Commit Graph

430 Commits

Author SHA1 Message Date
El RIDO 09162a3c57
fix display of v2 pastes in JS, fixing parsing of comments in PHP, avoid exposing expiration date (we provide time_to_live, would allow calculation of creation date of paste) 2019-05-15 07:44:03 +02:00
El RIDO cc1c55129f
switching to full JSON API without POST array use, ensure all JSON operations are done with error detection 2019-05-13 22:31:52 +02:00
El RIDO be1e7babc0
removing dead code and improving code coverage 2019-05-11 22:18:35 +02:00
El RIDO a622c8f484
fix logic, avoid 5.5 2019-05-10 23:27:45 +02:00
El RIDO c3719435a3
and fixing PHP 5.5 2019-05-10 23:09:35 +02:00
El RIDO 02f3cc739f
documentation on fnv1a64 is lacking, but tests show it was only introduced with PHP 5.6 2019-05-10 22:46:39 +02:00
El RIDO 9b6b25dac0
revert scalar type hints to retain support for PHP < 7.0 2019-05-10 22:35:18 +02:00
El RIDO 76007b6ee9
fixing class compatibility (why is this no longer enforced in PHP > 7.1?) 2019-05-10 22:21:03 +02:00
El RIDO f58cbefd1e
revert scalar type hints to retain support for PHP < 7.0 2019-05-10 22:13:11 +02:00
El RIDO fb0c9c595e
remove further type hints for compatibility 2019-05-10 22:04:47 +02:00
El RIDO bd4dee0f3e
fixing copy/paste errors 2019-05-10 21:52:14 +02:00
El RIDO 1e44902340
apply StyleCI patch 2019-05-10 21:45:34 +02:00
El RIDO 632d70412a
revert scalar type hints to retain support for PHP < 7.0 2019-05-10 21:35:36 +02:00
El RIDO 700f8a0ea7
made all php unit tests pass again 2019-05-10 07:55:39 +02:00
El RIDO 59569bf9fc
working on JsonApi tests 2019-05-08 22:11:21 +02:00
El RIDO 76dc01b959
finishing changes in models, removing last md5 test cases, tightening up allowed POST data 2019-05-06 22:15:21 +02:00
El RIDO 06b90ff48e
sticking to arrays to reduce conversions, inversion of control to simplify logic 2019-05-05 21:03:58 +02:00
El RIDO b7a03cfdb9
enforcing parameter types, avoiding unnecessary metadata in version 2 pastes 2019-05-05 18:22:57 +02:00
El RIDO 6e15903f1e
make DatabaseTest work pass again, support reading & writing version 1 & 2 pastes & comments 2019-05-05 14:36:47 +02:00
El RIDO bbdcb3fb0f
remove duplicate code 2019-05-05 08:53:40 +02:00
El RIDO 3338bd792e
implement version 2 format validation, changing ID checksum algorithm, resolves #49 2019-05-03 23:03:57 +02:00
El RIDO e418b083e8
Merge branch 'master' into webcrypto 2019-01-22 20:11:42 +01:00
rugk 34c64acb75
Apply StyleCi recommendation 2019-01-22 00:14:31 +01:00
rugk 7cb942aca3
Make PHP paste ID function more robust 2019-01-21 23:19:41 +01:00
rugk 541fff199a
Put PHP paste request into own function 2019-01-21 23:06:25 +01:00
El RIDO 79a858f176
extracting only the 16 hex characters of the query string as paste ID, addressing #396 2019-01-20 12:20:37 +01:00
El RIDO cde96d8f24
fixing bug in jsonld processing with certain URL paths 2018-12-17 19:42:26 +01:00
El RIDO 9ce41022cf
correcting namespaces 2018-11-19 13:09:34 +01:00
El RIDO b5ebc4a3d7
incrementing version 2018-08-11 19:29:58 +02:00
El RIDO a5e8eeaaf9
StyleCI: Obey the alphabet #342 2018-07-29 16:15:52 +02:00
El RIDO 4a35428499
cleanup of PurgeLimiter #342 2018-07-29 16:05:57 +02:00
El RIDO 3470dcd9a8
more compact ServerSalt #342 2018-07-29 15:50:36 +02:00
El RIDO 5db3412b69
cleanup of TrafficLimiter #342 2018-07-29 15:43:28 +02:00
El RIDO f9c8441edb
renaming controller #342 2018-07-29 15:17:35 +02:00
El RIDO 720897b902 correct CSP to allow password prompt 2018-07-21 06:45:09 +00:00
El RIDO cfe60db8fd
increment version number 2018-07-01 13:11:32 +02:00
El RIDO 6225a8ef16
updating translators in credits 2018-06-11 20:29:47 +02:00
El RIDO 9a0318517b
correct PHPdoc, fixes #264 2018-05-27 15:18:25 +02:00
El RIDO d6f203dc4c
Removed option to hide clone button on expiring pastes, since this requires reading the paste for rendering the template, which leaks information on the pastes state 2018-05-27 15:05:31 +02:00
El RIDO 05c1776ada
ensure ALL read errors are only exposed in the JSON API to avoid information leakage (i.e. beviour for deleted vs expired pastes), updated test cases & removed duplicate test 2018-05-27 14:36:30 +02:00
El RIDO caf87cc6f1
Merge branch 'master' into burnafterreading-fix, regression in expired paste error 2018-04-30 20:01:38 +02:00
