From 443ba120022a773b9e6d5c774b18c6da4ba37c7e Mon Sep 17 00:00:00 2001 From: Shish Date: Fri, 9 Feb 2024 10:50:07 +0000 Subject: [PATCH 01/10] test encoding --- core/tests/UtilTest.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/core/tests/UtilTest.php b/core/tests/UtilTest.php index 7fa13806..deaeca5c 100644 --- a/core/tests/UtilTest.php +++ b/core/tests/UtilTest.php @@ -184,5 +184,13 @@ class UtilTest extends TestCase // niceurl root $_SERVER["REQUEST_URI"] = "/test/"; $this->assertEquals("/", _get_query()); + + // niceurls with encoded slashes + $_SERVER["REQUEST_URI"] = "/test/post/list/tasty%2Fcake/1"; + $this->assertEquals("/post/list/tasty%2Fcake/1", _get_query()); + + // query string with encoded slashes + $_SERVER["REQUEST_URI"] = "/test/index.php?q=/post/list/tasty%2Fcake/1"; + $this->assertEquals("/post/list/tasty%2Fcake/1", _get_query()); } } From c44822ec4782868197e2c17218b18e1eb9a3a599 Mon Sep 17 00:00:00 2001 From: Shish Date: Fri, 9 Feb 2024 10:50:07 +0000 Subject: [PATCH 02/10] use POST when building search results, see #1026 --- core/util.php | 4 +--- ext/auto_tagger/theme.php | 2 +- ext/comment/theme.php | 2 +- ext/home/theme.php | 3 +-- ext/index/main.php | 4 ++-- ext/index/theme.php | 3 +-- ext/pools/main.php | 4 ++-- ext/pools/theme.php | 3 +-- ext/random_list/main.php | 6 +++--- ext/random_list/theme.php | 1 - ext/resize/theme.php | 2 +- ext/source_history/theme.php | 2 +- ext/tag_edit/theme.php | 2 +- ext/view/theme.php | 3 +-- themes/danbooru/index.theme.php | 5 ++--- themes/danbooru2/index.theme.php | 5 ++--- themes/danbooru2/view.theme.php | 3 +-- 17 files changed, 22 insertions(+), 32 deletions(-) diff --git a/core/util.php b/core/util.php index 67a3403c..2fe46641 100644 --- a/core/util.php +++ b/core/util.php @@ -772,9 +772,7 @@ function make_form(string $target, string $method = "POST", bool $multipart = fa { global $user; if ($method == "GET") { - $link = html_escape($target); - $target = make_link($target); - $extra_inputs = ""; + die("make_form: GET method is not supported"); } else { $extra_inputs = $user->get_auth_html(); } diff --git a/ext/auto_tagger/theme.php b/ext/auto_tagger/theme.php index abe99281..138a085d 100644 --- a/ext/auto_tagger/theme.php +++ b/ext/auto_tagger/theme.php @@ -25,7 +25,7 @@ class AutoTaggerTheme extends Themelet "; $bulk_html = " - ".make_form(make_link("auto_tag/import"), 'post', true)." + ".make_form(make_link("auto_tag/import"), 'POST', true)." diff --git a/ext/comment/theme.php b/ext/comment/theme.php index bfd0dfe0..f5ac2030 100644 --- a/ext/comment/theme.php +++ b/ext/comment/theme.php @@ -101,7 +101,7 @@ class CommentListTheme extends Themelet $html = ' Delete comments by IP. -

'.make_form(make_link("comment/bulk_delete"), 'POST')." +

'.make_form(make_link("comment/bulk_delete"))." diff --git a/ext/home/theme.php b/ext/home/theme.php index 97d33087..fa8662ef 100644 --- a/ext/home/theme.php +++ b/ext/home/theme.php @@ -37,9 +37,8 @@ EOD $contact_link = empty($contact_link) ? "" : "
Contact –"; $search_html = " diff --git a/ext/index/main.php b/ext/index/main.php index ed929800..77e9bfb5 100644 --- a/ext/index/main.php +++ b/ext/index/main.php @@ -28,9 +28,9 @@ class Index extends Extension { global $cache, $config, $page, $user; if ($event->page_matches("post/list")) { - if (isset($_GET['search'])) { + if (isset($_POST['search'])) { $page->set_mode(PageMode::REDIRECT); - $page->set_redirect(search_link(Tag::explode($_GET['search'], false))); + $page->set_redirect(search_link(Tag::explode($_POST['search'], false))); return; } diff --git a/ext/index/theme.php b/ext/index/theme.php index 5d5a1a8a..8ef6802d 100644 --- a/ext/index/theme.php +++ b/ext/index/theme.php @@ -89,9 +89,8 @@ and of course start organising your images :-) $h_search_string = html_escape(Tag::implode($search_terms)); $h_search_link = search_link(); $h_search = " -

+

- "; diff --git a/ext/pools/main.php b/ext/pools/main.php index 6a556676..b8c52f11 100644 --- a/ext/pools/main.php +++ b/ext/pools/main.php @@ -236,9 +236,9 @@ class Pools extends Extension { global $config, $database, $page, $user; if ($event->page_matches("pool/list")) { //index - if (isset($_GET['search']) and $_GET['search'] != null) { + if (isset($_POST['search']) and $_POST['search'] != null) { $page->set_mode(PageMode::REDIRECT); - $page->set_redirect(make_link('pool/list').'/'.$_GET['search'].'/'.strval($event->try_page_num(1))); + $page->set_redirect(make_link('pool/list').'/'.url_escape($_POST['search']).'/'.strval($event->try_page_num(1))); return; } if (count($event->args) >= 4) { // Assume first 2 args are search and page num diff --git a/ext/pools/theme.php b/ext/pools/theme.php index 30c13144..32dd48d2 100644 --- a/ext/pools/theme.php +++ b/ext/pools/theme.php @@ -133,10 +133,9 @@ class PoolsTheme extends Themelet SHM_A("pool/updated", "Pool Changes") ); - $search = "
+ $search = " - "; $page->add_block(new NavBlock()); diff --git a/ext/random_list/main.php b/ext/random_list/main.php index 693ba43d..aa819843 100644 --- a/ext/random_list/main.php +++ b/ext/random_list/main.php @@ -14,15 +14,15 @@ class RandomList extends Extension global $config, $page; if ($event->page_matches("random")) { - if (isset($_GET['search'])) { + if (isset($_POST['search'])) { // implode(explode()) to resolve aliases and sanitise - $search = url_escape(Tag::implode(Tag::explode($_GET['search'], false))); + $search = url_escape(Tag::implode(Tag::explode($_POST['search'], false))); if (empty($search)) { $page->set_mode(PageMode::REDIRECT); $page->set_redirect(make_link("random")); } else { $page->set_mode(PageMode::REDIRECT); - $page->set_redirect(make_link('random/'.$search)); + $page->set_redirect(make_link('random/'.url_escape($search))); } return; } diff --git a/ext/random_list/theme.php b/ext/random_list/theme.php index bec7a133..5cc19d81 100644 --- a/ext/random_list/theme.php +++ b/ext/random_list/theme.php @@ -53,7 +53,6 @@ class RandomListTheme extends Themelet $h_search = "

