rugk
9c132cd839
Disallow form-action in CSP to limit outgoing connections
...
See https://github.com/PrivateBin/PrivateBin/issues/272
2018-01-06 18:06:06 +01:00
El RIDO
3bca559826
moving access to into Request class
2018-01-06 10:27:58 +01:00
rugk
414ab0eb71
Add config and basic page template support
...
* load JS file asyncronously (just HTML5 async attribut)
* add basic support for page template, where it generates the code inside
of a simple div at the top
* added option to turn off QR code support
2017-12-25 14:59:15 +01:00
El RIDO
86ecdb1155
fixing post increment
2017-11-13 22:15:14 +01:00
El RIDO
502e96c129
StyleCI recommendations
2017-10-08 19:23:33 +02:00
El RIDO
a5d5f6066a
refactoring as recommended by Scrutinizer
2017-10-08 19:16:09 +02:00
El RIDO
9f26894b2e
PHP < 5.6 compatibility and StyleCI recommendations
2017-10-08 17:10:51 +02:00
El RIDO
4f06feef81
implemented JSON file conversion on purge and storage in PHP files for data leak protection
2017-10-08 16:59:31 +02:00
El RIDO
4ded4b7f8c
adding correct HTTP error to response, as per @rugk's recommentation
2017-10-08 16:43:46 +02:00
El RIDO
dbfb1e83ba
removing dead code
2017-10-08 16:43:10 +02:00
El RIDO
62f0b95377
making StyleCI happy
2017-10-08 16:42:43 +02:00
El RIDO
6e8eafe129
implemented INI cenversion functionality
2017-10-08 16:42:11 +02:00
El RIDO
6fa2bfe30e
updated documentation, incremented version
2017-10-08 16:40:51 +02:00
rugk
f037967820
changes the file extension to php and adds a small one-liner to stop PHP from presenting the file to any website visitor
...
Signed-off-by: El RIDO <elrido@gmx.net>
2017-10-08 16:25:48 +02:00
thororm
23f5dfbff8
Merge remote-tracking branch 'remotes/thororm/master' into attachment-handling
...
# Conflicts:
# tpl/bootstrap.php
# tpl/page.php
2017-05-13 19:48:25 +02:00
rugk
283873d89a
Fix stupid copy&paste error
2017-04-13 10:52:48 +02:00
rugk
9b6748c54d
Adjust requested changes
2017-04-13 10:46:09 +02:00
El RIDO
f54036976a
added instantburnafterreading option to address #174
2017-04-11 17:23:26 +02:00
rugk
183ebe518b
Force JSON request for getting paste data
2017-04-11 16:34:13 +02:00
thororm
096f07f86e
Merge branch 'master' into attachment-handling
...
# Conflicts:
# js/privatebin.js
# tpl/bootstrap.php
# tpl/page.php
2017-04-02 13:30:52 +02:00
El RIDO
bbcc3e167b
implementing recommendations of scrutinizer
2017-03-25 00:58:59 +01:00
El RIDO
9b2af0abf5
fixing documentation
2017-03-24 23:54:37 +01:00
El RIDO
18315e7de0
removing unused class
2017-03-24 23:45:10 +01:00
El RIDO
f7853cf439
removing duplicate code, cleanup of temporary test files
2017-03-24 23:42:11 +01:00
El RIDO
ce92bfa934
updated .htaccess format, refactored .htaccess creation logic and improving code coverage, fixes #194
2017-03-24 21:30:08 +01:00
El RIDO
88b02d866e
fixes #186 for good
2017-03-24 19:20:34 +01:00
El RIDO
be0919893d
updating shipped .htaccess files for Apache 2.4 as per https://httpd.apache.org/docs/2.4/upgrading.html#access - Thanks @EchoDev, fixes #194
2017-03-11 08:56:14 +01:00
El RIDO
823adb78ef
bumping required PHP to 5.4, removing unneccessary code, resolves #186
2017-03-05 11:22:24 +01:00
El RIDO
23b09d601d
credited Tulio for the portuguese translation, updated SRI hashes
2017-03-05 11:02:18 +01:00
El RIDO
db307c3a77
updated test cases and delete logic to properly implement documented API, thanks @r4sas #188
2017-02-22 21:42:14 +01:00
thororm
4cb0ce5114
Removed self from cspheader
...
Refactored some variable names
2017-02-13 20:37:57 +01:00
thororm
faf596aeb7
Added preview for
...
- Video (HTML5)
- Audio (HTML5)
- PDF (Browser capabilities)
attachment.
Added drag & drop functionality
Added attachment preview to preview before submitting
2017-02-12 15:35:37 +01:00
rugk
e9b10f9e2d
Add CSP sandbox
...
