Skip to content

Commit

Permalink
Clear database after orphaned files removal
Browse files Browse the repository at this point in the history
plaintext passwd not correctly removed from logs
Fixes #74
  • Loading branch information
sergix44 committed Sep 17, 2019
1 parent 7457a61 commit a59e364
Show file tree
Hide file tree
Showing 8 changed files with 82 additions and 61 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
## v2.6.5
+ Fixed error after orphaned files removal #74.
+ Fixed update password not correctly removed from log files #74.
+ Changed color to some buttons to address visibility with some themes.

## v2.6.4
+ Filter on displayable images.
+ Fixed during upload error on php compiled for 32 bit.
Expand Down
2 changes: 2 additions & 0 deletions app/Controllers/AdminController.php
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,8 @@ public function deleteOrphanFiles(Request $request, Response $response): Respons
}
}

$this->database->query('DELETE FROM `uploads` WHERE `user_id` IS NULL');

$this->session->alert(lang('deleted_orphans', [$deleted]));

return redirect($response, 'system');
Expand Down
1 change: 1 addition & 0 deletions app/Controllers/Controller.php
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
* @property Logger|null logger
* @property Filesystem|null storage
* @property Lang lang
* @property array settings
*/
abstract class Controller
{
Expand Down
7 changes: 5 additions & 2 deletions app/Controllers/UserController.php
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ public function store(Request $request, Response $response): Response
]);

$this->session->alert(lang('user_created', [$request->getParam('username')]), 'success');
$this->logger->info('User ' . $this->session->get('username') . ' created a new user.', [array_diff($request->getParams(), ['password'])]);
$this->logger->info('User ' . $this->session->get('username') . ' created a new user.', [array_diff_key($request->getParams(), array_flip(['password']))]);

return redirect($response, 'user.index');
}
Expand Down Expand Up @@ -183,7 +183,10 @@ public function update(Request $request, Response $response, $args): Response
}

$this->session->alert(lang('user_updated', [$request->getParam('username')]), 'success');
$this->logger->info('User ' . $this->session->get('username') . " updated $user->id.", [$user, array_diff($request->getParams(), ['password'])]);
$this->logger->info('User ' . $this->session->get('username') . " updated $user->id.", [
array_diff_key((array)$user, array_flip(['password'])),
array_diff_key($request->getParams(), array_flip(['password'])),
]);

return redirect($response, 'user.index');

Expand Down
97 changes: 54 additions & 43 deletions app/routes.php
Original file line number Diff line number Diff line change
@@ -1,57 +1,68 @@
<?php
// Auth routes
use App\Controllers\AdminController;
use App\Controllers\DashboardController;
use App\Controllers\LoginController;
use App\Controllers\ThemeController;
use App\Controllers\UpgradeController;
use App\Controllers\UploadController;
use App\Controllers\UserController;
use App\Middleware\AdminMiddleware;
use App\Middleware\AuthMiddleware;
use App\Middleware\CheckForMaintenanceMiddleware;

$app->group('', function () {
$this->get('/home[/page/{page}]', \App\Controllers\DashboardController::class . ':home')->setName('home');
$this->get('/home[/page/{page}]', DashboardController::class . ':home')->setName('home');

$this->group('', function () {
$this->get('/home/switchView', \App\Controllers\DashboardController::class . ':switchView')->setName('switchView');
$this->get('/home/switchView', DashboardController::class . ':switchView')->setName('switchView');

$this->get('/system/deleteOrphanFiles', \App\Controllers\AdminController::class . ':deleteOrphanFiles')->setName('system.deleteOrphanFiles');
$this->get('/system/deleteOrphanFiles', AdminController::class . ':deleteOrphanFiles')->setName('system.deleteOrphanFiles');

$this->get('/system/themes', \App\Controllers\ThemeController::class . ':getThemes')->setName('theme');
$this->post('/system/theme/apply', \App\Controllers\ThemeController::class . ':applyTheme')->setName('theme.apply');
$this->get('/system/themes', ThemeController::class . ':getThemes')->setName('theme');
$this->post('/system/theme/apply', ThemeController::class . ':applyTheme')->setName('theme.apply');

$this->post('/system/lang/apply', \App\Controllers\AdminController::class . ':applyLang')->setName('lang.apply');
$this->post('/system/lang/apply', AdminController::class . ':applyLang')->setName('lang.apply');