El RIDO 2c82279292
Merge branch 'attachment-handling' of https://github.com/thororm/PrivateBin into thororm-attachment-handling
apart from resolving conflicts:
- added missing docs
- inlined functions that were used in only one location
- updated unit test to support all previews
- fixed a regression that displayed the preview even when there was no preview and too early
2018-04-29 11:57:03 +02:00
rugk 9c132cd839
Disallow form-action in CSP to limit outgoing connections
See https://github.com/PrivateBin/PrivateBin/issues/272
2018-01-06 18:06:06 +01:00
El RIDO 3bca559826
moving access to into Request class 2018-01-06 10:27:58 +01:00
rugk 414ab0eb71
Add config and basic page template support
* load JS file asyncronously (just HTML5 async attribut)
* add basic support for page template, where it generates the code inside
  of a simple div at the top
* added option to turn off QR code support
2017-12-25 14:59:15 +01:00
El RIDO 86ecdb1155
fixing post increment 2017-11-13 22:15:14 +01:00
El RIDO 502e96c129
StyleCI recommendations 2017-10-08 19:23:33 +02:00
El RIDO a5d5f6066a
refactoring as recommended by Scrutinizer 2017-10-08 19:16:09 +02:00
El RIDO 9f26894b2e
PHP < 5.6 compatibility and StyleCI recommendations 2017-10-08 17:10:51 +02:00
El RIDO 4f06feef81
implemented JSON file conversion on purge and storage in PHP files for data leak protection 2017-10-08 16:59:31 +02:00
El RIDO 4ded4b7f8c
adding correct HTTP error to response, as per @rugk's recommentation 2017-10-08 16:43:46 +02:00
El RIDO dbfb1e83ba
removing dead code 2017-10-08 16:43:10 +02:00
El RIDO 62f0b95377
making StyleCI happy 2017-10-08 16:42:43 +02:00
El RIDO 6e8eafe129
implemented INI cenversion functionality 2017-10-08 16:42:11 +02:00
El RIDO 6fa2bfe30e
updated documentation, incremented version 2017-10-08 16:40:51 +02:00
rugk f037967820
changes the file extension to php and adds a small one-liner to stop PHP from presenting the file to any website visitor
Signed-off-by: El RIDO <elrido@gmx.net>
2017-10-08 16:25:48 +02:00
thororm 23f5dfbff8 Merge remote-tracking branch 'remotes/thororm/master' into attachment-handling
# Conflicts:
#	tpl/bootstrap.php
#	tpl/page.php
2017-05-13 19:48:25 +02:00
rugk 283873d89a
Fix stupid copy&paste error 2017-04-13 10:52:48 +02:00
rugk 9b6748c54d
Adjust requested changes 2017-04-13 10:46:09 +02:00
El RIDO f54036976a
added instantburnafterreading option to address #174 2017-04-11 17:23:26 +02:00
rugk 183ebe518b
Force JSON request for getting paste data 2017-04-11 16:34:13 +02:00
thororm 096f07f86e Merge branch 'master' into attachment-handling
# Conflicts:
#	js/privatebin.js
#	tpl/bootstrap.php
#	tpl/page.php
2017-04-02 13:30:52 +02:00
El RIDO bbcc3e167b
implementing recommendations of scrutinizer 2017-03-25 00:58:59 +01:00
El RIDO 9b2af0abf5
fixing documentation 2017-03-24 23:54:37 +01:00
El RIDO 18315e7de0
removing unused class 2017-03-24 23:45:10 +01:00
El RIDO f7853cf439
removing duplicate code, cleanup of temporary test files 2017-03-24 23:42:11 +01:00
El RIDO ce92bfa934
updated .htaccess format, refactored .htaccess creation logic and improving code coverage, fixes #194 2017-03-24 21:30:08 +01:00
El RIDO 88b02d866e
fixes #186 for good 2017-03-24 19:20:34 +01:00
El RIDO be0919893d
updating shipped .htaccess files for Apache 2.4 as per https://httpd.apache.org/docs/2.4/upgrading.html#access - Thanks @EchoDev, fixes #194 2017-03-11 08:56:14 +01:00
El RIDO 823adb78ef
bumping required PHP to 5.4, removing unneccessary code, resolves #186 2017-03-05 11:22:24 +01:00
El RIDO 23b09d601d
credited Tulio for the portuguese translation, updated SRI hashes 2017-03-05 11:02:18 +01:00
El RIDO db307c3a77
updated test cases and delete logic to properly implement documented API, thanks @r4sas #188 2017-02-22 21:42:14 +01:00
thororm 4cb0ce5114 Removed self from cspheader
Refactored some variable names
2017-02-13 20:37:57 +01:00
thororm faf596aeb7 Added preview for
- Video (HTML5)
- Audio (HTML5)
- PDF (Browser capabilities)
attachment.
Added drag & drop functionality
Added attachment preview to preview before submitting
2017-02-12 15:35:37 +01:00
rugk e9b10f9e2d
Add CSP sandbox
Fixes https://github.com/PrivateBin/PrivateBin/issues/168

