LBRYFoundation/lbry.com
1
0
Fork 0
mirror of https://github.com/LBRYFoundation/lbry.com.git synced 2025-08-23 17:47:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix xss, remove broken post

Browse source
This commit is contained in:
Alex Grintsvayg 2016-09-08 11:08:12 -04:00
parent 8b23e029e9
commit 469118baba
10 changed files with 22 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
content/news/04-meet-the-lbry-founders.md
View file

@ -1,9 +0,0 @@
---
author: jeremy
title: Meet the LBRY Founders
date: '2015-07-28 15:00:00'
---
Here about LBRY straight from the horse's mouth. If there were two horses, that is. And the horses had created a revolutionary system for distributing information.
<iframe width="770" height="433" src="https://www.youtube.com/embed/0fDrBROywZ0" frameborder="0" allowfullscreen style="margin-left: auto; margin-right: auto"></iframe>

1
controller/Controller.class.php
View file

@ -100,6 +100,7 @@ class Controller
'/why' => '/learn', '/why' => '/learn',
'/feedback' => '/learn', '/feedback' => '/learn',
'/faq/when-referral-payouts' => '/faq/referrals', '/faq/when-referral-payouts' => '/faq/referrals',
'/news/meet-the-lbry-founders' => '/team',
]; ];
$tempRedirects = [ $tempRedirects = [

5
controller/Request.class.php
View file

@ -14,6 +14,11 @@ class Request
return $_POST[$key] ?? $_GET[$key] ?? $default; return $_POST[$key] ?? $_GET[$key] ?? $default;
} }
public static function getPostParam(string $key, $default = null)
{
return $_POST[$key] ?? $default;
}
public static function getMethod(): string public static function getMethod(): string
{ {
if (!static::$method) if (!static::$method)

8
controller/Session.class.php
View file

@ -1,14 +1,8 @@
<?php <?php
/**
* Very basic wrapper since replacing $_SESSION might happen at scale + convenience methods
*
* @author jeremy
*/
class Session class Session
{ {
const KEY_MAILCHIMP_LIST_IDS = 'mailchimp_list_ids', const KEY_DOWNLOAD_ACCESS_ERROR = 'download_error2',
KEY_DOWNLOAD_ACCESS_ERROR = 'download_error2',
KEY_DOWNLOAD_ALLOWED = 'beta_download_allowed2', KEY_DOWNLOAD_ALLOWED = 'beta_download_allowed2',
KEY_PREFINERY_USER_ID = 'prefinery_user_id', KEY_PREFINERY_USER_ID = 'prefinery_user_id',
KEY_PREFINER_USED_CUSTOM_CODE = 'prefinery_used_custom_code', KEY_PREFINER_USED_CUSTOM_CODE = 'prefinery_used_custom_code',

20
controller/action/MailActions.class.php
View file

@ -1,42 +1,36 @@
<?php <?php
/**
* Description of MailActions
*
* @author jeremy
*/
class MailActions extends Actions class MailActions extends Actions
{ {
public static function executeListSubscribe() public static function executeListSubscribe()
{ {
$nextUrl = isset($_POST['returnUrl']) && $_POST['returnUrl'] ? $_POST['returnUrl'] : '/join-list'; $nextUrl = Request::getPostParam('returnUrl', '/join-list');
if (!Request::isPost()) if (!Request::isPost())
{ {
return Controller::redirect($nextUrl); return Controller::redirect($nextUrl);
} }
Session::set(Session::KEY_LIST_SUB_SIGNATURE, $_POST['listSig'] ?? true); Session::set(Session::KEY_LIST_SUB_SIGNATURE, Request::getPostParam('listSig', true));
$email = $_POST['email']; $email = Request::getPostParam('email');
if (!$email|| !filter_var($email, FILTER_VALIDATE_EMAIL)) if (!$email|| !filter_var($email, FILTER_VALIDATE_EMAIL))
{ {
Session::set(Session::KEY_LIST_SUB_ERROR, $email ? __('Please provide a valid email address.') : __('Please provide an email address.')); Session::set(Session::KEY_LIST_SUB_ERROR, $email ? __('Please provide a valid email address.') : __('Please provide an email address.'));
} }
elseif (!$_POST['listId']) elseif (!Request::getPostParam('listId'))
{ {
Session::set(Session::KEY_LIST_SUB_ERROR, __('List not provided.')); Session::set(Session::KEY_LIST_SUB_ERROR, __('List not provided.'));
} }
else else
{ {
$mcListId = $_POST['listId']; $mcListId = htmlspecialchars(Request::getPostParam('listId'));
$mergeFields = isset($_POST['mergeFields']) ? (unserialize($_POST['mergeFields']) ?: []) : []; $mergeFields = Request::getPostParam('mergeFields') ? (unserialize(Request::getPostParam('mergeFields')) ?: []) : [];
try try
{ {
static::subscribeToMailchimp($email, $mcListId, $mergeFields); static::subscribeToMailchimp($email, $mcListId, $mergeFields);
Session::set(Session::KEY_MAILCHIMP_LIST_IDS, array_merge(Session::get(Session::KEY_MAILCHIMP_LIST_IDS, []), [$mcListId]));
Session::set(Session::KEY_LIST_SUB_SUCCESS, true); Session::set(Session::KEY_LIST_SUB_SUCCESS, true);
Session::set(Session::KEY_LIST_SUB_FB_EVENT, $_POST['fbEvent'] ?? null); Session::set(Session::KEY_LIST_SUB_FB_EVENT, Request::getPostParam('fbEvent') ?? null);
} }
catch (MailchimpSubscribeException $e) catch (MailchimpSubscribeException $e)
{ {

