0c4852c099
this fixes the comment display issue
...
Co-authored-by: Austin Huang <im@austinhuang.me>
2022-01-24 21:40:10 +01:00
b8e8755fb1
Basically it wants a non-empty catch statement
...
Co-authored-by: Austin Huang <im@austinhuang.me>
2022-01-24 21:36:18 +01:00
0b6af67b99
removed obsolete comment
2022-01-24 17:50:24 +01:00
56c54dd880
prefer switch statements for complex logic, all comparing the same variable
2022-01-24 17:48:27 +01:00
a8e1c33b54
stick to single convention of binding parameters
2022-01-24 17:26:09 +01:00
0cc2b67753
bindValue doesn't need the length
2022-01-23 21:45:22 +01:00
4f051fe5a5
revert regression
2022-01-23 21:31:40 +01:00
8d63921924
workaround bug in OCI PDO driver
2022-01-23 21:24:28 +01:00
0be55e05bf
use quoted identifiers, tell MySQL to expect ANSI SQL
2022-01-23 20:59:02 +01:00
b133c2e233
sanitize both single rows and multiple ones
2022-01-23 07:32:28 +01:00
b54308a77e
don't mangle non-arrays
2022-01-23 07:19:35 +01:00
47deaeb7ca
use the correct function
2022-01-23 07:11:36 +01:00
35ef64ff79
remove duplication, kudos @rugk
2022-01-22 22:11:49 +01:00
c725b4f0fe
handle 'IF NOT EXISTS' differently in OCI
2022-01-22 21:29:39 +01:00
2182cdd44f
generalize OCI handling of queries and results
2022-01-22 08:45:12 +01:00
041ef7f7a5
Support OCI (Satisfy the CI)
2022-01-20 13:33:23 -05:00
6a489d35ab
Support OCI (Create table)
2022-01-20 09:15:10 -05:00
ee99952d90
Support OCI (Read/Write)
2022-01-17 20:06:26 -05:00
df2f5931cd
improve readability, kudos @rugk
2021-08-19 19:28:52 +02:00
ff3b668958
apply StyleCI recommendation
2021-08-19 11:04:31 +02:00
eb10d4d35e
be more flexible with configuration paths
...
1. only consider CONFIG_PATH environment variable, if non-empty
2. fall back to search in PATH (defined in index.php), if CONFIG_PATH doesn't contain a readable configuration file
2021-08-19 10:21:21 +02:00
1fd998f325
address Scrutinizer issues
2021-06-16 05:57:26 +02:00
9c09018e6e
address Scrutinizer issues
2021-06-16 05:50:41 +02:00
be164bb6a9
apply StyleCI recommendation
2021-06-16 05:43:18 +02:00
fd08d991fe
log errors storing persistance
2021-06-16 05:32:45 +02:00
3d9ba10fcb
more consistent AbstractData implementation
2021-06-16 05:19:45 +02:00
3327645fd4
updated doc blocks, comments, fixed indentations, moved some constant strings
2021-06-14 06:44:30 +02:00
b4c75b541b
removed json encoding from get/setValue
2021-06-13 21:16:30 +02:00
9357f122b7
address Scrutinizer issues
2021-06-13 12:49:59 +02:00
d0248d55d3
address Scrutinizer issues
2021-06-13 12:43:18 +02:00
078c5785dd
fix unit tests on php < 7.3
2021-06-13 12:40:06 +02:00
68b097087d
apply StyleCI recommendation
2021-06-13 11:16:29 +02:00
f04043a399
address Scrutinizer issues
2021-06-13 11:02:53 +02:00
1f2dddd9d8
address Codacy issues
2021-06-13 10:53:01 +02:00
93135e0abf
improving code coverage
2021-06-13 10:44:26 +02:00
e294145a2b
ip-lib doesn't except on the matches interfaces
2021-06-13 08:26:05 +02:00
1b88eef356
improved implementation of GoogleStorageBucket
2021-06-10 21:39:15 +02:00
5af069b4f0
Merge pull request #810 from binxio/persistence-into-data
...
