From b079b0f9548eeee63cb1c58a68414e7cac75dd6e Mon Sep 17 00:00:00 2001
From: ruan <2369127-ruany@users.noreply.gitlab.com>
Date: Sat, 10 Aug 2024 23:36:27 +0200
Subject: [PATCH] Support Content Security Policy (CSP)

---
 check.php                  |  6 +++---
 error/tables-not-found.php | 20 --------------------
 history.php                |  2 +-
 inc/css/custom.css         |  4 ++++
 inc/database.php           | 18 ++++++++++--------
 inc/footer.php             |  2 +-
 inc/header.php             | 10 +---------
 inc/init.php               | 12 ------------
 inc/js/form.js             | 20 ++++++++++++++++++++
 inc/js/redirect.js         |  4 ++++
 inc/js/table.js            | 15 +++++++++++++++
 inc/page.php               | 35 +++++++++++++++++++++++++----------
 12 files changed, 84 insertions(+), 64 deletions(-)
 delete mode 100644 inc/init.php
 create mode 100644 inc/js/form.js
 create mode 100644 inc/js/redirect.js
 create mode 100644 inc/js/table.js

diff --git a/check.php b/check.php
index 0ac761f..b3a0ed7 100644
--- a/check.php
+++ b/check.php
@@ -35,7 +35,7 @@ class Check {
             if (!isset($uuid)) {
                 if (filter_var($name, FILTER_VALIDATE_FLOAT)) {
                     echo "<br>";
-                    redirect($page->link("info.php?type=$type&id=$name"));
+                    $page->redirect($page->link("info.php?type=$type&id=$name"), true, false);
                     return;
                 }
                 $name = htmlspecialchars($name, ENT_QUOTES);
@@ -50,9 +50,9 @@ class Check {
             }
 
             echo "<br>";
-            redirect($page->link($href));
+            $page->redirect($page->link($href), true, false);
         } catch (PDOException $ex) {
-            $page->db->handle_error($page->settings, $ex);
+            $page->db->handle_error($page, $ex);
         }
     }
 
diff --git a/error/tables-not-found.php b/error/tables-not-found.php
index d69fda1..70eb8ea 100644
--- a/error/tables-not-found.php
+++ b/error/tables-not-found.php
@@ -41,26 +41,6 @@
             <br>
             - Ensure that you are using the latest version of LiteBans.
             <br>
-            <?php
-                echo("<br>Database tables:");
-                $db = new Database($settings, true, false);
-                try {
-                    $st = $db->conn->query("SELECT * FROM " . $settings->table['bans'] . " LIMIT 1;");
-                    $st->fetch();
-                    $st->closeCursor();
-                } catch (PDOException $e) {
-                    $st = $db->conn->query("SHOW TABLES;");
-                    $st->execute();
-                    $rows = $st->fetchAll(PDO::FETCH_ASSOC);
-
-                    foreach ($rows as $row) {
-                        foreach ($row as $k => $v) {
-                            echo("<br> - $v");
-                        }
-                    }
-                    $st->closeCursor();
-                }
-            ?>
         </div>
         <br>
         <a href="../" class="btn btn-primary">Try Again</a>
diff --git a/history.php b/history.php
index 7b322e7..12fe10a 100644
--- a/history.php
+++ b/history.php
@@ -266,5 +266,5 @@ try {
 
     $page->print_footer();
 } catch (PDOException $ex) {
-    $page->db->handle_error($page->settings, $ex);
+    $page->db->handle_error($page, $ex);
 }
diff --git a/inc/css/custom.css b/inc/css/custom.css
index 64b15bb..a7cc42e 100644
--- a/inc/css/custom.css
+++ b/inc/css/custom.css
@@ -71,6 +71,10 @@ tr.hover {
     text-align: left;
 }
 
+.litebans-check-btn {
+    margin-left: 5px;
+}
+
 .litebans-check-form {
     margin-left: 15px;
 }
diff --git a/inc/database.php b/inc/database.php
index 30c4761..a1271b2 100644
--- a/inc/database.php
+++ b/inc/database.php
@@ -4,15 +4,16 @@
 class Database {
     public static $TRUE = "1", $FALSE = "0";
 
-    public function __construct(Settings $settings, $connect, $verify) {
+    public function __construct(Page $page, $connect, $verify) {
         if ($connect) {
-            $this->connect($settings, $verify);
+            $this->connect($page, $verify);
         } else {
             $this->conn = null;
         }
     }
 
-    function connect(Settings $cfg, $verify = true) {
+    function connect(Page $page, $verify = true) {
+        $cfg = $page->settings;
         $driver = $cfg->driver;
         $host = $cfg->host;
         $port = $cfg->port;
@@ -41,7 +42,7 @@ class Database {
         }
 
         if ($username === "" && $password === "") {
-            redirect("error/unconfigured.php");
+            $page->redirect("error/unconfigured.php");
         }
 
