diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 00000000..a0c531ee --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,50 @@ +{ + "name": "PHP", + "image": "mcr.microsoft.com/devcontainers/php", + "customizations": { + "vscode": { + "extensions": [ + "github.codespaces", + // PHP from https://github.com/devcontainers/templates/tree/main/src/php + "xdebug.php-debug", + "bmewburn.vscode-intelephense-client", + "xdebug.php-pack", + // PHP + "DEVSENSE.phptools-vscode", + "DEVSENSE.composer-php-vscode", + // linting + "EditorConfig.EditorConfig", + "dbaeumer.vscode-eslint", + "raymondcamden.CSSLint", + // testing + "maty.vscode-mocha-sidebar" + ] + }, + "codespaces": { + "openFiles": [ + "README.md", + "doc/README.md" + ], + "repositories": { + "PrivateBin/*": { + "permissions": { + "pull_requests": "write" + } + } + } + } + }, + "features": { + "ghcr.io/devcontainers-contrib/features/mocha:2": {} + }, + "forwardPorts": [ + 8080 + ], + "postCreateCommand": [ + "composer install --no-dev --optimize-autoloader", + "sudo chmod a+x \"$(pwd)\" && sudo rm -rf /var/www/html && sudo ln -s \"$(pwd)\" /var/www/html", + "npm install --global nyc" + ], + // alternatiuve: apache2ctl start (but requires root) + "postAttachCommand": "php -S 0.0.0.0:8080" +} diff --git a/.gitattributes b/.gitattributes index c01ff779..28fc0f26 100644 --- a/.gitattributes +++ b/.gitattributes @@ -2,6 +2,7 @@ bin/configuration-test-generator export-ignore bin/icon-test export-ignore doc/ export-ignore tst/ export-ignore +i18n/en.json export-ignore img/browserstack.svg export-ignore js/.istanbul.yml export-ignore js/.nycrc.yml export-ignore @@ -9,6 +10,7 @@ js/common.js export-ignore js/test/ export-ignore .codeclimate.yml export-ignore .csslintrc export-ignore +.devcontainer export-ignore .editorconfig export-ignore .eslintignore export-ignore .eslintrc export-ignore @@ -21,6 +23,7 @@ js/test/ export-ignore .scrutinizer.yml export-ignore .styleci.yml export-ignore .travis.yml export-ignore +.vscode export-ignore codacy-analysis.yml export-ignore crowdin.yml export-ignore composer.json export-ignore diff --git a/.github/DISCUSSION_TEMPLATE/q-a.yml b/.github/DISCUSSION_TEMPLATE/q-a.yml index cf02916f..106739c3 100644 --- a/.github/DISCUSSION_TEMPLATE/q-a.yml +++ b/.github/DISCUSSION_TEMPLATE/q-a.yml @@ -1,62 +1,90 @@ -title: "[Question and support] " labels: ["question/support"] body: - type: markdown attributes: value: | - Describe the problem/question: A clear and concise description of what the problem/issue or question is. - - type: checkboxes + ## Thanks for taking the time to fill out this form! + - type: textarea + id: description attributes: - label: Please tick this to confirm + label: Describe the problem/question + description: A clear and concise description of what the problem/issue or question is. + validations: + required: true + - type: checkboxes + id: readed-faq + attributes: + label: Did you use the FAQ section? + description: Have you read [the FAQ](https://github.com/PrivateBin/PrivateBin/wiki/FAQ)? options: - label: Yes, I have read [the FAQ](https://github.com/PrivateBin/PrivateBin/wiki/FAQ) and I found no solution/answer there. - - type: markdown + required: true + - type: textarea + id: what_you_did attributes: + label: What you did? + description: Tell us how to reproduce the problem. value: | - ## What you did - Tell us how to reproduce the problem. - 1. 2. + ... + validations: + required: true - type: textarea id: what_happens attributes: label: What happens + placeholder: Tell us what you see! - type: textarea id: what_should_happen attributes: label: What should happen + placeholder: Tell us what you want to see! - type: textarea id: additional_info attributes: label: Additional information - description: If you have access to the server log files, copy them here. + description: E.g. if you have access to the server log files, copy them here. Or copy the browser console content, if appropiate. - type: input id: server_address attributes: label: Server address + description: The instance of PrivateBin, where you experience the issue. + placeholder: e.g. https://privatebin.net - type: input id: server_os