From 3f97c7d168a3f4a67af74becaa01760556fa0aa1 Mon Sep 17 00:00:00 2001 From: Daniel Winzen <daniel@danwin1210.me> Date: Sun, 8 Nov 2020 22:57:49 +0100 Subject: [PATCH] Send 404 on non-existing pages --- www/admin.php | 2 +- www/onions.php | 87 ++++++++++++++++++++++++++++--------------------- www/sitemap.php | 2 +- www/test.php | 2 +- 4 files changed, 53 insertions(+), 40 deletions(-) diff --git a/www/admin.php b/www/admin.php index fed532e..d6fc6c0 100644 --- a/www/admin.php +++ b/www/admin.php @@ -7,7 +7,7 @@ send_headers([$style]); try{ $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]); }catch(PDOException $e){ - http_send_status(500); + http_response_code(500); die($I['nodb']); } asort($categories); diff --git a/www/onions.php b/www/onions.php index 2310bf7..cb60af9 100644 --- a/www/onions.php +++ b/www/onions.php @@ -25,7 +25,7 @@ require_once(__DIR__.'/../common_config.php'); try{ $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]); }catch(PDOException $e){ - http_send_status(500); + http_response_code(500); } date_default_timezone_set('UTC'); //select output format @@ -65,6 +65,46 @@ function send_html(){ }else{ $_REQUEST['newpg']=0; } + $category=count($categories); + if(isset($_REQUEST['cat']) && $_REQUEST['cat']<(count($categories)+count($special)+1) && $_REQUEST['cat']>=0){ + settype($_REQUEST['cat'], 'int'); + $category=$_REQUEST['cat']; + } + $pages=1; + $admin_approval = ''; + if(REQUIRE_APPROVAL){ + $admin_approval = PREFIX . 'onions.approved = 1 AND'; + } + $category_count = []; + $cat=count($categories); + foreach($special as $name=>$query){ + if($name===$I['lastadded']){ + $category_count[$cat] = PER_PAGE; + }else{ + $category_count[$cat] = $db->query('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE $admin_approval $query;")->fetch(PDO::FETCH_NUM)[0]; + } + if($category==$cat){ + $pages=ceil($category_count[$cat]/PER_PAGE); + } + ++$cat; + } + $category_count[$cat] = $db->query('SELECT COUNT(*) FROM ' . PREFIX . 'phishing, ' . PREFIX . 'onions WHERE ' . "$admin_approval " . PREFIX . "onions.id=onion_id AND address!='' AND timediff<604800;")->fetch(PDO::FETCH_NUM)[0]; + $category_count['removed'] = $db->query('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE address='';")->fetch(PDO::FETCH_NUM)[0]; + if(REQUIRE_APPROVAL) { + $category_count['pending'] = $db->query( 'SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE approved = 0 AND address!='';" )->fetch( PDO::FETCH_NUM )[0]; + $category_count['rejected'] = $db->query( 'SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE approved = -1 AND address!='';" )->fetch( PDO::FETCH_NUM )[0]; + } + $stmt=$db->prepare('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE $admin_approval category=? AND address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800;'); + foreach($categories as $cat=>$name){ + $stmt->execute([$cat]); + $category_count[$cat] = $stmt->fetch(PDO::FETCH_NUM)[0]; + if($category==$cat){ + $pages=ceil($category_count[$cat]/PER_PAGE); + } + } + if($_REQUEST['pg']>$pages){ + http_response_code(404); + } echo '<!DOCTYPE html><html lang="'.$language.'"><head>'; echo "<title>$I[title]</title>"; echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">'; @@ -99,19 +139,11 @@ function send_html(){ $stmt=$db->prepare('SELECT description, category FROM ' . PREFIX . 'onions WHERE md5sum=?;'); $stmt->execute([$md5]); if($desc=$stmt->fetch(PDO::FETCH_ASSOC)){ - $category=$desc['category']; echo str_replace('<br>', "\n", $desc['description']); } } } echo '</textarea></label></p>'; - if(isset($_REQUEST['cat']) && $_REQUEST['cat']<(count($categories)+count($special)+1) && $_REQUEST['cat']>=0){ - settype($_REQUEST['cat'], 'int'); - $category=$_REQUEST['cat']; - } - if(!isset($category)){ - $category=count($categories); - } echo "<p><label>$I[category]: <select name=\"cat\">"; foreach($categories as $cat=>$name){ echo "<option value=\"$cat\""; @@ -158,51 +190,32 @@ function send_html(){ //List special categories echo "<ul class=\"list\"><li>$I[specialcat]:</li>"; $cat=count($categories); - $pages=1; - $admin_approval = ''; - if(REQUIRE_APPROVAL){ - $admin_approval = PREFIX . 