From a72a6c1ba2292c4272fdb412675418688ad2eaae Mon Sep 17 00:00:00 2001 From: Banana Date: Mon, 6 Apr 2020 22:27:23 +0200 Subject: [PATCH] Multiple secrets --- CHANGELOG | 3 ++- TODO | 2 -- documentation/requirements.txt | 2 +- documentation/update.txt | 15 ++++++++++++++- webroot/config.default.php | 10 +++++++++- webroot/index.php | 12 +++++++++--- 6 files changed, 35 insertions(+), 9 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index e44f1dc..40d7915 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -4,7 +4,8 @@ tbd version 0.4-beta Beryllium * added html and js to the default allowed files * added an example cronjob file which can be used to clean old pastes. See clean-cronjob.txt for more - detals + details +* Multiple secrets are now supported 2020101 version 0.3-beta Lithium * Update information now included diff --git a/TODO b/TODO index 8f1f48c..e69de29 100644 --- a/TODO +++ b/TODO @@ -1,2 +0,0 @@ -* small footprint -* multiple secrets diff --git a/documentation/requirements.txt b/documentation/requirements.txt index b1209a2..70a5c92 100644 --- a/documentation/requirements.txt +++ b/documentation/requirements.txt @@ -2,5 +2,5 @@ PHP >=7.3 Apache >= 2.4 - mod_deflate - mod_rewrite -- htaccess support +- htaccess support AllowOverride All Bash, curl and jq for included bash client \ No newline at end of file diff --git a/documentation/update.txt b/documentation/update.txt index 20d28a7..dd7ee4f 100644 --- a/documentation/update.txt +++ b/documentation/update.txt @@ -1,2 +1,15 @@ If you update from a previous version make sure every update step is done -since your current used version. \ No newline at end of file +since your current used version. + +## 0.4-beta Beryllium +Update your config.php to reflect the following updates. +selfpaste does now support the usage of multiple secrets. +The usage is written into create.log +define('SELFPASTE_UPLOAD_SECRET', + array( + 'PLEASE CHANGE YOUR SECRET' => 'Your description for this secret 1', + 'PLEASE_2' => 'Your description for this secret' + ) +); +# creation of a paste and which secret was used into logs/create.log file +define('LOG_CREATION',true); \ No newline at end of file diff --git a/webroot/config.default.php b/webroot/config.default.php index 81b2b40..dfa0af5 100644 --- a/webroot/config.default.php +++ b/webroot/config.default.php @@ -12,7 +12,15 @@ # this is your installation secret. Could be anything. # Think of it as a key. Change it often to avoid any abuse. -define('SELFPASTE_UPLOAD_SECRET','PLEASE CHANGE YOUR SECRET'); +# The description will be used in the log files +define('SELFPASTE_UPLOAD_SECRET', + array( + 'PLEASE CHANGE YOUR SECRET' => 'Your description for this secret 1', + 'PLEASE CHANGE YOUR SECRET' => 'Your description for this secret' + ) +); +# creation of a paste and which secret was used into logs/create.log file +define('LOG_CREATION',true); # this is the default storage location. If you decide to move, then make sure # to move the included .htaccess with it to protect the direct access define('SELFPASTE_UPLOAD_DIR','pasties'); diff --git a/webroot/index.php b/webroot/index.php index 95f4900..ff0ae72 100644 --- a/webroot/index.php +++ b/webroot/index.php @@ -29,9 +29,12 @@ if(!empty($_urlToParse)) { } } +define('ERROR_LOG_FILE','./logs/error.log'); +define('CREATE_LOG','./logs/create.log'); + # error reporting ini_set('log_errors',true); -ini_set('error_log','./logs/error.log'); +ini_set('error_log',ERROR_LOG_FILE); if(DEBUG === true) { ini_set('display_errors',true); } @@ -55,7 +58,7 @@ if(isset($_GET['s']) && !empty($_GET['s'])) { $_create = false; if(isset($_POST['dl']) && !empty($_POST['dl']) && isset($_FILES['pasty']) && !empty($_FILES['pasty']) - && $_POST['dl'] === SELFPASTE_UPLOAD_SECRET) { + && isset(SELFPASTE_UPLOAD_SECRET[$_POST['dl']])) { $_create = true; } @@ -99,6 +102,9 @@ elseif ($_create === true) { $_message = $_do['message']; if($_do['status'] === true) { $httpResponseCode = 200; + if(defined('LOG_CREATION') && LOG_CREATION === true) { + error_log(date("c")." ".$_message." ".SELFPASTE_UPLOAD_SECRET[$_POST['dl']]."\n",3,CREATE_LOG); + } } } @@ -115,7 +121,7 @@ if(file_exists('view/'.$contentView.'.inc.php')) { require_once 'view/'.$contentView.'.inc.php'; } else { - error_log('Content body file missing. '.var_export($_SERVER,true),3,'./logs/error.log'); + error_log('Content body file missing. '.var_export($_SERVER,true),3,ERROR_LOG_FILE); http_response_code(400); die('Well, something went wrong...'); } \ No newline at end of file -- 2.39.5