stedolan.github.io/jq/) but it's not installed.  Aborting."; exit 1; }
+
 if [ $# -lt 1 ]; then
 	echo "You need to provide a file to paste";
 	echo "selfpaste.sh /path/to/file";
 	exit 2;
 fi;
 
+ENDPOINT="http://your.tld/selfpaste/webroot/";
+SELFPASTE_UPLOAD_SECRET="PLEASE CHANGE YOUR SECRET TO SOMTHING";
+
 FILENAME="$1";
-ENDPOINT="";
 
 if [[ -r $FILENAME  ]]; then
-  echo "";
+  # add --verbose if you need some more information
+  RESPONSE=$(curl -sS --header "Content-Type:multipart/form-data" --form "pasty=@$FILENAME" --form "dl=$SELFPASTE_UPLOAD_SECRET" $ENDPOINT);
+  # uncomment the following line for more debug info
+  #echo "$RESPONSE";
+  RESPONSE_STATUS=$(echo "$RESPONSE" | jq -r .status);
+  RESPONSE_MESSAGE=$(echo "$RESPONSE" | jq -r .message);
+
+  if [[ $RESPONSE_STATUS == 200 ]]; then
+    echo "$RESPONSE_MESSAGE";
+  else
+    echo "ERROR. Either your request is invalid (size, type or secret) or something on the endpoint went wrong.";
+    echo "Response message: $RESPONSE_MESSAGE";
+    exit 4;
+  fi;
 else
   echo "Provided file is not accessable."
   exit 3;
diff --git a/documentation/filetypes.txt b/documentation/filetypes.txt
new file mode 100644
index 0000000..cb55da7
--- /dev/null
+++ b/documentation/filetypes.txt
@@ -0,0 +1,11 @@
+This tool uses PHP fileinfo: https://www.php.net/manual/en/intro.fileinfo.php
+
+    The functions in this module try to guess the content type and encoding of a file
+    by looking for certain magic byte sequences at specific positions within the file.
+    While this is not a bullet proof approach the heuristics used do a very good job.
+
+It is not really bullet proof, but it does the job. Everything can be manipulated
+to look alike something it isn't.
+
+To expand or reduce the allowed filetypes, edit the SELFPASTE_ALLOWED_FILETYPES string to your needs.
+Again READ the README and security info!
\ No newline at end of file
diff --git a/documentation/security.txt b/documentation/security.txt
new file mode 100644
index 0000000..c66257b
--- /dev/null
+++ b/documentation/security.txt
@@ -0,0 +1,26 @@
+With this tool you provide a remote upload space for everyone.
+Unless you:
+
+    - Keep your secret a secret
+    - Do not use it publicly
+    - Do not promote it as a new paste plattform
+    - Change your secret often
+
+
+This tool uses PHP fileinfo: https://www.php.net/manual/en/intro.fileinfo.php
+
+    The functions in this module try to guess the content type and encoding of a file
+    by looking for certain magic byte sequences at specific positions within the file.
+    While this is not a bullet proof approach the heuristics used do a very good job.
+
+It is not really bulletproof, but it does the job. Everything can be manipulated
+to look alike something it isn't.
+
+So, here is a friendly REMINDER:
+
+    - Use at own risk.
+    - Don't open it up to the public
+    - Check regularly what is added
+    - Clean everything what you do not know
+    - You provide the service by hosting it. Your are responsible for it!
+    - Change your secret often
\ No newline at end of file
diff --git a/webroot/config.default.php b/webroot/config.default.php
index b6c9f0d..15bfe4e 100644
--- a/webroot/config.default.php
+++ b/webroot/config.default.php
@@ -10,3 +10,12 @@
  * 2019 https://www.bananas-playground.net/projekt/selfpaste
  */
 
+# this is your installation secret. Could be anything.
+# Think of it as a key. Change it often to avoid any abuse.
+define('SELFPASTE_UPLOAD_SECRET','PLEASE CHANGE YOUR SECRET');
+# this is the default storage location. If you decide to move, then make sure
+# to move the included .htaccess with it to protect the direct access
+define('SELFPASTE_UPLOAD_DIR','pasties');
+# those are the allowed file types.
+# Make sure you read the README and documentation!
+define(SELFPASTE_ALLOWED_FILETYPES,'');
diff --git a/webroot/pasties/.htaccess b/webroot/pasties/.htaccess
new file mode 100644
index 0000000..b66e808
--- /dev/null
+++ b/webroot/pasties/.htaccess
@@ -0,0 +1 @@
+Require all denied
diff --git a/webroot/view/created.inc.php b/webroot/view/created.inc.php
new file mode 100644
index 0000000..b2fad1d
--- /dev/null
+++ b/webroot/view/created.inc.php
@@ -0,0 +1,12 @@
+<?php
+/**
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the COMMON DEVELOPMENT AND DISTRIBUTION LICENSE
+ *
+ * You should have received a copy of the
+ * COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
+ * along with this program.  If not, see http://www.sun.com/cddl/cddl.html
+ *
+ * 2019 https://www.bananas-playground.net/projekt/selfpaste
+ */
+echo json_encode($contentBody)."\n";
\ No newline at end of file