- "; diff --git a/ext/resize/theme.php b/ext/resize/theme.php index 04900c96..36cbef8a 100644 --- a/ext/resize/theme.php +++ b/ext/resize/theme.php @@ -26,7 +26,7 @@ class ResizeImageTheme extends Themelet } $html = rawHTML(" - ".make_form(make_link("resize/{$image->id}"), 'POST')." + ".make_form(make_link("resize/{$image->id}"))." diff --git a/ext/source_history/theme.php b/ext/source_history/theme.php index 5bb01ba2..5523c9f7 100644 --- a/ext/source_history/theme.php +++ b/ext/source_history/theme.php @@ -66,7 +66,7 @@ class SourceHistoryTheme extends Themelet Revert source changes by a specific IP address or username, optionally limited to recent changes. '.$validation_msg.' -

'.make_form(make_link("source_history/bulk_revert"), 'POST')." +

'.make_form(make_link("source_history/bulk_revert"))."

IP Address
diff --git a/ext/tag_edit/theme.php b/ext/tag_edit/theme.php index 8ef6eeac..4fc40111 100644 --- a/ext/tag_edit/theme.php +++ b/ext/tag_edit/theme.php @@ -32,7 +32,7 @@ class TagEditTheme extends Themelet public function mss_html(string $terms): string { $h_terms = html_escape($terms); - $html = make_form(make_link("tag_edit/mass_source_set"), "POST") . " + $html = make_form(make_link("tag_edit/mass_source_set")) . " diff --git a/ext/view/theme.php b/ext/view/theme.php index 4e53c5cf..c375b6e0 100644 --- a/ext/view/theme.php +++ b/ext/view/theme.php @@ -98,8 +98,7 @@ class ViewPostTheme extends Themelet { $h_pin = $this->build_pin($image); $h_search = " -

- +

diff --git a/themes/danbooru/index.theme.php b/themes/danbooru/index.theme.php index 80f00517..f9b4272d 100644 --- a/themes/danbooru/index.theme.php +++ b/themes/danbooru/index.theme.php @@ -47,11 +47,10 @@ class CustomIndexTheme extends IndexTheme protected function build_navigation(int $page_number, int $total_pages, array $search_terms): string { $h_search_string = count($search_terms) == 0 ? "" : html_escape(implode(" ", $search_terms)); - $h_search_link = make_link(); + $h_search_link = search_link(); return " -

+

-

"; diff --git a/themes/danbooru2/index.theme.php b/themes/danbooru2/index.theme.php index 6f7d9808..2ab78117 100644 --- a/themes/danbooru2/index.theme.php +++ b/themes/danbooru2/index.theme.php @@ -31,12 +31,11 @@ class CustomIndexTheme extends IndexTheme protected function build_navigation(int $page_number, int $total_pages, array $search_terms): string { $h_search_string = count($search_terms) == 0 ? "" : html_escape(implode(" ", $search_terms)); - $h_search_link = make_link(); + $h_search_link = search_link(); return " -

