Chapril/paste.chapril.org-privatebin
Chapril/paste.chapril.org-privatebin
25
1
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'php8' of github.com:PrivateBin/PrivateBin into php8

Browse Source
This commit is contained in:
El RIDO 2022-06-01 20:48:33 +02:00
commit a376f894a9
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92
78 changed files with 880 additions and 454 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/refresh-php8.yml vendored
View File

@ -2,9 +2,9 @@ name: Refresh PHP 8 branch
on:
push:
branches: [ master ]
branches: [ master ]
schedule:
- cron: '42 2 * * *'
- cron: '42 2 * * *'
workflow_dispatch:
jobs:
@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout php8 branch
- name: Checkout php8 branch
uses: actions/checkout@v2
with:
# directly checkout the php8 branch
@ -28,7 +28,7 @@ jobs:
git merge origin/master
- name: Push new changes
uses: github-actions-x/commit@v2.8
uses: github-actions-x/commit@v2.9
with:
name: github-actions[bot]
email: 41898282+github-actions[bot]@users.noreply.github.com

2
.github/workflows/snyk-scan.yml vendored
View File

@ -24,6 +24,6 @@ jobs:
with:
args: --sarif-file-output=snyk.sarif
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk.sarif

14
CHANGELOG.md
View File

@ -1,18 +1,26 @@
# PrivateBin version history
* **1.4 (not yet released)**
* ADDED: Translations for Estonian and Lojban
* **1.4.1 (not yet released)**
* ADDED: Translations for Turkish
* CHANGED: Avoid `SUPER` privilege for setting the `sql_mode` for MariaDB/MySQL (#919)
* **1.4 (2022-04-09)**
* ADDED: Translations for Corsican, Estonian, Finnish and Lojban
* ADDED: new HTTP headers improving security (#765)
* ADDED: Download button for paste text (#774)
* ADDED: Opt-out of federated learning of cohorts (FLoC) (#776)
* ADDED: Configuration option to exempt IPs from the rate-limiter (#787)
* ADDED: Google Cloud Storage backend support (#795)
* ADDED: Oracle database support (#868)
* ADDED: Configuration option to limit paste creation and commenting to certain IPs (#883)
* ADDED: Set CSP also as meta tag, to deal with misconfigured webservers mangling the HTTP header
* ADDED: Sanitize SVG preview, preventing script execution in instance context
* CHANGED: Language selection cookie only transmitted over HTTPS (#472)
* CHANGED: Upgrading libraries to: base-x 4.0.0, bootstrap 3.4.1 (JS), DOMpurify 2.3.6, ip-lib 1.18.0, jQuery 3.6.0, random_compat 2.0.21 & Showdown 2.0.0
* CHANGED: Upgrading libraries to: base-x 4.0.0, bootstrap 3.4.1 (JS), DOMpurify 2.3.6, ip-lib 1.18.0, jQuery 3.6.0, random_compat 2.0.21, Showdown 2.0.3 & zlib 1.2.12
* CHANGED: Removed automatic `.ini` configuration file migration (#808)
* CHANGED: Removed configurable `dir` for `traffic` & `purge` limiters (#419)
* CHANGED: Server salt, traffic and purge limiter now stored in the storage backend (#419)
* CHANGED: Drop support for attachment download in IE
* FIXED: Error when attachments are disabled, but paste with attachment gets displayed
* **1.3.5 (2021-04-05)**
* ADDED: Translations for Hebrew, Lithuanian, Indonesian and Catalan
* ADDED: Make the project info configurable (#681)

14
CREDITS.md
View File

@ -2,18 +2,17 @@
## Active contributors
Simon Rupf - current developer and maintainer
rugk - security review, doc improvment, JS refactoring & various other stuff
R4SAS - python client, compression, blob URI to support larger attachments
* Simon Rupf - current developer and maintainer
* rugk - security review, doc improvment, JS refactoring & various other stuff
* R4SAS - python client, compression, blob URI to support larger attachments
## Past contributions
Sébastien Sauvage - original idea and main developer
* Sébastien Sauvage - original idea and main developer
* Alexey Gladkov - syntax highlighting
* Greg Knaddison - robots.txt
* MrKooky - HTML5 markup, CSS cleanup
* Simon Rupf - WebCrypto, unit tests, containers images, database backend, MVC, configuration, i18n
* Simon Rupf - WebCrypto, unit tests, container images, database backend, MVC, configuration, i18n
* Hexalyse - Password protection
* Viktor Stanchev - File upload support
* azlux - Tab character input support
@ -55,3 +54,6 @@ Sébastien Sauvage - original idea and main developer
* retiolus - Catalan
* sarnane - Estonian
* foxsouns - Lojban
* Patriccollu di Santa Maria è Sichè - Corsican
* Markus Mikkonen - Finnish
* Emir Ensar Rahmanlar - Turkish

128
INSTALL.md
View File

@ -1,39 +1,47 @@
# Installation
**TL;DR:** Download the
[latest release archive](https://github.com/PrivateBin/PrivateBin/releases/latest) (with the link labelled as „Source code (…)“)
and extract it in your web hosts folder where you want to install your PrivateBin
instance. We try to provide a mostly safe default configuration, but we urge you to
check the [security section](#hardening-and-security) below and the [configuration
options](#configuration) to adjust as you see fit.
[latest release archive](https://github.com/PrivateBin/PrivateBin/releases/latest)
(with the link labelled as "Source code (…)") and extract it in your web hosts
folder where you want to install your PrivateBin instance. We try to provide a
mostly safe default configuration, but we urge you to check the
[security section](#hardening-and-security) below and the
[configuration options](#configuration) to adjust as you see fit.
**NOTE:** See [our FAQ](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#how-can-i-securely-clonedownload-your-project) for information how to securely download the PrivateBin release files.
**NOTE:** See our [FAQ entry on securely downloading release files](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#how-can-i-securely-clonedownload-your-project)
for more information.
**NOTE:** There is a [ansible](https://ansible.com) role by @e1mo available to install and configure PrivateBin on your server. It's available on [ansible galaxy](https://galaxy.ansible.com/e1mo/privatebin) ([source code](https://git.sr.ht/~e1mo/ansible-role-privatebin)).
**NOTE:** There is a [ansible](https://ansible.com) role by @e1mo available to
install and configure PrivateBin on your server. It's available on
[ansible galaxy](https://galaxy.ansible.com/e1mo/privatebin)
([source code](https://git.sr.ht/~e1mo/ansible-role-privatebin)).
### Minimal requirements
### Minimal Requirements
- PHP version 7.0 or above
- Or PHP version 5.6 AND _one_ of the following sources of cryptographically safe randomness:
- [Libsodium](https://download.libsodium.org/libsodium/content/installation/) and it's [PHP extension](https://paragonie.com/book/pecl-libsodium/read/00-intro.md#installing-libsodium)
- open_basedir access to `/dev/urandom`
- mcrypt extension (mcrypt needs to be able to access `/dev/urandom`. This means if `open_basedir` is set, it must include this file.)
- Or PHP version 5.6 AND _one_ of the following sources of cryptographically
safe randomness:
- [Libsodium](https://download.libsodium.org/libsodium/content/installation/)
and it's [PHP extension](https://paragonie.com/book/pecl-libsodium/read/00-intro.md#installing-libsodium)
- `open_basedir` access to `/dev/urandom`
- mcrypt extension AND `open_basedir` access to `/dev/urandom`
- com_dotnet extension
- GD extension
- zlib extension
- some disk space or (optionally) a database supported by [PDO](https://php.net/manual/book.pdo.php)
- ability to create files and folders in the installation directory and the PATH defined in index.php
- A web browser with JavaScript support
- some disk space or a database supported by [PDO](https://php.net/manual/book.pdo.php)
- ability to create files and folders in the installation directory and the PATH
defined in index.php
- A web browser with JavaScript and (optional) WebAssembly support
## Hardening and security
## Hardening and Security
### Changing the path
### Changing the Path
In the index.php you can define a different `PATH`. This is useful to secure your
installation. You can move the configuration, data files, templates and PHP
In the index.php you can define a different `PATH`. This is useful to secure
your installation. You can move the configuration, data files, templates and PHP
libraries (directories cfg, doc, data, lib, tpl, tst and vendor) outside of your
document root. This new location must still be accessible to your webserver / PHP
process (see also
document root. This new location must still be accessible to your webserver and
PHP process (see also
[open_basedir setting](https://secure.php.net/manual/en/ini.core.php#ini.open-basedir)).
> #### PATH Example
@ -42,24 +50,25 @@ process (see also
> http://example.com/paste/
>
> The full path of PrivateBin on your webserver is:
> /home/example.com/htdocs/paste
> /srv/example.com/htdocs/paste
>
> When setting the path like this:
> define('PATH', '../../secret/privatebin/');
>
> PrivateBin will look for your includes / data here:
> /home/example.com/secret/privatebin
> PrivateBin will look for your includes and data here:
> /srv/example.com/secret/privatebin
### Changing the config path only
In situations where you want to keep the PrivateBin static files separate from the
rest of your data, or you want to reuse the installation files on multiple vhosts,
you may only want to change the `conf.php`. In this instance, you can set the
you may only want to change the `conf.php`. In this case, you can set the
`CONFIG_PATH` environment variable to the absolute path to the `conf.php` file.
This can be done in your web server's virtual host config, the PHP config, or in
the index.php if you choose to customize it.
the index.php, if you choose to customize it.
Note that your PHP process will need read access to the config wherever it may be.
Note that your PHP process will need read access to the configuration file,
wherever it may be.
> #### CONFIG_PATH example
> Setting the value in an Apache Vhost:
@ -73,23 +82,27 @@ Note that your PHP process will need read access to the config wherever it may b
### Transport security
When setting up PrivateBin, also set up HTTPS, if you haven't already. Without HTTPS
PrivateBin is not secure, as the JavaScript files could be manipulated during transmission.
For more information on this, see our [FAQ entry on HTTPS setup](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#how-should-i-setup-https).
When setting up PrivateBin, also set up HTTPS, if you haven't already. Without
HTTPS PrivateBin is not secure, as the JavaScript or WebAssembly files could be
manipulated during transmission. For more information on this, see our
[FAQ entry on HTTPS setup recommendations](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#how-should-i-setup-https).
### File-level permissions
After completing the installation, you should make sure, other users on the system cannot read the config file or the `data/` directory, as depending on your configuration potential secret information are saved there.
After completing the installation, you should make sure, that other users on the
system cannot read the config file or the `data/` directory, as depending on
your configuration potentially sensitive information may be stored in there.
See [this FAQ item](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#what-are-the-recommended-file-and-folder-permissions-for-privatebin) for a detailed guide on how to "harden" the permissions of files and folders.
See our [FAQ entry on permissions](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#what-are-the-recommended-file-and-folder-permissions-for-privatebin)
for a detailed guide on how to "harden" access to files and folders.
## Configuration
In the file `cfg/conf.php` you can configure PrivateBin. A `cfg/conf.sample.php`
is provided containing all options and default values. You can copy it to
`cfg/conf.php` and adapt it as needed. Alternatively you can copy it anywhere and
set the `CONFIG_PATH` environment variable (see above notes). The config file is
divided into multiple sections, which are enclosed in square brackets.
is provided containing all options and their default values. You can copy it to
`cfg/conf.php` and change it as needed. Alternatively you can copy it anywhere
and set the `CONFIG_PATH` environment variable (see above notes). The config
file is divided into multiple sections, which are enclosed in square brackets.
In the `[main]` section you can enable or disable the discussion feature, set
the limit of stored pastes and comments in bytes. The `[traffic]` section lets
@ -107,28 +120,28 @@ A `robots.txt` file is provided in the root dir of PrivateBin. It disallows all
robots from accessing your pastes. It is recommend to place it into the root of
your web directory if you have installed PrivateBin in a subdirectory. Make sure
to adjust it, so that the file paths match your installation. Of course also
adjust the file if you already use a `robots.txt`.
adjust the file, if you already use a `robots.txt`.
A `.htaccess.disabled` file is provided in the root dir of PrivateBin. It blocks
some known robots and link-scanning bots. If you use Apache, you can rename the
file to `.htaccess` to enable this feature. If you use another webserver, you
have to configure it manually to do the same.
### When using Cloudflare
### On using Cloudflare
If you want to use PrivateBin behind Cloudflare, make sure you have disabled the Rocket
loader and unchecked "Javascript" for Auto Minify, found in your domain settings,
under "Speed". (More information
[in this FAQ entry](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection))
If you want to use PrivateBin behind Cloudflare, make sure you have disabled the
Rocket loader and unchecked "Javascript" for Auto Minify, found in your domain
settings, under "Speed". More information can be found in our
[FAQ entry on Cloudflare related issues](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection).
### Using a database instead of flat files
### Using a Database Instead of Flat Files
In the configuration file the `[model]` and `[model_options]` sections let you
configure your favourite way of storing the pastes and discussions on your
server.
`Filesystem` is the default model, which stores everything in files in the
data folder. This is the recommended setup for most sites.
data folder. This is the recommended setup for most sites on single hosts.
Under high load, in distributed setups or if you are not allowed to store files
locally, you might want to switch to the `Database` model. This lets you
@ -142,21 +155,26 @@ to use a prefix for
The table prefix option is called `tbl`.
> #### Note
> The `Database` model has only been tested with SQLite, MySQL and PostgreSQL,
> although it would not be recommended to use SQLite in a production environment.
> If you gain any experience running PrivateBin on other RDBMS, please let us
> know.
> The `Database` model has only been tested with SQLite, MariaDB/MySQL and
> PostgreSQL, although it would not be recommended to use SQLite in a production
> environment. If you gain any experience running PrivateBin on other RDBMS,
> please let us know.
The following GRANTs (privileges) are required for the PrivateBin user in **MySQL**. In normal operation:
The following GRANTs (privileges) are required for the PrivateBin user in
**MariaDB/MySQL**. In normal operation:
- INSERT, SELECT, DELETE on the paste and comment tables
- SELECT on the config table
If you want PrivateBin to handle table creation (when you create the first paste) and updates (after you update PrivateBin to a new release), you need to give the user these additional privileges:
If you want PrivateBin to handle table creation (when you create the first paste)
and updates (after you update PrivateBin to a new release), you need to give the
user these additional privileges:
- CREATE, INDEX and ALTER on the database
- INSERT and UPDATE on the config table
For reference or if you want to create the table schema for yourself to avoid having to give PrivateBin too many permissions (replace
`prefix_` with your own table prefix and create the table schema with your favourite MySQL console):
For reference or if you want to create the table schema for yourself to avoid
having to give PrivateBin too many permissions (replace `prefix_` with your own
table prefix and create the table schema with your favourite MariaDB/MySQL
client):
```sql
CREATE TABLE prefix_paste (
@ -187,7 +205,7 @@ CREATE INDEX parent ON prefix_comment(pasteid);
CREATE TABLE prefix_config (
id CHAR(16) NOT NULL, value TEXT, PRIMARY KEY (id)
);
INSERT INTO prefix_config VALUES('VERSION', '1.3.5');
INSERT INTO prefix_config VALUES('VERSION', '1.4.0');
```
In **PostgreSQL**, the `data`, `attachment`, `nickname` and `vizhash` columns
@ -199,11 +217,11 @@ to be `CLOB` and not `BLOB` or `MEDIUMBLOB`, the `id` column in the `config`
table needs to be `VARCHAR2(16)` and the `meta` column in the `paste` table
and the `value` column in the `config` table need to be `VARCHAR2(4000)`.
### Using Google Cloud Storage
#### Using Google Cloud Storage
If you want to deploy PrivateBin in a serverless manner in the Google Cloud, you
can choose the `GoogleCloudStorage` as backend. To use this backend, you create
a GCS bucket and specify the name as the model option `bucket`. Alternatively,
you can set the name through the environment variable PASTEBIN_GCS_BUCKET.
you can set the name through the environment variable `PRIVATEBIN_GCS_BUCKET`.
The default prefix for pastes stored in the bucket is `pastes`. To change the
prefix, specify the option `prefix`.

