diff options
| author | Yorhel <git@yorhel.nl> | 2010-10-08 18:09:23 +0200 |
|---|---|---|
| committer | Yorhel <git@yorhel.nl> | 2010-10-08 18:09:23 +0200 |
| commit | 51086aca89c8a60f0d35615a17824d45fbef74bc (patch) | |
| tree | 27dd0b167ee319d73afa2d555447a542be8789cf | |
| parent | 60a338e2f039ff9ef3b040cb4d9c73863eb6183c (diff) | |
Readded mypastes feature
and reused the code for deleting pastes
and abstracted passcode input and cookie generation
| -rwxr-xr-x | index.cgi | 49 | ||||
| -rw-r--r-- | script.js | 28 | ||||
| -rw-r--r-- | style.css | 8 |
3 files changed, 51 insertions, 34 deletions
@@ -51,6 +51,7 @@ msg('Holy cow! This page does not seem to exist.'); sub header { printf "Content-Type: %s; charset=UTF-8\n", shift; + print $_ for @_; if(($ENV{HTTP_ACCEPT_ENCODING}||'') =~ /gzip/) { print "Content-Encoding: gzip\n\n"; binmode STDOUT, ':gzip'; @@ -87,16 +88,25 @@ sub escape { } +sub passcode { + my ($p, $ps) = @_; + $p = $cgi->param($p); + $ps = $cgi->param($ps); + msg("Oops! I couldn't handle your passcode. It is either too long, or it contains characters I can not handle.", 'backform') + if length($p) > 64 or $p && $p !~ /^[a-zA-Z0-9-_\.]+$/; + my $cookie = !$p || !$ps ? '' : qq|Set-Cookie: secret_passcode=$p; path=/; expires=Wed, 07-Oct-2020 18:06:05 GMT\n|; + return ($p, $cookie); +} + + sub upload { my @chars = ('0'..'9', 'a'..'z'); my $code = join '', map $chars[rand @chars], 1..5; my $s = $cgi->param('s') || 'nosyntax'; my $w = $cgi->param('w') ? 1 : 0; my $c = $cgi->param('c') ? 1 : 0; - my $p = $cgi->param('p') || undef; + my ($p, $cookie) = passcode('p', 'ps'); msg('Unknown syntax code.', 'backform') if !grep $s eq $_, @syntax; - msg("Oops! I couldn't handle your passcode. It is either too long, or it contains characters I can not handle.", 'backform') - if length($p) > 64 or $p && $p !~ /^[a-zA-Z0-9-_\.]+$/; my $dat = $cgi->param('u') || $cgi->param('f') || ''; $dat =~ s/\x0D\x0A?/\n/g; msg("Only UTF-8 encoded data is allowed!\nMake sure you're not uploading a binary file.", 'backform') @@ -110,7 +120,6 @@ sub upload { $db->do('INSERT INTO pastes (code, syntax, wrap, raw, html, ip, parse_urls, passcode) VALUES(?,?,?,?,?,?,?,?)', undef, $code, $s, $w, $dat, $html, $ENV{REMOTE_ADDR}, $c, $p); - my $cookie = !$p || !$cgi->param('ps') ? '' : qq|Set-Cookie: secret_passcode=$p; path=/; expires=Wed, 07-Oct-2020 18:06:05 GMT\n|; print "Status: 303\n${cookie}Location: http://$ENV{HTTP_HOST}/$code\nContent-type: text/plain\n\nRedirecting...\n"; exit; } @@ -143,7 +152,7 @@ sub view { } $r->{html} =~ s/(http|https):\/\/([^< ]+[0-9a-zA-Z=\/-])/<a href="$1:\/\/$2" rel="nofollow">$1:\/\/$2<\/a>/g if $r->{parse_urls}; html( - qq{<a href="#" onclick="return unpaste(this,'/$code')">unpaste</a>}, + qq{<a href="#" onclick="return unpaste('/$code')">unpaste</a>}, qq{<a href="/$code.txt">raw</a>}, 'newpaste', sprintf q|<tr><td class="numbers"><pre>%s</pre></td><td class="top code"><pre%s>%s</pre></td></tr>|, @@ -165,7 +174,7 @@ sub raw { sub unpaste { my $code = shift; my $r = get $code, 'passcode'; - msg("Incorrect passcode!") if !$r->{passcode} || !$cgi->param('p') || $r->{passcode} ne $cgi->param('p'); + msg("Incorrect passcode!") if !$r->{passcode} || !$cgi->param('pc') || $r->{passcode} ne $cgi->param('pc'); $db->do('DELETE FROM pastes WHERE code = ?', undef, $code); msg("Unpasted!"); } @@ -178,7 +187,8 @@ sub form { my @syn = map qq|<a href="#" onclick="return setsyn(this)">$_</a>|, @syntax; use utf8; - html(sprintf <<'__', join(' ', @l), join(' ', @syn)); + html('<a href="#" onclick="return mypastes()">my pastes</a>', + sprintf <<'__', join(' ', @l), join(' ', @syn)); <tr><td class="ff"> </td><td class="top"> <form enctype="multipart/form-data" accept-charset="utf-8" method="post" action="/"> <fieldset> @@ -198,7 +208,8 @@ sub form { <legend>▾ Passcode</legend> <label for="p">Passcode:</label> <input type="password" name="p" id="p" size="10" /> <input type="checkbox" class="check" id="ps" name="ps" value="1" /> <label for="ps">save on my computer.</label><br /> - <i>(Optional, necessary for removing your pastes.)</i> + <i>(Optional, necessary for listing and/or removing your pastes.)<br /> + <b>Important:</b> make sure your passcode is not something other people are likely to use. For example, use "nickname-asdf" instead of "asdf".</i> </fieldset> </form> <fieldset> @@ -218,22 +229,16 @@ __ sub mypastes { - msg("Feature disabled"); - my $q = $db->prepare("SELECT code, to_char(date, 'YYYY-MM-DD HH24:MI:SS') AS date, syntax, substring(raw from 1 for 50) AS preview FROM pastes WHERE ip = ? ORDER BY date DESC"); - $q->execute($ENV{REMOTE_ADDR}); - html(sprintf <<' __', $ENV{REMOTE_ADDR}, - <div id="toplinks"> - <a href="/">new paste</a> - </div> - <table> - <tr><td colspan="2" class="header"><h1>Blicky.net mypastes</h1></tr> - <tr><td class="ff"> </td><td style="border-top: 1px solid #999"> - <b>Listing all the pastes from %s:</b> + my ($p, $cookie) = passcode('pc','psp'); + my $q = $db->prepare("SELECT code, to_char(date, 'YYYY-MM-DD HH24:MI:SS') AS date, syntax, substring(raw from 1 for 50) AS preview FROM pastes WHERE passcode = ? ORDER BY date DESC"); + $q->execute($p); + html(\$cookie, 'newpaste', sprintf <<' __', + <tr><td class="ff"> </td><td class="top"> + <b>Listing all your pastes:</b> <ul> %s </ul> </td></tr> - </table> __ join "\n", map sprintf('<li>%s <a href="/%s">%2$s</a> (%s) %s</li>', $_->{date}, $_->{code}, $_->{syntax}, $_->{preview}), @{$q->fetchall_arrayref({})}); exit; @@ -241,9 +246,9 @@ sub mypastes { sub html { - header('text/html'); my %links = (newpaste=>'<a href="/">new paste</a>'); - my $links = !$#_ ? '' : join ' ', map $links{$_} || $_, @_[0..$#_-1]; + my $links = !$#_ ? '' : join ' ', map ref($_) ? () : $links{$_} || $_, @_[0..$#_-1]; + header('text/html', map ref($_) ? $$_ : (), @_[0..$#_-1]); printf <<'__', $links, $_[$#_]; <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> @@ -59,19 +59,31 @@ function showall() { return false; } -function unpaste(w,u) { - var close = function () { byId('unconfirm').parentNode.removeChild(byId('unconfirm')); return false; }; - if(byId('unconfirm')) +function promptPass(t,u,s,b) { + var close = function () { byId('pp').parentNode.removeChild(byId('pp')); return false; }; + if(byId('pp')) return close(); - addBody(tag('div', { id: 'unconfirm' }, tag('form', { method: 'post', action: u }, - 'Please enter your passcode to delete this paste.', tag('br', null), - tag('input', { type: 'password', name: 'p', id: 'p', value: getCookie('secret_passcode') || '' }), tag('br', null), - tag('input', { type: 'submit', value: 'unpaste!', 'class': 'unbut' }), - tag('input', { type: 'button', value: 'cancel', 'class': 'unbut', onclick: close }) + addBody(tag('div', { id: 'pp' }, tag('form', { method: 'post', action: u }, + t, tag('br', null), + tag('input', { type: 'password', name: 'pc', id: 'pc', value: getCookie('secret_passcode') || '' }), tag('br', null), + s ? tag('input', { type: 'checkbox', name: 'psp', id: 'psp', value: 1 }) : '', + s ? tag('label', { 'for': 'psp' }, ' save on my computer') : '', + s ? tag('br', null) : '', + tag('input', { type: 'submit', value: b, 'class': 'ppbut' }), + tag('input', { type: 'button', value: 'cancel', 'class': 'ppbut', onclick: close }) ))); return false; } +function unpaste(u) { + return promptPass('Please enter your passcode to delete this paste.', u, false, 'unpaste!'); +} + +function mypastes() { + return promptPass('Please enter your passcode to see your pastes.', '/mypastes', true, 'show'); +} + + // Copy passcode from cookie to passcode field var x = byId('p'); if(x) { @@ -3,7 +3,7 @@ body, td { color: #555 } table { border-collapse: collapse; width: 100% } a { color: #888; text-decoration: none } a:hover { text-decoration: underline } -i, label, li, #unconfirm { font-size: 12px; font-style: normal } +i, label, li, #pp { font-size: 12px; font-style: normal } textarea, input { background: #fcfcfc; color: #000; border: 1px solid #999 } textarea:focus, input:focus { background: #fff } input.check { vertical-align: middle } @@ -27,9 +27,9 @@ ul { padding-left: 15px; } .code { padding-left: 3px; color: #000 } .top { border-top: 1px solid #999 } .allowwrap { white-space: pre-wrap; word-wrap: break-word; max-width: 700px } -#unconfirm { position: absolute; top: 30px; right: 20px; background: #eee; border: 1px solid #999; text-align: center; padding: 5px } -#unconfirm input { margin-top: 4px; width: 150px } -#unconfirm .unbut { margin: 4px 2px; width: 73px } +#pp { position: absolute; top: 30px; right: 20px; background: #eee; border: 1px solid #999; text-align: center; padding: 5px } +#pp input { margin-top: 4px; width: 150px } +#pp .ppbut { margin: 4px 2px; width: 73px } /* syntax highlighting */ .synComment { color: #0000FF } |