Chapril/paste.chapril.org-privatebin
Chapril
/
paste.chapril.org-privatebin
24
0
Fork 0
Code Issues Releases Wiki Activity
2,848 Commits 16 Branches 31 Tags 17 MiB
Commit Graph

118 Commits

Author SHA1 Message Date
Sergio Giraldo 6728053ab0
test: default value for email configuration item;nit necessary to close php comment 
::by sergio giraldo
@ 20230910T0958CEST, gpg signed
 2023-09-10 09:58:04 +02:00
Sergio Giraldo c665385ff6
feat: make the email button optional. Issue #1031 
::by sergio giraldo
@ 20230909T2226CEST, gpg signed
 2023-09-09 22:26:11 +02:00
Felipe Nakandakari f48fffd7c2
Add sample config for S3 without hard-coded access keys 2023-02-28 08:30:58 +11:00
El RIDO b53df70227
Merge pull request #1008 from PrivateBin/jdenticons-test 
Jdenticons size and speed test results
 2022-11-10 07:28:13 +01:00
El RIDO 66600e5eb3
Merge pull request #1003 from PrivateBin/yourls-cleanup 
improve configuration wording, adjust self check
 2022-11-03 19:54:56 +01:00
El RIDO 89d575ace3
in light of the perf/size test results of Jdenticons, switch back to Identicons as the default 2022-10-30 09:24:35 +01:00
El RIDO 432d3e71d3
improve configuration wording, adjust self check 2022-10-29 07:58:40 +02:00
El RIDO d5e7e6e2ab
document Jdenticon change 2022-10-26 07:11:02 +02:00
El RIDO 8ac69590cf
add new Jdenticon comment icon library, set it as default, fixes #793 2022-10-26 06:53:56 +02:00
El RIDO 0a949d3903
credit change, document it and improve wording 2022-10-23 13:10:55 +02:00
Jens-U. Mozdzen 3115cb8883 added parameters for server-side YOURLS shortener call 2022-10-23 00:19:43 +02:00
Felix J. Ogris ee212b1a33 implemented S3 storage backend 
added sample configuration + aws php sdk version

coding style cleanup
 2022-10-22 18:30:24 +02:00
Ra'Jiska 8dded4e8e4 GCS Support for Uniform ACL Buckets 2022-10-06 12:19:06 +08:00
PeGaSuS f8ff49509b
Update conf.sample.php 
Fixed typo to match the mysql database name
 2022-06-05 18:42:54 +02:00
PeGaSuS 6d748de33a
Update conf.sample.php 
Added an working PostgreSQL database configuration.
 2022-06-05 18:41:09 +02:00
El RIDO 11b16fc6fd
removed directive needed for the PDF preview in FireFox < 78 
fixed in https://bugzilla.mozilla.org/show_bug.cgi?id=1582115 and
https://bugzilla.mozilla.org/show_bug.cgi?id=1638826 for FF 78
 2022-03-27 08:45:33 +02:00
El RIDO 6b001b5e4a
typo 2022-02-28 16:23:11 +01:00
El RIDO 288cf3f005
Merge branch 'master' into stevenandres-master 2022-02-25 06:42:18 +01:00
El RIDO 0e3a7196f9
set frame-ancestors to none 
disables embedding the site in any frames, which can bypass some of the security mechanisms reg. cross site scripting
 2022-02-20 15:21:47 +01:00
El RIDO 91041d8c59
simplify/unify naming & wording of the two types of IP lists for the traffic limiter 2022-02-20 09:09:20 +01:00
El RIDO d764c03759
Merge branch 'master' of https://github.com/stevenandres/PrivateBin into stevenandres-master 2022-02-20 08:44:09 +01:00
El RIDO 18972ae0fa
luckily the PHP ini parser doesn't interpret this as an empty block, replacing the one defined above 2021-08-19 10:18:08 +02:00
El RIDO 3429d293d3
remove configurable dir for traffic & purge limiters 2021-06-08 06:37:27 +02:00
Mark van Holsteijn 342270d6dd added Google Cloud Storage support 2021-05-28 22:39:50 +02:00
LinQhost Managed hosting 63d6816c7c Merge branch 'api-ip-exempt' of https://github.com/rodehoed/PrivateBin into api-ip-exempt 2021-05-05 08:43:32 +02:00
LinQhost Managed hosting 7d82c82fd9 Make it possible to exempt ips from the rate-limiter 2021-05-04 10:29:25 +02:00
El RIDO fcb6422663
re-adding CSP directive sandbox allow-forms, it is needed for the password input form to work on the JS side 2021-04-18 21:05:32 +02:00
rugk 3ca01024fd
feat: disallow form submission alltogether 
Following the tests and HTTP Observatory, I think we can disable forms altogether.

