El RIDO
1b206e8495
ensuring consistent use of php side encoding, testing all encoding cases, correctly report the language in the <html> tag
2020-02-01 09:15:14 +01:00
El RIDO
cc0920fc09
add HTML entity encoding to PHP translation logic, remove exception to allow <br/> tags in DOMpurify by eliminating the single case that made use of it
2020-02-01 08:46:59 +01:00
El RIDO
ed590ee557
incrementing version
2020-01-08 19:31:06 +01:00
El RIDO
0efe6f7a8e
simplify logic, fullfills the unit test
2019-12-25 08:11:25 +01:00
Lucas Savva
7d9ec9509b
Handle previously renamed CONFIG_PATH gracefully
2019-12-24 19:12:08 +00:00
Lucas Savva
d5d13fa831
Add logic to rename insecure CONFIG_PATH
2019-12-24 18:51:47 +00:00
Lucas Savva
b5c86e290f
squashme: fix code style issue
2019-12-20 10:42:59 +00:00
Lucas Savva
6b0468ebff
Add support for a CONFIG_PATH variable
2019-12-19 23:06:32 +00:00
El RIDO
8cf0c86ebb
simplify case statement, update documentation
2019-11-02 17:18:22 +01:00
Andriy Zhuk
65b7077756
Added plural rules for ukrainian
2019-10-18 12:31:40 +03:00
El RIDO
2d4edfe401
incrementing version number in preparation of release
2019-09-22 19:42:04 +02:00
El RIDO
d5aeba60ca
increase default size limit to 10 MiB, documenting change
2019-09-20 07:04:26 +02:00
El RIDO
5c0012cf51
adding database migration to increase data to MEDIUMBLOB on MySQL by default
2019-09-20 06:57:54 +02:00
El RIDO
7c61f59dcd
removing untranslated string for non-human entities, moving insecure notice to template, so it can remains translated
2019-09-19 19:14:48 +02:00
Haocen Xu
ab75b183fb
Fix click on new paste on clone paste editing view not removing custom
...
attachment
Fix cloning paste with attachment
Update CSP in sample and default configuration
Ensure clone paste also clone format
Fix clone button hiding logic when paste is burn after read
Remove attachment name when new paste clicked on
Enable file operation only when editing
2019-08-25 02:16:58 -04:00
El RIDO
b0d1a3949e
add bulgarian to the supported languages
2019-07-11 16:50:32 +02:00
El RIDO
07018e5876
incrementing version number in preparation of release
2019-07-08 18:35:34 +02:00
El RIDO
11375a4f59
moved referrer policy from CSP & meta to proper HTTP header to avoid browser console error message about unknown CSP header and to ensure it always applies before HTML is parsed, fixes #196
2019-06-27 20:31:10 +02:00
El RIDO
c2e060d464
made compression configurable, fixes #38
2019-06-23 19:45:40 +02:00
El RIDO
848d3563f4
making StyleCI & Scrutinizer happy
2019-06-23 16:10:05 +02:00
El RIDO
8dc9db90c9
added translation for Czech, provided by @info-path, fixes #424
2019-06-23 12:06:36 +02:00
El RIDO
42c2003220
made notice configurable, fixing a few CSS glitches
2019-06-17 21:40:37 +02:00
El RIDO
4d6897f063
increasing minimum PHP version to 5.5 as this is required by the yzalis/identicon library upgrade to version 1.2.0
2019-06-16 10:50:52 +02:00
El RIDO
362045c664
re-add data-URLs to CSP for img-src, as these are used for the comment icons
2019-06-16 07:06:58 +02:00
El RIDO
f915af1a5a
adjust CSP header to allow blob URLs
2019-06-15 09:36:09 +02:00
El RIDO
a459c4692c
correcting API use, avoid history glitch
2019-06-01 23:49:40 +02:00
El RIDO
398fabd664
Chrome requires unsafe-eval for it to parse and evaluate WASM modules
2019-05-20 18:29:37 +02:00
El RIDO
12a9b2ff8e
address Scrutinizer issues with the use of getParams method
2019-05-19 10:13:47 +02:00
El RIDO
1baa1c2b0a
fixing API doc issue found by Scrutinizer
2019-05-19 10:05:04 +02:00
El RIDO
800a0df8e3
apply StyleCI patch
2019-05-19 10:01:41 +02:00
El RIDO
909ff2daa7
handle scrutinizer issues (mostly changes in API documentation)
2019-05-19 09:42:55 +02:00
El RIDO
09162a3c57
fix display of v2 pastes in JS, fixing parsing of comments in PHP, avoid exposing expiration date (we provide time_to_live, would allow calculation of creation date of paste)
2019-05-15 07:44:03 +02:00
El RIDO
cc1c55129f
switching to full JSON API without POST array use, ensure all JSON operations are done with error detection
2019-05-13 22:31:52 +02:00
El RIDO
be1e7babc0
removing dead code and improving code coverage
2019-05-11 22:18:35 +02:00
El RIDO
a622c8f484
fix logic, avoid 5.5
2019-05-10 23:27:45 +02:00
El RIDO
c3719435a3
and fixing PHP 5.5
2019-05-10 23:09:35 +02:00
El RIDO
02f3cc739f
documentation on fnv1a64 is lacking, but tests show it was only introduced with PHP 5.6
2019-05-10 22:46:39 +02:00
El RIDO
9b6b25dac0
revert scalar type hints to retain support for PHP < 7.0
2019-05-10 22:35:18 +02:00
El RIDO
76007b6ee9
fixing class compatibility (why is this no longer enforced in PHP > 7.1?)