added purgeValues function
2021-06-10 08:22:10 +02:00
1232717334
added purgeValues to GCS
2021-06-09 22:27:34 +02:00
7b2f0ff302
apply StyleCI recommendation
2021-06-09 19:16:22 +02:00
a203e6322b
implementing key/value store of Persistance in Database storage
2021-06-09 07:47:40 +02:00
7901ec74a7
folding Persistance\ServerSalt into Data\Filesystem
2021-06-08 22:01:29 +02:00
b5a6ce323e
folding Persistance\TrafficLimiter into Data\Filesystem
2021-06-08 07:49:22 +02:00
3429d293d3
remove configurable dir for traffic & purge limiters
2021-06-08 06:37:27 +02:00
ae486d651b
folding Persistance\PurgeLimiter into Data\Filesystem
2021-06-07 21:53:42 +02:00
55efc858b5
simplest implementation of kv support on gcs
2021-06-07 09:11:24 +02:00
7bdcc2ae15
conclude scaffolding of AbstractData key/value storage, missing implementation
2021-06-07 07:02:47 +02:00
1a7d0799c0
scaffolding interface for AbstractData key/value storage, folding Persistance\DataStore into Data\Filesystem
2021-06-07 06:53:15 +02:00
de8f40ac1a
kudos @StyleCI
2021-06-06 19:35:31 +02:00
c758eca0a4
removed automatic .ini configuration file migration, closes #808
2021-06-06 17:53:08 +02:00
2bc54caa07
fix never matched condition, kudos @ShiftLeftSecurity, found via #807
2021-06-05 10:33:01 +02:00
abb2b90e9b
make StyleCI happy
2021-06-05 05:52:13 +02:00
edb8e5e078
handle edge cases with file locking: file needs to exist before it can be locked, fixes #803
2021-06-05 05:48:17 +02:00
342270d6dd
added Google Cloud Storage support
2021-05-28 22:39:50 +02:00
b6460616ba
address Scrutinizer issues
2021-05-22 11:30:17 +02:00
91c8f9f23c
use namespaces
2021-05-22 11:02:54 +02:00
3dd01b1f70
testing IP exemption, handle corner cases found in testing
2021-05-22 10:59:47 +02:00
af5a14afc3
Optimized the canPass() functions
2021-05-19 09:01:45 +02:00
5812a6bb68
Optimized the canPass() functions
2021-05-19 08:47:35 +02:00
502bb5fa15
Put the ip-matching function in a private function
2021-05-06 12:18:44 +02:00
89bdc92451
Put the ip-matching function in a private function
2021-05-06 12:13:03 +02:00
63d6816c7c
Merge branch 'api-ip-exempt' of https://github.com/rodehoed/PrivateBin into api-ip-exempt
2021-05-05 08:43:32 +02:00
a806a6455e
QA
2021-05-04 11:20:24 +02:00
4296b43832
QA
2021-05-04 11:19:34 +02:00
c3ad4a4b4d
QA
2021-05-04 11:18:06 +02:00
805eb288d9
QA
2021-05-04 11:14:11 +02:00
b21efd8336
Code quality
2021-05-04 11:01:46 +02:00
7d82c82fd9
Make it possible to exempt ips from the rate-limiter
2021-05-04 10:29:25 +02:00
fcb6422663
re-adding CSP directive sandbox allow-forms, it is needed for the password input form to work on the JS side
2021-04-18 21:05:32 +02:00
3ca01024fd
feat: disallow form submission alltogether
...
Following the tests and HTTP Observatory, I think we can disable forms altogether.
Fixes https://github.com/PrivateBin/PrivateBin/issues/778
2021-04-18 14:16:39 +02:00
5809a7cfa7
feat: add form-action CSP restriction
...