9
Makefile
View File

@ -1,7 +1,7 @@
.PHONY: all coverage coverage-js coverage-php doc doc-js doc-php increment sign test test-js test-php help
CURRENT_VERSION = 1.3.5
VERSION ?= 1.3.6
CURRENT_VERSION = 1.4.0
VERSION ?= 1.4.1
VERSION_FILES = index.php cfg/ *.md css/ i18n/ img/ js/package.json js/privatebin.js lib/ Makefile tpl/ tst/
REGEX_CURRENT_VERSION := $(shell echo $(CURRENT_VERSION) | sed "s/\./\\\./g")
REGEX_VERSION := $(shell echo $(VERSION) | sed "s/\./\\\./g")
@ -33,12 +33,13 @@ increment: ## Increment and commit new version number, set target version using
do \
sed -i "s/$(REGEX_CURRENT_VERSION)/$(REGEX_VERSION)/g" $$F; \
done
git add $(VERSION_FILES)
cd tst && phpunit --no-coverage && cd ..
git add $(VERSION_FILES) tpl/
git commit -m "incrementing version"
sign: ## Sign a release.
git tag $(VERSION)
git push --tags
git push origin $(VERSION)
signrelease.sh
test: test-js test-php ## Run all unit tests.

53
README.md
View File

@ -1,25 +1,27 @@
# [![PrivateBin](https://cdn.rawgit.com/PrivateBin/assets/master/images/preview/logoSmall.png)](https://privatebin.info/)
*Current version: 1.3.5*
*Current version: 1.4.0*
**PrivateBin** is a minimalist, open source online [pastebin](https://en.wikipedia.org/wiki/Pastebin)
**PrivateBin** is a minimalist, open source online
[pastebin](https://en.wikipedia.org/wiki/Pastebin)
where the server has zero knowledge of pasted data.
Data is encrypted and decrypted in the browser using 256bit AES in [Galois Counter mode](https://en.wikipedia.org/wiki/Galois/Counter_Mode).
Data is encrypted and decrypted in the browser using 256bit AES in
[Galois Counter mode](https://en.wikipedia.org/wiki/Galois/Counter_Mode).
This is a fork of ZeroBin, originally developed by
[Sébastien Sauvage](https://github.com/sebsauvage/ZeroBin). ZeroBin was refactored
to allow easier and cleaner extensions. PrivateBin has many more features than the
original ZeroBin. It is, however, still fully compatible to the original ZeroBin 0.19
[Sébastien Sauvage](https://github.com/sebsauvage/ZeroBin). PrivateBin was
refactored to allow easier and cleaner extensions and has many additional
features. It is, however, still fully compatible to the original ZeroBin 0.19
data storage scheme. Therefore, such installations can be upgraded to PrivateBin
without losing any data.
## What PrivateBin provides
+ As a server administrator you don't have to worry if your users post content
that is considered illegal in your country. You have no knowledge of any
of the pastes content. If requested or enforced, you can delete any paste from
your system.
that is considered illegal in your country. You have plausible deniability of
any of the pastes content. If requested or enforced, you can delete any paste
from your system.
+ Pastebin-like system to store text documents, code samples, etc.
@ -31,13 +33,13 @@ without losing any data.
## What it doesn't provide
- As a user you have to trust the server administrator not to inject any malicious
javascript code.
For basic security, the PrivateBin installation *has to provide HTTPS*!
Otherwise you would also have to trust your internet provider, and any country
the traffic passes through.
Additionally the instance should be secured by
[HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security). It can use traditional certificate authorities and/or use
- As a user you have to trust the server administrator not to inject any
malicious code. For security, a PrivateBin installation *has to be used over*
*HTTPS*! Otherwise you would also have to trust your internet provider, and
any jurisdiction the traffic passes through. Additionally the instance should
be secured by
[HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security). It can
use traditional certificate authorities and/or use a
[DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions)
protected
[DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities)
@ -45,18 +47,17 @@ without losing any data.
- The "key" used to encrypt the paste is part of the URL. If you publicly post
the URL of a paste that is not password-protected, anyone can read it.
Use a password if you want your paste to be private. In this case, make sure to
use a strong password and only share it privately and end-to-end-encrypted.
Use a password if you want your paste to remain private. In that case, make
sure to use a strong password and share it privately and end-to-end-encrypted.
- A server admin might be forced to hand over access logs to the authorities.
- A server admin can be forced to hand over access logs to the authorities.
PrivateBin encrypts your text and the discussion contents, but who accessed a
paste (first) might still be disclosed via access logs.
- In case of a server breach your data is secure as it is only stored encrypted
on the server. However, the server could be misused or the server admin could
be legally forced into sending malicious JavaScript to all web users, which
grabs the decryption key and sends it to the server when a user accesses a
PrivateBin.
on the server. However, the server could be absused or the server admin could
be legally forced into sending malicious code to their users, which logs
the decryption key and sends it to a server when a user accesses a paste.
Therefore, do not access any PrivateBin instance if you think it has been
compromised. As long as no user accesses this instance with a previously
generated URL, the content can't be decrypted.
@ -77,8 +78,8 @@ file](https://github.com/PrivateBin/PrivateBin/wiki/Configuration):
* Syntax highlighting for source code using prettify.js, including 4 prettify
themes
* File upload support, images get displayed (disabled by default, possibility
to adjust size limit)
* File upload support, image, media and PDF preview (disabled by default, size
limit adjustable)
* Templates: By default there are bootstrap CSS, darkstrap and "classic ZeroBin"
to choose from and it is easy to adapt these to your own websites layout or
@ -89,7 +90,7 @@ file](https://github.com/PrivateBin/PrivateBin/wiki/Configuration):
* Language selection (disabled by default, as it uses a session cookie)
* QR code generation of URL, to easily transfer pastes over to a mobile device
* QR code for paste URLs, to easily transfer them over to mobile devices
## Further resources

4
SECURITY.md
View File

@ -4,8 +4,8 @@
| Version | Supported |
| ------- | ------------------ |
| 1.3.5 | :heavy_check_mark: |
| < 1.3.5 | :x: |
| 1.4.0 | :heavy_check_mark: |
| < 1.4.0 | :x: |
## Reporting a Vulnerability

16
cfg/conf.sample.php
View File

@ -87,7 +87,7 @@ languageselection = false
; async functions and display an error if not and for Chrome to enable
; webassembly support (used for zlib compression). You can remove it if Chrome
; doesn't need to be supported and old browsers don't need to be warned.
; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval' resource:; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
@ -135,9 +135,17 @@ markdown = "Markdown"
; Set this to 0 to disable rate limiting.
limit = 10
; Set ips (v4|v6) which should be exempted for the rate-limit. CIDR also supported. Needed to be comma separated.
; Unset for enabling and invalid values will be ignored
; eg: exemptedIp = '1.2.3.4,10.10.10/24'
; (optional) Set IPs addresses (v4 or v6) or subnets (CIDR) which are exempted
; from the rate-limit. Invalid IPs will be ignored. If multiple values are to
; be exempted, the list needs to be comma separated. Leave unset to disable
; exemptions.
; exempted = "1.2.3.4,10.10.10/24"
; (optional) If you want only some source IP addresses (v4 or v6) or subnets
; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be
; ignored. If multiple values are to be exempted, the list needs to be comma
; separated. Leave unset to allow anyone to create pastes.
; creators = "1.2.3.4,10.10.10/24"
; (optional) if your website runs behind a reverse proxy or load balancer,
; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR

2
css/bootstrap/privatebin.css
View File

@ -6,7 +6,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
body {

2
css/noscript.css
View File

@ -6,7 +6,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
/* When there is no script at all other */

2
css/privatebin.css
View File

@ -6,7 +6,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
/* CSS Reset from YUI 3.4.1 (build 4118) - Copyright 2011 Yahoo! Inc. All rights reserved.

3
i18n/ar.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Encrypted note on PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.",
"URL shortener may expose your decrypt key in URL.": "URL shortener may expose your decrypt key in URL.",
"Save paste": "Save paste"
"Save paste": "Save paste",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

3
i18n/bg.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Encrypted note on PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.",
"URL shortener may expose your decrypt key in URL.": "URL shortener may expose your decrypt key in URL.",
"Save paste": "Save paste"
"Save paste": "Save paste",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

47
i18n/ca.json
View File

@ -79,34 +79,34 @@
"Never": "Mai",
"Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service.": "Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service.",
"This document will expire in %d seconds.": [
"This document will expire in %d second. (singular)",
"This document will expire in %d seconds. (1st plural)",
"This document will expire in %d seconds. (2nd plural)",
"This document will expire in %d seconds. (3rd plural)"
"Aquest document caducarà d'aquí %d segon.",
"Aquest document caducarà d'aquí %d segons.",
"Aquest document caducarà d'aquí %d segons.",
"Aquest document caducarà d'aquí %d segons."
],
"This document will expire in %d minutes.": [
"This document will expire in %d minute. (singular)",
"This document will expire in %d minutes. (1st plural)",
"This document will expire in %d minutes. (2nd plural)",
"This document will expire in %d minutes. (3rd plural)"
"Aquest document caducarà d'aquí %d minut.",
"Aquest document caducarà d'aquí %d minuts.",
"Aquest document caducarà d'aquí %d minuts.",
"Aquest document caducarà d'aquí %d minuts."
],
"This document will expire in %d hours.": [
"This document will expire in %d hour. (singular)",
"This document will expire in %d hours. (1st plural)",
"This document will expire in %d hours. (2nd plural)",
"This document will expire in %d hours. (3rd plural)"
"Aquest document caducarà d'aquí %d hora.",
"Aquest document caducarà d'aquí %d hores.",
"Aquest document caducarà d'aquí %d hores.",
"Aquest document caducarà d'aquí %d hores."
],
"This document will expire in %d days.": [
"This document will expire in %d day. (singular)",
"This document will expire in %d days. (1st plural)",
"This document will expire in %d days. (2nd plural)",
"This document will expire in %d days. (3rd plural)"
"Aquest document caducarà d'aquí %d dia.",
"Aquest document caducarà d'aquí %d dies.",
"Aquest document caducarà d'aquí %d dies.",
"Aquest document caducarà d'aquí %d dies."
],
"This document will expire in %d months.": [
"This document will expire in %d month. (singular)",
"This document will expire in %d months. (1st plural)",
"This document will expire in %d months. (2nd plural)",
"This document will expire in %d months. (3rd plural)"
"Aquest document caducarà d'aquí %d mes.",
"Aquest document caducarà d'aquí %d mesos.",
"Aquest document caducarà d'aquí %d mesos.",
"Aquest document caducarà d'aquí %d mesos."
],
"Please enter the password for this paste:": "Si us plau, introdueix la contrasenya per aquest paste:",
"Could not decrypt data (Wrong key?)": "No s'han pogut desxifrar les dades (Clau incorrecte?)",
@ -124,7 +124,7 @@
"Could not refresh display: %s": "Could not refresh display: %s",
"unknown status": "estat desconegut",
"server error or not responding": "server error or not responding",
"Could not post comment: %s": "Could not post comment: %s",
"Could not post comment: %s": "No s'ha pogut publicar el comentari: %s",
"Sending paste…": "Enviant paste…",
"Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>": "Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>",
"Delete data": "Esborrar les dades",
@ -146,7 +146,7 @@
"Download attachment": "Baixar els adjunts",
"Cloned: '%s'": "Cloned: '%s'",
"The cloned file '%s' was attached to this paste.": "The cloned file '%s' was attached to this paste.",
"Attach a file": "Attach a file",
"Attach a file": "Adjuntar un fitxer",
"alternatively drag & drop a file or paste an image from the clipboard": "alternatively drag & drop a file or paste an image from the clipboard",
"File too large, to display a preview. Please download the attachment.": "File too large, to display a preview. Please download the attachment.",
"Remove attachment": "Remove attachment",
@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Encrypted note on PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.",
"URL shortener may expose your decrypt key in URL.": "URL shortener may expose your decrypt key in URL.",
"Save paste": "Save paste"
"Save paste": "Save paste",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

