mirror of
https://github.com/LBRYFoundation/lbry.com.git
synced 2025-08-23 17:47:26 +00:00
fix xss, remove broken post
This commit is contained in:
Alex Grintsvayg
parent
8b23e029e9
commit
469118baba
10 changed files with 22 additions and 86 deletions
|
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
author: jeremy
|
||||
title: Meet the LBRY Founders
|
||||
date: '2015-07-28 15:00:00'
|
||||
---
|
||||
|
||||
Here about LBRY straight from the horse's mouth. If there were two horses, that is. And the horses had created a revolutionary system for distributing information.
|
||||
|
||||
<iframe width="770" height="433" src="https://www.youtube.com/embed/0fDrBROywZ0" frameborder="0" allowfullscreen style="margin-left: auto; margin-right: auto"></iframe>
|
||||
|
|
@ -100,6 +100,7 @@ class Controller
|
|||
'/why' => '/learn',
|
||||
'/feedback' => '/learn',
|
||||
'/faq/when-referral-payouts' => '/faq/referrals',
|
||||
'/news/meet-the-lbry-founders' => '/team',
|
||||
];
|
||||
|
||||
$tempRedirects = [
|
||||
|
|
|
|||
|
|
@ -14,6 +14,11 @@ class Request
|
|||
return $_POST[$key] ?? $_GET[$key] ?? $default;
|
||||
}
|
||||
|
||||
public static function getPostParam(string $key, $default = null)
|
||||
{
|
||||
return $_POST[$key] ?? $default;
|
||||
}
|
||||
|
||||
public static function getMethod(): string
|
||||
{
|
||||
if (!static::$method)
|
||||
|
|
|
|||
|
|
@ -1,14 +1,8 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Very basic wrapper since replacing $_SESSION might happen at scale + convenience methods
|
||||
*
|
||||
* @author jeremy
|
||||
*/
|
||||
class Session
|
||||
{
|
||||
const KEY_MAILCHIMP_LIST_IDS = 'mailchimp_list_ids',
|
||||
KEY_DOWNLOAD_ACCESS_ERROR = 'download_error2',
|
||||
const KEY_DOWNLOAD_ACCESS_ERROR = 'download_error2',
|
||||
KEY_DOWNLOAD_ALLOWED = 'beta_download_allowed2',
|
||||
KEY_PREFINERY_USER_ID = 'prefinery_user_id',
|
||||
KEY_PREFINER_USED_CUSTOM_CODE = 'prefinery_used_custom_code',
|
||||
|
|
|
|||
|
|
@ -1,42 +1,36 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Description of MailActions
|
||||
*
|
||||
* @author jeremy
|
||||
*/
|
||||
class MailActions extends Actions
|
||||
{
|
||||
public static function executeListSubscribe()
|
||||
{
|
||||
$nextUrl = isset($_POST['returnUrl']) && $_POST['returnUrl'] ? $_POST['returnUrl'] : '/join-list';
|
||||
$nextUrl = Request::getPostParam('returnUrl', '/join-list');
|
||||
|
||||
if (!Request::isPost())
|
||||
{
|
||||
return Controller::redirect($nextUrl);
|
||||
}
|
||||
|
||||
Session::set(Session::KEY_LIST_SUB_SIGNATURE, $_POST['listSig'] ?? true);
|
||||
Session::set(Session::KEY_LIST_SUB_SIGNATURE, Request::getPostParam('listSig', true));
|
||||
|
||||
$email = $_POST['email'];
|
||||
$email = Request::getPostParam('email');
|
||||
if (!$email|| !filter_var($email, FILTER_VALIDATE_EMAIL))
|
||||
{
|
||||
Session::set(Session::KEY_LIST_SUB_ERROR, $email ? __('Please provide a valid email address.') : __('Please provide an email address.'));
|
||||
}
|
||||
elseif (!$_POST['listId'])
|
||||
elseif (!Request::getPostParam('listId'))
|
||||
{
|
||||
Session::set(Session::KEY_LIST_SUB_ERROR, __('List not provided.'));
|
||||
}
|
||||
else
|
||||
{
|
||||
$mcListId = $_POST['listId'];
|
||||
$mergeFields = isset($_POST['mergeFields']) ? (unserialize($_POST['mergeFields']) ?: []) : [];
|
||||
$mcListId = htmlspecialchars(Request::getPostParam('listId'));
|
||||
$mergeFields = Request::getPostParam('mergeFields') ? (unserialize(Request::getPostParam('mergeFields')) ?: []) : [];
|
||||
try
|
||||
