Commit Graph

140 Commits

Author SHA1 Message Date
rugk
1a159c973f
Prevent referrer to be send
Uses both CSP and Referrer-Policy
Fixes #96
2016-09-03 18:12:24 +02:00
rugk
b7184b92a3 Fix csp config unit tests 2016-08-27 14:47:21 +02:00
rugk
b11866a63b Allow manifest loading via CSP (2) 2016-08-27 00:02:50 +02:00
El RIDO
a13266a784 ensure the server salt path is initialized, instead of relying on the default 2016-08-25 15:02:38 +02:00
El RIDO
e925833090 bumping version number to 1.0 2016-08-25 09:53:31 +02:00
El RIDO
6aba39488f adding check for PATH ending in DIRECTORY_SEPARATOR, fixes #86 2016-08-22 09:46:26 +02:00
El RIDO
f72e260ee7 adding subresource integrity hashes for all javascript includes, resolves #6 2016-08-16 11:11:03 +02:00
rugk
75cb771e4b Merge branch 'master' into prng, resolve merge conflicts 2016-08-15 18:15:57 +02:00
El RIDO
72aac25f68 added configuration for PHP Coding Standards Fixer, including its fixes, resolving #47 2016-08-15 16:45:47 +02:00
rugk
8038fde29d Revert #44
Scrutinizer-ci confirmed the detection of this was a false-positive, so we can remove this workaround.
They added it to their internal issue tracker.
2016-08-12 18:30:14 +02:00
El RIDO
0a628e83c1 Merge pull request #59 from PrivateBin/52-identicons
Implementation of Identicons library
2016-08-12 12:22:20 +02:00
El RIDO
ca66653d0c applying: php-cs-fixer fix lib/ --level=psr2 2016-08-11 15:05:43 +02:00
El RIDO
6cb7454d07 Added tests for JSON errors, should help us figure out the cause of the problem in #11 2016-08-11 14:41:52 +02:00
rugk
bea9a577a6 Use better random number generator #29 2016-08-10 23:15:06 +02:00
El RIDO
c237337cd2 some minor whitespace improvements detected by scrutinizer 2016-08-10 18:22:28 +02:00
El RIDO
3988b860b0 implemented Identicon library as new default for comment icons, made Vizhash an optional alternative, refactored Vizhash and removed string lenghtening 2016-08-10 17:41:46 +02:00
El RIDO
1ef28d7a5c minor fixes, typos 2016-08-10 15:03:06 +02:00
El RIDO
addb666a23 introducing CSP header to mitigate XSS attacks, closes #10 2016-08-09 14:46:32 +02:00
El RIDO
5b7b234821 doc bloc corrections 2016-08-09 13:07:11 +02:00
El RIDO
c2efe2e609 some optimization 2016-08-09 12:45:26 +02:00
El RIDO
3fa0881c07 updated documentation, small cleanups 2016-08-09 12:21:32 +02:00
El RIDO
b45bef8388 Renamed classes for full PSR-2 compliance, some cleanup 2016-08-09 11:54:42 +02:00
Sobak
5d7003ecc1 Convert to PSR-2 coding style (using phpcs-fixer) 2016-07-26 08:19:35 +02:00
Sobak
884310add6 Oficially bump minimal PHP version to 5.3.0 2016-07-26 08:06:40 +02:00
Simon Rupf
d14eb0efe4 fixing configuration and its test to match the new namespaces 2016-07-25 11:02:39 +02:00
Sobak
b1305beb0f Improve workaround for keeping config file format BC 2016-07-22 15:31:42 +02:00
Sobak
54f96b9938 Introduce PSR-4 autoloading 2016-07-22 12:11:48 +02:00
El RIDO
9a9362789b addressing issues with failed attachement uploads due to webserver configuration, resolves #15 2016-07-19 15:26:41 +02:00
El RIDO
002046cc62 some minor cleanups 2016-07-19 14:44:17 +02:00
El RIDO
be4c845129 Merge branch 'master' of github.com:PrivateBin/PrivateBin 2016-07-19 14:02:45 +02:00
El RIDO
c5606a47fe refactoring away RainTPL and templating, resolves #36 2016-07-19 14:02:26 +02:00
rugk
38ab755733 Replace HTTP links with HTTPS
Using this regexp: https://regex101.com/r/rZ2dE2/1
2016-07-19 13:56:52 +02:00
El RIDO
03306dabff using TEXT data type for PostgreSQL instead of BLOB, hopefully resolves #8 2016-07-18 15:55:51 +02:00
El RIDO
e7dde4d212 cleaning REQUEST_URI for good measure 2016-07-18 15:21:32 +02:00
El RIDO
e1d6db88a1 Merge pull request #44 from PrivateBin/rugk-itBugsMe
Change array used for language selection
2016-07-18 15:15:41 +02:00
El RIDO
afaa111d22 code style 2016-07-18 15:13:56 +02:00
El RIDO
b53efda635 improving code coverage and unit testing 2016-07-18 14:47:32 +02:00
rugk
2e863e3ed9 Search key first
Looks a bit complicated, but well...
2016-07-18 13:25:41 +02:00
rugk
80e9d75477 Remove unnecessary array
Now it is right...
2016-07-18 13:12:54 +02:00
rugk
19d5659a8f Change array
https://github.com/PrivateBin/PrivateBin/issues/41

Not tested locally, let's say what Travis says... 😄
2016-07-18 13:11:15 +02:00
El RIDO
ff0c55c0d6 introduce option to disable vizhash for paranoid admins, resolves #20 point 2.4 2016-07-18 10:14:38 +02:00
El RIDO
f8bc40b4e4 introducing automatic purging of expired pastes, triggered by default at least 5 minutes apart, deleting a maximum of 10 pastes - resolves #3 2016-07-15 17:02:59 +02:00
El RIDO
4d10fd9690 fixing support for pre renaming configuration file format, resolves #37 2016-07-13 09:41:45 +02:00
El RIDO
90a26d8fcb removing some code smells, found in the various code checker tools 2016-07-11 15:47:42 +02:00
El RIDO
c33c50f775 using table name sanitation function to ensure no weird characters are used by accident (e.g. by oddly configured table prefix) 2016-07-11 14:33:45 +02:00
El RIDO
3b3b5277eb refactoring to improve code quality 2016-07-11 14:15:20 +02:00
El RIDO
79509ad48a renaming the fork to PrivateBin 2016-07-11 11:58:15 +02:00
El RIDO
b8080acc78 fixing an unhandled case found with scrutinizer-ci 2016-07-06 14:58:06 +02:00
El RIDO
c13caee981 fixing some documentation issues detected by scrutinizer-ci 2016-07-06 14:12:14 +02:00
El RIDO
0e217a42c5 introduce new zerobincompatibility option, replacing the base64 one, if it is enabled, delete tokens use sha256; added per paste salt with server salt fallback; this resolves the points 2.2 & 2.9 in #103 2016-07-06 11:37:13 +02:00