v1.1.7 Patching Release

v1.1.7 Patching Release

.github/workflows/codacy.yml

@@ -15,10 +15,10 @@ name: Codacy Security Scan
 
 on:
   push:
-    branches: [ "main" ]
+    branches: [ "main", "dev" ]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ "main" ]
+    branches: [ "main", "dev" ]
   schedule:
     - cron: '36 20 * * 2'
 

.htaccess

@@ -13,4 +13,10 @@ ErrorDocument 500 /500
 <FilesMatch "\.(json|sarif|md|gitignore|version|LICENSE|htaccess|env)$">
 Order allow,deny
 Deny from all
-</FilesMatch>
+</FilesMatch>
+
+# Deny access to .htaccess
+<Files .htaccess>
+Order allow,deny
+Deny from all
+</Files>

.version

@@ -1 +1 @@
-{ "BRANCH": "main", "VERSION":"1.1.6" }
+{ "BRANCH": "main", "VERSION":"1.1.7" }

Modules/Functions.php

@@ -22,18 +22,10 @@ function ifTextBoxDisabled()
         echo "disabled";
     }
 }
-function getSubmittedKey()
+function getInstallationPath()
 {
-    error_reporting(0); // disable error reporting
-    if (isset($_GET["submitted"]) && $_GET["submitted"] != "") {
-        $fullUrl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]" . str_replace("?submitted=", "view?key=", htmlspecialchars($_SERVER['REQUEST_URI']));
-        echo htmlspecialchars($fullUrl, ENT_QUOTES, 'UTF-8');
-    } else {
-        if (isset($_GET["submitted"])) {
-            header("Location: ./");
-        }
-    }
-    error_reporting(E_ALL); // enable error reporting
+    $config = json_decode(file_get_contents("./.config", true), true);
+    echo $config["INSTALLATION_PATH"];
 }
 function determineSystemVersion()
 {
@@ -77,12 +69,16 @@ function decryptData($encryption_key) // getRecord("encrypted_contents", $dataKe
 /* Database Interaction Functions */
 function setupStorageMethod()
 {
+    /* Prerequisites */
+    $cache = json_decode(file_get_contents("./local-storage/.cache", true), true);
+    $configuration = json_decode(file_get_contents("./.config", true), true);
+    /* End Prerequisites */
     error_reporting(0); // disable error reporting
-    if(!file_exists("./.config")) { // Check if config file is present
+    if (!file_exists("./.config") || $configuration["INSTALLATION_PATH"] == "") { // Check if config file is present
+        $path = ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://"  . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
         touch("./.config"); // Create config file if not present
-        file_put_contents("./.config", '{ "STORAGE_METHOD": "mysql", "LANGUAGE": "auto" }'); // Set contents of new config file
+        file_put_contents("./.config", json_encode(array("STORAGE_METHOD" => "mysql", "LANGUAGE" => "auto", "INSTALLATION_PATH" => $path))); // Set contents of new config file
     }
-    $configuration = json_decode(file_get_contents("./.config", true), true);
     if (strtolower($configuration["LANGUAGE"]) == "") {
         require "./Public/Error/ServerConfiguration.php"; // throw error page if no language is provided
         die();
@@ -131,8 +127,6 @@ function setupStorageMethod()
         $baseStorageFolder = "./local-storage";
         if (!is_dir("$baseStorageFolder/")) mkdir("$baseStorageFolder/");
         if (!is_dir("$baseStorageFolder/encryptions/")) mkdir("$baseStorageFolder/encryptions/");
-        if (!file_exists("$baseStorageFolder/.htaccess")) touch("$baseStorageFolder/.htaccess"); // Create htaccess file
-        file_put_contents("$baseStorageFolder/.htaccess", "deny from all"); // Sets storage folder permissions
     } else { // Server storage method not set
         require "./Public/Error/ServerConfiguration.php"; // throw error page if invalid configuration
         die();
@@ -144,7 +138,7 @@ function insertRecord($encrypted_contents, $encryption_token)
     error_reporting(0);
     $configuration = json_decode(file_get_contents("./.config", true), true);
     $json = json_decode(file_get_contents("./Modules/Database.env", true), true);
-    if($_SERVER['HTTP_CF_CONNECTING_IP'] == "" || !isset($_SERVER['HTTP_CF_CONNECTING_IP'])) $_SERVER['HTTP_CF_CONNECTING_IP'] = $_SERVER["REMOTE_ADDR"];
+    if ($_SERVER['HTTP_CF_CONNECTING_IP'] == "" || !isset($_SERVER['HTTP_CF_CONNECTING_IP'])) $_SERVER['HTTP_CF_CONNECTING_IP'] = $_SERVER["REMOTE_ADDR"];
     if (strtolower($configuration["STORAGE_METHOD"]) == "mysql") {
         $mysqli = new mysqli($json["HOSTNAME"], $json["USERNAME"], $json["PASSWORD"], $json["DATABASE"]);
         if ($mysqli->connect_errno) {
@@ -167,7 +161,6 @@ function insertRecord($encrypted_contents, $encryption_token)
         $source_ip = filter_var($_SERVER['HTTP_CF_CONNECTING_IP'], FILTER_VALIDATE_IP) ?? filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP);
         $record_date = date("Y-m-d H:i:s");
         file_put_contents("$baseStorageFolder/encryptions/$uniqueIdentifier/data.json", '{"filestore_id": "' . $uniqueIdentifier . '", "encrypted_contents": "' . $encrypted_contents . '", "encryption_token": "' . $encryption_token . '", "source_ip": "' . $source_ip . '", "record_date": "' . $record_date . '"}'); // Set data file encryption data
-    } else { // Server storage method not set
         require "./Public/Error/ServerConfiguration.php"; // throw error page if invalid configuration
         die();
     }
@@ -254,7 +247,7 @@ function getRecord($dataToFetch, $encryption_token)
 /* Translation Feature */
 function translate($q)
 {
-    $sl = "en"; // Default language
+    $lang = "en"; // Default language
     $configuration = json_decode(file_get_contents("./.config", true), true);
     if ($configuration["LANGUAGE"] == "auto") {
         $tl = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
@@ -265,7 +258,7 @@ function translate($q)
             $tl = "en";
         }
     }
-    $res = file_get_contents("https://translate.googleapis.com/translate_a/single?client=gtx&ie=UTF-8&oe=UTF-8&dt=bd&dt=ex&dt=ld&dt=md&dt=qca&dt=rw&dt=rm&dt=ss&dt=t&dt=at&sl=" . $sl . "&tl=" . $tl . "&hl=hl&q=" . urlencode($q), $_SERVER['DOCUMENT_ROOT'] . "/transes.html");
+    $res = file_get_contents("https://translate.googleapis.com/translate_a/single?client=gtx&ie=UTF-8&oe=UTF-8&dt=bd&dt=ex&dt=ld&dt=md&dt=qca&dt=rw&dt=rm&dt=ss&dt=t&dt=at&sl=" . $lang . "&tl=" . $tl . "&hl=hl&q=" . urlencode($q), $_SERVER['DOCUMENT_ROOT'] . "/transes.html");
     $res = json_decode($res);
     return $res[0][0][0];
 }

