diff --git a/.eslintrc b/.eslintrc
index fb9e312..1f7106f 100644
--- a/.eslintrc
+++ b/.eslintrc
@@ -19,6 +19,7 @@ globals:
it: false
jsc: false
jsdom: true
+ kjua: true
# http://eslint.org/docs/rules/
rules:
diff --git a/.jshintrc b/.jshintrc
index 2eb6bce..fabd7e6 100644
--- a/.jshintrc
+++ b/.jshintrc
@@ -16,26 +16,31 @@
"nonew": true,
"quotmark": "single",
"singleGroups": true,
- "strict": "global",
+ "strict": true,
"undef": true,
"unused": true,
"jquery": true,
+ "browser": true,
"predef": {
- "after": true,
- "before": true,
- "cleanup": true,
- "console": true,
- "describe": false,
- "document": true,
- "fs": false,
- "global": true,
- "exports": true,
- "it": false,
- "jsc": false,
- "jsdom": true,
- "require": false,
- "setTimeout": false,
- "window": true
+ "after": true,
+ "before": true,
+ "cleanup": true,
+ "console": true,
+ "describe": false,
+ "document": true,
+ "fs": false,
+ "global": true,
+ "exports": true,
+ "it": false,
+ "jsc": false,
+ "jsdom": true,
+ "require": false,
+ "setTimeout": false,
+ "window": true
+ },
+ "globals": {
+ "sjcl": true,
+ "DOMPurify": true,
+ "kjua": true
}
}
-
diff --git a/Dockerfile b/Dockerfile
index b012134..7bc9e12 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,15 +3,24 @@ FROM php:apache
RUN apt-get update && apt-get install -y \
libfreetype6-dev \
libjpeg62-turbo-dev \
- libpng12-dev \
+ libpng-dev \
wget \
zip \
- unzip; \
+ unzip && \
# We install and enable php-gd
- docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/; \
- docker-php-ext-install -j$(nproc) gd; \
-
+ docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ &&\
+ docker-php-ext-install -j$(nproc) gd && \
# We enable Apache's mod_rewrite
a2enmod rewrite
-COPY . .
+
+# Copy app content
+COPY . /var/www/html
+
+# Copy start script
+RUN mv /var/www/html/docker/entrypoint.sh / && \
+ rm -r /var/www/html/docker
+
+VOLUME /var/www/html/data
+
+CMD /entrypoint.sh
diff --git a/cfg/conf.sample.php b/cfg/conf.sample.php
index e693a32..db600d5 100644
--- a/cfg/conf.sample.php
+++ b/cfg/conf.sample.php
@@ -73,7 +73,7 @@ languageselection = false
; scripts or run your site behind certain DDoS-protection services.
; Check the documentation at https://content-security-policy.com/
; Note: If you use a bootstrap theme, you can remove the allow-popups from the sandbox restrictions.
-; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer; sandbox allow-same-origin allow-scripts allow-forms allow-popups"
+; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; form-action 'none'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer; sandbox allow-same-origin allow-scripts allow-forms allow-popups"
; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..3143221
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,15 @@
+version: '3'
+
+services:
+ privatebin:
+ build: .