'onions.approved = 1 AND'; - } foreach($special as $name=>$query){ - if($cat===count($categories)+1){ - $num[0]=PER_PAGE; - }else{ - $num=$db->query('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE $admin_approval $query;")->fetch(PDO::FETCH_NUM); - } if($category==$cat){ - echo " <li class=\"active\"><a href=\"?cat=$cat&pg=$_REQUEST[newpg]&lang=$language\" target=\"_self\">$name ($num[0])</a></li>"; - $pages=ceil($num[0]/PER_PAGE); + echo " <li class=\"active\"><a href=\"?cat=$cat&pg=$_REQUEST[newpg]&lang=$language\" target=\"_self\">$name ($category_count[$cat])</a></li>"; }else{ - echo " <li><a href=\"?cat=$cat&pg=$_REQUEST[newpg]&lang=$language\" target=\"_self\">$name ($num[0])</a></li>"; + echo " <li><a href=\"?cat=$cat&pg=$_REQUEST[newpg]&lang=$language\" target=\"_self\">$name ($category_count[$cat])</a></li>"; } ++$cat; } - $num=$db->query('SELECT COUNT(*) FROM ' . PREFIX . 'phishing, ' . PREFIX . 'onions WHERE ' . "$admin_approval " . PREFIX . "onions.id=onion_id AND address!='' AND timediff<604800;")->fetch(PDO::FETCH_NUM); if($category==$cat){ - echo " <li class=\"active\"><a href=\"?cat=$cat&lang=$language\" target=\"_self\">$I[phishingclones] ($num[0])</a></li>"; + echo " <li class=\"active\"><a href=\"?cat=$cat&lang=$language\" target=\"_self\">$I[phishingclones] ($category_count[$cat])</a></li>"; }else{ - echo " <li><a href=\"?cat=$cat&lang=$language\" target=\"_self\">$I[phishingclones] ($num[0])</a></li>"; + echo " <li><a href=\"?cat=$cat&lang=$language\" target=\"_self\">$I[phishingclones] ($category_count[$cat])</a></li>"; } - $num=$db->query('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE address='';")->fetch(PDO::FETCH_NUM); - echo " <li>$I[removed] ($num[0])</li>"; + echo " <li>$I[removed] ($category_count[removed])</li>"; if(REQUIRE_APPROVAL) { - $num = $db->query( 'SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE approved = 0 AND address!='';" )->fetch( PDO::FETCH_NUM ); - echo " <li>$I[pendingapproval] ($num[0])</li>"; - $num = $db->query( 'SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE approved = -1 AND address!='';" )->fetch( PDO::FETCH_NUM ); - echo " <li>$I[rejected] ($num[0])</li>"; + echo " <li>$I[pendingapproval] ($category_count[pending])</li>"; + echo " <li>$I[rejected] ($category_count[rejected])</li>"; } echo '</ul>'; //List normal categories echo "<ul class=\"list\"><li>$I[categories]:</li>"; - $stmt=$db->prepare('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE $admin_approval category=? AND address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800;'); foreach($categories as $cat=>$name){ - $stmt->execute([$cat]); - $num=$stmt->fetch(PDO::FETCH_NUM); if($category==$cat){ - echo " <li class=\"active\"><a href=\"?cat=$cat&pg=$_REQUEST[newpg]&lang=$language\" target=\"_self\">$name ($num[0])</a></li>"; - $pages=ceil($num[0]/PER_PAGE); + echo " <li class=\"active\"><a href=\"?cat=$cat&pg=$_REQUEST[newpg]&lang=$language\" target=\"_self\">$name ($category_count[$cat])</a></li>"; }else{ - echo " <li><a href=\"?cat=$cat&pg=$_REQUEST[newpg]&lang=$language\" target=\"_self\">$name ($num[0])</a></li>"; + echo " <li><a href=\"?cat=$cat&pg=$_REQUEST[newpg]&lang=$language\" target=\"_self\">$name ($category_count[$cat])</a></li>"; } } echo '</ul>'; diff --git a/www/sitemap.php b/www/sitemap.php index 8900a11..0a2fee3 100644 --- a/www/sitemap.php +++ b/www/sitemap.php @@ -3,7 +3,7 @@ require_once __DIR__.'/../common_config.php'; try{ $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]); }catch(PDOException $e){ - http_send_status(500); + http_response_code(500); die($I['nodb']); } $links = []; diff --git a/www/test.php b/www/test.php index 3aea0b1..ea7ee0b 100644 --- a/www/test.php +++ b/www/test.php @@ -31,7 +31,7 @@ if(!empty($_REQUEST['addr'])){ try{ $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]); }catch(PDOException $e){ - http_send_status(500); + http_response_code(500); die($I['nodb']); } if(!preg_match('~(^(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){