From: Banana <mail@bananas-playground.net>
Date: Tue, 3 Oct 2023 09:28:22 +0000 (+0200)
Subject: server php code cleanup and php8
X-Git-Tag: 1.5~7
X-Git-Url: http://91.132.146.200/gitweb/?a=commitdiff_plain;h=b5ff43402b2077b328d2034f05b0af926427a492;p=selfpaste.git

server php code cleanup and php8
---

diff --git a/webroot/index.php b/webroot/index.php
index 2f252e7..29f4b94 100644
--- a/webroot/index.php
+++ b/webroot/index.php
@@ -1,41 +1,46 @@
 <?php
 /**
  * This program is free software: you can redistribute it and/or modify
- * it under the terms of the COMMON DEVELOPMENT AND DISTRIBUTION LICENSE
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
  *
- * You should have received a copy of the
- * COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
- * along with this program.  If not, see http://www.sun.com/cddl/cddl.html
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
  *
- * 2019 - 2020 https://://www.bananas-playground.net/projekt/selfpaste
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see http://www.gnu.org/licenses/gpl-3.0.
+ *
+ * 2019 - 2023 https://://www.bananas-playground.net/projekt/selfpaste
  */
 
 # global debug setting
-define('DEBUG',false);
+const DEBUG = false;
 
 # Encoding and error reporting setting
 mb_http_output('UTF-8');
 mb_internal_encoding('UTF-8');
-ini_set('error_reporting',-1); // E_ALL & E_STRICT
+error_reporting(-1); // E_ALL & E_STRICT
 
 # default time setting
 date_default_timezone_set('Europe/Berlin');
 
 # check request
-$_urlToParse = filter_var($_SERVER['QUERY_STRING'],FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
+$_urlToParse = filter_var($_SERVER['QUERY_STRING'],FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW);
 if(!empty($_urlToParse)) {
     if(preg_match('/[\p{C}\p{M}\p{Sc}\p{Sk}\p{So}\p{Zl}\p{Zp}]/u',$_urlToParse) === 1) {
         die('Malformed request. Make sure you know what you are doing.');
     }
 }
 
-define('ERROR_LOG_FILE','./logs/error.log');
-define('CREATE_LOG','./logs/create.log');
+const ERROR_LOG_FILE = './logs/error.log';
+const CREATE_LOG = './logs/create.log';
 
 # error reporting
 ini_set('log_errors',true);
-ini_set('error_log',ERROR_LOG_FILE);
-if(DEBUG === true) {
+if(DEBUG) {
     ini_set('display_errors',true);
 }
 else {
@@ -75,7 +80,7 @@ if(!empty($_short)) {
     $_t = Summoner::b64sl_unpack_id($_short);
     $_t = (string)$_t;
     $_p = Summoner::forwardslashStringToPath($_t);
-    $_requestFile = Summoner::endsWith(SELFPASTE_UPLOAD_DIR,'/') ? SELFPASTE_UPLOAD_DIR : SELFPASTE_UPLOAD_DIR.'/';
+    $_requestFile = str_ends_with(SELFPASTE_UPLOAD_DIR,'/') ? SELFPASTE_UPLOAD_DIR : SELFPASTE_UPLOAD_DIR.'/';
     $_requestFile .= $_p;
     $_requestFile .= $_t;
     if(is_readable($_requestFile)) {
diff --git a/webroot/lib/mancubus.class.php b/webroot/lib/mancubus.class.php
index c3af2ce..10c424a 100644
--- a/webroot/lib/mancubus.class.php
+++ b/webroot/lib/mancubus.class.php
@@ -1,13 +1,19 @@
 <?php
 /**
  * This program is free software: you can redistribute it and/or modify
- * it under the terms of the COMMON DEVELOPMENT AND DISTRIBUTION LICENSE
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
  *
- * You should have received a copy of the
- * COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
- * along with this program.  If not, see http://www.sun.com/cddl/cddl.html
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
  *
- * 2019 - 2020 https://://www.bananas-playground.net/projekt/selfpaste
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see http://www.gnu.org/licenses/gpl-3.0.
+ *
+ * 2019 - 2023 https://://www.bananas-playground.net/projekt/selfpaste
  */
 
