allow JavaScript to be inserted even if no body tag includes

doubleotoo · Dec 4, 2011 · a781b13 · a781b13
1 parent 40b0405
commit a781b13
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 22 deletions.
diff --git a/app.php b/app.php
@@ -1,5 +1,6 @@
 <?php
 include('config.php'); // contains DB & important versioning
+include('blacklist.php'); // rules to *try* to prevent abuse of jsbin
 
 $host = 'http://' . $_SERVER['HTTP_HOST'];
 
@@ -125,7 +126,7 @@
   list($code_id, $revision) = getCodeIdParams($request);
   if ($revision == 'latest') {
     $latest_revision = getMaxRevision($code_id);
-    header('Location: /' . $code_id . '/' . $latest_revision . '/edit');
+    //header('Location: /' . $code_id . '/' . $latest_revision . '/edit');
     $edit_mode = false;
 
   }
@@ -172,17 +173,18 @@
     if (($html == '' && $html == $javascript)) {
       // entirely blank isn't going to be saved.
     } else {
-      $ok = mysql_query($sql);
-
-      if ($home) {
-        // first check they have write permission for this home
-        $sql = sprintf('select * from ownership where name="%s" and `key`="%s"', mysql_real_escape_string($home), mysql_real_escape_string($_COOKIE['key']));
-        $result = mysql_query($sql);
-        if (mysql_num_rows($result) == 1) {
-          $sql = sprintf('insert into owners (name, url, revision) values ("%s", "%s", "%s")', mysql_real_escape_string($home), mysql_real_escape_string($code_id), mysql_real_escape_string($revision));
-          $ok = mysql_query($sql);
+      if (!noinsert($html, $javascript)) {
+        $ok = mysql_query($sql);
+        if ($home) {
+          // first check they have write permission for this home
+          $sql = sprintf('select * from ownership where name="%s" and `key`="%s"', mysql_real_escape_string($home), mysql_real_escape_string($_COOKIE['key']));
+          $result = mysql_query($sql);
+          if (mysql_num_rows($result) == 1) {
+            $sql = sprintf('insert into owners (name, url, revision) values ("%s", "%s", "%s")', mysql_real_escape_string($home), mysql_real_escape_string($code_id), mysql_real_escape_string($revision));
+            $ok = mysql_query($sql);
+          }
+          // $code_id = $home . '/' . $code_id;
         }
-        // $code_id = $home . '/' . $code_id;
       }
     }
 
@@ -219,7 +221,7 @@
     if (isset($_REQUEST['format']) && strtolower($_REQUEST['format']) == 'plain') {
       echo $url;
     } else {
-      echo '{ "url" : "' . $url . '", "edit" : "' . $url . '/edit", "html" : "' . $url . '/edit", "js" : "' . $url . '/edit" }';
+      echo '{ "code": "' . $code_id . '", "revision": ' . $revision . ', "url" : "' . $url . '", "edit" : "' . $url . '/edit", "html" : "' . $url . '/edit", "js" : "' . $url . '/edit" }';
     }
 
     if (array_key_exists('callback', $_REQUEST)) {
@@ -251,7 +253,7 @@
     // find the latest revision and redirect to that.
     $code_id = $subaction;
     $latest_revision = getMaxRevision($code_id);
-    header('Location: /' . $code_id . '/' . $latest_revision);
+    // header('Location: /' . $code_id . '/' . $latest_revision);
     $edit_mode = false;
   }
   // gist are formed as jsbin.com/gist/1234 - which land on this condition, so we need to jump out, just in case
@@ -360,9 +362,12 @@ function formatCompletedCode($html, $javascript, $code_id, $revision) {
   } 
 
   if ($html && stripos($html, '%code%') === false && strlen($javascript)) {
-    $parts = explode("</body>", $html);
-    $html = $parts[0];
-    $close = count($parts) == 2 ? '</body>' . $parts[1] : '';
+    $close = '';
+    if (stripos($html, '</body>') !== false) {
+      $parts = explode("</body>", $html);
+      $html = $parts[0];
+      $close = count($parts) == 2 ? '</body>' . $parts[1] : '';
+    }
     $html .= "<script>\n" . $javascript . "\n</script>\n" . $close;
   } else if ($javascript) {
     // removed the regex completely to try to protect $n variables in JavaScript

diff --git a/js/render/render.js b/js/render/render.js
@@ -45,13 +45,16 @@ function getPreparedCode() {
     parts = source.split('%code%');
     source = parts[0] + js + parts[1];
   } else if (js) {
-    parts.push(source.substring(0, source.lastIndexOf('</body>')))
-    parts.push(source.substring(source.lastIndexOf('</body>')));
+    var close = '';
+    if (source.indexOf('</body>') !== -1) {
+      parts.push(source.substring(0, source.lastIndexOf('</body>')))
+      parts.push(source.substring(source.lastIndexOf('</body>')));
 
-    source = parts[0];
-
-    var close = parts.length == 2 && parts[1] ? parts[1] : '';
-
+      source = parts[0];
+
+      close = parts.length == 2 && parts[1] ? parts[1] : '';
+
+    }
     if (useCustomConsole) {
       source += "<script src=\"http://jsbin.com/js/render/console.js\"></script>\n<script>\n";
     }