attributes: label: Server OS + placeholder: e.g. Ubuntu - type: input id: webserver attributes: label: Webserver - - type: input - id: browser - attributes: - label: Browser + placeholder: e.g. Apache - type: input id: privatebin_version attributes: label: PrivateBin version - - type: radio + description: The PrivateBin version, where you experience the issue. It is e.g. shown at the bottom left in the web interface. + placeholder: e.g. v1.5.2 + - type: input + id: browser + attributes: + label: Browser and version + placeholder: e.g. Firefox v116.3.0 (desktop) + - type: input + id: client + attributes: + label: Local operating system and version + placeholder: e.g. Windows 10 + - type: dropdown id: reproduce_issue attributes: - label: I can reproduce this issue on [https://privatebin.net](https://privatebin.net) + label: Issue reproducibility + description: Can you reproduce this issue on [https://privatebin.net](https://privatebin.net)? options: - - label: Yes - value: Yes - - label: No - value: No + - "No, I cannot reproduce it on https://privatebin.net." + - "Yes, reproducible on https://privatebin.net." + default: 0 + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index c43420c6..722efc40 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -10,7 +10,10 @@ assignees: '' -<-- Describe the bug: A clear and concise description of what the bug is. --> +**Did you use the FAQ section?** +- [ ] Yes, I have read [the FAQ](https://github.com/PrivateBin/PrivateBin/wiki/FAQ) and I found no solution/answer there. + + ## Steps to reproduce diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 53c2d8ac..5e2d8d5a 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -6,7 +6,4 @@ contact_links: - name: Problem with the container image url: https://github.com/PrivateBin/docker-nginx-fpm-alpine/issues/new about: Please report all problems that apply only(!) to the official (Docker) image “docker-nginx-fpm-alpine” here. - - name: Security issue - url: https://github.com/PrivateBin/PrivateBin/security/policy - about: Please report security vulnerabilities and other security issues here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index b12823f0..81eeb2d8 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -9,11 +9,11 @@ assignees: '' ## The problem -<-- Is your feature request related to a problem? Please describe. + ## The solution -<-- A clear and concise description of what you want to happen. Pitch your solution! What would happen, if we don't implement this? --> + ## Alternatives diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6dc09465..d0c0c63e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -33,7 +33,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/shiftleft-analysis.yml b/.github/workflows/shiftleft-analysis.yml deleted file mode 100644 index 56d24520..00000000 --- a/.github/workflows/shiftleft-analysis.yml +++ /dev/null @@ -1,35 +0,0 @@ -# This workflow integrates Scan with GitHub's code scanning feature -# Scan is a free open-source security tool for modern DevOps teams from ShiftLeft -# Visit https://slscan.io/en/latest/integrations/code-scan for help -name: SL Scan - -on: - push: - branches: [ master ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ master ] - schedule: - - cron: '16 22 * * 4' - -jobs: - Scan-Build: - # Scan runs on ubuntu, mac and windows - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - # potentially add composer install steo here - - name: Perform Scan - uses: ShiftLeftSecurity/scan-action@master - env: - WORKSPACE: "" - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SCAN_AUTO_BUILD: true - with: - output: reports - # Scan auto-detects the languages. - - - name: Upload report - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: reports diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 42024705..7cba1864 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -13,7 +13,7 @@ jobs: snyk-php: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install Google Cloud Storage run: composer require --no-update google/cloud-storage && composer update --no-dev - name: Run Snyk to check for vulnerabilities diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 