From c2e060d4641aabca6d5eff8c013c024d6b1420ba Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sun, 23 Jun 2019 19:45:40 +0200 Subject: [PATCH] made compression configurable, fixes #38 --- CHANGELOG.md | 1 + cfg/conf.sample.php | 12 +++++++++--- js/privatebin.js | 16 ++++++++-------- lib/Configuration.php | 1 + lib/Controller.php | 1 + tpl/bootstrap.php | 20 ++++++++++++-------- tpl/page.php | 4 ++-- tst/ViewTest.php | 1 + 8 files changed, 35 insertions(+), 21 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 372de33..6682cc0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ * **1.3 (not yet released)** * ADDED: Translation for Czech (#424) * ADDED: Threat modeled the application (#177) + * ADDED: Made compression configurable (#38) * CHANGED: Minimum required PHP version is 5.5, due to a change in the identicon library * CHANGED: Minimum required browser versions are Firefox 54, Chrome 57, Opera 44, Safari 11, Edge 16, due to use of WebCrypto API, async/await, ES6 & WebAssembly features - all Internet Explorer versions are incompatible * CHANGED: JSON and encryption formats were changed to replace SJCL library by browser integrated WebCrypto API (#28, #74) diff --git a/cfg/conf.sample.php b/cfg/conf.sample.php index 01dd32d..2647b50 100644 --- a/cfg/conf.sample.php +++ b/cfg/conf.sample.php @@ -75,13 +75,19 @@ languageselection = false ; stay compatible with PrivateBin Alpha 0.19, less secure ; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of ; sha256 in HMAC for the deletion token -zerobincompatibility = false +; zerobincompatibility = false -; Enable or disable the warning message when the site is served over an insecure connection (insecure HTTP instead of HTTPS), defaults to true. +; Enable or disable the warning message when the site is served over an insecure +; connection (insecure HTTP instead of HTTPS), defaults to true. ; Secure transport methods like Tor and I2P domains are automatically whitelisted. ; It is **strongly discouraged** to disable this. ; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information. -httpwarning = true +; httpwarning = true + +; Pick compression algorithm or disable it. Only applies to pastes/comments +; created after changing the setting. +; Can be set to one these values: none / zlib (default). +; compression = zlib [expire] ; expire value that is selected per default diff --git a/js/privatebin.js b/js/privatebin.js index 831d813..50ce23c 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -941,14 +941,14 @@ jQuery.PrivateBin = (function($, RawDeflate) { // AES in Galois Counter Mode, keysize 256 bit, // authentication tag 128 bit, 10000 iterations in key derivation const spec = [ - getRandomBytes(16), // initialization vector - getRandomBytes(8), // salt - 100000, // iterations - 256, // key size - 128, // tag size - 'aes', // algorithm - 'gcm', // algorithm mode - 'zlib' // compression + getRandomBytes(16), // initialization vector + getRandomBytes(8), // salt + 100000, // iterations + 256, // key size + 128, // tag size + 'aes', // algorithm + 'gcm', // algorithm mode + $('body').data('compression') || 'zlib' // compression ], encodedSpec = []; for (let i = 0; i < spec.length; ++i) { encodedSpec[i] = i < 2 ? btoa(spec[i]) : spec[i]; diff --git a/lib/Configuration.php b/lib/Configuration.php index 8202c93..f49656d 100644 --- a/lib/Configuration.php +++ b/lib/Configuration.php @@ -56,6 +56,7 @@ class Configuration 'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; Referrer-Policy: \'no-referrer\'; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals', 'zerobincompatibility' => false, 'httpwarning' => true, + 'compression' => 'zlib', ), 'expire' => array( 'default' => '1week', diff --git a/lib/Controller.php b/lib/Controller.php index 09b257a..4b05249 100644 --- a/lib/Controller.php +++ b/lib/Controller.php @@ -387,6 +387,7 @@ class Controller $page->assign('URLSHORTENER', $this->_conf->getKey('urlshortener')); $page->assign('QRCODE', $this->_conf->getKey('qrcode')); $page->assign('HTTPWARNING', $this->_conf->getKey('httpwarning')); + $page->assign('COMPRESSION', $this->_conf->getKey('compression')); $page->draw($this->_conf->getKey('template')); } diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php index 756e76b..304cacd 100644 --- a/tpl/bootstrap.php +++ b/tpl/bootstrap.php @@ -72,7 +72,7 @@ if ($MARKDOWN): endif; ?> - + @@ -85,13 +85,17 @@ endif; - class="navbar-spacing" class="dark-theme"">