Fixes https://github.com/PrivateBin/PrivateBin/issues/168
Alos needed to run some Composer stuff, no idea why my diff was different.
2017-02-01 18:34:13 +01:00
El RIDO
a7de0e095b
added supported language, updated credits and changelog
2017-01-10 20:37:14 +01:00
El RIDO
67f6c4eb61
turned bootstrap template variants into logic
2017-01-08 10:02:07 +01:00
El RIDO
f79c00378b
Choosing correct Occitan plural formula, added unit tests for Occitan and Chinese, corrected casing of languages in unit test
2017-01-08 07:56:56 +01:00
El RIDO
a5d91298ff
add an option to change the site name, solves #154
2017-01-01 16:33:11 +01:00
El RIDO
4a036aea80
updated SRI hashes, added missing formula for slowene plurals and unit test for it, updated credits and changelog
2017-01-01 14:35:39 +01:00
El RIDO
1426d4e371
tagging 1.1 release and updating documentation
2016-12-26 12:13:50 +01:00
El RIDO
f6b8ee3e20
add missing check for non-expiring pastes, fixes #149
2016-12-25 12:15:29 +01:00
El RIDO
ecd8a51137
writing a unit test for #145 lead to the discovery of two errors in the polish translations: error in formula and missing number placeholders in the translation strings
2016-12-25 11:37:45 +01:00
atnaguzin
bbcc53f08e
StyleCI fix
2016-12-16 12:25:10 +03:00
R4SAS
ccba2f029f
added ru plural formula
2016-12-16 12:15:37 +03:00
rugk
da10a761c4
Fix more typos
2016-12-12 18:50:00 +01:00
rugk
61ee0ef7d3
Fix typos
2016-12-12 18:49:08 +01:00
rugk
658d5ae84d
Fix style-ci errors
2016-12-12 18:43:23 +01:00
El RIDO
1f46823942
applying patch based on StyleCI ruleset
2016-10-29 10:24:08 +02:00
El RIDO
8cfcf1c9f5
Adding HTTP headers to address certain XSS attacks, resolves #91
2016-09-18 11:29:37 +02:00
rugk
1a159c973f
Prevent referrer to be send
...
Uses both CSP and Referrer-Policy
Fixes #96
2016-09-03 18:12:24 +02:00
rugk
b7184b92a3
Fix csp config unit tests
2016-08-27 14:47:21 +02:00
rugk
b11866a63b
Allow manifest loading via CSP (2)
2016-08-27 00:02:50 +02:00
El RIDO
a13266a784
ensure the server salt path is initialized, instead of relying on the default
2016-08-25 15:02:38 +02:00
El RIDO
e925833090
bumping version number to 1.0
2016-08-25 09:53:31 +02:00
El RIDO
6aba39488f
adding check for PATH ending in DIRECTORY_SEPARATOR, fixes #86
2016-08-22 09:46:26 +02:00
El RIDO
f72e260ee7
adding subresource integrity hashes for all javascript includes, resolves #6
2016-08-16 11:11:03 +02:00
rugk
75cb771e4b
Merge branch 'master' into prng, resolve merge conflicts
2016-08-15 18:15:57 +02:00
El RIDO
72aac25f68
added configuration for PHP Coding Standards Fixer, including its fixes, resolving #47
2016-08-15 16:45:47 +02:00
rugk
8038fde29d
Revert #44
...
Scrutinizer-ci confirmed the detection of this was a false-positive, so we can remove this workaround.
They added it to their internal issue tracker.
2016-08-12 18:30:14 +02:00
El RIDO
0a628e83c1
Merge pull request #59 from PrivateBin/52-identicons
...
