From 6b04398bbb0a908210d6b412c7d9a316414c3a50 Mon Sep 17 00:00:00 2001 From: Axton Date: Wed, 22 Jun 2022 02:09:05 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=8C=8D=20v1.1.6=20Stable=20Release?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codacy.yml | 60 + .gitignore | 3 +- .security-scan | 1818 +++++++++++-------------- .version | 2 +- Modules/Functions.php | 71 +- Public/Error/403.php | 6 +- Public/Error/404.php | 8 +- Public/Error/500.php | 8 +- Public/Error/DatabaseConfig.php | 10 +- Public/Error/DatabaseCredentials.php | 10 +- Public/Error/ServerConfiguration.php | 10 +- Public/assets/css/style.css | 52 +- Public/assets/js/formContentUpdate.js | 31 + Public/assets/js/globalFunctions.js | 11 + Public/index.php | 54 +- Public/processForm.php | 10 +- Public/view.php | 56 +- README.md | 2 +- 18 files changed, 1070 insertions(+), 1152 deletions(-) create mode 100644 .github/workflows/codacy.yml create mode 100644 Public/assets/js/formContentUpdate.js create mode 100644 Public/assets/js/globalFunctions.js diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml new file mode 100644 index 0000000..f6fc9b6 --- /dev/null +++ b/.github/workflows/codacy.yml @@ -0,0 +1,60 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow checks out code, performs a Codacy security scan +# and integrates the results with the +# GitHub Advanced Security code scanning feature. For more information on +# the Codacy security scan action usage and parameters, see +# https://github.com/codacy/codacy-analysis-cli-action. +# For more information on Codacy Analysis CLI in general, see +# https://github.com/codacy/codacy-analysis-cli. + +name: Codacy Security Scan + +on: + push: + branches: [ "main" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main" ] + schedule: + - cron: '36 20 * * 2' + +permissions: + contents: read + +jobs: + codacy-security-scan: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + name: Codacy Security Scan + runs-on: ubuntu-latest + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout code + uses: actions/checkout@v3 + + # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis + - name: Run Codacy Analysis CLI + uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b + with: + # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository + # You can also omit the token and run the tools that support default configurations + project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} + verbose: true + output: .codacy-scan + format: sarif + # Adjust severity of non-security issues + gh-code-scanning-compat: true + # Force 0 exit code to allow SARIF file generation + # This will handover control about PR rejection to the GitHub side + max-allowed-issues: 2147483647 + + # Upload the SARIF file generated in the previous step + - name: Upload SARIF results file + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: .codacy-scan diff --git a/.gitignore b/.gitignore index 2d9c828..2dfab79 100644 --- a/.gitignore +++ b/.gitignore @@ -1,12 +1,11 @@ # Quickblaze Files .gitattributes .dccache -.dccache # QuickBlaze Security local-storage Modules/Database.env -Modules/InstallationStatus.json +.config # QuickBlaze Composer vendor/ diff --git a/.security-scan b/.security-scan index 30c0964..bb25304 100644 --- a/.security-scan +++ b/.security-scan @@ -9,150 +9,6 @@ "semanticVersion": "1.0.0", "version": "1.0.0", "rules": [ - { - "id": "php/XSS", - "name": "XSS", - "shortDescription": { - "text": "Cross-site Scripting (XSS)" - }, - "defaultConfiguration": { - "level": "error" - }, - "help": { - "markdown": "## Details\n\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\n\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser's Same Origin Policy.\n\nInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\n\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as `<`; and `>` can be coded as `>`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they've been correctly escaped in the application code and in this way the attempted attack is diverted.\n\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.\n\n### Types of attacks\nThere are a few methods by which XSS can be manipulated:\n\n|Type|Origin|Description|\n|--|--|--|\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user's browser.|\n|**DOM-based**|Client|The attacker forces the user's browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\n\n### Affected environments\nThe following environments are susceptible to an XSS attack:\n\n* Web servers\n* Application servers\n* Web application environments\n\n### How to prevent\nThis section describes the top best practices designed to specifically protect your code:\n\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents.\n* Give users the option to disable client-side scripts.\n* Redirect invalid requests.\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.", - "text": "" - }, - "properties": { - "tags": [ - "php" - ], - "categories": [ - "Security" - ], - "exampleCommitFixes": [ - { - "commitURL": "https://github.com/minkphp/Mink/commit/232919c0c44a2b35d410373c12db404b709ec25c?diff=split#diff-b51e2215d4bd4e189c9360d91a412970L6", - "lines": [ - { - "line": " setcookie(\"tc\", $_POST['cookie_value'], null, '/');", - "lineNumber": 3, - "lineChange": "none" - }, - { - "line": "} elseif (isset($_GET[\"show_value\"])) {", - "lineNumber": 4, - "lineChange": "none" - }, - { - "line": " echo $_COOKIE[\"tc\"];", - "lineNumber": 5, - "lineChange": "removed" - }, - { - "line": " echo htmlspecialchars($_COOKIE[\"tc\"], ENT_QUOTES, 'UTF-8');", - "lineNumber": 5, - "lineChange": "added" - }, - { - "line": " die();", - "lineNumber": 6, - "lineChange": "none" - }, - { - "line": "}", - "lineNumber": 7, - "lineChange": "none" - } - ] - }, - { - "commitURL": "https://github.com/yunluo/Git/commit/1cb7eddf43f770c055cd685c7f73bb3dac713789?diff=split#diff-34390932035b5d4fd059e5e9a4c629b6L69", - "lines": [ - { - "line": " the_content(); ?>", - "lineNumber": 66, - "lineChange": "none" - }, - { - "line": "
\">", - "lineNumber": 69, - "lineChange": "none" - }, - { - "line": "
", - "lineNumber": 70, - "lineChange": "none" - } - ] - }, - { - "commitURL": "https://github.com/railt/railt/commit/856e3456f6b87c94c1262a842c6df29a76cf9be1?diff=split#diff-eaa75d4030b62891c20b9f9d83a58fd2L59", - "lines": [ - { - "line": " echo $request->get('schema');", - "lineNumber": 56, - "lineChange": "removed" - }, - { - "line": " echo htmlspecialchars($request->get('schema'));", - "lineNumber": 73, - "lineChange": "added" - }, - { - "line": " } else {", - "lineNumber": 74, - "lineChange": "none" - }, - { - "line": " echo file_get_contents(__DIR__ . '/gql/schema.graphqls');", - "lineNumber": 58, - "lineChange": "removed" - }, - { - "line": " echo htmlspecialchars(file_get_contents(__DIR__ . '/gql/schema.graphqls'));", - "lineNumber": 75, - "lineChange": "added" - }, - { - "line": " }", - "lineNumber": 76, - "lineChange": "none" - }, - { - "line": "?>
", - "lineNumber": 77, - "lineChange": "none" - } - ] - } - ], - "exampleCommitDescriptions": [ - "Uploaded files now appear on profile pages", - "Add files via upload", - "remove file name from output to avoid XSS" - ], - "precision": "very-high", - "repoDatasetSize": 526, - "cwe": [ - "CWE-79" - ] - } - }, { "id": "php/InsecureRandomData", "name": "InsecureRandomData", @@ -403,283 +259,501 @@ "CWE-23" ] } - } - ] - } - }, - "results": [ - { - "ruleId": "php/XSS", - "ruleIndex": 0, - "level": "error", - "message": { - "text": "Unsanitized input from data from a remote resource flows into the echo statement, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", - "markdown": "Unsanitized input from {0} {1} into {2}, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", - "arguments": [ - "[data from a remote resource](0)", - "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12)", - "[the echo statement](13)" - ] - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 31, - "endLine": 31, - "startColumn": 13, - "endColumn": 62 - } - } - } - ], - "fingerprints": { - "0": "c12ebaa4f3e6592c19d3bc358da2db0dec75a090560d0049b441cd7369911028", - "1": "f39fd327.563a9431.c3dea7ce.1f144feb.894c4921.5e9b9a34.a7efae7e.6e49d402.86be1e70.a35b97bf.115d52e0.1f144feb.5c59dd8a.82af9f32.60b22c1d.23d15d95" - }, - "codeFlows": [ + }, { - "threadFlows": [ - { - "locations": [ - { - "location": { - "id": 0, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 309, - "endLine": 309, - "startColumn": 12, - "endColumn": 272 - } - } - } - }, - { - "location": { - "id": 1, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 309, - "endLine": 309, - "startColumn": 12, - "endColumn": 272 - } - } + "id": "php/XSS", + "name": "XSS", + "shortDescription": { + "text": "Cross-site Scripting (XSS)" + }, + "defaultConfiguration": { + "level": "error" + }, + "help": { + "markdown": "## Details\n\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\n\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser's Same Origin Policy.\n\nInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\n\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as `<`; and `>` can be coded as `>`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they've been correctly escaped in the application code and in this way the attempted attack is diverted.