 /**
@@ -15,8 +21,18 @@
  */
 class Mancubus {
 
-    private $_uploadedData;
-    private $_short;
+    /**
+     * Content from $_FILES
+     * @var array
+     */
+    private array $_uploadedData;
+
+    /**
+     * The short id
+     * @var string
+     */
+    private string $_short;
+
     private $_saveFilename;
     private $_storagePath;
     private $_shortURL;
@@ -30,10 +46,11 @@ class Mancubus {
     /**
      * Requires a single upload from $_FILES
      * @see https://www.php.net/manual/en/features.file-upload.post-method.php
+     *
      * @param $file array
      * @return bool
      */
-    public function load($file) {
+    public function load(array $file): bool {
         $ret = false;
 
         if(isset($file['name'])
@@ -52,9 +69,11 @@ class Mancubus {
     /**
      * Either set short to given string
      * or create from _saveFilename. In this case _saveFilename is a number
+     *
      * @param string $short
+     * @return void
      */
-    public function setShort($short='') {
+    public function setShort(string $short=''): void {
         if($short != '') {
             $this->_short = $short;
         }
@@ -66,15 +85,16 @@ class Mancubus {
     /**
      * Either set _saveFilename to given string
      * or create from a random number. In this case _short needs this as a base
+     *
      * @param string $string
-     * @throws Exception
+     * @return void
      */
-    public function setSaveFilename($string='') {
+    public function setSaveFilename(string $string=''): void {
         if($string != '') {
             $this->_saveFilename = $string;
         }
         else {
-            $r = random_int(1000, 9999);
+            $r = rand(1000, 9999);
             $this->_saveFilename = (string)$r;
         }
     }
@@ -82,9 +102,10 @@ class Mancubus {
     /**
      * Set _shortURL to given string
      * or create based on SELFPASTE_URL and _short
+     *
      * @param string $string
      */
-    public function setShortURL($string='') {
+    public function setShortURL(string $string=''): void {
         if($string != '') {
             $this->_shortURL = $string;
         }
@@ -96,8 +117,10 @@ class Mancubus {
     /**
      * set the right storage path based on _saveFilename
      * and SELFPASTE_UPLOAD_DIR
+     *
+     * @return void
      */
-    public function setStoragePath() {
+    public function setStoragePath(): void {
         $string = $this->_saveFilename;
 
         if(!empty($string)) {
@@ -110,9 +133,10 @@ class Mancubus {
     /**
      * After setting importing stuff process the upload
      * return status and message
+     *
      * @return array
      */
-    public function process() {
+    public function process(): array {
         $ret = array(
             'message' => '',
             'status' => false
@@ -136,19 +160,22 @@ class Mancubus {
 
     /**
      * Cleans lifetime and floodfiles.
-     * @param boolean
+     *
+     * @param bool $verbose
+     * @return void
      */
-    public function cleanupCronjob($verbose=false) {
+    public function cleanupCronjob(bool $verbose=false): void {
         $this->_cleanupFloodFiles($verbose);
         $this->_checkLifetime($verbose);
     }
 
     /**
      * Check if the POST upload worked
+     *
      * @return array message,status
      * @throws Exception
      */
-    private function _checkFileUploadStatus() {
+    private function _checkFileUploadStatus(): array {
         $check = Summoner::checkFileUploadStatus($this->_uploadedData['error']);
 
         if($check['status'] === true) {
@@ -162,10 +189,11 @@ class Mancubus {
 
     /**
      * Check if the uploaded file matches the allowed filetypes
+     *
      * @return array message,status
      * @throws Exception
      */
-    private function _checkAllowedFiletype() {
+    private function _checkAllowedFiletype(): array {
         $message = "Filetype not supported";
         $status = false;
 
