Commit Graph

241 Commits

Author SHA1 Message Date
El RIDO
05c1776ada
ensure ALL read errors are only exposed in the JSON API to avoid information leakage (i.e. beviour for deleted vs expired pastes), updated test cases & removed duplicate test 2018-05-27 14:36:30 +02:00
El RIDO
caf87cc6f1
Merge branch 'master' into burnafterreading-fix, regression in expired paste error 2018-04-30 20:01:38 +02:00
El RIDO
2c82279292
Merge branch 'attachment-handling' of https://github.com/thororm/PrivateBin into thororm-attachment-handling
apart from resolving conflicts:
- added missing docs
- inlined functions that were used in only one location
- updated unit test to support all previews
- fixed a regression that displayed the preview even when there was no preview and too early
2018-04-29 11:57:03 +02:00
rugk
9c132cd839
Disallow form-action in CSP to limit outgoing connections
See https://github.com/PrivateBin/PrivateBin/issues/272
2018-01-06 18:06:06 +01:00
El RIDO
3bca559826
moving access to into Request class 2018-01-06 10:27:58 +01:00
rugk
414ab0eb71
Add config and basic page template support
* load JS file asyncronously (just HTML5 async attribut)
* add basic support for page template, where it generates the code inside
  of a simple div at the top
* added option to turn off QR code support
2017-12-25 14:59:15 +01:00
El RIDO
86ecdb1155
fixing post increment 2017-11-13 22:15:14 +01:00
El RIDO
502e96c129
StyleCI recommendations 2017-10-08 19:23:33 +02:00
El RIDO
a5d5f6066a
refactoring as recommended by Scrutinizer 2017-10-08 19:16:09 +02:00
El RIDO
9f26894b2e
PHP < 5.6 compatibility and StyleCI recommendations 2017-10-08 17:10:51 +02:00
El RIDO
4f06feef81
implemented JSON file conversion on purge and storage in PHP files for data leak protection 2017-10-08 16:59:31 +02:00
El RIDO
4ded4b7f8c
adding correct HTTP error to response, as per @rugk's recommentation 2017-10-08 16:43:46 +02:00
El RIDO
dbfb1e83ba
removing dead code 2017-10-08 16:43:10 +02:00
El RIDO
62f0b95377
making StyleCI happy 2017-10-08 16:42:43 +02:00
El RIDO
6e8eafe129
implemented INI cenversion functionality 2017-10-08 16:42:11 +02:00
El RIDO
6fa2bfe30e
updated documentation, incremented version 2017-10-08 16:40:51 +02:00
rugk
f037967820
changes the file extension to php and adds a small one-liner to stop PHP from presenting the file to any website visitor
Signed-off-by: El RIDO <elrido@gmx.net>
2017-10-08 16:25:48 +02:00
thororm
23f5dfbff8 Merge remote-tracking branch 'remotes/thororm/master' into attachment-handling
# Conflicts:
#	tpl/bootstrap.php
#	tpl/page.php
2017-05-13 19:48:25 +02:00
rugk
283873d89a
Fix stupid copy&paste error 2017-04-13 10:52:48 +02:00
rugk
9b6748c54d
Adjust requested changes 2017-04-13 10:46:09 +02:00
El RIDO
f54036976a
added instantburnafterreading option to address #174 2017-04-11 17:23:26 +02:00
rugk
183ebe518b
Force JSON request for getting paste data 2017-04-11 16:34:13 +02:00
thororm
096f07f86e Merge branch 'master' into attachment-handling
# Conflicts:
#	js/privatebin.js
#	tpl/bootstrap.php
#	tpl/page.php
2017-04-02 13:30:52 +02:00
El RIDO
bbcc3e167b
implementing recommendations of scrutinizer 2017-03-25 00:58:59 +01:00
El RIDO
9b2af0abf5
fixing documentation 2017-03-24 23:54:37 +01:00
El RIDO
18315e7de0
removing unused class 2017-03-24 23:45:10 +01:00
El RIDO
f7853cf439
removing duplicate code, cleanup of temporary test files 2017-03-24 23:42:11 +01:00
El RIDO
ce92bfa934
updated .htaccess format, refactored .htaccess creation logic and improving code coverage, fixes #194 2017-03-24 21:30:08 +01:00
El RIDO
88b02d866e
fixes #186 for good 2017-03-24 19:20:34 +01:00
El RIDO
be0919893d
updating shipped .htaccess files for Apache 2.4 as per https://httpd.apache.org/docs/2.4/upgrading.html#access - Thanks @EchoDev, fixes #194 2017-03-11 08:56:14 +01:00
El RIDO
823adb78ef
bumping required PHP to 5.4, removing unneccessary code, resolves #186 2017-03-05 11:22:24 +01:00
El RIDO
23b09d601d
credited Tulio for the portuguese translation, updated SRI hashes 2017-03-05 11:02:18 +01:00
El RIDO
db307c3a77
updated test cases and delete logic to properly implement documented API, thanks @r4sas #188 2017-02-22 21:42:14 +01:00
thororm
4cb0ce5114 Removed self from cspheader
Refactored some variable names
2017-02-13 20:37:57 +01:00
thororm
faf596aeb7 Added preview for
- Video (HTML5)
- Audio (HTML5)
- PDF (Browser capabilities)
attachment.