Alos needed to run some Composer stuff, no idea why my diff was different.
2017-02-01 18:34:13 +01:00
El RIDO a7de0e095b
added supported language, updated credits and changelog 2017-01-10 20:37:14 +01:00
El RIDO 67f6c4eb61
turned bootstrap template variants into logic 2017-01-08 10:02:07 +01:00
El RIDO f79c00378b
Choosing correct Occitan plural formula, added unit tests for Occitan and Chinese, corrected casing of languages in unit test 2017-01-08 07:56:56 +01:00
El RIDO a5d91298ff
add an option to change the site name, solves #154 2017-01-01 16:33:11 +01:00
El RIDO 4a036aea80
updated SRI hashes, added missing formula for slowene plurals and unit test for it, updated credits and changelog 2017-01-01 14:35:39 +01:00
El RIDO 1426d4e371
tagging 1.1 release and updating documentation 2016-12-26 12:13:50 +01:00
El RIDO f6b8ee3e20
add missing check for non-expiring pastes, fixes #149 2016-12-25 12:15:29 +01:00
El RIDO ecd8a51137
writing a unit test for #145 lead to the discovery of two errors in the polish translations: error in formula and missing number placeholders in the translation strings 2016-12-25 11:37:45 +01:00
atnaguzin bbcc53f08e StyleCI fix 2016-12-16 12:25:10 +03:00
R4SAS ccba2f029f added ru plural formula 2016-12-16 12:15:37 +03:00
rugk da10a761c4
Fix more typos 2016-12-12 18:50:00 +01:00
rugk 61ee0ef7d3
Fix typos 2016-12-12 18:49:08 +01:00
rugk 658d5ae84d
Fix style-ci errors 2016-12-12 18:43:23 +01:00
El RIDO 1f46823942
applying patch based on StyleCI ruleset 2016-10-29 10:24:08 +02:00
El RIDO 8cfcf1c9f5
Adding HTTP headers to address certain XSS attacks, resolves #91 2016-09-18 11:29:37 +02:00
rugk 1a159c973f
Prevent referrer to be send
Uses both CSP and Referrer-Policy
Fixes #96
2016-09-03 18:12:24 +02:00
rugk b7184b92a3 Fix csp config unit tests 2016-08-27 14:47:21 +02:00
rugk b11866a63b Allow manifest loading via CSP (2) 2016-08-27 00:02:50 +02:00
El RIDO a13266a784 ensure the server salt path is initialized, instead of relying on the default 2016-08-25 15:02:38 +02:00
El RIDO e925833090 bumping version number to 1.0 2016-08-25 09:53:31 +02:00
El RIDO 6aba39488f adding check for PATH ending in DIRECTORY_SEPARATOR, fixes #86 2016-08-22 09:46:26 +02:00
El RIDO f72e260ee7 adding subresource integrity hashes for all javascript includes, resolves #6 2016-08-16 11:11:03 +02:00
rugk 75cb771e4b Merge branch 'master' into prng, resolve merge conflicts 2016-08-15 18:15:57 +02:00
El RIDO 72aac25f68 added configuration for PHP Coding Standards Fixer, including its fixes, resolving #47 2016-08-15 16:45:47 +02:00
rugk 8038fde29d Revert #44
Scrutinizer-ci confirmed the detection of this was a false-positive, so we can remove this workaround.
They added it to their internal issue tracker.
2016-08-12 18:30:14 +02:00
El RIDO 0a628e83c1 Merge pull request #59 from PrivateBin/52-identicons
Implementation of Identicons library
2016-08-12 12:22:20 +02:00
El RIDO ca66653d0c applying: php-cs-fixer fix lib/ --level=psr2 2016-08-11 15:05:43 +02:00
El RIDO 6cb7454d07 Added tests for JSON errors, should help us figure out the cause of the problem in #11 2016-08-11 14:41:52 +02:00
rugk bea9a577a6 Use better random number generator #29 2016-08-10 23:15:06 +02:00
El RIDO c237337cd2 some minor whitespace improvements detected by scrutinizer 2016-08-10 18:22:28 +02:00
El RIDO 3988b860b0 implemented Identicon library as new default for comment icons, made Vizhash an optional alternative, refactored Vizhash and removed string lenghtening 2016-08-10 17:41:46 +02:00
El RIDO 1ef28d7a5c minor fixes, typos 2016-08-10 15:03:06 +02:00
El RIDO addb666a23 introducing CSP header to mitigate XSS attacks, closes #10 2016-08-09 14:46:32 +02:00
El RIDO 5b7b234821 doc bloc corrections 2016-08-09 13:07:11 +02:00
El RIDO c2efe2e609 some optimization 2016-08-09 12:45:26 +02:00
El RIDO 3fa0881c07 updated documentation, small cleanups 2016-08-09 12:21:32 +02:00
El RIDO b45bef8388 Renamed classes for full PSR-2 compliance, some cleanup 2016-08-09 11:54:42 +02:00
Sobak 5d7003ecc1 Convert to PSR-2 coding style (using phpcs-fixer) 2016-07-26 08:19:35 +02:00
Sobak 884310add6 Oficially bump minimal PHP version to 5.3.0 2016-07-26 08:06:40 +02:00
Simon Rupf d14eb0efe4 fixing configuration and its test to match the new namespaces 2016-07-25 11:02:39 +02:00
Sobak b1305beb0f Improve workaround for keeping config file format BC 2016-07-22 15:31:42 +02:00
Sobak 54f96b9938 Introduce PSR-4 autoloading 2016-07-22 12:11:48 +02:00
El RIDO 9a9362789b addressing issues with failed attachement uploads due to webserver configuration, resolves #15 2016-07-19 15:26:41 +02:00
El RIDO 002046cc62 some minor cleanups 2016-07-19 14:44:17 +02:00
El RIDO be4c845129 Merge branch 'master' of github.com:PrivateBin/PrivateBin 2016-07-19 14:02:45 +02:00
El RIDO c5606a47fe refactoring away RainTPL and templating, resolves #36 2016-07-19 14:02:26 +02:00
rugk 38ab755733 Replace HTTP links with HTTPS
Using this regexp: https://regex101.com/r/rZ2dE2/1
2016-07-19 13:56:52 +02:00
El RIDO 03306dabff using TEXT data type for PostgreSQL instead of BLOB, hopefully resolves #8 2016-07-18 15:55:51 +02:00
El RIDO e7dde4d212 cleaning REQUEST_URI for good measure 2016-07-18 15:21:32 +02:00
El RIDO e1d6db88a1 Merge pull request #44 from PrivateBin/rugk-itBugsMe
Change array used for language selection
2016-07-18 15:15:41 +02:00
El RIDO afaa111d22 code style 2016-07-18 15:13:56 +02:00
El RIDO b53efda635 improving code coverage and unit testing 2016-07-18 14:47:32 +02:00
rugk 2e863e3ed9 Search key first
Looks a bit complicated, but well...
2016-07-18 13:25:41 +02:00
rugk 80e9d75477 Remove unnecessary array
Now it is right...
2016-07-18 13:12:54 +02:00
rugk 19d5659a8f Change array
https://github.com/PrivateBin/PrivateBin/issues/41