Fixes https://github.com/PrivateBin/PrivateBin/issues/778
 2021-04-18 14:16:39 +02:00
rugk 5809a7cfa7
feat: add form-action CSP restriction 
This follows a suggestion from HTTP Observatory:
> Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs

Fixes #778
 2021-04-18 14:14:46 +02:00
rugk fd7d05e862
Add base URL as default CSP restriction 
This follows an [HTTP Observatory recommendation](https://observatory.mozilla.org/analyze/privatebin.net):
> Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins.

Given we don't use that anywhere, this safe should be safe. (not tested practically though)
 2021-04-16 22:04:28 +02:00
El RIDO bb6a44ce7a
remove double translation, avoid unsupported double quotes in INI file 2020-10-13 07:28:35 +02:00
Andreas Schneider eb32ea1419 Make it possible to change the info text 
This makes it possible to change the last part of the info text and
replace it with something individual. E.g pointing to the cmdline
client.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2020-10-11 17:04:08 +02:00
ZerooCool e61c44ef46 Make Opengraph really functional 
Make Opengraph really functional

Change : #664 for #651
 2020-07-01 19:47:12 +02:00
ZerooCool 13c2f8d968 Make Opengraph really functional 
3 URLs of images used on social networks are passed in absolute URL.

Note that I did not pass all the images in absolute URLs, but, it could be consistent to do so, but, if the images work, maybe a relative call is more efficient?

Remove the version of PrivateBin, at the end of each image. This apparently prevents the opengraph from working, and, so I deleted on all of the images, to remain consistent at this level. This will make fewer requests, and, anyway, the images are not intended to change with each version.
 2020-06-30 22:42:12 +02:00
El RIDO 45a0535640
adding new flag to sandbox policy, introduced and required by Chrome 83 - fixes #634 2020-06-11 18:29:32 +02:00
Haocen Xu bb9a5772bc
Add resource: to script-src cspheader to allowed rendering of pdf in 
Firefox
 2020-05-30 05:37:35 -04:00
Steven Andrés b8594c174a
whitelist_paste_creation description 2020-05-07 16:48:17 -07:00
Steven Andrés cea96ee12a
Update cfg/conf.sample.php 
Co-authored-by: rugk <rugk+git@posteo.de>
 2020-05-07 15:55:09 -07:00
Steven Andrés 91f78ecd0f
added "whitelist" under [traffic] 2020-05-05 14:16:22 -07:00
El RIDO 9aac073a49
clarifying for #525 that none is a string, as PHP might evaluate it to NULL instead 2020-01-09 05:42:42 +01:00
El RIDO d5aeba60ca
increase default size limit to 10 MiB, documenting change 2019-09-20 07:04:26 +02:00
El RIDO 8e27dbff15
clarify the use of 'unsafe-eval' and what the impact removing it has - Firefox users may not care and disable it to improve security 2019-09-19 19:24:28 +02:00
Haocen Xu ab75b183fb
Fix click on new paste on clone paste editing view not removing custom 
attachment

Fix cloning paste with attachment

Update CSP in sample and default configuration

Ensure clone paste also clone format

Fix clone button hiding logic when paste is burn after read

Remove attachment name when new paste clicked on

Enable file operation only when editing
 2019-08-25 02:16:58 -04:00
El RIDO 11375a4f59
moved referrer policy from CSP & meta to proper HTTP header to avoid browser console error message about unknown CSP header and to ensure it always applies before HTML is parsed, fixes #196 2019-06-27 20:31:10 +02:00
El RIDO c2e060d464
made compression configurable, fixes #38 2019-06-23 19:45:40 +02:00
rugk b7db033bdd
Adjust config text 2019-06-21 19:50:40 +02:00
El RIDO 42c2003220
made notice configurable, fixing a few CSS glitches 2019-06-17 21:40:37 +02:00
El RIDO 362045c664
re-add data-URLs to CSP for img-src, as these are used for the comment icons 2019-06-16 07:06:58 +02:00
El RIDO f915af1a5a
adjust CSP header to allow blob URLs 2019-06-15 09:36:09 +02:00
El RIDO 398fabd664
Chrome requires unsafe-eval for it to parse and evaluate WASM modules 2019-05-20 18:29:37 +02:00