Public/Error/403.php

@@ -4,16 +4,13 @@
 <head>
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
-    <link rel="icon" type="image/x-icon" href="./Public/assets/img/favicon.png">
+    <link rel="icon" type="image/x-icon" href="<?= getInstallationPath() ?>/Public/assets/img/favicon.png">
     <meta name="description" content="<?= translate("An extremely simple, one-time view encryption message system. Send anybody passwords, or secret messages on a one-time view basis.") ?>">
     <title>QuickBlaze</title>
 
     <!-- Custom styles -->
-    <link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet"
-        integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
-    <script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js"
-        integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p"
-        crossorigin="anonymous"></script>
+    <link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
+    <script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js" integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p" crossorigin="anonymous"></script>
 </head>
 
 <style>

Public/Error/404.php

@@ -4,15 +4,15 @@
 <head>
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
-    <link rel="icon" type="image/x-icon" href="./Public/assets/img/favicon.png">
+    <link rel="icon" type="image/x-icon" href="<?= getInstallationPath() ?>/Public/assets/img/favicon.png">
     <meta name="description" content="<?= translate("An extremely simple, one-time view encryption message system. Send anybody passwords, or secret messages on a one-time view basis.") ?>">
     <title>QuickBlaze</title>
 
     <!-- Bootstrap core CSS -->
-    <link href="./Public/assets/css/bootstrap.min.css" rel="stylesheet">
+    <link href="<?= getInstallationPath() ?>/Public/assets/css/bootstrap.css" rel="stylesheet">
 
     <!-- Custom styles -->
-    <link href="./Public/assets/css/style.css" rel="stylesheet">
+    <link href="<?= getInstallationPath() ?>/Public/assets/css/style.css" rel="stylesheet">
 </head>
 