Added drag & drop functionality
Added attachment preview to preview before submitting
2017-02-12 15:35:37 +01:00
rugk
e9b10f9e2d
Add CSP sandbox
Fixes https://github.com/PrivateBin/PrivateBin/issues/168

Alos needed to run some Composer stuff, no idea why my diff was different.
2017-02-01 18:34:13 +01:00
El RIDO
a7de0e095b
added supported language, updated credits and changelog 2017-01-10 20:37:14 +01:00
El RIDO
67f6c4eb61
turned bootstrap template variants into logic 2017-01-08 10:02:07 +01:00
El RIDO
f79c00378b
Choosing correct Occitan plural formula, added unit tests for Occitan and Chinese, corrected casing of languages in unit test 2017-01-08 07:56:56 +01:00
El RIDO
a5d91298ff
add an option to change the site name, solves #154 2017-01-01 16:33:11 +01:00
El RIDO
4a036aea80
updated SRI hashes, added missing formula for slowene plurals and unit test for it, updated credits and changelog 2017-01-01 14:35:39 +01:00
El RIDO
1426d4e371
tagging 1.1 release and updating documentation 2016-12-26 12:13:50 +01:00
El RIDO
f6b8ee3e20
add missing check for non-expiring pastes, fixes #149 2016-12-25 12:15:29 +01:00
El RIDO
ecd8a51137
writing a unit test for #145 lead to the discovery of two errors in the polish translations: error in formula and missing number placeholders in the translation strings 2016-12-25 11:37:45 +01:00
atnaguzin
bbcc53f08e StyleCI fix 2016-12-16 12:25:10 +03:00
R4SAS
ccba2f029f added ru plural formula 2016-12-16 12:15:37 +03:00
rugk
da10a761c4
Fix more typos 2016-12-12 18:50:00 +01:00
rugk
61ee0ef7d3
Fix typos 2016-12-12 18:49:08 +01:00
rugk
658d5ae84d
Fix style-ci errors 2016-12-12 18:43:23 +01:00
El RIDO
1f46823942
applying patch based on StyleCI ruleset 2016-10-29 10:24:08 +02:00
El RIDO
8cfcf1c9f5
Adding HTTP headers to address certain XSS attacks, resolves #91 2016-09-18 11:29:37 +02:00
rugk
1a159c973f
Prevent referrer to be send
Uses both CSP and Referrer-Policy
Fixes #96
2016-09-03 18:12:24 +02:00
rugk
b7184b92a3 Fix csp config unit tests 2016-08-27 14:47:21 +02:00
rugk
b11866a63b Allow manifest loading via CSP (2) 2016-08-27 00:02:50 +02:00
El RIDO
a13266a784 ensure the server salt path is initialized, instead of relying on the default 2016-08-25 15:02:38 +02:00
El RIDO
e925833090 bumping version number to 1.0 2016-08-25 09:53:31 +02:00
El RIDO
6aba39488f adding check for PATH ending in DIRECTORY_SEPARATOR, fixes #86 2016-08-22 09:46:26 +02:00
El RIDO
f72e260ee7 adding subresource integrity hashes for all javascript includes, resolves #6 2016-08-16 11:11:03 +02:00
rugk
75cb771e4b Merge branch 'master' into prng, resolve merge conflicts 2016-08-15 18:15:57 +02:00
El RIDO
72aac25f68 added configuration for PHP Coding Standards Fixer, including its fixes, resolving #47 2016-08-15 16:45:47 +02:00
rugk
8038fde29d Revert #44
Scrutinizer-ci confirmed the detection of this was a false-positive, so we can remove this workaround.
They added it to their internal issue tracker.
