diff --git a/CHANGELOG.md b/CHANGELOG.md index 0aae3a3d..341fd6dd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,55 +1,18 @@ # ZeroBin version history # - * **Alpha 0.8 (2012-04-11):** - * Source code not published yet. - * Interface completely redesigned. Icons added. - * Now properly supports IE6/7 (ugly display, but it works. "Clone" button is disabled though.) - * Added one level of depth for storage directories (This is better for higher load servers). - * php version is now checked (min: 5.2.6) - * Better checks on posted json data on server. - * Added "1 year" expiration. - * URLs are now converted to clickable links. This include http, https, ftp and magnet links. - * Clickable links include ''rel="nofollow"'' to discourage SEO. - * On my public service (http://sebsauvage.net/paste/) - * All data will be deleted (you were warned - this is a test service) - * Default paste expiration is now 1 month to prevent clogging-up my host. - * **Alpha 0.9 (2012-04-11):** - * Oh bummer... IE 8 is as shitty as IE6/7: Its does not seem to support ''white-space:pre-wrap'' correctly. I had to activate the special handling mode. I still have to test IE 9. - * **Alpha 0.10 (2012-04-12):** - * IE9 does not seem to correctly support ''pre-wrap'' either. Special handling mode activated for all version of IE<10. (Note: **ALL other browsers** correctly support this feature.) - * **Alpha 0.11 (2012-04-12):** - * Automatically ignore parameters (such as &utm_source=...) added //after// the anchor by some stupid Web 2.0 services. - * First public release. - * **Alpha 0.12 (2012-04-18):** - * **DISCUSSIONS !** Now you can enable discussions on your pastes. Of course, posted comments and nickname are also encrypted and the server cannot see them. - * This feature implies a change in storage format. You will have to delete all previous pastes in your ZeroBin. - * Added [[php:vizhash_gd|Vizhash]] as avatars, so you can match posters IP addresses without revealing them. (Same image = same IP). Of course the IP address cannot be deduced from the Vizhash. - * Remaining time before expiration is now displayed. - * Explicit tags were added to CSS and jQuery selectors (eg. div#aaa instead of #aaa) to speed up browser. - * Better cleaning of the URL (to make sure the key is not broken by some stupid redirection service) - * **Alpha 0.13 (2012-04-18):** - * FIXED: ''imageantialias()'' call removed because it's not really usefull and can be a problem on most hosts (if GD is not compiled in php). - * FIXED: $error not properly initialized in index.php - * **Alpha 0.14 (2012-04-20):** - * ADDED: GD presence is checked. - * CHANGED: Traffic limiter data files moved to data/ (→easier rights management) - * ADDED: "Burn after reading" implemented. Opening the URL will display the paste and immediately destroy it on server. - * **Alpha 0.15 (2012-04-20):** - * FIXED: 2 minor corrections to avoid notices in php log. - * FIXED: Sources converted to UTF-8. - * **Alpha 0.15 (2012-04-20):** - * FIXED: 2 minor corrections to avoid notices in php log. - * FIXED: Sources converted to UTF-8. - * **Alpha 0.16**: - * FIXED minor php warnings. - * FIXED: zerobin.js reformated and properly commented. - * FIXED: Directory structure re-organized. - * CHANGED: URL shortening button was removed. (It was bad for privacy.) - * **Alpha 0.17 (2013-02-23)**: - * ADDED: Deletion URL. - * small refactoring. - * improved regex checks. - * larger server alt on installation. + * **0.20 (2015-09-03)**: + * ADDED: Password protected pastes (optional) + * ADDED: configuration options for highlighting, password, discussions, expiration times, rate limiting + * ADDED: JSON-only retrieval of paste incl. discussion, used to be able to refresh paste when posting a comment + * ADDED: bootstrap CSS based template + * CHANGE: "Burn after reading" pastes are now deleted only after the paste was successfully decrypted via callback. This prevents accidental deletion by chatbots following URLs and the like. Usage of a password is suggested