+ ports:
+ - "3000:80"
+ volumes:
+ - data:/var/www/html/data
+ # Optionally mount a custom config file
+ #- /srv/docker/privatebin/conf.php:/var/www/html/cfg/conf.php
+
+volumes:
+ data:
+
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
new file mode 100755
index 0000000..124f2ea
--- /dev/null
+++ b/docker/entrypoint.sh
@@ -0,0 +1,4 @@
+#! /bin/sh
+
+chown -R www-data /var/www/html/data
+apache2-foreground
diff --git a/js/privatebin.js b/js/privatebin.js
index b27e0d0..240726f 100644
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -28,6 +28,7 @@ sjcl.random.startCollectors();
// main application start, called when DOM is fully loaded
jQuery(document).ready(function() {
+ 'use strict';
// run main controller
$.PrivateBin.Controller.init();
});
@@ -331,7 +332,7 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
var usesPlurals = $.isArray(args[0]);
if (usesPlurals) {
// use the first plural form as messageId, otherwise the singular
- messageId = (args[0].length > 1 ? args[0][1] : args[0][0]);
+ messageId = args[0].length > 1 ? args[0][1] : args[0][0];
} else {
messageId = args[0];
}
@@ -415,16 +416,16 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
case 'fr':
case 'oc':
case 'zh':
- return (n > 1 ? 1 : 0);
+ return n > 1 ? 1 : 0;
case 'pl':
- return (n === 1 ? 0 : (n % 10 >= 2 && n %10 <=4 && (n % 100 < 10 || n % 100 >= 20) ? 1 : 2));
+ return n === 1 ? 0 : (n % 10 >= 2 && n %10 <=4 && (n % 100 < 10 || n % 100 >= 20) ? 1 : 2);
case 'ru':
- return (n % 10 === 1 && n % 100 !== 11 ? 0 : (n % 10 >= 2 && n % 10 <= 4 && (n % 100 < 10 || n % 100 >= 20) ? 1 : 2));
+ return n % 10 === 1 && n % 100 !== 11 ? 0 : (n % 10 >= 2 && n % 10 <= 4 && (n % 100 < 10 || n % 100 >= 20) ? 1 : 2);
case 'sl':
- return (n % 100 === 1 ? 1 : (n % 100 === 2 ? 2 : (n % 100 === 3 || n % 100 === 4 ? 3 : 0)));
+ return n % 100 === 1 ? 1 : (n % 100 === 2 ? 2 : (n % 100 === 3 || n % 100 === 4 ? 3 : 0));
// de, en, es, it, no, pt
default:
- return (n !== 1 ? 1 : 0);
+ return n !== 1 ? 1 : 0;
}
};
@@ -660,7 +661,7 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
*/
me.hasCipherData = function()
{
- return (me.getCipherData().length > 0);
+ return me.getCipherData().length > 0;
};
/**
@@ -831,7 +832,7 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
var viewportTop = $(window).scrollTop();
var viewportBottom = viewportTop + $(window).height();
- return (elementTop > viewportTop && elementTop < viewportBottom);
+ return elementTop > viewportTop && elementTop < viewportBottom;
};
/**
@@ -1194,8 +1195,8 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
*/
function sendToShortener()
{
- window.location.href = $shortenButton.data('shortener')
- + encodeURIComponent($pasteUrl.attr('href'));
+ window.location.href = $shortenButton.data('shortener') +
+ encodeURIComponent($pasteUrl.attr('href'));
}
/**
@@ -2008,7 +2009,7 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
me.hasAttachment = function()
{
var link = $attachmentLink.prop('href');
- return (typeof link !== 'undefined' && link !== '');
+ return typeof link !== 'undefined' && link !== '';
};
/**
diff --git a/lib/Configuration.php b/lib/Configuration.php
index c7c8451..173ae21 100644
--- a/lib/Configuration.php
+++ b/lib/Configuration.php
@@ -54,7 +54,7 @@ class Configuration
'urlshortener' => '',
'qrcode' => true,
'icon' => 'identicon',
- 'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:; referrer no-referrer; sandbox allow-same-origin allow-scripts allow-forms allow-popups',
+ 'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; form-action \'none\'; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:; referrer no-referrer; sandbox allow-same-origin allow-scripts allow-forms allow-popups',
'zerobincompatibility' => false,
),
'expire' => array(
diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php
index cb850e6..54fc8b8 100644
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@@ -75,7 +75,7 @@ if ($MARKDOWN):
-
+
diff --git a/tpl/page.php b/tpl/page.php
index 2cc35d0..d8b265b 100644
--- a/tpl/page.php
+++ b/tpl/page.php
@@ -54,7 +54,7 @@ if ($QRCODE):
-
+