Merge pull request #8 from ssl/master

gkanonimus · web-flow · commit f481991244a6 · 2023-11-14T21:13:07.000+03:00
Fixes
diff --git a/app/controllers/Api.php b/app/controllers/Api.php
@@ -277,6 +277,7 @@ private function parseCookies($cookies)
     public function reports()
     {
         $id = $this->getPostValue('id');
+        $archive = $this->getPostValue('archive') == '1' ? 1 : 0;
 
         // Check payload permissions
         $payloadList = $this->payloadList();
@@ -288,7 +289,7 @@ public function reports()
         if (+$id === 0) {
             if ($this->isAdmin()) {
                 // Show all reports
-                $reports = $this->model('Report')->getAll();
+                $reports = $this->model('Report')->getAllByArchive($archive);
             } else {
                 // Show all reports of allowed payloads
                 $reports = [];
@@ -299,7 +300,7 @@ public function reports()
                         if (strpos($payload['payload'], '/') === false) {
                             $payloadUri .= '/%';
                         }
-                        $reports = array_merge($reports, $this->model('Report')->getAllByPayload($payloadUri));
+                        $reports = array_merge($reports, $this->model('Report')->getAllByPayload($payloadUri, $archive));
                     }
                 }
             }
@@ -311,20 +312,7 @@ public function reports()
             if (strpos($payload['payload'], '/') === false) {
                 $payloadUri .= '/%';
             }
-            $reports = $this->model('Report')->getAllByPayload($payloadUri);
-        }
-
-        // Remove or keep reports depending the requested archive value
-        $archive = $this->getPostValue('archive') == '1' ? true : false;
-        foreach ($reports as $key => $value) {
-            $reports[$key]['ip'] = substr($reports[$key]['ip'], 0, 25);
-            $reports[$key]['payload'] = substr($reports[$key]['payload'], 0, 50);
-
-            if (($reports[$key]['archive'] == '0' && $archive) ||
-                ($reports[$key]['archive'] == '1' && !$archive)
-            ) {
-                unset($reports[$key]);
-            }
+            $reports = $this->model('Report')->getAllByPayload($payloadUri, $archive);
         }
 
         return json_encode(["data" => array_values($reports)]);
diff --git a/app/controllers/Payload.php b/app/controllers/Payload.php
@@ -251,9 +251,9 @@ private function setBlacklist($id, $domain)
         $payload = $this->model('Payload')->getById($id);
 
         // Validate domain string
-        if (!preg_match('/^(?!\-)(?:(?:[a-zA-Z\d][a-zA-Z\d\-]{0,61})?[a-zA-Z\d]\.){1,126}(?!\d+)[a-zA-Z\d]{1,63}$/', $domain)) {
+        if (!preg_match('/^(?:(?:(?!\*)[a-zA-Z\d][a-zA-Z\d\-*]{0,61})?[a-zA-Z\d]\.){0,1}(?!\d+)(?!.*\*\*)[a-zA-Z\d*]{1,63}(?:\.(?:(?:(?!\*)[a-zA-Z\d][a-zA-Z\d\-*]{0,61})?[a-zA-Z\d]\.){0,1}(?!\d+)(?!.*\*\*)[a-zA-Z\d*]{1,63})*$/', $domain)) {
             throw new Exception('This does not look like a valid domain');
-        }
+        }        
 
         $newString = $payload['blacklist'] . '~' . $domain;
         $this->model('Payload')->setSingleValue($id, "blacklist", $newString);
diff --git a/app/models/Report.php b/app/models/Report.php
@@ -25,6 +25,24 @@ public function getAll()
         return $data;
     }
 
+    /**
+     * Get all reports by archive status
+     * 
+     * @param string $archive Archive status
+     * @return array
+     */
+    public function getAllByArchive($archive)
+    {
+        $database = Database::openConnection();
+        $database->prepare('SELECT id,uri,ip,payload,shareid FROM reports WHERE archive = :archive ORDER BY id DESC');
+        $database->bindValue(':archive', $archive);
+        $database->execute();
+
+        $data = $database->fetchAll();
+
+        return $data;
+    }
+
     /**
      * Get report by share id
      * 
@@ -51,13 +69,15 @@ public function getByShareId($id)
     /**
      * Get report by payload
      * @param string $payload The payload
+     * @param string $archive Archive status
      * @throws Exception
      * @return array
      */
-    public function getAllByPayload($payload)
+    public function getAllByPayload($payload, $archive)
     {
         $database = Database::openConnection();
-        $database->prepare('SELECT id,uri,ip,payload,archive,shareid FROM reports WHERE payload LIKE :payload ORDER BY id DESC');
+        $database->prepare('SELECT id,uri,ip,payload,shareid FROM reports WHERE payload LIKE :payload AND archive = :archive ORDER BY id DESC');
+        $database->bindValue(':archive', $archive);
         $database->bindValue(':payload', $payload);
 
         if (!$database->execute()) {
diff --git a/system/View.php b/system/View.php
@@ -459,6 +459,6 @@ public function setTitle($title)
      */
     public function setContentType($type)
     {
-        header('Content-Type: ' . $type);
+        header('Content-Type: ' . $type . '; charset=UTF-8');
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -459,6 +459,6 @@ public function setTitle($title)`
`459`	`459`	`*/`
`460`	`460`	`public function setContentType($type)`
`461`	`461`	`{`
`462`		`- header('Content-Type: ' . $type);`
	`462`	`+ header('Content-Type: ' . $type . '; charset=UTF-8');`
`463`	`463`	`}`
`464`	`464`	`}`