diff --git a/cfg/conf.sample.php b/cfg/conf.sample.php
index d2d285d..863974a 100644
--- a/cfg/conf.sample.php
+++ b/cfg/conf.sample.php
@@ -79,7 +79,7 @@ languageselection = false
; async functions and display an error if not and for Chrome to enable
; webassembly support (used for zlib compression). You can remove it if Chrome
; doesn't need to be supported and old browsers don't need to be warned.
-; cspheader = "default-src 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals"
+; cspheader = "default-src 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval' resource:; style-src 'self'; font-src 'self'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals"
; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
diff --git a/js/privatebin.js b/js/privatebin.js
index 23344dd..6826da4 100644
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -243,6 +243,18 @@ jQuery.PrivateBin = (function($, RawDeflate) {
*/
const day = 86400;
+ /**
+ * number of seconds in a week
+ *
+ * = 60 * 60 * 24 * 7 seconds
+ *
+ * @name Helper.week
+ * @private
+ * @enum {number}
+ * @readonly
+ */
+ const week = 604800;
+
/**
* number of seconds in a month (30 days, an approximation)
*
@@ -326,7 +338,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
*/
me.durationToSeconds = function(duration)
{
- let pieces = duration.split(/\d+/),
+ let pieces = duration.split(/(\D+)/),
factor = pieces[0] || 0,
timespan = pieces[1] || pieces[0];
switch (timespan)
@@ -337,6 +349,8 @@ jQuery.PrivateBin = (function($, RawDeflate) {
return factor * hour;
case 'day':
return factor * day;
+ case 'week':
+ return factor * week;
case 'month':
return factor * month;
case 'year':
@@ -391,9 +405,11 @@ jQuery.PrivateBin = (function($, RawDeflate) {
me.urls2links = function(element)
{
element.html(
- element.html().replace(
- /(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
- '$1'
+ DOMPurify.sanitize(
+ element.html().replace(
+ /(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
+ '$1'
+ )
)
);
};
@@ -1975,15 +1991,11 @@ jQuery.PrivateBin = (function($, RawDeflate) {
return a.length - b.length;
})[0];
if (typeof shortUrl === 'string' && shortUrl.length > 0) {
- I18n._(
- $('#pastelink'),
- 'Your paste is %s (Hit [Ctrl]+[c] to copy)',
- shortUrl, shortUrl
- );
// we disable the button to avoid calling shortener again
$shortenButton.addClass('buttondisabled');
- // save newly created element
- $pasteUrl = $('#pasteurl');
+ // update link
+ $pasteUrl.text(shortUrl);
+ $pasteUrl.prop('href', shortUrl);
// we pre-select the link so that the user only has to [Ctrl]+[c] the link
Helper.selectText($pasteUrl[0]);
return;
@@ -2404,7 +2416,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
/**
* hides the Editor
*
- * @name Editor.reset
+ * @name Editor.hide
* @function
*/
me.hide = function()
@@ -3110,19 +3122,15 @@ jQuery.PrivateBin = (function($, RawDeflate) {
*/
function addClipboardEventHandler() {
$(document).on('paste', function (event) {
- if (TopNav.isAttachmentReadonly()) {
- event.stopPropagation();
- event.preventDefault();
- return false;
- }
const items = (event.clipboardData || event.originalEvent.clipboardData).items;
- for (let i = 0; i < items.length; ++i) {
- if (items[i].kind === 'file') {
- //Clear the file input:
- $fileInput.wrap('