phpbb-de · Crizz0 · Oct 12, 2023 · Sep 28, 2023 · Sep 28, 2023 · Sep 28, 2023
diff --git a/composer.json b/composer.json
@@ -4,7 +4,7 @@
 	"description": "Provides a pastebin including syntax highlighting",
 	"homepage": "https://www.phpbb.de/community/",
 	"version": "2.0.7",
-	"time": "2022-05-18",
+	"time": "2023-10-03",
 	"license": "GPL-2.0-only",
 	"authors": [
 		{
@@ -21,7 +21,7 @@
 		}
 	],
 	"require": {
-		"php": ">=5.4.7, <=7.4",
+		"php": ">=7.2, <=8.2",
 		"easybook/geshi": ">=1.0.8.4"
 	},
 	"require-dev": {

diff --git a/controller/main.php b/controller/main.php
@@ -241,7 +241,7 @@ private function display_pb()
 				{
 					$data = [
 						'snippet_id'	=> $snippet_id,
-						'snippet_text'	=> $this->request->variable('edit_snippet', '', true),
+						'snippet_text'	=> $this->request->raw_variable('edit_snippet', ''),
 					];
 
 					$snippet->load_from_array($data);
@@ -257,7 +257,8 @@ private function display_pb()
 					meta_refresh(3, $redirect_url);
 					trigger_error($message);
 				}
-				break;
+
+        break;
 
 			case 'post':
 				// process submitted data from the posting form
@@ -274,7 +275,7 @@ private function display_pb()
 				$data = array(
 						'snippet_title'		=> str_replace("\n", '', $this->request->variable('snippet_title', '', true)),
 						'snippet_desc'		=> str_replace("\n", '', $this->request->variable('snippet_desc', '', true)),
-						'snippet_text'		=> $this->request->variable('snippet_text', '', true),
+						'snippet_text'		=> $this->request->raw_variable('snippet_text', ''),
 						'snippet_prunable'	=> 1,
 						'snippet_highlight'	=> $this->request->variable('snippet_highlight', ''),
 						'snippet_prune_on'	=> max(1, min(6, $this->request->variable('pruning_months', 0))),
@@ -419,7 +420,7 @@ private function display_pb()
 						$highlight = 'php';
 					}
 
-					$code = htmlspecialchars_decode($snippet_text);
+					$code = $snippet_text;
 
 					$geshi = new \GeSHi($code, $highlight, $this->util->geshi_dir);
 					$geshi->set_header_type(GESHI_HEADER_NONE);
@@ -469,9 +470,9 @@ private function display_pb()
 					}
 
 					// Thanks download.php
-					$snippet_text = htmlspecialchars_decode(utf8_decode($data['snippet_text']));
+					$snippet_text = $data['snippet_text'];
 
-					$filename = htmlspecialchars_decode($data['snippet_title']) . '.' . $this->pastebin->file_ext();
+					$filename = $data['snippet_title'] . '.' . $this->pastebin->file_ext();
 
 					$user_agent = $this->request->server('HTTP_USER_AGENT', '');
 					if (strpos($user_agent, 'MSIE') !== false || strpos($user_agent, 'Safari') !== false || strpos($user_agent, 'Konqueror') !== false)

diff --git a/cron/main.php b/cron/main.php
@@ -41,7 +41,7 @@ public function run()
 	{
 		$now = time();
 		$sql = 'DELETE FROM ' . $this->pastebin_table . '
-			WHERE snippet_prunable = 1 and snippet_prune_on < ' . $now;
+			WHERE snippet_prunable = 1 and snippet_prune_on < ' . (int) $now;
 		$this->db->sql_query($sql);
 		$this->config->set('phpbbde_pastebin_prune_last_run', $now, true);
 	}

diff --git a/migrations/cron.php b/migrations/cron.php
@@ -12,7 +12,7 @@
 
 class cron extends \phpbb\db\migration\migration
 {
-	static public function depends_on()
+	public static function depends_on()
 	{
 		return array('\phpbbde\pastebin\migrations\pastebin');
 	}

diff --git a/migrations/pastebin.php b/migrations/pastebin.php
@@ -17,7 +17,7 @@ public function effectively_installed()
 		return !empty($this->config['pastebin_version']) && version_compare($this->config['pastebin_version'], '0.2.2', '>=');
 	}
 
