Merge branch 'master-1.3.4' into chapril-1.3.4

2020-04-12 16:32:31 +02:00 · 2020-04-12 16:32:31 +02:00 · 27b942199a
parent 2acf7e8263 11e062207c
commit 27b942199a
35 changed files with 220 additions and 158 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,10 +1,21 @@
 # PrivateBin version history
  * **1.4 (not yet released)**
  * **1.3.4 (2020-03-22)**
    * CHANGED: Minimum required PHP version is 5.6, due to a change in the identicon library and to use php's native hash_equals()
    * CHANGED: Upgrading libraries to: identicon 2.0.0
    * FIXED: Support custom expiration options in email function (#586)
    * FIXED: Regression with encoding of HTML entities (#588)
    * FIXED: Unable to paste password on paste with attachment (#565 & #595)
  * **1.3.3 (2020-02-16)**
    * CHANGED: Upgrading libraries to: DOMpurify 2.0.8
    * CHANGED: Several translations got updated with missing messages
    * CHANGED: Introduce HTML entity encoding on server side (#581)
    * FIXED: HTML entity double encoding issues introduced in 1.3.2 (#560)
  * **1.2.3 (2020-02-16)**
    * CHANGED: Upgrading libraries to: DOMpurify 2.0.8
    * CHANGED: Introduce HTML entity encoding on server side (#581)
    * FIXED: HTML entity double encoding issues introduced in 1.3.2 (#560)
  * **1.3.2 (2020-01-11)**
    * ADDED: Translation for Ukrainian (#533)
    * ADDED: Option to send a mail with the link, when creating a paste (#398)
--- a/INSTALL.md
+++ b/INSTALL.md
@ -187,7 +187,7 @@ CREATE INDEX parent ON prefix_comment(pasteid);
 CREATE TABLE prefix_config (
    id CHAR(16) NOT NULL, value TEXT, PRIMARY KEY (id)
 );
-INSERT INTO prefix_config VALUES('VERSION', '1.3.3');
+INSERT INTO prefix_config VALUES('VERSION', '1.3.4');
 ```
 In **PostgreSQL**, the data, attachment, nickname and vizhash columns needs to be TEXT and not BLOB or MEDIUMBLOB.
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
 # [![PrivateBin](https://cdn.rawgit.com/PrivateBin/assets/master/images/preview/logoSmall.png)](https://privatebin.info/)
-*Current version: 1.3.3*
+*Current version: 1.3.4*
 **PrivateBin** is a minimalist, open source online [pastebin](https://en.wikipedia.org/wiki/Pastebin)
 where the server has zero knowledge of pasted data.
--- a/SECURITY.md
+++ b/SECURITY.md
@ -4,8 +4,8 @@
 | Version | Supported          |
 | ------- | ------------------ |
-| 1.3.3   | :heavy_check_mark: |
+| 1.3.4   | :heavy_check_mark: |
-| < 1.3.3 | :x:                |
+| < 1.3.4 | :x:                |
 ## Reporting a Vulnerability
--- a/css/bootstrap/privatebin.css
+++ b/css/bootstrap/privatebin.css
@ -6,7 +6,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 body {
--- a/css/noscript.css
+++ b/css/noscript.css
@ -6,7 +6,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 /* When there is no script at all other */
--- a/css/privatebin.css
+++ b/css/privatebin.css
@ -6,7 +6,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 /*  CSS Reset from YUI 3.4.1 (build 4118) - Copyright 2011 Yahoo! Inc. All rights reserved.