\n\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.\n\n### Types of attacks\nThere are a few methods by which XSS can be manipulated:\n\n|Type|Origin|Description|\n|--|--|--|\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user's browser.|\n|**DOM-based**|Client|The attacker forces the user's browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\n\n### Affected environments\nThe following environments are susceptible to an XSS attack:\n\n* Web servers\n* Application servers\n* Web application environments\n\n### How to prevent\nThis section describes the top best practices designed to specifically protect your code:\n\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents.\n* Give users the option to disable client-side scripts.\n* Redirect invalid requests.\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.", + "text": "" + }, + "properties": { + "tags": [ + "php" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/minkphp/Mink/commit/232919c0c44a2b35d410373c12db404b709ec25c?diff=split#diff-b51e2215d4bd4e189c9360d91a412970L6", + "lines": [ + { + "line": " setcookie(\"tc\", $_POST['cookie_value'], null, '/');", + "lineNumber": 3, + "lineChange": "none" + }, + { + "line": "} elseif (isset($_GET[\"show_value\"])) {", + "lineNumber": 4, + "lineChange": "none" + }, + { + "line": " echo $_COOKIE[\"tc\"];", + "lineNumber": 5, + "lineChange": "removed" + }, + { + "line": " echo htmlspecialchars($_COOKIE[\"tc\"], ENT_QUOTES, 'UTF-8');", + "lineNumber": 5, + "lineChange": "added" + }, + { + "line": " die();", + "lineNumber": 6, + "lineChange": "none" + }, + { + "line": "}", + "lineNumber": 7, + "lineChange": "none" } - }, - { - "location": { - "id": 2, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 309, - "endLine": 309, - "startColumn": 5, - "endColumn": 8 - } - } - } - }, - { - "location": { - "id": 3, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 310, - "endLine": 310, - "startColumn": 24, - "endColumn": 27 - } - } - } - }, - { - "location": { - "id": 4, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 310, - "endLine": 310, - "startColumn": 12, - "endColumn": 28 - } - } - } - }, - { - "location": { - "id": 5, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 310, - "endLine": 310, - "startColumn": 5, - "endColumn": 8 - } - } + ] + }, + { + "commitURL": "https://github.com/yunluo/Git/commit/1cb7eddf43f770c055cd685c7f73bb3dac713789?diff=split#diff-34390932035b5d4fd059e5e9a4c629b6L69", + "lines": [ + { + "line": " the_content(); ?>", + "lineNumber": 66, + "lineChange": "none" + }, + { + "line": "\">", + "lineNumber": 69, + "lineChange": "none" + }, + { + "line": "
", + "lineNumber": 70, + "lineChange": "none" } - }, - { - "location": { - "id": 6, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 311, - "endLine": 311, - "startColumn": 12, - "endColumn": 15 - } - } + ] + }, + { + "commitURL": "https://github.com/railt/railt/commit/856e3456f6b87c94c1262a842c6df29a76cf9be1?diff=split#diff-eaa75d4030b62891c20b9f9d83a58fd2L59", + "lines": [ + { + "line": " echo $request->get('schema');", + "lineNumber": 56, + "lineChange": "removed" + }, + { + "line": " echo htmlspecialchars($request->get('schema'));", + "lineNumber": 73, + "lineChange": "added" + }, + { + "line": " } else {", + "lineNumber": 74, + "lineChange": "none" + }, + { + "line": " echo file_get_contents(__DIR__ . '/gql/schema.graphqls');", + "lineNumber": 58, + "lineChange": "removed" + }, + { + "line": " echo htmlspecialchars(file_get_contents(__DIR__ . '/gql/schema.graphqls'));", + "lineNumber": 75, + "lineChange": "added" + }, + { + "line": " }", + "lineNumber": 76, + "lineChange": "none" + }, + { + "line": "?>
", + "lineNumber": 77, + "lineChange": "none" } - }, - { - "location": { - "id": 7, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 311, - "endLine": 311, - "startColumn": 12, - "endColumn": 18 - } - } + ] + } + ], + "exampleCommitDescriptions": [ + "Uploaded files now appear on profile pages", + "Add files via upload", + "remove file name from output to avoid XSS" + ], + "precision": "very-high", + "repoDatasetSize": 526, + "cwe": [ + "CWE-79" + ] + } + }, + { + "id": "javascript/DOMXSS", + "name": "DOMXSS", + "shortDescription": { + "text": "Cross-site Scripting (XSS)" + }, + "defaultConfiguration": { + "level": "error" + }, + "help": { + "markdown": "## Details\n\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\n\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser's Same Origin Policy.\n\nInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\n\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as `<`; and `>` can be coded as `>`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they've been correctly escaped in the application code and in this way the attempted attack is diverted.\n\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.\n\n### Types of attacks\nThere are a few methods by which XSS can be manipulated:\n\n|Type|Origin|Description|\n|--|--|--|\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user's browser.|\n|**DOM-based**|Client|The attacker forces the user's browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\n\n### Affected environments\nThe following environments are susceptible to an XSS attack:\n\n* Web servers\n* Application servers\n* Web application environments\n\n### How to prevent\nThis section describes the top best practices designed to specifically protect your code:\n\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents.\n* Give users the option to disable client-side scripts.\n* Redirect invalid requests.\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.", + "text": "" + }, + "properties": { + "tags": [ + "javascript" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/decred/dcrdata/commit/1996f027d9c1b64fafdc22baa26b58d27f374638?diff=split#diff-6d548c58846af1c8dadd7f36d75f2795L319", + "lines": [ + { + "line": "var ctrl = this", + "lineNumber": 316, + "lineChange": "none" + }, + { + "line": "ctrl.listboxTarget.classList.add('loading')", + "lineNumber": 317, + "lineChange": "none" + }, + { + "line": "let tableResponse = await axios.get(ctrl.makeTableUrl(txType, count, offset))", + "lineNumber": 318, + "lineChange": "none" + }, + { + "line": "let html = tableResponse.data", + "lineNumber": 319, + "lineChange": "none" + }, + { + "line": "ctrl.tableTarget.innerHTML = html", + "lineNumber": 320, + "lineChange": "removed" + }, + { + "line": "ctrl.tableTarget.innerHTML = dompurify.sanitize(html)", + "lineNumber": 301, + "lineChange": "added" + }, + { + "line": "var settings = ctrl.listSettings", + "lineNumber": 321, + "lineChange": "none" + }, + { + "line": "settings.n = count", + "lineNumber": 322, + "lineChange": "none" } - }, - { - "location": { - "id": 8, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 311, - "endLine": 311, - "startColumn": 12, - "endColumn": 21 - } - } + ] + }, + { + "commitURL": "https://github.com/shokai/sinatra-template/commit/d4b6b31eea77cd39d387f515ced18f73b508854f?diff=split#diff-f485b1889bd3c96211c9236b0cf5daecL2", + "lines": [ + { + "line": "};", + "lineNumber": 7, + "lineChange": "added" + }, + { + "line": "$(function(){", + "lineNumber": 9, + "lineChange": "none" + }, + { + "line": " $('input#start_btn').click(omikuji_start);", + "lineNumber": 10, + "lineChange": "none" + }, + { + "line": "});", + "lineNumber": 11, + "lineChange": "none" + }, + { + "line": "var omikuji_start = function(){", + "lineNumber": 13, + "lineChange": "none" + }, + { + "line": " $.getJSON(omikuji_api, function(res){", + "lineNumber": 14, + "lineChange": "none" + }, + { + "line": " console.log(res);", + "lineNumber": 15, + "lineChange": "none" + }, + { + "line": " var li = $('
  • ').append(res.result + ' - ' + res.time);", + "lineNumber": 8, + "lineChange": "removed" + }, + { + "line": " var li = $('
  • ').append(res.result.htmlEscape() + ' - ' + res.time.htmlEscape());", + "lineNumber": 16, + "lineChange": "added" + }, + { + "line": " $('ul#results').prepend(li);", + "lineNumber": 17, + "lineChange": "none" + }, + { + "line": " });", + "lineNumber": 18, + "lineChange": "none" } - }, - { - "location": { - "id": 9, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 311, - "endLine": 311, - "startColumn": 12, - "endColumn": 24 - } - } + ] + }, + { + "commitURL": "https://github.com/ether/etherpad-lite/commit/83ce73b77b5061de2c1c24219b7bdc3ea499f7af?diff=split#diff-5800366247a45833e8dbfce86ea4d046L59", + "lines": [ + { + "line": "//Check if we accessed the pad over https", + "lineNumber": 57, + "lineChange": "none" + }, + { + "line": "var secure = window.location.protocol == \"https:\" ? \";secure\" : \"\";", + "lineNumber": 58, + "lineChange": "none" + }, + { + "line": "//Check if the browser is IE and if so make sure the full path is set in the cookie", + "lineNumber": 60, + "lineChange": "none" + }, + { + "line": " $(\"#editorloadingbox\").css(\"padding\", \"10px\");", + "lineNumber": 524, + "lineChange": "none" + }, + { + "line": " $(\"#editorloadingbox\").css(\"padding-top\", \"45px\");", + "lineNumber": 525, + "lineChange": "none" + }, + { + "line": " $(\"#editorloadingbox\").html(\"
    An error occurred
    The error was reported with the following id: '\" + errorId + \"'

