Commit Graph

1506 Commits

Author SHA1 Message Date
El RIDO
ded24b43ab Merge pull request #17 from Hexalyse/master
Display default paste expiration time
2015-09-01 18:52:20 +02:00
Hexalyse
9611e0ec4f The default expiration time of the paste is now also displayed before we select an expiration time. 2015-09-01 14:19:03 +02:00
El RIDO
802a0b26b9 burn after reading messages are only deleted after callback by JS when
successfully decrypted, resolves #11
2015-08-31 22:10:41 +02:00
El RIDO
9fdbba76ce working on password function for #15:
- asking again if password is wrong
- display error if user cancels dialog
- use password to encrypt comments, too (password is "stored" in the
password field)
- store password in sessionStorage when posting a comment so, that it
doesn't have to typed in again, but clear sessionStorage as soon as
password is retrieved
2015-08-31 21:14:12 +02:00
El RIDO
d3c4600806 slight configuration changes, template modifications to make discussions
and password configurable, removed generated configuration test as it
grows quite big and a new one can be generated easily if needed
2015-08-31 00:01:35 +02:00
Hexalyse
0198371049 Password input id change in zerobin.js 2015-08-30 15:06:32 +02:00
Hexalyse
eadcd60e14 Password input id change in zerobin.js 2015-08-30 15:05:50 +02:00
Hexalyse
1009491721 Fixed bug of password input not displaying on bootstrap theme 2015-08-30 14:46:43 +02:00
Hexalyse
f2532f8310 Changed ids in HTML 2015-08-30 14:44:46 +02:00
Hexalyse
2c8f5a0566 Added password field on bootstrap theme 2015-08-30 14:43:01 +02:00
Hexalyse
fa273a3429 Added password field on bootstrap theme 2015-08-30 14:36:40 +02:00
Hexalyse
95f1db925b Merge branch 'master' of https://github.com/elrido/ZeroBin
Conflicts:
	cfg/conf.ini
	js/zerobin.js
2015-08-30 14:33:09 +02:00
El RIDO
2d0668af03 concluding work on configuration test generator for #16. Replaced a few
die()s in the code with Exception, making it possible to test properly.
Fixed some outdated unit tests.
2015-08-29 20:29:14 +02:00
El RIDO
99dbb22e21 refining configuration test generator, now supporting conditions on
tests (i.e. if syntax highlighting is false, highlighting should never
be loaded)
2015-08-29 10:41:10 +02:00
El RIDO
1c4d1aa6b6 working on configuration unit test generator as described in #16 2015-08-29 01:26:48 +02:00
El RIDO
ae82e84ef8 correcting php doc comments 2015-08-27 23:58:56 +02:00
El RIDO
be91afa042 - fixing JS errors when syntax highlighting is disabled (point 1. #15)
- fixing missing url conversion in highlighted text (point 2. # 15)
2015-08-27 23:58:28 +02:00
El RIDO
d57d6cf44b created initial unit tests for main zerobin class 2015-08-27 23:30:35 +02:00
El RIDO
f775da3931 fixing nasty deletion bug from #15, included unit tests to trigger it
and reworked persistence classes to through exceptions rather to fail
silently
2015-08-27 21:41:21 +02:00
El RIDO
d042bb41ba Updated README with a security notice as mentioned in issue #13 2015-08-23 18:09:34 +02:00
El RIDO
3306bcff99 switch to bootstrap theme by default 2015-08-23 18:08:45 +02:00
El RIDO
259ca3c55f bootstrap theme should display the textarea as monospaced text, too 2015-08-23 18:07:38 +02:00
El RIDO
aa3eba9b1f Merge branch 'master' of https://github.com/elrido/ZeroBin 2015-08-23 15:55:03 +02:00
Simon Rupf
a34cc562e1 optimized bootstrap comment layout 2015-08-23 15:52:25 +02:00
Simon Rupf
c78e1fc3db optimized bootstrap comment layout 2015-08-23 15:49:51 +02:00
Hexalyse
da7ffc5d07 Changed css 2015-08-22 22:46:35 +02:00
Hexalyse
8c519db877 changed some font sizes 2015-08-22 17:40:26 +02:00
Hexalyse
2aa71708e2 Corrected display of password field 2015-08-22 17:27:43 +02:00
Hexalyse
89bfc2ffe0 Merge remote-tracking branch 'origin/master' 2015-08-22 17:24:03 +02:00
Hexalyse
3b537eda40 Added an optional password protection 2015-08-22 17:23:41 +02:00
Hexalyse
02964aa936 changed button color when Open discussion is disabled 2015-08-22 17:01:14 +02:00
Hexalyse
d600ae7319 Changed text size of about box for readability 2015-08-22 16:54:37 +02:00
Hexalyse
f2912a07b0 Changed config to use SQLite 2015-08-22 16:43:02 +02:00
El RIDO
b299a6e03e added a bootstrap theme, still needs some work in the comments layout 2015-08-17 23:19:15 +02:00
El RIDO
cb28056223 made highlighting more configurable, added all four themes, there is now a configurable flavour text (notice) 2015-08-17 23:18:33 +02:00
El RIDO
24d18c5313 cleaned up phpdoc comments, added README on how to install and use it 2015-08-16 15:55:31 +02:00
El RIDO
3a183470a6 included sons of obsidian prettify template, since the new default one is a bit bleak 2015-08-16 15:52:46 +02:00
El RIDO
0c1d5c62d5 updated de/inflate to versions 0.5/0.3, using versions found at
a3725d3bee
kudos Dan Kogai
2015-08-16 13:02:27 +02:00
El RIDO
a0107d7eae updated prettify to minified versions found at
6aa04af68e/loader/prettify.js
6aa04af68e/loader/prettify.css
kudos Mike Samuel
2015-08-16 12:46:01 +02:00
El RIDO
49c6e3c1b6 updated base64.js to version 2.1.9, using minified version found at
9192c510f5/base64.min.js
kudos Dan Kogai