$this->post('/system/upgrade', \App\Controllers\UpgradeController::class . ':upgrade')->setName('system.upgrade');
$this->get('/system/checkForUpdates', \App\Controllers\UpgradeController::class . ':checkForUpdates')->setName('system.checkForUpdates');
$this->post('/system/upgrade', UpgradeController::class . ':upgrade')->setName('system.upgrade');
$this->get('/system/checkForUpdates', UpgradeController::class . ':checkForUpdates')->setName('system.checkForUpdates');

$this->get('/system', \App\Controllers\AdminController::class . ':system')->setName('system');
$this->get('/system', AdminController::class . ':system')->setName('system');

$this->get('/users[/page/{page}]', \App\Controllers\UserController::class . ':index')->setName('user.index');
})->add(\App\Middleware\AdminMiddleware::class);
$this->get('/users[/page/{page}]', UserController::class . ':index')->setName('user.index');
})->add(AdminMiddleware::class);

$this->group('/user', function () {

$this->get('/create', \App\Controllers\UserController::class . ':create')->setName('user.create');
$this->post('/create', \App\Controllers\UserController::class . ':store')->setName('user.store');
$this->get('/{id}/edit', \App\Controllers\UserController::class . ':edit')->setName('user.edit');
$this->post('/{id}', \App\Controllers\UserController::class . ':update')->setName('user.update');
$this->get('/{id}/delete', \App\Controllers\UserController::class . ':delete')->setName('user.delete');
})->add(\App\Middleware\AdminMiddleware::class);

$this->get('/profile', \App\Controllers\UserController::class . ':profile')->setName('profile');
$this->post('/profile/{id}', \App\Controllers\UserController::class . ':profileEdit')->setName('profile.update');
$this->post('/user/{id}/refreshToken', \App\Controllers\UserController::class . ':refreshToken')->setName('refreshToken');
$this->get('/user/{id}/config/sharex', \App\Controllers\UserController::class . ':getShareXconfigFile')->setName('config.sharex');
$this->get('/user/{id}/config/script', \App\Controllers\UserController::class . ':getUploaderScriptFile')->setName('config.script');

$this->post('/upload/{id}/publish', \App\Controllers\UploadController::class . ':togglePublish')->setName('upload.publish');
$this->post('/upload/{id}/unpublish', \App\Controllers\UploadController::class . ':togglePublish')->setName('upload.unpublish');
$this->get('/upload/{id}/raw', \App\Controllers\UploadController::class . ':getRawById')->add(\App\Middleware\AdminMiddleware::class)->setName('upload.raw');
$this->post('/upload/{id}/delete', \App\Controllers\UploadController::class . ':delete')->setName('upload.delete');

})->add(App\Middleware\CheckForMaintenanceMiddleware::class)->add(\App\Middleware\AuthMiddleware::class);

$app->get('/', \App\Controllers\DashboardController::class . ':redirects')->setName('root');
$app->get('/login', \App\Controllers\LoginController::class . ':show')->setName('login.show');
$app->post('/login', \App\Controllers\LoginController::class . ':login')->setName('login');
$app->map(['GET', 'POST'], '/logout', \App\Controllers\LoginController::class . ':logout')->setName('logout');

$app->post('/upload', \App\Controllers\UploadController::class . ':upload')->setName('upload');

$app->get('/{userCode}/{mediaCode}', \App\Controllers\UploadController::class . ':show')->setName('public');
$app->get('/{userCode}/{mediaCode}/delete/{token}', \App\Controllers\UploadController::class . ':show')->setName('public.delete.show')->add(\App\Middleware\CheckForMaintenanceMiddleware::class);;
$app->post('/{userCode}/{mediaCode}/delete/{token}', \App\Controllers\UploadController::class . ':deleteByToken')->setName('public.delete')->add(\App\Middleware\CheckForMaintenanceMiddleware::class);;
$app->get('/{userCode}/{mediaCode}/raw', \App\Controllers\UploadController::class . ':showRaw')->setName('public.raw')->setOutputBuffering(false);
$app->get('/{userCode}/{mediaCode}/download', \App\Controllers\UploadController::class . ':download')->setName('public.download')->setOutputBuffering(false);
$this->get('/create', UserController::class . ':create')->setName('user.create');
$this->post('/create', UserController::class . ':store')->setName('user.store');
$this->get('/{id}/edit', UserController::class . ':edit')->setName('user.edit');
$this->post('/{id}', UserController::class . ':update')->setName('user.update');
$this->get('/{id}/delete', UserController::class . ':delete')->setName('user.delete');
})->add(AdminMiddleware::class);