Implementation of Identicons library
2016-08-12 12:22:20 +02:00
El RIDO
ca66653d0c
applying: php-cs-fixer fix lib/ --level=psr2
2016-08-11 15:05:43 +02:00
El RIDO
6cb7454d07
Added tests for JSON errors, should help us figure out the cause of the problem in #11
2016-08-11 14:41:52 +02:00
rugk
bea9a577a6
Use better random number generator #29
2016-08-10 23:15:06 +02:00
El RIDO
c237337cd2
some minor whitespace improvements detected by scrutinizer
2016-08-10 18:22:28 +02:00
El RIDO
3988b860b0
implemented Identicon library as new default for comment icons, made Vizhash an optional alternative, refactored Vizhash and removed string lenghtening
2016-08-10 17:41:46 +02:00
El RIDO
1ef28d7a5c
minor fixes, typos
2016-08-10 15:03:06 +02:00
El RIDO
addb666a23
introducing CSP header to mitigate XSS attacks, closes #10
2016-08-09 14:46:32 +02:00
El RIDO
5b7b234821
doc bloc corrections
2016-08-09 13:07:11 +02:00
El RIDO
c2efe2e609
some optimization
2016-08-09 12:45:26 +02:00
El RIDO
3fa0881c07
updated documentation, small cleanups
2016-08-09 12:21:32 +02:00
El RIDO
b45bef8388
Renamed classes for full PSR-2 compliance, some cleanup
2016-08-09 11:54:42 +02:00
Sobak
5d7003ecc1
Convert to PSR-2 coding style (using phpcs-fixer)
2016-07-26 08:19:35 +02:00
Sobak
884310add6
Oficially bump minimal PHP version to 5.3.0
2016-07-26 08:06:40 +02:00
Simon Rupf
d14eb0efe4
fixing configuration and its test to match the new namespaces
2016-07-25 11:02:39 +02:00
Sobak
b1305beb0f
Improve workaround for keeping config file format BC
2016-07-22 15:31:42 +02:00
Sobak
54f96b9938
Introduce PSR-4 autoloading
2016-07-22 12:11:48 +02:00
El RIDO
9a9362789b
addressing issues with failed attachement uploads due to webserver configuration, resolves #15
2016-07-19 15:26:41 +02:00
El RIDO
002046cc62
some minor cleanups
2016-07-19 14:44:17 +02:00
El RIDO
be4c845129
Merge branch 'master' of github.com:PrivateBin/PrivateBin
2016-07-19 14:02:45 +02:00
El RIDO
c5606a47fe
refactoring away RainTPL and templating, resolves #36
2016-07-19 14:02:26 +02:00
rugk
38ab755733
Replace HTTP links with HTTPS
...
Using this regexp: https://regex101.com/r/rZ2dE2/1
2016-07-19 13:56:52 +02:00
El RIDO
03306dabff
using TEXT data type for PostgreSQL instead of BLOB, hopefully resolves #8
2016-07-18 15:55:51 +02:00
El RIDO
e7dde4d212
cleaning REQUEST_URI for good measure
2016-07-18 15:21:32 +02:00
El RIDO
e1d6db88a1
Merge pull request #44 from PrivateBin/rugk-itBugsMe
...
Change array used for language selection
2016-07-18 15:15:41 +02:00
El RIDO
afaa111d22
code style
2016-07-18 15:13:56 +02:00
El RIDO
b53efda635
improving code coverage and unit testing
2016-07-18 14:47:32 +02:00
rugk
2e863e3ed9
Search key first
...
Looks a bit complicated, but well...
2016-07-18 13:25:41 +02:00
rugk
80e9d75477
Remove unnecessary array
...
Now it is right...
2016-07-18 13:12:54 +02:00
rugk
19d5659a8f
Change array
...
https://github.com/PrivateBin/PrivateBin/issues/41
Not tested locally, let's say what Travis says... 😄
2016-07-18 13:11:15 +02:00
El RIDO
ff0c55c0d6
introduce option to disable vizhash for paranoid admins, resolves #20 point 2.4
2016-07-18 10:14:38 +02:00
El RIDO
f8bc40b4e4
introducing automatic purging of expired pastes, triggered by default at least 5 minutes apart, deleting a maximum of 10 pastes - resolves #3
2016-07-15 17:02:59 +02:00
El RIDO
4d10fd9690
fixing support for pre renaming configuration file format, resolves #37
2016-07-13 09:41:45 +02:00
El RIDO
90a26d8fcb
removing some code smells, found in the various code checker tools
2016-07-11 15:47:42 +02:00
El RIDO
c33c50f775
using table name sanitation function to ensure no weird characters are used by accident (e.g. by oddly configured table prefix)
2016-07-11 14:33:45 +02:00
El RIDO
3b3b5277eb
refactoring to improve code quality
2016-07-11 14:15:20 +02:00
El RIDO
79509ad48a
renaming the fork to PrivateBin
2016-07-11 11:58:15 +02:00
El RIDO
b8080acc78
fixing an unhandled case found with scrutinizer-ci
2016-07-06 14:58:06 +02:00
El RIDO
c13caee981
fixing some documentation issues detected by scrutinizer-ci
2016-07-06 14:12:14 +02:00
El RIDO
0e217a42c5
introduce new zerobincompatibility option, replacing the base64 one, if it is enabled, delete tokens use sha256; added per paste salt with server salt fallback; this resolves the points 2.2 & 2.9 in #103
2016-07-06 11:37:13 +02:00
El RIDO
6b0b814dc6
removing leftover from previously using a different function, resolves #83
2016-07-06 09:41:07 +02:00
El RIDO
5980f8b603
removing some unused code detected by codacy
2016-07-04 20:46:45 +02:00