16
controller/action/OpsActions.class.php
View file

@ -40,17 +40,17 @@ class OpsActions extends Actions
public static function executeLogUpload(): array public static function executeLogUpload(): array
{ {
$log = isset($_POST['log']) ? urldecode($_POST['log']) : null; $log = Request::getPostParam('log') ? urldecode(Request::getPostParam('log')) : null;
if (isset($_POST['name'])) if (Request::getPostParam('name'))
{ {
$name = substr(trim(urldecode($_POST['name'])), 0, 50); $name = substr(trim(urldecode(Request::getPostParam('name'))), 0, 50);
} }
elseif (isset($_POST['date'])) elseif (Request::getPostParam('date'))
{ {
$name = substr(trim(urldecode($_POST['date'])), 0, 20) . '_' . $name = substr(trim(urldecode(Request::getPostParam('date'))), 0, 20) . '_' .
substr(trim(urldecode($_POST['hash'])), 0, 20) . '_' . substr(trim(urldecode(Request::getPostParam('hash'))), 0, 20) . '_' .
substr(trim(urldecode($_POST['sys'])), 0, 50) . '_' . substr(trim(urldecode(Request::getPostParam('sys'))), 0, 50) . '_' .
substr(trim(urldecode($_POST['type'])), 0, 20); substr(trim(urldecode(Request::getPostParam('type'))), 0, 20);
} }
else else
{ {

5
lib/exception/StopException.class.php
View file

@ -1,10 +1,5 @@
<?php <?php
/**
* Used to immediately end execution
*
* @author jeremy
*/
class StopException extends Exception class StopException extends Exception
{ {

5
lib/i18n.class.php
View file

@ -8,11 +8,6 @@ function __($msg, $args = [])
return strtr(i18n::translate($msg), $args); return strtr(i18n::translate($msg), $args);
} }
/**
* Description of i18n
*
* @author jeremy
*/
class i18n class i18n
{ {
protected static protected static

34
model/CreditApi.class.php
View file

@ -1,34 +0,0 @@
<?php
/**
* Description of CreditApi
*
* @author jeremy
*/
class CreditApi
{
public static function getCurrentTestCreditReward()
{
return 1000;
}
public static function getTotalDollarSales()
{
return 22585;
}
public static function getTotalPeople()
{
$rawJSON = @file_get_contents('https://spreadsheets.google.com/feeds/cells/1iOC1o5jq_4ySwRzsy2tZPPltw6Tbky2e3lDFdsWV8dU/okf1n52/public/full/R1C1?alt=json');
$json = $rawJSON ? json_decode($rawJSON, true) : [];
return isset($json['entry']) && isset($json['entry']['content']) && is_numeric($json['entry']['content']['$t'] ) ?
$json['entry']['content']['$t'] :
6687; //fallback #
}
public static function getCreditsPerDollar($days)
{
//naive algo = decrease 0.5% per day
return 200 * max(0, 100 - $days / 2) / 100;
}
}

5
view/Response.class.php
View file

@ -1,10 +1,5 @@
<?php <?php
/**
* Description of Response
*
* @author jeremy
*/
class Response class Response
{ {
const HEADER_STATUS = 'Status'; const HEADER_STATUS = 'Status';