         $dsn = "$driver:dbname=$database;host=$host;port=$port";
@@ -84,7 +85,8 @@ class Database {
      * @param $e Exception
      * @throws Exception
      */
-    function handle_error(Settings $cfg, Exception $e) {
+    function handle_error(Page $page, Exception $e) {
+        $cfg = $page->settings;
         if ($cfg->error_throw) throw $e;
 
         $message = 'Database error: ' . $e->getMessage();
@@ -92,7 +94,7 @@ class Database {
             if (strstr($message, "Access denied for user")) {
                 $param = "";
                 if ($cfg->error_reporting) $param = "?error=" . base64_encode($e->getMessage());
-                redirect("error/access-denied.php$param");
+                $page->redirect("error/access-denied.php$param");
             }
             if (strstr($message, "Base table or view not found:") || strstr($message, "Unknown column")) {
                 try {
@@ -100,9 +102,9 @@ class Database {
                     $st->fetch();
                     $st->closeCursor();
                 } catch (PDOException $e) {
-                    redirect("error/tables-not-found.php");
+                    $page->redirect("error/tables-not-found.php");
                 }
-                redirect("error/outdated-plugin.php");
+                $page->redirect("error/outdated-plugin.php");
             }
         }
         if (!$cfg->error_reporting) $message = "Database error";
diff --git a/inc/footer.php b/inc/footer.php
index 482c29f..b7b3ce1 100644
--- a/inc/footer.php
+++ b/inc/footer.php
@@ -1,3 +1,3 @@
 <script src="<?php echo $this->resource('inc/js/jquery-3.5.1.min.js'); ?>"></script>
 <script src="<?php echo $this->resource('inc/js/bootstrap.min.js'); ?>"></script>
-<?php echo "</html>"; ?>
+</html>
\ No newline at end of file
diff --git a/inc/header.php b/inc/header.php
index 96dc511..527dffd 100644
--- a/inc/header.php
+++ b/inc/header.php
@@ -71,7 +71,7 @@ if ($page->settings->header_show_totals) {
             'kicks.php'    => $row[3],
         );
     } catch (PDOException $ex) {
-        $page->db->handle_error($page->settings, $ex);
+        $page->db->handle_error($page, $ex);
     }
 }
 ?>
@@ -87,14 +87,6 @@ if ($page->settings->header_show_totals) {
     <link href="<?php echo $this->page->resource('inc/css/bootstrap.min.css'); ?>" rel="stylesheet">
     <link href="<?php echo $this->page->resource('inc/css/glyphicons.min.css'); ?>" rel="stylesheet">
     <link href="<?php echo $this->page->resource('inc/css/custom.css'); ?>" rel="stylesheet">
-    <script type="text/javascript">
-        function withjQuery(tries, f) {
-            if (window.jQuery) f();
-            else if (tries > 0) window.setTimeout(function () {
-                withjQuery(tries - 1, f);
-            }, 100);
-        }
-    </script>
 </head>
 
 
diff --git a/inc/init.php b/inc/init.php
deleted file mode 100644
index df3540b..0000000
--- a/inc/init.php
+++ /dev/null
@@ -1,12 +0,0 @@
-<?php
-
-function redirect($url, $showtext = true) {
-    if ($showtext === true) {
-        echo "<a href=\"$url\">Redirecting...</a>";
-    }
-    die("<script data-cfasync=\"false\" type=\"text/javascript\">document.location=\"$url\";</script>");
-}
-
-if (!extension_loaded("pdo_mysql") || !extension_loaded("intl")) {
-    redirect("error/missing-extensions.php");
-}
diff --git a/inc/js/form.js b/inc/js/form.js
new file mode 100644
index 0000000..3a34741
--- /dev/null
+++ b/inc/js/form.js
@@ -0,0 +1,20 @@
+var captureForm = function (b) {
+    var o = $(".litebans-check-output");
+    o.removeClass("show");
+    var x = setTimeout(function () {
+        o.html("<br>")
+    }, 150);
+    $.ajax({type: "GET", url: $("#form-link").val() + "?name=" + $("#user").val() + "&table=" + $("#form-table").val()}).done(function (c) {
+        clearTimeout(x);
+        o.html(c);
+        o.addClass("show")
+        var url = document.getElementById("redirect-url");
+        if (url !== null) {
+            document.location = url.value;
+        }
+    });
+    b.preventDefault();
+    return false
+};
+
+document.getElementById("check").addEventListener("submit", captureForm)
\ No newline at end of file
diff --git a/inc/js/redirect.js b/inc/js/redirect.js
new file mode 100644
index 0000000..993956e
--- /dev/null
+++ b/inc/js/redirect.js
@@ -0,0 +1,4 @@
+var url = document.getElementById("redirect-url");
+if (url !== null) {
+    document.location = url.value;
+}
\ No newline at end of file
diff --git a/inc/js/table.js b/inc/js/table.js
new file mode 100644
index 0000000..fa3746a
--- /dev/null
+++ b/inc/js/table.js
@@ -0,0 +1,15 @@
+function withjQuery(tries, f) {
+    if (window.jQuery) f();
+    else if (tries > 0) window.setTimeout(function () {
+        withjQuery(tries - 1, f);
+    }, 100);
+}
+
+withjQuery(30, function () {
+    $('tr').click(function () {
+        var href = $(this).find('a').attr('href');
+        if (href !== undefined) window.location = href;
+    }).hover(function () {
+        $(this).toggleClass('hover');
+    });
+});
\ No newline at end of file
diff --git a/inc/page.php b/inc/page.php
index 6fca245..b478242 100644
--- a/inc/page.php
+++ b/inc/page.php
@@ -1,5 +1,4 @@
 <?php
-require_once './inc/init.php';
 