@@ -174,7 +202,7 @@ class Mancubus {
             $finfo = finfo_open(FILEINFO_MIME_TYPE);
             $mime = finfo_file($finfo, $workWith);
             finfo_close($finfo);
-            if(strpos(SELFPASTE_ALLOWED_FILETYPES,$mime) !== false) {
+            if(str_contains(SELFPASTE_ALLOWED_FILETYPES, $mime)) {
                 $status = true;
                 $message = "Filetype allowed";
             }
@@ -195,10 +223,11 @@ class Mancubus {
     /**
      * check if SELFPASTE_UPLOAD_DIR and _storagePath
      * is creatable. If so create _storagePath
-     * @return array
+     *
+     * @return array message,status
      * @throws Exception
      */
-    private function _checkStorage() {
+    private function _checkStorage(): array {
         $message = "File storage failure";
         $status = false;
 
@@ -226,10 +255,11 @@ class Mancubus {
     /**
      * Move the tmp_file from _uploadedData to the new location
      * provided by _storagePath and _saveFilename
-     * @return array
+     *
+     * @return array message,status
      * @throws Exception
      */
-    private function _moveUploadedFile() {
+    private function _moveUploadedFile(): array {
         $message = "File storage failure";
         $status = false;
 
@@ -237,7 +267,7 @@ class Mancubus {
         $workwithFilename = $this->_saveFilename;
 
         if(!empty($workwithPath) && !empty($workwithFilename)) {
-            $_newFilename = Summoner::endsWith($workwithPath,'/') ? $workwithPath : $workwithPath.'/';
+            $_newFilename = str_ends_with($workwithPath,'/') ? $workwithPath : $workwithPath.'/';
             $_newFilename .= $workwithFilename;
             if(move_uploaded_file($this->_uploadedData['tmp_name'], $_newFilename)) {
                 $status = true;
@@ -261,10 +291,11 @@ class Mancubus {
     /**
      * check if the current paste request is within limits
      * for this check if the file exists. If so just return the shortURL
-     * @return array
+     *
+     * @return array message,status
      * @throws Exception
      */
-    private function _checkFlood() {
+    private function _checkFlood(): array {
         $message = "Failing flood requirements";
         $status = false;
 
@@ -299,12 +330,14 @@ class Mancubus {
 
     /**
      * clean up the flood tmp files. Everything older then 30 sec will be deleted.
+     *
+     * @param bool $verbose
      */
-    private function _cleanupFloodFiles($verbose=false) {
+    private function _cleanupFloodFiles(bool $verbose=false): void {
         $iterator = new DirectoryIterator(SELFPASTE_UPLOAD_DIR);
         $now = time();
         foreach ($iterator as $file) {
-            if($file->isDot() || $file->isDir() || Summoner::startsWith($file->getFilename(),'.')) continue;
+            if($file->isDot() || $file->isDir() || str_starts_with($file->getFilename(),'.')) continue;
             if ($now - $file->getCTime() >= SELFPASTE_FLOOD_LIFETIME) {
                 if($verbose === true) echo "Delete ".$file->getFilename()."\n";
                 unlink(SELFPASTE_UPLOAD_DIR.'/'.$file->getFilename());
@@ -314,15 +347,17 @@ class Mancubus {
 
     /**
      * delete all pastes older than SELFPASTE_PASTE_LIFETIME
+     *
+     * @param bool $verbose
      */
-    private function _checkLifetime($verbose=false) {
+    private function _checkLifetime(bool $verbose=false): void {
         $iterator = new RecursiveDirectoryIterator(SELFPASTE_UPLOAD_DIR);
         $datepointInThePastInSec = strtotime('-'.SELFPASTE_PASTE_LIFETIME.' days');
 
