El RIDO
0cc2b67753
bindValue doesn't need the length
2022-01-23 21:45:22 +01:00
El RIDO
4f051fe5a5
revert regression
2022-01-23 21:31:40 +01:00
El RIDO
8d63921924
workaround bug in OCI PDO driver
2022-01-23 21:24:28 +01:00
El RIDO
0be55e05bf
use quoted identifiers, tell MySQL to expect ANSI SQL
2022-01-23 20:59:02 +01:00
El RIDO
b133c2e233
sanitize both single rows and multiple ones
2022-01-23 07:32:28 +01:00
El RIDO
b54308a77e
don't mangle non-arrays
2022-01-23 07:19:35 +01:00
El RIDO
47deaeb7ca
use the correct function
2022-01-23 07:11:36 +01:00
El RIDO
35ef64ff79
remove duplication, kudos @rugk
2022-01-22 22:11:49 +01:00
El RIDO
c725b4f0fe
handle 'IF NOT EXISTS' differently in OCI
2022-01-22 21:29:39 +01:00
El RIDO
2182cdd44f
generalize OCI handling of queries and results
2022-01-22 08:45:12 +01:00
Austin Huang
041ef7f7a5
Support OCI (Satisfy the CI)
2022-01-20 13:33:23 -05:00
Austin Huang
6a489d35ab
Support OCI (Create table)
2022-01-20 09:15:10 -05:00
Austin Huang
ee99952d90
Support OCI (Read/Write)
2022-01-17 20:06:26 -05:00
El RIDO
df2f5931cd
improve readability, kudos @rugk
2021-08-19 19:28:52 +02:00
El RIDO
ff3b668958
apply StyleCI recommendation
2021-08-19 11:04:31 +02:00
El RIDO
eb10d4d35e
be more flexible with configuration paths
...
1. only consider CONFIG_PATH environment variable, if non-empty
2. fall back to search in PATH (defined in index.php), if CONFIG_PATH doesn't contain a readable configuration file
2021-08-19 10:21:21 +02:00
El RIDO
1fd998f325
address Scrutinizer issues
2021-06-16 05:57:26 +02:00
El RIDO
9c09018e6e
address Scrutinizer issues
2021-06-16 05:50:41 +02:00
El RIDO
be164bb6a9
apply StyleCI recommendation
2021-06-16 05:43:18 +02:00
El RIDO
fd08d991fe
log errors storing persistance
2021-06-16 05:32:45 +02:00
El RIDO
3d9ba10fcb
more consistent AbstractData implementation
2021-06-16 05:19:45 +02:00
El RIDO
3327645fd4
updated doc blocks, comments, fixed indentations, moved some constant strings
2021-06-14 06:44:30 +02:00
Mark van Holsteijn
b4c75b541b
removed json encoding from get/setValue
2021-06-13 21:16:30 +02:00
El RIDO
9357f122b7
address Scrutinizer issues
2021-06-13 12:49:59 +02:00
El RIDO
d0248d55d3
address Scrutinizer issues
2021-06-13 12:43:18 +02:00
El RIDO
078c5785dd
fix unit tests on php < 7.3
2021-06-13 12:40:06 +02:00
El RIDO
68b097087d
apply StyleCI recommendation
2021-06-13 11:16:29 +02:00
El RIDO
f04043a399
address Scrutinizer issues
2021-06-13 11:02:53 +02:00
El RIDO
1f2dddd9d8
address Codacy issues
2021-06-13 10:53:01 +02:00
El RIDO
93135e0abf
improving code coverage
2021-06-13 10:44:26 +02:00
El RIDO
e294145a2b
ip-lib doesn't except on the matches interfaces
2021-06-13 08:26:05 +02:00
Mark van Holsteijn
1b88eef356
improved implementation of GoogleStorageBucket
2021-06-10 21:39:15 +02:00
El RIDO
5af069b4f0
Merge pull request #810 from binxio/persistence-into-data
...