2019-05-10 22:21:03 +02:00
El RIDO
f58cbefd1e
revert scalar type hints to retain support for PHP < 7.0
2019-05-10 22:13:11 +02:00
El RIDO
fb0c9c595e
remove further type hints for compatibility
2019-05-10 22:04:47 +02:00
El RIDO
bd4dee0f3e
fixing copy/paste errors
2019-05-10 21:52:14 +02:00
El RIDO
1e44902340
apply StyleCI patch
2019-05-10 21:45:34 +02:00
El RIDO
632d70412a
revert scalar type hints to retain support for PHP < 7.0
2019-05-10 21:35:36 +02:00
El RIDO
700f8a0ea7
made all php unit tests pass again
2019-05-10 07:55:39 +02:00
El RIDO
59569bf9fc
working on JsonApi tests
2019-05-08 22:11:21 +02:00
El RIDO
76dc01b959
finishing changes in models, removing last md5 test cases, tightening up allowed POST data
2019-05-06 22:15:21 +02:00
El RIDO
06b90ff48e
sticking to arrays to reduce conversions, inversion of control to simplify logic
2019-05-05 21:03:58 +02:00
El RIDO
b7a03cfdb9
enforcing parameter types, avoiding unnecessary metadata in version 2 pastes
2019-05-05 18:22:57 +02:00
El RIDO
6e15903f1e
make DatabaseTest work pass again, support reading & writing version 1 & 2 pastes & comments
2019-05-05 14:36:47 +02:00
El RIDO
bbdcb3fb0f
remove duplicate code
2019-05-05 08:53:40 +02:00
El RIDO
3338bd792e
implement version 2 format validation, changing ID checksum algorithm, resolves #49
2019-05-03 23:03:57 +02:00
El RIDO
e418b083e8
Merge branch 'master' into webcrypto
2019-01-22 20:11:42 +01:00
rugk
34c64acb75
Apply StyleCi recommendation
2019-01-22 00:14:31 +01:00
rugk
7cb942aca3
Make PHP paste ID function more robust
2019-01-21 23:19:41 +01:00
rugk
541fff199a
Put PHP paste request into own function
2019-01-21 23:06:25 +01:00
El RIDO
79a858f176
extracting only the 16 hex characters of the query string as paste ID, addressing #396
2019-01-20 12:20:37 +01:00
El RIDO
cde96d8f24
fixing bug in jsonld processing with certain URL paths
2018-12-17 19:42:26 +01:00
El RIDO
9ce41022cf
correcting namespaces
2018-11-19 13:09:34 +01:00
El RIDO
b5ebc4a3d7
incrementing version
2018-08-11 19:29:58 +02:00
El RIDO
a5e8eeaaf9
StyleCI: Obey the alphabet #342
2018-07-29 16:15:52 +02:00
El RIDO
4a35428499
cleanup of PurgeLimiter #342
2018-07-29 16:05:57 +02:00
El RIDO
3470dcd9a8
more compact ServerSalt #342
2018-07-29 15:50:36 +02:00
El RIDO
5db3412b69
cleanup of TrafficLimiter #342
2018-07-29 15:43:28 +02:00
El RIDO
f9c8441edb
renaming controller #342
2018-07-29 15:17:35 +02:00
El RIDO
720897b902
correct CSP to allow password prompt
2018-07-21 06:45:09 +00:00
El RIDO
cfe60db8fd
increment version number
2018-07-01 13:11:32 +02:00
El RIDO
6225a8ef16
updating translators in credits
2018-06-11 20:29:47 +02:00
El RIDO
9a0318517b
correct PHPdoc, fixes #264
2018-05-27 15:18:25 +02:00
El RIDO
d6f203dc4c
Removed option to hide clone button on expiring pastes, since this requires reading the paste for rendering the template, which leaks information on the pastes state
2018-05-27 15:05:31 +02:00
El RIDO
05c1776ada
ensure ALL read errors are only exposed in the JSON API to avoid information leakage (i.e. beviour for deleted vs expired pastes), updated test cases & removed duplicate test
2018-05-27 14:36:30 +02:00
El RIDO
caf87cc6f1
Merge branch 'master' into burnafterreading-fix, regression in expired paste error
2018-04-30 20:01:38 +02:00
El RIDO
2c82279292
Merge branch 'attachment-handling' of https://github.com/thororm/PrivateBin into thororm-attachment-handling
...