Not tested locally, let's say what Travis says... 😄
2016-07-18 13:11:15 +02:00
El RIDO ff0c55c0d6 introduce option to disable vizhash for paranoid admins, resolves #20 point 2.4 2016-07-18 10:14:38 +02:00
El RIDO f8bc40b4e4 introducing automatic purging of expired pastes, triggered by default at least 5 minutes apart, deleting a maximum of 10 pastes - resolves #3 2016-07-15 17:02:59 +02:00
El RIDO 4d10fd9690 fixing support for pre renaming configuration file format, resolves #37 2016-07-13 09:41:45 +02:00
El RIDO 90a26d8fcb removing some code smells, found in the various code checker tools 2016-07-11 15:47:42 +02:00
El RIDO c33c50f775 using table name sanitation function to ensure no weird characters are used by accident (e.g. by oddly configured table prefix) 2016-07-11 14:33:45 +02:00
El RIDO 3b3b5277eb refactoring to improve code quality 2016-07-11 14:15:20 +02:00
El RIDO 79509ad48a renaming the fork to PrivateBin 2016-07-11 11:58:15 +02:00
El RIDO b8080acc78 fixing an unhandled case found with scrutinizer-ci 2016-07-06 14:58:06 +02:00
El RIDO c13caee981 fixing some documentation issues detected by scrutinizer-ci 2016-07-06 14:12:14 +02:00
El RIDO 0e217a42c5 introduce new zerobincompatibility option, replacing the base64 one, if it is enabled, delete tokens use sha256; added per paste salt with server salt fallback; this resolves the points 2.2 & 2.9 in #103 2016-07-06 11:37:13 +02:00
El RIDO 6b0b814dc6 removing leftover from previously using a different function, resolves #83 2016-07-06 09:41:07 +02:00
El RIDO 5980f8b603 removing some unused code detected by codacy 2016-07-04 20:46:45 +02:00
rugk fd5a7a07ae Soft fail for chmod errors 2016-06-22 18:08:25 +02:00
rugk 54f1cb9d34 Only protect file if it was written 2016-06-21 21:47:03 +02:00
rugk 8a48e9ce78 Set permissions when saving files
Fixes https://github.com/elrido/ZeroBin/issues/80
2016-06-21 17:18:11 +02:00
rugk 1a1818660d Missing space 2016-05-12 20:07:58 +02:00
El RIDO 4918bef4dc Although there usually are no plurals in chinese, there's an exception
for words related to persons, when not preceeded by a numeric word.

