public function finalize() { if (!in_array($_SERVER['REQUEST_METHOD'], $this->request_methods)) { error405(); return; } $response = null; if ($this->text_html_strip && !is_html_useragent()) { if ($this->text_content_type) { header('Content-type: text/plain; charset=utf-8'); header('X-Content-Type-Options: nosniff'); } $response = $this->renderCLI(); } else { $response = ''; if ($this->wrap_html) { $title = idx($this->__help__, 'title', 'Welcome!'); $response .= "<!doctype html>\n"; $response .= '<html>'; $response .= ' <head>'; $response .= ' <meta charset="utf-8">'; $response .= ' <meta name="keywords" content="dagd,da.gd,url,' . 'shorten,shortening,open,source,foss,github">'; $response .= ' <meta name="description" content="The da.gd URL ' . 'shortening service">'; $response .= ' <title>da.gd: ' . $title . '</title>'; $response .= ' <style>'; $response .= ' *:not(pre):not(code) { font-family: sans-serif; }'; $response .= $this->style; $response .= ' </style>'; $response .= ' </head>'; $response .= ' <body>'; } $controller_response = $this->render(); if ($this->escape) { $controller_response = htmlspecialchars($controller_response); } if ($this->wrap_pre) { $controller_response = '<pre>' . $controller_response . '</pre>'; } $response .= $controller_response; if ($this->wrap_html) { $response .= ' </body>'; $response .= '</html>'; } } return $response; }
public function render() { if (server_or_default('REQUEST_METHOD') == 'POST') { error400('This service has been deprecated, no new pastes are being accepted.'); return; } else { // Trying to access one? if (count($this->route_matches) > 1) { // Yes $this->paste_id = $this->route_matches[1]; $this->fetch_paste(); if ($this->paste_text) { // NEVER EVER EVER EVER EVER EVER EVER remove this header() without // changing the lines below it. XSS is bad. :) header('Content-type: text/plain; charset=utf-8'); header('X-Content-Type-Options: nosniff'); $this->wrap_pre = false; $this->escape = false; $this->text_html_strip = false; $this->text_content_type = false; return $this->paste_text; } else { error404(); return; } } else { if (!is_html_useragent()) { // No use in showing a form for text UAs. Rather, show help text. return help('DaGdPastebinController'); } $content = ' ***da.gd Pastebin*** This feature is being deprecated and no new pastes are being accepted. '; $markup = new DaGdMarkup($content); $markup = $markup->render(); echo $markup; return; } } }
ini_set('user_agent', DaGdConfig::get('general.useragent')); if (!$_GET['__path__']) { throw new Exception('No __path__ GET variable was found. ' . 'Your rewrite rules are incorrect!'); } $required_extensions = DaGdConfig::get('general.required_extensions'); foreach ($required_extensions as $extension) { if (!extension_loaded($extension)) { throw new Exception('Missing extension is required: ' . $extension); } } $requested_path = $_GET['__path__']; $route_matches = null; $controller_match = null; $routes = array(); $routes += DaGdConfig::get('general.redirect_map'); if (!is_html_useragent()) { $routes += DaGdConfig::get('general.cli_routemap'); } $routes += DaGdConfig::get('general.routemap'); foreach ($routes as $route => $controller) { if (preg_match('#^' . $route . '#', $requested_path, $route_matches)) { if (preg_match('#^https?://#', $controller)) { // If the "controller" side starts with http://, we can just redirect. // This lets us do things like '/foo/(.*)' => 'http://google.com/$1' array_shift($route_matches); $new_location = preg_replace('@^' . $route . '@', $controller, $requested_path); $new_location .= build_given_querystring(); debug('New Location', $new_location); header('Location: ' . $new_location); return; } else {
public function render() { if (array_key_exists('url', $_REQUEST)) { if ($this->set_longurl_or_400() && $this->set_shorturl_or_400()) { if ($this->store_shorturl()) { header('X-Short-URL: ' . $this->short_url); $this->escape = false; $new_link = DaGdConfig::get('general.baseurl') . '/' . $this->short_url; return '<a href="' . $new_link . '">' . $new_link . '</a>'; } } return; } // No 'url' was passed, so we are not creating a new short-url. if ($this->route_matches[1]) { // Attempt to access a stored URL $this->redirect_from_shorturl(); return; } else { // We are not attempting to access a stored URL, but we also don't have // a 'url' - Show the form so that we can create a new short-url. if (!is_html_useragent()) { // No use in showing a form for text UAs. Rather, show help text. return help('DaGdShortenController'); } // Not a text useragent because we didn't return above. // Bring in the form. // TODO: html in strings = bad. $this->escape = false; $content = '<h2>da.gd</h2><form method="POST" action="/"> Long URL: <input type="text" name="url" id="url" size="35" autofocus /><br /> Custom short URL (leave blank for random): <input type="text" name="shorturl" size="20" maxlength="10" /><br /> <input type="submit" value="Shorten URL" /> </form> [help](/help) | [open source](http://github.com/codeblock/dagd)'; $markup = new DaGdMarkup($content); $markup = $markup->render(); $markup .= '<script>window.onload = function() {document.getElementById("url").focus();}</script>'; return $markup; } }