added purgeValues function
2021-06-10 08:22:10 +02:00
Mark van Holsteijn
1232717334
added purgeValues to GCS
2021-06-09 22:27:34 +02:00
El RIDO
7b2f0ff302
apply StyleCI recommendation
2021-06-09 19:16:22 +02:00
El RIDO
a203e6322b
implementing key/value store of Persistance in Database storage
2021-06-09 07:47:40 +02:00
El RIDO
7901ec74a7
folding Persistance\ServerSalt into Data\Filesystem
2021-06-08 22:01:29 +02:00
El RIDO
b5a6ce323e
folding Persistance\TrafficLimiter into Data\Filesystem
2021-06-08 07:49:22 +02:00
El RIDO
3429d293d3
remove configurable dir for traffic & purge limiters
2021-06-08 06:37:27 +02:00
El RIDO
ae486d651b
folding Persistance\PurgeLimiter into Data\Filesystem
2021-06-07 21:53:42 +02:00
Mark van Holsteijn
55efc858b5
simplest implementation of kv support on gcs
2021-06-07 09:11:24 +02:00
El RIDO
7bdcc2ae15
conclude scaffolding of AbstractData key/value storage, missing implementation
2021-06-07 07:02:47 +02:00
El RIDO
1a7d0799c0
scaffolding interface for AbstractData key/value storage, folding Persistance\DataStore into Data\Filesystem
2021-06-07 06:53:15 +02:00
El RIDO
de8f40ac1a
kudos @StyleCI
2021-06-06 19:35:31 +02:00
El RIDO
c758eca0a4
removed automatic .ini configuration file migration, closes #808
2021-06-06 17:53:08 +02:00
El RIDO
2bc54caa07
fix never matched condition, kudos @ShiftLeftSecurity, found via #807
2021-06-05 10:33:01 +02:00
El RIDO
abb2b90e9b
make StyleCI happy
2021-06-05 05:52:13 +02:00
El RIDO
edb8e5e078
handle edge cases with file locking: file needs to exist before it can be locked, fixes #803
2021-06-05 05:48:17 +02:00
Mark van Holsteijn
342270d6dd
added Google Cloud Storage support
2021-05-28 22:39:50 +02:00
El RIDO
b6460616ba
address Scrutinizer issues
2021-05-22 11:30:17 +02:00
El RIDO
91c8f9f23c
use namespaces
2021-05-22 11:02:54 +02:00
El RIDO
3dd01b1f70
testing IP exemption, handle corner cases found in testing
2021-05-22 10:59:47 +02:00
rodehoed
af5a14afc3
Optimized the canPass() functions
2021-05-19 09:01:45 +02:00
rodehoed
5812a6bb68
Optimized the canPass() functions
2021-05-19 08:47:35 +02:00
Rodehoed
502bb5fa15
Put the ip-matching function in a private function
2021-05-06 12:18:44 +02:00
Rodehoed
89bdc92451
Put the ip-matching function in a private function
2021-05-06 12:13:03 +02:00
LinQhost Managed hosting
63d6816c7c
Merge branch 'api-ip-exempt' of https://github.com/rodehoed/PrivateBin into api-ip-exempt
2021-05-05 08:43:32 +02:00
rodehoed
a806a6455e
QA
2021-05-04 11:20:24 +02:00
rodehoed
4296b43832
QA
2021-05-04 11:19:34 +02:00
rodehoed
c3ad4a4b4d
QA
2021-05-04 11:18:06 +02:00
rodehoed
805eb288d9
QA
2021-05-04 11:14:11 +02:00
rodehoed
b21efd8336
Code quality
2021-05-04 11:01:46 +02:00
LinQhost Managed hosting
7d82c82fd9
Make it possible to exempt ips from the rate-limiter
2021-05-04 10:29:25 +02:00
El RIDO
fcb6422663
re-adding CSP directive sandbox allow-forms, it is needed for the password input form to work on the JS side
2021-04-18 21:05:32 +02:00
rugk
3ca01024fd
feat: disallow form submission alltogether
...
Following the tests and HTTP Observatory, I think we can disable forms altogether.
Fixes https://github.com/PrivateBin/PrivateBin/issues/778
2021-04-18 14:16:39 +02:00
rugk
5809a7cfa7
feat: add form-action CSP restriction
...