    URL: \" + window.location.href + \"
    UserAgent: \" + userAgent + \"
    \" + msg + \" in \" + url + \" at line \" + linenumber + \"'
    \");", + "lineNumber": 527, + "lineChange": "removed" + }, + { + "line": " + \"ErrorId: \" + errorId + \"
    URL: \" + padutils.escapeHtml(window.location.href) + \"
    UserAgent: \" + userAgent + \"
    \" + msg + \" in \" + url + \" at line \" + linenumber + \"'\");", + "lineNumber": 527, + "lineChange": "added" + }, + { + "line": "}", + "lineNumber": 528, + "lineChange": "none" } - }, + ] + } + ], + "exampleCommitDescriptions": [ + "Add unit test.", + "e3db0cd CHANGES.md\n84d1acf Add tests.", + "Update and clean up the tests by using the iframe's load event." + ], + "precision": "very-high", + "repoDatasetSize": 1482, + "cwe": [ + "CWE-79" + ] + } + } + ] + } + }, + "results": [ + { + "ruleId": "php/InsecureRandomData", + "ruleIndex": 0, + "level": "error", + "message": { + "text": "An insecure random number generator is used to create an URL (the random value flows from rand). Consider using CSPRNG functions instead.", + "markdown": "An insecure random number generator is used to create {0} (the random value flows from {1}). Consider using CSPRNG functions instead.", + "arguments": [ + "[an URL](0)", + "[rand](1)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "Modules/Functions.php", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 42, + "endLine": 42, + "startColumn": 155, + "endColumn": 166 + } + } + } + ], + "fingerprints": { + "0": "0f550df17938bb94681707570673cc19e46953462194a357db4017020d169477", + "1": "703ebb77.464a7316.c3dea7ce.73a3d5be.af50231a.773652eb.a7efae7e.be170d97.703ebb77.464a7316.c3dea7ce.73a3d5be.af50231a.773652eb.a7efae7e.be170d97" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ { "location": { - "id": 10, + "id": 0, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Modules/Functions.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 36, - "endLine": 36, - "startColumn": 21, - "endColumn": 51 + "startLine": 42, + "endLine": 42, + "startColumn": 155, + "endColumn": 166 } } } }, { "location": { - "id": 11, + "id": 1, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Modules/Functions.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 31, - "endLine": 31, - "startColumn": 18, - "endColumn": 62 + "startLine": 42, + "endLine": 42, + "startColumn": 155, + "endColumn": 166 } } } - }, + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 623, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + } + ] + } + }, + { + "ruleId": "php/InsecureRandomData", + "ruleIndex": 0, + "level": "error", + "message": { + "text": "An insecure random number generator is used to create an URL (the random value flows from rand). Consider using CSPRNG functions instead.", + "markdown": "An insecure random number generator is used to create {0} (the random value flows from {1}). Consider using CSPRNG functions instead.", + "arguments": [ + "[an URL](0)", + "[rand](1)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "Modules/Functions.php", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 46, + "endLine": 46, + "startColumn": 243, + "endColumn": 254 + } + } + } + ], + "fingerprints": { + "0": "bb5b16cda5ab8c4e61b23f77da48774cb8c58cc5dfe565392d9f49859778c3ee", + "1": "703ebb77.464a7316.c3dea7ce.37e648b5.af50231a.773652eb.a7efae7e.be170d97.703ebb77.464a7316.a666b580.37e648b5.af50231a.dd23c7e4.a7efae7e.047105df" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ { "location": { - "id": 12, + "id": 0, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Modules/Functions.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 31, - "endLine": 31, - "startColumn": 13, - "endColumn": 62 + "startLine": 46, + "endLine": 46, + "startColumn": 243, + "endColumn": 254 } } } }, { "location": { - "id": 13, + "id": 1, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Modules/Functions.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 31, - "endLine": 31, - "startColumn": 13, - "endColumn": 62 + "startLine": 46, + "endLine": 46, + "startColumn": 243, + "endColumn": 254 } } } @@ -690,7 +764,7 @@ } ], "properties": { - "priorityScore": 858, + "priorityScore": 623, "priorityScoreFactors": [ { "label": true, @@ -699,46 +773,42 @@ { "label": true, "type": "hotFileSource" - }, - { - "label": true, - "type": "fixExamples" } ] } }, { - "ruleId": "php/XSS", - "ruleIndex": 0, + "ruleId": "php/PT", + "ruleIndex": 1, "level": "error", "message": { - "text": "Unsanitized input from data from a remote resource flows into the echo statement, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", - "markdown": "Unsanitized input from {0} {1} into {2}, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "text": "Unsanitized input from an HTTP header flows into file_get_contents, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to read arbitrary files.", + "markdown": "Unsanitized input from {0} {1} into {2}, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to read arbitrary files.", "arguments": [ - "[data from a remote resource](0)", - "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12)", - "[the echo statement](13)" + "[an HTTP header](0)", + "[flows](1),(2),(3),(4),(5),(6),(7)", + "[file_get_contents](8)" ] }, "locations": [ { "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Modules/Functions.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 39, - "endLine": 39, - "startColumn": 13, - "endColumn": 71 + "startLine": 264, + "endLine": 264, + "startColumn": 12, + "endColumn": 272 } } } ], "fingerprints": { - "0": "1bc3e5f1a7adacd822b88271e5fb02f1fbe478c1b12775521ad08887189def39", - "1": "f39fd327.d3fa0bdc.c3dea7ce.1f144feb.51e16a03.5e9b9a34.a7efae7e.6e49d402.86be1e70.a35b97bf.115d52e0.1f144feb.5c59dd8a.82af9f32.60b22c1d.23d15d95" + "0": "cd60ba051bddf7fcd35511946d7848d5d79431a55fdf9d08e8012cd36a90070d", + "1": "80f1517a.464a7316.c3dea7ce.f18a7ecf.20a8e692.39e0148c.480b110d.be170d97.43f154ae.abf264c1.2173882d.abd479c7.20a8e692.c1b6b7bc.b2a0b7cd.58bf5da9" }, "codeFlows": [ { @@ -750,14 +820,14 @@ "id": 0, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Modules/Functions.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 309, - "endLine": 309, - "startColumn": 12, - "endColumn": 272 + "startLine": 256, + "endLine": 256, + "startColumn": 22, + "endColumn": 53 } } } @@ -767,14 +837,14 @@ "id": 1, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Modules/Functions.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 309, - "endLine": 309, - "startColumn": 12, - "endColumn": 272 + "startLine": 256, + "endLine": 256, + "startColumn": 22, + "endColumn": 53 } } } @@ -784,14 +854,14 @@ "id": 2, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Modules/Functions.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 309, - "endLine": 309, - "startColumn": 5, - "endColumn": 8 + "startLine": 256, + "endLine": 256, + "startColumn": 15, + "endColumn": 60 } } } @@ -801,14 +871,14 @@ "id": 3, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Modules/Functions.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 310, - "endLine": 310, - "startColumn": 24, - "endColumn": 27 + "startLine": 256, + "endLine": 256, + "startColumn": 9, + "endColumn": 11 } } } @@ -818,14 +888,14 @@ "id": 4, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Modules/Functions.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 310, - "endLine": 310, - "startColumn": 12, - "endColumn": 28 + "startLine": 264, + "endLine": 264, + "startColumn": 194, + "endColumn": 196 } } } @@ -835,14 +905,14 @@ "id": 5, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Modules/Functions.