Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

url property served in api responses is incomplete #1294

Open
1 task done
nain-F49FF806 opened this issue Apr 29, 2024 · 3 comments
Open
1 task done

url property served in api responses is incomplete #1294

nain-F49FF806 opened this issue Apr 29, 2024 · 3 comments
Labels
question/support

Comments

@nain-F49FF806
Copy link

Did you use the FAQ section?

  • Yes, I have read the FAQ and I found no solution/answer there.

Steps to reproduce

  1. Make any post/get request to privatebin.net, and see response

post paste

{"status":0,"id":"ba7bf946a542eee1","url":"\/?ba7bf946a542eee1","deletetoken":"9914b0e934253e2e327f9a6477b99f6fff5d1e0e10d3d3bd08d4d9b6a20ab2ea"}

post comment

{"status":0,"id":"5e6c970dcab21155","url":"\/?5e6c970dcab21155"}

What happens

The url property has server address missing.

What should happen

It should provide the full address, otherwise is it really relevant?
We can use the id field to create the proper url. The partial url doesn't add value.

Also, for comment reponse, url feild makes no sense?
If url needs to be returned for post comment it should be the parent paste's valid url.

Additional information

Basic information

Server address: https://privatebin.net

Server OS: -

Webserver: -

Browser: any

PrivateBin version: recent

I can reproduce this issue on https://privatebin.net: Yes
@nain-F49FF806 nain-F49FF806 mentioned this issue Apr 29, 2024
Merged
@elrido
Copy link
Contributor

elrido commented Apr 29, 2024

It provides the path to the API endpoint on the same domain. It will only prepend the URL base to the webservers request URI:

PrivateBin/lib/Controller.php

Line 514 in ec02afc

$result['url'] = $this->_urlBase . '?' . $message;

PrivateBin/lib/Controller.php

Line 173 in ec02afc

$this->_urlBase = $this->_request->getRequestUri();

PrivateBin/lib/Request.php

Lines 225 to 229 in ec02afc

public function getRequestUri()
{
$uri = array_key_exists('REQUEST_URI', $_SERVER) ? filter_var($_SERVER['REQUEST_URI'], FILTER_SANITIZE_URL) : '';
return empty($uri) ? '/' : $uri;
}

In the example setup (privatebin.net) the API endpoint is at / and PHP's JSON serializer chooses to be a bit more strict and escapes the slash (see JSON spec, search for "escape"), hence the url getting encoded as \/?[id].

@nain-F49FF806
Copy link
Author

Is this perhaps for a case where the post API endpoint is different from the get API endpoint?

If not, doesn't the paste poster already know the path of the API endpoint when they are making the post request?
Given the API endpoint (1) (known while making post) and this API (2) I don't see how this URL property adds any new information. The client can construct the full url from those pieces (1,2) of info already. Am I missing something?

Also, when making comments, the "url" returned is currently misleading, yes? Because going to that url doesn't really give back the comment.

@elrido
Copy link
Contributor

elrido commented May 1, 2024

The API endpoint is always the same (including for human visitors - the only difference is the non-default, server side yourls-proxy). The difference lies in the different payloads and HTTP request types.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question/support
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@elrido @nain-F49FF806