Chapril/paste.chapril.org-privatebin
Chapril/paste.chapril.org-privatebin
25
1
Fork 0
Code Issues Releases Wiki Activity
2,076 Commits 16 Branches 36 Tags 18 MiB
ae1e4e3edb
Commit Graph

331 Commits

Author SHA1 Message Date
El RIDO
3327645fd4
updated doc blocks, comments, fixed indentations, moved some constant strings 2021-06-14 06:44:30 +02:00
Mark van Holsteijn
b4c75b541b removed json encoding from get/setValue 2021-06-13 21:16:30 +02:00
El RIDO
9357f122b7
address Scrutinizer issues 2021-06-13 12:49:59 +02:00
El RIDO
d0248d55d3
address Scrutinizer issues 2021-06-13 12:43:18 +02:00
El RIDO
078c5785dd
fix unit tests on php < 7.3 2021-06-13 12:40:06 +02:00
El RIDO
68b097087d
apply StyleCI recommendation 2021-06-13 11:16:29 +02:00
El RIDO
f04043a399
address Scrutinizer issues 2021-06-13 11:02:53 +02:00
El RIDO
1f2dddd9d8
address Codacy issues 2021-06-13 10:53:01 +02:00
El RIDO
93135e0abf
improving code coverage 2021-06-13 10:44:26 +02:00
El RIDO
e294145a2b
ip-lib doesn't except on the matches interfaces 2021-06-13 08:26:05 +02:00
Mark van Holsteijn
1b88eef356 improved implementation of GoogleStorageBucket 2021-06-10 21:39:15 +02:00
El RIDO
5af069b4f0
Merge pull request #810 from binxio/persistence-into-data 
added purgeValues function
 2021-06-10 08:22:10 +02:00
Mark van Holsteijn
1232717334 added purgeValues to GCS 2021-06-09 22:27:34 +02:00
El RIDO
7b2f0ff302
apply StyleCI recommendation 2021-06-09 19:16:22 +02:00
El RIDO
a203e6322b
implementing key/value store of Persistance in Database storage 2021-06-09 07:47:40 +02:00
El RIDO
7901ec74a7
folding Persistance\ServerSalt into Data\Filesystem 2021-06-08 22:01:29 +02:00
El RIDO
b5a6ce323e
folding Persistance\TrafficLimiter into Data\Filesystem 2021-06-08 07:49:22 +02:00
El RIDO
3429d293d3
remove configurable dir for traffic & purge limiters 2021-06-08 06:37:27 +02:00
El RIDO
ae486d651b
folding Persistance\PurgeLimiter into Data\Filesystem 2021-06-07 21:53:42 +02:00
Mark van Holsteijn
55efc858b5 simplest implementation of kv support on gcs 2021-06-07 09:11:24 +02:00
El RIDO
7bdcc2ae15
conclude scaffolding of AbstractData key/value storage, missing implementation 2021-06-07 07:02:47 +02:00
El RIDO
1a7d0799c0
scaffolding interface for AbstractData key/value storage, folding Persistance\DataStore into Data\Filesystem 2021-06-07 06:53:15 +02:00
El RIDO
de8f40ac1a
kudos @StyleCI 2021-06-06 19:35:31 +02:00
El RIDO
c758eca0a4
removed automatic .ini configuration file migration, closes #808 2021-06-06 17:53:08 +02:00
El RIDO
2bc54caa07
fix never matched condition, kudos @ShiftLeftSecurity, found via #807 2021-06-05 10:33:01 +02:00
El RIDO
abb2b90e9b
make StyleCI happy 2021-06-05 05:52:13 +02:00
El RIDO
edb8e5e078
handle edge cases with file locking: file needs to exist before it can be locked, fixes #803 2021-06-05 05:48:17 +02:00
Mark van Holsteijn
342270d6dd added Google Cloud Storage support 2021-05-28 22:39:50 +02:00
El RIDO
b6460616ba
address Scrutinizer issues 2021-05-22 11:30:17 +02:00
El RIDO
91c8f9f23c
use namespaces 2021-05-22 11:02:54 +02:00
El RIDO
3dd01b1f70
testing IP exemption, handle corner cases found in testing 2021-05-22 10:59:47 +02:00
rodehoed
af5a14afc3 Optimized the canPass() functions 2021-05-19 09:01:45 +02:00
rodehoed
5812a6bb68 Optimized the canPass() functions 2021-05-19 08:47:35 +02:00
Rodehoed
502bb5fa15 Put the ip-matching function in a private function 2021-05-06 12:18:44 +02:00
Rodehoed
89bdc92451 Put the ip-matching function in a private function 2021-05-06 12:13:03 +02:00
LinQhost Managed hosting
63d6816c7c Merge branch 'api-ip-exempt' of https://github.com/rodehoed/PrivateBin into api-ip-exempt 2021-05-05 08:43:32 +02:00
rodehoed
a806a6455e
QA 2021-05-04 11:20:24 +02:00
rodehoed
4296b43832
QA 2021-05-04 11:19:34 +02:00
rodehoed
c3ad4a4b4d
QA 2021-05-04 11:18:06 +02:00
rodehoed
805eb288d9
QA 2021-05-04 11:14:11 +02:00
rodehoed
b21efd8336
Code quality 2021-05-04 11:01:46 +02:00
LinQhost Managed hosting
7d82c82fd9 Make it possible to exempt ips from the rate-limiter 2021-05-04 10:29:25 +02:00
El RIDO
fcb6422663
re-adding CSP directive sandbox allow-forms, it is needed for the password input form to work on the JS side 2021-04-18 21:05:32 +02:00
rugk
3ca01024fd
feat: disallow form submission alltogether 
Following the tests and HTTP Observatory, I think we can disable forms altogether.

Fixes https://github.com/PrivateBin/PrivateBin/issues/778
 2021-04-18 14:16:39 +02:00
rugk
5809a7cfa7
feat: add form-action CSP restriction 
This follows a suggestion from HTTP Observatory:
> Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs

Fixes #778
 2021-04-18 14:14:46 +02:00
El RIDO
9b893f09d7
Merge branch 'master' into floc 2021-04-17 08:35:21 +02:00
El RIDO
7b7a32c0a7
apply StyleCI recommendation 2021-04-17 08:20:08 +02:00
rugk
fd7d05e862
Add base URL as default CSP restriction 
This follows an [HTTP Observatory recommendation](https://observatory.mozilla.org/analyze/privatebin.net):
> Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins.

Given we don't use that anywhere, this safe should be safe. (not tested practically though)
 2021-04-16 22:04:28 +02:00
El RIDO
6f3bb25b09
disable Google FloC 2021-04-16 20:25:50 +02:00
El RIDO
1dc8b24665
transmit cookie only over HTTPS, fixes #472 2021-04-16 20:15:12 +02:00