From 125cd11c0180ae5f800464348972e24d45b73902 Mon Sep 17 00:00:00 2001 From: Roman Kelesidis Date: Wed, 17 Jan 2024 11:10:18 +0700 Subject: [PATCH] Set response code in some cases (#1319) * Set response code in some cases * Update CHANGELOG.md --- CHANGELOG.md | 1 + common.php | 1 + dl.php | 5 ++--- filelist.php | 26 ++++++++------------------ library/ajax/callseed.php | 2 +- library/ajax/topic_tpl.php | 2 +- library/includes/functions.php | 17 +++++++++++++---- library/includes/init_bb.php | 5 ++--- viewtopic.php | 8 ++++---- 9 files changed, 33 insertions(+), 34 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4ad9e73ce..29f7f25bb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ - Used datastore to show statistic for more performance [\#1309](https://github.com/torrentpier/torrentpier/pull/1309) ([belomaxorka](https://github.com/belomaxorka)) - Used `humn_size()` to count average of releases in tr_stats.php [\#1313](https://github.com/torrentpier/torrentpier/pull/1313) ([belomaxorka](https://github.com/belomaxorka)) - Some enhancements in default template [\#1312](https://github.com/torrentpier/torrentpier/pull/1312) ([belomaxorka](https://github.com/belomaxorka)) +- Set response code in some cases [\#1319](https://github.com/torrentpier/torrentpier/pull/1319) ([belomaxorka](https://github.com/belomaxorka)) - Minor improvements [\#1306](https://github.com/torrentpier/torrentpier/pull/1306), [\#1307](https://github.com/torrentpier/torrentpier/pull/1307), [\#1308](https://github.com/torrentpier/torrentpier/pull/1308), [\#1315](https://github.com/torrentpier/torrentpier/pull/1315) ([belomaxorka](https://github.com/belomaxorka)) - Updated deps [\#1304](https://github.com/torrentpier/torrentpier/pull/1304), [\#1305](https://github.com/torrentpier/torrentpier/pull/1305) ([belomaxorka](https://github.com/belomaxorka)) diff --git a/common.php b/common.php index da1fb442e..5fa647ddd 100644 --- a/common.php +++ b/common.php @@ -39,6 +39,7 @@ if (!defined('BB_SCRIPT')) { } header('X-Frame-Options: SAMEORIGIN'); +date_default_timezone_set('UTC'); // Cloudflare if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) { diff --git a/dl.php b/dl.php index 0362682b6..4d77a9ffd 100644 --- a/dl.php +++ b/dl.php @@ -40,8 +40,7 @@ function send_file_to_browser($attachment, $upload_dir) // Please do not change this, it is a security precaution if (!str_contains($attachment['mimetype'], 'image')) { $attachment['mimetype'] = 'application/octet-stream'; - } - else { + } else { header('Cache-Control: public, max-age=3600'); } @@ -147,7 +146,7 @@ for ($i = 0; $i < $num_auth_pages && $authorised == false; $i++) { // Check the auth rights if (!$authorised) { - bb_die($lang['SORRY_AUTH_VIEW_ATTACH']); + bb_die($lang['SORRY_AUTH_VIEW_ATTACH'], 403); } $datastore->rm('cat_forums'); diff --git a/filelist.php b/filelist.php index 9cd8b5dfa..90697d7e6 100644 --- a/filelist.php +++ b/filelist.php @@ -13,15 +13,13 @@ require __DIR__ . '/common.php'; $user->session_start(); if ($bb_cfg['bt_disable_dht'] && IS_GUEST) { - http_response_code(403); - bb_simple_die($lang['BT_PRIVATE_TRACKER']); + bb_simple_die($lang['BT_PRIVATE_TRACKER'], 403); } $topic_id = !empty($_GET['topic']) ? (int)$_GET['topic'] : false; if (!