This follows a suggestion from HTTP Observatory:
> Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs
Fixes #778
2021-04-18 14:14:46 +02:00
El RIDO
9b893f09d7
Merge branch 'master' into floc
2021-04-17 08:35:21 +02:00
El RIDO
7b7a32c0a7
apply StyleCI recommendation
2021-04-17 08:20:08 +02:00
rugk
fd7d05e862
Add base URL as default CSP restriction
...
This follows an [HTTP Observatory recommendation](https://observatory.mozilla.org/analyze/privatebin.net ):
> Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins.
Given we don't use that anywhere, this safe should be safe. (not tested practically though)
2021-04-16 22:04:28 +02:00
El RIDO
6f3bb25b09
disable Google FloC
2021-04-16 20:25:50 +02:00
El RIDO
1dc8b24665
transmit cookie only over HTTPS, fixes #472
2021-04-16 20:15:12 +02:00
El RIDO
9e6eb50ced
adding new security headers, fixes #765
2021-04-16 19:19:11 +02:00
El RIDO
175d14224e
set plurals for and credit Estonian translation
2021-04-16 18:27:12 +02:00
El RIDO
458ebcb321
incrementing version
2021-04-05 17:05:14 +02:00
El RIDO
da0896fe42
set plurals for and credit Catalan translation
2021-04-02 09:00:27 +02:00
El RIDO
5a9bcea3a9
set plurals for and credit Indonesian translation
2021-03-09 05:54:06 +01:00
El RIDO
b38ebc503e
plural rules and documenting newly added languages
2021-01-07 21:16:03 +01:00
El RIDO
bb6a44ce7a
remove double translation, avoid unsupported double quotes in INI file
2020-10-13 07:28:35 +02:00
Andreas Schneider
eb32ea1419
Make it possible to change the info text
...
This makes it possible to change the last part of the info text and
replace it with something individual. E.g pointing to the cmdline
client.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2020-10-11 17:04:08 +02:00
El RIDO
3668f1e3f4
attempt to accomodate Crowdin by providing a single source translation file that is not actually used or loaded by our code
2020-10-04 12:39:35 +02:00
El RIDO
4204e4b8b7
make StyleCI happy and change unit test to use a string
2020-07-03 21:00:42 +02:00
ZerooCool
e61c44ef46
Make Opengraph really functional
...
Make Opengraph really functional
Change : #664 for #651
2020-07-01 19:47:12 +02:00
ZerooCool
13c2f8d968
Make Opengraph really functional
...
3 URLs of images used on social networks are passed in absolute URL.
Note that I did not pass all the images in absolute URLs, but, it could be consistent to do so, but, if the images work, maybe a relative call is more efficient?
Remove the version of PrivateBin, at the end of each image. This apparently prevents the opengraph from working, and, so I deleted on all of the images, to remain consistent at this level. This will make fewer requests, and, anyway, the images are not intended to change with each version.
2020-06-30 22:42:12 +02:00
El RIDO
45a0535640
adding new flag to sandbox policy, introduced and required by Chrome 83 - fixes #634
2020-06-11 18:29:32 +02:00
El RIDO
5450a431cf
Merge branch 'Haocen-625-bugfixes'
2020-06-07 07:38:59 +02:00
El RIDO
7794915172
expose permission exceptions to the API
2020-05-31 16:33:25 +02:00
Haocen Xu
bb9a5772bc
Add resource: to script-src cspheader to allowed rendering of pdf in
...
Firefox
2020-05-30 05:37:35 -04:00
Steven Andrés
3f75c81a2f
fixed duplicated getKey()
2020-05-08 12:18:20 -07:00
Steven Andrés
effe6ad3e5
fixed spacing to please StyleCI
2020-05-08 11:37:21 -07:00
Steven Andrés
8fbdb69d8a
added check for null whitelist
2020-05-08 11:36:19 -07:00
Steven Andrés
d847e2fcf2
alignment
2020-05-07 16:46:31 -07:00
Steven Andrés
c152f85b50
removed $remoteip that the audit didn't like
2020-05-07 16:45:24 -07:00
Steven Andrés
819d25a74c
change to whitelist_paste_creation
2020-05-07 16:13:25 -07:00
Steven Andrés
ef9780707a
Update lib/Controller.php
...
