chalec
/
ctrlv-privatebin
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,922 Commits 2 Branches 0 Tags 13 MiB
Commit Graph

280 Commits

Author SHA1 Message Date
El RIDO 09162a3c57
fix display of v2 pastes in JS, fixing parsing of comments in PHP, avoid exposing expiration date (we provide time_to_live, would allow calculation of creation date of paste) 2019-05-15 07:44:03 +02:00
El RIDO cc1c55129f
switching to full JSON API without POST array use, ensure all JSON operations are done with error detection 2019-05-13 22:31:52 +02:00
El RIDO be1e7babc0
removing dead code and improving code coverage 2019-05-11 22:18:35 +02:00
El RIDO a622c8f484
fix logic, avoid 5.5 2019-05-10 23:27:45 +02:00
El RIDO c3719435a3
and fixing PHP 5.5 2019-05-10 23:09:35 +02:00
El RIDO 02f3cc739f
documentation on fnv1a64 is lacking, but tests show it was only introduced with PHP 5.6 2019-05-10 22:46:39 +02:00
El RIDO 9b6b25dac0
revert scalar type hints to retain support for PHP < 7.0 2019-05-10 22:35:18 +02:00
El RIDO 76007b6ee9
fixing class compatibility (why is this no longer enforced in PHP > 7.1?) 2019-05-10 22:21:03 +02:00
El RIDO f58cbefd1e
revert scalar type hints to retain support for PHP < 7.0 2019-05-10 22:13:11 +02:00
El RIDO fb0c9c595e
remove further type hints for compatibility 2019-05-10 22:04:47 +02:00
El RIDO bd4dee0f3e
fixing copy/paste errors 2019-05-10 21:52:14 +02:00
El RIDO 1e44902340
apply StyleCI patch 2019-05-10 21:45:34 +02:00
El RIDO 632d70412a
revert scalar type hints to retain support for PHP < 7.0 2019-05-10 21:35:36 +02:00
El RIDO 700f8a0ea7
made all php unit tests pass again 2019-05-10 07:55:39 +02:00
El RIDO 59569bf9fc
working on JsonApi tests 2019-05-08 22:11:21 +02:00
El RIDO 76dc01b959
finishing changes in models, removing last md5 test cases, tightening up allowed POST data 2019-05-06 22:15:21 +02:00
El RIDO 06b90ff48e
sticking to arrays to reduce conversions, inversion of control to simplify logic 2019-05-05 21:03:58 +02:00
El RIDO b7a03cfdb9
enforcing parameter types, avoiding unnecessary metadata in version 2 pastes 2019-05-05 18:22:57 +02:00
El RIDO 6e15903f1e
make DatabaseTest work pass again, support reading & writing version 1 & 2 pastes & comments 2019-05-05 14:36:47 +02:00
El RIDO bbdcb3fb0f
remove duplicate code 2019-05-05 08:53:40 +02:00
El RIDO 3338bd792e
implement version 2 format validation, changing ID checksum algorithm, resolves #49 2019-05-03 23:03:57 +02:00
El RIDO e418b083e8
Merge branch 'master' into webcrypto 2019-01-22 20:11:42 +01:00
rugk 34c64acb75
Apply StyleCi recommendation 2019-01-22 00:14:31 +01:00
rugk 7cb942aca3
Make PHP paste ID function more robust 2019-01-21 23:19:41 +01:00
rugk 541fff199a
Put PHP paste request into own function 2019-01-21 23:06:25 +01:00
El RIDO 79a858f176
extracting only the 16 hex characters of the query string as paste ID, addressing #396 2019-01-20 12:20:37 +01:00
El RIDO cde96d8f24
fixing bug in jsonld processing with certain URL paths 2018-12-17 19:42:26 +01:00
El RIDO 9ce41022cf
correcting namespaces 2018-11-19 13:09:34 +01:00
El RIDO b5ebc4a3d7
incrementing version 2018-08-11 19:29:58 +02:00
El RIDO a5e8eeaaf9
StyleCI: Obey the alphabet #342 2018-07-29 16:15:52 +02:00
El RIDO 4a35428499
cleanup of PurgeLimiter #342 2018-07-29 16:05:57 +02:00
El RIDO 3470dcd9a8
more compact ServerSalt #342 2018-07-29 15:50:36 +02:00
El RIDO 5db3412b69
cleanup of TrafficLimiter #342 2018-07-29 15:43:28 +02:00
El RIDO f9c8441edb
renaming controller #342 2018-07-29 15:17:35 +02:00
El RIDO 720897b902 correct CSP to allow password prompt 2018-07-21 06:45:09 +00:00
El RIDO cfe60db8fd
increment version number 2018-07-01 13:11:32 +02:00
El RIDO 6225a8ef16
updating translators in credits 2018-06-11 20:29:47 +02:00
El RIDO 9a0318517b
correct PHPdoc, fixes #264 2018-05-27 15:18:25 +02:00
El RIDO d6f203dc4c
Removed option to hide clone button on expiring pastes, since this requires reading the paste for rendering the template, which leaks information on the pastes state 2018-05-27 15:05:31 +02:00
El RIDO 05c1776ada
ensure ALL read errors are only exposed in the JSON API to avoid information leakage (i.e. beviour for deleted vs expired pastes), updated test cases & removed duplicate test 2018-05-27 14:36:30 +02:00
