From f23b1222dd8e296858a45384185c2175a0aaf7cd Mon Sep 17 00:00:00 2001
From: magikcypress <cyp@rouquin.me>
Date: Sat, 20 May 2017 18:59:17 +0200
Subject: [PATCH] [enh] Create .htaccess into data #222

---
 cfg/conf.ini.sample           |  4 --
 lib/Configuration.php         |  3 +-
 lib/Model/Paste.php           |  2 +
 lib/Persistence/WebServer.php | 90 +++++++++++++++++++++++++++++++++++
 4 files changed, 93 insertions(+), 6 deletions(-)
 create mode 100644 lib/Persistence/WebServer.php

diff --git a/cfg/conf.ini.sample b/cfg/conf.ini.sample
index d2a8033..d457b89 100644
--- a/cfg/conf.ini.sample
+++ b/cfg/conf.ini.sample
@@ -75,10 +75,6 @@ languageselection = false
 ; sha256 in HMAC for the deletion token
 zerobincompatibility = false
 
-; allows you to specify the name of the web server you are using to use PrivateBin.
-; if you use Nginx, uncomment and add nginx.
-; webserver = "Nginx"
-
 [expire]
 ; expire value that is selected per default
 ; make sure the value exists in [expire_options]
diff --git a/lib/Configuration.php b/lib/Configuration.php
index 1a7fee2..940c083 100644
--- a/lib/Configuration.php
+++ b/lib/Configuration.php
@@ -53,8 +53,7 @@ class Configuration
             'urlshortener'             => '',
             'icon'                     => 'identicon',
             'cspheader'                => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:; referrer no-referrer; sandbox allow-same-origin allow-scripts allow-forms allow-popups',
-            'zerobincompatibility'     => false,
-            'webserver'                => 'Apache',
+            'zerobincompatibility'     => false
         ),
         'expire' => array(
             'default' => '1week',
diff --git a/lib/Model/Paste.php b/lib/Model/Paste.php
index fae808e..3af7dc9 100644
--- a/lib/Model/Paste.php
+++ b/lib/Model/Paste.php
@@ -14,6 +14,7 @@ namespace PrivateBin\Model;
 
 use Exception;
 use PrivateBin\Persistence\ServerSalt;
+use PrivateBin\Persistence\WebServer;
 use PrivateBin\PrivateBin;
 use PrivateBin\Sjcl;
 
@@ -90,6 +91,7 @@ class Paste extends AbstractModel
 
         $this->_data->meta->postdate = time();
         $this->_data->meta->salt     = serversalt::generate();
+        $this->_data->webserver      = WebServer::canHtaccess();
 
         // store paste
         if (
diff --git a/lib/Persistence/WebServer.php b/lib/Persistence/WebServer.php
new file mode 100644
index 0000000..d59a38e
--- /dev/null
+++ b/lib/Persistence/WebServer.php
@@ -0,0 +1,90 @@
+<?php
+/**
+ * PrivateBin
+ *
+ * a zero-knowledge paste bin
+ *
+ * @link      https://github.com/PrivateBin/PrivateBin
+ * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
+ * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
+ * @version   1.1
+ */
+
+namespace PrivateBin\Persistence;
+
+/**
+ * WebServer
+ *
+ * Provides detect webserver functions.
+ */
+class WebServer extends AbstractPersistence
+{
+    /**
+     * path in which to persist something
+     *
+     * @access private
+     * @static
+     * @var    string
+     */
+    private static $_path = 'data';
+
+    /**
+     * key to detect server software
+     *
+     * @access private
+     * @static
+     * @var    string
+     */
+    private static $_serverKey = 'SERVER_SOFTWARE';
+
+    /**
+     * get a webserver
+     *
+     * @access public
+     * @static
+     * @return array
+     */
+    public static function getWebserver()
+    {
+        $regex = "/(?<software>\w+)\/(?<version>[0-9.a-z]*)/";
+
+        if(isset($_SERVER[self::$_serverKey]) && preg_match_all($regex, $_SERVER[self::$_serverKey], $arr))
+            return array_merge(['software' => $arr['software'][0]], ['version' => $arr['version'][0]]);
+        else
+            return array();
+    }
+
+    /**
+     * Write a directive into .htacess
+     *
+     *
+     * @access public
+     * @static
+     * @throws Exception
+     */
+    public static function canHtaccess()
+    {
+        $file = '.htaccess';
+        if (is_dir(self::$_path) && !is_file($file)) {
+            $server = self::getWebserver();
+            if($server['software'] == "Apache") {
+                $pattern = '/2.4/';
+                $regex = preg_match($pattern, $server['version']);
+                if($regex == false) {
+                    self::_store(
+                        $file,
+                        'Allow from none' . PHP_EOL .
+                        'Deny from all' . PHP_EOL,
+                        LOCK_EX
+                    );
+                } else {
+                    self::_store(
+                        $file,
+                        'Require all denied' . PHP_EOL,
+                        LOCK_EX
+                    );
+                }
+            }
+        }
+    }
+}