Sebastien SAUVAGE
43a439e7d0
Time attack protection on hmac comparison
...
This fixes issue 2.7 of https://defuse.ca/audits/zerobin.htm , and thus
(with commit a24212afda90ca3e4b4ff5ce30d2012709b58a28) also issue 2.8.
(cherry picked from commit 0b4db7ece313dd268e51fc47a0293a649927558a)
Conflicts:
index.php
2015-08-15 23:44:03 +02:00
Sébastien SAUVAGE
5b54ca34ad
Update index.php
...
Removed ugly error message when paste identifier is invalid (eg. http://mydomain.com/zerobin?foo )
(cherry picked from commit 43fa904979a29e4c205b9f4f08e1c487555bbe1c)
Conflicts:
index.php
2015-08-15 22:07:07 +02:00
Sebastien SAUVAGE
bc8b23d35e
XSS flaw correction
...
With a client IE < 10 there was a XSS security flaw. Other browsers were
not affected.
Also corrected spacing display with IE<10.
(cherry picked from commit 28813cd82ae47e556b610da3c7302a6709e27431)
Conflicts:
CHANGELOG.md
index.php
js/zerobin.js
lib/vizhash16x16.php
2015-08-15 22:01:43 +02:00
El RIDO
e646729b2d
fixing regressions from cherrypicking
2015-08-15 21:39:08 +02:00
Sebastien SAUVAGE
5f87ea6843
ZeroBin 0.18
...
(cherry picked from commit 7a8cbee2f99cd74a50bce7e8df8130e2c477d903)
Conflicts:
CHANGELOG.md
index.php
js/zerobin.js
lib/vizhash16x16.php
2015-08-15 21:06:19 +02:00
Sebastien SAUVAGE
cff4d99f05
"Burn after reading" as a checkbox
...
"Burn after reading" option has been moved out of Expiration combo to a
separate checkbox.
Reason is: You can prevent a read-once paste to be available ad vitam
eternam on the net.
(cherry picked from commit 190b278402c086ebc4d1a78aae27d1e2666e3e7a)
Conflicts:
css/zerobin.css
index.php
js/zerobin.js
tpl/page.html
2015-08-15 19:01:03 +02:00
Sebastien SAUVAGE
5b253cf77c
ZeroBin 0.17
...
* added deletion link.
* small refactoring.
* improved regex checks.
* larger server alt on installation.
2013-11-01 01:15:14 +01:00
Sébastien SAUVAGE
c26c4a8bec
arbitrary JSON file disclosure correction
...
The following securit issue has been fixed:
https://github.com/sebsauvage/ZeroBin/issues/30
2013-10-31 22:53:22 +01:00
Simon Rupf
d247bff897
syntax highlighting can now be turned off, template can be changed in
...
configuration
2013-10-31 22:24:40 +01:00
Simon Rupf
630e16c4a0
Added more configuration options, based on patch by Uli Köhler
2013-10-30 23:54:42 +01:00
Simon Rupf
2d4f155064
had to revert to HTML5 instead of XHTML5 because of compatibility
...
problem with code prettifier, fixed some display bugs
2012-08-28 23:28:41 +02:00
Simon Rupf
907538875b
removed leftovers from submodule uglifyjs, added credits file,
...
cleaned up CSS, changed template to output clean XHTML 5,
added unit tests for 60% of the code, found a few bugs by doing
that and fixed them
2012-08-26 00:49:11 +02:00
Simon Rupf
421e6cba97
implemented zerobin_db model, added more options for paste expiration, made comments and max data size configurable
2012-05-19 23:59:41 +02:00
Simon Rupf
edf95ff56d
added autoloading, configurable paste size limit, changed JS to calculate localized comment times instead of UTC
2012-04-30 22:58:08 +02:00
Simon Rupf
23487ce779
Fixed bug with missing directory separator and added .htaccess files to lib & cfg directories. If those are not present, the application will create them for you.
2012-04-30 13:58:29 +02:00
Simon Rupf
ba90d0cae2
Refactoring of code base - modularized code, introduced configuration, started working on a PDO based DB connector
2012-04-29 19:15:06 +02:00