El RIDO caf87cc6f1
Merge branch 'master' into burnafterreading-fix, regression in expired paste error 2018-04-30 20:01:38 +02:00
El RIDO 2c82279292
Merge branch 'attachment-handling' of https://github.com/thororm/PrivateBin into thororm-attachment-handling 
apart from resolving conflicts:
- added missing docs
- inlined functions that were used in only one location
- updated unit test to support all previews
- fixed a regression that displayed the preview even when there was no preview and too early
 2018-04-29 11:57:03 +02:00
rugk 9c132cd839
Disallow form-action in CSP to limit outgoing connections 
See https://github.com/PrivateBin/PrivateBin/issues/272
 2018-01-06 18:06:06 +01:00
El RIDO 3bca559826
moving access to into Request class 2018-01-06 10:27:58 +01:00
rugk 414ab0eb71
Add config and basic page template support 
* load JS file asyncronously (just HTML5 async attribut)
* add basic support for page template, where it generates the code inside
  of a simple div at the top
* added option to turn off QR code support
 2017-12-25 14:59:15 +01:00
El RIDO 86ecdb1155
fixing post increment 2017-11-13 22:15:14 +01:00
El RIDO 502e96c129
StyleCI recommendations 2017-10-08 19:23:33 +02:00
El RIDO a5d5f6066a
refactoring as recommended by Scrutinizer 2017-10-08 19:16:09 +02:00
El RIDO 9f26894b2e
PHP < 5.6 compatibility and StyleCI recommendations 2017-10-08 17:10:51 +02:00
El RIDO 4f06feef81
implemented JSON file conversion on purge and storage in PHP files for data leak protection 2017-10-08 16:59:31 +02:00
El RIDO 4ded4b7f8c
adding correct HTTP error to response, as per @rugk's recommentation 2017-10-08 16:43:46 +02:00
El RIDO dbfb1e83ba
removing dead code 2017-10-08 16:43:10 +02:00
El RIDO 62f0b95377
making StyleCI happy 2017-10-08 16:42:43 +02:00
El RIDO 6e8eafe129
implemented INI cenversion functionality 2017-10-08 16:42:11 +02:00
El RIDO 6fa2bfe30e
updated documentation, incremented version 2017-10-08 16:40:51 +02:00
rugk f037967820
changes the file extension to php and adds a small one-liner to stop PHP from presenting the file to any website visitor 
Signed-off-by: El RIDO <elrido@gmx.net>
 2017-10-08 16:25:48 +02:00
thororm 23f5dfbff8 Merge remote-tracking branch 'remotes/thororm/master' into attachment-handling 
# Conflicts:
#	tpl/bootstrap.php
#	tpl/page.php
 2017-05-13 19:48:25 +02:00
rugk 283873d89a
Fix stupid copy&paste error 2017-04-13 10:52:48 +02:00
rugk 9b6748c54d
Adjust requested changes 2017-04-13 10:46:09 +02:00
El RIDO f54036976a
added instantburnafterreading option to address #174 2017-04-11 17:23:26 +02:00
rugk 183ebe518b
Force JSON request for getting paste data 2017-04-11 16:34:13 +02:00
thororm 096f07f86e Merge branch 'master' into attachment-handling 
# Conflicts:
#	js/privatebin.js
#	tpl/bootstrap.php
#	tpl/page.php
 2017-04-02 13:30:52 +02:00
El RIDO bbcc3e167b
implementing recommendations of scrutinizer 2017-03-25 00:58:59 +01:00
El RIDO 9b2af0abf5
fixing documentation 2017-03-24 23:54:37 +01:00
El RIDO 18315e7de0
removing unused class 2017-03-24 23:45:10 +01:00
El RIDO f7853cf439
removing duplicate code, cleanup of temporary test files 2017-03-24 23:42:11 +01:00
El RIDO ce92bfa934
updated .htaccess format, refactored .htaccess creation logic and improving code coverage, fixes #194 2017-03-24 21:30:08 +01:00
El RIDO 88b02d866e
fixes #186 for good 2017-03-24 19:20:34 +01:00
El RIDO be0919893d
updating shipped .htaccess files for Apache 2.4 as per https://httpd.apache.org/docs/2.4/upgrading.html#access - Thanks @EchoDev, fixes #194 2017-03-11 08:56:14 +01:00
El RIDO 823adb78ef
bumping required PHP to 5.4, removing unneccessary code, resolves #186 2017-03-05 11:22:24 +01:00
El RIDO 23b09d601d
credited Tulio for the portuguese translation, updated SRI hashes 2017-03-05 11:02:18 +01:00
El RIDO db307c3a77
updated test cases and delete logic to properly implement documented API, thanks @r4sas #188 2017-02-22 21:42:14 +01:00
thororm 4cb0ce5114 Removed self from cspheader 
Refactored some variable names
 2017-02-13 20:37:57 +01:00
thororm faf596aeb7 Added preview for 
- Video (HTML5)
- Audio (HTML5)
- PDF (Browser capabilities)
attachment.
