updated base64.js to version 2.1.9, using minified version found at

9192c510f5/base64.min.js
kudos Dan Kogai

small improvements to input checking
implementing default values for most configuration options
switching to versioned JS files to avoid version hack used in template

cfg/conf.ini

@@ -8,21 +8,25 @@
 ; @version   0.18
 
 [main]
-; enable or disable discussions
+; enable or disable discussions, defaults to true
 opendiscussion = true
 
-; enable or disable syntax highlighting
+; enable or disable syntax highlighting, defaults to true
 syntaxhighlighting = true
 
-; preselect the burn-after-reading feature by default
+; preselect the burn-after-reading feature by default, defaults to false
 burnafterreadingselected = false
 
-; size limit per paste or comment in bytes, default is 2 Mibibytes
+; size limit per paste or comment in bytes, defaults to 2 Mibibytes
 sizelimit = 2097152
 
 ; template to include, default is "page" (tpl/page.html)
 template = "page"
 
+; base64.js library version, defaults to 2.1.9
+; use "1.7" if you are upgrading from a ZeroBin Alpha 0.19 installation
+base64version = "2.1.9"
+
 [expire]
 ; expire value that is selected per default
 ; make sure the value exists in [expire_options]

js/base64-2.1.9.js

@@ -0,0 +1 @@
+(function(global){"use strict";var _Base64=global.Base64;var version="2.1.9";var buffer;if(typeof module!=="undefined"&&module.exports){try{buffer=require("buffer").Buffer}catch(err){}}var b64chars="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";var b64tab=function(bin){var t={};for(var i=0,l=bin.length;i<l;i++)t[bin.charAt(i)]=i;return t}(b64chars);var fromCharCode=String.fromCharCode;var cb_utob=function(c){if(c.length<2){var cc=c.charCodeAt(0);return cc<128?c:cc<2048?fromCharCode(192|cc>>>6)+fromCharCode(128|cc&63):fromCharCode(224|cc>>>12&15)+fromCharCode(128|cc>>>6&63)+fromCharCode(128|cc&63)}else{var cc=65536+(c.charCodeAt(0)-55296)*1024+(c.charCodeAt(1)-56320);return fromCharCode(240|cc>>>18&7)+fromCharCode(128|cc>>>12&63)+fromCharCode(128|cc>>>6&63)+fromCharCode(128|cc&63)}};var re_utob=/[\uD800-\uDBFF][\uDC00-\uDFFFF]|[^\x00-\x7F]/g;var utob=function(u){return u.replace(re_utob,cb_utob)};var cb_encode=function(ccc){var padlen=[0,2,1][ccc.length%3],ord=ccc.charCodeAt(0)<<16|(ccc.length>1?ccc.charCodeAt(1):0)<<8|(ccc.length>2?ccc.charCodeAt(2):0),chars=[b64chars.charAt(ord>>>18),b64chars.charAt(ord>>>12&63),padlen>=2?"=":b64chars.charAt(ord>>>6&63),padlen>=1?"