phorkie 0.5 supports paste embedding

I've just released my self-hosted git-based pastebin software phorkie in version 0.5.0. It brings compatibility with ElasticSearch 1.3, single file editing, automatic login and paste embedding via JavaScript and oEmbed.

Single file editing

I have some pastes with many files that I edit regularly. Instead of having to edit all of them, each file has an edit button now.

Automatic login

Your login status in phorkie was bound to the PHP session ID. Session data often get cleaned up automatically; on Debian systems every two hours. So if you came back to phorkie after 3 hours, you were logged out.

A solution to this problem is a "stay logged in" cookie, but getting it right is hard . Cookie theft, cookie invalidation and concurrent logins are among the problems you have to solve.

So instead of doing all the work myself, I chose to utilize an OpenID feature dubbed Immediate Requests . If you use automatic login with your OpenID provider, you'll be automatically logged into phorkie now - without having to visit the login page at all.

Asynchronous autologin

The classic immediate request implementation is as follows:

  1. user requests page from phorkie
  2. phorkie redirects user to OpenID provider
  3. OpenID provider redirects user to phorkie
  4. phorkie returns HTML to user

The problem with this approach is that the user cannot use phorkie if the OpenID provider is down since the redirect to the provider will time out. Even network problems to or capacity problems at the OpenID provider will lead to noticably increased page loading times at phorkie. This is of course not acceptable for a decentralized tool, so I implemented it differently:

  1. user requests page from phorkie
  2. phorkie returns anonymous HTML to user
  3. user browser loads hidden iframe from phorkie
  4. phorkie redirects user to OpenID provider
  5. OpenID provider redirects user to phorkie
  6. phorkie returns javascript code to user
  7. user browser displays login message

The user can directly start pasting or navigating with phorkie after step 2, without having to wait. The rest of the process happens asynchronously in a hidden iframe, and the user is notified when the login was successful:

phorkie does not automatically reload the page since the user could be writing a paste at that time. When the user clicks "Create" he is authenticated already and the paste gets created in his name.

Paste embedding

I've seen a couple of blogs that embed gists in their blog posts to get syntax highlighting for their code - just because their blogging system does not support it. phorkie 0.5.0 supports paste embedding; both full embeds with all files or single file embeds.

Github gist embeds do not work with XHTML pages that are served with a MIME type of application/xhtml+xml, becausedocument.write does not exist in this browser rendering mode.

phorkie embeds do work with XHTML pages by executing element.insertAdjacentHTML() on the script tag itself. Addressing the current script tag is made via document.getElementById() and an ID attribute on the script tag. document.currentScript() would spared the ID attribute, but does not work on Internet Explorer up to version 11.


The technical explanation for oEmbed is: A standard that allows implementing clients to embed the content of supporting providers.

The non-technical explanation is: Paste the URL of a Tweet or a Youtube video, and your blog/CMS automagically embeds the tweet or the video into your post. You don't have to do anything, not even copy and paste the "embed HTML code".

phorkie does support oEmbed and oEmbed autodiscovery now.


Wordpress supports oEmbed since version 2.9 which was released in december 2009.

It uses an internal whitelist to prevent executing malicious code in your wordpress admin context . This means that phorkie URLs will not work automatically in Wordpress; you have to whitelist it.

Either install and enable the Enable oEmbed Discovery plugin, or adjust and add the following line to your wp-config.php file:

    '*', '', false

Unfortunately this will not work. During testing I found two bugs in the discovery process ( #31212, #31213) that I could provide patches for. Discovery works now, Wordpress 4.1 embeds pastes but removes all newlines, which is tragic on <pre> tags: #31214.

So until those three bugs are fixed in Wordpress core, you can't embed phorkie pastes with oEmbed in Wordpress but have to rely on the JavaScript embed code.

Update 2015-02-13

Scott Taylor applied my patches and fixed the third problem himself in Wordpress core. Wordpress 4.2 will contain the fixes!

If you want to test it with a local phorkie installation, you have to install WP Allow Hosts and white-list the URL of your phorkie installation - because internal URLs (127.x, 192.x, etc.) are forbidden by default.


PEAR has an oEmbed client library Services_oEmbed that you can use for implementing oEmbed in your own tools.

It had the same bug as Wordpress and did not decode HTML entities in URLs , but that will be fixed soon in the next release.

Update 2015-02-13

I've released Services_oEmbed version 0.2.1 which fixes the bug.

Get it

phorkie's .phar and .tar.bz2 release files are available on it's homepage.

The source code can be found on my git server and github.

Happy forking!

Written by Christian Weiske.

Comments? Please send an e-mail.