$this->get('/profile', UserController::class . ':profile')->setName('profile');
$this->post('/profile/{id}', UserController::class . ':profileEdit')->setName('profile.update');
$this->post('/user/{id}/refreshToken', UserController::class . ':refreshToken')->setName('refreshToken');
$this->get('/user/{id}/config/sharex', UserController::class . ':getShareXconfigFile')->setName('config.sharex');
$this->get('/user/{id}/config/script', UserController::class . ':getUploaderScriptFile')->setName('config.script');

$this->post('/upload/{id}/publish', UploadController::class . ':togglePublish')->setName('upload.publish');
$this->post('/upload/{id}/unpublish', UploadController::class . ':togglePublish')->setName('upload.unpublish');
$this->get('/upload/{id}/raw', UploadController::class . ':getRawById')->add(AdminMiddleware::class)->setName('upload.raw');
$this->post('/upload/{id}/delete', UploadController::class . ':delete')->setName('upload.delete');

})->add(App\Middleware\CheckForMaintenanceMiddleware::class)->add(AuthMiddleware::class);

$app->get('/', DashboardController::class . ':redirects')->setName('root');
$app->get('/login', LoginController::class . ':show')->setName('login.show');
$app->post('/login', LoginController::class . ':login')->setName('login');
$app->map(['GET', 'POST'], '/logout', LoginController::class . ':logout')->setName('logout');

$app->post('/upload', UploadController::class . ':upload')->setName('upload');

$app->get('/{userCode}/{mediaCode}', UploadController::class . ':show')->setName('public');
$app->get('/{userCode}/{mediaCode}/delete/{token}', UploadController::class . ':show')->setName('public.delete.show')->add(CheckForMaintenanceMiddleware::class);
$app->post('/{userCode}/{mediaCode}/delete/{token}', UploadController::class . ':deleteByToken')->setName('public.delete')->add(CheckForMaintenanceMiddleware::class);
$app->get('/{userCode}/{mediaCode}/raw', UploadController::class . ':showRaw')->setName('public.raw')->setOutputBuffering(false);
$app->get('/{userCode}/{mediaCode}/download', UploadController::class . ':download')->setName('public.download')->setOutputBuffering(false);
2 changes: 1 addition & 1 deletion composer.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "sergix44/xbackbone",
"version": "2.6.4",
"version": "2.6.5",
"description": "A lightweight ShareX PHP backend",
"type": "project",
"require": {
Expand Down
25 changes: 12 additions & 13 deletions composer.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions resources/templates/dashboard/admin.twig
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,8 @@
<td class="text-right">
<div class="btn-group">
{% if media.username is not null %}
<a href="{{ urlFor('/' ~ media.user_code ~ '/' ~ media.code ~ '.' ~ media.extension) }}" class="btn btn-sm btn-outline-dark" data-toggle="tooltip" title="{{ lang('open') }}" target="_blank"><i class="fas fa-external-link-alt"></i></a>
<a href="{{ urlFor('/' ~ media.user_code ~ '/' ~ media.code ~ '.' ~ media.extension ~ '/download') }}" class="btn btn-sm btn-outline-secondary" data-toggle="tooltip" title="{{ lang('download') }}"><i class="fas fa-cloud-download-alt"></i></a>
<a href="{{ urlFor('/' ~ media.user_code ~ '/' ~ media.code ~ '.' ~ media.extension) }}" class="btn btn-sm btn-outline-secondary" data-toggle="tooltip" title="{{ lang('open') }}" target="_blank"><i class="fas fa-external-link-alt"></i></a>
<a href="{{ urlFor('/' ~ media.user_code ~ '/' ~ media.code ~ '.' ~ media.extension ~ '/download') }}" class="btn btn-sm btn-outline-primary" data-toggle="tooltip" title="{{ lang('download') }}"><i class="fas fa-cloud-download-alt"></i></a>
<a href="javascript:void(0)" class="btn btn-sm btn-outline-success btn-clipboard" data-toggle="tooltip" title="{{ lang('copy_link') }}" data-clipboard-text="{{ urlFor('/' ~ media.user_code ~ '/' ~ media.code ~ '.' ~ media.extension) }}"><i class="fas fa-link"></i></a>
{% else %}
<a href="{{ route('upload.raw', {'id': media.id}) }}" class="btn btn-sm btn-outline-dark" data-toggle="tooltip" title="{{ lang('raw') }}" target="_blank"><i class="fas fa-external-link-alt"></i></a>
Expand Down

0 comments on commit a59e364

Please sign in to comment.