{
|
||||
static::subscribeToMailchimp($email, $mcListId, $mergeFields);
|
||||
Session::set(Session::KEY_MAILCHIMP_LIST_IDS, array_merge(Session::get(Session::KEY_MAILCHIMP_LIST_IDS, []), [$mcListId]));
|
||||
Session::set(Session::KEY_LIST_SUB_SUCCESS, true);
|
||||
Session::set(Session::KEY_LIST_SUB_FB_EVENT, $_POST['fbEvent'] ?? null);
|
||||
Session::set(Session::KEY_LIST_SUB_FB_EVENT, Request::getPostParam('fbEvent') ?? null);
|
||||
}
|
||||
catch (MailchimpSubscribeException $e)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -40,17 +40,17 @@ class OpsActions extends Actions
|
|||
|
||||
public static function executeLogUpload(): array
|
||||
{
|
||||
$log = isset($_POST['log']) ? urldecode($_POST['log']) : null;
|
||||
if (isset($_POST['name']))
|
||||
$log = Request::getPostParam('log') ? urldecode(Request::getPostParam('log')) : null;
|
||||
if (Request::getPostParam('name'))
|
||||
{
|
||||
$name = substr(trim(urldecode($_POST['name'])), 0, 50);
|
||||
$name = substr(trim(urldecode(Request::getPostParam('name'))), 0, 50);
|
||||
}
|
||||
elseif (isset($_POST['date']))
|
||||
elseif (Request::getPostParam('date'))
|
||||
{
|
||||
$name = substr(trim(urldecode($_POST['date'])), 0, 20) . '_' .
|
||||
substr(trim(urldecode($_POST['hash'])), 0, 20) . '_' .
|
||||
substr(trim(urldecode($_POST['sys'])), 0, 50) . '_' .
|
||||
substr(trim(urldecode($_POST['type'])), 0, 20);
|
||||
$name = substr(trim(urldecode(Request::getPostParam('date'))), 0, 20) . '_' .
|
||||
substr(trim(urldecode(Request::getPostParam('hash'))), 0, 20) . '_' .
|
||||
substr(trim(urldecode(Request::getPostParam('sys'))), 0, 50) . '_' .
|
||||
substr(trim(urldecode(Request::getPostParam('type'))), 0, 20);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1,10 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Used to immediately end execution
|
||||
*
|
||||
* @author jeremy
|
||||
*/
|
||||
class StopException extends Exception
|
||||
{
|
||||
|
||||
|
|
|
|||
|
|
@ -8,11 +8,6 @@ function __($msg, $args = [])
|
|||
return strtr(i18n::translate($msg), $args);
|
||||
}
|
||||
|
||||
/**
|
||||
* Description of i18n
|
||||
*
|
||||
* @author jeremy
|
||||
*/
|
||||
class i18n
|
||||
{
|
||||
protected static
|
||||
|
|
|
|||
|
|
@ -1,34 +0,0 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Description of CreditApi
|
||||
*
|
||||
* @author jeremy
|
||||
*/
|
||||
class CreditApi
|
||||
{
|
||||
public static function getCurrentTestCreditReward()
|
||||
{
|
||||
return 1000;
|
||||
}
|
||||
|
||||
public static function getTotalDollarSales()
|
||||
{
|
||||
return 22585;
|
||||
}
|
||||
|
||||
public static function getTotalPeople()
|
||||
{
|
||||
$rawJSON = @file_get_contents('https://spreadsheets.google.com/feeds/cells/1iOC1o5jq_4ySwRzsy2tZPPltw6Tbky2e3lDFdsWV8dU/okf1n52/public/full/R1C1?alt=json');
|
||||
$json = $rawJSON ? json_decode($rawJSON, true) : [];
|
||||
return isset($json['entry']) && isset($json['entry']['content']) && is_numeric($json['entry']['content']['$t'] ) ?
|
||||
$json['entry']['content']['$t'] :
|
||||
6687; //fallback #
|
||||
}
|
||||
|
||||
public static function getCreditsPerDollar($days)
|
||||
{
|
||||
//naive algo = decrease 0.5% per day
|
||||
return 200 * max(0, 100 - $days / 2) / 100;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,10 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Description of Response
|
||||
*
|
||||
* @author jeremy
|
||||
*/
|
||||
class Response
|
||||
{
|
||||
const HEADER_STATUS = 'Status';
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue