From 96f1af863959637d6b8d1dac8d73552144aad251 Mon Sep 17 00:00:00 2001 From: Axton Date: Wed, 22 Jun 2022 02:35:14 +0100 Subject: [PATCH 1/6] =?UTF-8?q?=F0=9F=94=8F=20v1.1.7-dev=20Minor=20Commit?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .version | 2 +- Modules/Functions.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.version b/.version index 20b1bbc..41ea694 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -{ "BRANCH": "main", "VERSION":"1.1.6" } \ No newline at end of file +{ "BRANCH": "dev", "VERSION":"1.1.7-dev" } \ No newline at end of file diff --git a/Modules/Functions.php b/Modules/Functions.php index b247b4f..21fb108 100644 --- a/Modules/Functions.php +++ b/Modules/Functions.php @@ -254,7 +254,7 @@ function getRecord($dataToFetch, $encryption_token) /* Translation Feature */ function translate($q) { - $sl = "en"; // Default language + $lang = "en"; // Default language $configuration = json_decode(file_get_contents("./.config", true), true); if ($configuration["LANGUAGE"] == "auto") { $tl = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2); @@ -265,7 +265,7 @@ function translate($q) $tl = "en"; } } - $res = file_get_contents("https://translate.googleapis.com/translate_a/single?client=gtx&ie=UTF-8&oe=UTF-8&dt=bd&dt=ex&dt=ld&dt=md&dt=qca&dt=rw&dt=rm&dt=ss&dt=t&dt=at&sl=" . $sl . "&tl=" . $tl . "&hl=hl&q=" . urlencode($q), $_SERVER['DOCUMENT_ROOT'] . "/transes.html"); + $res = file_get_contents("https://translate.googleapis.com/translate_a/single?client=gtx&ie=UTF-8&oe=UTF-8&dt=bd&dt=ex&dt=ld&dt=md&dt=qca&dt=rw&dt=rm&dt=ss&dt=t&dt=at&sl=" . $lang . "&tl=" . $tl . "&hl=hl&q=" . urlencode($q), $_SERVER['DOCUMENT_ROOT'] . "/transes.html"); $res = json_decode($res); return $res[0][0][0]; } From c456f86da3556fba726d1fa4e28de5c823bc2cec Mon Sep 17 00:00:00 2001 From: Axton Date: Wed, 22 Jun 2022 02:39:08 +0100 Subject: [PATCH 2/6] =?UTF-8?q?=F0=9F=90=9B=20v1.1.7-dev=20Minor=20Commit?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .config | 1 - 1 file changed, 1 deletion(-) delete mode 100644 .config diff --git a/.config b/.config deleted file mode 100644 index c02039b..0000000 --- a/.config +++ /dev/null @@ -1 +0,0 @@ -{ "STORAGE_METHOD": "mysql", "LANGUAGE": "en" } \ No newline at end of file From 43e518104110aa8ffc748091fe185b6a1f034ed1 Mon Sep 17 00:00:00 2001 From: Axton Date: Wed, 22 Jun 2022 02:57:32 +0100 Subject: [PATCH 3/6] =?UTF-8?q?=F0=9F=90=9B=20v1.1.7-dev=20Minor=20Commit?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codacy.yml | 4 ++-- README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index f6fc9b6..a74de39 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -15,10 +15,10 @@ name: Codacy Security Scan on: push: - branches: [ "main" ] + branches: [ "main", "dev" ] pull_request: # The branches below must be a subset of the branches above - branches: [ "main" ] + branches: [ "main", "dev" ] schedule: - cron: '36 20 * * 2' diff --git a/README.md b/README.md index 992ae3d..f07c73d 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ » ***IF USING MYSQL AS STORAGE METHOD:*** __
From 7c2c3ea551713978f7a0bc1807d5a69d517c341e Mon Sep 17 00:00:00 2001 From: Axton Date: Wed, 22 Jun 2022 04:53:21 +0100 Subject: [PATCH 4/6] =?UTF-8?q?=F0=9F=90=9B=20v1.1.7-dev=20Patches?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .htaccess | 8 +++++++- Modules/Functions.php | 29 +++++++++++----------------- Public/Error/403.php | 9 +++------ Public/Error/404.php | 6 +++--- Public/Error/500.php | 6 +++--- Public/Error/DatabaseConfig.php | 6 +++--- Public/Error/DatabaseCredentials.php | 6 +++--- Public/index.php | 12 ++++++------ Public/view.php | 13 ++++++------- README.md | 2 +- 10 files changed, 46 insertions(+), 51 deletions(-) diff --git a/.htaccess b/.htaccess index 57648c9..e355246 100644 --- a/.htaccess +++ b/.htaccess @@ -13,4 +13,10 @@ ErrorDocument 500 /500 Order allow,deny Deny from all - \ No newline at end of file + + +# Deny access to .htaccess + +Order allow,deny +Deny from all + \ No newline at end of file diff --git a/Modules/Functions.php b/Modules/Functions.php index 21fb108..6042c61 100644 --- a/Modules/Functions.php +++ b/Modules/Functions.php @@ -22,18 +22,10 @@ function ifTextBoxDisabled() echo "disabled"; } } -function getSubmittedKey() +function getInstallationPath() { - error_reporting(0); // disable error reporting - if (isset($_GET["submitted"]) && $_GET["submitted"] != "") { - $fullUrl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]" . str_replace("?submitted=", "view?key=", htmlspecialchars($_SERVER['REQUEST_URI'])); - echo htmlspecialchars($fullUrl, ENT_QUOTES, 'UTF-8'); - } else { - if (isset($_GET["submitted"])) { - header("Location: ./"); - } - } - error_reporting(E_ALL); // enable error reporting + $config = json_decode(file_get_contents("./.config", true), true); + echo $config["INSTALLATION_PATH"]; } function determineSystemVersion() { @@ -77,12 +69,16 @@ function decryptData($encryption_key) // getRecord("encrypted_contents", $dataKe /* Database Interaction Functions */ function setupStorageMethod() { + /* Prerequisites */ + $cache = json_decode(file_get_contents("./local-storage/.cache", true), true); + $configuration = json_decode(file_get_contents("./.config", true), true); + /* End Prerequisites */ error_reporting(0); // disable error reporting - if(!file_exists("./.config")) { // Check if config file is present + if (!file_exists("./.config") || $configuration["INSTALLATION_PATH"] == "") { // Check if config file is present + $path = ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; touch("./.config"); // Create config file if not present - file_put_contents("./.config", '{ "STORAGE_METHOD": "mysql", "LANGUAGE": "auto" }'); // Set contents of new config file + file_put_contents("./.config", json_encode(array("STORAGE_METHOD" => "mysql", "LANGUAGE" => "auto", "INSTALLATION_PATH" => $path))); // Set contents of new config file } - $configuration = json_decode(file_get_contents("./.config", true), true); if (strtolower($configuration["LANGUAGE"]) == "") { require "./Public/Error/ServerConfiguration.php"; // throw error page if no language is provided die(); @@ -131,8 +127,6 @@ function setupStorageMethod() $baseStorageFolder = "./local-storage"; if (!is_dir("$baseStorageFolder/")) mkdir("$baseStorageFolder/"); if (!is_dir("$baseStorageFolder/encryptions/")) mkdir("$baseStorageFolder/encryptions/"); - if (!file_exists("$baseStorageFolder/.htaccess")) touch("$baseStorageFolder/.htaccess"); // Create htaccess file - file_put_contents("$baseStorageFolder/.htaccess", "deny from all"); // Sets storage folder permissions } else { // Server storage method not set require "./Public/Error/ServerConfiguration.php"; // throw error page if invalid configuration die(); @@ -144,7 +138,7 @@ function insertRecord($encrypted_contents, $encryption_token) error_reporting(0); $configuration = json_decode(file_get_contents("./.config", true), true); $json = json_decode(file_get_contents("./Modules/Database.env", true), true); - if($_SERVER['HTTP_CF_CONNECTING_IP'] == "" || !isset($_SERVER['HTTP_CF_CONNECTING_IP'])) $_SERVER['HTTP_CF_CONNECTING_IP'] = $_SERVER["REMOTE_ADDR"]; + if ($_SERVER['HTTP_CF_CONNECTING_IP'] == "" || !isset($_SERVER['HTTP_CF_CONNECTING_IP'])) $_SERVER['HTTP_CF_CONNECTING_IP'] = $_SERVER["REMOTE_ADDR"]; if (strtolower($configuration["STORAGE_METHOD"]) == "mysql") { $mysqli = new mysqli($json["HOSTNAME"], $json["USERNAME"], $json["PASSWORD"], $json["DATABASE"]); if ($mysqli->connect_errno) { @@ -167,7 +161,6 @@ function insertRecord($encrypted_contents, $encryption_token) $source_ip = filter_var($_SERVER['HTTP_CF_CONNECTING_IP'], FILTER_VALIDATE_IP) ?? filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP); $record_date = date("Y-m-d H:i:s"); file_put_contents("$baseStorageFolder/encryptions/$uniqueIdentifier/data.json", '{"filestore_id": "' . $uniqueIdentifier . '", "encrypted_contents": "' . $encrypted_contents . '", "encryption_token": "' . $encryption_token . '", "source_ip": "' . $source_ip . '", "record_date": "' . $record_date . '"}'); // Set data file encryption data - } else { // Server storage method not set require "./Public/Error/ServerConfiguration.php"; // throw error page if invalid configuration die(); } diff --git a/Public/Error/403.php b/Public/Error/403.php index bfe1fb5..3387035 100644 --- a/Public/Error/403.php +++ b/Public/Error/403.php @@ -4,16 +4,13 @@ - + "> QuickBlaze - - + +