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 310, - "endLine": 310, - "startColumn": 5, - "endColumn": 8 + "startLine": 264, + "endLine": 264, + "startColumn": 30, + "endColumn": 196 } } } @@ -852,14 +922,14 @@ "id": 6, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Modules/Functions.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 311, - "endLine": 311, - "startColumn": 12, - "endColumn": 15 + "startLine": 264, + "endLine": 264, + "startColumn": 30, + "endColumn": 210 } } } @@ -869,14 +939,14 @@ "id": 7, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Modules/Functions.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 311, - "endLine": 311, - "startColumn": 12, - "endColumn": 18 + "startLine": 264, + "endLine": 264, + "startColumn": 30, + "endColumn": 226 } } } @@ -886,99 +956,14 @@ "id": 8, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 311, - "endLine": 311, - "startColumn": 12, - "endColumn": 21 - } - } - } - }, - { - "location": { - "id": 9, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Modules/Functions.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 311, - "endLine": 311, + "startLine": 264, + "endLine": 264, "startColumn": 12, - "endColumn": 24 - } - } - } - }, - { - "location": { - "id": 10, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 46, - "endLine": 46, - "startColumn": 21, - "endColumn": 51 - } - } - } - }, - { - "location": { - "id": 11, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 39, - "endLine": 39, - "startColumn": 18, - "endColumn": 71 - } - } - } - }, - { - "location": { - "id": 12, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 39, - "endLine": 39, - "startColumn": 13, - "endColumn": 71 - } - } - } - }, - { - "location": { - "id": 13, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 39, - "endLine": 39, - "startColumn": 13, - "endColumn": 71 + "endColumn": 272 } } } @@ -989,12 +974,8 @@ } ], "properties": { - "priorityScore": 858, + "priorityScore": 812, "priorityScoreFactors": [ - { - "label": true, - "type": "multipleOccurrence" - }, { "label": true, "type": "hotFileSource" @@ -1008,36 +989,36 @@ }, { "ruleId": "php/XSS", - "ruleIndex": 0, + "ruleIndex": 2, "level": "error", "message": { - "text": "Unsanitized input from data from a remote resource flows into the echo statement, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "text": "Unsanitized input from an HTTP parameter flows into the echo statement, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", "markdown": "Unsanitized input from {0} {1} into {2}, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", "arguments": [ - "[data from a remote resource](0)", - "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13)", - "[the echo statement](14)" + "[an HTTP parameter](0)", + "[flows](1),(2),(3),(4)", + "[the echo statement](5)" ] }, "locations": [ { "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/processForm.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 71, - "endLine": 71, - "startColumn": 9, - "endColumn": 133 + "startLine": 6, + "endLine": 6, + "startColumn": 5, + "endColumn": 128 } } } ], "fingerprints": { - "0": "2a53f99ebd63f1aad913168b79966759ad412599006985696812ec3aa9757bd2", - "1": "ae3ca911.f6a81c27.c3dea7ce.1f144feb.cbffa323.76fdcb0f.cbaef3ed.6e49d402.86be1e70.a35b97bf.115d52e0.1f144feb.5c59dd8a.76fdcb0f.60b22c1d.23d15d95" + "0": "a77d63e65619911c7fbf67781d629d70e3d228f9efe1b5a89dd879d20ac846c8", + "1": "4dc0a121.18ef32d2.c3dea7ce.1f144feb.b76b24a1.5f7acf51.a7efae7e.90b5ecc0.41cc2907.18ef32d2.3e2efea6.1f144feb.712d0e1a.e8bbe0f7.84054387.05d353bf" }, "codeFlows": [ { @@ -1049,14 +1030,14 @@ "id": 0, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/processForm.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 309, - "endLine": 309, - "startColumn": 12, - "endColumn": 272 + "startLine": 6, + "endLine": 6, + "startColumn": 109, + "endColumn": 120 } } } @@ -1066,14 +1047,14 @@ "id": 1, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/processForm.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 309, - "endLine": 309, - "startColumn": 12, - "endColumn": 272 + "startLine": 6, + "endLine": 6, + "startColumn": 109, + "endColumn": 120 } } } @@ -1083,14 +1064,14 @@ "id": 2, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/processForm.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 309, - "endLine": 309, - "startColumn": 5, - "endColumn": 8 + "startLine": 6, + "endLine": 6, + "startColumn": 10, + "endColumn": 120 } } } @@ -1100,14 +1081,14 @@ "id": 3, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/processForm.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 310, - "endLine": 310, - "startColumn": 24, - "endColumn": 27 + "startLine": 6, + "endLine": 6, + "startColumn": 10, + "endColumn": 127 } } } @@ -1117,14 +1098,14 @@ "id": 4, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/processForm.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 310, - "endLine": 310, - "startColumn": 12, - "endColumn": 28 + "startLine": 6, + "endLine": 6, + "startColumn": 5, + "endColumn": 128 } } } @@ -1134,167 +1115,194 @@ "id": 5, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/processForm.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 310, - "endLine": 310, + "startLine": 6, + "endLine": 6, "startColumn": 5, - "endColumn": 8 - } - } - } - }, - { - "location": { - "id": 6, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 311, - "endLine": 311, - "startColumn": 12, - "endColumn": 15 - } - } - } - }, - { - "location": { - "id": 7, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 311, - "endLine": 311, - "startColumn": 12, - "endColumn": 18 + "endColumn": 128 } } } - }, + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 823, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ] + } + }, + { + "ruleId": "php/XSS", + "ruleIndex": 2, + "level": "error", + "message": { + "text": "Unsanitized input from an HTTP parameter flows into the echo statement, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "markdown": "Unsanitized input from {0} {1} into {2}, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "arguments": [ + "[an HTTP parameter](0)", + "[flows](1),(2),(3),(4),(5)", + "[the echo statement](6)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "Public/processForm.php", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 9, + "endLine": 9, + "startColumn": 5, + "endColumn": 62 + } + } + } + ], + "fingerprints": { + "0": "802a51b40b0315b9788f624ca016e2f354367851aab5e310c5339c52ab8df053", + "1": "41cc2907.d3fa0bdc.c3dea7ce.1f144feb.ca23a647.e8bbe0f7.a7efae7e.05d353bf.41cc2907.464a7316.3e2efea6.1f144feb.712d0e1a.e8bbe0f7.84054387.be170d97" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ { "location": { - "id": 8, + "id": 0, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/processForm.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 311, - "endLine": 311, - "startColumn": 12, - "endColumn": 21 + "startLine": 9, + "endLine": 9, + "startColumn": 41, + "endColumn": 53 } } } }, { "location": { - "id": 9, + "id": 1, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/processForm.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 311, - "endLine": 311, - "startColumn": 12, - "endColumn": 24 + "startLine": 9, + "endLine": 9, + "startColumn": 41, + "endColumn": 53 } } } }, { "location": { - "id": 10, + "id": 2, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/processForm.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 74, - "endLine": 74, - "startColumn": 17, - "endColumn": 133 + "startLine": 9, + "endLine": 9, + "startColumn": 29, + "endColumn": 54 } } } }, { "location": { - "id": 11, + "id": 3, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/processForm.