to ensure only the desired recipient is able to encrypt it. + * CHANGE: the "opendiscussion" option now only controls if the discussion checkbox is preselected. Use "discussion = false" to disable the discussion feature completely (which also removes the checkbox from the template). + * FIXING: Behaviour of several conflicting configuration options. As a general measure unit tests for 9 of the options and all their possible configurations were added via a unit test generator. + * updated JS libraries: jquery to 1.11.3, sjcl to 1.0.2, base64.js to 2.1.9, deflate to 0.5, inflate to 0.3 and prettify to latest + * generally improved documentation, both inline phpdoc / JSdoc source code documentation, as well as Wiki pages on installation, configuration, development and JSON-API + * **Alpha 0.19 (2013-07-05)**: + * Corrected XSS security flaw which affected IE<10. Other browsers were not affected. + * Corrected spacing display in IE<10. * **Alpha 0.18 (2013-02-24)**: * ADDED: The resulting URL is automatically selected after pressing "Send". You just have to press CTRL+C. * ADDED: Automatic syntax highlighting for 53 languages using highlight.js @@ -63,7 +26,50 @@ * ADDED: Better json checking (including entropy). * ADDED: Added version to js/css assets URLs in order to prevent some abusive caches to serve an obsolete version of these files when ZeroBin is upgraded. * "Burn after reading" option has been moved out of Expiration combo to a separate checkbox. Reason is: You can prevent a read-once paste to be available ad vitam eternam on the net. - * **Alpha 0.19 (2013-07-05)**: - * Corrected XSS security flaw which affected IE<10. Other browsers were not affected. - * Corrected spacing display in IE<10. - + * **Alpha 0.17 (2013-02-23)**: + * ADDED: Deletion URL. + * small refactoring. + * improved regex checks. + * larger server alt on installation. + * **Alpha 0.16**: + * FIXED minor php warnings. + * FIXED: zerobin.js reformated and properly commented. + * FIXED: Directory structure re-organized. + * CHANGED: URL shortening button was removed. (It was bad for privacy.) + * **Alpha 0.15 (2012-04-20):** + * FIXED: 2 minor corrections to avoid notices in php log. + * FIXED: Sources converted to UTF-8. + * **Alpha 0.14 (2012-04-20):** + * ADDED: GD presence is checked. + * CHANGED: Traffic limiter data files moved to data/ (→easier rights management) + * ADDED: "Burn after reading" implemented. Opening the URL will display the paste and immediately destroy it on server. + * **Alpha 0.13 (2012-04-18):** + * FIXED: ''imageantialias()'' call removed because it's not really usefull and can be a problem on most hosts (if GD is not compiled in php). + * FIXED: $error not properly initialized in index.php + * **Alpha 0.12 (2012-04-18):** + * **DISCUSSIONS !** Now you can enable discussions on your pastes. Of course, posted comments and nickname are also encrypted and the server cannot see them. + * This feature implies a change in storage format. You will have to delete all previous pastes in your ZeroBin. + * Added [[php:vizhash_gd|Vizhash]] as avatars, so you can match posters IP addresses without revealing them. (Same image = same IP). Of course the IP address cannot be deduced from the Vizhash. + * Remaining time before expiration is now displayed. + * Explicit tags were added to CSS and jQuery selectors (eg. div#aaa instead of #aaa) to speed up browser. + * Better cleaning of the URL (to make sure the key is not broken by some stupid redirection service) + * **Alpha 0.11 (2012-04-12):** + * Automatically ignore parameters (such as &utm_source=...) added //after// the anchor by some stupid Web 2.0 services. + * First public release. + * **Alpha 0.10 (2012-04-12):** + * IE9 does not seem to correctly support ''pre-wrap'' either. Special handling mode activated for all version of IE<10. (Note: **ALL other browsers** correctly support this feature.) + * **Alpha 0.9 (2012-04-11):** + * Oh bummer... IE 8 is as shitty as IE6/7: Its does not seem to support ''white-space:pre-wrap'' correctly. I