--- a/i18n/de.json
+++ b/i18n/de.json
@ -172,9 +172,9 @@
    "Notice:":
        "Hinweis:",
    "This link will expire after %s.":
-        "Dieser Link wird in %s ablaufen.",
+        "Dieser Link wird um %s ablaufen.",
    "This link can only be accessed once, do not use back or refresh button in your browser.":
-        "Dieser Link kann nur einmal geöffnet werden, verwende nicht den \"Zurück\" oder \"Neu laden\" Knopf Deines Browsers.",
+        "Dieser Link kann nur einmal geöffnet werden, verwende nicht den Zurück- oder Neu-laden-Knopf Deines Browsers.",
    "Link:":
        "Link:",
    "Recipient may become aware of your timezone, convert time to UTC?":
--- a/index.php
+++ b/index.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 // change this, if your php files and data is outside of your webservers document root
--- a/js/privatebin.js
+++ b/js/privatebin.js
@ -6,7 +6,7 @@
 * @see       {@link https://github.com/PrivateBin/PrivateBin}
 * @copyright 2012 Sébastien SAUVAGE ({@link http://sebsauvage.net})
 * @license   {@link https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License}
- * @version   1.3.3
+ * @version   1.3.4
 * @name      PrivateBin
 * @namespace
 */
@ -209,6 +209,64 @@ jQuery.PrivateBin = (function($, RawDeflate) {
            '=': '&#x3D;'
        };
        /**
         * number of seconds in a minute
         *
         * @name Helper.minute
         * @private
         * @enum   {number}
         * @readonly
         */
        const minute = 60;
        /**
         * number of seconds in an hour
         *
         * = 60 * 60 seconds
         *
         * @name Helper.minute
         * @private
         * @enum   {number}
         * @readonly
         */
        const hour = 3600;
        /**
         * number of seconds in a day
         *
         * = 60 * 60 * 24 seconds
         *
         * @name Helper.day
         * @private
         * @enum   {number}
         * @readonly
         */
        const day = 86400;
        /**
         * number of seconds in a month (30 days, an approximation)
         *
         * = 60 * 60 * 24 * 30 seconds
         *
         * @name Helper.month
         * @private
         * @enum   {number}
         * @readonly
         */
        const month = 2592000;
        /**
         * number of seconds in a non-leap year
         *
         * = 60 * 60 * 24 * 365 seconds
         *
         * @name Helper.year
         * @private
         * @enum   {number}
         * @readonly
         */
        const year = 31536000;
        /**
         * cache for script location
         *
@ -229,31 +287,67 @@ jQuery.PrivateBin = (function($, RawDeflate) {
        me.secondsToHuman = function(seconds)
        {
            let v;
-            if (seconds < 60)
+            if (seconds < minute)
            {
                v = Math.floor(seconds);
                return [v, 'second'];
            }
-            if (seconds < 60 * 60)
+            if (seconds < hour)
            {
-                v = Math.floor(seconds / 60);
+                v = Math.floor(seconds / minute);
                return [v, 'minute'];
            }
-            if (seconds < 60 * 60 * 24)
+            if (seconds < day)
            {
-                v = Math.floor(seconds / (60 * 60));
+                v = Math.floor(seconds / hour);
                return [v, 'hour'];
            }
            // If less than 2 months, display in days:
-            if (seconds < 60 * 60 * 24 * 60)
+            if (seconds < (2 * month))
            {
-                v = Math.floor(seconds / (60 * 60 * 24));
+                v = Math.floor(seconds / day);
                return [v, 'day'];
            }
-            v = Math.floor(seconds / (60 * 60 * 24 * 30));
+            v = Math.floor(seconds / month);
            return [v, 'month'];
        };
        /**
         * converts a duration string into seconds
         *
         * The string is expected to be optional digits, followed by a time.
         * Supported times are: min, hour, day, month, year, never
         * Examples: 5min, 13hour, never
         *
         * @name Helper.durationToSeconds
         * @function
         * @param  {String} duration
         * @return {number}
         */
        me.durationToSeconds = function(duration)
        {
            let pieces   = duration.split(/\d+/),
                factor   = pieces[0] || 0,
                timespan = pieces[1] || pieces[0];
            switch (timespan)
            {
                case 'min':
                    return factor * minute;
                case 'hour':
                    return factor * hour;
                case 'day':
                    return factor * day;
                case 'month':
                    return factor * month;
                case 'year':
                    return factor * year;
                case 'never':
                    return 0;
                default:
                    return factor;
            }
        };
        /**
         * text range selection
         *
@ -281,7 +375,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
        };
        /**
-         * convert URLs to clickable links.
+         * convert URLs to clickable links in the provided element.
