Commit Graph

321 Commits

Author SHA1 Message Date
ZerooCool e61c44ef46 Make Opengraph really functional
Make Opengraph really functional

Change : #664 for #651
2020-07-01 19:47:12 +02:00
ZerooCool 13c2f8d968 Make Opengraph really functional
3 URLs of images used on social networks are passed in absolute URL.

Note that I did not pass all the images in absolute URLs, but, it could be consistent to do so, but, if the images work, maybe a relative call is more efficient?

Remove the version of PrivateBin, at the end of each image. This apparently prevents the opengraph from working, and, so I deleted on all of the images, to remain consistent at this level. This will make fewer requests, and, anyway, the images are not intended to change with each version.
2020-06-30 22:42:12 +02:00
El RIDO 45a0535640
adding new flag to sandbox policy, introduced and required by Chrome 83 - fixes #634 2020-06-11 18:29:32 +02:00
El RIDO 5450a431cf
Merge branch 'Haocen-625-bugfixes' 2020-06-07 07:38:59 +02:00
El RIDO 7794915172
expose permission exceptions to the API 2020-05-31 16:33:25 +02:00
Haocen Xu bb9a5772bc
Add resource: to script-src cspheader to allowed rendering of pdf in
Firefox
2020-05-30 05:37:35 -04:00
El RIDO 9914c37683
incrementing version 2020-03-22 06:44:04 +01:00
El RIDO afd82ac34d
Merge branch 'master' into php7.4-ci 2020-02-16 13:23:11 +01:00
El RIDO adece1d784
incrementing version 2020-02-16 11:15:51 +01:00
El RIDO 5d54006c9e
update minimum required PHP version to 5.6 and replace slowEquals() with native hash_equals() function 2020-02-05 19:30:14 +01:00
El RIDO 1b206e8495
ensuring consistent use of php side encoding, testing all encoding cases, correctly report the language in the <html> tag 2020-02-01 09:15:14 +01:00
El RIDO cc0920fc09
add HTML entity encoding to PHP translation logic, remove exception to allow <br/> tags in DOMpurify by eliminating the single case that made use of it 2020-02-01 08:46:59 +01:00
El RIDO ed590ee557
incrementing version 2020-01-08 19:31:06 +01:00
El RIDO 0efe6f7a8e
simplify logic, fullfills the unit test 2019-12-25 08:11:25 +01:00
Lucas Savva 7d9ec9509b Handle previously renamed CONFIG_PATH gracefully 2019-12-24 19:12:08 +00:00
Lucas Savva d5d13fa831 Add logic to rename insecure CONFIG_PATH 2019-12-24 18:51:47 +00:00
Lucas Savva b5c86e290f squashme: fix code style issue 2019-12-20 10:42:59 +00:00
Lucas Savva 6b0468ebff Add support for a CONFIG_PATH variable 2019-12-19 23:06:32 +00:00
El RIDO 8cf0c86ebb
simplify case statement, update documentation 2019-11-02 17:18:22 +01:00
Andriy Zhuk 65b7077756 Added plural rules for ukrainian 2019-10-18 12:31:40 +03:00
El RIDO 2d4edfe401
incrementing version number in preparation of release 2019-09-22 19:42:04 +02:00
El RIDO d5aeba60ca
increase default size limit to 10 MiB, documenting change 2019-09-20 07:04:26 +02:00
El RIDO 5c0012cf51
adding database migration to increase data to MEDIUMBLOB on MySQL by default 2019-09-20 06:57:54 +02:00
El RIDO 7c61f59dcd
removing untranslated string for non-human entities, moving insecure notice to template, so it can remains translated 2019-09-19 19:14:48 +02:00
Haocen Xu ab75b183fb
Fix click on new paste on clone paste editing view not removing custom
attachment