Sources:
- http://localization-guide.readthedocs.org/en/latest/l10n/pluralforms.html#f3
- https://answers.yahoo.com/question/index?qid=20110606153553AAAW5zX
2016-04-26 20:21:30 +02:00
El RIDO 3a92c940a9 implementing media type negotiation (based on language negotiation
logic) in cases both JSON and (X)HTML are being requested, resolving #68
2016-04-08 23:29:44 +02:00
El RIDO a4ebdbc606 re-introducing (optional) URL shortener support, resolves #58 2016-01-31 09:56:06 +01:00
El RIDO 09dd79dbc7 switching to SHA256 HMAC of IPs in traffic limiter, resolves #57 2015-12-22 20:58:23 +01:00
Mihail Fedorov a13ad6368f MD5 instead of IP 2015-12-22 06:02:41 +03:00
El RIDO 24a4328c55 incrementing version, updating changelog, added missing phpdoc comments 2015-11-09 21:39:42 +01:00
El RIDO 42a9c92b5e improved database backend support for larger files (100 KiB - 16 MiB),
introduced database versioning to reduce amount of checks done per
request
2015-11-01 17:02:20 +01:00
El RIDO d42975580a expire_options and formatter_options should not be filled up with
default values, resolves #52
2015-10-24 08:44:17 +02:00
El RIDO 176dff3b70 renaming config file to make updates easier, resolving #50 2015-10-22 21:13:15 +02:00
El RIDO e3f4aa982c adding configuration option to set a default language and/or force it,
resolves #39
2015-10-18 20:38:07 +02:00
El RIDO ca07398b66 adding option to hide clone button on expiring pastes, resolves #34 2015-10-18 17:56:45 +02:00
El RIDO 14d08ec56d working on JSON-LD validity, added CORS headers preparing external API
call support
2015-10-18 14:37:58 +02:00
El RIDO 22d0b1ec22 updating comment format to match defined JSON-LD API context 2015-10-18 11:38:48 +02:00
El RIDO f21567133c changing paste read output for API refactoring 2015-10-18 11:08:28 +02:00
El RIDO b92b38cee8 found and resolved issues in database layer, thanks to report in #42 2015-10-16 23:13:36 +02:00
El RIDO 2e3bacb699 fixing deletion issue in request refactoring, starting work on API read
refactoring
2015-10-15 22:04:57 +02:00
El RIDO 512b3d1172 fixing "missing" comments when they were posted during the same second 2015-10-12 21:07:41 +02:00
El RIDO 1d6cfb7f3b refactoring delete API, added external JSON-LD context 2015-10-11 21:22:00 +02:00
El RIDO 9e6e29bc93 working on API: simplifying PUT request mocking 2015-10-11 18:50:48 +02:00
El RIDO e5b096ed8c found and fixed a bug when using expiration together with discussion 2015-10-03 17:54:18 +02:00
El RIDO add980d36f adding UI tests for database configuration, fixed an issue with comment
table creation
2015-10-03 15:52:37 +02:00
El RIDO 7ec94e0db5 implementing request refactoring, beginning JS changes for JSON API, but
discovered that DELETE and PUT are not available on all webservers by
default
2015-09-27 20:34:39 +02:00
El RIDO 6b7dc44039 preparing unit test for request object 2015-09-27 15:37:17 +02:00
El RIDO ce3f10f143 improving unit tests, fixing regression in DB model 2015-09-27 14:36:20 +02:00
El RIDO 694138c5d4 mostly finished with data model refactoring 2015-09-27 03:03:55 +02:00
El RIDO 211d3e4622 preparing unit test for model refactoring, refactoring traffic limiter 2015-09-26 17:57:46 +02:00
El RIDO d04eab52c9 refactoring how attachments are stored 2015-09-26 12:29:27 +02:00
El RIDO 6d24ff824e refactoring configuration 2015-09-22 23:21:31 +02:00
El RIDO 9f68658106 incrementing version number, updating changelog 2015-09-21 22:43:00 +02:00
El RIDO 0de9f868fa improving unit tests, fixing #38 2015-09-21 22:32:52 +02:00
El RIDO 608605cd54 incrementing version number, updating docs 2015-09-19 17:23:10 +02:00
El RIDO a41d0ca4dd various fixes:
- changing default formatter option to plain text to make upgrading from