190
i18n/co.json Normal file
View File

@ -0,0 +1,190 @@
{
"PrivateBin": "PrivateBin",
"%s is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted %sin the browser%s using 256 bits AES.": "%s hè un serviziu in linea di tipu « pastebin » (ghjestiunariu dappiccicu di pezzi di testu è di codice di fonte) minimalistu è à fonte aperta induve u servitore ùn hà micca cunnuscenza di i dati mandati. I dati sò cifrati è dicifrati %sin u navigatore%s cù una cifratura AES di 256 bit.",
"More information on the <a href=\"https://privatebin.info/\">project page</a>.": "Più dinfurmazione annantà a <a href=\"https://privatebin.info/\">pagina di u prughjettu</a>.",
"Because ignorance is bliss": "Perchè lignurenza hè una campa",
"en": "co",
"Paste does not exist, has expired or has been deleted.": "Lappiccicu ùn esiste micca, hè scadutu o hè statu squassatu.",
"%s requires php %s or above to work. Sorry.": "Per disgrazzia, %s richiede php %s o più recente per funziunà.",
"%s requires configuration section [%s] to be present in configuration file.": "%s richiede a presenza di a sezzione di cunfigurazione [%s] in a schedariu di cunfigurazione.",
"Please wait %d seconds between each post.": [
"Aspettate %d seconda trà dui publicazioni.",
"Aspettate %d seconde trà dui publicazioni.",
"Aspettate %d seconde trà dui publicazioni.",
"Aspettate %d seconde trà dui publicazioni."
],
"Paste is limited to %s of encrypted data.": "Lappiccicu hè limitatu à %s di dati cifrati.",
"Invalid data.": "Dati inaccetevule.",
"You are unlucky. Try again.": "Pruvate torna, Serete più furtunati.",
"Error saving comment. Sorry.": "Per disgrazzia, ci hè un sbagliu à larregistramentu di u cummentu.",
"Error saving paste. Sorry.": "Per disgrazzia, ci hè un sbagliu à larregistramentu di lappiccicu.",
"Invalid paste ID.": "N° di lappiccicu inaccettevule.",
"Paste is not of burn-after-reading type.": "Lappiccicu ùn hè micca di tipu « Squassà dopu a lettura ».",
"Wrong deletion token. Paste was not deleted.": "Gettone di squassatura incurrettu. Lappiccicu ùn hè micca statu squassatu.",
"Paste was properly deleted.": "Lappiccicu hè statu squassatu currettamente.",
"JavaScript is required for %s to work. Sorry for the inconvenience.": "JavaScript hè richiestu per fà funziunà %s. Scusate per stu penseru.",
"%s requires a modern browser to work.": "%s richiede un navigatore mudernu per funziunà.",
"New": "Novu",
"Send": "Mandà",
"Clone": "Duppione",
"Raw text": "Testu grossu",
"Expires": "Scadenza",
"Burn after reading": "Squassà dopu a lettura",
"Open discussion": "Apre una chjachjarata",
"Password (recommended)": "Parolla dintesa (ricumandata)",
"Discussion": "Chjachjarata",
"Toggle navigation": "Invertisce a navigazione",
"%d seconds": [
"%d seconda",
"%d seconde",
"%d seconde",
"%d seconde"
],
"%d minutes": [
"%d minutu",
"%d minuti",
"%d minuti",
"%d minuti"
],
"%d hours": [
"%d ora",
"%d ore",
"%d ore",
"%d ore"
],
"%d days": [
"%d ghjornu",
"%d ghjorni",
"%d ghjorni",
"%d ghjorni"
],
"%d weeks": [
"%d settimana",
"%d settimane",
"%d settimane",
"%d settimane"
],
"%d months": [
"%d mese",
"%d mesi",
"%d mesi",
"%d mesi"
],
"%d years": [
"%d annu",
"%d anni",
"%d anni",
"%d anni"
],
"Never": "Mai",
"Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service.": "Nota : Què hè un serviziu di prova ; i dati ponu esse squassati à ogni mumentu. Parechji catorni anu da esse tombi sè vò impiegate troppu stu serviziu.",
"This document will expire in %d seconds.": [
"Stu ducumentu serà scadutu in %d seconda.",
"Stu ducumentu serà scadutu in %d seconde.",
"Stu ducumentu serà scadutu in %d seconde.",
"Stu ducumentu serà scadutu in %d seconde."
],
"This document will expire in %d minutes.": [
"Stu ducumentu serà scadutu in %d minutu.",
"Stu ducumentu serà scadutu in %d minuti.",
"Stu ducumentu serà scadutu in %d minuti.",
"Stu ducumentu serà scadutu in %d minuti."
],
"This document will expire in %d hours.": [
"Stu ducumentu serà scadutu in %d ora.",
"Stu ducumentu serà scadutu in %d ore.",
"Stu ducumentu serà scadutu in %d ore.",
"Stu ducumentu serà scadutu in %d ore."
],
"This document will expire in %d days.": [
"Stu ducumentu serà scadutu in %d ghjornu.",
"Stu ducumentu serà scadutu in %d ghjorni.",
"Stu ducumentu serà scadutu in %d ghjorni.",
"Stu ducumentu serà scadutu in %d ghjorni."
],
"This document will expire in %d months.": [
"Stu ducumentu serà scadutu in %d mese.",
"Stu ducumentu serà scadutu in %d mesi.",
"Stu ducumentu serà scadutu in %d mesi.",
"Stu ducumentu serà scadutu in %d mesi."
],
"Please enter the password for this paste:": "Stampittate a parolla dintesa per stappiccicu :",
"Could not decrypt data (Wrong key?)": "Ùn si pò micca dicifrà i dati ; seria incurretta a chjave ?",
"Could not delete the paste, it was not stored in burn after reading mode.": "Ùn si pò micca squassà lappiccicu, ùn hè micca statu in u modu « Squassà dopu a lettura ».",
"FOR YOUR EYES ONLY. Don't close this window, this message can't be displayed again.": "SOLU CÙ LOCHJI. Ùn chjudite micca sta finestra, stu messaghju un puderà più esse affissatu torna.",
"Could not decrypt comment; Wrong key?": "Ùn si pò micca dicifrà u cummentu. Seria incurretta a chjave ?",
"Reply": "Risponde",
"Anonymous": "Anonimu",
"Avatar generated from IP address": "Avatar ingeneratu da lindirizzu IP",
"Add comment": "Aghjunghje un cummentu",
"Optional nickname…": "Cugnome ozzionale…",
"Post comment": "Impustà u cummentu",
"Sending comment…": "Inviu di u cummentu…",
"Comment posted.": "Cummentu inviatu.",
"Could not refresh display: %s": "Ùn si pò micca attualizà laffissera : %s",
"unknown status": "statu scunnisciutu",
"server error or not responding": "sbagliu di u servitore o u servitore ùn risponde micca",
"Could not post comment: %s": "Ùn si pò micca impustà u cummentu : %s",
"Sending paste…": "Inviu di lappiccicu…",
"Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>": "U vostru appiccicu si trova à lindirizzu<a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Appughjate [Ctrl]+[c] per cupià u liame)</span>",
"Delete data": "Squassà i dati",
"Could not create paste: %s": "Ùn si pò micca creà lappiccicu : %s",
"Cannot decrypt paste: Decryption key missing in URL (Did you use a redirector or an URL shortener which strips part of the URL?)": "Ùn si pò micca dicifrà lappiccicu : A chjave di dicifratura hè assente in lindirizzu. Averiate impiegatu un orientadore dindirizzu o un riduttore chì ammuzzeghja una parte di lindirizzu ?",
"B": "o",
"KiB": "Ko",
"MiB": "Mo",
"GiB": "Go",
"TiB": "To",
"PiB": "Po",
"EiB": "Eo",
"ZiB": "Zo",
"YiB": "Yo",
"Format": "Furmatu",
"Plain Text": "Testu in chjaru",
"Source Code": "Codice di fonte",
"Markdown": "Markdown",
"Download attachment": "Scaricà a pezza aghjunta",
"Cloned: '%s'": "Duppiatu : « %s »",
"The cloned file '%s' was attached to this paste.": "U schedariu duppiatu « %s » hè statu aghjuntu à stappiccicu.",
"Attach a file": "Aghjunghje un schedariu",
"alternatively drag & drop a file or paste an image from the clipboard": "in alternanza, sguillà è depone un schedariu o incullà una fiura da u premepapei",
"File too large, to display a preview. Please download the attachment.": "Schedariu troppu maiò per affissà una fighjulata. Scaricate a pezza aghjunta.",
"Remove attachment": "Caccià a pezza aghjunta",
"Your browser does not support uploading encrypted files. Please use a newer browser.": "U vostru navigatore ùn accetta micca linviu di i schedarii cifrati. Impiegate un navigatore più recente.",
"Invalid attachment.": "A pezza aghjunta hè inaccettevule.",
"Options": "Ozzioni",
"Shorten URL": "Ammuzzà lindirizzu",
"Editor": "Editore",
"Preview": "Fighjulata",
"%s requires the PATH to end in a \"%s\". Please update the PATH in your index.php.": "%s richiede chì a variabile PATH si compii cù « %s ». Mudificate a variabile PATH in u vostru index.php.",
"Decrypt": "Dicifrà",
"Enter password": "Stampittate a parolla dintesa",
"Loading…": "Caricamentu…",
"Decrypting paste…": "Dicifratura di lappiccicu…",
"Preparing new paste…": "Approntu di u novu appiccicu…",
"In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.": "Sè stu messaghju ùn smarisce micca, lighjite <a href=\"%s\">sta FAQ per ottene infurmazioni annantà a risuluzione di i prublemi</a>.",
"+++ no paste text +++": "+++ nisunu testu incullatu +++",
"Could not get paste data: %s": "Ùn si pò micca ottene i dati di lappiccicu : %s",
"QR code": "Codice QR",
"This website is using an insecure HTTP connection! Please use it only for testing.": "Stu situ web impiegheghja una cunnessione HTTP non sicura ! impiegatelu solu per una prova.",
"For more information <a href=\"%s\">see this FAQ entry</a>.": "Per sapene di più, <a href=\"%s\">lighjite sta rubrica di a FAQ</a>.",
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.": "U vostru navigatore pò richiede una cunnessione HTTPS per permette lusu di lAPI WebCrypto. Pruvate di <a href=\"%s\">passà à HTTPS</a>.",
"Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones.": "U vostru navigatore ùn accetta micca WebAssembly, impiegatu per a cumpressione zlib. Pudete creà ducumenti micca cumpressi, ma ùn pudete micca leghje quelli chì sò cumpressi.",
"waiting on user to provide a password": "in attesa di lutilizatore per furnisce una parolla dintesa",
"Could not decrypt data. Did you enter a wrong password? Retry with the button at the top.": "Ùn si pò micca dicifrà i dati. Avete stampittatu una parolla dintesa incurretta ? Pruvate torna cù u buttone insù.",
"Retry": "Pruvà torna",
"Showing raw text…": "Affissera di u testu grossu…",
"Notice:": "Avertimentu :",
"This link will expire after %s.": "Stu liame hà da scade dopu à %s.",
"This link can only be accessed once, do not use back or refresh button in your browser.": "Stu liame pò esse accessu solu una volta, ùn impiegate micca i buttoni Precedente o Attualizà di u vostru navigatore.",
"Link:": "Liame :",
"Recipient may become aware of your timezone, convert time to UTC?": "U destinatariu pò cunnnosce u vostru fusu orariu. Vulete cunvertisce lora in u furmatu UTC ?",
"Use Current Timezone": "Impiegà u fusu orariu attuale",
"Convert To UTC": "Cunvertisce in UTC",
"Close": "Chjode",
"Encrypted note on PrivateBin": "Nota cifrata nantà PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visitate stu liame per vede a nota. Date lindirizzu à qualunque li permette daccede à a nota dinù.",
"URL shortener may expose your decrypt key in URL.": "Un ammuzzatore dindirizzu pò palisà a vostra chjave di dicifratura in lindirizzu.",
"Save paste": "Arregistrà lappiccicu",
"Your IP is not authorized to create pastes.": "U vostru indirizzu IP ùn hè micca auturizatu à creà lappiccichi."
}

3
i18n/cs.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Šifrovaná poznámka ve službě PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Navštivte tento odkaz pro zobrazení poznámky. Přeposláním URL umožníte také jiným lidem přístup.",
"URL shortener may expose your decrypt key in URL.": "Zkracovač URL může odhalit váš dešifrovací klíč v URL.",
"Save paste": "Uložit příspěvek"
"Save paste": "Uložit příspěvek",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

3
i18n/de.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Verschlüsselte Notiz auf PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Besuche diesen Link um das Dokument zu sehen. Wird die URL an eine andere Person gegeben, so kann diese Person ebenfalls auf dieses Dokument zugreifen.",
"URL shortener may expose your decrypt key in URL.": "Der URL-Verkürzer kann den Schlüssel in der URL enthüllen.",
"Save paste": "Text speichern"
"Save paste": "Text speichern",
"Your IP is not authorized to create pastes.": "Deine IP ist nicht berechtigt, Texte zu erstellen."
}

3
i18n/el.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Encrypted note on PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.",
"URL shortener may expose your decrypt key in URL.": "URL shortener may expose your decrypt key in URL.",
"Save paste": "Save paste"
"Save paste": "Save paste",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

