f2532f8310
Changed ids in HTML
2015-08-30 14:44:46 +02:00
2c8f5a0566
Added password field on bootstrap theme
2015-08-30 14:43:01 +02:00
fa273a3429
Added password field on bootstrap theme
2015-08-30 14:36:40 +02:00
95f1db925b
Merge branch 'master' of https://github.com/elrido/ZeroBin
...
Conflicts:
cfg/conf.ini
js/zerobin.js
2015-08-30 14:33:09 +02:00
2d0668af03
concluding work on configuration test generator for #16 . Replaced a few
...
die()s in the code with Exception, making it possible to test properly.
Fixed some outdated unit tests.
2015-08-29 20:29:14 +02:00
99dbb22e21
refining configuration test generator, now supporting conditions on
...
tests (i.e. if syntax highlighting is false, highlighting should never
be loaded)
2015-08-29 10:41:10 +02:00
1c4d1aa6b6
working on configuration unit test generator as described in #16
2015-08-29 01:26:48 +02:00
ae82e84ef8
correcting php doc comments
2015-08-27 23:58:56 +02:00
be91afa042
- fixing JS errors when syntax highlighting is disabled (point 1. #15 )
...
- fixing missing url conversion in highlighted text (point 2. # 15)
2015-08-27 23:58:28 +02:00
d57d6cf44b
created initial unit tests for main zerobin class
2015-08-27 23:30:35 +02:00
f775da3931
fixing nasty deletion bug from #15 , included unit tests to trigger it
...
and reworked persistence classes to through exceptions rather to fail
silently
2015-08-27 21:41:21 +02:00
d042bb41ba
Updated README with a security notice as mentioned in issue #13
2015-08-23 18:09:34 +02:00
3306bcff99
switch to bootstrap theme by default
2015-08-23 18:08:45 +02:00
259ca3c55f
bootstrap theme should display the textarea as monospaced text, too
2015-08-23 18:07:38 +02:00
aa3eba9b1f
Merge branch 'master' of https://github.com/elrido/ZeroBin
2015-08-23 15:55:03 +02:00
a34cc562e1
optimized bootstrap comment layout
2015-08-23 15:52:25 +02:00
c78e1fc3db
optimized bootstrap comment layout
2015-08-23 15:49:51 +02:00
da7ffc5d07
Changed css
2015-08-22 22:46:35 +02:00
8c519db877
changed some font sizes
2015-08-22 17:40:26 +02:00
2aa71708e2
Corrected display of password field
2015-08-22 17:27:43 +02:00
89bfc2ffe0
Merge remote-tracking branch 'origin/master'
2015-08-22 17:24:03 +02:00
3b537eda40
Added an optional password protection
2015-08-22 17:23:41 +02:00
02964aa936
changed button color when Open discussion is disabled
2015-08-22 17:01:14 +02:00
d600ae7319
Changed text size of about box for readability
2015-08-22 16:54:37 +02:00
f2912a07b0
Changed config to use SQLite
2015-08-22 16:43:02 +02:00
b299a6e03e
added a bootstrap theme, still needs some work in the comments layout
2015-08-17 23:19:15 +02:00
cb28056223
made highlighting more configurable, added all four themes, there is now a configurable flavour text (notice)
2015-08-17 23:18:33 +02:00
24d18c5313
cleaned up phpdoc comments, added README on how to install and use it
2015-08-16 15:55:31 +02:00
3a183470a6
included sons of obsidian prettify template, since the new default one is a bit bleak
2015-08-16 15:52:46 +02:00
0c1d5c62d5
updated de/inflate to versions 0.5/0.3, using versions found at
...
a3725d3bee
2015-08-16 13:02:27 +02:00
a0107d7eae
updated prettify to minified versions found at
...
6aa04af68e/loader/prettify.js6aa04af68e/loader/prettify.css
2015-08-16 12:46:01 +02:00
49c6e3c1b6
updated base64.js to version 2.1.9, using minified version found at
...
9192c510f5/base64.min.js
2015-08-16 12:27:06 +02:00
7bc8c14df6
updated sjcl to version 1.0.2, using minified version found at
...
11a673d1d3/sjcl.js
2015-08-16 11:29:01 +02:00
769768d25e
updated jquery to 1.11.3
2015-08-16 11:20:06 +02:00
3aa4911991
Small text message changes
2015-08-16 01:56:39 +02:00
8881b3047a
changing version string
2015-08-16 00:04:14 +02:00
43a439e7d0
Time attack protection on hmac comparison
...