         *
         * URLs to handle:
         * <pre>
@ -292,14 +386,15 @@ jQuery.PrivateBin = (function($, RawDeflate) {
         *
         * @name   Helper.urls2links
         * @function
-         * @param  {string} html
+         * @param  {HTMLElement} element
         * @return {string}
         */
-        me.urls2links = function(html)
+        me.urls2links = function(element)
        {
-            return html.replace(
+            element.html(
-                /(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]*>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
+                element.html().replace(
-                '<a href="$1" rel="nofollow">$1</a>'
+                    /(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
                    '<a href="$1" rel="nofollow">$1</a>'
                )
            );
        };
@ -432,22 +527,10 @@ jQuery.PrivateBin = (function($, RawDeflate) {
         * @return {Date}
         */
        me.calculateExpirationDate = function(initialDate, expirationDisplayStringOrSecondsToExpire) {
-            let expirationDate = new Date(initialDate);
+            let expirationDate      = new Date(initialDate),
-
+                secondsToExpiration = expirationDisplayStringOrSecondsToExpire;
            const expirationDisplayStringToSecondsDict = {
                '5min': 300,
                '10min': 600,
                '1hour': 3500,
                '1day': 86400,
                '1week': 604800,
                '1month': 2592000,
                '1year': 31536000,
                'never': 0
            };
            let secondsToExpiration = expirationDisplayStringOrSecondsToExpire;
            if (typeof expirationDisplayStringOrSecondsToExpire === 'string') {
-                secondsToExpiration = expirationDisplayStringToSecondsDict[expirationDisplayStringOrSecondsToExpire];
+                secondsToExpiration = me.durationToSeconds(expirationDisplayStringOrSecondsToExpire);
            }
            if (typeof secondsToExpiration !== 'number') {
@ -2422,36 +2505,24 @@ jQuery.PrivateBin = (function($, RawDeflate) {
                return;
            }
-            // escape HTML entities, link URLs, sanitize
+            if (format === 'markdown') {
-            const escapedLinkedText = Helper.urls2links(text),
+                const converter = new showdown.Converter({
-                  sanitizedLinkedText = DOMPurify.sanitize(
+                    strikethrough: true,
-                    escapedLinkedText, {
+                    tables: true,
-                        ALLOWED_TAGS: ['a'],
+                    tablesHeaderId: true,
-                        ALLOWED_ATTR: ['href', 'rel']
+                    simplifiedAutoLink: true,
-                    }
+                    excludeTrailingPunctuationFromURLs: true
-                  );
+                });
-            $plainText.html(sanitizedLinkedText);
+                // let showdown convert the HTML and sanitize HTML *afterwards*!
-            $prettyPrint.html(sanitizedLinkedText);
+                $plainText.html(
-
+                    DOMPurify.sanitize(
-            switch (format) {
+                        converter.makeHtml(text)
-                case 'markdown':
+                    )
-                    const converter = new showdown.Converter({
+                );
-                        strikethrough: true,
+                // add table classes from bootstrap css
-                        tables: true,
+                $plainText.find('table').addClass('table-condensed table-bordered');
-                        tablesHeaderId: true,
+            } else {
-                        simplifiedAutoLink: true,
+                if (format === 'syntaxhighlighting') {
                        excludeTrailingPunctuationFromURLs: true
                    });
                    // let showdown convert the HTML and sanitize HTML *afterwards*!