$topic_id) { - http_response_code(404); - bb_simple_die($lang['INVALID_TOPIC_ID']); + bb_simple_die($lang['INVALID_TOPIC_ID'], 404); } $sql = 'SELECT t.attach_id, t.info_hash, t.info_hash_v2, t.size, ad.physical_filename @@ -34,20 +32,17 @@ $sql = 'SELECT t.attach_id, t.info_hash, t.info_hash_v2, t.size, ad.physical_fil $row = DB()->fetch_row($sql); if (empty($row) || empty($row['physical_filename'])) { - http_response_code(404); - bb_simple_die($lang['INVALID_TOPIC_ID_DB']); + bb_simple_die($lang['INVALID_TOPIC_ID_DB'], 404); } if (empty($row['info_hash_v2'])) { - http_response_code(410); - bb_simple_die($lang['BT_V2_FLIST_ONLY']); + bb_simple_die($lang['BT_V2_FLIST_ONLY'], 410); } $file_path = get_attachments_dir() . '/' . $row['physical_filename']; if (!is_file($file_path)) { - http_response_code(410); - bb_simple_die($lang['TOR_NOT_FOUND']); + bb_simple_die($lang['TOR_NOT_FOUND'], 410); } $file_contents = file_get_contents($file_path); @@ -58,27 +53,22 @@ if ($bb_cfg['flist_max_files']) { $file_count = substr_count($file_contents, '6:length', $filetree_pos, ($files_pos ? ($files_pos - $filetree_pos) : null)); if ($file_count > $bb_cfg['flist_max_files']) { - http_response_code(410); - bb_simple_die(sprintf($lang['BT_V2_FLIST_LIMIT'], $bb_cfg['flist_max_files'], $file_count)); + bb_simple_die(sprintf($lang['BT_V2_FLIST_LIMIT'], $bb_cfg['flist_max_files'], $file_count), 410); } } try { $torrent = \Arokettu\Bencode\Bencode::decode($file_contents, dictType: \Arokettu\Bencode\Bencode\Collection::ARRAY); } catch (\Exception $e) { - http_response_code(410); - bb_simple_die(htmlCHR("{$lang['TORFILE_INVALID']}: {$e->getMessage()}")); + bb_simple_die(htmlCHR("{$lang['TORFILE_INVALID']}: {$e->getMessage()}"), 410); } if (isset($torrent['info']['private']) && IS_GUEST) { - http_response_code(403); - bb_simple_die($lang['BT_PRIVATE_TORRENT']); + bb_simple_die($lang['BT_PRIVATE_TORRENT'], 403); } $files = (new TorrentPier\Legacy\TorrentFileList($torrent))->fileTreeTable($torrent['info']['file tree']); -date_default_timezone_set('UTC'); - $data = [ 'name' => isset($torrent['info']['name']) ? htmlCHR(substr($torrent['info']['name'], 0, 255)) : 'undefined', 'client' => isset($torrent['created by']) ? htmlCHR(substr($torrent['created by'], 0, 20)) : 'unknown client', diff --git a/library/ajax/callseed.php b/library/ajax/callseed.php index eea5f7b10..c02d4a1bb 100644 --- a/library/ajax/callseed.php +++ b/library/ajax/callseed.php @@ -82,7 +82,7 @@ function topic_info($topic_id) "; if (!$torrent = DB()->fetch_row($sql)) { - bb_die($lang['TOPIC_POST_NOT_EXIST']); + bb_die($lang['TOPIC_POST_NOT_EXIST'], 404); } return $torrent; diff --git a/library/ajax/topic_tpl.php b/library/ajax/topic_tpl.php index 580d2c883..b603d8450 100644 --- a/library/ajax/topic_tpl.php +++ b/library/ajax/topic_tpl.php @@ -124,7 +124,7 @@ switch ($mode) { if ($tpl_data['tpl_last_edit_tm'] > $this->request['tpl_l_ed_tst'] && $tpl_data['tpl_last_edit_by'] != $userdata['user_id']) { $last_edit_by_username = get_username((int)$tpl_data['tpl_last_edit_by']); $msg = "Изменения не были сохранены!\n\n"; - $msg .= 'Шаблон был отредактирован: ' . htmlCHR($last_edit_by_username) . ', ' . bb_date($tpl_data['tpl_last_edit_tm'], 'd-M-y H:i'); + $msg .