  0.19 Alpha smoother
- fixing translation message change in bootstrap templates
- adjusting how image uploads are displayed in bootstrap templates
2015-09-19 14:22:29 +02:00
El RIDO a111357fae add optional (since it uses a session cookie) language selection 2015-09-19 11:21:13 +02:00
El RIDO 47efedf23c traffic limiter would fail behind a reverse proxy / load balancer.
Adding configuration option to set the trusted HTTP header to get the
visitors IP in such a case (avoiding security issue if malicious clients
just set these headers themselfs)
2015-09-18 22:31:01 +02:00
El RIDO ed9c4f45f4 adding file name support for #20, solving issue with unencryptable file 2015-09-18 12:33:10 +02:00
El RIDO ec8851e46c support < 0.21 syntax highlighting 2015-09-17 20:47:00 +02:00
El RIDO 106141efa4 merging @vikstrous file upload feature for #20 from
8a6d268278
2015-09-16 22:51:48 +02:00
El RIDO 0e53d1ee86 added markdown support and a dropdown for the format selection. The
options other then markdown are plain text and source code (syntax
highlighting). Resolves #25
2015-09-12 17:33:16 +02:00
El RIDO b060d57524 - implemented php side of plural translation
- using it to generate labels dynamically for the expire options
(deprecating the [expire_labels] configuration).
- added translation of the human readable data sizes to support the
french octet
- fixed IEC label for kibibytes
2015-09-06 19:21:17 +02:00
El RIDO eee7b0144a covering JS side of translations (#7), added the messages to the
translation files and translated the german ones
2015-09-06 13:07:46 +02:00
El RIDO a2af88a36e initial work on translations, covering the PHP side of it 2015-09-05 02:24:56 +02:00
El RIDO 28776ac178 formatting RainTPL class 2015-09-05 01:55:19 +02:00
El RIDO 411419d597 adding tests and unifying paste creation output 2015-09-03 22:55:36 +02:00
El RIDO 2d79ba8243 updating docs, bumping version to 0.20 2015-09-03 22:22:59 +02:00
El RIDO 602fc4705e change for API consistency 2015-09-01 23:51:31 +02:00
El RIDO b25022e403 refactored JSON API, its now possible to retrieve pastes as JSON, which
is now used when posting comments, eliminating the need to store the
password in sessionStorage
2015-09-01 22:33:07 +02:00
El RIDO 802a0b26b9 burn after reading messages are only deleted after callback by JS when
successfully decrypted, resolves #11
2015-08-31 22:10:41 +02:00
El RIDO d3c4600806 slight configuration changes, template modifications to make discussions
and password configurable, removed generated configuration test as it
grows quite big and a new one can be generated easily if needed
2015-08-31 00:01:35 +02:00
El RIDO 2d0668af03 concluding work on configuration test generator for #16. Replaced a few
die()s in the code with Exception, making it possible to test properly.
Fixed some outdated unit tests.
2015-08-29 20:29:14 +02:00
El RIDO 1c4d1aa6b6 working on configuration unit test generator as described in #16 2015-08-29 01:26:48 +02:00
El RIDO ae82e84ef8 correcting php doc comments 2015-08-27 23:58:56 +02:00
El RIDO d57d6cf44b created initial unit tests for main zerobin class 2015-08-27 23:30:35 +02:00
El RIDO f775da3931 fixing nasty deletion bug from #15, included unit tests to trigger it
and reworked persistence classes to through exceptions rather to fail
silently
2015-08-27 21:41:21 +02:00
El RIDO cb28056223 made highlighting more configurable, added all four themes, there is now a configurable flavour text (notice) 2015-08-17 23:18:33 +02:00
El RIDO 24d18c5313 cleaned up phpdoc comments, added README on how to install and use it 2015-08-16 15:55:31 +02:00
El RIDO 49c6e3c1b6 updated base64.js to version 2.1.9, using minified version found at
9192c510f5/base64.min.js
kudos Dan Kogai

