public function testSlowEquals() { $this->assertTrue(filter::slow_equals('foo', 'foo'), 'same string'); $this->assertFalse(filter::slow_equals('foo', true), 'string and boolean'); $this->assertFalse(filter::slow_equals('foo', 0), 'string and integer'); $this->assertFalse(filter::slow_equals('123foo', 123), 'string and integer'); $this->assertFalse(filter::slow_equals('123foo', '123'), 'different strings'); $this->assertFalse(filter::slow_equals('6', ' 6'), 'strings with space'); $this->assertFalse(filter::slow_equals('4.2', '4.20'), 'floats as strings'); $this->assertFalse(filter::slow_equals('1e3', '1000'), 'integers as strings'); $this->assertFalse(filter::slow_equals('9223372036854775807', '9223372036854775808'), 'large integers as strings'); $this->assertFalse(filter::slow_equals('61529519452809720693702583126814', '61529519452809720000000000000000'), 'larger integers as strings'); }
/** * Delete an existing paste * * @access private * @param string $dataid * @param string $deletetoken * @return void */ private function _delete($dataid, $deletetoken) { // Is this a valid paste identifier? if (!filter::is_valid_paste_id($dataid)) { $this->_error = 'Invalid paste ID.'; return; } // Check that paste exists. if (!$this->_model()->exists($dataid)) { $this->_error = 'Paste does not exist, has expired or has been deleted.'; return; } // Make sure token is valid. if (filter::slow_equals($deletetoken, hash_hmac('sha1', $dataid, serversalt::get()))) { $this->_error = 'Wrong deletion token. Paste was not deleted.'; return; } // Paste exists and deletion token is valid: Delete the paste. $this->_model()->delete($dataid); $this->_status = 'Paste was properly deleted.'; }
/** * Delete an existing paste * * @access private * @param string $dataid * @param string $deletetoken * @return void */ private function _delete($dataid, $deletetoken) { // Is this a valid paste identifier? if (!filter::is_valid_paste_id($dataid)) { $this->_error = 'Invalid paste ID.'; return; } // Check that paste exists. if (!$this->_model()->exists($dataid)) { $this->_error = self::GENERIC_ERROR; return; } // Get the paste itself. $paste = $this->_model()->read($dataid); // See if paste has expired. if (isset($paste->meta->expire_date) && $paste->meta->expire_date < time()) { // Delete the paste $this->_model()->delete($dataid); $this->_error = self::GENERIC_ERROR; return; } if ($deletetoken == 'burnafterreading') { if (isset($paste->meta->burnafterreading) && $paste->meta->burnafterreading) { // Delete the paste $this->_model()->delete($dataid); $this->_return_message(0, $dataid); } else { $this->_return_message(1, 'Paste is not of burn-after-reading type.'); } return; } // Make sure token is valid. serversalt::setPath($this->_conf['traffic']['dir']); if (!filter::slow_equals($deletetoken, hash_hmac('sha1', $dataid, serversalt::get()))) { $this->_error = 'Wrong deletion token. Paste was not deleted.'; return; } // Paste exists and deletion token is valid: Delete the paste. $this->_model()->delete($dataid); $this->_status = 'Paste was properly deleted.'; }
/** * Delete an existing paste * * @access private * @param string $dataid * @param string $deletetoken * @return void */ private function _delete($dataid, $deletetoken) { try { $paste = $this->_model->getPaste($dataid); if ($paste->exists()) { // accessing this property ensures that the paste would be // deleted if it has already expired $burnafterreading = $paste->isBurnafterreading(); if ($deletetoken == 'burnafterreading') { if ($burnafterreading) { $paste->delete(); $this->_return_message(0, $dataid); } else { $this->_return_message(1, 'Paste is not of burn-after-reading type.'); } } else { // Make sure the token is valid. serversalt::setPath($this->_conf->getKey('dir', 'traffic')); if (filter::slow_equals($deletetoken, $paste->getDeleteToken())) { // Paste exists and deletion token is valid: Delete the paste. $paste->delete(); $this->_status = 'Paste was properly deleted.'; } else { $this->_error = 'Wrong deletion token. Paste was not deleted.'; } } } else { $this->_error = self::GENERIC_ERROR; } } catch (Exception $e) { $this->_error = $e->getMessage(); } }