= 'Шаблон был отредактирован: ' . html_ent_decode($last_edit_by_username) . ', ' . bb_date($tpl_data['tpl_last_edit_tm'], 'd-M-y H:i'); $this->ajax_die($msg); } $sql = "UPDATE " . BB_TOPIC_TPL . " SET " . DB()->build_array('UPDATE', $sql_args) . " WHERE tpl_id = $tpl_id"; diff --git a/library/includes/functions.php b/library/includes/functions.php index 76f50206a..f1bd17224 100644 --- a/library/includes/functions.php +++ b/library/includes/functions.php @@ -1628,10 +1628,14 @@ function obtain_word_list(&$orig_word, &$replacement_word) return true; } -function bb_die($msg_text) +function bb_die($msg_text, $status_code = null) { global $ajax, $bb_cfg, $lang, $template, $theme, $userdata, $user; + if (isset($status_code)) { + http_response_code($status_code); + } + if (defined('IN_AJAX')) { $ajax->ajax_die($msg_text); } @@ -1682,15 +1686,20 @@ function bb_die($msg_text) exit; } -function bb_simple_die($txt) +function bb_simple_die($txt, $status_code = null) { global $bb_cfg; + header('Content-Type: text/plain; charset=' . $bb_cfg['charset']); + + if (isset($status_code)) { + http_response_code($status_code); + } + if (!empty($_COOKIE['explain'])) { bb_die("bb_simple_die:

$txt"); } - header('Content-Type: text/plain; charset=' . $bb_cfg['charset']); die($txt); } @@ -1733,7 +1742,7 @@ function redirect($url) $redirect_url = $server_protocol . $server_name . $server_port . $script_name . preg_replace('#^\/?(.*?)\/?$#', '/\1', $url); // Behave as per HTTP/1.1 spec for others - header('Location: ' . $redirect_url); + header('Location: ' . $redirect_url, response_code: 301); exit; } diff --git a/library/includes/init_bb.php b/library/includes/init_bb.php index 136e11c4e..5e11ef37b 100644 --- a/library/includes/init_bb.php +++ b/library/includes/init_bb.php @@ -444,15 +444,14 @@ if ( * Exit if board is disabled via trigger */ if (($bb_cfg['board_disable'] || is_file(BB_DISABLED)) && !defined('IN_ADMIN') && !defined('IN_AJAX') && !defined('IN_LOGIN')) { - http_response_code(503); if ($bb_cfg['board_disable']) { // admin lock send_no_cache_headers(); - bb_die('BOARD_DISABLE'); + bb_die('BOARD_DISABLE', 503); } elseif (is_file(BB_DISABLED)) { // trigger lock TorrentPier\Helpers\CronHelper::releaseDeadlock(); send_no_cache_headers(); - bb_die('BOARD_DISABLE_CRON'); + bb_die('BOARD_DISABLE_CRON', 503); } } diff --git a/viewtopic.php b/viewtopic.php index b20701099..c0022faf8 100644 --- a/viewtopic.php +++ b/viewtopic.php @@ -55,7 +55,7 @@ if (isset($_REQUEST['single'])) { } if (!$topic_id && !$post_id) { - bb_die($lang['TOPIC_POST_NOT_EXIST']); + bb_die($lang['TOPIC_POST_NOT_EXIST'], 404); } $tracking_topics = get_tracks('topic'); @@ -100,12 +100,12 @@ if ($topic_id) { WHERE p.post_id = $post_id "; } else { - bb_die($lang['TOPIC_POST_NOT_EXIST']); + bb_die($lang['TOPIC_POST_NOT_EXIST'], 404); } if (!$t_data = DB()->fetch_row($sql)) { meta_refresh('index.php', 10); - bb_die($lang['TOPIC_POST_NOT_EXIST']); + bb_die($lang['TOPIC_POST_NOT_EXIST'], 404); } $forum_topic_data =& $t_data; @@ -166,7 +166,7 @@ if (!$is_auth['auth_read']) { $redirect .= ($start && !$post_id) ? "&start=$start" : ''; redirect(LOGIN_URL . "?redirect=$redirect"); } - bb_die($lang['TOPIC_POST_NOT_EXIST']); + bb_die($lang['TOPIC_POST_NOT_EXIST'], 404); } $forum_name = $t_data['forum_name'];