3
i18n/en.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Encrypted note on PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.",
"URL shortener may expose your decrypt key in URL.": "URL shortener may expose your decrypt key in URL.",
"Save paste": "Save paste"
"Save paste": "Save paste",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

3
i18n/es.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Nota cifrada en PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visite este enlace para ver la nota. Dar la URL a cualquier persona también les permite acceder a la nota.",
"URL shortener may expose your decrypt key in URL.": "El acortador de URL puede exponer su clave de descifrado en el URL.",
"Save paste": "Guardar \"paste\""
"Save paste": "Guardar \"paste\"",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

3
i18n/et.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Krüpteeritud kiri PrivateBin-is",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Kirja nägemiseks külasta seda linki. Teistele URL-i andmine lubab ka neil ligi pääseda kirjale.",
"URL shortener may expose your decrypt key in URL.": "URL-i lühendaja võib paljastada sinu dekrüpteerimisvõtme URL-is.",
"Save paste": "Salvesta kleebe"
"Save paste": "Salvesta kleebe",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

7
i18n/fi.json
View File

@ -15,11 +15,11 @@
],
"Paste is limited to %s of encrypted data.": "Paste on rajoitettu kokoon %s salattua dataa.",
"Invalid data.": "Virheellinen data.",
"You are unlucky. Try again.": "Olet epäonnekas. Yritä uudelleen",
"You are unlucky. Try again.": "Olet epäonnekas. Yritä uudelleen.",
"Error saving comment. Sorry.": "Virhe kommenttia tallentaessa. Anteeksi.",
"Error saving paste. Sorry.": "Virhe pastea tallentaessa. Anteeksi.",
"Invalid paste ID.": "Virheellinen paste ID.",
"Paste is not of burn-after-reading type.": "Paste ei ole polta-lukemisen-jälkeen-tyyppiä",
"Paste is not of burn-after-reading type.": "Paste ei ole polta-lukemisen-jälkeen-tyyppiä.",
"Wrong deletion token. Paste was not deleted.": "Virheellinen poistotunniste. Pastea ei poistettu.",
"Paste was properly deleted.": "Paste poistettiin kunnolla.",
"JavaScript is required for %s to work. Sorry for the inconvenience.": "JavaScriptiä tarvitaan jotta %s toimisi. Anteeksi haitasta.",
@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Salattu viesti PrivateBinissä",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Käy tässä linkissä nähdäksesi viestin. URL:n antaminen kenellekään antaa heidänkin päästä katsomeen viestiä. ",
"URL shortener may expose your decrypt key in URL.": "URL-lyhentäjä voi paljastaa purkuavaimesi URL:ssä.",
"Save paste": "Tallenna paste"
"Save paste": "Tallenna paste",
"Your IP is not authorized to create pastes.": "IP:llesi ei ole annettu oikeutta luoda pasteja."
}

5
i18n/fr.json
View File

@ -2,7 +2,7 @@
"PrivateBin": "PrivateBin",
"%s is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted %sin the browser%s using 256 bits AES.": "%s est un 'pastebin' (ou gestionnaire d'extraits de texte et de code source) minimaliste et open source, dans lequel le serveur n'a aucune connaissance des données envoyées. Les données sont chiffrées/déchiffrées %sdans le navigateur%s par un chiffrement AES 256 bits.",
"More information on the <a href=\"https://privatebin.info/\">project page</a>.": "Plus d'informations sur <a href=\"https://privatebin.info/\">la page du projet</a>.",
"Because ignorance is bliss": "Parce que l'ignorance c'est le bonheur",
"Because ignorance is bliss": "Vivons heureux, vivons cachés",
"en": "fr",
"Paste does not exist, has expired or has been deleted.": "Le paste n'existe pas, a expiré, ou a été supprimé.",
"%s requires php %s or above to work. Sorry.": "Désolé, %s nécessite php %s ou supérieur pour fonctionner.",
@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Message chiffré sur PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visiter ce lien pour voir la note. Donner l'URL à une autre personne lui permet également d'accéder à la note.",
"URL shortener may expose your decrypt key in URL.": "Raccourcir l'URL peut exposer votre clé de déchiffrement dans l'URL.",
"Save paste": "Sauver le paste"
"Save paste": "Sauver le paste",
"Your IP is not authorized to create pastes.": "Votre adresse IP n'est pas autorisée à créer des pastes."
}

3
i18n/he.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "הערה מוצפנת ב־PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "נא לבקר בקישור כדי לצפות בהערה. מסירת הקישור לאנשים כלשהם תאפשר גם להם לגשת להערה.",
"URL shortener may expose your decrypt key in URL.": "URL shortener may expose your decrypt key in URL.",
"Save paste": "Save paste"
"Save paste": "Save paste",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

3
i18n/hi.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Encrypted note on PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.",
"URL shortener may expose your decrypt key in URL.": "URL shortener may expose your decrypt key in URL.",
"Save paste": "Save paste"
"Save paste": "Save paste",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

3
i18n/hu.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Titkosított jegyzet a PrivateBinen",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Látogasd meg ezt a hivatkozást a bejegyzés megtekintéséhez. Ha mások számára is megadod ezt a linket, azzal hozzáférnek ők is.",
"URL shortener may expose your decrypt key in URL.": "URL shortener may expose your decrypt key in URL.",
"Save paste": "Save paste"
"Save paste": "Save paste",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

3
i18n/id.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Catatan ter-ekrip di PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Kunjungi tautan ini untuk melihat catatan. Memberikan alamat URL pada siapapun juga, akan mengizinkan mereka untuk mengakses catatan, so pasti gitu loh Kaka.",
"URL shortener may expose your decrypt key in URL.": "Pemendek URL mungkin akan menampakkan kunci dekrip Anda dalam URL.",
"Save paste": "Simpan paste"
"Save paste": "Simpan paste",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

3
i18n/it.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Nota crittografata su PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visita questo collegamento per vedere la nota. Dare l'URL a chiunque consente anche a loro di accedere alla nota.",
"URL shortener may expose your decrypt key in URL.": "URL shortener può esporre la tua chiave decrittografata nell'URL.",
"Save paste": "Salva il messagio"
"Save paste": "Salva il messagio",
"Your IP is not authorized to create pastes.": "Il tuo IP non è autorizzato a creare dei messaggi."
}

3
i18n/ja.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Encrypted note on PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.",
"URL shortener may expose your decrypt key in URL.": "URL shortener may expose your decrypt key in URL.",
"Save paste": "Save paste"
"Save paste": "Save paste",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

3
i18n/jbo.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": ".i lo lo notci ku mifra cu zvati sivlolnitvanku'a",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.",
"URL shortener may expose your decrypt key in URL.": "URL shortener may expose your decrypt key in URL.",
"Save paste": "rejgau fukpi"
"Save paste": "rejgau fukpi",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

3
i18n/ku.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Encrypted note on PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.",
"URL shortener may expose your decrypt key in URL.": "URL shortener may expose your decrypt key in URL.",
"Save paste": "Save paste"
"Save paste": "Save paste",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

3
i18n/la.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Encrypted note on PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.",
"URL shortener may expose your decrypt key in URL.": "URL shortener may expose your decrypt key in URL.",
"Save paste": "Save paste"
"Save paste": "Save paste",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

3
i18n/lt.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Šifruoti užrašai ties PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Norėdami matyti užrašus, aplankykite šį tinklalapį. Pasidalinus šiuo URL adresu su kitais žmonėmis, jiems taip pat bus leidžiama prieiga prie šių užrašų.",
"URL shortener may expose your decrypt key in URL.": "URL trumpinimo įrankis gali atskleisti URL adrese jūsų iššifravimo raktą.",
"Save paste": "Įrašyti įdėjimą"
"Save paste": "Įrašyti įdėjimą",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

3
i18n/nl.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Encrypted note on PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.",
"URL shortener may expose your decrypt key in URL.": "URL shortener may expose your decrypt key in URL.",
"Save paste": "Save paste"
"Save paste": "Save paste",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

3
i18n/no.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Kryptert notat på PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Besøk denne lenken for å se notatet. Hvis lenken deles med andre, vil de også kunne se notatet.",
"URL shortener may expose your decrypt key in URL.": "URL forkorter kan avsløre dekrypteringsnøkkelen.",
"Save paste": "Lagre utklipp"
"Save paste": "Lagre utklipp",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

73
i18n/oc.json
View File

@ -37,76 +37,76 @@
"%d seconds": [
"%d segonda",
"%d segondas",
"%d seconds (2nd plural)",
"%d seconds (3rd plural)"
"%d segondas",
"%d segondas"
],
"%d minutes": [
"%d minuta",
"%d minutas",
"%d minutes (2nd plural)",
"%d minutes (3rd plural)"
"%d minutas",
"%d minutas"
],
"%d hours": [
"%d ora",
"%d oras",
"%d hours (2nd plural)",
"%d hours (3rd plural)"
"%d oras",
"%d oras"
],
"%d days": [
"%d jorn",
"%d jorns",
"%d days (2nd plural)",
"%d days (3rd plural)"
"%d jorns",
"%d jorns"
],
"%d weeks": [
"%d setmana",
"%d setmanas",
"%d weeks (2nd plural)",
"%d weeks (3rd plural)"
"%d setmanas",
"%d setmanas"
],
"%d months": [
"%d mes",
"%d meses",
"%d months (2nd plural)",
"%d months (3rd plural)"
"%d meses",
"%d meses"
],
"%d years": [
"%d an",
"%d ans",
"%d years (2nd plural)",
"%d years (3rd plural)"
"%d ans",
"%d ans"
],
"Never": "Jamai",
"Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service.": "Nota:Aquò es un servici despròva:las donadas pòdon èsser suprimidas a cada moment. De catons moriràn sabusatz daqueste servici.",
"This document will expire in %d seconds.": [
"Ce document expirera dans %d seconde.",
"Aqueste document expirarà dins %d segondas.",
"Aqueste document expirarà dins %d segondas.",
"Aqueste document expirarà dins %d segondas."
"Aqueste document expirarà daquí %d segonda.",
"Aqueste document expirarà daquí %d segondas.",
"Aqueste document expirarà daquí %d segondas.",
"Aqueste document expirarà daquí %d segondas."
],
"This document will expire in %d minutes.": [
"Ce document expirera dans %d minute.",
"Aqueste document expirarà dins %d minutas.",
"Aqueste document expirarà dins %d minutas.",
"Aqueste document expirarà dins %d minutas."
"Aqueste document expirarà daquí %d minuta.",
"Aqueste document expirarà daquí %d minutas.",
"Aqueste document expirarà daquí %d minutas.",
"Aqueste document expirarà daquí %d minutas."
],
"This document will expire in %d hours.": [
"Ce document expirera dans %d heure.",
"Aqueste document expirarà dins %d oras.",
"Aqueste document expirarà dins %d oras.",
"Aqueste document expirarà dins %d oras."
"Aqueste document expirarà daquí %d ora.",
"Aqueste document expirarà daquí %d oras.",
"Aqueste document expirarà daquí %d oras.",
"Aqueste document expirarà daquí %d oras."
],
"This document will expire in %d days.": [
"Ce document expirera dans %d jour.",
"Aqueste document expirarà dins %d jorns.",
"Aqueste document expirarà dins %d jorns.",
"Aqueste document expirarà dins %d jorns."
"Aqueste document expirarà daquí %d jorn.",
"Aqueste document expirarà daquí %d jorns.",
"Aqueste document expirarà daquí %d jorns.",
"Aqueste document expirarà daquí %d jorns."
],
"This document will expire in %d months.": [
"Ce document expirera dans %d mois.",
"Aqueste document expirarà dins %d meses.",
"Aqueste document expirarà dins %d meses.",
"Aqueste document expirarà dins %d meses."
"Aqueste document expirarà daquí %d mes.",
"Aqueste document expirarà daquí %d meses.",
"Aqueste document expirarà daquí %d meses.",
"Aqueste document expirarà daquí %d meses."
],
"Please enter the password for this paste:": "Picatz lo senhal per aqueste tèxte:",
"Could not decrypt data (Wrong key?)": "Impossible de deschifrar las donadas (marrida clau?)",
@ -156,7 +156,7 @@
"Shorten URL": "Acorchir lURL",
"Editor": "Editar",
"Preview": "Previsualizar",
"%s requires the PATH to end in a \"%s\". Please update the PATH in your index.php.": "%s demanda que lo PATH termine en \"%s\". Mercés de metre a jorn lo PATH dins vòstre index.php.",
"%s requires the PATH to end in a \"%s\". Please update the PATH in your index.php.": "%s demanda que lo PATH termine en « %s». Mercés de metre a jorn lo PATH dins vòstre index.php.",
"Decrypt": "Deschifrar",
"Enter password": "Picatz lo senhal",
"Loading…": "Cargament…",
@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Nòtas chifradas sus PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visitatz aqueste ligam per veire la nòta. Fornir lo ligam a qualquun mai li permet tanben daccedir a la nòta.",
"URL shortener may expose your decrypt key in URL.": "Los espleches dacorchiment dURL pòdon expausar la clau de deschiframent dins lURL.",
"Save paste": "Enregistrar lo tèxt"
"Save paste": "Enregistrar lo tèxt",
"Your IP is not authorized to create pastes.": "Vòstra adreça IP a pas lautorizacion de crear de tèxtes."
}

3
i18n/pl.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Encrypted note on PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.",
"URL shortener may expose your decrypt key in URL.": "URL shortener may expose your decrypt key in URL.",
"Save paste": "Save paste"
"Save paste": "Save paste",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

