public function testSlowEquals()
{
$this->assertTrue(filter::slow_equals('foo', 'foo'), 'same string');
$this->assertFalse(filter::slow_equals('foo', true), 'string and boolean');
$this->assertFalse(filter::slow_equals('foo', 0), 'string and integer');
$this->assertFalse(filter::slow_equals('123foo', 123), 'string and integer');
$this->assertFalse(filter::slow_equals('123foo', '123'), 'different strings');
$this->assertFalse(filter::slow_equals('6', ' 6'), 'strings with space');
$this->assertFalse(filter::slow_equals('4.2', '4.20'), 'floats as strings');
$this->assertFalse(filter::slow_equals('1e3', '1000'), 'integers as strings');
$this->assertFalse(filter::slow_equals('9223372036854775807', '9223372036854775808'), 'large integers as strings');
$this->assertFalse(filter::slow_equals('61529519452809720693702583126814', '61529519452809720000000000000000'), 'larger integers as strings');
}
/**
* Delete an existing paste
*
* @access private
* @param string $dataid
* @param string $deletetoken
* @return void
*/
private function _delete($dataid, $deletetoken)
{
// Is this a valid paste identifier?
if (!filter::is_valid_paste_id($dataid)) {
$this->_error = 'Invalid paste ID.';
return;
}
// Check that paste exists.
if (!$this->_model()->exists($dataid)) {
$this->_error = 'Paste does not exist, has expired or has been deleted.';
return;
}
// Make sure token is valid.
if (filter::slow_equals($deletetoken, hash_hmac('sha1', $dataid, serversalt::get()))) {
$this->_error = 'Wrong deletion token. Paste was not deleted.';
return;
}
// Paste exists and deletion token is valid: Delete the paste.
$this->_model()->delete($dataid);
$this->_status = 'Paste was properly deleted.';
}
/**
* Delete an existing paste
*
* @access private
* @param string $dataid
* @param string $deletetoken
* @return void
*/
private function _delete($dataid, $deletetoken)
{
// Is this a valid paste identifier?
if (!filter::is_valid_paste_id($dataid)) {
$this->_error = 'Invalid paste ID.';
return;
}
// Check that paste exists.
if (!$this->_model()->exists($dataid)) {
$this->_error = self::GENERIC_ERROR;
return;
}
// Get the paste itself.
$paste = $this->_model()->read($dataid);
// See if paste has expired.
if (isset($paste->meta->expire_date) && $paste->meta->expire_date < time()) {
// Delete the paste
$this->_model()->delete($dataid);
$this->_error = self::GENERIC_ERROR;
return;
}
if ($deletetoken == 'burnafterreading') {
if (isset($paste->meta->burnafterreading) && $paste->meta->burnafterreading) {
// Delete the paste
$this->_model()->delete($dataid);
$this->_return_message(0, $dataid);
} else {
$this->_return_message(1, 'Paste is not of burn-after-reading type.');
}
return;
}
// Make sure token is valid.
serversalt::setPath($this->_conf['traffic']['dir']);
if (!filter::slow_equals($deletetoken, hash_hmac('sha1', $dataid, serversalt::get()))) {
$this->_error = 'Wrong deletion token. Paste was not deleted.';
return;
}
// Paste exists and deletion token is valid: Delete the paste.
$this->_model()->delete($dataid);
$this->_status = 'Paste was properly deleted.';
}
/**
* Delete an existing paste
*
* @access private
* @param string $dataid
* @param string $deletetoken
* @return void
*/
private function _delete($dataid, $deletetoken)
{
try {
$paste = $this->_model->getPaste($dataid);
if ($paste->exists()) {
// accessing this property ensures that the paste would be
// deleted if it has already expired
$burnafterreading = $paste->isBurnafterreading();
if ($deletetoken == 'burnafterreading') {
if ($burnafterreading) {
$paste->delete();
$this->_return_message(0, $dataid);
} else {
$this->_return_message(1, 'Paste is not of burn-after-reading type.');
}
} else {
// Make sure the token is valid.
serversalt::setPath($this->_conf->getKey('dir', 'traffic'));
if (filter::slow_equals($deletetoken, $paste->getDeleteToken())) {
// Paste exists and deletion token is valid: Delete the paste.
$paste->delete();
$this->_status = 'Paste was properly deleted.';
} else {
$this->_error = 'Wrong deletion token. Paste was not deleted.';
}
}
} else {
$this->_error = self::GENERIC_ERROR;
}
} catch (Exception $e) {
$this->_error = $e->getMessage();
}
}