apart from resolving conflicts:
- added missing docs
- inlined functions that were used in only one location
- updated unit test to support all previews
- fixed a regression that displayed the preview even when there was no preview and too early
2018-04-29 11:57:03 +02:00
rugk
9c132cd839
Disallow form-action in CSP to limit outgoing connections
...
See https://github.com/PrivateBin/PrivateBin/issues/272
2018-01-06 18:06:06 +01:00
El RIDO
3bca559826
moving access to into Request class
2018-01-06 10:27:58 +01:00
rugk
414ab0eb71
Add config and basic page template support
...
* load JS file asyncronously (just HTML5 async attribut)
* add basic support for page template, where it generates the code inside
of a simple div at the top
* added option to turn off QR code support
2017-12-25 14:59:15 +01:00
El RIDO
86ecdb1155
fixing post increment
2017-11-13 22:15:14 +01:00
El RIDO
502e96c129
StyleCI recommendations
2017-10-08 19:23:33 +02:00
El RIDO
a5d5f6066a
refactoring as recommended by Scrutinizer
2017-10-08 19:16:09 +02:00
El RIDO
9f26894b2e
PHP < 5.6 compatibility and StyleCI recommendations
2017-10-08 17:10:51 +02:00
El RIDO
4f06feef81
implemented JSON file conversion on purge and storage in PHP files for data leak protection
2017-10-08 16:59:31 +02:00
El RIDO
4ded4b7f8c
adding correct HTTP error to response, as per @rugk's recommentation
2017-10-08 16:43:46 +02:00
El RIDO
dbfb1e83ba
removing dead code
2017-10-08 16:43:10 +02:00
El RIDO
62f0b95377
making StyleCI happy
2017-10-08 16:42:43 +02:00
El RIDO
6e8eafe129
implemented INI cenversion functionality
2017-10-08 16:42:11 +02:00
El RIDO
6fa2bfe30e
updated documentation, incremented version
2017-10-08 16:40:51 +02:00
rugk
f037967820
changes the file extension to php and adds a small one-liner to stop PHP from presenting the file to any website visitor
...
Signed-off-by: El RIDO <elrido@gmx.net>
2017-10-08 16:25:48 +02:00
thororm
23f5dfbff8
Merge remote-tracking branch 'remotes/thororm/master' into attachment-handling
...
# Conflicts:
# tpl/bootstrap.php
# tpl/page.php
2017-05-13 19:48:25 +02:00
rugk
283873d89a
Fix stupid copy&paste error
2017-04-13 10:52:48 +02:00
rugk
9b6748c54d
Adjust requested changes
2017-04-13 10:46:09 +02:00
El RIDO
f54036976a
added instantburnafterreading option to address #174
2017-04-11 17:23:26 +02:00
rugk
183ebe518b
Force JSON request for getting paste data
2017-04-11 16:34:13 +02:00
thororm
096f07f86e
Merge branch 'master' into attachment-handling
...
# Conflicts:
# js/privatebin.js
# tpl/bootstrap.php
# tpl/page.php
2017-04-02 13:30:52 +02:00
El RIDO
bbcc3e167b
implementing recommendations of scrutinizer
2017-03-25 00:58:59 +01:00
El RIDO
9b2af0abf5
fixing documentation
2017-03-24 23:54:37 +01:00
El RIDO
18315e7de0
removing unused class
2017-03-24 23:45:10 +01:00
El RIDO
f7853cf439
removing duplicate code, cleanup of temporary test files
2017-03-24 23:42:11 +01:00
El RIDO
ce92bfa934
updated .htaccess format, refactored .htaccess creation logic and improving code coverage, fixes #194
2017-03-24 21:30:08 +01:00
El RIDO
88b02d866e
fixes #186 for good
2017-03-24 19:20:34 +01:00
El RIDO
be0919893d
updating shipped .htaccess files for Apache 2.4 as per https://httpd.apache.org/docs/2.4/upgrading.html#access - Thanks @EchoDev, fixes #194
2017-03-11 08:56:14 +01:00
El RIDO
823adb78ef
bumping required PHP to 5.4, removing unneccessary code, resolves #186
2017-03-05 11:22:24 +01:00
El RIDO
23b09d601d
credited Tulio for the portuguese translation, updated SRI hashes
2017-03-05 11:02:18 +01:00
El RIDO
db307c3a77
updated test cases and delete logic to properly implement documented API, thanks @r4sas #188
2017-02-22 21:42:14 +01:00
thororm
4cb0ce5114
Removed self from cspheader
...
