made compression configurable, fixes #38
This commit is contained in:
parent
848d3563f4
commit
c2e060d464
@ -3,6 +3,7 @@
|
||||
* **1.3 (not yet released)**
|
||||
* ADDED: Translation for Czech (#424)
|
||||
* ADDED: Threat modeled the application (#177)
|
||||
* ADDED: Made compression configurable (#38)
|
||||
* CHANGED: Minimum required PHP version is 5.5, due to a change in the identicon library
|
||||
* CHANGED: Minimum required browser versions are Firefox 54, Chrome 57, Opera 44, Safari 11, Edge 16, due to use of WebCrypto API, async/await, ES6 & WebAssembly features - all Internet Explorer versions are incompatible
|
||||
* CHANGED: JSON and encryption formats were changed to replace SJCL library by browser integrated WebCrypto API (#28, #74)
|
||||
|
@ -75,13 +75,19 @@ languageselection = false
|
||||
; stay compatible with PrivateBin Alpha 0.19, less secure
|
||||
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
|
||||
; sha256 in HMAC for the deletion token
|
||||
zerobincompatibility = false
|
||||
; zerobincompatibility = false
|
||||
|
||||
; Enable or disable the warning message when the site is served over an insecure connection (insecure HTTP instead of HTTPS), defaults to true.
|
||||
; Enable or disable the warning message when the site is served over an insecure
|
||||
; connection (insecure HTTP instead of HTTPS), defaults to true.
|
||||
; Secure transport methods like Tor and I2P domains are automatically whitelisted.
|
||||
; It is **strongly discouraged** to disable this.
|
||||
; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information.
|
||||
httpwarning = true
|
||||
; httpwarning = true
|
||||
|
||||
; Pick compression algorithm or disable it. Only applies to pastes/comments
|
||||
; created after changing the setting.
|
||||
; Can be set to one these values: none / zlib (default).
|
||||
; compression = zlib
|
||||
|
||||
[expire]
|
||||
; expire value that is selected per default
|
||||
|
@ -941,14 +941,14 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
||||
// AES in Galois Counter Mode, keysize 256 bit,
|
||||
// authentication tag 128 bit, 10000 iterations in key derivation
|
||||
const spec = [
|
||||
getRandomBytes(16), // initialization vector
|
||||
getRandomBytes(8), // salt
|
||||
100000, // iterations
|
||||
256, // key size
|
||||
128, // tag size
|
||||
'aes', // algorithm
|
||||
'gcm', // algorithm mode
|
||||
'zlib' // compression
|
||||
getRandomBytes(16), // initialization vector
|
||||
getRandomBytes(8), // salt
|
||||
100000, // iterations
|
||||
256, // key size
|
||||
128, // tag size
|
||||
'aes', // algorithm
|
||||
'gcm', // algorithm mode
|
||||
$('body').data('compression') || 'zlib' // compression
|
||||
], encodedSpec = [];
|
||||
for (let i = 0; i < spec.length; ++i) {
|
||||
encodedSpec[i] = i < 2 ? btoa(spec[i]) : spec[i];
|
||||
|
@ -56,6 +56,7 @@ class Configuration
|
||||
'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; Referrer-Policy: \'no-referrer\'; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals',
|
||||
'zerobincompatibility' => false,
|
||||
'httpwarning' => true,
|
||||
'compression' => 'zlib',
|
||||
),
|
||||
'expire' => array(
|
||||
'default' => '1week',
|
||||
|
@ -387,6 +387,7 @@ class Controller
|
||||
$page->assign('URLSHORTENER', $this->_conf->getKey('urlshortener'));
|
||||
$page->assign('QRCODE', $this->_conf->getKey('qrcode'));
|
||||
$page->assign('HTTPWARNING', $this->_conf->getKey('httpwarning'));
|
||||
$page->assign('COMPRESSION', $this->_conf->getKey('compression'));
|
||||
$page->draw($this->_conf->getKey('template'));
|
||||
}
|
||||
|
||||
|
@ -72,7 +72,7 @@ if ($MARKDOWN):
|
||||
endif;
|
||||
?>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-qbbaN+vdcDPfAPXaU1pMI1MzHrjZNKRwgx/l7jE1Ma1ebJ8K7GhoKbOrqPi/xkYOrWPE94tBxvSxuvqe6czAqA==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-wrACqkssPbx5b/OLzM+ZxUP8L1AmdG+aYefO4uFG8GedXxic3R4ICkWsrPL7jYbwLzzdmnmuIYc58JhCSVh28Q==" crossorigin="anonymous"></script>
|
||||
<!--[if IE]>
|
||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
|
||||
<![endif]-->
|
||||
@ -85,13 +85,17 @@ endif;
|
||||
<meta name="msapplication-config" content="browserconfig.xml">
|
||||
<meta name="theme-color" content="#ffe57e" />
|
||||
</head>
|
||||
<body role="document"<?php
|
||||
if ($isCpct):
|
||||
?> class="navbar-spacing"<?php
|
||||
endif;
|
||||
if ($isDark):
|
||||
?> class="dark-theme"<?php
|
||||
endif;
|
||||
<body role="document" data-compression="<?php echo rawurlencode($COMPRESSION); ?>"<?php
|
||||
$class = array();
|
||||
if ($isCpct) {
|
||||
$class[] = 'navbar-spacing';
|
||||
}
|
||||
if ($isDark) {
|
||||
$class[] = 'dark-theme';
|
||||
}
|
||||
if (count($class)) {
|
||||
echo ' class="', implode(' ', $class), '"';
|
||||
}
|
||||
?>>
|
||||
<div id="passwordmodal" tabindex="-1" class="modal fade" role="dialog" aria-hidden="true">
|
||||
<div class="modal-dialog" role="document">
|
||||
|
@ -50,7 +50,7 @@ if ($MARKDOWN):
|
||||
endif;
|
||||
?>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-qbbaN+vdcDPfAPXaU1pMI1MzHrjZNKRwgx/l7jE1Ma1ebJ8K7GhoKbOrqPi/xkYOrWPE94tBxvSxuvqe6czAqA==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-wrACqkssPbx5b/OLzM+ZxUP8L1AmdG+aYefO4uFG8GedXxic3R4ICkWsrPL7jYbwLzzdmnmuIYc58JhCSVh28Q==" crossorigin="anonymous"></script>
|
||||
<!--[if IE]>
|
||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
|
||||
<![endif]-->
|
||||
@ -63,7 +63,7 @@ endif;
|
||||
<meta name="msapplication-config" content="browserconfig.xml">
|
||||
<meta name="theme-color" content="#ffe57e" />
|
||||
</head>
|
||||
<body>
|
||||
<body data-compression="<?php echo rawurlencode($COMPRESSION); ?>">
|
||||
<header>
|
||||
<div id="aboutbox">
|
||||
<?php echo I18n::_('%s is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted <i>in the browser</i> using 256 bits AES. More information on the <a href="https://privatebin.info/">project page</a>.', I18n::_($NAME)); ?><br />
|
||||
|
@ -56,6 +56,7 @@ class ViewTest extends PHPUnit_Framework_TestCase
|
||||
$page->assign('URLSHORTENER', '');
|
||||
$page->assign('QRCODE', true);
|
||||
$page->assign('HTTPWARNING', true);
|
||||
$page->assign('COMPRESSION', 'zlib');
|
||||
|
||||
$dir = dir(PATH . 'tpl');
|
||||
while (false !== ($file = $dir->read())) {
|
||||
|
Loading…
Reference in New Issue
Block a user