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 71, - "endLine": 74, - "startColumn": 14, - "endColumn": 133 + "startLine": 9, + "endLine": 9, + "startColumn": 10, + "endColumn": 54 } } } }, { "location": { - "id": 12, + "id": 4, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/processForm.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 71, - "endLine": 71, - "startColumn": 14, - "endColumn": 133 + "startLine": 9, + "endLine": 9, + "startColumn": 10, + "endColumn": 61 } } } }, { "location": { - "id": 13, + "id": 5, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/processForm.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 71, - "endLine": 71, - "startColumn": 9, - "endColumn": 133 + "startLine": 9, + "endLine": 9, + "startColumn": 5, + "endColumn": 62 } } } }, { "location": { - "id": 14, + "id": 6, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/processForm.php", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 71, - "endLine": 71, - "startColumn": 9, - "endColumn": 133 + "startLine": 9, + "endLine": 9, + "startColumn": 5, + "endColumn": 62 } } } @@ -1305,7 +1313,7 @@ } ], "properties": { - "priorityScore": 858, + "priorityScore": 823, "priorityScoreFactors": [ { "label": true, @@ -1323,37 +1331,37 @@ } }, { - "ruleId": "php/XSS", - "ruleIndex": 0, + "ruleId": "javascript/DOMXSS", + "ruleIndex": 3, "level": "error", "message": { - "text": "Unsanitized input from data from a remote resource flows into the echo statement, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", - "markdown": "Unsanitized input from {0} {1} into {2}, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "text": "Unsanitized input from data from a remote resource flows into innerHTML, where it is used to dynamically construct the HTML page on client side. This may result in a DOM Based Cross-Site Scripting attack (DOMXSS).", + "markdown": "Unsanitized input from {0} {1} into {2}, where it is used to dynamically construct the HTML page on client side. This may result in a DOM Based Cross-Site Scripting attack (DOMXSS).", "arguments": [ "[data from a remote resource](0)", - "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13)", - "[the echo statement](14)" + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9)", + "[innerHTML](10)" ] }, "locations": [ { "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 83, - "endLine": 83, + "startLine": 6, + "endLine": 6, "startColumn": 9, - "endColumn": 48 + "endColumn": 62 } } } ], "fingerprints": { - "0": "e8d6614b9b10f070672e58a2661d3fe905b1302f39067bc4befdfe3ca83f03e4", - "1": "b441cec9.4c2649f1.c3dea7ce.1f144feb.979f2368.5e9b9a34.a7efae7e.6e49d402.86be1e70.a35b97bf.115d52e0.1f144feb.5c59dd8a.82af9f32.60b22c1d.23d15d95" + "0": "813ce9af60b3926effaf70fdad65240cf72bcc1637f37bc80a83fe32c8b8ae65", + "1": "cf7733e4.4773f344.607187b5.a517c54b.9cde7c93.dbe83c7e.0b4f0b50.9b5cefb9.e34a61c9.7d4b7307.aff85a25.313735ce.69171dec.dbe83c7e.83265159.3406c8c7" }, "codeFlows": [ { @@ -1365,14 +1373,14 @@ "id": 0, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 309, - "endLine": 309, - "startColumn": 12, - "endColumn": 272 + "startLine": 4, + "endLine": 4, + "startColumn": 5, + "endColumn": 42 } } } @@ -1382,14 +1390,14 @@ "id": 1, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 309, - "endLine": 309, - "startColumn": 12, - "endColumn": 272 + "startLine": 4, + "endLine": 4, + "startColumn": 5, + "endColumn": 42 } } } @@ -1399,14 +1407,14 @@ "id": 2, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 309, - "endLine": 309, - "startColumn": 5, - "endColumn": 8 + "startLine": 4, + "endLine": 4, + "startColumn": 49, + "endColumn": 56 } } } @@ -1416,14 +1424,14 @@ "id": 3, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 310, - "endLine": 310, - "startColumn": 24, - "endColumn": 27 + "startLine": 4, + "endLine": 4, + "startColumn": 61, + "endColumn": 68 } } } @@ -1433,14 +1441,14 @@ "id": 4, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 310, - "endLine": 310, - "startColumn": 12, - "endColumn": 28 + "startLine": 4, + "endLine": 4, + "startColumn": 61, + "endColumn": 73 } } } @@ -1450,14 +1458,14 @@ "id": 5, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 310, - "endLine": 310, - "startColumn": 5, - "endColumn": 8 + "startLine": 4, + "endLine": 4, + "startColumn": 61, + "endColumn": 75 } } } @@ -1467,14 +1475,14 @@ "id": 6, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 311, - "endLine": 311, - "startColumn": 12, - "endColumn": 15 + "startLine": 4, + "endLine": 4, + "startColumn": 5, + "endColumn": 47 } } } @@ -1484,14 +1492,14 @@ "id": 7, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 311, - "endLine": 311, - "startColumn": 12, - "endColumn": 18 + "startLine": 4, + "endLine": 4, + "startColumn": 83, + "endColumn": 86 } } } @@ -1501,14 +1509,14 @@ "id": 8, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 311, - "endLine": 311, - "startColumn": 12, - "endColumn": 21 + "startLine": 5, + "endLine": 5, + "startColumn": 92, + "endColumn": 95 } } } @@ -1518,14 +1526,14 @@ "id": 9, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 311, - "endLine": 311, - "startColumn": 12, - "endColumn": 24 + "startLine": 6, + "endLine": 6, + "startColumn": 54, + "endColumn": 62 } } } @@ -1535,82 +1543,14 @@ "id": 10, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 86, - "endLine": 86, - "startColumn": 17, - "endColumn": 48 - } - } - } - }, - { - "location": { - "id": 11, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 83, - "endLine": 86, - "startColumn": 14, - "endColumn": 48 - } - } - } - }, - { - "location": { - "id": 12, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 83, - "endLine": 83, - "startColumn": 14, - "endColumn": 48 - } - } - } - }, - { - "location": { - "id": 13, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 83, - "endLine": 83, - "startColumn": 9, - "endColumn": 48 - } - } - } - }, - { - "location": { - "id": 14, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 83, - "endLine": 83, + "startLine": 6, + "endLine": 6, "startColumn": 9, - "endColumn": 48 + "endColumn": 62 } } } @@ -1621,7 +1561,7 @@ } ], "properties": { - "priorityScore": 858, + "priorityScore": 923, "priorityScoreFactors": [ { "label": true, @@ -1634,131 +1574,46 @@ { "label": true, "type": "fixExamples" - } - ] - } - }, - { - "ruleId": "php/InsecureRandomData", - "ruleIndex": 1, - "level": "error", - "message": { - "text": "An insecure random number generator is used to create an URL (the random value flows from rand). Consider using CSPRNG functions instead.", - "markdown": "An insecure random number generator is used to create {0} (the random value flows from {1}). Consider using CSPRNG functions instead.", - "arguments": [ - "[an URL](0)", - "[rand](1)" - ] - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 94, - "endLine": 94, - "startColumn": 155, - "endColumn": 166 - } - } - } - ], - "fingerprints": { - "0": "f96e8b0f76466d73ba2c6831a60afeb7d01dfc1df30febfa650ac489ee5abb00", - "1": "703ebb77.464a7316.c3dea7ce.73a3d5be.af50231a.773652eb.a7efae7e.be170d97.703ebb77.464a7316.c3dea7ce.73a3d5be.af50231a.773652eb.a7efae7e.be170d97" - }, - "codeFlows": [ - { - "threadFlows": [ - { - "locations": [ - { - "location": { - "id": 0, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 94, - "endLine": 94, - "startColumn": 155, - "endColumn": 166 - } - } - } - }, - { - "location": { - "id": 1, - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 94, - "endLine": 94, - "startColumn": 155, - "endColumn": 166 - } - } - } - } - ] - } - ] - } - ], - "properties": { - "priorityScore": 