Refactored some variable names
2017-02-13 20:37:57 +01:00
thororm
faf596aeb7
Added preview for
...
- Video (HTML5)
- Audio (HTML5)
- PDF (Browser capabilities)
attachment.
Added drag & drop functionality
Added attachment preview to preview before submitting
2017-02-12 15:35:37 +01:00
rugk
e9b10f9e2d
Add CSP sandbox
...
Fixes https://github.com/PrivateBin/PrivateBin/issues/168
Alos needed to run some Composer stuff, no idea why my diff was different.
2017-02-01 18:34:13 +01:00
El RIDO
a7de0e095b
added supported language, updated credits and changelog
2017-01-10 20:37:14 +01:00
El RIDO
67f6c4eb61
turned bootstrap template variants into logic
2017-01-08 10:02:07 +01:00
El RIDO
f79c00378b
Choosing correct Occitan plural formula, added unit tests for Occitan and Chinese, corrected casing of languages in unit test
2017-01-08 07:56:56 +01:00
El RIDO
a5d91298ff
add an option to change the site name, solves #154
2017-01-01 16:33:11 +01:00
El RIDO
4a036aea80
updated SRI hashes, added missing formula for slowene plurals and unit test for it, updated credits and changelog
2017-01-01 14:35:39 +01:00
El RIDO
1426d4e371
tagging 1.1 release and updating documentation
2016-12-26 12:13:50 +01:00
El RIDO
f6b8ee3e20
add missing check for non-expiring pastes, fixes #149
2016-12-25 12:15:29 +01:00
El RIDO
ecd8a51137
writing a unit test for #145 lead to the discovery of two errors in the polish translations: error in formula and missing number placeholders in the translation strings
2016-12-25 11:37:45 +01:00
atnaguzin
bbcc53f08e
StyleCI fix
2016-12-16 12:25:10 +03:00
R4SAS
ccba2f029f
added ru plural formula
2016-12-16 12:15:37 +03:00
rugk
da10a761c4
Fix more typos
2016-12-12 18:50:00 +01:00
rugk
61ee0ef7d3
Fix typos
2016-12-12 18:49:08 +01:00
rugk
658d5ae84d
Fix style-ci errors
2016-12-12 18:43:23 +01:00
El RIDO
1f46823942
applying patch based on StyleCI ruleset
2016-10-29 10:24:08 +02:00
El RIDO
8cfcf1c9f5
Adding HTTP headers to address certain XSS attacks, resolves #91
2016-09-18 11:29:37 +02:00
rugk
1a159c973f
Prevent referrer to be send
...
Uses both CSP and Referrer-Policy
Fixes #96
2016-09-03 18:12:24 +02:00
rugk
b7184b92a3
Fix csp config unit tests
2016-08-27 14:47:21 +02:00
rugk
b11866a63b
Allow manifest loading via CSP (2)
2016-08-27 00:02:50 +02:00
El RIDO
a13266a784
ensure the server salt path is initialized, instead of relying on the default
2016-08-25 15:02:38 +02:00
El RIDO
e925833090
bumping version number to 1.0
2016-08-25 09:53:31 +02:00
El RIDO
6aba39488f
adding check for PATH ending in DIRECTORY_SEPARATOR, fixes #86
2016-08-22 09:46:26 +02:00
El RIDO
f72e260ee7
adding subresource integrity hashes for all javascript includes, resolves #6
2016-08-16 11:11:03 +02:00
rugk
75cb771e4b
Merge branch 'master' into prng, resolve merge conflicts
2016-08-15 18:15:57 +02:00
El RIDO
72aac25f68
added configuration for PHP Coding Standards Fixer, including its fixes, resolving #47
2016-08-15 16:45:47 +02:00
rugk
8038fde29d
Revert #44
...
Scrutinizer-ci confirmed the detection of this was a false-positive, so we can remove this workaround.
They added it to their internal issue tracker.
2016-08-12 18:30:14 +02:00
El RIDO
0a628e83c1
Merge pull request #59 from PrivateBin/52-identicons
...