 #[AllowDynamicProperties]
 class Page {
@@ -23,12 +22,17 @@ class Page {
         } else {
             $this->lang = new en_US();
         }
-        $this->db = new Database($cfg, $connect, !($cfg instanceof EnvSettings));
+        $this->settings = $cfg;
+
+        if (!extension_loaded("pdo_mysql") || !extension_loaded("intl")) {
+            $this->redirect("error/missing-extensions.php");
+        }
+
+        $this->db = new Database($this, $connect, !($cfg instanceof EnvSettings));
 
         $this->formatter = new IntlDateFormatter($cfg->lang, IntlDateFormatter::LONG, IntlDateFormatter::NONE, $cfg->timezone, IntlDateFormatter::GREGORIAN, $cfg->date_format);
 
         $this->conn = $this->db->conn;
-        $this->settings = $cfg;
         $this->uuid_name_cache = array();
 
         $this->name = $name;
@@ -201,7 +205,7 @@ class Page {
 
             return $rows;
         } catch (PDOException $ex) {
-            $this->db->handle_error($this->settings, $ex);
+            $this->db->handle_error($this, $ex);
             return array();
         }
     }
@@ -247,7 +251,7 @@ class Page {
 
         $uuidDashed = $uuid;
         $uuid = $this->uuid_undashify($uuid);
-        $src = str_replace(array('{uuid}','{uuidDashed}', '{name}'), array($uuid, $uuidDashed, $name), $avatar_source);
+        $src = str_replace(array('{uuid}', '{uuidDashed}', '{name}'), array($uuid, $uuidDashed, $name), $avatar_source);
         if (in_array($name, $this->settings->console_aliases) || $name === $this->settings->console_name) {
             $src = $this->resource($this->settings->console_image);
             $name = $this->settings->console_name;
@@ -430,6 +434,16 @@ class Page {
         return ($millis > $until);
     }
 
+    function redirect($url, $showtext = true, $script = true) {
+        if ($showtext === true) {
+            echo "<a href=\"$url\">Redirecting...</a>";
+        }
+        echo("<input type=\"hidden\" id=\"redirect-url\" value=\"$url\">");
+        if ($script) {
+            die("<script src={$this->resource('inc/js/redirect.js')}></script>");
+        } else die;
+    }
+
     /**
      * Returns true if a string should be treated as a UUID.
      * @param $str
@@ -542,18 +556,19 @@ class Page {
         echo '
          <div class="row litebans-check">
              <div class="litebans-check litebans-check-form">
-                 <form action="check.php" onsubmit="captureForm(event);" class="form-inline">
+                 <form action="check.php" class="form-inline" id="check">
                     <div class="form-group">
                         <input type="text" class="form-control" name="name" id="user" placeholder="' . $this->t("generic.player-name") . '">
                     </div>
-                    <input type="hidden" name="table" value="' . $this->name . '">
-                    <button type="submit" class="btn btn-primary" style="margin-left: 5px;">' . $this->t("action.check") . '</button>
+                    <input type="hidden" name="table" id="form-table" value="' . $this->name . '">
+                    <input type="hidden" name="link" id="form-link" value="' . $link . '">
+                    <button type="submit" class="btn btn-primary litebans-check-btn">' . $this->t("action.check") . '</button>
                  </form>
              </div>
-             <script type="text/javascript">function captureForm(b){var o=$(".litebans-check-output");o.removeClass("show");var x=setTimeout(function(){o.html("<br>")}, 150);$.ajax({type:"GET",url:"' . $link . '?name="+$("#user").val()+"&table=' . $table . '"}).done(function(c){clearTimeout(x);o.html(c);o.addClass("show")});b.preventDefault();return false};</script>
          </div>
          <div class="litebans-check litebans-check-output fade" class="success fade" data-alert="alert"></div>
          <p class="noselect"></p>
+         <script src="' . $this->resource('inc/js/form.js') . '"></script>
          ';
     }
 
@@ -653,7 +668,7 @@ class Page {
     function table_end($clicky = true) {
         echo '</table>';
         if ($clicky) {
-            echo "<script type=\"text/javascript\">withjQuery(30,function(){ $('tr').click(function(){var href=$(this).find('a').attr('href');if(href!==undefined)window.location=href;}).hover(function(){\$(this).toggleClass('hover');}); });</script>";
+            echo "<script src={$this->resource('inc/js/table.js')}></script>";
         }
     }