=":b64chars.charAt(ord&63)];return chars.join("")};var btoa=global.btoa?function(b){return global.btoa(b)}:function(b){return b.replace(/[\s\S]{1,3}/g,cb_encode)};var _encode=buffer?function(u){return(u.constructor===buffer.constructor?u:new buffer(u)).toString("base64")}:function(u){return btoa(utob(u))};var encode=function(u,urisafe){return!urisafe?_encode(String(u)):_encode(String(u)).replace(/[+\/]/g,function(m0){return m0=="+"?"-":"_"}).replace(/=/g,"")};var encodeURI=function(u){return encode(u,true)};var re_btou=new RegExp(["[À-ß][€-¿]","[à-ï][€-¿]{2}","[ð-÷][€-¿]{3}"].join("|"),"g");var cb_btou=function(cccc){switch(cccc.length){case 4:var cp=(7&cccc.charCodeAt(0))<<18|(63&cccc.charCodeAt(1))<<12|(63&cccc.charCodeAt(2))<<6|63&cccc.charCodeAt(3),offset=cp-65536;return fromCharCode((offset>>>10)+55296)+fromCharCode((offset&1023)+56320);case 3:return fromCharCode((15&cccc.charCodeAt(0))<<12|(63&cccc.charCodeAt(1))<<6|63&cccc.charCodeAt(2));default:return fromCharCode((31&cccc.charCodeAt(0))<<6|63&cccc.charCodeAt(1))}};var btou=function(b){return b.replace(re_btou,cb_btou)};var cb_decode=function(cccc){var len=cccc.length,padlen=len%4,n=(len>0?b64tab[cccc.charAt(0)]<<18:0)|(len>1?b64tab[cccc.charAt(1)]<<12:0)|(len>2?b64tab[cccc.charAt(2)]<<6:0)|(len>3?b64tab[cccc.charAt(3)]:0),chars=[fromCharCode(n>>>16),fromCharCode(n>>>8&255),fromCharCode(n&255)];chars.length-=[0,0,2,1][padlen];return chars.join("")};var atob=global.atob?function(a){return global.atob(a)}:function(a){return a.replace(/[\s\S]{1,4}/g,cb_decode)};var _decode=buffer?function(a){return(a.constructor===buffer.constructor?a:new buffer(a,"base64")).toString()}:function(a){return btou(atob(a))};var decode=function(a){return _decode(String(a).replace(/[-_]/g,function(m0){return m0=="-"?"+":"/"}).replace(/[^A-Za-z0-9\+\/]/g,""))};var noConflict=function(){var Base64=global.Base64;global.Base64=_Base64;return Base64};global.Base64={VERSION:version,atob:atob,btoa:btoa,fromBase64:decode,toBase64:encode,utob:utob,encode:encode,encodeURI:encodeURI,btou:btou,decode:decode,noConflict:noConflict};if(typeof Object.defineProperty==="function"){var noEnum=function(v){return{value:v,enumerable:false,writable:true,configurable:true}};global.Base64.extendString=function(){Object.defineProperty(String.prototype,"fromBase64",noEnum(function(){return decode(this)}));Object.defineProperty(String.prototype,"toBase64",noEnum(function(urisafe){return encode(this,urisafe)}));Object.defineProperty(String.prototype,"toBase64URI",noEnum(function(){return encode(this,true)}))}}if(global["Meteor"]){Base64=global.Base64}})(this);