Implementation of Identicons library
2016-08-12 12:22:20 +02:00
El RIDO
ca66653d0c
applying: php-cs-fixer fix lib/ --level=psr2
2016-08-11 15:05:43 +02:00
El RIDO
6cb7454d07
Added tests for JSON errors, should help us figure out the cause of the problem in #11
2016-08-11 14:41:52 +02:00
rugk
bea9a577a6
Use better random number generator #29
2016-08-10 23:15:06 +02:00
El RIDO
c237337cd2
some minor whitespace improvements detected by scrutinizer
2016-08-10 18:22:28 +02:00
El RIDO
3988b860b0
implemented Identicon library as new default for comment icons, made Vizhash an optional alternative, refactored Vizhash and removed string lenghtening
2016-08-10 17:41:46 +02:00
El RIDO
1ef28d7a5c
minor fixes, typos
2016-08-10 15:03:06 +02:00
El RIDO
addb666a23
introducing CSP header to mitigate XSS attacks, closes #10
2016-08-09 14:46:32 +02:00
El RIDO
5b7b234821
doc bloc corrections
2016-08-09 13:07:11 +02:00
El RIDO
c2efe2e609
some optimization
2016-08-09 12:45:26 +02:00
El RIDO
3fa0881c07
updated documentation, small cleanups
2016-08-09 12:21:32 +02:00
El RIDO
b45bef8388
Renamed classes for full PSR-2 compliance, some cleanup
2016-08-09 11:54:42 +02:00
Sobak
5d7003ecc1
Convert to PSR-2 coding style (using phpcs-fixer)
2016-07-26 08:19:35 +02:00
Sobak
884310add6
Oficially bump minimal PHP version to 5.3.0
2016-07-26 08:06:40 +02:00
Simon Rupf
d14eb0efe4
fixing configuration and its test to match the new namespaces
2016-07-25 11:02:39 +02:00
Sobak
b1305beb0f
Improve workaround for keeping config file format BC
2016-07-22 15:31:42 +02:00
Sobak
54f96b9938
Introduce PSR-4 autoloading
2016-07-22 12:11:48 +02:00
El RIDO
9a9362789b
addressing issues with failed attachement uploads due to webserver configuration, resolves #15
2016-07-19 15:26:41 +02:00
El RIDO
002046cc62
some minor cleanups
2016-07-19 14:44:17 +02:00
El RIDO
be4c845129
Merge branch 'master' of github.com:PrivateBin/PrivateBin
2016-07-19 14:02:45 +02:00
El RIDO
c5606a47fe
refactoring away RainTPL and templating, resolves #36
2016-07-19 14:02:26 +02:00
rugk
38ab755733
Replace HTTP links with HTTPS
...
Using this regexp: https://regex101.com/r/rZ2dE2/1
2016-07-19 13:56:52 +02:00
El RIDO
03306dabff
using TEXT data type for PostgreSQL instead of BLOB, hopefully resolves #8
2016-07-18 15:55:51 +02:00
El RIDO
e7dde4d212
cleaning REQUEST_URI for good measure
2016-07-18 15:21:32 +02:00
El RIDO
e1d6db88a1
Merge pull request #44 from PrivateBin/rugk-itBugsMe
...
Change array used for language selection
2016-07-18 15:15:41 +02:00
El RIDO
afaa111d22
code style
2016-07-18 15:13:56 +02:00
El RIDO
b53efda635
improving code coverage and unit testing
2016-07-18 14:47:32 +02:00
rugk
2e863e3ed9
Search key first
...
Looks a bit complicated, but well...
2016-07-18 13:25:41 +02:00
rugk
80e9d75477
Remove unnecessary array
...
Now it is right...
2016-07-18 13:12:54 +02:00
rugk
19d5659a8f
Change array
...
https://github.com/PrivateBin/PrivateBin/issues/41
Not tested locally, let's say what Travis says... 😄
2016-07-18 13:11:15 +02:00
El RIDO
ff0c55c0d6
introduce option to disable vizhash for paranoid admins, resolves #20 point 2.4
2016-07-18 10:14:38 +02:00
El RIDO
f8bc40b4e4
introducing automatic purging of expired pastes, triggered by default at least 5 minutes apart, deleting a maximum of 10 pastes - resolves #3
2016-07-15 17:02:59 +02:00
El RIDO
4d10fd9690
fixing support for pre renaming configuration file format, resolves #37
2016-07-13 09:41:45 +02:00
El RIDO
90a26d8fcb
removing some code smells, found in the various code checker tools
2016-07-11 15:47:42 +02:00
El RIDO
c33c50f775
using table name sanitation function to ensure no weird characters are used by accident (e.g. by oddly configured table prefix)
2016-07-11 14:33:45 +02:00
El RIDO
3b3b5277eb
refactoring to improve code quality
2016-07-11 14:15:20 +02:00
El RIDO
79509ad48a
renaming the fork to PrivateBin
2016-07-11 11:58:15 +02:00
El RIDO
b8080acc78
fixing an unhandled case found with scrutinizer-ci
2016-07-06 14:58:06 +02:00
El RIDO
c13caee981
fixing some documentation issues detected by scrutinizer-ci
2016-07-06 14:12:14 +02:00
El RIDO
0e217a42c5
introduce new zerobincompatibility option, replacing the base64 one, if it is enabled, delete tokens use sha256; added per paste salt with server salt fallback; this resolves the points 2.2 & 2.9 in #103
2016-07-06 11:37:13 +02:00
El RIDO
6b0b814dc6
removing leftover from previously using a different function, resolves #83
2016-07-06 09:41:07 +02:00
El RIDO
5980f8b603
removing some unused code detected by codacy
2016-07-04 20:46:45 +02:00
rugk
fd5a7a07ae
Soft fail for chmod errors
2016-06-22 18:08:25 +02:00
rugk
54f1cb9d34
Only protect file if it was written
2016-06-21 21:47:03 +02:00
rugk
8a48e9ce78
Set permissions when saving files
...