         foreach (new RecursiveIteratorIterator($iterator) as $file) {
             $fname = $file->getFilename();
             if($file->isDir()
-                || Summoner::startsWith($file->getFilename(),'.')
+                || str_starts_with($file->getFilename(),'.')
                 || isset($fname[4])
             ) continue;
             if ($file->getMTime() <= $datepointInThePastInSec) {
@@ -333,4 +368,4 @@ class Mancubus {
             }
         }
     }
-}
\ No newline at end of file
+}
diff --git a/webroot/lib/summoner.class.php b/webroot/lib/summoner.class.php
index 7c2ea3a..5eb9d24 100644
--- a/webroot/lib/summoner.class.php
+++ b/webroot/lib/summoner.class.php
@@ -1,28 +1,33 @@
 <?php
 /**
  * This program is free software: you can redistribute it and/or modify
- * it under the terms of the COMMON DEVELOPMENT AND DISTRIBUTION LICENSE
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
  *
- * You should have received a copy of the
- * COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
- * along with this program.  If not, see http://www.sun.com/cddl/cddl.html
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
  *
- * 2019 - 2020 https://://www.bananas-playground.net/projekt/selfpaste
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see http://www.gnu.org/licenses/gpl-3.0.
+ *
+ * 2019 - 2023 https://://www.bananas-playground.net/projekt/selfpaste
  */
 
 /**
  * a static helper class
  */
 class Summoner {
+
     /**
      * validate the given string with the given type. Optional check the string
      * length
      *
      * @param string $input The string to check
      * @param string $mode How the string should be checked
-     * @param mixed $limit If int given the string is checked for length
-     *
-     * @return bool
+     * @param int $limit If int given the string is checked for length
      *
      * @see http://de.php.net/manual/en/regexp.reference.unicode.php
      * http://www.sql-und-xml.de/unicode-database/#pc
@@ -30,8 +35,10 @@ class Summoner {
      * the pattern replaces all that is allowed. the correct result after
      * the replace should be empty, otherwise are there chars which are not
      * allowed
+     *
+     * @return bool
      */
-    static function validate($input,$mode='text',$limit=false) {
+    static function validate(string $input, string $mode='text', int $limit=0): bool {
         // check if we have input
         $input = trim($input);
 
@@ -67,7 +74,7 @@ class Summoner {
                 // text without any whitespace and special chars
                 // but with Punctuation other
                 # http://www.sql-und-xml.de/unicode-database/po.html
-                $pattern = '/[\p{L}\p{N}\p{Po}\-]/u';
+                $pattern = '/[\p{L}\p{N}\p{Po}\-_]/u';
                 break;
 
             case 'digit':
@@ -79,7 +86,7 @@ class Summoner {
             case 'pageTitle':
                 // text with whitespace and without special chars
                 // but with Punctuation
-                $pattern = '/[\p{L}\p{N}\p{Po}\p{Z}\s-]/u';
+                $pattern = '/[\p{L}\p{N}\p{Po}\p{Z}\s\-_]/u';
                 break;
 
             # strange. the \p{M} is needed.. don't know why..
@@ -109,42 +116,14 @@ class Summoner {
         return $ret;
     }
 
-    /**
-     * check if a string starts with a given string
-     *
-     * @param string $haystack
-     * @param string $needle
-     * @return boolean
-     */
-    static function startsWith($haystack, $needle) {
-        $length = strlen($needle);
-        return (substr($haystack, 0, $length) === $needle);
-    }
-
-    /**
-     * check if a string ends with a given string
-     *
-     * @param string $haystack
-     * @param string $needle
-     * @return boolean
-     */
-    static function endsWith($haystack, $needle) {
-        $length = strlen($needle);
-        if ($length == 0) {
-            return true;
-        }
-
-        return (substr($haystack, -$length) === $needle);
-    }
-
-
     /**
      * Simple helper to detect the $_FILES upload status
      * Expects the error value from $_FILES['error']
-     * @param $error
+     *
+     * @param int $error
      * @return array
      */
-    static function checkFileUploadStatus($error) {
+    static function checkFileUploadStatus(int $error): array {
         $message = "Unknown upload error";
         $status = false;
 
