diff --git a/lib/Configuration.php b/lib/Configuration.php index c7c8451..ef8eda3 100644 --- a/lib/Configuration.php +++ b/lib/Configuration.php @@ -55,7 +55,7 @@ class Configuration 'qrcode' => true, 'icon' => 'identicon', 'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:; referrer no-referrer; sandbox allow-same-origin allow-scripts allow-forms allow-popups', - 'zerobincompatibility' => false, + 'zerobincompatibility' => false ), 'expire' => array( 'default' => '1week', diff --git a/lib/Model/Paste.php b/lib/Model/Paste.php index 1bac7c8..6c3aab5 100644 --- a/lib/Model/Paste.php +++ b/lib/Model/Paste.php @@ -14,6 +14,7 @@ namespace PrivateBin\Model; use Exception; use PrivateBin\Persistence\ServerSalt; +use PrivateBin\Persistence\WebServer; use PrivateBin\PrivateBin; use PrivateBin\Sjcl; @@ -89,7 +90,8 @@ class Paste extends AbstractModel } $this->_data->meta->postdate = time(); - $this->_data->meta->salt = serversalt::generate(); + $this->_data->meta->salt = ServerSalt::generate(); + $this->_data->webserver = WebServer::restrictAccessTo(); // store paste if ( diff --git a/lib/Persistence/AbstractPersistence.php b/lib/Persistence/AbstractPersistence.php index 2e31622..3c29cd3 100644 --- a/lib/Persistence/AbstractPersistence.php +++ b/lib/Persistence/AbstractPersistence.php @@ -88,15 +88,17 @@ abstract class AbstractPersistence throw new Exception('unable to create directory ' . self::$_path, 10); } } - $file = self::$_path . DIRECTORY_SEPARATOR . '.htaccess'; - if (!is_file($file)) { - $writtenBytes = @file_put_contents( - $file, - 'Require all denied' . PHP_EOL, - LOCK_EX - ); - if ($writtenBytes === false || $writtenBytes < 19) { - throw new Exception('unable to write to file ' . $file, 11); + if (property_exists($data->meta, 'webserver') && $data->meta->webserver && $this->_conf->getKey('webserver') == "Apache") { + $file = self::$_path . DIRECTORY_SEPARATOR . '.htaccess'; + if (!is_file($file)) { + $writtenBytes = @file_put_contents( + $file, + 'Require all denied' . PHP_EOL, + LOCK_EX + ); + if ($writtenBytes === false || $writtenBytes < 19) { + throw new Exception('unable to write to file ' . $file, 11); + } } } } diff --git a/lib/Persistence/WebServer.php b/lib/Persistence/WebServer.php new file mode 100644 index 0000000..8ef44ab --- /dev/null +++ b/lib/Persistence/WebServer.php @@ -0,0 +1,88 @@ +\w+)\/(?[0-9.a-z]*)/"; + + if(isset($_SERVER[self::$_serverKey]) && preg_match_all($regex, $_SERVER[self::$_serverKey], $arr)) + return array_merge(['software' => $arr['software'][0]], ['version' => $arr['version'][0]]); + else + return array(); + } + + /** + * Write a directive into .htacess + * + * + * @access public + * @static + * @throws Exception + */ + public static function restrictAccessTo() + { + $file = '.htaccess'; + if (is_dir(self::$path) && !is_file($file)) { + $server = self::getWebserver(); + if($server['software'] == "Apache") { + if (version_compare($server['version'], '2.2') >= 0) { + self::_store( + $file, + 'Allow from none' . PHP_EOL . + 'Deny from all' . PHP_EOL, + LOCK_EX + ); + } else { + self::_store( + $file, + 'Require all denied' . PHP_EOL, + LOCK_EX + ); + } + } + } + } +}