Fixes https://github.com/elrido/ZeroBin/issues/80
2016-06-21 17:18:11 +02:00
rugk
1a1818660d
Missing space
2016-05-12 20:07:58 +02:00
El RIDO
4918bef4dc
Although there usually are no plurals in chinese, there's an exception
...
for words related to persons, when not preceeded by a numeric word.
Sources:
- http://localization-guide.readthedocs.org/en/latest/l10n/pluralforms.html#f3
- https://answers.yahoo.com/question/index?qid=20110606153553AAAW5zX
2016-04-26 20:21:30 +02:00
El RIDO
3a92c940a9
implementing media type negotiation (based on language negotiation
...
logic) in cases both JSON and (X)HTML are being requested, resolving #68
2016-04-08 23:29:44 +02:00
El RIDO
a4ebdbc606
re-introducing (optional) URL shortener support, resolves #58
2016-01-31 09:56:06 +01:00
El RIDO
09dd79dbc7
switching to SHA256 HMAC of IPs in traffic limiter, resolves #57
2015-12-22 20:58:23 +01:00
Mihail Fedorov
a13ad6368f
MD5 instead of IP
2015-12-22 06:02:41 +03:00
El RIDO
24a4328c55
incrementing version, updating changelog, added missing phpdoc comments
2015-11-09 21:39:42 +01:00
El RIDO
42a9c92b5e
improved database backend support for larger files (100 KiB - 16 MiB),
...
introduced database versioning to reduce amount of checks done per
request
2015-11-01 17:02:20 +01:00
El RIDO
d42975580a
expire_options and formatter_options should not be filled up with
...
default values, resolves #52
2015-10-24 08:44:17 +02:00
El RIDO
176dff3b70
renaming config file to make updates easier, resolving #50
2015-10-22 21:13:15 +02:00
El RIDO
e3f4aa982c
adding configuration option to set a default language and/or force it,
...
resolves #39
2015-10-18 20:38:07 +02:00
El RIDO
ca07398b66
adding option to hide clone button on expiring pastes, resolves #34
2015-10-18 17:56:45 +02:00
El RIDO
14d08ec56d
working on JSON-LD validity, added CORS headers preparing external API
...
call support
2015-10-18 14:37:58 +02:00
El RIDO
22d0b1ec22
updating comment format to match defined JSON-LD API context
2015-10-18 11:38:48 +02:00
El RIDO
f21567133c
changing paste read output for API refactoring
2015-10-18 11:08:28 +02:00
El RIDO
b92b38cee8
found and resolved issues in database layer, thanks to report in #42
2015-10-16 23:13:36 +02:00
El RIDO
2e3bacb699
fixing deletion issue in request refactoring, starting work on API read
...
refactoring
2015-10-15 22:04:57 +02:00
El RIDO
512b3d1172
fixing "missing" comments when they were posted during the same second
2015-10-12 21:07:41 +02:00
El RIDO
1d6cfb7f3b
refactoring delete API, added external JSON-LD context
2015-10-11 21:22:00 +02:00
El RIDO
9e6e29bc93
working on API: simplifying PUT request mocking
2015-10-11 18:50:48 +02:00
El RIDO
e5b096ed8c
found and fixed a bug when using expiration together with discussion
2015-10-03 17:54:18 +02:00
El RIDO
add980d36f
adding UI tests for database configuration, fixed an issue with comment
...
table creation
2015-10-03 15:52:37 +02:00
El RIDO
7ec94e0db5
implementing request refactoring, beginning JS changes for JSON API, but
...