had to activate the special handling mode. I still have to test IE 9. + * **Alpha 0.8 (2012-04-11):** + * Source code not published yet. + * Interface completely redesigned. Icons added. + * Now properly supports IE6/7 (ugly display, but it works. "Clone" button is disabled though.) + * Added one level of depth for storage directories (This is better for higher load servers). + * php version is now checked (min: 5.2.6) + * Better checks on posted json data on server. + * Added "1 year" expiration. + * URLs are now converted to clickable links. This include http, https, ftp and magnet links. + * Clickable links include ''rel="nofollow"'' to discourage SEO. + * On my public service (http://sebsauvage.net/paste/) + * All data will be deleted (you were warned - this is a test service) + * Default paste expiration is now 1 month to prevent clogging-up my host. diff --git a/CREDITS.md b/CREDITS.md index 098261b6..98b2454f 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -6,3 +6,4 @@ Alexey Gladkov - syntax highlighting Greg Knaddison - robots.txt MrKooky - HTML5 markup, CSS cleanup Simon Rupf - MVC refactoring, configuration support and unit tests +Hexalyse - Password protection diff --git a/README.md b/README.md index 6382c7ea..c6304806 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# ZeroBin 0.19 Alpha +# ZeroBin 0.20 ZeroBin is a minimalist, opensource online pastebin where the server has zero knowledge of pasted data. @@ -21,18 +21,18 @@ without loosing any data. - Encryption of data sent to server, even if it does not provide HTTPS. -- Possibility to set a password which is asked when the paste is opened. - It further protects a paste and prevent people stumbling upon your paste's link - from being able to read it without this password. +- Possibility to set a password which is required to read the paste. It further + protects a paste and prevents people stumbling upon your paste's link + from being able to read it without the password. ## What it doesn't provide - As a user you have to trust the server administrator, your internet provider - and any country the traffic passes not to inject any malicious code. + and any country the traffic passes not to inject any malicious javascript code. - The "key" used to encrypt the paste is part of the URL. If you publicly post - a non-passworded paste URL, everybody can read it. Use a password if you want - your paste to be "private". + the URL of a paste that is not password-protected, everybody can read it. + Use a password if you want your paste to be private. - A server admin might be forced to hand over access logs to the authorities. ZeroBin encrypts your text and the discussion contents, but who accessed it @@ -43,14 +43,16 @@ without loosing any data. Some features are optional and can be enabled or disabled in the [configuration file](https://github.com/elrido/ZeroBin/wiki/Configuration): +- Password protection + - Discussions - Expiration times, including a "forever" and "burn after reading" option - Syntax highlighting using prettify.js, including 4 prettify themes -- Templates: By default there is a "classic" and a bootstrap based theme, but it - is easy to adapt these to your own websites layout. +- Templates: By default there is a bootstrap based and a "classic ZeroBin" theme + and it is easy to adapt these to your own websites layout or create your own. ## Further resources diff --git a/cfg/conf.ini b/cfg/conf.ini index 427488fb..e6ccc476 100644 --- a/cfg/conf.ini +++ b/cfg/conf.ini @@ -5,7 +5,7 @@ ; @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin ; @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) ; @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License -; @version 0.19 +; @version 0.20 [main] ; enable or disable the discussion feature, defaults to true diff --git a/css/bootstrap/zerobin.css b/css/bootstrap/zerobin.css index df727ab9..c797639f 100644 --- a/css/bootstrap/zerobin.css +++ b/css/bootstrap/zerobin.css @@ -1,4 +1,4 @@ -/* ZeroBin 0.19 - http://sebsauvage.net/wiki/doku.php?id=php:zerobin */ +/* ZeroBin 0.20 - http://sebsauvage.net/wiki/doku.php?id=php:zerobin */ body { diff --git a/css/zerobin.css b/css/zerobin.css index 0e905edb..d7c964fc 100644 --- a/css/zerobin.css +++ b/css/zerobin.css @@ -1,4 +1,4 @@ -/* ZeroBin 0.19 - http://sebsauvage.net/wiki/doku.php?id=php:zerobin */ +/* ZeroBin 0.20 - http://sebsauvage.net/wiki/doku.php?id=php:zerobin */ /* CSS Reset from YUI 3.4.1 (build 4118) - Copyright 2011 Yahoo! Inc. All rights reserved. diff --git a/index.php b/index.php index f4ba4dd8..572738cd 100644 --- a/index.php +++ b/index.php @@ -7,7 +7,7 @@ * @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 0.19 + * @version 0.20 */ // change this, if your php files and data is outside of your webservers document root diff --git a/js/zerobin.js b/js/zerobin.js index 66ae2570..fe8576bf 100644 --- a/js/zerobin.js +++ b/js/zerobin.js @@ -6,7 +6,7 @@ * @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 0.19 + * @version 0.20 */ // Immediately start random number generator collector. diff --git a/lib/auto.php b/lib/auto.php index 7c754212..ed0c906a 100644 --- a/lib/auto.php +++ b/lib/auto.php @@ -7,7 +7,7 @@ * @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 0.19 + * @version 0.20 */ spl_autoload_register('auto::loader'); diff --git a/lib/filter.php b/lib/filter.php index 3d1f93a2..18205f95 100644 --- a/lib/filter.php +++ b/lib/filter.php @@ -7,7 +7,7 @@ * @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 0.19 + * @version 0.20 */ /** diff --git a/lib/persistence.php b/lib/persistence.php index ae0f2dd1..3e4186b3 100644 --- a/lib/persistence.php +++ b/lib/persistence.php @@ -7,7 +7,7 @@ * @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 0.19 + * @version 0.20 */ /** diff --git a/lib/serversalt.php b/lib/serversalt.php index c441bdb3..4238eacf 100644 --- a/lib/serversalt.php +++ b/lib/serversalt.php @@ -7,7 +7,7 @@ * @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 0.19 + * @version 0.20 */ /** diff --git a/lib/sjcl.php b/lib/sjcl.php index fb572415..baa5fe50 100644 --- a/lib/sjcl.php +++ b/lib/sjcl.php @@ -7,7 +7,7 @@ * @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 0.19 + * @version 0.20 */ /** diff --git a/lib/trafficlimiter.php b/lib/trafficlimiter.php index 6d2b20c2..f61b35b7 100644 --- a/lib/trafficlimiter.php +++ b/lib/trafficlimiter.php @@ -7,7 +7,7 @@ * @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 0.19 + * @version 0.20 */ /** diff --git a/lib/vizhash16x16.php b/lib/vizhash16x16.php index 562d95dd..c486ecf6 100644 --- a/lib/vizhash16x16.php +++ b/lib/vizhash16x16.php @@ -8,7 +8,7 @@ * @link http://sebsauvage.net/wiki/doku.php?id=php:vizhash_gd * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 0.0.4 beta ZeroBin 0.19 + * @version 0.0.4 beta ZeroBin 0.20 */ /** diff --git a/lib/zerobin.php b/lib/zerobin.php index 6175bed0..3485fee9 100644 --- a/lib/zerobin.php +++ b/lib/zerobin.php @@ -7,7 +7,7 @@ * @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 0.19 + * @version 0.20 */ /** @@ -22,7 +22,7 @@ class zerobin * * @const string */ - const VERSION = 'Alpha 0.19'; + const VERSION = '0.20'; /** * show the same error message if the paste expired or does not exist diff --git a/lib/zerobin/abstract.php b/lib/zerobin/abstract.php index 4bbcc442..f3845b71 100644 --- a/lib/zerobin/abstract.php +++ b/lib/zerobin/abstract.php @@ -7,7 +7,7 @@ * @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 0.19 + * @version 0.20 */ /** diff --git a/lib/zerobin/data.php b/lib/zerobin/data.php index 1cf043b6..f547e46b 100644 --- a/lib/zerobin/data.php +++ b/lib/zerobin/data.php @@ -7,7 +7,7 @@ * @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 0.19 + * @version 0.20 */ /** diff --git a/lib/zerobin/db.php b/lib/zerobin/db.php index 69d48f99..134444c4 100644 --- a/lib/zerobin/db.php +++ b/lib/zerobin/db.php @@ -7,7 +7,7 @@ * @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) * @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License - * @version 0.19 + * @version 0.20 */ /**