# HG changeset patch # User Dan # Date 1243744689 14400 # Node ID f2ceea4fabe8e88a950347794b979496df0b335e # Parent cac93de16379573a0aa53e39bad9f07edaab1a05 Added support for replying and fixed a few security holes. TODO: search integration diff -r cac93de16379 -r f2ceea4fabe8 Gorilla.php --- a/Gorilla.php Sat May 30 02:52:13 2009 -0400 +++ b/Gorilla.php Sun May 31 00:38:09 2009 -0400 @@ -5,8 +5,9 @@ "Plugin URI" : "http://enanocms.org/plugin/gorilla", "Description" : "For The Toughest Pasting Jobs On Earth.™ The pastebin, Enano style. GeSHi plugin highly recommended.", "Author" : "Dan Fuhry", - "Version" : "0.1", - "Author URI" : "http://enanocms.org/" + "Version" : "0.1.1", + "Author URI" : "http://enanocms.org/", + "Version list" : ['0.1', '0.1.1'] } **!*/ @@ -79,6 +80,14 @@ $db->free_result(); $private = $flags & PASTE_PRIVATE ? true : false; $copy_from = $paste_id; + + if ( $flags & PASTE_PRIVATE ) + { + if ( @$_GET['hash'] !== gorilla_sign($paste_id, $text) ) + { + die_friendly($lang->get('etc_access_denied_short'), '
' . $lang->get('gorilla_msg_wrong_hash') . '
'); + } + } } $output->header(); @@ -107,13 +116,19 @@ var whitey = whiteOutElement(document.forms['gorilla_create']); + var parent = parseInt($('#gorilla_parent').val()); + if ( isNaN(parent) ) + parent = 0; + var json_packet = { highlight: $('#gorilla_highlight').val(), text: $('#gorilla_create_text').val(), is_private: $('#gorilla_private:checked').val() ? true : false, nick: $('#gorilla_nick').val(), title: $('#gorilla_title').val(), - ttl: parseInt($('.gorilla_ttl:checked').val()) + ttl: parseInt($('.gorilla_ttl:checked').val()), + parent: parent, + hash: $('#gorilla_hash').val(); }; json_packet = ajaxEscape(toJSONString(json_packet)); ajaxPost(makeUrlNS('Special', 'NewPaste/ajaxsubmit'), 'r=' + json_packet, function(ajax) @@ -248,8 +263,20 @@ + ++ get('gorilla_lbl_reply'); ?> +
+ + + + + + + + @@ -280,7 +307,9 @@ 'is_private' => 'boolean', 'nick' => 'string', 'title' => 'string', - 'ttl' => 'integer' + 'ttl' => 'integer', + 'parent' => 'integer', + 'hash' => 'string' ); $info = array(); @@ -318,10 +347,33 @@ 'is_private' => isset($_POST['is_private']), 'nick' => $_POST['nick'], 'title' => $_POST['title'], - 'ttl' => intval($_POST['ttl']) + 'ttl' => intval($_POST['ttl']), + 'parent' => intval($_POST['parent']), + 'hash' => $_POST['hash'] ); } + if ( $info['parent'] ) + { + // make sure we have the right hash + $q = $db->sql_query('SELECT paste_text FROM ' . table_prefix . "pastes WHERE paste_id = {$info['parent']};"); + if ( !$q ) + $db->_die(); + + if ( $db->numrows() > 0 ) + { + list($old_text) = $db->fetchrow_num(); + if ( $info['hash'] !== gorilla_sign($info['parent'], $old_text) ) + { + $info['parent'] = 0; + } + } + else + { + $info['parent'] = 0; + } + } + if ( !$have_permission ) { return '1;' . $lang->get('gorilla_msg_wrong_hash') . '
'); + } + } + } + if ( isset($_GET['format']) ) { switch($_GET['format']) @@ -518,14 +588,6 @@ } } - if ( $paste_flags & PASTE_PRIVATE || isset($_GET['delete']) ) - { - if ( @$_GET['hash'] !== hmac_sha1($paste_id, sha1($paste_text)) ) - { - die_friendly($lang->get('etc_access_denied_short'), '' . $lang->get('gorilla_msg_wrong_hash') . '
'); - } - } - $output->header(); $perm = $paste_author == $session->user_id ? 'delete_paste_own' : 'delete_paste_others'; @@ -541,7 +603,7 @@ } else { - $submit_url = makeUrlNS('Paste', $paste_id, 'delete&hash=' . hmac_sha1($paste_id, sha1($paste_text)), true); + $submit_url = makeUrlNS('Paste', $paste_id, 'delete&hash=' . gorilla_sign($paste_id, $paste_text), true); ?>