Co-authored-by: rugk <rugk+git@posteo.de>
2020-05-07 15:54:13 -07:00
Steven Andrés
9ca041fa06
Update lib/Controller.php
...
Co-authored-by: rugk <rugk+git@posteo.de>
2020-05-07 15:53:56 -07:00
Steven Andrés
9327c9b58b
added whitelist check
2020-05-05 14:18:52 -07:00
Steven Andrés
5644001c53
added "whitelist" under [traffic]
2020-05-05 14:17:15 -07:00
El RIDO
9914c37683
incrementing version
2020-03-22 06:44:04 +01:00
El RIDO
afd82ac34d
Merge branch 'master' into php7.4-ci
2020-02-16 13:23:11 +01:00
El RIDO
adece1d784
incrementing version
2020-02-16 11:15:51 +01:00
El RIDO
5d54006c9e
update minimum required PHP version to 5.6 and replace slowEquals() with native hash_equals() function
2020-02-05 19:30:14 +01:00
El RIDO
1b206e8495
ensuring consistent use of php side encoding, testing all encoding cases, correctly report the language in the <html> tag
2020-02-01 09:15:14 +01:00
El RIDO
cc0920fc09
add HTML entity encoding to PHP translation logic, remove exception to allow <br/> tags in DOMpurify by eliminating the single case that made use of it
2020-02-01 08:46:59 +01:00
El RIDO
ed590ee557
incrementing version
2020-01-08 19:31:06 +01:00
El RIDO
0efe6f7a8e
simplify logic, fullfills the unit test
2019-12-25 08:11:25 +01:00
Lucas Savva
7d9ec9509b
Handle previously renamed CONFIG_PATH gracefully
2019-12-24 19:12:08 +00:00
Lucas Savva
d5d13fa831
Add logic to rename insecure CONFIG_PATH
2019-12-24 18:51:47 +00:00
Lucas Savva
b5c86e290f
squashme: fix code style issue
2019-12-20 10:42:59 +00:00
Lucas Savva
6b0468ebff
Add support for a CONFIG_PATH variable
2019-12-19 23:06:32 +00:00
El RIDO
8cf0c86ebb
simplify case statement, update documentation
2019-11-02 17:18:22 +01:00
Andriy Zhuk
65b7077756
Added plural rules for ukrainian
2019-10-18 12:31:40 +03:00
El RIDO
2d4edfe401
incrementing version number in preparation of release
2019-09-22 19:42:04 +02:00
El RIDO
d5aeba60ca
increase default size limit to 10 MiB, documenting change
2019-09-20 07:04:26 +02:00
El RIDO
5c0012cf51
adding database migration to increase data to MEDIUMBLOB on MySQL by default
2019-09-20 06:57:54 +02:00
El RIDO
7c61f59dcd
removing untranslated string for non-human entities, moving insecure notice to template, so it can remains translated
2019-09-19 19:14:48 +02:00
Haocen Xu
ab75b183fb
Fix click on new paste on clone paste editing view not removing custom
...