This fixes issue 2.7 of https://defuse.ca/audits/zerobin.htm , and thus
(with commit a24212afda90ca3e4b4ff5ce30d2012709b58a28) also issue 2.8.
(cherry picked from commit 0b4db7ece313dd268e51fc47a0293a649927558a)
Conflicts:
index.php
2015-08-15 23:44:03 +02:00
daf5522b1e
Potentiel security bug corrected
...
Bug reproduction: 1) paste texte containing html/javascript. 2) send 3)
clic "Raw text" 4) refresh: The html/javascript is interpreted instead
of just displayed.
Under some versions of Chrome, it happens without refreshing.
This bug was corrected.
(cherry picked from commit 4f8750bbddcb137213529875e45e3ace3be9a769)
2015-08-15 22:24:25 +02:00
e7feca0e53
Stronger server salt
...
ZeroBin now generates a much stronger salt. This fixes issue #68
(mentioned in section 2.1 of https://defuse.ca/audits/zerobin.htm )
(cherry picked from commit a24212afda90ca3e4b4ff5ce30d2012709b58a28)
Conflicts:
lib/serversalt.php
lib/vizhash16x16.php
2015-08-15 22:18:57 +02:00
4f72f04eda
Prevent inconstitent /data/trafic_limiter.php due to file read while writing
...
(cherry picked from commit 71a7f6adaea9a86a84fa8ebbcb9e5c506a785527)
Conflicts:
index.php
2015-08-15 22:10:05 +02:00
5b54ca34ad
Update index.php
...
Removed ugly error message when paste identifier is invalid (eg. http://mydomain.com/zerobin?foo )
(cherry picked from commit 43fa904979a29e4c205b9f4f08e1c487555bbe1c)
Conflicts:
index.php
2015-08-15 22:07:07 +02:00
bc8b23d35e
XSS flaw correction
...
With a client IE < 10 there was a XSS security flaw. Other browsers were
not affected.
Also corrected spacing display with IE<10.
(cherry picked from commit 28813cd82ae47e556b610da3c7302a6709e27431)
Conflicts:
CHANGELOG.md
index.php
js/zerobin.js
lib/vizhash16x16.php
2015-08-15 22:01:43 +02:00
d9930978ba
Make sure there is enough entropy.
...
This patch will improve key randomness by requiring the user to move the
mouse if there is not enough entropy.
(cherry picked from commit c6e98045aa833dff824f892eb3392744c03a59f7)
2015-08-15 21:52:14 +02:00
e646729b2d
fixing regressions from cherrypicking
2015-08-15 21:39:08 +02:00
5f87ea6843
ZeroBin 0.18
...
(cherry picked from commit 7a8cbee2f99cd74a50bce7e8df8130e2c477d903)
Conflicts:
CHANGELOG.md
index.php
js/zerobin.js
lib/vizhash16x16.php
2015-08-15 21:06:19 +02:00
ecd2e067f8
replaceState() changed to pushState()
...
so that the "Back" button works after clicking on "Raw text".
(cherry picked from commit 47fae2b2467df2ab017102d82833cb380c286867)
2015-08-15 20:26:25 +02:00
fdc87a7fcf
Added "Raw text" button.
...
(cherry picked from commit 00cfcafc996c55afd069b665ad3875693e22d36d)
Conflicts:
css/zerobin.css
js/zerobin.js
tpl/page.html
2015-08-15 20:25:46 +02:00
09bebae286
Removed dead code.
...
(cherry picked from commit 87e17b36f9b2ec777c14257eb9c8efec0e7bd053)
Conflicts:
css/zerobin.css
js/zerobin.js
tpl/page.html
2015-08-15 20:06:44 +02:00
cff4d99f05
"Burn after reading" as a checkbox
...
"Burn after reading" option has been moved out of Expiration combo to a
separate checkbox.
Reason is: You can prevent a read-once paste to be available ad vitam
eternam on the net.
(cherry picked from commit 190b278402c086ebc4d1a78aae27d1e2666e3e7a)
Conflicts:
css/zerobin.css
index.php
js/zerobin.js
tpl/page.html
2015-08-15 19:01:03 +02:00
1b95d6fff7
base64.js downgraded from 2.6 to 1.7
...
because otherwise it would have broken compatibility with data files.
(cherry picked from commit 75a27b6243b8cffa69f59c068dac61263574dc5b)
2015-08-15 18:39:47 +02:00
Hexalyse