small improvements to input checking
implementing default values for most configuration options
switching to versioned JS files to avoid version hack used in template
2015-08-16 12:27:06 +02:00
El RIDO
7bc8c14df6 updated sjcl to version 1.0.2, using minified version found at
11a673d1d3/sjcl.js
kudos Nils Kenneweg
2015-08-16 11:29:01 +02:00
El RIDO
769768d25e updated jquery to 1.11.3 2015-08-16 11:20:06 +02:00
El RIDO
3aa4911991 Small text message changes 2015-08-16 01:56:39 +02:00
El RIDO
8881b3047a changing version string 2015-08-16 00:04:14 +02:00
Sebastien SAUVAGE
43a439e7d0 Time attack protection on hmac comparison
This fixes issue 2.7 of https://defuse.ca/audits/zerobin.htm, and thus
(with commit a24212afda90ca3e4b4ff5ce30d2012709b58a28) also issue 2.8.

(cherry picked from commit 0b4db7ece313dd268e51fc47a0293a649927558a)

Conflicts:
	index.php
2015-08-15 23:44:03 +02:00
Sebastien SAUVAGE
daf5522b1e Potentiel security bug corrected
Bug reproduction: 1) paste texte containing html/javascript. 2) send 3)
clic "Raw text"  4) refresh: The html/javascript is interpreted instead
of just displayed.
Under some versions of Chrome, it happens without refreshing.
This bug was corrected.

(cherry picked from commit 4f8750bbddcb137213529875e45e3ace3be9a769)
2015-08-15 22:24:25 +02:00
Sebastien SAUVAGE
e7feca0e53 Stronger server salt
ZeroBin now generates a much stronger salt. This fixes issue #68
(mentioned in section 2.1 of https://defuse.ca/audits/zerobin.htm)

(cherry picked from commit a24212afda90ca3e4b4ff5ce30d2012709b58a28)

Conflicts:
	lib/serversalt.php
	lib/vizhash16x16.php
2015-08-15 22:18:57 +02:00
jeldrik
4f72f04eda Prevent inconstitent /data/trafic_limiter.php due to file read while writing
(cherry picked from commit 71a7f6adaea9a86a84fa8ebbcb9e5c506a785527)

Conflicts:
	index.php
2015-08-15 22:10:05 +02:00
Sébastien SAUVAGE
5b54ca34ad Update index.php
Removed ugly error message when paste identifier is invalid (eg. http://mydomain.com/zerobin?foo)
(cherry picked from commit 43fa904979a29e4c205b9f4f08e1c487555bbe1c)

Conflicts:
	index.php
2015-08-15 22:07:07 +02:00
Sebastien SAUVAGE
bc8b23d35e XSS flaw correction
With a client IE < 10 there was a XSS security flaw. Other browsers were
not affected.
Also corrected spacing display with IE<10.

(cherry picked from commit 28813cd82ae47e556b610da3c7302a6709e27431)

Conflicts:
	CHANGELOG.md
	index.php
	js/zerobin.js
	lib/vizhash16x16.php
2015-08-15 22:01:43 +02:00