-	static public function depends_on()
+	public static function depends_on()
 	{
 		 return array(
 			'\phpbb\db\migration\data\v32x\v324',

diff --git a/migrations/v204.php b/migrations/v204.php
@@ -12,7 +12,7 @@
 
 	class v204 extends \phpbb\db\migration\migration
 	{
-		static public function depends_on()
+		public static function depends_on()
 		{
 			return array(
 				'\phpbbde\pastebin\migrations\v_0_0_1',

diff --git a/migrations/v205.php b/migrations/v205.php
@@ -12,7 +12,7 @@
 
 class v205 extends \phpbb\db\migration\migration
 {
-	static public function depends_on()
+	public static function depends_on()
 	{
 		return array(
 			'\phpbbde\pastebin\migrations\v204',

diff --git a/migrations/v206.php b/migrations/v206.php
@@ -12,7 +12,7 @@
 
 class v206 extends \phpbb\db\migration\migration
 {
-	static public function depends_on()
+	public static function depends_on()
 	{
 		return array(
 			'\phpbbde\pastebin\migrations\v205',

diff --git a/migrations/v_0_0_1.php b/migrations/v_0_0_1.php
@@ -12,7 +12,7 @@
 
 class v_0_0_1 extends \phpbb\db\migration\migration
 {
-	static public function depends_on()
+	public static function depends_on()
 	{
 		return array(
 			'\phpbbde\pastebin\migrations\pastebin',

diff --git a/vendor/easybook/geshi/contrib/cssgen.php b/vendor/easybook/geshi/contrib/cssgen.php
@@ -30,7 +30,7 @@
  *
  ************************************************************************************/
 
-set_magic_quotes_runtime(0);
+//set_magic_quotes_runtime(0);
 //
 // Functions
 //
@@ -237,7 +237,7 @@ function get_var ( $var_name )
         }
         else
         {
-            echo '<input type="hidden" name="geshi-path" value="' . htmlspecialchars($geshi_path) . '" />';
+            echo '<input type="hidden" name="geshi-path" value="' . htmlspecialchars($geshi_path, ENT_COMPAT) . '" />';
         }
         if ( $no_lang_dir_error )
         {

diff --git a/vendor/easybook/geshi/contrib/example.php b/vendor/easybook/geshi/contrib/example.php
@@ -26,9 +26,9 @@
 
 $fill_source = false;
 if (isset($_POST['submit'])) {
-    if (get_magic_quotes_gpc()) {
+    /*if (get_magic_quotes_gpc()) {
         $_POST['source'] = stripslashes($_POST['source']);
-    }
+    }*/
     if (!strlen(trim($_POST['source']))) {
         $_POST['language'] = preg_replace('#[^a-zA-Z0-9\-_]#', '', $_POST['language']);
         $_POST['source'] = implode('', @file($path . 'geshi/' . $_POST['language'] . '.php'));
@@ -172,7 +172,7 @@
 <form action="<?php echo basename($_SERVER['PHP_SELF']); ?>" method="post">
 <h3>Source to highlight</h3>
 <p>
-<textarea rows="10" cols="60" name="source" id="source"><?php echo $fill_source ? htmlspecialchars($_POST['source']) : '' ?></textarea>
+<textarea rows="10" cols="60" name="source" id="source"><?php echo $fill_source ? htmlspecialchars($_POST['source'], ENT_COMPAT) : '' ?></textarea>
 </p>
 <h3>Choose a language</h3>
 <p>

diff --git a/vendor/easybook/geshi/contrib/langwiz.php b/vendor/easybook/geshi/contrib/langwiz.php
@@ -16,7 +16,7 @@
 error_reporting(E_ALL);
 $time_start = explode(' ', microtime());
 
-//Handle crappy PHP magic:
+/*//Handle crappy PHP magic:
 if (get_magic_quotes_gpc()) {
     function stripslashes_deep($value) {
         $value = is_array($value) ?
@@ -30,10 +30,10 @@ function stripslashes_deep($value) {
     $_GET = array_map('stripslashes_deep', $_GET);
     $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
     $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
-}
+}*/
 
 function htmlspecialchars_deep($value) {
-    return is_array($value) ? array_map('htmlspecialchars_deep', $value) : htmlspecialchars($value);
+    return is_array($value) ? array_map('htmlspecialchars_deep', $value) : htmlspecialchars($value, ENT_COMPAT);
 }
 
 define ('TYPE_NOTICE', 0);