+

-

"; } diff --git a/themes/danbooru2/view.theme.php b/themes/danbooru2/view.theme.php index 30bb9bd8..bd737a90 100644 --- a/themes/danbooru2/view.theme.php +++ b/themes/danbooru2/view.theme.php @@ -71,10 +71,9 @@ class CustomViewPostTheme extends ViewPostTheme { //$h_pin = $this->build_pin($image); $h_search = " - + - "; From 57675e4f24cc6c5f7624bb9a80997a54fdcbfd64 Mon Sep 17 00:00:00 2001 From: Shish Date: Fri, 9 Feb 2024 11:04:04 +0000 Subject: [PATCH 03/10] unbump --- core/sys_config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/sys_config.php b/core/sys_config.php index 2af3ac69..857fe4bc 100644 --- a/core/sys_config.php +++ b/core/sys_config.php @@ -31,7 +31,7 @@ _d("DEBUG", false); // boolean print various debugging details _d("COOKIE_PREFIX", 'shm'); // string if you run multiple galleries with non-shared logins, give them different prefixes _d("SPEED_HAX", false); // boolean do some questionable things in the name of performance _d("WH_SPLITS", 1); // int how many levels of subfolders to put in the warehouse -_d("VERSION", "2.11.0-alpha"); // string shimmie version +_d("VERSION", "v2.10.3"); // string shimmie version _d("TIMEZONE", null); // string timezone _d("EXTRA_EXTS", ""); // string optional extra extensions _d("BASE_HREF", null); // string force a specific base URL (default is auto-detect) From 2e536e980c95597fb7d4094bd785cfd7050bb662 Mon Sep 17 00:00:00 2001 From: Shish Date: Fri, 9 Feb 2024 11:13:40 +0000 Subject: [PATCH 04/10] [link_scan] apply to POST --- ext/link_scan/main.php | 6 +++--- ext/link_scan/test.php | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ext/link_scan/main.php b/ext/link_scan/main.php index 9b5e7e15..386ee19f 100644 --- a/ext/link_scan/main.php +++ b/ext/link_scan/main.php @@ -15,10 +15,10 @@ class LinkScan extends Extension { global $config, $page; - if ($event->page_matches("post/list") && isset($_GET['search'])) { + if ($event->page_matches("post/list") && isset($_POST['search'])) { $trigger = $config->get_string("link_scan_trigger", "https?://"); - if (preg_match("#.*{$trigger}.*#", $_GET['search'])) { - $ids = $this->scan($_GET['search']); + if (preg_match("#.*{$trigger}.*#", $_POST['search'])) { + $ids = $this->scan($_POST['search']); $page->set_mode(PageMode::REDIRECT); $page->set_redirect(search_link(["id=".implode(",", $ids)])); $event->stop_processing = true; diff --git a/ext/link_scan/test.php b/ext/link_scan/test.php index 9fe8a785..075b560d 100644 --- a/ext/link_scan/test.php +++ b/ext/link_scan/test.php @@ -19,7 +19,7 @@ class LinkScanTest extends ShimmiePHPUnitTestCase But there is no http://example.com/post/view/65432 "; - $page = $this->get_page("post/list", ["search" => $text]); + $page = $this->post_page("post/list", ["search" => $text]); $this->assertEquals(PageMode::REDIRECT, $page->mode); $this->assertEquals("/test/post/list/id%3D{$image_id_1}%2C{$image_id_2}/1", $page->redirect); @@ -35,7 +35,7 @@ class LinkScanTest extends ShimmiePHPUnitTestCase Look at http://example.com/_images/feb01bab5698a11dd87416724c7a89e3/foobar.jpg there is an image or search for e106ea2983e1b77f11e00c0c54e53805 but one that doesn't exist is e106ea2983e1b77f11e00c0c54e50000 o.o"; - $page = $this->get_page("post/list", ["search" => $text]); + $page = $this->post_page("post/list", ["search" => $text]); $this->assertEquals(PageMode::REDIRECT, $page->mode); $this->assertEquals("/test/post/list/id%3D{$image_id_1}%2C{$image_id_2}/1", $page->redirect); @@ -48,7 +48,7 @@ class LinkScanTest extends ShimmiePHPUnitTestCase $this->post_image("tests/favicon.png", "TeStCase"); $text = "Look at feb01bab5698a11dd87416724c7a89e3/foobar.jpg"; - $page = $this->get_page("post/list", ["search" => $text]); + $page = $this->post_page("post/list", ["search" => $text]); $this->assertEquals(PageMode::REDIRECT, $page->mode); $this->assertEquals("/test/post/list/at%20feb01bab5698a11dd87416724c7a89e3%2Ffoobar.jpg%20Look/1", $page->redirect); From 43e8ff3e3e21f979931f5ee6becba6942d71dc85 Mon Sep 17 00:00:00 2001 From: Shish Date: Fri, 9 Feb 2024 12:43:53 +0000 Subject: [PATCH 05/10] more tests --- core/basepage.php | 4 +- core/event.php | 10 +- core/polyfills.php | 45 -------- core/tests/PolyfillsTest.php | 41 ------- core/tests/UrlsTest.php | 216 +++++++++++++++++++++++++++++------ core/tests/UtilTest.php | 31 ----- core/urls.php | 103 ++++++++++++++++- core/util.php | 31 ----- ext/setup/main.php | 7 ++ 9 files changed, 299 insertions(+), 189 deletions(-) diff --git a/core/basepage.php b/core/basepage.php index 3b972af7..9580c135 100644 --- a/core/basepage.php +++ b/core/basepage.php @@ -688,7 +688,7 @@ class NavLink $this->description = $description; $this->order = $order; if ($active == null) { - $query = ltrim(_get_query(), "/"); + $query = _get_query(); if ($query === "") { // This indicates the front page, so we check what's set as the front page $front_page = trim($config->get_string(SetupConfig::FRONT_PAGE), "/"); @@ -716,7 +716,7 @@ class NavLink /** * Woo! We can actually SEE THE CURRENT PAGE!! (well... see it highlighted in the menu.) */ - $url = $url ?? ltrim(_get_query(), "/"); + $url = $url ?? _get_query(); $re1 = '.*?'; $re2 = '((?:[a-z][a-z_]+))'; diff --git a/core/event.php b/core/event.php index c66b2ac9..f1cc3130 100644 --- a/core/event.php +++ b/core/event.php @@ -47,6 +47,7 @@ class InitExtEvent extends Event class PageRequestEvent extends Event { public string $method; + public string $path; /** * @var string[] */ @@ -61,13 +62,12 @@ class PageRequestEvent extends Event $this->method = $method; - // trim starting slashes - $path = ltrim($path, "/"); - - // if path is not specified, use the default front page - if (empty($path)) { /* empty is faster than strlen */ + // if we're looking at the root of the install, + // use the default front page + if ($path == "") { $path = $config->get_string(SetupConfig::FRONT_PAGE); } + $this->path = $path; // break the path into parts $args = explode('/', $path); diff --git a/core/polyfills.php b/core/polyfills.php index d9dc50ac..e575cf0c 100644 --- a/core/polyfills.php +++ b/core/polyfills.php @@ -293,51 +293,6 @@ function zglob(string $pattern): array } } -/** - * Figure out the path to the shimmie install directory. - * - * eg if shimmie is visible at https://foo.com/gallery, this - * function should return /gallery - * - * PHP really, really sucks. - */ -function get_base_href(): string -{ - if (defined("BASE_HREF") && !empty(BASE_HREF)) { - return BASE_HREF; - } - if(str_ends_with($_SERVER['PHP_SELF'], 'index.php')) { - $self = $_SERVER['PHP_SELF']; - } elseif(isset($_SERVER['SCRIPT_FILENAME']) && isset($_SERVER['DOCUMENT_ROOT'])) { - $self = substr($_SERVER['SCRIPT_FILENAME'], strlen(rtrim($_SERVER['DOCUMENT_ROOT'], "/"))); - } else { - die("PHP_SELF or SCRIPT_FILENAME need to be set"); - } - $dir = dirname($self); - $dir = str_replace("\\", "/", $dir); - $dir = rtrim($dir, "/"); - return $dir; -} - -/** - * The opposite of the standard library's parse_url - * - * @param array $parsed_url - */ -function unparse_url(array $parsed_url): string -{ - $scheme = isset($parsed_url['scheme']) ? $parsed_url['scheme'] . '://' : ''; - $host = $parsed_url['host'] ?? ''; - $port = isset($parsed_url['port']) ? ':' . $parsed_url['port'] : ''; - $user = $parsed_url['user'] ?? ''; - $pass = isset($parsed_url['pass']) ? ':' . $parsed_url['pass'] : ''; - $pass = ($user || $pass) ? "$pass@" : ''; - $path = $parsed_url['path'] ?? ''; - $query = !empty($parsed_url['query']) ? '?' . $parsed_url['query'] : ''; - $fragment = !empty($parsed_url['fragment']) ? '#' . $parsed_url['fragment'] : ''; - return "$scheme$user$pass$host$port$path$query$fragment"; -} - /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\ * Input / Output Sanitising * diff --git a/core/tests/PolyfillsTest.php b/core/tests/PolyfillsTest.php index 91fe64e1..2ca5328f 100644 --- a/core/tests/PolyfillsTest.php +++ b/core/tests/PolyfillsTest.php @@ -254,45 +254,4 @@ class PolyfillsTest extends TestCase deltree($dir); $this->assertFalse(file_exists($dir)); } - - /** - * @param array $vars - */ - private function _tbh(array $vars, string $result): void - { - // update $_SERVER with $vars, call get_base_href() and check result, then reset $_SERVER to original value - $old_server = $_SERVER; - $_SERVER = array_merge($_SERVER, $vars); - $this->assertEquals($result, get_base_href()); - $_SERVER = $old_server; - } - - public function test_get_base_href(): void - { - // PHP_SELF should point to "the currently executing script - // relative to the document root" - $this->_tbh(["PHP_SELF" => "/index.php"], ""); - $this->_tbh(["PHP_SELF" => "/mydir/index.php"], "/mydir"); - - - // SCRIPT_FILENAME should point to "the absolute pathname of - // the currently executing script" and DOCUMENT_ROOT should - // point to "the document root directory under which the - // current script is executing" - $this->_tbh([ - "PHP_SELF" => "", - "SCRIPT_FILENAME" => "/var/www/html/mydir/index.php", - "DOCUMENT_ROOT" => "/var/www/html", - ], "/mydir"); - $this->_tbh([ - "PHP_SELF" => "", - "SCRIPT_FILENAME" => "/var/www/html/mydir/index.php", - "DOCUMENT_ROOT" => "/var/www/html/", - ], "/mydir"); - $this->_tbh([ - "PHP_SELF" => "", - "SCRIPT_FILENAME" => "/var/www/html/index.php", - "DOCUMENT_ROOT" => "/var/www/html", - ], ""); - } } diff --git a/core/tests/UrlsTest.php b/core/tests/UrlsTest.php index 918d4dbc..fd198529 100644 --- a/core/tests/UrlsTest.php +++ b/core/tests/UrlsTest.php @@ -5,74 +5,224 @@ declare(strict_types=1); namespace Shimmie2; use PHPUnit\Framework\TestCase; +use PHPUnit\Framework\Attributes\Depends; require_once "core/urls.php"; class UrlsTest extends TestCase { - public function test_search_link(): void + /** + * An integration test for + * - search_link() + * - make_link() + * - _get_query() + * - get_search_terms() + */ + #[Depends("test_search_link")] + public function test_get_search_terms_from_search_link(): void { - $this->assertEquals( - "/test/post/list/bar%20foo/1", - search_link(["foo", "bar"]) - ); - $this->assertEquals( - "/test/post/list/cat%2A%20rating%3D%3F/1", - search_link(["rating=?", "cat*"]) - ); + /** + * @param array $vars + * @return array + */ + function _gst(array $terms): array + { + $pre = new PageRequestEvent("GET", _get_query(search_link($terms))); + $pre->page_matches("post/list"); + return $pre->get_search_terms(); + } + + global $config; + foreach([true, false] as $nice_urls) { + $config->set_bool('nice_urls', $nice_urls); + + $this->assertEquals( + ["bar", "foo"], + _gst(["foo", "bar"]) + ); + $this->assertEquals( + ["AC/DC"], + _gst(["AC/DC"]) + ); + $this->assertEquals( + ["cat*", "rating=?"], + _gst(["rating=?", "cat*"]), + ); + } } + #[Depends("test_get_base_href")] public function test_make_link(): void { - // basic + global $config; + foreach([true, false] as $nice_urls) { + $config->set_bool('nice_urls', $nice_urls); + + // basic + $this->assertEquals( + $nice_urls ? "/test/foo" : "/test/index.php?q=foo", + make_link("foo") + ); + + // remove leading slash from path + $this->assertEquals( + $nice_urls ? "/test/foo" : "/test/index.php?q=foo", + make_link("/foo") + ); + + // query + $this->assertEquals( + $nice_urls ? "/test/foo?a=1&b=2" : "/test/index.php?q=foo&a=1&b=2", + make_link("foo", "a=1&b=2") + ); + + // hash + $this->assertEquals( + $nice_urls ? "/test/foo#cake" : "/test/index.php?q=foo#cake", + make_link("foo", null, "cake") + ); + + // query + hash + $this->assertEquals( + $nice_urls ? "/test/foo?a=1&b=2#cake" : "/test/index.php?q=foo&a=1&b=2#cake", + make_link("foo", "a=1&b=2", "cake") + ); + } + } + + #[Depends("test_make_link")] + public function test_search_link(): void + { + global $config; + foreach([true, false] as $nice_urls) { + $config->set_bool('nice_urls', $nice_urls); + + $this->assertEquals( + $nice_urls ? "/test/post/list/bar%20foo/1" : "/test/index.php?q=post/list/bar%20foo/1", + search_link(["foo", "bar"]) + ); + $this->assertEquals( + $nice_urls ? "/test/post/list/AC%2FDC/1" : "/test/index.php?q=post/list/AC%2FDC/1", + search_link(["AC/DC"]) + ); + $this->assertEquals( + $nice_urls ? "/test/post/list/cat%2A%20rating%3D%3F/1" : "/test/index.php?q=post/list/cat%2A%20rating%3D%3F/1", + search_link(["rating=?", "cat*"]) + ); + } + } + + #[Depends("test_get_base_href")] + public function test_get_query(): void + { + // just validating an assumption that this test relies upon + $this->assertEquals(get_base_href(), "/test"); + $this->assertEquals( - "/test/foo", - make_link("foo") + "tasty/cake", + _get_query("/test/tasty/cake"), + 'http://$SERVER/$INSTALL_DIR/$PATH should return $PATH' + ); + $this->assertEquals( + "tasty/cake", + _get_query("/test/index.php?q=tasty/cake"), + 'http://$SERVER/$INSTALL_DIR/index.php?q=$PATH should return $PATH' ); - // remove leading slash from path $this->assertEquals( - "/test/foo", - make_link("/foo") + "tasty/cake%20pie", + _get_query("/test/index.php?q=tasty/cake%20pie"), + 'URL encoded paths should be left alone' + ); + $this->assertEquals( + "tasty/cake%20pie", + _get_query("/test/tasty/cake%20pie"), + 'URL encoded queries should be left alone' ); - // query $this->assertEquals( - "/test/foo?a=1&b=2", - make_link("foo", "a=1&b=2") + "", + _get_query("/test/"), + 'If just viewing install directory, should return /' + ); + $this->assertEquals( + "", + _get_query("/test/index.php"), + 'If just viewing index.php, should return /' ); - // hash $this->assertEquals( - "/test/foo#cake", - make_link("foo", null, "cake") + "post/list/tasty%2Fcake/1", + _get_query("/test/post/list/tasty%2Fcake/1"), + 'URL encoded niceurls should be left alone, even encoded slashes' ); - - // query + hash $this->assertEquals( - "/test/foo?a=1&b=2#cake", - make_link("foo", "a=1&b=2", "cake") + "post/list/tasty%2Fcake/1", + _get_query("/test/index.php?q=post/list/tasty%2Fcake/1"), + 'URL encoded uglyurls should be left alone, even encoded slashes' ); } + public function test_is_https_enabled(): void + { + $this->assertFalse(is_https_enabled(), "HTTPS should be disabled by default"); + + $_SERVER['HTTPS'] = "on"; + $this->assertTrue(is_https_enabled(), "HTTPS should be enabled when set to 'on'"); + unset($_SERVER['HTTPS']); + } + + public function test_get_base_href(): void + { + // PHP_SELF should point to "the currently executing script + // relative to the document root" + $this->assertEquals("", get_base_href(["PHP_SELF" => "/index.php"])); + $this->assertEquals("/mydir", get_base_href(["PHP_SELF" => "/mydir/index.php"])); + + // SCRIPT_FILENAME should point to "the absolute pathname of + // the currently executing script" and DOCUMENT_ROOT should + // point to "the document root directory under which the + // current script is executing" + $this->assertEquals("", get_base_href([ + "PHP_SELF" => "", + "SCRIPT_FILENAME" => "/var/www/html/index.php", + "DOCUMENT_ROOT" => "/var/www/html", + ]), "root directory"); + $this->assertEquals("/mydir", get_base_href([ + "PHP_SELF" => "", + "SCRIPT_FILENAME" => "/var/www/html/mydir/index.php", + "DOCUMENT_ROOT" => "/var/www/html", + ]), "subdirectory"); + $this->assertEquals("", get_base_href([ + "PHP_SELF" => "", + "SCRIPT_FILENAME" => "/var/www/html/index.php", + "DOCUMENT_ROOT" => "/var/www/html/", + ]), "trailing slash in DOCUMENT_ROOT root should be ignored"); + $this->assertEquals("/mydir", get_base_href([ + "PHP_SELF" => "", + "SCRIPT_FILENAME" => "/var/www/html/mydir/index.php", + "DOCUMENT_ROOT" => "/var/www/html/", + ]), "trailing slash in DOCUMENT_ROOT subdir should be ignored"); + } + + #[Depends("test_is_https_enabled")] + #[Depends("test_get_base_href")] public function test_make_http(): void { - // relative to shimmie install $this->assertEquals( "http://cli-command/test/foo", - make_http("foo") + make_http("foo"), + "relative to shimmie root" ); - - // relative to web server $this->assertEquals( "http://cli-command/foo", - make_http("/foo") + make_http("/foo"), + "relative to web server" ); - - // absolute $this->assertEquals( "https://foo.com", - make_http("https://foo.com") + make_http("https://foo.com"), + "absolute URL should be left alone" ); } diff --git a/core/tests/UtilTest.php b/core/tests/UtilTest.php index deaeca5c..d622cc2d 100644 --- a/core/tests/UtilTest.php +++ b/core/tests/UtilTest.php @@ -162,35 +162,4 @@ class UtilTest extends TestCase path_to_tags("/category:/tag/baz.jpg") ); } - - public function test_get_query(): void - { - // niceurls - $_SERVER["REQUEST_URI"] = "/test/tasty/cake"; - $this->assertEquals("/tasty/cake", _get_query()); - - // no niceurls - $_SERVER["REQUEST_URI"] = "/test/index.php?q=/tasty/cake"; - $this->assertEquals("/tasty/cake", _get_query()); - - // leave url encoding alone - $_SERVER["REQUEST_URI"] = "/test/index.php?q=/tasty/cake%20pie"; - $this->assertEquals("/tasty/cake%20pie", _get_query()); - - // if just viewing index.php - $_SERVER["REQUEST_URI"] = "/test/index.php"; - $this->assertEquals("/", _get_query()); - - // niceurl root - $_SERVER["REQUEST_URI"] = "/test/"; - $this->assertEquals("/", _get_query()); - - // niceurls with encoded slashes - $_SERVER["REQUEST_URI"] = "/test/post/list/tasty%2Fcake/1"; - $this->assertEquals("/post/list/tasty%2Fcake/1", _get_query()); - - // query string with encoded slashes - $_SERVER["REQUEST_URI"] = "/test/index.php?q=/post/list/tasty%2Fcake/1"; - $this->assertEquals("/post/list/tasty%2Fcake/1", _get_query()); - } } diff --git a/core/urls.php b/core/urls.php index b74580e6..7851fc50 100644 --- a/core/urls.php +++ b/core/urls.php @@ -41,7 +41,8 @@ function search_link(array $terms = [], int $page = 1): string * Figure out the correct way to link to a page, taking into account * things like the nice URLs setting. * - * eg make_link("foo/bar") becomes "/v2/index.php?q=foo/bar" + * eg make_link("foo/bar") becomes either "/v2/foo/bar" (niceurls) or + * "/v2/index.php?q=foo/bar" (uglyurls) */ function make_link(?string $page = null, ?string $query = null, ?string $fragment = null): string { @@ -66,6 +67,106 @@ function make_link(?string $page = null, ?string $query = null, ?string $fragmen return unparse_url($parts); } +/** + * Figure out the current page from a link that make_link() generated + * + * SHIT: notes for the future, because the web stack is a pile of hacks + * + * - According to some specs, "/" is for URL dividers with heiracial + * significance and %2F is for slashes that are just slashes. This + * is what shimmie currently does - eg if you search for "AC/DC", + * the shimmie URL will be /post/list/AC%2FDC/1 + * - According to some other specs "/" and "%2F" are identical... + * - PHP's $_GET[] automatically urldecodes the inputs so we can't + * tell the difference between q=foo/bar and q=foo%2Fbar + * - REQUEST_URI contains the exact URI that was given to us, so we + * can parse it for ourselves + * - generates + * q=post%2Flist + * + * This function should always return strings with no leading slashes + */ +function _get_query(?string $uri = null): string +{ + $parsed_url = parse_url($uri ?? $_SERVER['REQUEST_URI']); + + // if we're looking at http://site.com/$INSTALL_DIR/index.php, + // then get the query from the "q" parameter + if(($parsed_url["path"] ?? "") == (get_base_href() . "/index.php")) { + // $q = $_GET["q"] ?? ""; + // default to looking at the root + $q = ""; + // (we need to manually parse the query string because PHP's $_GET + // does an extra round of URL decoding, which we don't want) + foreach(explode('&', $parsed_url['query'] ?? "") as $z) { + $qps = explode('=', $z, 2); + if(count($qps) == 2 && $qps[0] == "q") { + $q = $qps[1]; + } + } + } + + // if we're looking at http://site.com/$INSTALL_DIR/$PAGE, + // then get the query from the path + else { + $q = substr($parsed_url["path"] ?? "", strlen(get_base_href() . "/")); + } + + assert(!str_starts_with($q, "/")); + return $q; +} + +/** + * Figure out the path to the shimmie install directory. + * + * eg if shimmie is visible at https://foo.com/gallery, this + * function should return /gallery + * + * PHP really, really sucks. + * + * This function should always return strings with no trailing + * slashes, so that it can be used like `get_base_href() . "/data/asset.abc"` + * + * @param array|null $server_settings + */ +function get_base_href(?array $server_settings = null): string +{ + if (defined("BASE_HREF") && !empty(BASE_HREF)) { + return BASE_HREF; + } + $server_settings = $server_settings ?? $_SERVER; + if(str_ends_with($server_settings['PHP_SELF'], 'index.php')) { + $self = $server_settings['PHP_SELF']; + } elseif(isset($server_settings['SCRIPT_FILENAME']) && isset($server_settings['DOCUMENT_ROOT'])) { + $self = substr($server_settings['SCRIPT_FILENAME'], strlen(rtrim($server_settings['DOCUMENT_ROOT'], "/"))); + } else { + die("PHP_SELF or SCRIPT_FILENAME need to be set"); + } + $dir = dirname($self); + $dir = str_replace("\\", "/", $dir); + $dir = rtrim($dir, "/"); + return $dir; +} + +/** + * The opposite of the standard library's parse_url + * + * @param array $parsed_url + */ +function unparse_url(array $parsed_url): string +{ + $scheme = isset($parsed_url['scheme']) ? $parsed_url['scheme'] . '://' : ''; + $host = $parsed_url['host'] ?? ''; + $port = isset($parsed_url['port']) ? ':' . $parsed_url['port'] : ''; + $user = $parsed_url['user'] ?? ''; + $pass = isset($parsed_url['pass']) ? ':' . $parsed_url['pass'] : ''; + $pass = ($user || $pass) ? "$pass@" : ''; + $path = $parsed_url['path'] ?? ''; + $query = !empty($parsed_url['query']) ? '?' . $parsed_url['query'] : ''; + $fragment = !empty($parsed_url['fragment']) ? '#' . $parsed_url['fragment'] : ''; + return "$scheme$user$pass$host$port$path$query$fragment"; +} + /** * Take the current URL and modify some parameters diff --git a/core/util.php b/core/util.php index 2fe46641..2055ff84 100644 --- a/core/util.php +++ b/core/util.php @@ -713,37 +713,6 @@ function _get_user(): User return $my_user; } -function _get_query(): string -{ - // if q is set in POST, use that - if(isset($_POST["q"])) { - return $_POST["q"]; - } - - // if q is set in GET, use that - // (we need to manually parse the query string because PHP's $_GET - // does an extra round of URL decoding, which we don't want) - $parts = parse_url($_SERVER['REQUEST_URI']); - $qs = []; - foreach(explode('&', $parts['query'] ?? "") as $z) { - $qps = explode('=', $z, 2); - if(count($qps) == 2) { - $qs[$qps[0]] = $qps[1]; - } - } - if(isset($qs["q"])) { - return $qs["q"]; - } - - // if we're just looking at index.php, use the default query - if(str_ends_with($parts["path"] ?? "", "index.php")) { - return "/"; - } - - // otherwise, use the request URI minus the base path - return substr($parts["path"] ?? "", strlen(get_base_href())); -} - /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\ * HTML Generation * diff --git a/ext/setup/main.php b/ext/setup/main.php index 1b185ce9..2cbb9a3b 100644 --- a/ext/setup/main.php +++ b/ext/setup/main.php @@ -319,6 +319,13 @@ class Setup extends Extension { global $config, $page, $user; + if ($event->page_matches("nicedebug")) { + $page->set_mode(PageMode::DATA); + $page->set_data(json_encode_ex([ + "args" => $event->args, + ])); + } + if ($event->page_matches("nicetest")) { $page->set_mode(PageMode::DATA); $page->set_data("ok"); From 062b6d3f4a2b92227b269b546fcd743b073f4509 Mon Sep 17 00:00:00 2001 From: Shish Date: Fri, 9 Feb 2024 14:41:23 +0000 Subject: [PATCH 06/10] Back out "use POST when building search results, see #1026" Original commit changeset: c44822ec4782 --- core/util.php | 4 +++- ext/auto_tagger/theme.php | 2 +- ext/comment/theme.php | 2 +- ext/home/theme.php | 3 ++- ext/index/main.php | 4 ++-- ext/index/theme.php | 3 ++- ext/pools/main.php | 4 ++-- ext/pools/theme.php | 3 ++- ext/random_list/main.php | 6 +++--- ext/random_list/theme.php | 1 + ext/resize/theme.php | 2 +- ext/source_history/theme.php | 2 +- ext/tag_edit/theme.php | 2 +- ext/view/theme.php | 3 ++- themes/danbooru/index.theme.php | 5 +++-- themes/danbooru2/index.theme.php | 5 +++-- themes/danbooru2/view.theme.php | 3 ++- 17 files changed, 32 insertions(+), 22 deletions(-) diff --git a/core/util.php b/core/util.php index 2055ff84..a98e613d 100644 --- a/core/util.php +++ b/core/util.php @@ -741,7 +741,9 @@ function make_form(string $target, string $method = "POST", bool $multipart = fa { global $user; if ($method == "GET") { - die("make_form: GET method is not supported"); + $link = html_escape($target); + $target = make_link($target); + $extra_inputs = ""; } else { $extra_inputs = $user->get_auth_html(); } diff --git a/ext/auto_tagger/theme.php b/ext/auto_tagger/theme.php index 138a085d..abe99281 100644 --- a/ext/auto_tagger/theme.php +++ b/ext/auto_tagger/theme.php @@ -25,7 +25,7 @@ class AutoTaggerTheme extends Themelet "; $bulk_html = " - ".make_form(make_link("auto_tag/import"), 'POST', true)." + ".make_form(make_link("auto_tag/import"), 'post', true)." diff --git a/ext/comment/theme.php b/ext/comment/theme.php index 14ad0ec8..b5bf49cf 100644 --- a/ext/comment/theme.php +++ b/ext/comment/theme.php @@ -101,7 +101,7 @@ class CommentListTheme extends Themelet $html = ' Delete comments by IP. -