2016-08-12 18:30:14 +02:00
El RIDO
0a628e83c1 Merge pull request #59 from PrivateBin/52-identicons
Implementation of Identicons library
2016-08-12 12:22:20 +02:00
El RIDO
ca66653d0c applying: php-cs-fixer fix lib/ --level=psr2 2016-08-11 15:05:43 +02:00
El RIDO
6cb7454d07 Added tests for JSON errors, should help us figure out the cause of the problem in #11 2016-08-11 14:41:52 +02:00
rugk
bea9a577a6 Use better random number generator #29 2016-08-10 23:15:06 +02:00
El RIDO
c237337cd2 some minor whitespace improvements detected by scrutinizer 2016-08-10 18:22:28 +02:00
El RIDO
3988b860b0 implemented Identicon library as new default for comment icons, made Vizhash an optional alternative, refactored Vizhash and removed string lenghtening 2016-08-10 17:41:46 +02:00
El RIDO
1ef28d7a5c minor fixes, typos 2016-08-10 15:03:06 +02:00
El RIDO
addb666a23 introducing CSP header to mitigate XSS attacks, closes #10 2016-08-09 14:46:32 +02:00
El RIDO
5b7b234821 doc bloc corrections 2016-08-09 13:07:11 +02:00
El RIDO
c2efe2e609 some optimization 2016-08-09 12:45:26 +02:00
El RIDO
3fa0881c07 updated documentation, small cleanups 2016-08-09 12:21:32 +02:00
El RIDO
b45bef8388 Renamed classes for full PSR-2 compliance, some cleanup 2016-08-09 11:54:42 +02:00
Sobak
5d7003ecc1 Convert to PSR-2 coding style (using phpcs-fixer) 2016-07-26 08:19:35 +02:00
Sobak
884310add6 Oficially bump minimal PHP version to 5.3.0 2016-07-26 08:06:40 +02:00
Simon Rupf
d14eb0efe4 fixing configuration and its test to match the new namespaces 2016-07-25 11:02:39 +02:00
Sobak
b1305beb0f Improve workaround for keeping config file format BC 2016-07-22 15:31:42 +02:00
Sobak
54f96b9938 Introduce PSR-4 autoloading 2016-07-22 12:11:48 +02:00
El RIDO
9a9362789b addressing issues with failed attachement uploads due to webserver configuration, resolves #15 2016-07-19 15:26:41 +02:00
El RIDO
002046cc62 some minor cleanups 2016-07-19 14:44:17 +02:00
El RIDO
be4c845129 Merge branch 'master' of github.com:PrivateBin/PrivateBin 2016-07-19 14:02:45 +02:00
El RIDO
c5606a47fe refactoring away RainTPL and templating, resolves #36 2016-07-19 14:02:26 +02:00
rugk
38ab755733 Replace HTTP links with HTTPS
Using this regexp: https://regex101.com/r/rZ2dE2/1
2016-07-19 13:56:52 +02:00
El RIDO
03306dabff using TEXT data type for PostgreSQL instead of BLOB, hopefully resolves #8 2016-07-18 15:55:51 +02:00
El RIDO
e7dde4d212 cleaning REQUEST_URI for good measure 2016-07-18 15:21:32 +02:00
El RIDO
e1d6db88a1 Merge pull request #44 from PrivateBin/rugk-itBugsMe
Change array used for language selection
2016-07-18 15:15:41 +02:00
El RIDO
afaa111d22 code style 2016-07-18 15:13:56 +02:00
El RIDO
b53efda635 improving code coverage and unit testing 2016-07-18 14:47:32 +02:00
rugk
2e863e3ed9 Search key first
Looks a bit complicated, but well...
2016-07-18 13:25:41 +02:00
rugk
80e9d75477 Remove unnecessary array
Now it is right...
2016-07-18 13:12:54 +02:00
rugk
19d5659a8f Change array
https://github.com/PrivateBin/PrivateBin/issues/41

Not tested locally, let's say what Travis says... 😄
2016-07-18 13:11:15 +02:00
El RIDO
ff0c55c0d6 introduce option to disable vizhash for paranoid admins, resolves #20 point 2.4 2016-07-18 10:14:38 +02:00
El RIDO
f8bc40b4e4 introducing automatic purging of expired pastes, triggered by default at least 5 minutes apart, deleting a maximum of 10 pastes - resolves #3 2016-07-15 17:02:59 +02:00
El RIDO
4d10fd9690 fixing support for pre renaming configuration file format, resolves #37 2016-07-13 09:41:45 +02:00
El RIDO
90a26d8fcb removing some code smells, found in the various code checker tools 2016-07-11 15:47:42 +02:00
El RIDO
c33c50f775 using table name sanitation function to ensure no weird characters are used by accident (e.g. by oddly configured table prefix) 2016-07-11 14:33:45 +02:00
El RIDO
3b3b5277eb refactoring to improve code quality 2016-07-11 14:15:20 +02:00
El RIDO
79509ad48a renaming the fork to PrivateBin 2016-07-11 11:58:15 +02:00
El RIDO
b8080acc78 fixing an unhandled case found with scrutinizer-ci 2016-07-06 14:58:06 +02:00
El RIDO
c13caee981 fixing some documentation issues detected by scrutinizer-ci 2016-07-06 14:12:14 +02:00