9b5320b8..c023edfd 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Validate composer.json and composer.lock run: composer validate - name: Install dependencies @@ -29,7 +29,7 @@ jobs: # let's get started! - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 # cache PHP extensions - name: Setup cache environment @@ -99,7 +99,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Node uses: actions/setup-node@v3 diff --git a/.vscode/extensions.json b/.vscode/extensions.json new file mode 100644 index 00000000..eea5315d --- /dev/null +++ b/.vscode/extensions.json @@ -0,0 +1,7 @@ +{ + "recommendations": [ + "recca0120.vscode-phpunit", + "onecentlin.phpunit-snippets", + "devsense.profiler-php-vscode" + ] +} diff --git a/.vscode/launch.json b/.vscode/launch.json new file mode 100644 index 00000000..e62f41ff --- /dev/null +++ b/.vscode/launch.json @@ -0,0 +1,35 @@ +{ + "version": "0.2.0", + "configurations": [ + { + "name": "Launch built-in server and debug", + "type": "php", + "request": "launch", + "runtimeArgs": [ + "-S", + "localhost:8000", + "-t", + "." + ], + "port": 9003, + "serverReadyAction": { + "action": "openExternally" + } + }, + { + "name": "Debug current script in console", + "type": "php", + "request": "launch", + "program": "${file}", + "cwd": "${fileDirname}", + "externalConsole": false, + "port": 9003 + }, + { + "name": "Listen for Xdebug", + "type": "php", + "request": "launch", + "port": 9003 + } + ] +} diff --git a/CHANGELOG.md b/CHANGELOG.md index 1619fe0c..7b0cf47a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,12 @@ # PrivateBin version history - * **1.6.0 (not yet released)** + * **1.6.1 (not yet released)** + * ADDED: Right-To-Left (RTL) support for Arabic & Hebrew (#1174) + * **1.6.0 (2023-09-11)** * ADDED: Translations for Japanese & Arabic + * ADDED: Configuration option to disable Email button (#1164) * CHANGED: Minimum required PHP version is 7.3, due to upgrading PHPunit (#707) + * CHANGED: Removed PHP 5 polyfill for random_bytes() * **1.5.2 (2023-07-09)** * ADDED: Allow AWS SDK to use default credential provider chain for S3Storage (#1070) * CHANGED: Upgrading libraries to: DOMpurify 3.0.4 & jQuery 3.7.0 diff --git a/Makefile b/Makefile index d94a0a95..7807108b 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ .PHONY: all coverage coverage-js coverage-php doc doc-js doc-php increment sign test test-js test-php help -CURRENT_VERSION = 1.5.2 -VERSION ?= 1.5.3 +CURRENT_VERSION = 1.6.0 +VERSION ?= 1.6.1 VERSION_FILES = index.php bin/ cfg/ *.md doc/Installation.md css/ i18n/ img/ js/package.json js/privatebin.js lib/ Makefile tpl/ tst/ REGEX_CURRENT_VERSION := $(shell echo $(CURRENT_VERSION) | sed "s/\./\\\./g") REGEX_VERSION := $(shell echo $(VERSION) | sed "s/\./\\\./g") diff --git a/README.md b/README.md index c14259ce..4673a246 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # [![PrivateBin](https://cdn.rawgit.com/PrivateBin/assets/master/images/preview/logoSmall.png)](https://privatebin.info/) -*Current version: 1.5.2* +*Current version: 1.6.0* **PrivateBin** is a minimalist, open source online [pastebin](https://en.wikipedia.org/wiki/Pastebin) diff --git a/SECURITY.md b/SECURITY.md index df38d610..92f05f9c 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,8 +4,8 @@ | Version | Supported | | ------- | ------------------ | -| 1.5.2 | :heavy_check_mark: | -| < 1.5.2 | :x: | +| 1.6.0 | :heavy_check_mark: | +| < 1.6.0 | :x: | ## Reporting a Vulnerability diff --git a/bin/administration b/bin/administration index 76076dfe..062d33aa 100755 --- a/bin/administration +++ b/bin/administration @@ -9,7 +9,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin; diff --git a/cfg/conf.sample.php b/cfg/conf.sample.php index 09bb9e19..8c8eeb6a 100644 --- a/cfg/conf.sample.php +++ b/cfg/conf.sample.php @@ -65,6 +65,10 @@ languageselection = false ; It works both when a new paste is created and when you view a paste. ; qrcode = true +; (optional) Let users send an email sharing the paste URL with one click. +; It works both when a new paste is created and when you view a paste. +; email = true + ; (optional) IP based icons are a weak mechanism to detect if a comment