'.make_form(make_link("comment/bulk_delete"))." +

'.make_form(make_link("comment/bulk_delete"), 'POST')."
Username
IP Address
diff --git a/ext/home/theme.php b/ext/home/theme.php index fa8662ef..97d33087 100644 --- a/ext/home/theme.php +++ b/ext/home/theme.php @@ -37,8 +37,9 @@ EOD $contact_link = empty($contact_link) ? "" : "
Contact –"; $search_html = " diff --git a/ext/index/main.php b/ext/index/main.php index 77e9bfb5..ed929800 100644 --- a/ext/index/main.php +++ b/ext/index/main.php @@ -28,9 +28,9 @@ class Index extends Extension { global $cache, $config, $page, $user; if ($event->page_matches("post/list")) { - if (isset($_POST['search'])) { + if (isset($_GET['search'])) { $page->set_mode(PageMode::REDIRECT); - $page->set_redirect(search_link(Tag::explode($_POST['search'], false))); + $page->set_redirect(search_link(Tag::explode($_GET['search'], false))); return; } diff --git a/ext/index/theme.php b/ext/index/theme.php index 8ef6802d..5d5a1a8a 100644 --- a/ext/index/theme.php +++ b/ext/index/theme.php @@ -89,8 +89,9 @@ and of course start organising your images :-) $h_search_string = html_escape(Tag::implode($search_terms)); $h_search_link = search_link(); $h_search = " -