3
i18n/pt.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Nota criptografada no PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visite esse link para ver a nota. Dar a URL para qualquer um permite que eles também acessem a nota.",
"URL shortener may expose your decrypt key in URL.": "URL shortener may expose your decrypt key in URL.",
"Save paste": "Save paste"
"Save paste": "Save paste",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

3
i18n/ru.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Зашифрованная запись на PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Посетите эту ссылку чтобы просмотреть запись. Передача ссылки кому либо позволит им получить доступ к записи тоже.",
"URL shortener may expose your decrypt key in URL.": "Сервис сокращения ссылок может получить ваш ключ расшифровки из ссылки.",
"Save paste": "Сохранить запись"
"Save paste": "Сохранить запись",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

3
i18n/sl.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Encrypted note on PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.",
"URL shortener may expose your decrypt key in URL.": "URL shortener may expose your decrypt key in URL.",
"Save paste": "Save paste"
"Save paste": "Save paste",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

3
i18n/sv.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Encrypted note on PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.",
"URL shortener may expose your decrypt key in URL.": "URL shortener may expose your decrypt key in URL.",
"Save paste": "Save paste"
"Save paste": "Save paste",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

227
i18n/tr.json
View File

@ -1,135 +1,135 @@
{
"PrivateBin": "PrivateBin",
"%s is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted %sin the browser%s using 256 bits AES.": "%s is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted %sin the browser%s using 256 bits AES.",
"%s is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted %sin the browser%s using 256 bits AES.": "%s sunucunun burada paylaştığınız veriyi görmediği, minimal, açık kaynak bir pastebindir. Veriler tarayıcıda 256 bit AES kullanılarak şifrelenir/çözülür.",
"More information on the <a href=\"https://privatebin.info/\">project page</a>.": "Daha fazla bilgi için <a href=\"https://privatebin.info/\">proje sayfası</a>'na göz atabilirsiniz.",
"Because ignorance is bliss": "Çünkü, cehalet mutluluktur",
"en": "tr",
"Paste does not exist, has expired or has been deleted.": "Paste does not exist, has expired or has been deleted.",
"%s requires php %s or above to work. Sorry.": "%s requires php %s or above to work. Sorry.",
"%s requires configuration section [%s] to be present in configuration file.": "%s requires configuration section [%s] to be present in configuration file.",
"%s requires php %s or above to work. Sorry.": "%s PHP %s veya daha üstünü gerektirir.",
"%s requires configuration section [%s] to be present in configuration file.": "%s konfigürasyon bölümünün [%s] bulunmasını gerektir.",
"Please wait %d seconds between each post.": [
"Please wait %d second between each post. (singular)",
"Please wait %d seconds between each post. (1st plural)",
"Please wait %d seconds between each post. (2nd plural)",
"Please wait %d seconds between each post. (3rd plural)"
"Lütfen paylaşımlar arasında %d saniye bekleyiniz.",
"Lütfen paylaşımlar arasında %d saniye bekleyiniz.",
"Lütfen paylaşımlar arasında %d saniye bekleyiniz.",
"Lütfen paylaşımlar arasında %d saniye bekleyiniz."
],
"Paste is limited to %s of encrypted data.": "Paste is limited to %s of encrypted data.",
"Paste is limited to %s of encrypted data.": "Yazılar %s şifreli veriyle sınırlıdır.",
"Invalid data.": "Geçersiz veri.",
"You are unlucky. Try again.": "Lütfen tekrar deneyiniz.",
"Error saving comment. Sorry.": "Error saving comment. Sorry.",
"Error saving paste. Sorry.": "Error saving paste. Sorry.",
"Invalid paste ID.": "Invalid paste ID.",
"Paste is not of burn-after-reading type.": "Paste is not of burn-after-reading type.",
"Wrong deletion token. Paste was not deleted.": "Wrong deletion token. Paste was not deleted.",
"Paste was properly deleted.": "Paste was properly deleted.",
"JavaScript is required for %s to work. Sorry for the inconvenience.": "JavaScript is required for %s to work. Sorry for the inconvenience.",
"%s requires a modern browser to work.": "%s requires a modern browser to work.",
"Error saving comment. Sorry.": "Yorum kaydedilemedi.",
"Error saving paste. Sorry.": "Yazı kaydedilemedi. Üzgünüz.",
"Invalid paste ID.": "Geçersiz yazı ID'si.",
"Paste is not of burn-after-reading type.": "Yazı okunduğunda silinmeyecek şekilde ayarlanmış.",
"Wrong deletion token. Paste was not deleted.": "Yanlış silme anahtarı. Yazı silinemedi.",
"Paste was properly deleted.": "Yazı başarıyla silindi.",
"JavaScript is required for %s to work. Sorry for the inconvenience.": "JavaScript %s 'in çalışması için gereklidir. Rahatsızlıktan dolayı özür dileriz.",
"%s requires a modern browser to work.": "%s çalışmak için çağdaş bir tarayıcı gerektirir.",
"New": "Yeni",
"Send": "Gönder",
"Clone": "Kopyala",
"Raw text": "Raw text",
"Raw text": "ık yazı",
"Expires": "Süre Sonu",
"Burn after reading": "Burn after reading",
"Burn after reading": "Okuduktan sonra sil",
"Open discussion": "Açık Tartışmalar",
"Password (recommended)": "Password (recommended)",
"Password (recommended)": "Şifre (önerilir)",
"Discussion": "Tartışma",
"Toggle navigation": "Gezinmeyi değiştir",
"%d seconds": [
"%d second (singular)",
"%d seconds (1st plural)",
"%d seconds (2nd plural)",
"%d seconds (3rd plural)"
"%d saniye",
"%d saniye",
"%d saniye",
"%d saniye"
],
"%d minutes": [
"%d minute (singular)",
"%d minutes (1st plural)",
"%d minutes (2nd plural)",
"%d minutes (3rd plural)"
"%d dakika",
"%d dakika",
"%d dakika",
"%d dakika"
],
"%d hours": [
"%d hour (singular)",
"%d hours (1st plural)",
"%d hours (2nd plural)",
"%d hours (3rd plural)"
"%d saat",
"%d saat",
"%d saat",
"%d saat"
],
"%d days": [
"%d day (singular)",
"%d days (1st plural)",
"%d days (2nd plural)",
"%d days (3rd plural)"
"%d gün",
"%d gün",
"%d gün",
"%d gün"
],
"%d weeks": [
"%d hafta (tekil)",
"%d haftalar (çoğul)",
"%d weeks (2nd plural)",
"%d weeks (3rd plural)"
"%d hafta",
"%d hafta",
"%d hafta",
"%d hafta"
],
"%d months": [
"%d month (singular)",
"%d months (1st plural)",
"%d months (2nd plural)",
"%d months (3rd plural)"
"%d ay",
"%d ay",
"%d ay",
"%d ay"
],
"%d years": [
"%d year (singular)",
"%d years (1st plural)",
"%d years (2nd plural)",
"%d years (3rd plural)"
"%d yıl",
"%d yıl",
"%d yıl",
"%d yıl"
],
"Never": "Never",
"Never": "Asla",
"Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service.": "Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service.",
"This document will expire in %d seconds.": [
"This document will expire in %d second. (singular)",
"This document will expire in %d seconds. (1st plural)",
"This document will expire in %d seconds. (2nd plural)",
"This document will expire in %d seconds. (3rd plural)"
"Bu belge %s saniyede silinecektir.",
"Bu belge %s saniyede silinecektir.",
"Bu belge %s saniyede silinecektir.",
"Bu belge %s saniyede silinecektir."
],
"This document will expire in %d minutes.": [
"This document will expire in %d minute. (singular)",
"This document will expire in %d minutes. (1st plural)",
"This document will expire in %d minutes. (2nd plural)",
"This document will expire in %d minutes. (3rd plural)"
"Bu belge %s dakikada silinecektir.",
"Bu belge %s dakikada silinecektir.",
"Bu belge %s dakikada silinecektir.",
"Bu belge %s dakikada silinecektir."
],
"This document will expire in %d hours.": [
"This document will expire in %d hour. (singular)",
"This document will expire in %d hours. (1st plural)",
"This document will expire in %d hours. (2nd plural)",
"This document will expire in %d hours. (3rd plural)"
"Bu belge %s saatte silinecektir.",
"Bu belge %s saatte silinecektir.",
"Bu belge %s saatte silinecektir.",
"Bu belge %s saatte silinecektir.."
],
"This document will expire in %d days.": [
"This document will expire in %d day. (singular)",
"This document will expire in %d days. (1st plural)",
"This document will expire in %d days. (2nd plural)",
"This document will expire in %d days. (3rd plural)"
"Bu belge %s günde silinecektir.",
"Bu belge %s günde silinecektir.",
"Bu belge %s günde silinecektir.",
"Bu belge %s günde silinecektir.(3rd plural)"
],
"This document will expire in %d months.": [
"This document will expire in %d month. (singular)",
"This document will expire in %d months. (1st plural)",
"This document will expire in %d months. (2nd plural)",
"This document will expire in %d months. (3rd plural)"
"Bu belge %s ayda silinecektir.",
"Bu belge %s ayda silinecektir",
"Bu belge %s ayda silinecektir",
"Bu belge %s ayda silinecektir"
],
"Please enter the password for this paste:": "Please enter the password for this paste:",
"Could not decrypt data (Wrong key?)": "Could not decrypt data (Wrong key?)",
"Could not delete the paste, it was not stored in burn after reading mode.": "Could not delete the paste, it was not stored in burn after reading mode.",
"FOR YOUR EYES ONLY. Don't close this window, this message can't be displayed again.": "FOR YOUR EYES ONLY. Don't close this window, this message can't be displayed again.",
"Could not decrypt comment; Wrong key?": "Could not decrypt comment; Wrong key?",
"Please enter the password for this paste:": "Lütfen bu yazı için şifrenizi girin:",
"Could not decrypt data (Wrong key?)": "Şifre çözülemedi (Yanlış anahtar mı kullandınız?)",
"Could not delete the paste, it was not stored in burn after reading mode.": "Yazı silinemedi, okunduktan sonra silinmek için ayarlanmadı.",
"FOR YOUR EYES ONLY. Don't close this window, this message can't be displayed again.": "BU DOSYAYI SADECE SİZ GÖRÜNTÜLEYEBİLİRSİNİZ. Bu pencereyi kapatmayın, yazıyı tekrar görüntüleyemeyeceksiniz.",
"Could not decrypt comment; Wrong key?": "Dosya şifresi çözülemedi, doğru anahtarı girdiğinizden emin misiniz?",
"Reply": "Cevapla",
"Anonymous": "Anonim",
"Avatar generated from IP address": "Avatar generated from IP address",
"Avatar generated from IP address": "IP adresinden oluşturulmuş avatar",
"Add comment": "Yorum ekle",
"Optional nickname…": "Optional nickname…",
"Optional nickname…": "İsteğe bağlı takma isim...",
"Post comment": "Yorumu gönder",
"Sending comment…": "Sending comment…",
"Sending comment…": "Yorum gönderiliyor...",
"Comment posted.": "Yorum gönderildi.",
"Could not refresh display: %s": "Could not refresh display: %s",
"unknown status": "unknown status",
"server error or not responding": "server error or not responding",
"Could not post comment: %s": "Could not post comment: %s",
"Sending paste…": "Sending paste…",
"Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>": "Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>",
"Could not refresh display: %s": "Görüntü yenilenemedi: %s",
"unknown status": "bilinmeyen durum",
"server error or not responding": "sunucu hatası veya yanıt vermiyor",
"Could not post comment: %s": "Yorum paylaşılamadı: %s",
"Sending paste…": "Yazı gönderiliyor…",
"Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>": "Yazınız: <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">([Ctrl]+[c] tuşlarına basarak kopyalayın.)</span>",
"Delete data": "Veriyi sil",
"Could not create paste: %s": "Could not create paste: %s",
"Cannot decrypt paste: Decryption key missing in URL (Did you use a redirector or an URL shortener which strips part of the URL?)": "Cannot decrypt paste: Decryption key missing in URL (Did you use a redirector or an URL shortener which strips part of the URL?)",
"Could not create paste: %s": "Yazı oluşturulamadı: %s",
"Cannot decrypt paste: Decryption key missing in URL (Did you use a redirector or an URL shortener which strips part of the URL?)": "Yazı şifresi çözülemedi, çözme anahtarı URL'de bulunamadı. (Buraya bir yönlendirici veya URL kısaltıcı kullanarak gelmiş olabilirsiniz.)",
"B": "B",
"KiB": "KiB",
"MiB": "MiB",
@ -140,50 +140,51 @@
"ZiB": "ZiB",
"YiB": "YiB",
"Format": "Format",
"Plain Text": "Plain Text",
"Source Code": "Source Code",
"Plain Text": "Düz Yazı",
"Source Code": "Kaynak Kodu",
"Markdown": "Markdown",
"Download attachment": "Download attachment",
"Cloned: '%s'": "Cloned: '%s'",
"The cloned file '%s' was attached to this paste.": "The cloned file '%s' was attached to this paste.",
"Attach a file": "Attach a file",
"alternatively drag & drop a file or paste an image from the clipboard": "alternatively drag & drop a file or paste an image from the clipboard",
"File too large, to display a preview. Please download the attachment.": "File too large, to display a preview. Please download the attachment.",
"Remove attachment": "Remove attachment",
"Your browser does not support uploading encrypted files. Please use a newer browser.": "Your browser does not support uploading encrypted files. Please use a newer browser.",
"Invalid attachment.": "Invalid attachment.",
"Options": "Options",
"Shorten URL": "Shorten URL",
"Editor": "Editor",
"Download attachment": "Eki indir",
"Cloned: '%s'": "Klonlandı: '%s'",
"The cloned file '%s' was attached to this paste.": "Klonlanmış dosya '%s' bu yazıya eklendi.",
"Attach a file": "Dosya ekle",
"alternatively drag & drop a file or paste an image from the clipboard": "alternatif olarak dosyasyı yapıştırabilir veya sürükleyip bırakabilirsin.z",
"File too large, to display a preview. Please download the attachment.": "Dosya önizleme için çok büyük. Lütfen eki indirin.",
"Remove attachment": "Eki sil",
"Your browser does not support uploading encrypted files. Please use a newer browser.": "Tarayıcınız şifreli dosyaları desteklemiyor.",
"Invalid attachment.": "Geçersiz ek.",
"Options": "Seçenekler",
"Shorten URL": "URL kısaltma",
"Editor": "Düzenleyici",
"Preview": "Ön izleme",
"%s requires the PATH to end in a \"%s\". Please update the PATH in your index.php.": "%s requires the PATH to end in a \"%s\". Please update the PATH in your index.php.",
"Decrypt": "Decrypt",
"Decrypt": "Şifreyi çöz",
"Enter password": "Şifreyi girin",
"Loading…": "Yükleniyor…",
"Decrypting paste…": "Decrypting paste…",
"Preparing new paste…": "Preparing new paste…",
"Decrypting paste…": "Yazı şifresi çözülüyor...",
"Preparing new paste…": "Yeni yazı hazırlanıyor...",
"In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.": "In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.",
"+++ no paste text +++": "+++ no paste text +++",
"Could not get paste data: %s": "Could not get paste data: %s",
"Could not get paste data: %s": "Yazı verisi alınamıyor: %s",
"QR code": "QR kodu",
"This website is using an insecure HTTP connection! Please use it only for testing.": "This website is using an insecure HTTP connection! Please use it only for testing.",
"For more information <a href=\"%s\">see this FAQ entry</a>.": "For more information <a href=\"%s\">see this FAQ entry</a>.",
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.": "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.",
"Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones.": "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones.",
"waiting on user to provide a password": "waiting on user to provide a password",
"Could not decrypt data. Did you enter a wrong password? Retry with the button at the top.": "Could not decrypt data. Did you enter a wrong password? Retry with the button at the top.",
"Could not decrypt data. Did you enter a wrong password? Retry with the button at the top.": "Dosya şifresi çözülemedi, doğru şifreyi kullandığınıza emin misiniz? Üstteki buton ile tekrar deneyin.",
"Retry": "Yeniden Dene",
"Showing raw text…": "Showing raw text…",
"Showing raw text…": "ık yazı gösteriliyor...",
"Notice:": "Bildirim:",
"This link will expire after %s.": "This link will expire after %s.",
"This link can only be accessed once, do not use back or refresh button in your browser.": "This link can only be accessed once, do not use back or refresh button in your browser.",
"This link will expire after %s.": "Bu bağlantı şu kadar zaman sonra etkisiz kalacaktır: %s.",
"This link can only be accessed once, do not use back or refresh button in your browser.": "Bu bağlantı sadece bir kere erişilebilir, lütfen sayfayı yenilemeyiniz.",
"Link:": "Bağlantı:",
"Recipient may become aware of your timezone, convert time to UTC?": "Recipient may become aware of your timezone, convert time to UTC?",
"Use Current Timezone": "Use Current Timezone",
"Convert To UTC": "Convert To UTC",
"Recipient may become aware of your timezone, convert time to UTC?": "Alıcı zaman dilmini öğrenebilir, zaman dilimini UTC'ye çevirmek ister misin?",
"Use Current Timezone": "Şuanki zaman dilimini kullan",
"Convert To UTC": "UTC zaman dilimine çevir",
"Close": "Kapat",
"Encrypted note on PrivateBin": "Encrypted note on PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.",
"URL shortener may expose your decrypt key in URL.": "URL shortener may expose your decrypt key in URL.",
"Save paste": "Save paste"
"Encrypted note on PrivateBin": "PrivateBin üzerinde şifrelenmiş not",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Notu görmek için bu bağlantıyı ziyaret et. Bağlantıya sahip olan birisi notu görebilir.",
"URL shortener may expose your decrypt key in URL.": "URL kısaltıcı şifreleme anahtarınızı URL içerisinde gösterebilir.",
"Save paste": "Yazıyı kaydet",
"Your IP is not authorized to create pastes.": "IP adresinizin yazı oluşturmaya yetkisi yoktur."
}