discovered that DELETE and PUT are not available on all webservers by
default
2015-09-27 20:34:39 +02:00
El RIDO
6b7dc44039
preparing unit test for request object
2015-09-27 15:37:17 +02:00
El RIDO
ce3f10f143
improving unit tests, fixing regression in DB model
2015-09-27 14:36:20 +02:00
El RIDO
694138c5d4
mostly finished with data model refactoring
2015-09-27 03:03:55 +02:00
El RIDO
211d3e4622
preparing unit test for model refactoring, refactoring traffic limiter
2015-09-26 17:57:46 +02:00
El RIDO
d04eab52c9
refactoring how attachments are stored
2015-09-26 12:29:27 +02:00
El RIDO
6d24ff824e
refactoring configuration
2015-09-22 23:21:31 +02:00
El RIDO
9f68658106
incrementing version number, updating changelog
2015-09-21 22:43:00 +02:00
El RIDO
0de9f868fa
improving unit tests, fixing #38
2015-09-21 22:32:52 +02:00
El RIDO
608605cd54
incrementing version number, updating docs
2015-09-19 17:23:10 +02:00
El RIDO
a41d0ca4dd
various fixes:
...
- changing default formatter option to plain text to make upgrading from
0.19 Alpha smoother
- fixing translation message change in bootstrap templates
- adjusting how image uploads are displayed in bootstrap templates
2015-09-19 14:22:29 +02:00
El RIDO
a111357fae
add optional (since it uses a session cookie) language selection
2015-09-19 11:21:13 +02:00
El RIDO
47efedf23c
traffic limiter would fail behind a reverse proxy / load balancer.
...
Adding configuration option to set the trusted HTTP header to get the
visitors IP in such a case (avoiding security issue if malicious clients
just set these headers themselfs)
2015-09-18 22:31:01 +02:00
El RIDO
ed9c4f45f4
adding file name support for #20 , solving issue with unencryptable file
2015-09-18 12:33:10 +02:00
El RIDO
ec8851e46c
support < 0.21 syntax highlighting
2015-09-17 20:47:00 +02:00
El RIDO
106141efa4
merging @vikstrous file upload feature for #20 from
...
8a6d268278
2015-09-16 22:51:48 +02:00
El RIDO
0e53d1ee86
added markdown support and a dropdown for the format selection. The
...
options other then markdown are plain text and source code (syntax
highlighting). Resolves #25
2015-09-12 17:33:16 +02:00
El RIDO
b060d57524
- implemented php side of plural translation
...
- using it to generate labels dynamically for the expire options
(deprecating the [expire_labels] configuration).
- added translation of the human readable data sizes to support the
french octet
- fixed IEC label for kibibytes
2015-09-06 19:21:17 +02:00
El RIDO
eee7b0144a
covering JS side of translations ( #7 ), added the messages to the
...
translation files and translated the german ones
2015-09-06 13:07:46 +02:00
El RIDO
a2af88a36e
initial work on translations, covering the PHP side of it
2015-09-05 02:24:56 +02:00
El RIDO
28776ac178
formatting RainTPL class
2015-09-05 01:55:19 +02:00
El RIDO
411419d597
adding tests and unifying paste creation output
2015-09-03 22:55:36 +02:00
El RIDO
2d79ba8243
updating docs, bumping version to 0.20
2015-09-03 22:22:59 +02:00
El RIDO
602fc4705e
change for API consistency
2015-09-01 23:51:31 +02:00
El RIDO
b25022e403
refactored JSON API, its now possible to retrieve pastes as JSON, which
...
is now used when posting comments, eliminating the need to store the
password in sessionStorage
2015-09-01 22:33:07 +02:00
El RIDO
802a0b26b9
burn after reading messages are only deleted after callback by JS when
...
successfully decrypted, resolves #11
2015-08-31 22:10:41 +02:00
El RIDO
d3c4600806
slight configuration changes, template modifications to make discussions
...
and password configurable, removed generated configuration test as it
grows quite big and a new one can be generated easily if needed
2015-08-31 00:01:35 +02:00
El RIDO
2d0668af03
concluding work on configuration test generator for #16 . Replaced a few
...
die()s in the code with Exception, making it possible to test properly.
Fixed some outdated unit tests.
2015-08-29 20:29:14 +02:00
El RIDO
1c4d1aa6b6
working on configuration unit test generator as described in #16
2015-08-29 01:26:48 +02:00
El RIDO
ae82e84ef8
correcting php doc comments
2015-08-27 23:58:56 +02:00
El RIDO
d57d6cf44b
created initial unit tests for main zerobin class
2015-08-27 23:30:35 +02:00
El RIDO
f775da3931
fixing nasty deletion bug from #15 , included unit tests to trigger it
...
and reworked persistence classes to through exceptions rather to fail
silently
2015-08-27 21:41:21 +02:00
El RIDO
cb28056223
made highlighting more configurable, added all four themes, there is now a configurable flavour text (notice)
2015-08-17 23:18:33 +02:00
El RIDO
24d18c5313
cleaned up phpdoc comments, added README on how to install and use it
2015-08-16 15:55:31 +02:00
El RIDO
49c6e3c1b6
updated base64.js to version 2.1.9, using minified version found at
...
