Commit Graph

1661 Commits

Author SHA1 Message Date
El RIDO
42130e0468
prevent potentially non-encoded string from getting returned 2020-01-18 10:53:58 +01:00
El RIDO
685c354d0e
several changes:
- added tests for all 4 cases: output to string or into element vs first param contains link or not
- cleaned up logic - skip HTML entity encoding only if we can ensure insertion to text node / when output to string, we always encode
- DOMpurify sanitizes gopher, ws & wss links, which we previosly had tested for
2020-01-18 10:44:35 +01:00
El RIDO
fa9d3037ba
fixing logic & indentation 2020-01-18 07:44:32 +01:00
El RIDO
7b87dc3ca9
cleanup revert 2020-01-18 07:36:43 +01:00
El RIDO
0d08edbe55
Revert "getting rid of htmlEntities (except for tests)" a0740ff79f 2020-01-18 07:30:01 +01:00
El RIDO
cec5cb41d7
Partial revert "Do not double-encode HTML in i18n", only revert the removal of required encoding logic - still has to be moved
This reverts commit 01414e43ca.
2020-01-18 07:20:05 +01:00
El RIDO
76eff6a87a
Revert "[TEST] Try to disallow vulnerable cases" to remove accidentally committed file and statement that breaks the tests
This reverts commit ebc2d649c4.
2020-01-18 07:12:03 +01:00
El RIDO
fd4492f229
ensuring that both critical branches get tested 2020-01-18 07:09:56 +01:00
El RIDO
5daba16333
Merge branch 'ensag-dev-master' 2020-01-16 05:28:17 +01:00
rugk
eb549d70d1
Invert conatainsLink logic 2020-01-15 17:52:51 +01:00
ensag-dev
9f6c02276a
Update Occitan translation 2020-01-14 16:24:53 +01:00
rugk
ebc2d649c4
[TEST] Try to disallow vulnerable cases 2020-01-13 19:56:15 +01:00
rugk
01414e43ca
Do not double-encode HTML in i18n
This issue got introduced in 4bf7f86 due to double

Fixes https://github.com/PrivateBin/PrivateBin/issues/557
Fixes https://github.com/PrivateBin/PrivateBin/issues/558

Also _inverted_ the logic/variable name for containsNoLinks to
the more logical one "containsLinks" to avoid too many negations.

Also verified that the attachment name is stil properly displayed
when you clone a paste.
2020-01-13 19:17:30 +01:00
El RIDO
9aac073a49
clarifying for #525 that none is a string, as PHP might evaluate it to NULL instead 2020-01-09 05:42:42 +01:00
El RIDO
599264e167
partially address #556 - now comments can only be added after successfull decryption 2020-01-08 19:48:42 +01:00
El RIDO
ed590ee557
incrementing version 2020-01-08 19:31:06 +01:00
El RIDO
d73f8468d8
documenting changes for 1.2.2 2020-01-08 19:23:33 +01:00
El RIDO
ef8943d838
upgrading base-x library to 3.0.7 2020-01-07 20:11:12 +01:00
El RIDO
2fd649db14
upgrading showdown to released 1.9.1 version 2020-01-07 19:58:05 +01:00
El RIDO
11a7ac4e2b
address new fixer in StyleCI causing false positives in templates 2020-01-07 19:39:22 +01:00
El RIDO
a9bf667f8e
address error, displayed when paste has attachment, but configuration has them disabled 2020-01-04 13:33:03 +01:00
El RIDO
4bf7f863dc
more general solution addressing #554, kudos @rugk for the suggestions 2020-01-04 13:14:53 +01:00
El RIDO
8d0ac336d2
addressing jsverifyRngState 8b8f0d4ec2a67139b5, fixes HTML injection via filename, closes #554 2019-12-25 09:14:32 +01:00
El RIDO
ddaee6486d
Merge branch 'm1cr0man-master' 2019-12-25 08:16:33 +01:00
El RIDO
3485922366
documenting change 2019-12-25 08:16:17 +01:00
El RIDO
0efe6f7a8e
simplify logic, fullfills the unit test 2019-12-25 08:11:25 +01:00
El RIDO
07a6e3094d
adding unit tests for the new confi file env variable 2019-12-25 07:58:14 +01:00
Lucas Savva
7d9ec9509b Handle previously renamed CONFIG_PATH gracefully 2019-12-24 19:12:08 +00:00
Lucas Savva
d5d13fa831 Add logic to rename insecure CONFIG_PATH 2019-12-24 18:51:47 +00:00
Lucas Savva
13fb849973 Add CONFIG_PATH notes to INSTALL.md 2019-12-20 14:28:43 +00:00
Lucas Savva
b5c86e290f squashme: fix code style issue 2019-12-20 10:42:59 +00:00
Lucas Savva
6b0468ebff Add support for a CONFIG_PATH variable 2019-12-19 23:06:32 +00:00
El RIDO
825f6884be
updating German translations 2019-12-07 08:26:51 +01:00
El RIDO
ee9e340de0
Merge branch 'qianmengnet-master' 2019-12-07 08:22:44 +01:00
El RIDO
2cbb86cefc
adding missing translation IDs, kudos @qianmengnet for finding these 2019-12-07 08:22:29 +01:00
El RIDO
3923817f2b
formatting of JSON, unicode tilde 2019-12-07 08:18:13 +01:00
Alex Lee
b00d8e4ad8
Update zh.json 2019-12-05 08:34:42 +08:00
Alex Lee
aa75e596c8
Update zh.json 2019-12-04 12:20:23 +08:00
El RIDO
787daccb78
Merge branch 'Haocen-543' 2019-11-29 19:12:36 +01:00
Haocen Xu
87cf61c39b
Update SRI 2019-11-21 17:49:21 -05:00
Haocen Xu
853fd906cb
Fix unnecessary closure capture 2019-11-21 17:43:10 -05:00
El RIDO
af8d963fd2
updating DOMpurify library, fixes #523 2019-11-02 17:31:45 +01:00
El RIDO
0ed238a775
Merge branch 'AndriiZ-master' 2019-11-02 17:21:22 +01:00
El RIDO
8cf0c86ebb
simplify case statement, update documentation 2019-11-02 17:18:22 +01:00
El RIDO
b23fd48d49
Merge branch 'master' of https://github.com/AndriiZ/PrivateBin into AndriiZ-master 2019-11-02 17:11:05 +01:00
El RIDO
ffe26a8841
Merge branch 'Haocen-398' 2019-11-02 17:04:19 +01:00
El RIDO
0b6139fb42
updating change log and optimizing png 2019-11-02 17:03:40 +01:00
Haocen Xu
7d7ff34d83
Update SRI 2019-10-31 15:07:24 -04:00
Haocen Xu
e079f6c830
Implement Email button 2019-10-31 15:07:13 -04:00
Haocen Xu
63fdd2eba3
Fix missing semi colon 2019-10-30 14:04:10 -04:00