small improvements to input checking
implementing default values for most configuration options
switching to versioned JS files to avoid version hack used in template
2015-08-16 12:27:06 +02:00
El RIDO 769768d25e updated jquery to 1.11.3 2015-08-16 11:20:06 +02:00
El RIDO 8881b3047a changing version string 2015-08-16 00:04:14 +02:00
Sebastien SAUVAGE 43a439e7d0 Time attack protection on hmac comparison
This fixes issue 2.7 of https://defuse.ca/audits/zerobin.htm, and thus
(with commit a24212afda90ca3e4b4ff5ce30d2012709b58a28) also issue 2.8.

(cherry picked from commit 0b4db7ece313dd268e51fc47a0293a649927558a)

Conflicts:
	index.php
2015-08-15 23:44:03 +02:00
Sebastien SAUVAGE e7feca0e53 Stronger server salt
ZeroBin now generates a much stronger salt. This fixes issue #68
(mentioned in section 2.1 of https://defuse.ca/audits/zerobin.htm)

(cherry picked from commit a24212afda90ca3e4b4ff5ce30d2012709b58a28)

Conflicts:
	lib/serversalt.php
	lib/vizhash16x16.php
2015-08-15 22:18:57 +02:00
jeldrik 4f72f04eda Prevent inconstitent /data/trafic_limiter.php due to file read while writing
(cherry picked from commit 71a7f6adaea9a86a84fa8ebbcb9e5c506a785527)

Conflicts:
	index.php
2015-08-15 22:10:05 +02:00
Sébastien SAUVAGE 5b54ca34ad Update index.php
Removed ugly error message when paste identifier is invalid (eg. http://mydomain.com/zerobin?foo)
(cherry picked from commit 43fa904979a29e4c205b9f4f08e1c487555bbe1c)

Conflicts:
	index.php
2015-08-15 22:07:07 +02:00
Sebastien SAUVAGE bc8b23d35e XSS flaw correction
With a client IE < 10 there was a XSS security flaw. Other browsers were
not affected.
Also corrected spacing display with IE<10.