 <body class="text-center">

Public/Error/500.php

@@ -4,15 +4,15 @@
 <head>
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
-    <link rel="icon" type="image/x-icon" href="./Public/assets/img/favicon.png">
+    <link rel="icon" type="image/x-icon" href="<?=getInstallationPath()?>/Public/assets/img/favicon.png">
     <meta name="description" content="<?= translate("An extremely simple, one-time view encryption message system. Send anybody passwords, or secret messages on a one-time view basis.") ?>">
     <title>QuickBlaze</title>
 
     <!-- Bootstrap core CSS -->
-    <link href="./Public/assets/css/bootstrap.min.css" rel="stylesheet">
+    <link href="<?=getInstallationPath()?>/Public/assets/css/bootstrap.css" rel="stylesheet">
 
     <!-- Custom styles -->
-    <link href="./Public/assets/css/style.css" rel="stylesheet">
+    <link href="<?=getInstallationPath()?>/Public/assets/css/style.css" rel="stylesheet">
 </head>
 
 <body class="text-center">

Public/Error/DatabaseConfig.php

@@ -4,15 +4,15 @@
 <head>
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
-    <link rel="icon" type="image/x-icon" href="./Public/assets/img/favicon.png">
+    <link rel="icon" type="image/x-icon" href="<?=getInstallationPath()?>/Public/assets/img/favicon.png">
     <meta name="description" content="<?= translate("An extremely simple, one-time view encryption message system. Send anybody passwords, or secret messages on a one-time view basis.") ?>">
     <title>QuickBlaze</title>
 
     <!-- Bootstrap core CSS -->
-    <link href="./Public/assets/css/bootstrap.min.css" rel="stylesheet">
+    <link href="<?=getInstallationPath()?>/Public/assets/css/bootstrap.css" rel="stylesheet">
 
     <!-- Custom styles -->
-    <link href="./Public/assets/css/style.css" rel="stylesheet">
+    <link href="<?=getInstallationPath()?>/Public/assets/css/style.css" rel="stylesheet">
 </head>
 
 <body class="text-center">

Public/Error/DatabaseCredentials.php

@@ -4,15 +4,15 @@
 <head>
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
-    <link rel="icon" type="image/x-icon" href="./Public/assets/img/favicon.png">
+    <link rel="icon" type="image/x-icon" href="<?=getInstallationPath()?>/Public/assets/img/favicon.png">
     <meta name="description" content="<?= translate("An extremely simple, one-time view encryption message system. Send anybody passwords, or secret messages on a one-time view basis.") ?>">
     <title>QuickBlaze</title>
 
     <!-- Bootstrap core CSS -->
-    <link href="./Public/assets/css/bootstrap.min.css" rel="stylesheet">
+    <link href="<?=getInstallationPath()?>/Public/assets/css/bootstrap.css" rel="stylesheet">
 
     <!-- Custom styles -->
-    <link href="./Public/assets/css/style.css" rel="stylesheet">
+    <link href="<?=getInstallationPath()?>/Public/assets/css/style.css" rel="stylesheet">
 </head>
 
 <body class="text-center">

Public/Error/ServerConfiguration.php

@@ -9,7 +9,7 @@
     <title>QuickBlaze</title>
 
     <!-- Site CSS -->
-    <link href="../Public/assets/css/bootstrap.min.css" rel="stylesheet">
+    <link href="../Public/assets/css/bootstrap.css" rel="stylesheet">
     <link href="../Public/assets/css/style.css" rel="stylesheet">
     <link rel="stylesheet" href="https://pro.fontawesome.com/releases/v6.0.0-beta1/css/all.css">
 </head>

Public/index.php

@@ -4,13 +4,13 @@
 <head>
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
-    <link rel="icon" type="image/x-icon" href="./Public/assets/img/favicon.png">
+    <link rel="icon" type="image/x-icon" href="<?=getInstallationPath()?>/Public/assets/img/favicon.png">
     <meta name="description" content="<?= translate("An extremely simple, one-time view encrypted message system. Send anybody passwords, or secret messages on a one-time view basis.") ?>">
     <title>QuickBlaze</title>
 
     <!-- Site CSS -->
-    <link href="./Public/assets/css/bootstrap.min.css" rel="stylesheet">
-    <link href="./Public/assets/css/style.css" rel="stylesheet">
+    <link href="<?=getInstallationPath()?>/Public/assets/css/bootstrap.css" rel="stylesheet">
+    <link href="<?=getInstallationPath()?>/Public/assets/css/style.css" rel="stylesheet">
     <link rel="stylesheet" href="https://pro.fontawesome.com/releases/v6.0.0-beta1/css/all.css">
 </head>
 