                    $plainText.html(
                        DOMPurify.sanitize(
                            converter.makeHtml(text)
                        )
                    );
                    // add table classes from bootstrap css
                    $plainText.find('table').addClass('table-condensed table-bordered');
                    break;
                case 'syntaxhighlighting':
                    // yes, this is really needed to initialize the environment
                    if (typeof prettyPrint === 'function')
                    {
@ -2459,15 +2530,18 @@ jQuery.PrivateBin = (function($, RawDeflate) {
                    }
                    $prettyPrint.html(
-                        DOMPurify.sanitize(
+                        prettyPrintOne(
-                            prettyPrintOne(escapedLinkedText, null, true)
+                            Helper.htmlEntities(text), null, true
                        )
                    );
-                    // fall through, as the rest is the same
+                } else {
-                default: // = 'plaintext'
+                    // = 'plaintext'
-                    $prettyPrint.css('white-space', 'pre-wrap');
+                    $prettyPrint.text(text);
-                    $prettyPrint.css('word-break', 'normal');
+                }
-                    $prettyPrint.removeClass('prettyprint');
+                Helper.urls2links($prettyPrint);
                $prettyPrint.css('white-space', 'pre-wrap');
                $prettyPrint.css('word-break', 'normal');
                $prettyPrint.removeClass('prettyprint');
            }
        }
@ -3241,14 +3315,8 @@ jQuery.PrivateBin = (function($, RawDeflate) {
            const $commentEntryData = $commentEntry.find('div.commentdata');
            // set & parse text
-            $commentEntryData.html(
+            $commentEntryData.text(commentText);
-                DOMPurify.sanitize(
+            Helper.urls2links($commentEntryData);
                    Helper.urls2links(commentText), {
                        ALLOWED_TAGS: ['a'],
                        ALLOWED_ATTR: ['href', 'rel']
                    }
                )
            );
            // set nickname
            if (nickname.length > 0) {
@ -3379,6 +3447,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
                if (fadeOut === true) {
                    setTimeout(function () {
                        $comment.removeClass('highlight');
                    }, 300);
                }
            };
@ -4181,7 +4250,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
         */
        me.isAttachmentReadonly = function()
        {
-            return $attach.hasClass('hidden');
+            return createButtonsDisplayed && $attach.hasClass('hidden');
        }
        /**
--- a/lib/Configuration.php
+++ b/lib/Configuration.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 namespace PrivateBin;
--- a/lib/Controller.php
+++ b/lib/Controller.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 namespace PrivateBin;
@ -28,14 +28,14 @@ class Controller
     *
     * @const string
     */
-    const VERSION = '1.3.3';
+    const VERSION = '1.3.4';
    /**
     * minimal required PHP version
     *
     * @const string
     */
-    const MIN_PHP_VERSION = '5.5.0';
+    const MIN_PHP_VERSION = '5.6.0';
    /**
     * show the same error message if the paste expired or does not exist
@ -276,9 +276,7 @@ class Controller
                // accessing this method ensures that the paste would be
                // deleted if it has already expired
                $paste->get();
-                if (
+                if (hash_equals($paste->getDeleteToken(), $deletetoken)) {
                    Filter::slowEquals($deletetoken, $paste->getDeleteToken())
                ) {
                    // Paste exists and deletion token is valid: Delete the paste.
                    $paste->delete();
                    $this->_status = 'Paste was properly deleted.';
--- a/lib/Data/AbstractData.php
+++ b/lib/Data/AbstractData.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 namespace PrivateBin\Data;
--- a/lib/Data/Database.php
+++ b/lib/Data/Database.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 namespace PrivateBin\Data;
--- a/lib/Data/Filesystem.php
+++ b/lib/Data/Filesystem.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 namespace PrivateBin\Data;
--- a/lib/Filter.php
+++ b/lib/Filter.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 namespace PrivateBin;
