Removed option to hide clone button on expiring pastes, since this requires reading the paste for rendering the template, which leaks information on the pastes state

6 years ago · d6f203dc4c
parent 05c1776ada
commit d6f203dc4c
7 changed files with 2 additions and 37 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -6,6 +6,7 @@
    * CHANGED: Minimum required PHP version is 5.4 (#186)
    * CHANGED: Shipped .htaccess files were updated for Apache 2.4 (#192)
    * CHANGED: Cleanup of bootstrap template variants and moved icons to `img` directory
+    * CHANGED: Removed option to hide clone button on expiring pastes, since this requires reading the paste for rendering the template, which leaks information on the pastes state
  * **1.1.1 (2017-10-06)**
    * CHANGED: Switched to `.php` file extension for configuration file, to avoid leaking configuration data in unprotected installation.
  * **1.1 (2016-12-26)**
--- a/cfg/conf.sample.php
+++ b/cfg/conf.sample.php
@ -81,10 +81,6 @@ zerobincompatibility = false
 ; make sure the value exists in [expire_options]
 default = "1week"

-; optionally the "clone" button can be disabled on expiring pastes
-; note that this only hides the button, copy & paste is still possible
-; clone = false
-
 [expire_options]
 ; Set each one of these to the number of seconds in the expiration period,
 ; or 0 if it should never expire
--- a/lib/Configuration.php
+++ b/lib/Configuration.php
@ -58,7 +58,6 @@ class Configuration
        ),
        'expire' => array(
            'default' => '1week',
-            'clone'   => true,
        ),
        'expire_options' => array(
            '5min'   => 300,
--- a/lib/PrivateBin.php
+++ b/lib/PrivateBin.php
@ -52,22 +52,6 @@ class PrivateBin
     */
    private $_conf;

-    /**
-     * data
-     *
-     * @access private
-     * @var    string
-     */
-    private $_data = '';
-
-    /**
-     * does the paste expire
-     *
-     * @access private
-     * @var    bool
-     */
-    private $_doesExpire = false;
-
    /**
     * error message
     *
@ -370,8 +354,7 @@ class PrivateBin
        try {
            $paste = $this->_model->getPaste($dataid);
            if ($paste->exists()) {
-                $data              = $paste->get();
-                $this->_doesExpire = property_exists($data, 'meta') && property_exists($data->meta, 'expire_date');
+                $data = $paste->get();
                if (property_exists($data->meta, 'salt')) {
                    unset($data->meta->salt);
                }
@ -440,7 +423,6 @@ class PrivateBin
        $page->assign('LANGUAGES', I18n::getLanguageLabels(I18n::getAvailableLanguages()));
        $page->assign('EXPIRE', $expire);
        $page->assign('EXPIREDEFAULT', $this->_conf->getKey('default', 'expire'));
-        $page->assign('EXPIRECLONE', !$this->_doesExpire || ($this->_doesExpire && $this->_conf->getKey('clone', 'expire')));
        $page->assign('URLSHORTENER', $this->_conf->getKey('urlshortener'));
        $page->assign('QRCODE', $this->_conf->getKey('qrcode'));
        $page->draw($this->_conf->getKey('template'));
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@ -164,15 +164,9 @@ else:
 endif;
 ?>
 						</button>
-<?php
-if ($EXPIRECLONE):
-?>
 						<button id="clonebutton" type="button" class="hidden btn btn-<?php echo $isDark ? 'warning' : 'default'; ?> navbar-btn">
 							<span class="glyphicon glyphicon-duplicate" aria-hidden="true"></span> <?php echo I18n::_('Clone'), PHP_EOL; ?>
 						</button>
-<?php
-endif;
-?>
 						<button id="rawtextbutton" type="button" class="hidden btn btn-<?php echo $isDark ? 'warning' : 'default'; ?> navbar-btn">
 							<span class="glyphicon glyphicon-text-background" aria-hidden="true"></span> <?php echo I18n::_('Raw text'), PHP_EOL; ?>
 						</button>
--- a/tpl/page.php
+++ b/tpl/page.php
@ -98,13 +98,7 @@ endif;
 					<button id="newbutton" class="reloadlink hidden"><img src="img/icon_new.png" width="11" height="15" alt="" /><?php echo I18n::_('New'); ?></button>
 					<button id="retrybutton" class="reloadlink hidden"><?php echo I18n::_('Retry'), PHP_EOL; ?></button>
 					<button id="sendbutton" class="hidden"><img src="img/icon_send.png" width="18" height="15" alt="" /><?php echo I18n::_('Send'); ?></button>
-<?php
-if ($EXPIRECLONE):
-?>
 					<button id="clonebutton" class="hidden"><img src="img/icon_clone.png" width="15" height="17" alt="" /><?php echo I18n::_('Clone'); ?></button>
-<?php
-endif;
-?>
 					<button id="rawtextbutton" class="hidden"><img src="img/icon_raw.png" width="15" height="15" alt="" /><?php echo I18n::_('Raw text'); ?></button>
 <?php
 if ($QRCODE):
--- a/tst/ViewTest.php
+++ b/tst/ViewTest.php
@ -53,7 +53,6 @@ class ViewTest extends PHPUnit_Framework_TestCase
        $page->assign('LANGUAGES', I18n::getLanguageLabels(I18n::getAvailableLanguages()));
        $page->assign('EXPIRE', self::$expire);
        $page->assign('EXPIREDEFAULT', self::$expire_default);
-        $page->assign('EXPIRECLONE', true);
        $page->assign('URLSHORTENER', '');
        $page->assign('QRCODE', true);