was from ; a different user when the same username was used in a comment. It might get ; used to get the IP of a comment poster if the server salt is leaked and a diff --git a/composer.lock b/composer.lock index 9ef854e6..6a79f269 100644 --- a/composer.lock +++ b/composer.lock @@ -316,16 +316,16 @@ }, { "name": "nikic/php-parser", - "version": "v4.16.0", + "version": "v4.17.1", "source": { "type": "git", "url": "https://github.com/nikic/PHP-Parser.git", - "reference": "19526a33fb561ef417e822e85f08a00db4059c17" + "reference": "a6303e50c90c355c7eeee2c4a8b27fe8dc8fef1d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/19526a33fb561ef417e822e85f08a00db4059c17", - "reference": "19526a33fb561ef417e822e85f08a00db4059c17", + "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/a6303e50c90c355c7eeee2c4a8b27fe8dc8fef1d", + "reference": "a6303e50c90c355c7eeee2c4a8b27fe8dc8fef1d", "shasum": "" }, "require": { @@ -366,9 +366,9 @@ ], "support": { "issues": "https://github.com/nikic/PHP-Parser/issues", - "source": "https://github.com/nikic/PHP-Parser/tree/v4.16.0" + "source": "https://github.com/nikic/PHP-Parser/tree/v4.17.1" }, - "time": "2023-06-25T14:52:30+00:00" + "time": "2023-08-13T19:53:39+00:00" }, { "name": "phar-io/manifest", @@ -483,16 +483,16 @@ }, { "name": "phpunit/php-code-coverage", - "version": "9.2.26", + "version": "9.2.29", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/php-code-coverage.git", - "reference": "443bc6912c9bd5b409254a40f4b0f4ced7c80ea1" + "reference": "6a3a87ac2bbe33b25042753df8195ba4aa534c76" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/443bc6912c9bd5b409254a40f4b0f4ced7c80ea1", - "reference": "443bc6912c9bd5b409254a40f4b0f4ced7c80ea1", + "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/6a3a87ac2bbe33b25042753df8195ba4aa534c76", + "reference": "6a3a87ac2bbe33b25042753df8195ba4aa534c76", "shasum": "" }, "require": { @@ -548,7 +548,8 @@ ], "support": { "issues": "https://github.com/sebastianbergmann/php-code-coverage/issues", - "source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.26" + "security": "https://github.com/sebastianbergmann/php-code-coverage/security/policy", + "source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.29" }, "funding": [ { @@ -556,7 +557,7 @@ "type": "github" } ], - "time": "2023-03-06T12:58:08+00:00" + "time": "2023-09-19T04:57:46+00:00" }, { "name": "phpunit/php-file-iterator", @@ -801,16 +802,16 @@ }, { "name": "phpunit/phpunit", - "version": "9.6.10", + "version": "9.6.13", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/phpunit.git", - "reference": "a6d351645c3fe5a30f5e86be6577d946af65a328" + "reference": "f3d767f7f9e191eab4189abe41ab37797e30b1be" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/a6d351645c3fe5a30f5e86be6577d946af65a328", - "reference": "a6d351645c3fe5a30f5e86be6577d946af65a328", + "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/f3d767f7f9e191eab4189abe41ab37797e30b1be", + "reference": "f3d767f7f9e191eab4189abe41ab37797e30b1be", "shasum": "" }, "require": { @@ -825,7 +826,7 @@ "phar-io/manifest": "^2.0.3", "phar-io/version": "^3.0.2", "php": ">=7.3", - "phpunit/php-code-coverage": "^9.2.13", + "phpunit/php-code-coverage": "^9.2.28", "phpunit/php-file-iterator": "^3.0.5", "phpunit/php-invoker": "^3.1.1", "phpunit/php-text-template": "^2.0.3", @@ -884,7 +885,7 @@ "support": { "issues": "https://github.com/sebastianbergmann/phpunit/issues", "security": "https://github.com/sebastianbergmann/phpunit/security/policy", - "source": "https://github.com/sebastianbergmann/phpunit/tree/9.6.10" + "source": "https://github.com/sebastianbergmann/phpunit/tree/9.6.13" }, "funding": [ { @@ -900,7 +901,7 @@ "type": "tidelift" } ], - "time": "2023-07-10T04:04:23+00:00" + "time": "2023-09-19T05:39:22+00:00" }, { "name": "sebastian/cli-parser", @@ -1408,16 +1409,16 @@ }, { "name": "sebastian/global-state", - "version": "5.0.5", + "version": "5.0.6", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/global-state.git", - "reference": "0ca8db5a5fc9c8646244e629625ac486fa286bf2" + "reference": "bde739e7565280bda77be70044ac1047bc007e34" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/global-state/zipball/0ca8db5a5fc9c8646244e629625ac486fa286bf2", - "reference": "0ca8db5a5fc9c8646244e629625ac486fa286bf2", + "url": "https://api.github.com/repos/sebastianbergmann/global-state/zipball/bde739e7565280bda77be70044ac1047bc007e34", + "reference": "bde739e7565280bda77be70044ac1047bc007e34", "shasum": "" }, "require": { @@ -1460,7 +1461,7 @@ ], "support": { "issues": "https://github.com/sebastianbergmann/global-state/issues", - "source": "https://github.com/sebastianbergmann/global-state/tree/5.0.5" + "source": "https://github.com/sebastianbergmann/global-state/tree/5.0.6" }, "funding": [ { @@ -1468,7 +1469,7 @@ "type": "github" } ], - "time": "2022-02-14T08:28:10+00:00" + "time": "2023-08-02T09:26:13+00:00" }, { "name": "sebastian/lines-of-code", diff --git a/css/bootstrap/privatebin.css b/css/bootstrap/privatebin.css index 04afbebd..6b376019 100644 --- a/css/bootstrap/privatebin.css +++ b/css/bootstrap/privatebin.css @@ -6,7 +6,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ body { @@ -113,6 +113,7 @@ body.loading { #qrcodemodalClose { float: right; } + #qrcode-display { width: 200px; height: 200px; @@ -205,3 +206,23 @@ li.L0, li.L1, li.L2, li.L3, li.L5, li.L6, li.L7, li.L8 { .modal .modal-content button { margin: 0.5em 0; } + +/* right-to-left overrides */ +html[dir="rtl"] .checkbox label { + padding-left: inherit; + padding-right: 20px; +} + +html[dir="rtl"] .checkbox input[type="checkbox"] { + margin-left: inherit; + margin-right: -20px; +} + +html[dir="rtl"] #language { + margin-left: inherit; + margin-right: 8px; +} + +html[dir="rtl"] #deletelink, html[dir="rtl"] #qrcodemodalClose { + float: left; +} diff --git a/css/noscript.css b/css/noscript.css index 207a71e7..07a1ffef 100644 --- a/css/noscript.css +++ b/css/noscript.css @@ -6,7 +6,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ /* When there is no script at all other */ diff --git a/css/privatebin.css b/css/privatebin.css index cfe48462..231dbd23 100644 --- a/css/privatebin.css +++ b/css/privatebin.css @@ -6,7 +6,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ /* CSS Reset from YUI 3.4.1 (build 4118) - Copyright 2011 Yahoo! Inc. All rights reserved. @@ -261,6 +261,7 @@ button img { #newbutton { float: right; + margin-left: 0; margin-right: 0; margin-bottom: 5px; display: inline; @@ -488,3 +489,17 @@ img.vizhash { #cleartext h3 { font-size: 1.2em; } + +/* right-to-left overrides */ +html[dir="rtl"] #aboutbox, html[dir="rtl"] #deletelink, html[dir="rtl"] #newbutton { + float: left; +} + +html[dir="rtl"] button, html[dir="rtl"] .button, html[dir="rtl"] button img { + margin-left: 5px; + margin-right: inherit; +} + +html[dir="rtl"] button img { + margin-left: 8px; +} diff --git a/doc/Installation.md b/doc/Installation.md index 5319414d..aa152b37 100644 --- a/doc/Installation.md +++ b/doc/Installation.md @@ -13,10 +13,11 @@ mostly safe default configuration, but we urge you to check the **NOTE:** See our [FAQ entry on securely downloading release files](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#how-can-i-securely-clonedownload-your-project) for more information. -**NOTE:** There is a [ansible](https://ansible.com) role by @e1mo available to -install and configure PrivateBin on your server. It's available on -[ansible galaxy](https://galaxy.ansible.com/e1mo/privatebin) -([source code](https://git.sr.ht/~e1mo/ansible-role-privatebin)). +**NOTE:** There are Ansible roles available for installing and configuring PrivateBin on your server. You can choose from the following options: + +- [Podman Rootless - PrivateBin by @voidquark](https://galaxy.ansible.com/voidquark/privatebin) ([Github source code](https://github.com/voidquark/privatebin)): Simplifies the deployment and management of a secure PrivateBin service using a rootless Podman container. Key features include root-less deployment, ensuring security within a user namespace, idempotent deployment for consistent state, out-of-the-box setup for Red Hat systems, and the flexibility to customize PrivateBin configurations. It has been tested on EL9. + +- [Config Configuration - PrivateBin by @e1mo](https://galaxy.ansible.com/e1mo/privatebin) ([Github source