Commit Graph

177 Commits

Author SHA1 Message Date
El RIDO
8881b3047a changing version string 2015-08-16 00:04:14 +02:00
Sebastien SAUVAGE
43a439e7d0 Time attack protection on hmac comparison
This fixes issue 2.7 of https://defuse.ca/audits/zerobin.htm, and thus
(with commit a24212afda90ca3e4b4ff5ce30d2012709b58a28) also issue 2.8.

(cherry picked from commit 0b4db7ece313dd268e51fc47a0293a649927558a)

Conflicts:
	index.php
2015-08-15 23:44:03 +02:00
Sebastien SAUVAGE
e7feca0e53 Stronger server salt
ZeroBin now generates a much stronger salt. This fixes issue #68
(mentioned in section 2.1 of https://defuse.ca/audits/zerobin.htm)

(cherry picked from commit a24212afda90ca3e4b4ff5ce30d2012709b58a28)

Conflicts:
	lib/serversalt.php
	lib/vizhash16x16.php
2015-08-15 22:18:57 +02:00
jeldrik
4f72f04eda Prevent inconstitent /data/trafic_limiter.php due to file read while writing
(cherry picked from commit 71a7f6adaea9a86a84fa8ebbcb9e5c506a785527)

Conflicts:
	index.php
2015-08-15 22:10:05 +02:00
Sébastien SAUVAGE
5b54ca34ad Update index.php
Removed ugly error message when paste identifier is invalid (eg. http://mydomain.com/zerobin?foo)
(cherry picked from commit 43fa904979a29e4c205b9f4f08e1c487555bbe1c)

Conflicts:
	index.php
2015-08-15 22:07:07 +02:00
Sebastien SAUVAGE
bc8b23d35e XSS flaw correction
With a client IE < 10 there was a XSS security flaw. Other browsers were
not affected.
Also corrected spacing display with IE<10.

(cherry picked from commit 28813cd82ae47e556b610da3c7302a6709e27431)

Conflicts:
	CHANGELOG.md
	index.php
	js/zerobin.js
	lib/vizhash16x16.php
2015-08-15 22:01:43 +02:00
El RIDO
e646729b2d fixing regressions from cherrypicking 2015-08-15 21:39:08 +02:00
Sebastien SAUVAGE
5f87ea6843 ZeroBin 0.18
(cherry picked from commit 7a8cbee2f99cd74a50bce7e8df8130e2c477d903)

Conflicts:
	CHANGELOG.md
	index.php
	js/zerobin.js
	lib/vizhash16x16.php
2015-08-15 21:06:19 +02:00
Sebastien SAUVAGE
cff4d99f05 "Burn after reading" as a checkbox
"Burn after reading" option has been moved out of Expiration combo to a
separate checkbox.
Reason is: You can prevent a read-once paste to be available ad vitam
eternam on the net.

(cherry picked from commit 190b278402c086ebc4d1a78aae27d1e2666e3e7a)

Conflicts:
	css/zerobin.css
	index.php
	js/zerobin.js
	tpl/page.html
2015-08-15 19:01:03 +02:00
El RIDO
ad70051323 reviewed unit tests, fixing line endings, added more tests 2015-08-15 18:32:31 +02:00
Sebastien SAUVAGE
7db76d8d71 Updated json checking.
- adapted to SJCL changed
- added entropy checking (from
f2ee2e8ba2)

(cherry picked from commit 57e6274c64e2c99c754b63586af6b34c374fbc2b)

Conflicts:
	index.php
2015-08-15 18:16:55 +02:00
El RIDO
134d22c958 small unit testing improvements, removing never accessed code 2015-08-15 16:37:44 +02:00
Simon Rupf
badf459390 split common persistance logic into abstract class 2013-11-01 01:15:58 +01:00
Sebastien SAUVAGE
5b253cf77c ZeroBin 0.17
* added deletion link.
* small refactoring.
* improved regex checks.
* larger server alt on installation.
2013-11-01 01:15:14 +01:00
Sébastien SAUVAGE
c26c4a8bec arbitrary JSON file disclosure correction
The following securit issue has been fixed:
https://github.com/sebsauvage/ZeroBin/issues/30
2013-10-31 22:53:22 +01:00
Simon Rupf
d247bff897 syntax highlighting can now be turned off, template can be changed in
configuration
2013-10-31 22:24:40 +01:00
Simon Rupf
630e16c4a0 Added more configuration options, based on patch by Uli Köhler 2013-10-30 23:54:42 +01:00
Simon Rupf
51008d3e68 added test for entropy of cypher text - closes #3 2012-09-08 19:54:24 +02:00
Simon Rupf
2d4f155064 had to revert to HTML5 instead of XHTML5 because of compatibility
problem with code prettifier, fixed some display bugs
2012-08-28 23:28:41 +02:00
Simon Rupf
907538875b removed leftovers from submodule uglifyjs, added credits file,
cleaned up CSS, changed template to output clean XHTML 5,
added unit tests for 60% of the code, found a few bugs by doing
that and fixed them
2012-08-26 00:49:11 +02:00
Simon Rupf
421e6cba97 implemented zerobin_db model, added more options for paste expiration, made comments and max data size configurable 2012-05-19 23:59:41 +02:00
Simon Rupf
edf95ff56d added autoloading, configurable paste size limit, changed JS to calculate localized comment times instead of UTC 2012-04-30 22:58:08 +02:00
Simon Rupf
23487ce779 Fixed bug with missing directory separator and added .htaccess files to lib & cfg directories. If those are not present, the application will create them for you. 2012-04-30 13:58:29 +02:00
Simon Rupf
ba90d0cae2 Refactoring of code base - modularized code, introduced configuration, started working on a PDO based DB connector 2012-04-29 19:15:06 +02:00
Thierry Poinot
6083c7a23c refactoring files and directory structure 2012-04-22 13:34:17 +02:00
Thierry Poinot
d92d8658a5 refactoring zerobin js, adding JSDoc 2012-04-22 12:45:45 +02:00
Sebastien SAUVAGE
52630374e5 Initial commit of version 0.15 alpha. 2012-04-21 21:59:45 +02:00