lib/persistence.php

@@ -87,7 +87,8 @@ abstract class persistence
             file_put_contents(
                 $file,
                 'Allow from none' . PHP_EOL .
-                'Deny from all'. PHP_EOL
+                'Deny from all'. PHP_EOL,
+                LOCK_EX
             );
         }
     }

lib/zerobin.php

@@ -110,11 +110,17 @@ class zerobin
             if (!is_file(PATH . $dir . '/.htaccess')) file_put_contents(
                 PATH . $dir . '/.htaccess',
                 'Allow from none' . PHP_EOL .
-                'Deny from all'. PHP_EOL
+                'Deny from all'. PHP_EOL,
+                LOCK_EX
             );
         }
 
         $this->_conf = parse_ini_file(PATH . 'cfg/conf.ini', true);
+        foreach (array('main', 'model') as $section) {
+            if (!array_key_exists($section, $this->_conf)) die(
+                "ZeroBin requires configuration section [$section] to be present in configuration file."
+            );
+        }
         $this->_model = $this->_conf['model']['class'];
     }
 
@@ -171,14 +177,13 @@ class zerobin
         );
 
         // Make sure content is not too big.
+        $sizelimit = (int) $this->_getMainConfig('sizelimit', 2097152);
         if (
-            strlen($data) > $this->_conf['main']['sizelimit']
+            strlen($data) > $sizelimit
         ) $this->_return_message(
             1,
             'Paste is limited to ' .
-            $this->_conf['main']['sizelimit'] .
-            ' ' .
-            filter::size_humanreadable($this->_conf['main']['sizelimit']) .
+            filter::size_humanreadable($sizelimit) .
             ' of encrypted data.'
         );
 
@@ -191,8 +196,9 @@ class zerobin
         // Read expiration date
         if (!empty($_POST['expire']))
         {
-            if (array_key_exists($_POST['expire'], $this->_conf['expire_options'])) {
-                $expire = $this->_conf['expire_options'][$_POST['expire']];
+            $selected_expire = (string) $_POST['expire'];
+            if (array_key_exists($selected_expire, $this->_conf['expire_options'])) {
+                $expire = $this->_conf['expire_options'][$selected_expire];
             } else {
                 $expire = $this->_conf['expire_options'][$this->_conf['expire']['default']];
             }
@@ -203,9 +209,9 @@ class zerobin
         if (!empty($_POST['burnafterreading']))
         {
             $burnafterreading = $_POST['burnafterreading'];
-            if ($burnafterreading != '0')
+            if ($burnafterreading !== '0')
             {
-                if ($burnafterreading != '1') $error = true;
+                if ($burnafterreading !== '1') $error = true;
                 $meta['burnafterreading'] = true;
             }
         }
@@ -214,9 +220,9 @@ class zerobin
         if ($this->_conf['main']['opendiscussion'] && !empty($_POST['opendiscussion']))
         {
             $opendiscussion = $_POST['opendiscussion'];
-            if ($opendiscussion != 0)
+            if ($opendiscussion !== '0')
             {
-                if ($opendiscussion != 1) $error = true;
+                if ($opendiscussion !== '1') $error = true;
                 $meta['opendiscussion'] = true;
             }
         }
@@ -269,8 +275,8 @@ class zerobin
             !empty($_POST['pasteid'])
         )
         {
-            $pasteid  = $_POST['pasteid'];
-            $parentid = $_POST['parentid'];
+            $pasteid  = (string) $_POST['pasteid'];
+            $parentid = (string) $_POST['parentid'];
             if (
                 !filter::is_valid_paste_id($pasteid) ||
                 !filter::is_valid_paste_id($parentid)
@@ -458,19 +464,35 @@ class zerobin
                 $key;
         }
 
-        RainTPL::$path_replace = false;
         $page = new RainTPL;
+        $page::$path_replace = false;
         // we escape it here because ENT_NOQUOTES can't be used in RainTPL templates
         $page->assign('CIPHERDATA', htmlspecialchars($this->_data, ENT_NOQUOTES));
         $page->assign('ERROR', $this->_error);
         $page->assign('STATUS', $this->_status);
         $page->assign('VERSION', self::VERSION);
-        $page->assign('BURNAFTERREADINGSELECTED', $this->_conf['main']['burnafterreadingselected']);
-        $page->assign('OPENDISCUSSION', $this->_conf['main']['opendiscussion']);
-        $page->assign('SYNTAXHIGHLIGHTING', $this->_conf['main']['syntaxhighlighting']);
+        $page->assign('OPENDISCUSSION', $this->_getMainConfig('opendiscussion', true));
+        $page->assign('SYNTAXHIGHLIGHTING', $this->_getMainConfig('syntaxhighlighting', true));
+        $page->assign('BURNAFTERREADINGSELECTED', $this->_getMainConfig('burnafterreadingselected', false));
+        $page->assign('BASE64JSVERSION', $this->_getMainConfig('base64version', '2.1.9'));
         $page->assign('EXPIRE', $expire);
         $page->assign('EXPIREDEFAULT', $this->_conf['expire']['default']);
-        $page->draw($this->_conf['main']['template']);
+        $page->draw($this->_getMainConfig('template', 'page'));
+    }
+
+    /**
+     * get configuration option from [main] section, optionally set a default
+     *
+     * @access private
+     * @param  string $option
+     * @param  mixed $default (optional)
+     * @return mixed
+     */
+    private function _getMainConfig($option, $default = false)
+    {
+        return array_key_exists($option, $this->_conf['main']) ?
+            $this->_conf['main'][$option] :
+            $default;
     }
 