code](https://git.sr.ht/~e1mo/ansible-role-privatebin)): Deploy PrivateBin configuration to disk with a customized configuration. ### Minimal Requirements @@ -58,7 +59,7 @@ accessible to your webserver and PHP process (see also In situations where you want to keep the PrivateBin static files separate from the rest of your data, or you want to reuse the installation files on multiple vhosts, you may only want to change the `conf.php`. In this case, you can set the -`CONFIG_PATH` environment variable to the absolute path to the `conf.php` file. +`CONFIG_PATH` environment variable to the absolute path to the directory containing the `conf.php` file. This can be done in your web server's virtual host config, the PHP config, or in the index.php, if you choose to customize it. @@ -67,13 +68,13 @@ wherever it may be. > #### CONFIG_PATH example > Setting the value in an Apache Vhost: -> SetEnv CONFIG_PATH /var/lib/privatebin/conf.php +> SetEnv CONFIG_PATH /var/lib/privatebin/ > > In a php-fpm pool config: -> env[CONFIG_PATH] = /var/lib/privatebin/conf.php +> env[CONFIG_PATH] = /var/lib/privatebin/ > > In the index.php, near the top: -> putenv('CONFIG_PATH=/var/lib/privatebin/conf.php'); +> putenv('CONFIG_PATH=/var/lib/privatebin/'); ### Transport security @@ -200,7 +201,7 @@ CREATE INDEX parent ON prefix_comment(pasteid); CREATE TABLE prefix_config ( id CHAR(16) NOT NULL, value TEXT, PRIMARY KEY (id) ); -INSERT INTO prefix_config VALUES('VERSION', '1.5.2'); +INSERT INTO prefix_config VALUES('VERSION', '1.6.0'); ``` In **PostgreSQL**, the `data`, `attachment`, `nickname` and `vizhash` columns diff --git a/i18n/en.json b/i18n/en.json index 4f5ebb6b..68ff1aae 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -3,7 +3,6 @@ "%s is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted %sin the browser%s using 256 bits AES.": "%s is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted %sin the browser%s using 256 bits AES.", "More information on the project page.": "More information on the project page.", "Because ignorance is bliss": "Because ignorance is bliss", - "en": "en", "Paste does not exist, has expired or has been deleted.": "Paste does not exist, has expired or has been deleted.", "%s requires php %s or above to work. Sorry.": "%s requires php %s or above to work. Sorry.", "%s requires configuration section [%s] to be present in configuration file.": "%s requires configuration section [%s] to be present in configuration file.", diff --git a/index.php b/index.php index 70e5b0d8..b69e8060 100644 --- a/index.php +++ b/index.php @@ -7,7 +7,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ // change this, if your php files and data is outside of your webservers document root diff --git a/js/package.json b/js/package.json index 79b3c429..185e39bd 100644 --- a/js/package.json +++ b/js/package.json @@ -1,6 +1,6 @@ { "name": "privatebin", - "version": "1.5.2", + "version": "1.6.0", "description": "PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bit AES in Galois Counter mode (GCM).", "main": "privatebin.js", "directories": { diff --git a/js/privatebin.js b/js/privatebin.js index bad47cd5..f53e5dfc 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -6,7 +6,7 @@ * @see {@link https://github.com/PrivateBin/PrivateBin} * @copyright 2012 Sébastien SAUVAGE ({@link http://sebsauvage.net}) * @license {@link https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License} - * @version 1.5.2 + * @version 1.6.0 * @name PrivateBin * @namespace */ @@ -790,6 +790,18 @@ jQuery.PrivateBin = (function($, RawDeflate) { return output; }; + /** + * get currently loaded language + * + * @name I18n.getLanguage + * @function + * @return {string} + */ + me.getLanguage = function() + { + return language; + }; + /** * per language functions to use to determine the plural form * @@ -847,7 +859,10 @@ jQuery.PrivateBin = (function($, RawDeflate) { // auto-select language based on browser settings if (newLanguage.length === 0) { - newLanguage = (navigator.language || navigator.userLanguage || 'en').substring(0, 2); + newLanguage = (navigator.language || navigator.userLanguage || 'en'); + if (newLanguage.indexOf('-') > 0) { + newLanguage = newLanguage.split('-')[0]; + } } // if language is already used skip update diff --git a/js/test/I18n.js b/js/test/I18n.js index 0491ad35..32723ecd 100644 --- a/js/test/I18n.js +++ b/js/test/I18n.js @@ -193,10 +193,11 @@ describe('I18n', function () { // mock clean = jsdom('', {cookie: ['lang=' + language]}); $.PrivateBin.I18n.reset(language, require('../../i18n/' + language + '.json')); - var result = $.PrivateBin.I18n.translate('en'), - alias = $.PrivateBin.I18n._('en'); + var loadedLang = $.PrivateBin.I18n.getLanguage(), + result = $.PrivateBin.I18n.translate('Never'), + alias = $.PrivateBin.I18n._('Never'); clean(); - return language === result && language === alias; + return language === loadedLang && result === alias; } ); @@ -216,13 +217,12 @@ describe('I18n', function () { $.PrivateBin.I18n.reset('en'); $.PrivateBin.I18n.loadTranslations(); - var result = $.PrivateBin.I18n.translate('en'), - alias = $.PrivateBin.I18n._('en'); + var result = $.PrivateBin.I18n.translate('Never'), + alias = $.PrivateBin.I18n._('Never'); clean(); - return 'en' === result && 'en' === alias; + return 'Never' === result && 'Never' === alias; } ); }); }); - diff --git a/lib/Configuration.php b/lib/Configuration.php index 523bf289..011e777e 100644 --- a/lib/Configuration.php +++ b/lib/Configuration.php @@ -7,7 +7,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin; @@ -53,6 +53,7 @@ class Configuration 'languagedefault' => '', 'urlshortener' => '', 'qrcode' => true, + 'email' => true, 'icon' => 'identicon', 'cspheader' => 'default-src \'none\'; base-uri \'self\'; form-action \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; frame-ancestors \'none\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads', 'zerobincompatibility' => false, diff --git a/lib/Controller.php b/lib/Controller.php index bb5450ca..40fc8ad4 100644 --- a/lib/Controller.php +++ b/lib/Controller.php @@ -7,7 +7,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin; @@ -28,7 +28,7 @@ class Controller * * @const string */ - const VERSION = '1.5.2'; + const VERSION = '1.6.0'; /** * minimal required PHP version @@ -411,6 +411,7 @@ class Controller $page->assign('EXPIREDEFAULT', $this->_conf->getKey('default', 'expire')); $page->assign('URLSHORTENER', $this->_conf->getKey('urlshortener')); $page->assign('QRCODE', $this->_conf->getKey('qrcode')); + $page->assign('EMAIL', $this->_conf->getKey('email')); $page->assign('HTTPWARNING', $this->_conf->getKey('httpwarning')); $page->assign('HTTPSLINK', 'https://' . $this->_request->getHost() . $this->_request->getRequestUri()); $page->assign('COMPRESSION', $this->_conf->getKey('compression')); diff --git a/lib/Data/AbstractData.php b/lib/Data/AbstractData.php index 2b08f98e..f8636616 100644 --- a/lib/Data/AbstractData.php +++ b/lib/Data/AbstractData.php @@ -7,7 +7,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin\Data; diff --git a/lib/Data/Database.php b/lib/Data/Database.php index a4cd115e..7e14a3ea 100644 --- a/lib/Data/Database.php +++ b/lib/Data/Database.php @@ -7,7 +7,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin\Data; diff --git a/lib/Data/Filesystem.php b/lib/Data/Filesystem.php index b3488a59..2b8240bc 100644 --- a/lib/Data/Filesystem.php +++ b/lib/Data/Filesystem.php @@ -7,7 +7,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin\Data; diff --git a/lib/Data/S3Storage.php b/lib/Data/S3Storage.php index 826db612..18aac907 100644 --- a/lib/Data/S3Storage.php +++ b/lib/Data/S3Storage.php @@ -4,7 +4,7 @@ * * an S3 compatible data backend for PrivateBin with CEPH/RadosGW in mind * see https://docs.ceph.com/en/latest/radosgw/s3/php/ - * based on lib/Data/GoogleCloudStorage.php from PrivateBin version 1.5.2 + * based on lib/Data/GoogleCloudStorage.php from PrivateBin version 1.6.0 * * @link https://github.com/PrivateBin/PrivateBin * @copyright 2022 Felix J. Ogris (https://ogris.de/) diff --git a/lib/Filter.php b/lib/Filter.php index b3346863..101a999d 100644 --- a/lib/Filter.php +++ b/lib/Filter.php @@ -7,7 +7,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin; diff --git a/lib/FormatV2.php b/lib/FormatV2.php index 746e5d05..1ceab4ce 100644 --- a/lib/FormatV2.php +++ b/lib/FormatV2.php @@ -7,7 +7,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin; diff --git a/lib/I18n.php b/lib/I18n.php index 9acea5fd..4da90227 100644 --- a/lib/I18n.php +++ b/lib/I18n.php @@ -7,7 +7,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin; @@ -272,6 +272,18 @@ class I18n return array_intersect_key(self::$_languageLabels, array_flip($languages)); } + /** + * determines if the current language is written right-to-left (RTL) + * + * @access public + * @static + * @return bool + */ + public static function isRtl() + { + return in_array(self::$_language, array('ar', 'he')); + } + /** * set the default language * diff --git a/lib/Json.php b/lib/Json.php index 3fd021e4..913b30ba 100644 --- a/lib/Json.php +++ b/lib/Json.php @@ -7,7 +7,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin; diff --git a/lib/Model.php b/lib/Model.php index e0d7705c..daf92387 100644 --- a/lib/Model.php +++ b/lib/Model.php @@ -7,7 +7,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin; diff --git a/lib/Model/AbstractModel.php b/lib/Model/AbstractModel.php index 8df42cd1..5d4689c6 100644 --- a/lib/Model/AbstractModel.php +++ b/lib/Model/AbstractModel.php @@ -7,7 +7,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin\Model; diff --git a/lib/Model/Comment.php b/lib/Model/Comment.php index fee2e8f1..61c7b34d 100644 --- a/lib/Model/Comment.php +++ b/lib/Model/Comment.php @@ -7,7 +7,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin\Model; diff --git a/lib/Model/Paste.php b/lib/Model/Paste.php index 1c07d07f..dc51b511 100644 --- a/lib/Model/Paste.php +++ b/lib/Model/Paste.php @@ -7,7 +7,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin\Model; diff --git a/lib/Persistence/AbstractPersistence.php b/lib/Persistence/AbstractPersistence.php index 93a5bd27..e4eee82a 100644 --- a/lib/Persistence/AbstractPersistence.php +++ b/lib/Persistence/AbstractPersistence.php @@ -7,7 +7,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin\Persistence; diff --git a/lib/Persistence/PurgeLimiter.php b/lib/Persistence/PurgeLimiter.php index edf792cc..20fde259 100644 --- a/lib/Persistence/PurgeLimiter.php +++ b/lib/Persistence/PurgeLimiter.php @@ -7,7 +7,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin\Persistence; diff --git a/lib/Persistence/ServerSalt.php b/lib/Persistence/ServerSalt.php index 04bd0b48..33ce486c 100644 --- a/lib/Persistence/ServerSalt.php +++ b/lib/Persistence/ServerSalt.php @@ -7,7 +7,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin\Persistence; diff --git a/lib/Persistence/TrafficLimiter.php b/lib/Persistence/TrafficLimiter.php index 861ec78e..ff75388e 100644 --- a/lib/Persistence/TrafficLimiter.php +++ b/lib/Persistence/TrafficLimiter.php @@ -8,7 +8,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin\Persistence; diff --git a/lib/Request.php b/lib/Request.php index bd3d5f8c..41ab53f0 100644 --- a/lib/Request.php +++ b/lib/Request.php @@ -7,7 +7,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin; diff --git a/lib/View.php b/lib/View.php index 8404ecb3..cede95da 100644 --- a/lib/View.php +++ b/lib/View.php @@ -7,7 +7,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin; diff --git a/lib/Vizhash16x16.php b/lib/Vizhash16x16.php index fdcc25bb..5369d3be 100644 --- a/lib/Vizhash16x16.php +++ b/lib/Vizhash16x16.php @@ -8,7 +8,7 @@ * @link https://sebsauvage.net/wiki/doku.php?id=php:vizhash_gd * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 0.0.5 beta PrivateBin 1.5.2 + * @version 0.0.5 beta PrivateBin 1.6.0 */ namespace PrivateBin; diff --git a/lib/YourlsProxy.php b/lib/YourlsProxy.php index 9bc1d184..49493801 100644 --- a/lib/YourlsProxy.php +++ b/lib/YourlsProxy.php @@ -7,7 +7,7 @@ * @link https://github.com/PrivateBin/PrivateBin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 1.5.2 + * @version 1.6.0 */ namespace PrivateBin; diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php index 7d1d1879..b20edcea 100644 --- a/tpl/bootstrap.php +++ b/tpl/bootstrap.php @@ -4,7 +4,7 @@ $isCpct = substr($template, 9, 8) === '-compact'; $isDark = substr($template, 9, 5) === '-dark'; $isPage = substr($template, -5) === '-page'; ?> - +> @@ -73,7 +73,7 @@ endif; ?> - + @@ -144,6 +144,7 @@ if ($QRCODE) : +