629, - "priorityScoreFactors": [ - { - "label": true, - "type": "multipleOccurrence" }, { "label": true, - "type": "hotFileSource" + "type": "commonlyFixed" } ] } }, { - "ruleId": "php/InsecureRandomData", - "ruleIndex": 1, + "ruleId": "javascript/DOMXSS", + "ruleIndex": 3, "level": "error", "message": { - "text": "An insecure random number generator is used to create an URL (the random value flows from rand). Consider using CSPRNG functions instead.", - "markdown": "An insecure random number generator is used to create {0} (the random value flows from {1}). Consider using CSPRNG functions instead.", + "text": "Unsanitized input from data from a remote resource flows into innerHTML, where it is used to dynamically construct the HTML page on client side. This may result in a DOM Based Cross-Site Scripting attack (DOMXSS).", + "markdown": "Unsanitized input from {0} {1} into {2}, where it is used to dynamically construct the HTML page on client side. This may result in a DOM Based Cross-Site Scripting attack (DOMXSS).", "arguments": [ - "[an URL](0)", - "[rand](1)" + "[data from a remote resource](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9)", + "[innerHTML](10)" ] }, "locations": [ { "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 98, - "endLine": 98, - "startColumn": 243, - "endColumn": 254 + "startLine": 26, + "endLine": 26, + "startColumn": 9, + "endColumn": 57 } } } ], "fingerprints": { - "0": "039a56cf42ff7cca35c3588286863b395765f355393fa90b360d7a89aa8ec191", - "1": "703ebb77.464a7316.c3dea7ce.37e648b5.af50231a.773652eb.a7efae7e.be170d97.703ebb77.464a7316.a666b580.37e648b5.af50231a.dd23c7e4.a7efae7e.047105df" + "0": "e29119e1db096a20b89e5997b17efaa376dd6677918a56ed7c1a635db14710c0", + "1": "3df95e84.7d4b7307.607187b5.a517c54b.9cde7c93.dbe83c7e.6977003a.aac0d16c.e34a61c9.7d4b7307.aff85a25.313735ce.fd1fa73f.dbe83c7e.83265159.3406c8c7" }, "codeFlows": [ { @@ -1770,14 +1625,14 @@ "id": 0, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 98, - "endLine": 98, - "startColumn": 243, - "endColumn": 254 + "startLine": 17, + "endLine": 17, + "startColumn": 5, + "endColumn": 50 } } } @@ -1787,224 +1642,167 @@ "id": 1, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 98, - "endLine": 98, - "startColumn": 243, - "endColumn": 254 + "startLine": 17, + "endLine": 17, + "startColumn": 5, + "endColumn": 50 } } } - } - ] - } - ] - } - ], - "properties": { - "priorityScore": 629, - "priorityScoreFactors": [ - { - "label": true, - "type": "multipleOccurrence" - }, - { - "label": true, - "type": "hotFileSource" - } - ] - } - }, - { - "ruleId": "php/PT", - "ruleIndex": 2, - "level": "error", - "message": { - "text": "Unsanitized input from an HTTP header flows into file_get_contents, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to read arbitrary files.", - "markdown": "Unsanitized input from {0} {1} into {2}, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to read arbitrary files.", - "arguments": [ - "[an HTTP header](0)", - "[flows](1),(2),(3),(4),(5),(6),(7)", - "[file_get_contents](8)" - ] - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/Modules/Functions.php", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "startLine": 309, - "endLine": 309, - "startColumn": 12, - "endColumn": 272 - } - } - } - ], - "fingerprints": { - "0": "63cd4dd5570879168099c7877c692df8878a9473c90f04e71c34d75ba8ffbf59", - "1": "80f1517a.464a7316.c3dea7ce.f18a7ecf.20a8e692.39e0148c.480b110d.be170d97.43f154ae.abf264c1.2173882d.abd479c7.20a8e692.c1b6b7bc.b2a0b7cd.58bf5da9" - }, - "codeFlows": [ - { - "threadFlows": [ - { - "locations": [ + }, { "location": { - "id": 0, + "id": 2, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 301, - "endLine": 301, - "startColumn": 22, - "endColumn": 53 + "startLine": 17, + "endLine": 17, + "startColumn": 57, + "endColumn": 64 } } } }, { "location": { - "id": 1, + "id": 3, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 301, - "endLine": 301, - "startColumn": 22, - "endColumn": 53 + "startLine": 17, + "endLine": 17, + "startColumn": 69, + "endColumn": 76 } } } }, { "location": { - "id": 2, + "id": 4, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 301, - "endLine": 301, - "startColumn": 15, - "endColumn": 60 + "startLine": 17, + "endLine": 17, + "startColumn": 69, + "endColumn": 81 } } } }, { "location": { - "id": 3, + "id": 5, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 301, - "endLine": 301, - "startColumn": 9, - "endColumn": 11 + "startLine": 17, + "endLine": 17, + "startColumn": 69, + "endColumn": 83 } } } }, { "location": { - "id": 4, + "id": 6, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 309, - "endLine": 309, - "startColumn": 194, - "endColumn": 196 + "startLine": 17, + "endLine": 17, + "startColumn": 5, + "endColumn": 55 } } } }, { "location": { - "id": 5, + "id": 7, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 309, - "endLine": 309, - "startColumn": 30, - "endColumn": 196 + "startLine": 17, + "endLine": 17, + "startColumn": 91, + "endColumn": 94 } } } }, { "location": { - "id": 6, + "id": 8, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 309, - "endLine": 309, - "startColumn": 30, - "endColumn": 210 + "startLine": 18, + "endLine": 18, + "startColumn": 13, + "endColumn": 16 } } } }, { "location": { - "id": 7, + "id": 9, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 309, - "endLine": 309, - "startColumn": 30, - "endColumn": 226 + "startLine": 26, + "endLine": 26, + "startColumn": 49, + "endColumn": 57 } } } }, { "location": { - "id": 8, + "id": 10, "physicalLocation": { "artifactLocation": { - "uri": "src/Modules/Functions.php", + "uri": "Public/assets/js/formContentUpdate.js", "uriBaseId": "%SRCROOT%" }, "region": { - "startLine": 309, - "endLine": 309, - "startColumn": 12, - "endColumn": 272 + "startLine": 26, + "endLine": 26, + "startColumn": 9, + "endColumn": 57 } } } @@ -2015,8 +1813,12 @@ } ], "properties": { - "priorityScore": 815, + "priorityScore": 923, "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, { "label": true, "type": "hotFileSource" @@ -2024,6 +1826,10 @@ { "label": true, "type": "fixExamples" + }, + { + "label": true, + "type": "commonlyFixed" } ] } @@ -2037,7 +1843,7 @@ "lang": "PHP" }, { - "files": 1, + "files": 3, "isSupported": true, "lang": "JavaScript" } diff --git a/.version b/.version index 0a7cef5..20b1bbc 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -{ "BRANCH": "main", "VERSION":"1.1.5" } \ No newline at end of file +{ "BRANCH": "main", "VERSION":"1.1.6" } \ No newline at end of file diff --git a/Modules/Functions.php b/Modules/Functions.php index e5ab7a6..b247b4f 100644 --- a/Modules/Functions.php +++ b/Modules/Functions.php @@ -22,36 +22,6 @@ function ifTextBoxDisabled() echo "disabled"; } } -function determineMessageContent() -{ - if (getRecord("encrypted_contents", htmlspecialchars($_GET["key"]), ENT_QUOTES, 'UTF-8') == null) { - header("Location: 404"); - } else { - if (!isset($_GET["confirm"])) { - echo ' -
    - ' . translate("Decrypt & View Message?", "en") . ' -
    - - ' . translate("View Message", "en") . ' - '; - } else { - echo ' -
    - ' . translate("This message has been destroyed!", "en") . ' -
    - -
    - - - ' . translate("Return Home", "en") . ' - '; - destroyRecord(htmlspecialchars($_GET["key"], ENT_QUOTES, 'UTF-8')); // destroy record - } - } -} function getSubmittedKey() { error_reporting(0); // disable error reporting @@ -65,28 +35,6 @@ function getSubmittedKey() } error_reporting(E_ALL); // enable error reporting } -function determineSubmissionFooter() -{ - if (isset($_GET["submitted"])) { - echo ' -
    -