@ -68,23 +68,4 @@ class Filter
        }
        return number_format($size, ($i ? 2 : 0), '.', ' ') . ' ' . I18n::_($iec[$i]);
    }
    /**
     * fixed time string comparison operation to prevent timing attacks
     * https://crackstation.net/hashing-security.htm?=rd#slowequals
     *
     * @access public
     * @static
     * @param  string $a
     * @param  string $b
     * @return bool
     */
    public static function slowEquals($a, $b)
    {
        $diff = strlen($a) ^ strlen($b);
        for ($i = 0; $i < strlen($a) && $i < strlen($b); ++$i) {
            $diff |= ord($a[$i]) ^ ord($b[$i]);
        }
        return $diff === 0;
    }
 }
--- a/lib/FormatV2.php
+++ b/lib/FormatV2.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 namespace PrivateBin;
--- a/lib/I18n.php
+++ b/lib/I18n.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 namespace PrivateBin;
--- a/lib/Json.php
+++ b/lib/Json.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 namespace PrivateBin;
--- a/lib/Model.php
+++ b/lib/Model.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 namespace PrivateBin;
--- a/lib/Model/AbstractModel.php
+++ b/lib/Model/AbstractModel.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 namespace PrivateBin\Model;
--- a/lib/Model/Comment.php
+++ b/lib/Model/Comment.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 namespace PrivateBin\Model;
--- a/lib/Model/Paste.php
+++ b/lib/Model/Paste.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 namespace PrivateBin\Model;
--- a/lib/Persistence/AbstractPersistence.php
+++ b/lib/Persistence/AbstractPersistence.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 namespace PrivateBin\Persistence;
--- a/lib/Persistence/DataStore.php
+++ b/lib/Persistence/DataStore.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.3.4
 */
 namespace PrivateBin\Persistence;
--- a/lib/Persistence/PurgeLimiter.php
+++ b/lib/Persistence/PurgeLimiter.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 namespace PrivateBin\Persistence;
--- a/lib/Persistence/ServerSalt.php
+++ b/lib/Persistence/ServerSalt.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 namespace PrivateBin\Persistence;
--- a/lib/Persistence/TrafficLimiter.php
+++ b/lib/Persistence/TrafficLimiter.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 namespace PrivateBin\Persistence;
--- a/lib/Request.php
+++ b/lib/Request.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 namespace PrivateBin;
--- a/lib/View.php
+++ b/lib/View.php
@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
 */
 namespace PrivateBin;
--- a/lib/Vizhash16x16.php
+++ b/lib/Vizhash16x16.php
@ -8,7 +8,7 @@
 * @link      http://sebsauvage.net/wiki/doku.php?id=php:vizhash_gd
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   0.0.5 beta PrivateBin 1.3.3
+ * @version   0.0.5 beta PrivateBin 1.3.4
 */
 namespace PrivateBin;
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@ -72,7 +72,7 @@ endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.8.js" integrity="sha512-QwcEKGuEmKtMguCO9pqNtUtZqq9b/tJ8gNr5qhY8hykq3zKTlDOvpZAmf6Rs8yH35Bz1ZdctUjj2qEWxT5aXCg==" crossorigin="anonymous"></script>
 		<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-enOoc3FEmX00nbC+28Qrhjc2shbso/DWmeHVbLDy+a0jvXXweYXCr/B1PRqnXJzTBdPqVBYLVM1u6peVlTwNxg==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-+4ay2Dw/9w/DOTutdpoiHvF6RxqV0V8ABSXHlebjGbQ7Td+3If7mOZ5OIu/lWCifcgP6vyhJuiB8+jl8FGtuwg==" crossorigin="anonymous"></script>
 		<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
 		<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
 		<link rel="icon" type="image/png" href="img/favicon-16x16.png?<?php echo rawurlencode($VERSION); ?>" sizes="16x16" />
--- a/tpl/page.php
+++ b/tpl/page.php
@ -50,7 +50,7 @@ endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.8.js" integrity="sha512-QwcEKGuEmKtMguCO9pqNtUtZqq9b/tJ8gNr5qhY8hykq3zKTlDOvpZAmf6Rs8yH35Bz1ZdctUjj2qEWxT5aXCg==" crossorigin="anonymous"></script>
 		<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-enOoc3FEmX00nbC+28Qrhjc2shbso/DWmeHVbLDy+a0jvXXweYXCr/B1PRqnXJzTBdPqVBYLVM1u6peVlTwNxg==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-+4ay2Dw/9w/DOTutdpoiHvF6RxqV0V8ABSXHlebjGbQ7Td+3If7mOZ5OIu/lWCifcgP6vyhJuiB8+jl8FGtuwg==" crossorigin="anonymous"></script>
 		<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
 		<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
 		<link rel="icon" type="image/png" href="img/favicon-16x16.png?<?php echo rawurlencode($VERSION); ?>" sizes="16x16" />