     /**

tpl/page.html

@@ -4,15 +4,15 @@
 		<meta charset="utf-8" />
 		<meta name="robots" content="noindex" />
 		<title>ZeroBin</title>
-		<link type="text/css" rel="stylesheet" href="css/zerobin.css?{$VERSION|rawurlencode}#" />
-		<link type="text/css" rel="stylesheet" href="css/prettify.css?{$VERSION|rawurlencode}#" />
-		<script type="text/javascript" src="js/jquery.js?{$VERSION|rawurlencode}#"></script>
-		<script type="text/javascript" src="js/sjcl.js?{$VERSION|rawurlencode}#"></script>
-		<script type="text/javascript" src="js/base64.js?{$VERSION|rawurlencode}#"></script>
-		<script type="text/javascript" src="js/rawdeflate.js?{$VERSION|rawurlencode}#"></script>
-		<script type="text/javascript" src="js/rawinflate.js?{$VERSION|rawurlencode}#"></script>{if="$SYNTAXHIGHLIGHTING"}
-		<script type="text/javascript" src="js/prettify.js?{$VERSION|rawurlencode}#"></script>{/if}
-		<script type="text/javascript" src="js/zerobin.js?{$VERSION|rawurlencode}#"></script>
+		<link type="text/css" rel="stylesheet" href="css/zerobin.css?{$VERSION|rawurlencode}" />{if="$SYNTAXHIGHLIGHTING"}
+		<link type="text/css" rel="stylesheet" href="css/prettify.css?{$VERSION|rawurlencode}" />{/if}
+		<script type="text/javascript" src="js/jquery-1.11.3.js"></script>
+		<script type="text/javascript" src="js/sjcl-1.0.2.js"></script>
+		<script type="text/javascript" src="js/base64-{$BASE64JSVERSION}.js"></script>
+		<script type="text/javascript" src="js/rawdeflate.js?{$VERSION|rawurlencode}"></script>
+		<script type="text/javascript" src="js/rawinflate.js?{$VERSION|rawurlencode}"></script>{if="$SYNTAXHIGHLIGHTING"}
+		<script type="text/javascript" src="js/prettify.js?{$VERSION|rawurlencode}"></script>{/if}
+		<script type="text/javascript" src="js/zerobin.js?{$VERSION|rawurlencode}"></script>
 		<!--[if lt IE 10]>
 		<style> body {padding-left:60px;padding-right:60px;} div#ienotice {display:block;} </style>
 		<![endif]-->

tst/RainTPL.php

@@ -24,8 +24,8 @@ class RainTPLTest extends PHPUnit_Framework_TestCase
         /* Setup Routine */
         $page = new RainTPL;
         $page::configure(array('cache_dir' => 'tmp/'));
+        $page::$path_replace = false;
 
-        $page = new RainTPL;
         // We escape it here because ENT_NOQUOTES can't be used in RainTPL templates.
         $page->assign('CIPHERDATA', htmlspecialchars(self::$data, ENT_NOQUOTES));
         $page->assign('ERROR', self::$error);
@@ -34,6 +34,7 @@ class RainTPLTest extends PHPUnit_Framework_TestCase
         $page->assign('BURNAFTERREADINGSELECTED', false);
         $page->assign('OPENDISCUSSION', false);
         $page->assign('SYNTAXHIGHLIGHTING', true);
+        $page->assign('BASE64JSVERSION', '2.1.9');
         $page->assign('EXPIRE', self::$expire);
         $page->assign('EXPIREDEFAULT', self::$expire_default);
         ob_start();