3
i18n/uk.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "Encrypted note on PrivateBin",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.",
"URL shortener may expose your decrypt key in URL.": "URL shortener may expose your decrypt key in URL.",
"Save paste": "Save paste"
"Save paste": "Save paste",
"Your IP is not authorized to create pastes.": "Your IP is not authorized to create pastes."
}

3
i18n/zh.json
View File

@ -185,5 +185,6 @@
"Encrypted note on PrivateBin": "PrivateBin 上的加密笔记",
"Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.": "访问此链接来查看该笔记。将此 URL 发送给任何人即可允许其访问该笔记。",
"URL shortener may expose your decrypt key in URL.": "短链接服务可能会暴露您在 URL 中的解密密钥。",
"Save paste": "保存内容"
"Save paste": "保存内容",
"Your IP is not authorized to create pastes.": "您的 IP 无权创建粘贴。"
}

2
index.php
View File

@ -7,7 +7,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
// change this, if your php files and data is outside of your webservers document root

4
js/common.js
View File

@ -12,11 +12,11 @@ global.WebCrypto = require('@peculiar/webcrypto').Crypto;
// application libraries to test
global.$ = global.jQuery = require('./jquery-3.6.0');
global.RawDeflate = require('./rawinflate-0.3').RawDeflate;
global.zlib = require('./zlib-1.2.11').zlib;
global.zlib = require('./zlib-1.2.12').zlib;
require('./prettify');
global.prettyPrint = window.PR.prettyPrint;
global.prettyPrintOne = window.PR.prettyPrintOne;
global.showdown = require('./showdown-2.0.0');
global.showdown = require('./showdown-2.0.3');
global.DOMPurify = require('./purify-2.3.6');
global.baseX = require('./base-x-4.0.0').baseX;
global.Legacy = require('./legacy').Legacy;

2
js/package.json
View File

@ -1,6 +1,6 @@
{
"name": "privatebin",
"version": "1.3.5",
"version": "1.4.0",
"description": "PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bit AES in Galois Counter mode (GCM).",
"main": "privatebin.js",
"directories": {

140
js/privatebin.js
View File

@ -6,7 +6,7 @@
* @see {@link https://github.com/PrivateBin/PrivateBin}
* @copyright 2012 Sébastien SAUVAGE ({@link http://sebsauvage.net})
* @license {@link https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License}
* @version 1.3.5
* @version 1.4.0
* @name PrivateBin
* @namespace
*/
@ -52,6 +52,31 @@ jQuery.PrivateBin = (function($, RawDeflate) {
*/
let z;
/**
* DOMpurify settings for HTML content
*
* @private
*/
const purifyHtmlConfig = {
ALLOWED_URI_REGEXP: /^(?:(?:(?:f|ht)tps?|mailto|magnet):)/i,
SAFE_FOR_JQUERY: true,
USE_PROFILES: {
html: true
}
};
/**
* DOMpurify settings for SVG content
*
* @private
*/
const purifySvgConfig = {
USE_PROFILES: {
svg: true,
svgFilters: true
}
};
/**
* CryptoData class
*
@ -409,7 +434,8 @@ jQuery.PrivateBin = (function($, RawDeflate) {
element.html().replace(
/(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
'<a href="$1" rel="nofollow noopener noreferrer">$1</a>'
)
),
purifyHtmlConfig
)
);
};
@ -601,7 +627,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
* @prop {string[]}
* @readonly
*/
const supportedLanguages = ['bg', 'ca', 'cs', 'de', 'es', 'et', 'fr', 'he', 'hu', 'id', 'it', 'jbo', 'lt', 'no', 'nl', 'pl', 'pt', 'oc', 'ru', 'sl', 'uk', 'zh'];
const supportedLanguages = ['bg', 'ca', 'co', 'cs', 'de', 'es', 'et', 'fi', 'fr', 'he', 'hu', 'id', 'it', 'jbo', 'lt', 'no', 'nl', 'pl', 'pt', 'oc', 'ru', 'sl', 'tr', 'uk', 'zh'];
/**
* built in language
@ -767,7 +793,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
/**
* per language functions to use to determine the plural form
*
* @see {@link https://localization-guide.readthedocs.org/en/latest/l10n/pluralforms.html}
* @see {@link https://docs.translatehouse.org/projects/localization-guide/en/latest/l10n/pluralforms.html}
* @name I18n.getPluralForm
* @function
* @param {int} n
@ -778,8 +804,10 @@ jQuery.PrivateBin = (function($, RawDeflate) {
{
case 'cs':
return n === 1 ? 0 : (n >= 2 && n <=4 ? 1 : 2);
case 'co':
case 'fr':
case 'oc':
case 'tr':
case 'zh':
return n > 1 ? 1 : 0;
case 'he':
@ -796,7 +824,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
return n % 10 === 1 && n % 100 !== 11 ? 0 : (n % 10 >= 2 && n % 10 <= 4 && (n % 100 < 10 || n % 100 >= 20) ? 1 : 2);
case 'sl':
return n % 100 === 1 ? 1 : (n % 100 === 2 ? 2 : (n % 100 === 3 || n % 100 === 4 ? 3 : 0));
// bg, ca, de, en, es, et, hu, it, nl, no, pt
// bg, ca, de, en, es, et, fi, hu, it, nl, no, pt
default:
return n !== 1 ? 1 : 0;
}
@ -2535,7 +2563,8 @@ jQuery.PrivateBin = (function($, RawDeflate) {
// let showdown convert the HTML and sanitize HTML *afterwards*!
$plainText.html(
DOMPurify.sanitize(
converter.makeHtml(text)
converter.makeHtml(text),
purifyHtmlConfig
)
);
// add table classes from bootstrap css
@ -2751,6 +2780,34 @@ jQuery.PrivateBin = (function($, RawDeflate) {
$dropzone;
/**
* get blob URL from string data and mime type
*
* @name AttachmentViewer.getBlobUrl
* @private
* @function
* @param {string} data - raw data of attachment
* @param {string} data - mime type of attachment
* @return {string} objectURL
*/
function getBlobUrl(data, mimeType)
{
// Transform into a Blob
const buf = new Uint8Array(data.length);
for (let i = 0; i < data.length; ++i) {
buf[i] = data.charCodeAt(i);
}
const blob = new window.Blob(
[buf],
{
type: mimeType
}
);
// Get blob URL
return window.URL.createObjectURL(blob);
}
/**
* sets the attachment but does not yet show it
*
* @name AttachmentViewer.setAttachment
@ -2760,44 +2817,42 @@ jQuery.PrivateBin = (function($, RawDeflate) {
*/
me.setAttachment = function(attachmentData, fileName)
{
// data URI format: data:[<mediaType>][;base64],<data>
// skip, if attachments got disabled
if (!$attachmentLink || !$attachmentPreview) return;
// data URI format: data:[<mimeType>][;base64],<data>
// position in data URI string of where data begins
const base64Start = attachmentData.indexOf(',') + 1;
// position in data URI string of where mediaType ends
const mediaTypeEnd = attachmentData.indexOf(';');
// position in data URI string of where mimeType ends
const mimeTypeEnd = attachmentData.indexOf(';');
// extract mediaType
const mediaType = attachmentData.substring(5, mediaTypeEnd);
// extract mimeType
const mimeType = attachmentData.substring(5, mimeTypeEnd);
// extract data and convert to binary
const rawData = attachmentData.substring(base64Start);
const decodedData = rawData.length > 0 ? atob(rawData) : '';
// Transform into a Blob
const buf = new Uint8Array(decodedData.length);
for (let i = 0; i < decodedData.length; ++i) {
buf[i] = decodedData.charCodeAt(i);
}
const blob = new window.Blob([ buf ], { type: mediaType });
// Get Blob URL
const blobUrl = window.URL.createObjectURL(blob);
// IE does not support setting a data URI on an a element
// Using msSaveBlob to download
if (window.Blob && navigator.msSaveBlob) {
$attachmentLink.off('click').on('click', function () {
navigator.msSaveBlob(blob, fileName);
});
} else {
$attachmentLink.attr('href', blobUrl);
}
let blobUrl = getBlobUrl(decodedData, mimeType);
$attachmentLink.attr('href', blobUrl);
if (typeof fileName !== 'undefined') {
$attachmentLink.attr('download', fileName);
}
me.handleBlobAttachmentPreview($attachmentPreview, blobUrl, mediaType);
// sanitize SVG preview
// prevents executing embedded scripts when CSP is not set and user
// right-clicks/long-taps and opens the SVG in a new tab - prevented
// in the preview by use of an img tag, which disables scripts, too
if (mimeType.match(/^image\/.*svg/i)) {
const sanitizedData = DOMPurify.sanitize(
decodedData,
purifySvgConfig
);
blobUrl = getBlobUrl(sanitizedData, mimeType);
}
me.handleBlobAttachmentPreview($attachmentPreview, blobUrl, mimeType);
};
/**
@ -2808,6 +2863,9 @@ jQuery.PrivateBin = (function($, RawDeflate) {
*/
me.showAttachment = function()
{
// skip, if attachments got disabled
if (!$attachment || !$attachmentPreview) return;
$attachment.removeClass('hidden');
if (attachmentHasPreview) {
@ -3015,13 +3073,13 @@ jQuery.PrivateBin = (function($, RawDeflate) {
me.handleBlobAttachmentPreview = function ($targetElement, blobUrl, mimeType) {
if (blobUrl) {
attachmentHasPreview = true;
if (mimeType.match(/image\//i)) {
if (mimeType.match(/^image\//i)) {
$targetElement.html(
$(document.createElement('img'))
.attr('src', blobUrl)
.attr('class', 'img-thumbnail')
);
} else if (mimeType.match(/video\//i)) {
} else if (mimeType.match(/^video\//i)) {
$targetElement.html(
$(document.createElement('video'))
.attr('controls', 'true')
@ -3032,7 +3090,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
.attr('type', mimeType)
.attr('src', blobUrl))
);
} else if (mimeType.match(/audio\//i)) {
} else if (mimeType.match(/^audio\//i)) {
$targetElement.html(
$(document.createElement('audio'))
.attr('controls', 'true')
@ -3664,7 +3722,14 @@ jQuery.PrivateBin = (function($, RawDeflate) {
for (let i = 0; i < $head.length; ++i) {
newDoc.write($head[i].outerHTML);
}
newDoc.write('</head><body><pre>' + DOMPurify.sanitize(Helper.htmlEntities(paste)) + '</pre></body></html>');
newDoc.write(
'</head><body><pre>' +
DOMPurify.sanitize(
Helper.htmlEntities(paste),
purifyHtmlConfig
) +
'</pre></body></html>'
);
newDoc.close();
}
@ -5393,11 +5458,6 @@ jQuery.PrivateBin = (function($, RawDeflate) {
// first load translations
I18n.loadTranslations();
DOMPurify.setConfig({
ALLOWED_URI_REGEXP: /^(?:(?:(?:f|ht)tps?|mailto|magnet):)/i,
SAFE_FOR_JQUERY: true
});
// Add a hook to make all links open a new window
DOMPurify.addHook('afterSanitizeAttributes', function(node) {
// set all elements owning target to target=_blank

2
js/showdown-2.0.0.js
View File

File diff suppressed because one or more lines are too long

2
js/showdown-2.0.3.js Normal file
View File

File diff suppressed because one or more lines are too long

BIN
js/zlib-1.2.11.wasm
View File

Binary file not shown.

