summaryrefslogtreecommitdiffstats
path: root/application/models
AgeCommit message (Collapse)AuthorFilesLines
2012-09-09m/file: add text/x-tcl to autodetectionFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-08-28Only create new sessions when the are really neededFlorian Pritz1-3/+38
Most sessions are just people viewing a paste. Those don't need a session until they want to log in so we don't have to pollute the database and waste resources. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-08-16switch to pygmentsFlorian Pritz1-2/+2
- faster than geshi - easier to modify the css because there is only one - geshi upstream seems pretty dead Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-08-09rename file_mod to mfileFlorian Pritz1-1/+1
Muser already uses this scheme as it is easier to type. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-12Explicitly select fields in db queriesFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-12Store userid in sessionFlorian Pritz1-6/+2
We don't really have to hit the db here every time. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-07-12Display nice error message if username exists alreadyFlorian Pritz1-0/+15
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-17Move some functions from file_mod to file controllerFlorian Pritz1-207/+7
Models shouldn't really call views Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-17improve is_cli_client() and use everywhereFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-15Ignore etags when displaying HTML pagesFlorian Pritz1-1/+3
This allows the html page to change (user logged in/not logged in), but still keeps etag support for content that's really going to stay the same (images, plain file content, qr codes for urls) Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-12fix missing object initialization and properly declare class variablesFlorian Pritz1-1/+1
var is deprecated since ages and in strict mode we have to initialize $this->var as a generic object before using it. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-03add ID/info to display more information about a fileFlorian Pritz1-10/+37
The table is shared with the old delete_form, but it doesn't display the delete button in info mode. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-01move file link generation from controller to viewFlorian Pritz1-6/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-05-01move etag handling into handle_etag()Florian Pritz1-27/+23
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-14Make sure we keep the uri flashdataFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-14Allow to keep and reclaim uploads without being logged inFlorian Pritz2-3/+38
If a user keeps the browser open until his session expires and then tries to upload something we now add it to the database, add the ID to the new session and when someone logs in with that session the ID is assigned. Until then even if you guess it correctly, you won't be able to download it. If the user still manages to let the 2nd session expire because he can't find his password, the upload will be lost. Shit happens. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-13Hide delete button if user doesn't own the idFlorian Pritz1-1/+1
It won't work anyway. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-12CSP: add unsafe-inline to style-srcFlorian Pritz1-1/+1
chromium rejects inline css with this. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-11Use phpass for password hashingFlorian Pritz1-2/+5
The current implementation sometimes failed to generate valid hashes (had something to do with the random salt). Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-11Fix password verificationFlorian Pritz1-1/+9
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-11Add filesize to history viewFlorian Pritz1-3/+4
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09muser: decrease cost parameter for cryptFlorian Pritz1-1/+1
09 should take long enough and not waste too much time. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09random_id() -> random_alphanum(); allow single argumentFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09Move is_cli_client() and random_id() to helperFlorian Pritz2-30/+3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09muser: fix handling of cli clients without accountFlorian Pritz2-2/+16
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09Improve handling of cli clients without accountFlorian Pritz1-2/+6
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09fix missing $username when including header from file_modFlorian Pritz1-24/+27
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09improve page titlesFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09more user changesFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-09start working on usersFlorian Pritz2-27/+81
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-03-28add scheme highlightingFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-03-09CSP: allow object-srcFlorian Pritz1-1/+1
Video files won't play without this. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-02-26fix handling of ocaml mimetypeFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-02-19Implement CSP for direct file downloadsFlorian Pritz1-0/+3
With this header we tell the browser to ignore javascript, frames and objects which decreases the exploitability of simple html pastes if viewed raw ("<domain>/<id>", without a tailing slash) quite a lot. You can still upload arbitrary files containing javascript code, but the browser will refuse to execute it. References: https://wiki.mozilla.org/Security/CSP/Specification Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-02-19encode special chars in some placesFlorian Pritz1-2/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-02-14bump geshi to 1.0.8.10Florian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2011-12-18remove superfluous spaceFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2011-12-18fix left over mime2extension call and commentsFlorian Pritz1-4/+4
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2011-12-18factorise mode detectionFlorian Pritz1-8/+36
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2011-12-18improve readability of download()Florian Pritz1-13/+17
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2011-12-18use the same date for if-modified-since everywhereFlorian Pritz1-2/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2011-12-17use perl from PATH and copy markdown.pl to scripts/Florian Pritz1-6/+5
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2011-11-18use full path to perl executable when calling mimetypeFlorian Pritz1-1/+1
Everywhere else we already do it like that. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2011-11-05fix position of commentFlorian Pritz1-1/+3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2011-09-15valid_id: bail early if we can't get the file dataFlorian Pritz1-0/+3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2011-09-15remove unneeded call to filename2extensionFlorian Pritz1-1/+0
mime2extension tells us if the file is text that can be highlit. filename2extension leeds to unwanted behaviour if the filename is for example "PKGBUILD", but the file is a binary. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2011-09-08fix markdown.pl pathFlorian Pritz1-1/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2011-08-15rewrite scripts/mimetype to support ascii with color codesFlorian Pritz1-1/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2011-08-15export sane $PATHFlorian Pritz1-0/+1
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2011-07-01add ascii highlighting with escape color supportFlorian Pritz1-4/+10
Signed-off-by: Florian Pritz <bluewind@xinu.at>