@@ -58,13 +58,13 @@
     <div id="snackbar"><?= translate("✅ URL has been copied to clipboard!") ?></div>
 
     <!-- Dark Mode Widget -->
-    <script src="./Public/assets/js/globalFunctions.js"></script>
+    <script src="<?=getInstallationPath()?>/Public/assets/js/globalFunctions.js"></script>
     <script src="https://cdn.jsdelivr.net/npm/[email protected]/lib/darkmode-js.min.js"></script>
     <!-- Copy Button -->
     <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
-    <script src="./Public/assets/js/buttonCopyURL.js"></script>
+    <script src="<?=getInstallationPath()?>/Public/assets/js/buttonCopyURL.js"></script>
     <!-- Form Scripts -->
-    <script src="./Public/assets/js/formContentUpdate.js"></script>
+    <script src="<?=getInstallationPath()?>/Public/assets/js/formContentUpdate.js"></script>
 
 </body>
 

Public/view.php

@@ -4,15 +4,14 @@
 <head>
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
-    <link rel="icon" type="image/x-icon" href="./Public/assets/img/favicon.png">
+    <link rel="icon" type="image/x-icon" href="<?=getInstallationPath()?>/Public/assets/img/favicon.png">
     <meta name="description" content="<?= translate("An extremely simple, one-time view encrypted message system. Send anybody passwords, or secret messages on a one-time view basis.") ?>">
     <title>QuickBlaze</title>
 
     <!-- Site CSS -->
-    <link href="./Public/assets/css/bootstrap.min.css" rel="stylesheet">
-    <link href="./Public/assets/css/style.css" rel="stylesheet">
+    <link href="<?=getInstallationPath()?>/Public/assets/css/bootstrap.css" rel="stylesheet">
+    <link href="<?=getInstallationPath()?>/Public/assets/css/style.css" rel="stylesheet">
     <link rel="stylesheet" href="https://pro.fontawesome.com/releases/v6.0.0-beta1/css/all.css">
-
 </head>
 
 <body class="text-center">
@@ -60,13 +59,13 @@
     <div id="snackbar">✅ <?= translate("Message has been copied to clipboard!") ?></div>
 
     <!-- Dark Mode Widget -->
-    <script src="./Public/assets/js/globalFunctions.js"></script>
+    <script src="<?=getInstallationPath()?>/Public/assets/js/globalFunctions.js"></script>
     <script src="https://cdn.jsdelivr.net/npm/[email protected]/lib/darkmode-js.min.js"></script>
     <!-- Copy Button -->
     <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
-    <script src="./Public/assets/js/buttonCopyURL.js"></script>
+    <script src="<?=getInstallationPath()?>/Public/assets/js/buttonCopyURL.js"></script>
     <!-- Form Scripts -->
-    <script src="./Public/assets/js/formContentUpdate.js"></script>
+    <script src="<?=getInstallationPath()?>/Public/assets/js/formContentUpdate.js"></script>
 
 </body>
 

README.md

@@ -31,7 +31,7 @@
 » ***IF USING MYSQL AS STORAGE METHOD:***
 <ul>
   <li>Update the database information in <code>/modules/Database_example.env</code>.</li>
-  <li>Rename the configuration file to <code>Database.env</code>. <a href="#configuration">View example configuration</a>.</li>
+  <li>Rename the configuration file to <code>Database.env</code>. <a href="#system-configurations">View example configuration</a>.</li>
 </ul>
 
 __<br>
@@ -66,7 +66,7 @@ en           - Set language manually ('en' for english, etc).
 
 ## How it Works
 
-The user enters the message they would like to encrypt. The system then securely encrypts the message, and generates an encryption key. *The key can be used to decrypt the encrypted message.* The system then creates a new record in the database, containing the encrypted data and the encryption key. Once the decryption function is executed (indicating the user has viewed the message) the database record is deleted along with the encryption data and key. This means the data is now permanently lost and cannot be viewed, accessed or recovered. <br><br>Keep your URL safe, it contains the encryption key! Exposing the URL means anybody will be able to view the encrypted message!
+The user enters the message they would like to encrypt. The system then securely encrypts the message and generates an encryption key. *The key can be used to decrypt the encrypted message.* The system then creates a new record in the database, containing the encrypted data and the encryption key. Once the decryption function is executed (indicating the user has viewed the message) the database record is deleted along with the encryption data and key. This means the data is now permanently lost and cannot be viewed, accessed or recovered. <br><br>Keep your URL safe, it contains the encryption key! Exposing the URL means anybody will be able to view the encrypted message!
 
 ## Screenshots *(Light/Dark Mode)*