This follows a suggestion from HTTP Observatory:
> Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs
Fixes #778
2021-04-18 14:14:46 +02:00
9b893f09d7
Merge branch 'master' into floc
2021-04-17 08:35:21 +02:00
7b7a32c0a7
apply StyleCI recommendation
2021-04-17 08:20:08 +02:00
fd7d05e862
Add base URL as default CSP restriction
...
This follows an [HTTP Observatory recommendation](https://observatory.mozilla.org/analyze/privatebin.net ):
> Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins.
Given we don't use that anywhere, this safe should be safe. (not tested practically though)
2021-04-16 22:04:28 +02:00
6f3bb25b09
disable Google FloC
2021-04-16 20:25:50 +02:00
1dc8b24665
transmit cookie only over HTTPS, fixes #472
2021-04-16 20:15:12 +02:00
9e6eb50ced
adding new security headers, fixes #765
2021-04-16 19:19:11 +02:00
175d14224e
set plurals for and credit Estonian translation
2021-04-16 18:27:12 +02:00
458ebcb321
incrementing version
2021-04-05 17:05:14 +02:00
da0896fe42
set plurals for and credit Catalan translation
2021-04-02 09:00:27 +02:00
5a9bcea3a9
set plurals for and credit Indonesian translation
2021-03-09 05:54:06 +01:00
b38ebc503e
plural rules and documenting newly added languages
2021-01-07 21:16:03 +01:00
bb6a44ce7a
remove double translation, avoid unsupported double quotes in INI file
2020-10-13 07:28:35 +02:00
eb32ea1419
Make it possible to change the info text
...
This makes it possible to change the last part of the info text and
replace it with something individual. E.g pointing to the cmdline
client.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2020-10-11 17:04:08 +02:00
3668f1e3f4
attempt to accomodate Crowdin by providing a single source translation file that is not actually used or loaded by our code
2020-10-04 12:39:35 +02:00
4204e4b8b7
make StyleCI happy and change unit test to use a string
2020-07-03 21:00:42 +02:00
e61c44ef46
Make Opengraph really functional
...
Make Opengraph really functional
Change : #664 for #651
2020-07-01 19:47:12 +02:00
13c2f8d968
Make Opengraph really functional
...
3 URLs of images used on social networks are passed in absolute URL.
Note that I did not pass all the images in absolute URLs, but, it could be consistent to do so, but, if the images work, maybe a relative call is more efficient?
Remove the version of PrivateBin, at the end of each image. This apparently prevents the opengraph from working, and, so I deleted on all of the images, to remain consistent at this level. This will make fewer requests, and, anyway, the images are not intended to change with each version.
2020-06-30 22:42:12 +02:00
45a0535640
adding new flag to sandbox policy, introduced and required by Chrome 83 - fixes #634
2020-06-11 18:29:32 +02:00
5450a431cf
Merge branch 'Haocen-625-bugfixes'
2020-06-07 07:38:59 +02:00
7794915172
expose permission exceptions to the API
2020-05-31 16:33:25 +02:00
bb9a5772bc
Add resource: to script-src cspheader to allowed rendering of pdf in
...
Firefox
2020-05-30 05:37:35 -04:00
3f75c81a2f
fixed duplicated getKey()
2020-05-08 12:18:20 -07:00
effe6ad3e5
fixed spacing to please StyleCI
2020-05-08 11:37:21 -07:00
8fbdb69d8a
added check for null whitelist
2020-05-08 11:36:19 -07:00
d847e2fcf2
alignment
2020-05-07 16:46:31 -07:00
c152f85b50
removed $remoteip that the audit didn't like
2020-05-07 16:45:24 -07:00
819d25a74c
change to whitelist_paste_creation
2020-05-07 16:13:25 -07:00
ef9780707a
Update lib/Controller.php
...
Co-authored-by: rugk <rugk+git@posteo.de>
2020-05-07 15:54:13 -07:00
9ca041fa06
Update lib/Controller.php
...
Co-authored-by: rugk <rugk+git@posteo.de>
2020-05-07 15:53:56 -07:00
El RIDO