Added drag & drop functionality
Added attachment preview to preview before submitting
 2017-02-12 15:35:37 +01:00
rugk e9b10f9e2d
Add CSP sandbox 
Fixes https://github.com/PrivateBin/PrivateBin/issues/168

Alos needed to run some Composer stuff, no idea why my diff was different.
 2017-02-01 18:34:13 +01:00
El RIDO a7de0e095b
added supported language, updated credits and changelog 2017-01-10 20:37:14 +01:00
El RIDO 67f6c4eb61
turned bootstrap template variants into logic 2017-01-08 10:02:07 +01:00
El RIDO f79c00378b
Choosing correct Occitan plural formula, added unit tests for Occitan and Chinese, corrected casing of languages in unit test 2017-01-08 07:56:56 +01:00
El RIDO a5d91298ff
add an option to change the site name, solves #154 2017-01-01 16:33:11 +01:00
El RIDO 4a036aea80
updated SRI hashes, added missing formula for slowene plurals and unit test for it, updated credits and changelog 2017-01-01 14:35:39 +01:00
El RIDO 1426d4e371
tagging 1.1 release and updating documentation 2016-12-26 12:13:50 +01:00
El RIDO f6b8ee3e20
add missing check for non-expiring pastes, fixes #149 2016-12-25 12:15:29 +01:00
El RIDO ecd8a51137
writing a unit test for #145 lead to the discovery of two errors in the polish translations: error in formula and missing number placeholders in the translation strings 2016-12-25 11:37:45 +01:00
atnaguzin bbcc53f08e StyleCI fix 2016-12-16 12:25:10 +03:00
R4SAS ccba2f029f added ru plural formula 2016-12-16 12:15:37 +03:00
rugk da10a761c4
Fix more typos 2016-12-12 18:50:00 +01:00
rugk 61ee0ef7d3
Fix typos 2016-12-12 18:49:08 +01:00
rugk 658d5ae84d
Fix style-ci errors 2016-12-12 18:43:23 +01:00
El RIDO 1f46823942
applying patch based on StyleCI ruleset 2016-10-29 10:24:08 +02:00
El RIDO 8cfcf1c9f5
Adding HTTP headers to address certain XSS attacks, resolves #91 2016-09-18 11:29:37 +02:00
rugk 1a159c973f
Prevent referrer to be send 
Uses both CSP and Referrer-Policy
Fixes #96
 2016-09-03 18:12:24 +02:00
rugk b7184b92a3 Fix csp config unit tests 2016-08-27 14:47:21 +02:00
rugk b11866a63b Allow manifest loading via CSP (2) 2016-08-27 00:02:50 +02:00
El RIDO a13266a784 ensure the server salt path is initialized, instead of relying on the default 2016-08-25 15:02:38 +02:00
El RIDO e925833090 bumping version number to 1.0 2016-08-25 09:53:31 +02:00
El RIDO 6aba39488f adding check for PATH ending in DIRECTORY_SEPARATOR, fixes #86 2016-08-22 09:46:26 +02:00
El RIDO f72e260ee7 adding subresource integrity hashes for all javascript includes, resolves #6 2016-08-16 11:11:03 +02:00
rugk 75cb771e4b Merge branch 'master' into prng, resolve merge conflicts 2016-08-15 18:15:57 +02:00
El RIDO 72aac25f68 added configuration for PHP Coding Standards Fixer, including its fixes, resolving #47 2016-08-15 16:45:47 +02:00
rugk 8038fde29d Revert #44 
Scrutinizer-ci confirmed the detection of this was a false-positive, so we can remove this workaround.
They added it to their internal issue tracker.
 2016-08-12 18:30:14 +02:00