(cherry picked from commit 28813cd82ae47e556b610da3c7302a6709e27431)

Conflicts:
	CHANGELOG.md
	index.php
	js/zerobin.js
	lib/vizhash16x16.php
2015-08-15 22:01:43 +02:00
El RIDO e646729b2d fixing regressions from cherrypicking 2015-08-15 21:39:08 +02:00
Sebastien SAUVAGE 5f87ea6843 ZeroBin 0.18
(cherry picked from commit 7a8cbee2f99cd74a50bce7e8df8130e2c477d903)

Conflicts:
	CHANGELOG.md
	index.php
	js/zerobin.js
	lib/vizhash16x16.php
2015-08-15 21:06:19 +02:00
Sebastien SAUVAGE cff4d99f05 "Burn after reading" as a checkbox
"Burn after reading" option has been moved out of Expiration combo to a
separate checkbox.
Reason is: You can prevent a read-once paste to be available ad vitam
eternam on the net.

(cherry picked from commit 190b278402c086ebc4d1a78aae27d1e2666e3e7a)

Conflicts:
	css/zerobin.css
	index.php
	js/zerobin.js
	tpl/page.html
2015-08-15 19:01:03 +02:00
El RIDO ad70051323 reviewed unit tests, fixing line endings, added more tests 2015-08-15 18:32:31 +02:00
Sebastien SAUVAGE 7db76d8d71 Updated json checking.
- adapted to SJCL changed
- added entropy checking (from
f2ee2e8ba2)

(cherry picked from commit 57e6274c64e2c99c754b63586af6b34c374fbc2b)

Conflicts:
	index.php
2015-08-15 18:16:55 +02:00
El RIDO 134d22c958 small unit testing improvements, removing never accessed code 2015-08-15 16:37:44 +02:00
Simon Rupf badf459390 split common persistance logic into abstract class 2013-11-01 01:15:58 +01:00
Sebastien SAUVAGE 5b253cf77c ZeroBin 0.17
* added deletion link.
* small refactoring.
* improved regex checks.
* larger server alt on installation.
2013-11-01 01:15:14 +01:00
Sébastien SAUVAGE c26c4a8bec arbitrary JSON file disclosure correction
The following securit issue has been fixed:
https://github.com/sebsauvage/ZeroBin/issues/30
2013-10-31 22:53:22 +01:00
Simon Rupf d247bff897 syntax highlighting can now be turned off, template can be changed in
configuration
2013-10-31 22:24:40 +01:00
Simon Rupf 630e16c4a0 Added more configuration options, based on patch by Uli Köhler 2013-10-30 23:54:42 +01:00
Simon Rupf 51008d3e68 added test for entropy of cypher text - closes #3 2012-09-08 19:54:24 +02:00
Simon Rupf 2d4f155064 had to revert to HTML5 instead of XHTML5 because of compatibility
problem with code prettifier, fixed some display bugs
2012-08-28 23:28:41 +02:00
Simon Rupf 907538875b removed leftovers from submodule uglifyjs, added credits file,
cleaned up CSS, changed template to output clean XHTML 5,
added unit tests for 60% of the code, found a few bugs by doing
that and fixed them
2012-08-26 00:49:11 +02:00
Simon Rupf 421e6cba97 implemented zerobin_db model, added more options for paste expiration, made comments and max data size configurable 2012-05-19 23:59:41 +02:00
Simon Rupf edf95ff56d added autoloading, configurable paste size limit, changed JS to calculate localized comment times instead of UTC 2012-04-30 22:58:08 +02:00
Simon Rupf 23487ce779 Fixed bug with missing directory separator and added .htaccess files to lib & cfg directories. If those are not present, the application will create them for you. 2012-04-30 13:58:29 +02:00
Simon Rupf ba90d0cae2 Refactoring of code base - modularized code, introduced configuration, started working on a PDO based DB connector 2012-04-29 19:15:06 +02:00
Thierry Poinot 6083c7a23c refactoring files and directory structure 2012-04-22 13:34:17 +02:00
Thierry Poinot d92d8658a5 refactoring zerobin js, adding JSDoc 2012-04-22 12:45:45 +02:00
Sebastien SAUVAGE 52630374e5 Initial commit of version 0.15 alpha. 2012-04-21 21:59:45 +02:00