    - ' . translate("Share this link anywhere on the internet. The message will be automatically destroyed once viewed.", "en") . ' -

    - - - ' . translate("Create New", "en") . ' - '; - } else { - echo ' -
    - '; - } -} function determineSystemVersion() { if (!file_exists("./.version")) { @@ -96,10 +44,14 @@ function determineSystemVersion() } $thisVersion = json_decode(file_get_contents("./.version", true), true); $latestVersion = json_decode(file_get_contents("https://raw.githubusercontent.com/axtonprice-dev/quickblaze-encrypt/" . filter_var(htmlspecialchars($thisVersion["BRANCH"]), FILTER_SANITIZE_FULL_SPECIAL_CHARS) . "/.version?cacheUpdate=" . rand(0, 100), true), true); - if ($thisVersion["VERSION"] != $latestVersion["VERSION"]) { - return 'v' . $thisVersion["VERSION"] . ' (Outdated!)'; + if ($thisVersion["BRANCH"] == "dev" && $thisVersion["VERSION"] != $latestVersion["VERSION"]) { + return 'v' . $thisVersion["VERSION"] . ' (' . translate("Unreleased") . '!)'; } else { - return 'v' . $thisVersion["VERSION"] . ''; + if ($thisVersion["BRANCH"] == "main" && $thisVersion["VERSION"] != $latestVersion["VERSION"]) { + return 'v' . $thisVersion["VERSION"] . ' (' . translate("Outdated") . '!)'; + } else { + return 'v' . $thisVersion["VERSION"] . ''; + } } } function generateKey($length) @@ -126,6 +78,10 @@ function decryptData($encryption_key) // getRecord("encrypted_contents", $dataKe function setupStorageMethod() { error_reporting(0); // disable error reporting + if(!file_exists("./.config")) { // Check if config file is present + touch("./.config"); // Create config file if not present + file_put_contents("./.config", '{ "STORAGE_METHOD": "mysql", "LANGUAGE": "auto" }'); // Set contents of new config file + } $configuration = json_decode(file_get_contents("./.config", true), true); if (strtolower($configuration["LANGUAGE"]) == "") { require "./Public/Error/ServerConfiguration.php"; // throw error page if no language is provided @@ -185,8 +141,10 @@ function setupStorageMethod() } function insertRecord($encrypted_contents, $encryption_token) { + error_reporting(0); $configuration = json_decode(file_get_contents("./.config", true), true); $json = json_decode(file_get_contents("./Modules/Database.env", true), true); + if($_SERVER['HTTP_CF_CONNECTING_IP'] == "" || !isset($_SERVER['HTTP_CF_CONNECTING_IP'])) $_SERVER['HTTP_CF_CONNECTING_IP'] = $_SERVER["REMOTE_ADDR"]; if (strtolower($configuration["STORAGE_METHOD"]) == "mysql") { $mysqli = new mysqli($json["HOSTNAME"], $json["USERNAME"], $json["PASSWORD"], $json["DATABASE"]); if ($mysqli->connect_errno) { @@ -294,8 +252,9 @@ function getRecord($dataToFetch, $encryption_token) } /* Translation Feature */ -function translate($q, $sl) +function translate($q) { + $sl = "en"; // Default language $configuration = json_decode(file_get_contents("./.config", true), true); if ($configuration["LANGUAGE"] == "auto") { $tl = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2); diff --git a/Public/Error/403.php b/Public/Error/403.php index 701c772..bfe1fb5 100644 --- a/Public/Error/403.php +++ b/Public/Error/403.php @@ -5,7 +5,7 @@ - "> + "> QuickBlaze @@ -118,8 +118,8 @@
    -