4
js/zlib-1.2.11.js → js/zlib-1.2.12.js
View File

@ -26,9 +26,9 @@
let buff;
if (typeof fetch === 'undefined') {
buff = fs.readFileSync('zlib-1.2.11.wasm');
buff = fs.readFileSync('zlib-1.2.12.wasm');
} else {
const resp = await fetch('js/zlib-1.2.11.wasm');
const resp = await fetch('js/zlib-1.2.12.wasm');
buff = await resp.arrayBuffer();
}
const module = await WebAssembly.compile(buff);

BIN
js/zlib-1.2.12.wasm Normal file
View File

Binary file not shown.

11
lib/Configuration.php
View File

@ -7,7 +7,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
namespace PrivateBin;
@ -54,7 +54,7 @@ class Configuration
'urlshortener' => '',
'qrcode' => true,
'icon' => 'identicon',
'cspheader' => 'default-src \'none\'; base-uri \'self\'; form-action \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\' resource:; style-src \'self\'; font-src \'self\'; frame-ancestors \'none\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads',
'cspheader' => 'default-src \'none\'; base-uri \'self\'; form-action \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; frame-ancestors \'none\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads',
'zerobincompatibility' => false,
'httpwarning' => true,
'compression' => 'zlib',
@ -78,9 +78,10 @@ class Configuration
'markdown' => 'Markdown',
),
'traffic' => array(
'limit' => 10,
'header' => null,
'exemptedIp' => null,
'limit' => 10,
'header' => '',
'exempted' => '',
'creators' => '',
),
'purge' => array(
'limit' => 300,

28
lib/Controller.php
View File

@ -7,7 +7,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
namespace PrivateBin;
@ -28,7 +28,7 @@ class Controller
*
* @const string
*/
const VERSION = '1.3.5';
const VERSION = '1.4.0';
/**
* minimal required PHP version
@ -199,13 +199,10 @@ class Controller
ServerSalt::setStore($this->_model->getStore());
TrafficLimiter::setConfiguration($this->_conf);
TrafficLimiter::setStore($this->_model->getStore());
if (!TrafficLimiter::canPass()) {
$this->_return_message(
1, I18n::_(
'Please wait %d seconds between each post.',
$this->_conf->getKey('limit', 'traffic')
)
);
try {
TrafficLimiter::canPass();
} catch (Exception $e) {
$this->_return_message(1, $e->getMessage());
return;
}
@ -345,7 +342,7 @@ class Controller
header('Cross-Origin-Resource-Policy: same-origin');
header('Cross-Origin-Embedder-Policy: require-corp');
header('Cross-Origin-Opener-Policy: same-origin');
header('Permissions-Policy: interest-cohort=()');
header('Permissions-Policy: browsing-topics=()');
header('Referrer-Policy: no-referrer');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: deny');
@ -367,6 +364,16 @@ class Controller
setcookie('lang', $languageselection, 0, '', '', true);
}
// strip policies that are unsupported in meta tag
$metacspheader = str_replace(
array(
'frame-ancestors \'none\'; ',
'; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads',
),
'',
$this->_conf->getKey('cspheader')
);
$page = new View;
$page->assign('NAME', $this->_conf->getKey('name'));
$page->assign('BASEPATH', I18n::_($this->_conf->getKey('basepath')));
@ -395,6 +402,7 @@ class Controller
$page->assign('HTTPWARNING', $this->_conf->getKey('httpwarning'));
$page->assign('HTTPSLINK', 'https://' . $this->_request->getHost() . $this->_request->getRequestUri());
$page->assign('COMPRESSION', $this->_conf->getKey('compression'));
$page->assign('CSPHEADER', $metacspheader);
$page->draw($this->_conf->getKey('template'));
}

2
lib/Data/AbstractData.php
View File

@ -7,7 +7,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
namespace PrivateBin\Data;

4
lib/Data/Database.php
View File

@ -7,7 +7,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
namespace PrivateBin\Data;
@ -100,7 +100,7 @@ class Database extends AbstractData
// MySQL uses backticks to quote identifiers by default,
// tell it to expect ANSI SQL double quotes
if (self::$_type === 'mysql' && defined('PDO::MYSQL_ATTR_INIT_COMMAND')) {
$options['opt'][PDO::MYSQL_ATTR_INIT_COMMAND] = "SET sql_mode='ANSI_QUOTES'";
$options['opt'][PDO::MYSQL_ATTR_INIT_COMMAND] = "SET SESSION sql_mode='ANSI_QUOTES'";
}
$tableQuery = self::_getTableQuery(self::$_type);
self::$_db = new PDO(

2
lib/Data/Filesystem.php
View File

@ -7,7 +7,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
namespace PrivateBin\Data;

2
lib/Filter.php
View File

@ -7,7 +7,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
namespace PrivateBin;

2
lib/FormatV2.php
View File

@ -7,7 +7,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
namespace PrivateBin;

8
lib/I18n.php
View File

@ -7,7 +7,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
namespace PrivateBin;
@ -305,7 +305,7 @@ class I18n
/**
* determines the plural form to use based on current language and given number
*
* From: https://localization-guide.readthedocs.org/en/latest/l10n/pluralforms.html
* From: https://docs.translatehouse.org/projects/localization-guide/en/latest/l10n/pluralforms.html
*
* @access protected
* @static
@ -317,8 +317,10 @@ class I18n
switch (self::$_language) {
case 'cs':
return $n == 1 ? 0 : ($n >= 2 && $n <= 4 ? 1 : 2);
case 'co':
case 'fr':
case 'oc':
case 'tr':
case 'zh':
return $n > 1 ? 1 : 0;
case 'he':
@ -335,7 +337,7 @@ class I18n
return $n % 10 == 1 && $n % 100 != 11 ? 0 : ($n % 10 >= 2 && $n % 10 <= 4 && ($n % 100 < 10 || $n % 100 >= 20) ? 1 : 2);
case 'sl':
return $n % 100 == 1 ? 1 : ($n % 100 == 2 ? 2 : ($n % 100 == 3 || $n % 100 == 4 ? 3 : 0));
// bg, ca, de, en, es, et, hu, it, nl, no, pt
// bg, ca, de, en, es, et, fi, hu, it, nl, no, pt
default:
return $n != 1 ? 1 : 0;
}

2
lib/Json.php
View File

@ -7,7 +7,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
namespace PrivateBin;

2
lib/Model.php
View File

@ -7,7 +7,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
namespace PrivateBin;

2
lib/Model/AbstractModel.php
View File

@ -7,7 +7,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
namespace PrivateBin\Model;

2
lib/Model/Comment.php
View File

@ -7,7 +7,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
namespace PrivateBin\Model;

2
lib/Model/Paste.php
View File

@ -7,7 +7,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
namespace PrivateBin\Model;

2
lib/Persistence/AbstractPersistence.php
View File

@ -7,7 +7,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
namespace PrivateBin\Persistence;

2
lib/Persistence/PurgeLimiter.php
View File

@ -7,7 +7,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
namespace PrivateBin\Persistence;

2
lib/Persistence/ServerSalt.php
View File

@ -7,7 +7,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
namespace PrivateBin\Persistence;

135
lib/Persistence/TrafficLimiter.php
View File

@ -8,13 +8,16 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
namespace PrivateBin\Persistence;
use Exception;
use IPLib\Factory;
use IPLib\ParseStringFlag;
use PrivateBin\Configuration;
use PrivateBin\I18n;
/**
* TrafficLimiter
@ -24,22 +27,22 @@ use PrivateBin\Configuration;
class TrafficLimiter extends AbstractPersistence
{
/**
* time limit in seconds, defaults to 10s
*
* @access private
* @static
* @var int
*/
private static $_limit = 10;
/**
* listed ips are exempted from limits, defaults to null
* listed IPs are the only ones allowed to create, defaults to null
*
* @access private
* @static
* @var string|null
*/
private static $_exemptedIp = null;
private static $_creators = null;
/**
* listed IPs are exempted from limits, defaults to null
*
* @access private
* @static
* @var string|null
*/
private static $_exempted = null;
/**
* key to fetch IP address
@ -51,28 +54,13 @@ class TrafficLimiter extends AbstractPersistence
private static $_ipKey = 'REMOTE_ADDR';
/**
* set the time limit in seconds
* time limit in seconds, defaults to 10s
*
* @access public
* @access private
* @static
* @param int $limit
* @var int
*/
public static function setLimit($limit)
{
self::$_limit = $limit;
}
/**
* set a list of ip(ranges) as string
*
* @access public
* @static
* @param string $exemptedIps
*/
public static function setExemptedIp($exemptedIp)
{
self::$_exemptedIp = $exemptedIp;
}
private static $_limit = 10;
/**
* set configuration options of the traffic limiter
@ -83,10 +71,11 @@ class TrafficLimiter extends AbstractPersistence
*/
public static function setConfiguration(Configuration $conf)
{
self::setCreators($conf->getKey('creators', 'traffic'));
self::setExempted($conf->getKey('exempted', 'traffic'));
self::setLimit($conf->getKey('limit', 'traffic'));
self::setExemptedIp($conf->getKey('exemptedIp', 'traffic'));
if (($option = $conf->getKey('header', 'traffic')) !== null) {
if (($option = $conf->getKey('header', 'traffic')) !== '') {
$httpHeader = 'HTTP_' . $option;
if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) {
self::$_ipKey = $httpHeader;
@ -94,6 +83,42 @@ class TrafficLimiter extends AbstractPersistence
}
}
/**
* set a list of creator IP(-ranges) as string
*
* @access public
* @static
* @param string $creators
*/
public static function setCreators($creators)
{
self::$_creators = $creators;
}
/**
* set a list of exempted IP(-ranges) as string
*
* @access public
* @static
* @param string $exempted
*/
public static function setExempted($exempted)
{
self::$_exempted = $exempted;
}
/**
* set the time limit in seconds
*
* @access public
* @static
* @param int $limit
*/
public static function setLimit($limit)
{
self::$_limit = $limit;
}
/**
* get a HMAC of the current visitors IP address
*
@ -108,7 +133,7 @@ class TrafficLimiter extends AbstractPersistence
}
/**
* Validate $_ipKey against configured ipranges. If matched we will ignore the ip
* validate $_ipKey against configured ipranges. If matched we will ignore the ip
*
* @access private
* @static
@ -120,8 +145,11 @@ class TrafficLimiter extends AbstractPersistence
if (is_string($ipRange)) {
$ipRange = trim($ipRange);
}
$address = Factory::addressFromString($_SERVER[self::$_ipKey]);
$range = Factory::rangeFromString($ipRange);
$address = Factory::parseAddressString($_SERVER[self::$_ipKey]);
$range = Factory::parseRangeString(
$ipRange,
ParseStringFlag::IPV4_MAYBE_NON_DECIMAL | ParseStringFlag::IPV4SUBNET_MAYBE_COMPACT | ParseStringFlag::IPV4ADDRESS_MAYBE_NON_QUAD_DOTTED
);
// address could not be parsed, we might not be in IP space and try a string comparison instead
if (is_null($address)) {
@ -136,24 +164,35 @@ class TrafficLimiter extends AbstractPersistence
}
/**
* traffic limiter
*
* Make sure the IP address makes at most 1 request every 10 seconds.
* make sure the IP address is allowed to perfom a request
*
* @access public
* @static
* @return bool
* @throws Exception
* @return true
*/
public static function canPass()
{
// if creators are defined, the traffic limiter will only allow creation
// for these, with no limits, and skip any other rules
if (!empty(self::$_creators)) {
$creatorIps = explode(',', self::$_creators);
foreach ($creatorIps as $ipRange) {
if (self::matchIp($ipRange) === true) {
return true;
}
}
throw new Exception(I18n::_('Your IP is not authorized to create pastes.'));
}
// disable limits if set to less then 1
if (self::$_limit < 1) {
return true;
}
// Check if $_ipKey is exempted from ratelimiting
if (!is_null(self::$_exemptedIp)) {
$exIp_array = explode(',', self::$_exemptedIp);
// check if $_ipKey is exempted from ratelimiting
if (!empty(self::$_exempted)) {
$exIp_array = explode(',', self::$_exempted);
foreach ($exIp_array as $ipRange) {
if (self::matchIp($ipRange) === true) {
return true;
@ -161,7 +200,7 @@ class TrafficLimiter extends AbstractPersistence
}
}
// this hash is used as an array key, hence a shorter algo is used
// used as array key, which are limited in length, hence using algo with shorter range
$hash = self::getHash('sha256');
$now = time();
$tl = (int) self::$_store->getValue('traffic_limiter', $hash);
@ -175,6 +214,12 @@ class TrafficLimiter extends AbstractPersistence
if (!self::$_store->setValue((string) $tl, 'traffic_limiter', $hash)) {
error_log('failed to store the traffic limiter, it probably contains outdated information');
}
return $result;
if ($result) {
return true;
}
throw new Exception(I18n::_(
'Please wait %d seconds between each post.',
self::$_limit
));
}
}