9192c510f5/base64.min.js
kudos Dan Kogai
small improvements to input checking
implementing default values for most configuration options
switching to versioned JS files to avoid version hack used in template
2015-08-16 12:27:06 +02:00
El RIDO
769768d25e
updated jquery to 1.11.3
2015-08-16 11:20:06 +02:00
El RIDO
8881b3047a
changing version string
2015-08-16 00:04:14 +02:00
Sebastien SAUVAGE
43a439e7d0
Time attack protection on hmac comparison
...
This fixes issue 2.7 of https://defuse.ca/audits/zerobin.htm , and thus
(with commit a24212afda90ca3e4b4ff5ce30d2012709b58a28) also issue 2.8.
(cherry picked from commit 0b4db7ece313dd268e51fc47a0293a649927558a)
Conflicts:
index.php
2015-08-15 23:44:03 +02:00
Sebastien SAUVAGE
e7feca0e53
Stronger server salt
...
ZeroBin now generates a much stronger salt. This fixes issue #68
(mentioned in section 2.1 of https://defuse.ca/audits/zerobin.htm )
(cherry picked from commit a24212afda90ca3e4b4ff5ce30d2012709b58a28)
Conflicts:
lib/serversalt.php
lib/vizhash16x16.php
2015-08-15 22:18:57 +02:00
jeldrik
4f72f04eda
Prevent inconstitent /data/trafic_limiter.php due to file read while writing
...
(cherry picked from commit 71a7f6adaea9a86a84fa8ebbcb9e5c506a785527)
Conflicts:
index.php
2015-08-15 22:10:05 +02:00
Sébastien SAUVAGE
5b54ca34ad
Update index.php
...
Removed ugly error message when paste identifier is invalid (eg. http://mydomain.com/zerobin?foo )
(cherry picked from commit 43fa904979a29e4c205b9f4f08e1c487555bbe1c)
Conflicts:
index.php
2015-08-15 22:07:07 +02:00
Sebastien SAUVAGE
bc8b23d35e
XSS flaw correction
...
With a client IE < 10 there was a XSS security flaw. Other browsers were
not affected.
Also corrected spacing display with IE<10.
(cherry picked from commit 28813cd82ae47e556b610da3c7302a6709e27431)
Conflicts:
CHANGELOG.md
index.php
js/zerobin.js
lib/vizhash16x16.php
2015-08-15 22:01:43 +02:00
El RIDO
e646729b2d
fixing regressions from cherrypicking
2015-08-15 21:39:08 +02:00
Sebastien SAUVAGE
5f87ea6843
ZeroBin 0.18
...
(cherry picked from commit 7a8cbee2f99cd74a50bce7e8df8130e2c477d903)
Conflicts:
CHANGELOG.md
index.php
js/zerobin.js
lib/vizhash16x16.php
2015-08-15 21:06:19 +02:00
Sebastien SAUVAGE
cff4d99f05
"Burn after reading" as a checkbox
...
"Burn after reading" option has been moved out of Expiration combo to a
separate checkbox.
Reason is: You can prevent a read-once paste to be available ad vitam
eternam on the net.
(cherry picked from commit 190b278402c086ebc4d1a78aae27d1e2666e3e7a)
Conflicts:
css/zerobin.css
index.php
js/zerobin.js
tpl/page.html
2015-08-15 19:01:03 +02:00
El RIDO
ad70051323
reviewed unit tests, fixing line endings, added more tests
2015-08-15 18:32:31 +02:00
Sebastien SAUVAGE
7db76d8d71
Updated json checking.
...
- adapted to SJCL changed
- added entropy checking (from
f2ee2e8ba2
)
(cherry picked from commit 57e6274c64e2c99c754b63586af6b34c374fbc2b)
Conflicts:
index.php
2015-08-15 18:16:55 +02:00
El RIDO
134d22c958
small unit testing improvements, removing never accessed code
2015-08-15 16:37:44 +02:00
Simon Rupf
badf459390
split common persistance logic into abstract class
2013-11-01 01:15:58 +01:00
Sebastien SAUVAGE
5b253cf77c
ZeroBin 0.17
...
* added deletion link.
* small refactoring.
* improved regex checks.
* larger server alt on installation.
2013-11-01 01:15:14 +01:00
Sébastien SAUVAGE
c26c4a8bec
arbitrary JSON file disclosure correction
...
The following securit issue has been fixed:
https://github.com/sebsauvage/ZeroBin/issues/30
2013-10-31 22:53:22 +01:00
Simon Rupf
d247bff897
syntax highlighting can now be turned off, template can be changed in
...
configuration
2013-10-31 22:24:40 +01:00