attachment
Fix cloning paste with attachment
Update CSP in sample and default configuration
Ensure clone paste also clone format
Fix clone button hiding logic when paste is burn after read
Remove attachment name when new paste clicked on
Enable file operation only when editing
2019-08-25 02:16:58 -04:00
El RIDO
b0d1a3949e
add bulgarian to the supported languages
2019-07-11 16:50:32 +02:00
El RIDO
07018e5876
incrementing version number in preparation of release
2019-07-08 18:35:34 +02:00
El RIDO
11375a4f59
moved referrer policy from CSP & meta to proper HTTP header to avoid browser console error message about unknown CSP header and to ensure it always applies before HTML is parsed, fixes #196
2019-06-27 20:31:10 +02:00
El RIDO
c2e060d464
made compression configurable, fixes #38
2019-06-23 19:45:40 +02:00
El RIDO
848d3563f4
making StyleCI & Scrutinizer happy
2019-06-23 16:10:05 +02:00
El RIDO
8dc9db90c9
added translation for Czech, provided by @info-path, fixes #424
2019-06-23 12:06:36 +02:00
El RIDO
42c2003220
made notice configurable, fixing a few CSS glitches
2019-06-17 21:40:37 +02:00
El RIDO
4d6897f063
increasing minimum PHP version to 5.5 as this is required by the yzalis/identicon library upgrade to version 1.2.0
2019-06-16 10:50:52 +02:00
El RIDO
362045c664
re-add data-URLs to CSP for img-src, as these are used for the comment icons
2019-06-16 07:06:58 +02:00
El RIDO
f915af1a5a
adjust CSP header to allow blob URLs
2019-06-15 09:36:09 +02:00
El RIDO
a459c4692c
correcting API use, avoid history glitch
2019-06-01 23:49:40 +02:00
El RIDO
398fabd664
Chrome requires unsafe-eval for it to parse and evaluate WASM modules
2019-05-20 18:29:37 +02:00
El RIDO
12a9b2ff8e
address Scrutinizer issues with the use of getParams method
2019-05-19 10:13:47 +02:00
El RIDO
1baa1c2b0a
fixing API doc issue found by Scrutinizer
2019-05-19 10:05:04 +02:00
El RIDO
800a0df8e3
apply StyleCI patch
2019-05-19 10:01:41 +02:00
El RIDO
909ff2daa7
handle scrutinizer issues (mostly changes in API documentation)
2019-05-19 09:42:55 +02:00
El RIDO
09162a3c57
fix display of v2 pastes in JS, fixing parsing of comments in PHP, avoid exposing expiration date (we provide time_to_live, would allow calculation of creation date of paste)
2019-05-15 07:44:03 +02:00
El RIDO
cc1c55129f
switching to full JSON API without POST array use, ensure all JSON operations are done with error detection
2019-05-13 22:31:52 +02:00
El RIDO
be1e7babc0
removing dead code and improving code coverage
2019-05-11 22:18:35 +02:00
El RIDO
a622c8f484
fix logic, avoid 5.5
2019-05-10 23:27:45 +02:00
El RIDO
c3719435a3
and fixing PHP 5.5
2019-05-10 23:09:35 +02:00
El RIDO
02f3cc739f
documentation on fnv1a64 is lacking, but tests show it was only introduced with PHP 5.6
2019-05-10 22:46:39 +02:00
El RIDO
9b6b25dac0
revert scalar type hints to retain support for PHP < 7.0
2019-05-10 22:35:18 +02:00
El RIDO
76007b6ee9
fixing class compatibility (why is this no longer enforced in PHP > 7.1?)
2019-05-10 22:21:03 +02:00
El RIDO
f58cbefd1e
revert scalar type hints to retain support for PHP < 7.0
2019-05-10 22:13:11 +02:00
El RIDO
fb0c9c595e
remove further type hints for compatibility
2019-05-10 22:04:47 +02:00
El RIDO
bd4dee0f3e
fixing copy/paste errors
2019-05-10 21:52:14 +02:00
El RIDO
1e44902340
apply StyleCI patch
2019-05-10 21:45:34 +02:00
El RIDO
632d70412a
revert scalar type hints to retain support for PHP < 7.0
2019-05-10 21:35:36 +02:00
El RIDO
700f8a0ea7
made all php unit tests pass again
2019-05-10 07:55:39 +02:00
El RIDO
59569bf9fc
working on JsonApi tests
2019-05-08 22:11:21 +02:00
El RIDO
76dc01b959
finishing changes in models, removing last md5 test cases, tightening up allowed POST data
2019-05-06 22:15:21 +02:00
El RIDO
06b90ff48e
sticking to arrays to reduce conversions, inversion of control to simplify logic
2019-05-05 21:03:58 +02:00
El RIDO
b7a03cfdb9
enforcing parameter types, avoiding unnecessary metadata in version 2 pastes
2019-05-05 18:22:57 +02:00