@@ -188,7 +167,7 @@ class Summoner {
      * @see https://www.jwz.org/base64-shortlinks/
      * @return string
      */
-    static function b64sl_pack_id($id) {
+    static function b64sl_pack_id(string $id): string {
         $id = intval($id);
         $ida = ($id > 0xFFFFFFFF ? $id >> 32 : 0);	// 32 bit big endian, top
         $idb = ($id & 0xFFFFFFFF);			// 32 bit big endian, bottom
@@ -205,10 +184,10 @@ class Summoner {
      * Decode a base64-encoded big-endian integer of up to 64 bits.
      *
      * @see https://www.jwz.org/base64-shortlinks/
-     * @param $id
-     * @return false|int|string|string[]
+     * @param string $id
+     * @return int
      */
-    static function b64sl_unpack_id($id) {
+    static function b64sl_unpack_id(string $id): int {
         $id = str_replace ('-', '+', $id);		// decode URL-unsafe "+" "/"
         $id = str_replace ('_', '/', $id);
         $id = base64_decode ($id);
@@ -222,10 +201,11 @@ class Summoner {
      * create based on the given string a path
      * each char in string is a dir
      * asdef -> a/s/d/e/f/
-     * @param $string
+     *
+     * @param string $string
      * @return string
      */
-    static function forwardslashStringToPath($string) {
+    static function forwardslashStringToPath(string $string): string {
         $ret = '';
         if(!empty($string)) {
             for ($i = 0; $i < strlen($string); $i++) {
diff --git a/webroot/view/created.inc.php b/webroot/view/created.inc.php
index aee9608..e4a0c30 100644
--- a/webroot/view/created.inc.php
+++ b/webroot/view/created.inc.php
@@ -1,12 +1,18 @@
 <?php
 /**
  * This program is free software: you can redistribute it and/or modify
- * it under the terms of the COMMON DEVELOPMENT AND DISTRIBUTION LICENSE
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
  *
- * You should have received a copy of the
- * COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
- * along with this program.  If not, see http://www.sun.com/cddl/cddl.html
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
  *
- * 2019 - 2020 https://://www.bananas-playground.net/projekt/selfpaste
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see http://www.gnu.org/licenses/gpl-3.0.
+ *
+ * 2019 - 2023 https://://www.bananas-playground.net/projekt/selfpaste
  */
-echo json_encode($contentBody)."\n";
\ No newline at end of file
+echo json_encode($contentBody)."\n";
diff --git a/webroot/view/view.inc.php b/webroot/view/view.inc.php
index 42a7bf4..d83e83e 100644
--- a/webroot/view/view.inc.php
+++ b/webroot/view/view.inc.php
@@ -1,13 +1,19 @@
 <?php
 /**
  * This program is free software: you can redistribute it and/or modify
- * it under the terms of the COMMON DEVELOPMENT AND DISTRIBUTION LICENSE
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
  *
- * You should have received a copy of the
- * COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
- * along with this program.  If not, see http://www.sun.com/cddl/cddl.html
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
  *
- * 2019 - 2020 https://://www.bananas-playground.net/projekt/selfpaste
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see http://www.gnu.org/licenses/gpl-3.0.
+ *
+ * 2019 - 2023 https://://www.bananas-playground.net/projekt/selfpaste
  */
 if (file_exists($contentBody)) {
     header('Expires: 0');
@@ -18,4 +24,4 @@ if (file_exists($contentBody)) {
 }
 else {
     echo $contentBody;
-}
\ No newline at end of file
+}
diff --git a/webroot/view/welcome.inc.php b/webroot/view/welcome.inc.php
index 542a7b7..4fe7eec 100644
--- a/webroot/view/welcome.inc.php
+++ b/webroot/view/welcome.inc.php
@@ -1,20 +1,27 @@
 <?php
 /**
  * This program is free software: you can redistribute it and/or modify
- * it under the terms of the COMMON DEVELOPMENT AND DISTRIBUTION LICENSE
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
  *
- * You should have received a copy of the
- * COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
- * along with this program.  If not, see http://www.sun.com/cddl/cddl.html
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
  *
- * 2019 - 2020 https://://www.bananas-playground.net/projekt/selfpaste
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see http://www.gnu.org/licenses/gpl-3.0.
+ *
+ * 2019 - 2023 https://://www.bananas-playground.net/projekt/selfpaste
  */
 ?>
 <!DOCTYPE HTML>
-<html>
+<html lang="en">
     <head>
         <meta charset="utf-8" />
         <meta name="author" content="selfpaste">
+	    <title>selfpaste</title>
     </head>
     <body>
         <p>Thank you for using selfpaste.</p>