Fix cloning paste with attachment

Update CSP in sample and default configuration

Ensure clone paste also clone format

Fix clone button hiding logic when paste is burn after read

Remove attachment name when new paste clicked on

Enable file operation only when editing
2019-08-25 02:16:58 -04:00
El RIDO b0d1a3949e
add bulgarian to the supported languages 2019-07-11 16:50:32 +02:00
El RIDO 07018e5876
incrementing version number in preparation of release 2019-07-08 18:35:34 +02:00
El RIDO 11375a4f59
moved referrer policy from CSP & meta to proper HTTP header to avoid browser console error message about unknown CSP header and to ensure it always applies before HTML is parsed, fixes #196 2019-06-27 20:31:10 +02:00
El RIDO c2e060d464
made compression configurable, fixes #38 2019-06-23 19:45:40 +02:00
El RIDO 848d3563f4
making StyleCI & Scrutinizer happy 2019-06-23 16:10:05 +02:00
El RIDO 8dc9db90c9
added translation for Czech, provided by @info-path, fixes #424 2019-06-23 12:06:36 +02:00
El RIDO 42c2003220
made notice configurable, fixing a few CSS glitches 2019-06-17 21:40:37 +02:00
El RIDO 4d6897f063
increasing minimum PHP version to 5.5 as this is required by the yzalis/identicon library upgrade to version 1.2.0 2019-06-16 10:50:52 +02:00
El RIDO 362045c664
re-add data-URLs to CSP for img-src, as these are used for the comment icons 2019-06-16 07:06:58 +02:00
El RIDO f915af1a5a
adjust CSP header to allow blob URLs 2019-06-15 09:36:09 +02:00
El RIDO a459c4692c
correcting API use, avoid history glitch 2019-06-01 23:49:40 +02:00
El RIDO 398fabd664
Chrome requires unsafe-eval for it to parse and evaluate WASM modules 2019-05-20 18:29:37 +02:00
El RIDO 12a9b2ff8e
address Scrutinizer issues with the use of getParams method 2019-05-19 10:13:47 +02:00
El RIDO 1baa1c2b0a
fixing API doc issue found by Scrutinizer 2019-05-19 10:05:04 +02:00
El RIDO 800a0df8e3
apply StyleCI patch 2019-05-19 10:01:41 +02:00
El RIDO 909ff2daa7
handle scrutinizer issues (mostly changes in API documentation) 2019-05-19 09:42:55 +02:00
El RIDO 09162a3c57
fix display of v2 pastes in JS, fixing parsing of comments in PHP, avoid exposing expiration date (we provide time_to_live, would allow calculation of creation date of paste) 2019-05-15 07:44:03 +02:00
El RIDO cc1c55129f
switching to full JSON API without POST array use, ensure all JSON operations are done with error detection 2019-05-13 22:31:52 +02:00
El RIDO be1e7babc0
removing dead code and improving code coverage 2019-05-11 22:18:35 +02:00
El RIDO a622c8f484
fix logic, avoid 5.5 2019-05-10 23:27:45 +02:00
El RIDO c3719435a3
and fixing PHP 5.5 2019-05-10 23:09:35 +02:00
El RIDO 02f3cc739f
documentation on fnv1a64 is lacking, but tests show it was only introduced with PHP 5.6 2019-05-10 22:46:39 +02:00
El RIDO 9b6b25dac0
revert scalar type hints to retain support for PHP < 7.0 2019-05-10 22:35:18 +02:00
El RIDO 76007b6ee9
fixing class compatibility (why is this no longer enforced in PHP > 7.1?) 2019-05-10 22:21:03 +02:00
El RIDO f58cbefd1e
revert scalar type hints to retain support for PHP < 7.0 2019-05-10 22:13:11 +02:00
El RIDO fb0c9c595e
remove further type hints for compatibility 2019-05-10 22:04:47 +02:00
El RIDO bd4dee0f3e
fixing copy/paste errors 2019-05-10 21:52:14 +02:00
El RIDO 1e44902340
apply StyleCI patch 2019-05-10 21:45:34 +02:00
El RIDO 632d70412a
revert scalar type hints to retain support for PHP < 7.0 2019-05-10 21:35:36 +02:00
El RIDO 700f8a0ea7
made all php unit tests pass again 2019-05-10 07:55:39 +02:00
El RIDO 59569bf9fc
working on JsonApi tests 2019-05-08 22:11:21 +02:00
El RIDO 76dc01b959
finishing changes in models, removing last md5 test cases, tightening up allowed POST data 2019-05-06 22:15:21 +02:00
El RIDO 06b90ff48e
sticking to arrays to reduce conversions, inversion of control to simplify logic 2019-05-05 21:03:58 +02:00
El RIDO b7a03cfdb9
enforcing parameter types, avoiding unnecessary metadata in version 2 pastes 2019-05-05 18:22:57 +02:00
El RIDO 6e15903f1e
make DatabaseTest work pass again, support reading & writing version 1 & 2 pastes & comments 2019-05-05 14:36:47 +02:00
El RIDO bbdcb3fb0f
remove duplicate code 2019-05-05 08:53:40 +02:00
El RIDO 3338bd792e
implement version 2 format validation, changing ID checksum algorithm, resolves #49 2019-05-03 23:03:57 +02:00