    -

    +

    +

    diff --git a/Public/Error/404.php b/Public/Error/404.php index b9005de..60cd323 100644 --- a/Public/Error/404.php +++ b/Public/Error/404.php @@ -5,7 +5,7 @@ - "> + "> QuickBlaze @@ -19,10 +19,10 @@

    404

    -
    +

    - +

    GitHub • @@ -36,7 +36,7 @@ - - + + + diff --git a/Public/processForm.php b/Public/processForm.php index 62ebbc5..32d59a0 100644 --- a/Public/processForm.php +++ b/Public/processForm.php @@ -1,4 +1,10 @@ \ No newline at end of file +error_reporting(0); + +if ($_GET["action"] == "decrypt" && $_GET["key"]) { + echo '{"response": "' . htmlspecialchars(decryptData(htmlspecialchars($_GET["key"]))) . '", "key": "' . $_GET["key"] . '"}'; + destroyRecord(htmlspecialchars($_GET["key"], ENT_QUOTES, 'UTF-8')); // destroy record +} else { + echo '{"response": "' . processData($_GET["data"]) . '"}'; +} diff --git a/Public/view.php b/Public/view.php index c09a496..dc6ef6d 100644 --- a/Public/view.php +++ b/Public/view.php @@ -5,25 +5,47 @@ - "> + "> QuickBlaze - + - - + +

    - +

    QuickBlaze

    -
    +


    - + +
    +
    + +
    + +
    + +

    GitHub • @@ -35,26 +57,16 @@

    -
    +
    + - - + + + diff --git a/README.md b/README.md index c95ae0d..992ae3d 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ License: MIT - License: Total Lines + Discord: axtonprice