+

+ "; diff --git a/ext/pools/main.php b/ext/pools/main.php index b8c52f11..6a556676 100644 --- a/ext/pools/main.php +++ b/ext/pools/main.php @@ -236,9 +236,9 @@ class Pools extends Extension { global $config, $database, $page, $user; if ($event->page_matches("pool/list")) { //index - if (isset($_POST['search']) and $_POST['search'] != null) { + if (isset($_GET['search']) and $_GET['search'] != null) { $page->set_mode(PageMode::REDIRECT); - $page->set_redirect(make_link('pool/list').'/'.url_escape($_POST['search']).'/'.strval($event->try_page_num(1))); + $page->set_redirect(make_link('pool/list').'/'.$_GET['search'].'/'.strval($event->try_page_num(1))); return; } if (count($event->args) >= 4) { // Assume first 2 args are search and page num diff --git a/ext/pools/theme.php b/ext/pools/theme.php index 32dd48d2..30c13144 100644 --- a/ext/pools/theme.php +++ b/ext/pools/theme.php @@ -133,9 +133,10 @@ class PoolsTheme extends Themelet SHM_A("pool/updated", "Pool Changes") ); - $search = "
+ $search = " + "; $page->add_block(new NavBlock()); diff --git a/ext/random_list/main.php b/ext/random_list/main.php index aa819843..693ba43d 100644 --- a/ext/random_list/main.php +++ b/ext/random_list/main.php @@ -14,15 +14,15 @@ class RandomList extends Extension global $config, $page; if ($event->page_matches("random")) { - if (isset($_POST['search'])) { + if (isset($_GET['search'])) { // implode(explode()) to resolve aliases and sanitise - $search = url_escape(Tag::implode(Tag::explode($_POST['search'], false))); + $search = url_escape(Tag::implode(Tag::explode($_GET['search'], false))); if (empty($search)) { $page->set_mode(PageMode::REDIRECT); $page->set_redirect(make_link("random")); } else { $page->set_mode(PageMode::REDIRECT); - $page->set_redirect(make_link('random/'.url_escape($search))); + $page->set_redirect(make_link('random/'.$search)); } return; } diff --git a/ext/random_list/theme.php b/ext/random_list/theme.php index 5cc19d81..bec7a133 100644 --- a/ext/random_list/theme.php +++ b/ext/random_list/theme.php @@ -53,6 +53,7 @@ class RandomListTheme extends Themelet $h_search = "

+ "; diff --git a/ext/resize/theme.php b/ext/resize/theme.php index 36cbef8a..04900c96 100644 --- a/ext/resize/theme.php +++ b/ext/resize/theme.php @@ -26,7 +26,7 @@ class ResizeImageTheme extends Themelet } $html = rawHTML(" - ".make_form(make_link("resize/{$image->id}"))." + ".make_form(make_link("resize/{$image->id}"), 'POST')." diff --git a/ext/source_history/theme.php b/ext/source_history/theme.php index 5523c9f7..5bb01ba2 100644 --- a/ext/source_history/theme.php +++ b/ext/source_history/theme.php @@ -66,7 +66,7 @@ class SourceHistoryTheme extends Themelet Revert source changes by a specific IP address or username, optionally limited to recent changes. '.$validation_msg.' -

'.make_form(make_link("source_history/bulk_revert"))." +

'.make_form(make_link("source_history/bulk_revert"), 'POST')."

IP Address
diff --git a/ext/tag_edit/theme.php b/ext/tag_edit/theme.php index 4fc40111..8ef6eeac 100644 --- a/ext/tag_edit/theme.php +++ b/ext/tag_edit/theme.php @@ -32,7 +32,7 @@ class TagEditTheme extends Themelet public function mss_html(string $terms): string { $h_terms = html_escape($terms); - $html = make_form(make_link("tag_edit/mass_source_set")) . " + $html = make_form(make_link("tag_edit/mass_source_set"), "POST") . " diff --git a/ext/view/theme.php b/ext/view/theme.php index c375b6e0..4e53c5cf 100644 --- a/ext/view/theme.php +++ b/ext/view/theme.php @@ -98,7 +98,8 @@ class ViewPostTheme extends Themelet { $h_pin = $this->build_pin($image); $h_search = " -

+

+ diff --git a/themes/danbooru/index.theme.php b/themes/danbooru/index.theme.php index f9b4272d..80f00517 100644 --- a/themes/danbooru/index.theme.php +++ b/themes/danbooru/index.theme.php @@ -47,10 +47,11 @@ class CustomIndexTheme extends IndexTheme protected function build_navigation(int $page_number, int $total_pages, array $search_terms): string { $h_search_string = count($search_terms) == 0 ? "" : html_escape(implode(" ", $search_terms)); - $h_search_link = search_link(); + $h_search_link = make_link(); return " -

+

+

"; diff --git a/themes/danbooru2/index.theme.php b/themes/danbooru2/index.theme.php index 2ab78117..6f7d9808 100644 --- a/themes/danbooru2/index.theme.php +++ b/themes/danbooru2/index.theme.php @@ -31,11 +31,12 @@ class CustomIndexTheme extends IndexTheme protected function build_navigation(int $page_number, int $total_pages, array $search_terms): string { $h_search_string = count($search_terms) == 0 ? "" : html_escape(implode(" ", $search_terms)); - $h_search_link = search_link(); + $h_search_link = make_link(); return " -

