From 5f8aeabea0f36109b495a8f96491a9c2043d8d2d Mon Sep 17 00:00:00 2001 From: idarlund Date: Tue, 14 Aug 2018 13:01:46 +0200 Subject: [PATCH 1/3] Update no.json update missing text for getting paste data --- i18n/no.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/i18n/no.json b/i18n/no.json index 06fc121..e43c4cc 100644 --- a/i18n/no.json +++ b/i18n/no.json @@ -155,5 +155,5 @@ "Hvis denne meldingen ikke forsvinner kan du ta en titt på siden med ofte stilte spørsmål for informasjon om feilsøking.", "+++ no paste text +++": "+++ ingen innleggstekst +++", "Could not get paste data: %s": - "Could not get paste data: %s" -} \ No newline at end of file + "Kunne ikke hente utklippsdata: %s" +} From 8b71cb0b2fd74fb78af89f7086d310d29f0ffb33 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sun, 2 Sep 2018 09:14:36 +0200 Subject: [PATCH 2/3] properly escaping HTML in raw text mode, fixes #358 --- js/privatebin.js | 2 +- tpl/bootstrap.php | 2 +- tpl/page.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/js/privatebin.js b/js/privatebin.js index be66043..57eb273 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -2894,7 +2894,7 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) { for (var i = 0; i < $head.length; i++) { newDoc.write($head[i].outerHTML); } - newDoc.write('
' + DOMPurify.sanitize(paste) + '
'); + newDoc.write('
' + DOMPurify.sanitize($('
').text(paste).html()) + '
'); newDoc.close(); } diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php index 10a1b61..272c4cb 100644 --- a/tpl/bootstrap.php +++ b/tpl/bootstrap.php @@ -75,7 +75,7 @@ if ($MARKDOWN): endif; ?> - + diff --git a/tpl/page.php b/tpl/page.php index ea09be0..ac54ea0 100644 --- a/tpl/page.php +++ b/tpl/page.php @@ -53,7 +53,7 @@ if ($MARKDOWN): endif; ?> - + From d66800b8ce53847fc3981502a0a7cddff1f41a2e Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sun, 2 Sep 2018 09:22:55 +0200 Subject: [PATCH 3/3] docker is now provided via https://github.com/PrivateBin/docker-nginx-fpm-alpine --- .dockerignore | 18 ------------------ Dockerfile | 26 -------------------------- docker-compose.yml | 15 --------------- docker/entrypoint.sh | 4 ---- 4 files changed, 63 deletions(-) delete mode 100644 .dockerignore delete mode 100644 Dockerfile delete mode 100644 docker-compose.yml delete mode 100755 docker/entrypoint.sh diff --git a/.dockerignore b/.dockerignore deleted file mode 100644 index 78442ed..0000000 --- a/.dockerignore +++ /dev/null @@ -1,18 +0,0 @@ -# Documentation, might leak version number -CHANGELOG.md -LICENSE.md -CREDITS.md -INSTALL.md -README.md -doc/ - -# Dotfiles, pointless -.codeclimate.yml -.csslintrc -.editorconfig -.eslint* -.git* -.php_cs -.styleci.yml -.travis.yml -.github diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 7bc9e12..0000000 --- a/Dockerfile +++ /dev/null @@ -1,26 +0,0 @@ -FROM php:apache - -RUN apt-get update && apt-get install -y \ - libfreetype6-dev \ - libjpeg62-turbo-dev \ - libpng-dev \ - wget \ - zip \ - unzip && \ - # We install and enable php-gd - docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ &&\ - docker-php-ext-install -j$(nproc) gd && \ - # We enable Apache's mod_rewrite - a2enmod rewrite - - -# Copy app content -COPY . /var/www/html - -# Copy start script -RUN mv /var/www/html/docker/entrypoint.sh / && \ - rm -r /var/www/html/docker - -VOLUME /var/www/html/data - -CMD /entrypoint.sh diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index 3143221..0000000 --- a/docker-compose.yml +++ /dev/null @@ -1,15 +0,0 @@ -version: '3' - -services: - privatebin: - build: . - ports: - - "3000:80" - volumes: - - data:/var/www/html/data - # Optionally mount a custom config file - #- /srv/docker/privatebin/conf.php:/var/www/html/cfg/conf.php - -volumes: - data: - diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh deleted file mode 100755 index 124f2ea..0000000 --- a/docker/entrypoint.sh +++ /dev/null @@ -1,4 +0,0 @@ -#! /bin/sh - -chown -R www-data /var/www/html/data -apache2-foreground