--- a/vendor/yzalis/identicon/src/Identicon/Generator/SvgGenerator.php
+++ b/vendor/yzalis/identicon/src/Identicon/Generator/SvgGenerator.php
@ -46,25 +46,28 @@ class SvgGenerator extends BaseGenerator implements GeneratorInterface
        // prepare image
        $w = $this->getPixelRatio() * 5;
        $h = $this->getPixelRatio() * 5;
-        $svg = '<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="'.$w.'" height="'.$h.'">';
+        $svg = '<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="'.$w.'" height="'.$h.'" viewBox="0 0 5 5">';
-        $backgroundColor = '#FFFFFF';
+        $backgroundColor = '#FFF';
        $rgbBackgroundColor = $this->getBackgroundColor();
        if (!is_null($rgbBackgroundColor)) {
            $backgroundColor = $this->_toUnderstandableColor($rgbBackgroundColor);
        }
        $svg .= '<rect width="'.$w.'" height="'.$h.'" style="fill:'.$backgroundColor.';stroke-width:1;stroke:'.$backgroundColor.'"/>';
-        $rgbColor = $this->_toUnderstandableColor($this->getColor());
+        $svg .= '<rect width="5" height="5" fill="'.$backgroundColor.'" stroke-width="0"/>';
        $rects = [];
        // draw content
        foreach ($this->getArrayOfSquare() as $lineKey => $lineValue) {
            foreach ($lineValue as $colKey => $colValue) {
                if (true === $colValue) {
-                    $svg .= '<rect x="'.$colKey * $this->getPixelRatio().'" y="'.$lineKey * $this->getPixelRatio().'" width="'.($this->getPixelRatio()).'" height="'.$this->getPixelRatio().'" style="fill:'.$rgbColor.';stroke-width:0;"/>';
+                    $rects[] = 'M'.$colKey.','.$lineKey.'h1v1h-1v-1';
                }
            }
        }
        $rgbColor = $this->_toUnderstandableColor($this->getColor());
        $svg .= '<path fill="'.$rgbColor.'" stroke-width="0" d="' . implode('', $rects) . '"/>';
        $svg .= '</svg>';
        $this->generatedImage = $svg;
@ -80,7 +83,7 @@ class SvgGenerator extends BaseGenerator implements GeneratorInterface
    protected function _toUnderstandableColor($color)
    {
        if (is_array($color)) {
-            return 'rgb('.implode(', ', $color).')';
+            return sprintf('#%X%X%X', $color[0], $color[1], $color[2]);
        }
        return $color;
--- a/vendor/yzalis/identicon/src/Identicon/Identicon.php
+++ b/vendor/yzalis/identicon/src/Identicon/Identicon.php
@ -46,10 +46,10 @@ class Identicon
    /**
     * Display an Identicon image.
     *
-     * @param string $string
+     * @param string       $string
-     * @param int    $size
+     * @param int          $size
-     * @param string $color
+     * @param string|array $color
-     * @param string $backgroundColor
+     * @param string       $backgroundColor
     */
    public function displayImage($string, $size = 64, $color = null, $backgroundColor = null)
    {
@ -60,10 +60,10 @@ class Identicon
    /**
     * Get an Identicon PNG image data.
     *
-     * @param string $string
+     * @param string       $string
-     * @param int    $size
+     * @param int          $size
-     * @param string $color
+     * @param string|array $color
-     * @param string $backgroundColor
+     * @param string       $backgroundColor
     *
     * @return string
     */
@ -75,10 +75,10 @@ class Identicon
    /**
     * Get an Identicon PNG image resource.
     *
-     * @param string $string
+     * @param string       $string
-     * @param int    $size
+     * @param int          $size
-     * @param string $color
+     * @param string|array $color
-     * @param string $backgroundColor
+     * @param string       $backgroundColor
     *
     * @return string
     */
@ -90,10 +90,10 @@ class Identicon
    /**
     * Get an Identicon PNG image data as base 64 encoded.
     *
-     * @param string $string
+     * @param string       $string
-     * @param int    $size
+     * @param int          $size
-     * @param string $color
+     * @param string|array $color
-     * @param string $backgroundColor
+     * @param string       $backgroundColor
     *
     * @return string
     */
@ -101,13 +101,13 @@ class Identicon
    {
        return sprintf('data:%s;base64,%s', $this->generator->getMimeType(), base64_encode($this->getImageData($string, $size, $color, $backgroundColor)));
    }
-	
+
 	/**
 	 * Get the color of the Identicon
     *
     * Returns an array with RGB values of the Identicon's color. Colors may be NULL if no image has been generated
     * so far (e.g., when calling the method on a new Identicon()).
-	 * 
+	 *
 	 * @return array
 	 */
 	public function getColor()