El RIDO
9357f122b7
address Scrutinizer issues
2021-06-13 12:49:59 +02:00
El RIDO
d0248d55d3
address Scrutinizer issues
2021-06-13 12:43:18 +02:00
El RIDO
078c5785dd
fix unit tests on php < 7.3
2021-06-13 12:40:06 +02:00
El RIDO
68b097087d
apply StyleCI recommendation
2021-06-13 11:16:29 +02:00
El RIDO
f04043a399
address Scrutinizer issues
2021-06-13 11:02:53 +02:00
El RIDO
1f2dddd9d8
address Codacy issues
2021-06-13 10:53:01 +02:00
El RIDO
93135e0abf
improving code coverage
2021-06-13 10:44:26 +02:00
El RIDO
e294145a2b
ip-lib doesn't except on the matches interfaces
2021-06-13 08:26:05 +02:00
Mark van Holsteijn
1b88eef356
improved implementation of GoogleStorageBucket
2021-06-10 21:39:15 +02:00
El RIDO
5af069b4f0
Merge pull request #810 from binxio/persistence-into-data
...
added purgeValues function
2021-06-10 08:22:10 +02:00
Mark van Holsteijn
1232717334
added purgeValues to GCS
2021-06-09 22:27:34 +02:00
El RIDO
7b2f0ff302
apply StyleCI recommendation
2021-06-09 19:16:22 +02:00
El RIDO
a203e6322b
implementing key/value store of Persistance in Database storage
2021-06-09 07:47:40 +02:00
El RIDO
7901ec74a7
folding Persistance\ServerSalt into Data\Filesystem
2021-06-08 22:01:29 +02:00
El RIDO
b5a6ce323e
folding Persistance\TrafficLimiter into Data\Filesystem
2021-06-08 07:49:22 +02:00
El RIDO
3429d293d3
remove configurable dir for traffic & purge limiters
2021-06-08 06:37:27 +02:00
El RIDO
ae486d651b
folding Persistance\PurgeLimiter into Data\Filesystem
2021-06-07 21:53:42 +02:00
Mark van Holsteijn
55efc858b5
simplest implementation of kv support on gcs
2021-06-07 09:11:24 +02:00
El RIDO
7bdcc2ae15
conclude scaffolding of AbstractData key/value storage, missing implementation
2021-06-07 07:02:47 +02:00
El RIDO
1a7d0799c0
scaffolding interface for AbstractData key/value storage, folding Persistance\DataStore into Data\Filesystem
2021-06-07 06:53:15 +02:00
El RIDO
de8f40ac1a
kudos @StyleCI
2021-06-06 19:35:31 +02:00
El RIDO
c758eca0a4
removed automatic .ini configuration file migration, closes #808
2021-06-06 17:53:08 +02:00
El RIDO
2bc54caa07
fix never matched condition, kudos @ShiftLeftSecurity, found via #807
2021-06-05 10:33:01 +02:00
El RIDO
abb2b90e9b
make StyleCI happy
2021-06-05 05:52:13 +02:00
El RIDO
edb8e5e078
handle edge cases with file locking: file needs to exist before it can be locked, fixes #803
2021-06-05 05:48:17 +02:00
Mark van Holsteijn
342270d6dd
added Google Cloud Storage support
2021-05-28 22:39:50 +02:00
El RIDO
b6460616ba
address Scrutinizer issues
2021-05-22 11:30:17 +02:00
El RIDO
91c8f9f23c
use namespaces
2021-05-22 11:02:54 +02:00
El RIDO
3dd01b1f70
testing IP exemption, handle corner cases found in testing
2021-05-22 10:59:47 +02:00
rodehoed
af5a14afc3
Optimized the canPass() functions
2021-05-19 09:01:45 +02:00
rodehoed
5812a6bb68
Optimized the canPass() functions
2021-05-19 08:47:35 +02:00
Rodehoed
502bb5fa15
Put the ip-matching function in a private function
2021-05-06 12:18:44 +02:00
Rodehoed
89bdc92451
Put the ip-matching function in a private function
2021-05-06 12:13:03 +02:00
LinQhost Managed hosting
63d6816c7c
Merge branch 'api-ip-exempt' of https://github.com/rodehoed/PrivateBin into api-ip-exempt
2021-05-05 08:43:32 +02:00
rodehoed
a806a6455e
QA
2021-05-04 11:20:24 +02:00
rodehoed
4296b43832
QA
2021-05-04 11:19:34 +02:00
rodehoed
c3ad4a4b4d
QA
2021-05-04 11:18:06 +02:00
rodehoed
805eb288d9
QA
2021-05-04 11:14:11 +02:00
rodehoed
b21efd8336
Code quality
2021-05-04 11:01:46 +02:00
LinQhost Managed hosting
7d82c82fd9
Make it possible to exempt ips from the rate-limiter
2021-05-04 10:29:25 +02:00
El RIDO
fcb6422663
re-adding CSP directive sandbox allow-forms, it is needed for the password input form to work on the JS side
2021-04-18 21:05:32 +02:00
rugk
3ca01024fd
feat: disallow form submission alltogether
...
Following the tests and HTTP Observatory, I think we can disable forms altogether.
Fixes https://github.com/PrivateBin/PrivateBin/issues/778
2021-04-18 14:16:39 +02:00
rugk
5809a7cfa7
feat: add form-action CSP restriction
...
This follows a suggestion from HTTP Observatory:
> Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs
Fixes #778
2021-04-18 14:14:46 +02:00
El RIDO
9b893f09d7
Merge branch 'master' into floc
2021-04-17 08:35:21 +02:00
El RIDO
7b7a32c0a7
apply StyleCI recommendation
2021-04-17 08:20:08 +02:00
rugk
fd7d05e862
Add base URL as default CSP restriction
...
This follows an [HTTP Observatory recommendation](https://observatory.mozilla.org/analyze/privatebin.net ):
> Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins.
Given we don't use that anywhere, this safe should be safe. (not tested practically though)
2021-04-16 22:04:28 +02:00
El RIDO
6f3bb25b09
disable Google FloC
2021-04-16 20:25:50 +02:00
El RIDO
1dc8b24665
transmit cookie only over HTTPS, fixes #472
2021-04-16 20:15:12 +02:00
El RIDO
9e6eb50ced
adding new security headers, fixes #765
2021-04-16 19:19:11 +02:00
El RIDO
175d14224e
set plurals for and credit Estonian translation
2021-04-16 18:27:12 +02:00