Closed kwaaak closed 6 years ago
I agree, the current behavior is borderline invalid.
Fixed in https://github.com/ptpb/pb/pull/218; also updates tests to measure this new behavior.
Minimum reproduction of the new behavior looks something like this:
# curl -F c=@- http://localhost:10002/ -F sunset=1 <<< asdf12342
date: 2018-05-22T05:37:02.248643+00:00
digest: 5831a13b9427a65bab12f9688923da4e27d2e722
long: AFgxoTuUJ6ZbqxL5aIkj2k4n0uci
short: 0uci
size: 10
status: created
sunset: 2018-05-22T05:37:03.246537+00:00
url: http://localhost:10002/0uci
uuid: 448b9d54-d090-4c3b-bbcf-ead94c060833
# sleep 1
# curl -F c=@- http://localhost:10002/ -F sunset=1 <<< asdf12342
date: 2018-05-22T05:37:08.337401+00:00
digest: 5831a13b9427a65bab12f9688923da4e27d2e722
long: AFgxoTuUJ6ZbqxL5aIkj2k4n0uci
short: 0uci
size: 10
status: created
sunset: 2018-05-22T05:37:09.335082+00:00
url: http://localhost:10002/0uci
uuid: 53d4c5f1-c4cf-4cb6-8fba-8bcbdb1b427f
# curl -F c=@- http://localhost:10002/ -F sunset=10 <<< asdf12342
date: 2018-05-22T05:37:15.188436+00:00
digest: 5831a13b9427a65bab12f9688923da4e27d2e722
long: AFgxoTuUJ6ZbqxL5aIkj2k4n0uci
short: 0uci
size: 10
status: created
sunset: 2018-05-22T05:37:25.183167+00:00
url: http://localhost:10002/0uci
uuid: 0a74fba4-c61e-434b-bd2e-17d63d035068
# sleep 1
# curl -F c=@- http://localhost:10002/ -F sunset=10 <<< asdf12342
status: label already exists.
This also replaces the previous concept of an expired
response with what will now be a not found
response.
deployed.
The old behavior was:
# curl -F c=@- https://ptpb.pw/ -F sunset=1 <<< asdf123423
date: 2018-05-22T06:11:11.417000+00:00
digest: 777d0146c2b6a114a425c42200b368c385808f3f
long: AHd9AUbCtqEUpCXEIgCzaMOFgI8_
short: gI8_
size: 11
status: already exists
sunset: 2018-05-22T06:11:12.409000+00:00
url: https://ptpb.pw/gI8_
# sleep 1
# curl -F c=@- https://ptpb.pw/ -F sunset=1 <<< asdf123423
date: 2018-05-22T06:11:11.417000+00:00
digest: 777d0146c2b6a114a425c42200b368c385808f3f
long: AHd9AUbCtqEUpCXEIgCzaMOFgI8_
short: gI8_
size: 11
status: already exists
sunset: 2018-05-22T06:11:12.409000+00:00
url: https://ptpb.pw/gI8_
In this particular example, 2018-05-22T06:11:11.417000+00:00
had long passed, but POST
did not evaluate this.
One might heavy-handedly classify this as a mild information leakage bug (paste should be deleted, but is instead reported as already existing
), and I might agree, except that , you would have to know the paste content ahead of time, and as a result the only data you wouldn't possibly already know is the creation date.
@HalosGhost I'm facing this issue in pbpst. any fix ?
Please open an issue on the pbpst
issue tracker so I can make sure it stays on my to-do list! I will try to take a look at it this weekend.
I'm facing this issue in pbpst
In what way?
The issue described here should be totally nonexistent now.
@buhman, my bad. Check issue posted in pbpst
The paste should probably be re-created with the new sunset time