+

+

"; } diff --git a/themes/danbooru2/view.theme.php b/themes/danbooru2/view.theme.php index bd737a90..30bb9bd8 100644 --- a/themes/danbooru2/view.theme.php +++ b/themes/danbooru2/view.theme.php @@ -71,9 +71,10 @@ class CustomViewPostTheme extends ViewPostTheme { //$h_pin = $this->build_pin($image); $h_search = " - + + "; From eebb4c53e68749499c0808389e2e7c2f1b88d210 Mon Sep 17 00:00:00 2001 From: Shish Date: Fri, 9 Feb 2024 14:46:50 +0000 Subject: [PATCH 07/10] [link_scan] be get/post agnostic --- ext/link_scan/main.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ext/link_scan/main.php b/ext/link_scan/main.php index 386ee19f..9084f796 100644 --- a/ext/link_scan/main.php +++ b/ext/link_scan/main.php @@ -15,10 +15,11 @@ class LinkScan extends Extension { global $config, $page; - if ($event->page_matches("post/list") && isset($_POST['search'])) { + $search = @$_GET['search'] ?? @$_POST['search'] ?? ""; + if ($event->page_matches("post/list") && !empty($search)) { $trigger = $config->get_string("link_scan_trigger", "https?://"); - if (preg_match("#.*{$trigger}.*#", $_POST['search'])) { - $ids = $this->scan($_POST['search']); + if (preg_match("#.*{$trigger}.*#", $search)) { + $ids = $this->scan($search); $page->set_mode(PageMode::REDIRECT); $page->set_redirect(search_link(["id=".implode(",", $ids)])); $event->stop_processing = true; From 9ba9bf0fdf6ab4a42bdfa78d9b74fa952e438798 Mon Sep 17 00:00:00 2001 From: Shish Date: Fri, 9 Feb 2024 14:54:37 +0000 Subject: [PATCH 08/10] fix tests --- core/tests/UrlsTest.php | 30 ++++++++++++++++++------------ core/urls.php | 10 +++++----- ext/download/test.php | 2 +- ext/link_scan/test.php | 6 +++--- 4 files changed, 27 insertions(+), 21 deletions(-) diff --git a/core/tests/UrlsTest.php b/core/tests/UrlsTest.php index fd198529..07c1e1ec 100644 --- a/core/tests/UrlsTest.php +++ b/core/tests/UrlsTest.php @@ -25,12 +25,11 @@ class UrlsTest extends TestCase * @param array $vars * @return array */ - function _gst(array $terms): array - { + $gst = function (array $terms): array { $pre = new PageRequestEvent("GET", _get_query(search_link($terms))); $pre->page_matches("post/list"); return $pre->get_search_terms(); - } + }; global $config; foreach([true, false] as $nice_urls) { @@ -38,15 +37,15 @@ class UrlsTest extends TestCase $this->assertEquals( ["bar", "foo"], - _gst(["foo", "bar"]) + $gst(["foo", "bar"]) ); $this->assertEquals( ["AC/DC"], - _gst(["AC/DC"]) + $gst(["AC/DC"]) ); $this->assertEquals( ["cat*", "rating=?"], - _gst(["rating=?", "cat*"]), + $gst(["rating=?", "cat*"]), ); } } @@ -57,13 +56,13 @@ class UrlsTest extends TestCase global $config; foreach([true, false] as $nice_urls) { $config->set_bool('nice_urls', $nice_urls); - + // basic $this->assertEquals( $nice_urls ? "/test/foo" : "/test/index.php?q=foo", make_link("foo") ); - + // remove leading slash from path $this->assertEquals( $nice_urls ? "/test/foo" : "/test/index.php?q=foo", @@ -75,18 +74,18 @@ class UrlsTest extends TestCase $nice_urls ? "/test/foo?a=1&b=2" : "/test/index.php?q=foo&a=1&b=2", make_link("foo", "a=1&b=2") ); - + // hash $this->assertEquals( $nice_urls ? "/test/foo#cake" : "/test/index.php?q=foo#cake", make_link("foo", null, "cake") ); - + // query + hash $this->assertEquals( $nice_urls ? "/test/foo?a=1&b=2#cake" : "/test/index.php?q=foo&a=1&b=2#cake", make_link("foo", "a=1&b=2", "cake") - ); + ); } } @@ -120,7 +119,7 @@ class UrlsTest extends TestCase $this->assertEquals( "tasty/cake", - _get_query("/test/tasty/cake"), + _get_query("/test/tasty/cake"), 'http://$SERVER/$INSTALL_DIR/$PATH should return $PATH' ); $this->assertEquals( @@ -264,4 +263,11 @@ class UrlsTest extends TestCase referer_or("foo", ["cake"]) ); } + + public function tearDown(): void + { + global $config; + $config->set_bool('nice_urls', true); + parent::tearDown(); + } } diff --git a/core/urls.php b/core/urls.php index 7851fc50..747eaae4 100644 --- a/core/urls.php +++ b/core/urls.php @@ -69,9 +69,9 @@ function make_link(?string $page = null, ?string $query = null, ?string $fragmen /** * Figure out the current page from a link that make_link() generated - * + * * SHIT: notes for the future, because the web stack is a pile of hacks - * + * * - According to some specs, "/" is for URL dividers with heiracial * significance and %2F is for slashes that are just slashes. This * is what shimmie currently does - eg if you search for "AC/DC", @@ -83,7 +83,7 @@ function make_link(?string $page = null, ?string $query = null, ?string $fragmen * can parse it for ourselves * - generates * q=post%2Flist - * + * * This function should always return strings with no leading slashes */ function _get_query(?string $uri = null): string @@ -123,10 +123,10 @@ function _get_query(?string $uri = null): string * function should return /gallery * * PHP really, really sucks. - * + * * This function should always return strings with no trailing * slashes, so that it can be used like `get_base_href() . "/data/asset.abc"` - * + * * @param array|null $server_settings */ function get_base_href(?array $server_settings = null): string diff --git a/ext/download/test.php b/ext/download/test.php index 8b638502..26c79c4e 100644 --- a/ext/download/test.php +++ b/ext/download/test.php @@ -10,7 +10,7 @@ class DownloadTest extends ShimmiePHPUnitTestCase { global $page; $image_id = $this->post_image("tests/pbx_screenshot.jpg", "pbx computer screenshot"); - $this->get_page("/image/$image_id"); + $this->get_page("image/$image_id"); $this->assertEquals(PageMode::FILE, $page->mode); } } diff --git a/ext/link_scan/test.php b/ext/link_scan/test.php index 075b560d..9fe8a785 100644 --- a/ext/link_scan/test.php +++ b/ext/link_scan/test.php @@ -19,7 +19,7 @@ class LinkScanTest extends ShimmiePHPUnitTestCase But there is no http://example.com/post/view/65432 "; - $page = $this->post_page("post/list", ["search" => $text]); + $page = $this->get_page("post/list", ["search" => $text]); $this->assertEquals(PageMode::REDIRECT, $page->mode); $this->assertEquals("/test/post/list/id%3D{$image_id_1}%2C{$image_id_2}/1", $page->redirect); @@ -35,7 +35,7 @@ class LinkScanTest extends ShimmiePHPUnitTestCase Look at http://example.com/_images/feb01bab5698a11dd87416724c7a89e3/foobar.jpg there is an image or search for e106ea2983e1b77f11e00c0c54e53805 but one that doesn't exist is e106ea2983e1b77f11e00c0c54e50000 o.o"; - $page = $this->post_page("post/list", ["search" => $text]); + $page = $this->get_page("post/list", ["search" => $text]); $this->assertEquals(PageMode::REDIRECT, $page->mode); $this->assertEquals("/test/post/list/id%3D{$image_id_1}%2C{$image_id_2}/1", $page->redirect); @@ -48,7 +48,7 @@ class LinkScanTest extends ShimmiePHPUnitTestCase $this->post_image("tests/favicon.png", "TeStCase"); $text = "Look at feb01bab5698a11dd87416724c7a89e3/foobar.jpg"; - $page = $this->post_page("post/list", ["search" => $text]); + $page = $this->get_page("post/list", ["search" => $text]); $this->assertEquals(PageMode::REDIRECT, $page->mode); $this->assertEquals("/test/post/list/at%20feb01bab5698a11dd87416724c7a89e3%2Ffoobar.jpg%20Look/1", $page->redirect); From 12335b680e19bb6a64510f95d5bf0c4b9624597a Mon Sep 17 00:00:00 2001 From: Shish Date: Fri, 9 Feb 2024 15:10:29 +0000 Subject: [PATCH 09/10] log query source uri even with niceurls --- core/database.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/database.php b/core/database.php index ab6e173c..d15e897e 100644 --- a/core/database.php +++ b/core/database.php @@ -208,8 +208,9 @@ class Database public function _execute(string $query, array $args = []): PDOStatement { try { + $uri = $_SERVER['REQUEST_URI'] ?? "unknown uri"; return $this->get_db()->execute( - "-- " . str_replace("%2F", "/", urlencode($_GET['q'] ?? '')). "\n" . + "-- $uri\n" . $query, $args ); From fbacafdb4f4f3d124234203e2737a8b5210d0bcc Mon Sep 17 00:00:00 2001 From: Shish Date: Fri, 9 Feb 2024 15:10:36 +0000 Subject: [PATCH 10/10] type --- core/event.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/event.php b/core/event.php index f1cc3130..c615af10 100644 --- a/core/event.php +++ b/core/event.php @@ -51,7 +51,7 @@ class PageRequestEvent extends Event /** * @var string[] */ - public $args; + public array $args; public int $arg_count; public int $part_count;
Username
IP Address