2
lib/Request.php
View File

@ -7,7 +7,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
namespace PrivateBin;

2
lib/View.php
View File

@ -7,7 +7,7 @@
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 1.3.5
* @version 1.4.0
*/
namespace PrivateBin;

2
lib/Vizhash16x16.php
View File

@ -8,7 +8,7 @@
* @link http://sebsauvage.net/wiki/doku.php?id=php:vizhash_gd
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 0.0.5 beta PrivateBin 1.3.5
* @version 0.0.5 beta PrivateBin 1.4.0
*/
namespace PrivateBin;

7
tpl/bootstrap.php
View File

@ -7,6 +7,7 @@ $isPage = substr($template, -5) === '-page';
<html lang="<?php echo I18n::_('en'); ?>">
<head>
<meta charset="utf-8" />
<meta http-equiv="Content-Security-Policy" content="<?php echo I18n::encode($CSPHEADER); ?>">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex" />
@ -54,7 +55,7 @@ if ($ZEROBINCOMPATIBILITY) :
<?php
endif;
?>
<script type="text/javascript" data-cfasync="false" src="js/zlib-1.2.11.js" integrity="sha512-Yey/0yoaVmSbqMEyyff3DIu8kCPwpHvHf7tY1AuZ1lrX9NPCMg87PwzngMi+VNbe4ilCApmePeuKT869RTcyCQ==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/zlib-1.2.12.js" integrity="sha512-Ewve1dyEW/Vf97OY91/aWqMx9NaaUK5d8Z6JB1RR5gFXtMhse/Ya7D/5CE/UrQTwOWqmkvn97JjP4YDUrmq/yA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/base-x-4.0.0.js" integrity="sha512-nNPg5IGCwwrveZ8cA/yMGr5HiRS5Ps2H+s0J/mKTPjCPWUgFGGw7M5nqdnPD3VsRwCVysUh3Y8OWjeSKGkEQJQ==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/rawinflate-0.3.js" integrity="sha512-g8uelGgJW9A/Z1tB6Izxab++oj5kdD7B4qC7DHwZkB6DGMXKyzx7v5mvap2HXueI2IIn08YlRYM56jwWdm2ucQ==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/bootstrap-3.4.1.js" integrity="sha512-oBTprMeNEKCnqfuqKd6sbvFzmFQtlXS3e0C/RGFV0hD6QzhHV+ODfaQbAlmY6/q0ubbwlAM/nCJjkrgA3waLzg==" crossorigin="anonymous"></script>
@ -66,13 +67,13 @@ if ($SYNTAXHIGHLIGHTING) :
endif;
if ($MARKDOWN) :
?>
<script type="text/javascript" data-cfasync="false" src="js/showdown-2.0.0.js" integrity="sha512-UB9jpMTOJLSnVzePuqlSGT34G70wEGqtIWabMeAh+Drnj4/uQ8rFkFn1zkN9vkWp/7nA51U2LmP23H5MJvBXsw==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/showdown-2.0.3.js" integrity="sha512-vcfjvW3UKHD/4vlQx804cqWK88jFmjsWRsZ8/u5YEcyHB1IituxrXDU7TvdqsFVsMnxpE/UIEo25/SYW+puWHw==" crossorigin="anonymous"></script>
<?php
endif;
?>
<script type="text/javascript" data-cfasync="false" src="js/purify-2.3.6.js" integrity="sha512-N1GGPjbqLbwK821ZN7C925WuTwU4aDxz2CEEOXQ6/s6m6MBwVj8fh5fugiE2hzsm0xud3q7jpjZQ4ILnpMREYQ==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-PTOcxIWIPWCnb5vC4fmQDMqYGerwsu3AndVyPxn9NlQffIWYMPf/p28Z9SIygXsmcYjmTRmUiW5y7df63mNTfg==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-CbXFfxyGfdXnwMumt2sMdPs/Pxnk3Ahkpw8JulqRIGYZPq7O/hM0YT/xjHG9IcaigdKC0aL42uzlxoBXLI11gw==" crossorigin="anonymous"></script>
<!-- icon -->
<link rel="apple-touch-icon" href="<?php echo I18n::encode($BASEPATH); ?>img/apple-touch-icon.png" sizes="180x180" />
<link rel="icon" type="image/png" href="img/favicon-32x32.png" sizes="32x32" />

7
tpl/page.php
View File

@ -4,6 +4,7 @@ use PrivateBin\I18n;
<html lang="<?php echo I18n::_('en'); ?>">
<head>
<meta charset="utf-8" />
<meta http-equiv="Content-Security-Policy" content="<?php echo I18n::encode($CSPHEADER); ?>">
<meta name="robots" content="noindex" />
<meta name="google" content="notranslate">
<title><?php echo I18n::_($NAME); ?></title>
@ -33,7 +34,7 @@ if ($ZEROBINCOMPATIBILITY):
<?php
endif;
?>
<script type="text/javascript" data-cfasync="false" src="js/zlib-1.2.11.js" integrity="sha512-Yey/0yoaVmSbqMEyyff3DIu8kCPwpHvHf7tY1AuZ1lrX9NPCMg87PwzngMi+VNbe4ilCApmePeuKT869RTcyCQ==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/zlib-1.2.12.js" integrity="sha512-Ewve1dyEW/Vf97OY91/aWqMx9NaaUK5d8Z6JB1RR5gFXtMhse/Ya7D/5CE/UrQTwOWqmkvn97JjP4YDUrmq/yA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/base-x-4.0.0.js" integrity="sha512-nNPg5IGCwwrveZ8cA/yMGr5HiRS5Ps2H+s0J/mKTPjCPWUgFGGw7M5nqdnPD3VsRwCVysUh3Y8OWjeSKGkEQJQ==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/rawinflate-0.3.js" integrity="sha512-g8uelGgJW9A/Z1tB6Izxab++oj5kdD7B4qC7DHwZkB6DGMXKyzx7v5mvap2HXueI2IIn08YlRYM56jwWdm2ucQ==" crossorigin="anonymous"></script>
<?php
@ -44,13 +45,13 @@ if ($SYNTAXHIGHLIGHTING):
endif;
if ($MARKDOWN):
?>
<script type="text/javascript" data-cfasync="false" src="js/showdown-2.0.0.js" integrity="sha512-UB9jpMTOJLSnVzePuqlSGT34G70wEGqtIWabMeAh+Drnj4/uQ8rFkFn1zkN9vkWp/7nA51U2LmP23H5MJvBXsw==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/showdown-2.0.3.js" integrity="sha512-vcfjvW3UKHD/4vlQx804cqWK88jFmjsWRsZ8/u5YEcyHB1IituxrXDU7TvdqsFVsMnxpE/UIEo25/SYW+puWHw==" crossorigin="anonymous"></script>
<?php
endif;
?>
<script type="text/javascript" data-cfasync="false" src="js/purify-2.3.6.js" integrity="sha512-N1GGPjbqLbwK821ZN7C925WuTwU4aDxz2CEEOXQ6/s6m6MBwVj8fh5fugiE2hzsm0xud3q7jpjZQ4ILnpMREYQ==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-PTOcxIWIPWCnb5vC4fmQDMqYGerwsu3AndVyPxn9NlQffIWYMPf/p28Z9SIygXsmcYjmTRmUiW5y7df63mNTfg==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-CbXFfxyGfdXnwMumt2sMdPs/Pxnk3Ahkpw8JulqRIGYZPq7O/hM0YT/xjHG9IcaigdKC0aL42uzlxoBXLI11gw==" crossorigin="anonymous"></script>
<!-- icon -->
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />

63
tst/Persistence/TrafficLimiterTest.php
View File

@ -39,27 +39,74 @@ class TrafficLimiterTest extends TestCase
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$this->assertTrue(TrafficLimiter::canPass(), 'first request may pass');
sleep(1);
$this->assertFalse(TrafficLimiter::canPass(), 'second request is to fast, may not pass');
try {
$this->assertFalse(TrafficLimiter::canPass(), 'expected an exception');
} catch (Exception $e) {
$this->assertEquals($e->getMessage(), 'Please wait 4 seconds between each post.', 'second request is to fast, may not pass');
}
sleep(4);
$this->assertTrue(TrafficLimiter::canPass(), 'third request waited long enough and may pass');
$_SERVER['REMOTE_ADDR'] = '2001:1620:2057:dead:beef::cafe:babe';
$this->assertTrue(TrafficLimiter::canPass(), 'fourth request has different ip and may pass');
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$this->assertFalse(TrafficLimiter::canPass(), 'fifth request is to fast, may not pass');
try {
$this->assertFalse(TrafficLimiter::canPass(), 'expected an exception');
} catch (Exception $e) {
$this->assertEquals($e->getMessage(), 'Please wait 4 seconds between each post.', 'fifth request is to fast, may not pass');
}
}
// exempted IPs configuration
TrafficLimiter::setExemptedIp('1.2.3.4,10.10.10.0/24,2001:1620:2057::/48');
$this->assertFalse(TrafficLimiter::canPass(), 'still too fast and not exempted');
public function testTrafficLimitExempted()
{
TrafficLimiter::setExempted('1.2.3.4,10.10.10/24,2001:1620:2057::/48');
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$this->assertTrue(TrafficLimiter::canPass(), 'first request may pass');
try {
$this->assertFalse(TrafficLimiter::canPass(), 'expected an exception');
} catch (Exception $e) {
$this->assertEquals($e->getMessage(), 'Please wait 4 seconds between each post.', 'not exempted');
}
$_SERVER['REMOTE_ADDR'] = '10.10.10.10';
$this->assertTrue(TrafficLimiter::canPass(), 'IPv4 in exempted range');
$this->assertTrue(TrafficLimiter::canPass(), 'request is to fast, but IPv4 in exempted range');
$_SERVER['REMOTE_ADDR'] = '2001:1620:2057:dead:beef::cafe:babe';
$this->assertTrue(TrafficLimiter::canPass(), 'IPv6 in exempted range');
$this->assertTrue(TrafficLimiter::canPass(), 'request is to fast, but IPv6 in exempted range');
TrafficLimiter::setExemptedIp('127.*,foobar');
$this->assertFalse(TrafficLimiter::canPass(), 'request is to fast, invalid range');
TrafficLimiter::setExempted('127.*,foobar');
$this->assertTrue(TrafficLimiter::canPass(), 'first cached request may pass');
try {
$this->assertFalse(TrafficLimiter::canPass(), 'expected an exception');
} catch (Exception $e) {
$this->assertEquals($e->getMessage(), 'Please wait 4 seconds between each post.', 'request is too fast, invalid range');
}
$_SERVER['REMOTE_ADDR'] = 'foobar';
$this->assertTrue(TrafficLimiter::canPass(), 'non-IP address');
$this->assertTrue(TrafficLimiter::canPass(), 'request is to fast, but non-IP address matches exempted range');
$this->assertTrue(TrafficLimiter::canPass(), 'request is too fast, but non-IP address matches exempted range');
}
public function testTrafficLimitCreators()
{
TrafficLimiter::setCreators('1.2.3.4,10.10.10/24,2001:1620:2057::/48');
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
try {
$this->assertFalse(TrafficLimiter::canPass(), 'expected an exception');
} catch (Exception $e) {
$this->assertEquals($e->getMessage(), 'Your IP is not authorized to create pastes.', 'not a creator');
}
$_SERVER['REMOTE_ADDR'] = '10.10.10.10';
$this->assertTrue(TrafficLimiter::canPass(), 'IPv4 in creator range');
$this->assertTrue(TrafficLimiter::canPass(), 'request is too fast, but IPv4 in creator range');
$_SERVER['REMOTE_ADDR'] = '2001:1620:2057:dead:beef::cafe:babe';
$this->assertTrue(TrafficLimiter::canPass(), 'IPv6 in creator range');
$this->assertTrue(TrafficLimiter::canPass(), 'request is too fast, but IPv6 in creator range');
TrafficLimiter::setCreators('127.*,foobar');
try {
$this->assertFalse(TrafficLimiter::canPass(), 'expected an exception');
} catch (Exception $e) {
$this->assertEquals($e->getMessage(), 'Your IP is not authorized to create pastes.', 'request is to fast, not a creator');
}
$_SERVER['REMOTE_ADDR'] = 'foobar';
$this->assertTrue(TrafficLimiter::canPass(), 'non-IP address');
$this->assertTrue(TrafficLimiter::canPass(), 'request is to fast, but non-IP address matches creator');
}
}

1
tst/ViewTest.php
View File

@ -61,6 +61,7 @@ class ViewTest extends TestCase
$page->assign('HTTPWARNING', true);
$page->assign('HTTPSLINK', 'https://example.com/');
$page->assign('COMPRESSION', 'zlib');
$page->assign('CSPHEADER', 'default-src \'none\'');
$dir = dir(PATH . 'tpl');
while (false !== ($file = $dir->read())) {