El RIDO e418b083e8
Merge branch 'master' into webcrypto 2019-01-22 20:11:42 +01:00
rugk 34c64acb75
Apply StyleCi recommendation 2019-01-22 00:14:31 +01:00
rugk 7cb942aca3
Make PHP paste ID function more robust 2019-01-21 23:19:41 +01:00
rugk 541fff199a
Put PHP paste request into own function 2019-01-21 23:06:25 +01:00
El RIDO 79a858f176
extracting only the 16 hex characters of the query string as paste ID, addressing #396 2019-01-20 12:20:37 +01:00
El RIDO cde96d8f24
fixing bug in jsonld processing with certain URL paths 2018-12-17 19:42:26 +01:00
El RIDO 9ce41022cf
correcting namespaces 2018-11-19 13:09:34 +01:00
El RIDO b5ebc4a3d7
incrementing version 2018-08-11 19:29:58 +02:00
El RIDO a5e8eeaaf9
StyleCI: Obey the alphabet #342 2018-07-29 16:15:52 +02:00
El RIDO 4a35428499
cleanup of PurgeLimiter #342 2018-07-29 16:05:57 +02:00
El RIDO 3470dcd9a8
more compact ServerSalt #342 2018-07-29 15:50:36 +02:00
El RIDO 5db3412b69
cleanup of TrafficLimiter #342 2018-07-29 15:43:28 +02:00
El RIDO f9c8441edb
renaming controller #342 2018-07-29 15:17:35 +02:00
El RIDO 720897b902 correct CSP to allow password prompt 2018-07-21 06:45:09 +00:00
El RIDO cfe60db8fd
increment version number 2018-07-01 13:11:32 +02:00
El RIDO 6225a8ef16
updating translators in credits 2018-06-11 20:29:47 +02:00
El RIDO 9a0318517b
correct PHPdoc, fixes #264 2018-05-27 15:18:25 +02:00
El RIDO d6f203dc4c
Removed option to hide clone button on expiring pastes, since this requires reading the paste for rendering the template, which leaks information on the pastes state 2018-05-27 15:05:31 +02:00
El RIDO 05c1776ada
ensure ALL read errors are only exposed in the JSON API to avoid information leakage (i.e. beviour for deleted vs expired pastes), updated test cases & removed duplicate test 2018-05-27 14:36:30 +02:00
El RIDO caf87cc6f1
Merge branch 'master' into burnafterreading-fix, regression in expired paste error 2018-04-30 20:01:38 +02:00
El RIDO 2c82279292
Merge branch 'attachment-handling' of https://github.com/thororm/PrivateBin into thororm-attachment-handling
apart from resolving conflicts:
- added missing docs
- inlined functions that were used in only one location
- updated unit test to support all previews
- fixed a regression that displayed the preview even when there was no preview and too early
2018-04-29 11:57:03 +02:00
rugk 9c132cd839
Disallow form-action in CSP to limit outgoing connections
See https://github.com/PrivateBin/PrivateBin/issues/272
2018-01-06 18:06:06 +01:00
El RIDO 3bca559826
moving access to into Request class 2018-01-06 10:27:58 +01:00
rugk 414ab0eb71
Add config and basic page template support
* load JS file asyncronously (just HTML5 async attribut)
* add basic support for page template, where it generates the code inside
  of a simple div at the top
* added option to turn off QR code support
2017-12-25 14:59:15 +01:00
El RIDO 86ecdb1155
fixing post increment 2017-11-13 22:15:14 +01:00
El RIDO 502e96c129
StyleCI recommendations 2017-10-08 19:23:33 +02:00
El RIDO a5d5f6066a
refactoring as recommended by Scrutinizer 2017-10-08 19:16:09 +02:00
El RIDO 9f26894b2e
PHP < 5.6 compatibility and StyleCI recommendations 2017-10-08 17:10:51 +02:00
El RIDO 4f06feef81
implemented JSON file conversion on purge and storage in PHP files for data leak protection 2017-10-08 16:59:31 +02:00
El RIDO 4ded4b7f8c
adding correct HTTP error to response, as per @rugk's recommentation 2017-10-08 16:43:46 +02:00
El RIDO dbfb1e83ba
removing dead code 2017-10-08 16:43:10 +02:00
El RIDO 62f0b95377
making StyleCI happy 2017-10-08 16:42:43 +02:00
El RIDO 6e8eafe129
implemented INI cenversion functionality 2017-10-08 16:42:11 +02:00
El RIDO 6fa2bfe30e
updated documentation, incremented version 2017-10-08 16:40:51 +02:00
rugk f037967820
changes the file extension to php and adds a small one-liner to stop PHP from presenting the file to any website visitor
Signed-off-by: El RIDO <elrido@gmx.net>
2017-10-08 16:25:48 +02:00
thororm 23f5dfbff8 Merge remote-tracking branch 'remotes/thororm/master' into attachment-handling
# Conflicts:
#	tpl/bootstrap.php
#	tpl/page.php
2017-05-13 19:48:25 +02:00
rugk 283873d89a
Fix stupid copy&paste error 2017-04-13 10:52:48 +02:00
rugk 9b6748c54d
Adjust requested changes 2017-04-13 10:46:09 +02:00