Commit Graph

379 Commits

Author SHA1 Message Date
Mark van Holsteijn 1232717334 added purgeValues to GCS 2021-06-09 22:27:34 +02:00
El RIDO 7b2f0ff302
apply StyleCI recommendation 2021-06-09 19:16:22 +02:00
El RIDO a203e6322b
implementing key/value store of Persistance in Database storage 2021-06-09 07:47:40 +02:00
El RIDO 7901ec74a7
folding Persistance\ServerSalt into Data\Filesystem 2021-06-08 22:01:29 +02:00
El RIDO b5a6ce323e
folding Persistance\TrafficLimiter into Data\Filesystem 2021-06-08 07:49:22 +02:00
El RIDO 3429d293d3
remove configurable dir for traffic & purge limiters 2021-06-08 06:37:27 +02:00
El RIDO ae486d651b
folding Persistance\PurgeLimiter into Data\Filesystem 2021-06-07 21:53:42 +02:00
Mark van Holsteijn 55efc858b5 simplest implementation of kv support on gcs 2021-06-07 09:11:24 +02:00
El RIDO 7bdcc2ae15
conclude scaffolding of AbstractData key/value storage, missing implementation 2021-06-07 07:02:47 +02:00
El RIDO 1a7d0799c0
scaffolding interface for AbstractData key/value storage, folding Persistance\DataStore into Data\Filesystem 2021-06-07 06:53:15 +02:00
El RIDO de8f40ac1a
kudos @StyleCI 2021-06-06 19:35:31 +02:00
El RIDO c758eca0a4
removed automatic .ini configuration file migration, closes #808 2021-06-06 17:53:08 +02:00
El RIDO 2bc54caa07
fix never matched condition, kudos @ShiftLeftSecurity, found via #807 2021-06-05 10:33:01 +02:00
El RIDO abb2b90e9b
make StyleCI happy 2021-06-05 05:52:13 +02:00
El RIDO edb8e5e078
handle edge cases with file locking: file needs to exist before it can be locked, fixes #803 2021-06-05 05:48:17 +02:00
Mark van Holsteijn 342270d6dd added Google Cloud Storage support 2021-05-28 22:39:50 +02:00
El RIDO b6460616ba
address Scrutinizer issues 2021-05-22 11:30:17 +02:00
El RIDO 91c8f9f23c
use namespaces 2021-05-22 11:02:54 +02:00
El RIDO 3dd01b1f70
testing IP exemption, handle corner cases found in testing 2021-05-22 10:59:47 +02:00
rodehoed af5a14afc3 Optimized the canPass() functions 2021-05-19 09:01:45 +02:00
rodehoed 5812a6bb68 Optimized the canPass() functions 2021-05-19 08:47:35 +02:00
Rodehoed 502bb5fa15 Put the ip-matching function in a private function 2021-05-06 12:18:44 +02:00
Rodehoed 89bdc92451 Put the ip-matching function in a private function 2021-05-06 12:13:03 +02:00
LinQhost Managed hosting 63d6816c7c Merge branch 'api-ip-exempt' of https://github.com/rodehoed/PrivateBin into api-ip-exempt 2021-05-05 08:43:32 +02:00
rodehoed a806a6455e
QA 2021-05-04 11:20:24 +02:00
rodehoed 4296b43832
QA 2021-05-04 11:19:34 +02:00
rodehoed c3ad4a4b4d
QA 2021-05-04 11:18:06 +02:00
rodehoed 805eb288d9
QA 2021-05-04 11:14:11 +02:00
rodehoed b21efd8336
Code quality 2021-05-04 11:01:46 +02:00
LinQhost Managed hosting 7d82c82fd9 Make it possible to exempt ips from the rate-limiter 2021-05-04 10:29:25 +02:00
El RIDO fcb6422663
re-adding CSP directive sandbox allow-forms, it is needed for the password input form to work on the JS side 2021-04-18 21:05:32 +02:00
rugk 3ca01024fd
feat: disallow form submission alltogether
Following the tests and HTTP Observatory, I think we can disable forms altogether.

Fixes https://github.com/PrivateBin/PrivateBin/issues/778
2021-04-18 14:16:39 +02:00
rugk 5809a7cfa7
feat: add form-action CSP restriction
This follows a suggestion from HTTP Observatory:
> Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs

Fixes #778
2021-04-18 14:14:46 +02:00
El RIDO 9b893f09d7
Merge branch 'master' into floc 2021-04-17 08:35:21 +02:00
El RIDO 7b7a32c0a7
apply StyleCI recommendation 2021-04-17 08:20:08 +02:00
rugk fd7d05e862
Add base URL as default CSP restriction
This follows an [HTTP Observatory recommendation](https://observatory.mozilla.org/analyze/privatebin.net):
> Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins.

Given we don't use that anywhere, this safe should be safe. (not tested practically though)
2021-04-16 22:04:28 +02:00
El RIDO 6f3bb25b09
disable Google FloC 2021-04-16 20:25:50 +02:00
El RIDO 1dc8b24665
transmit cookie only over HTTPS, fixes #472 2021-04-16 20:15:12 +02:00
El RIDO 9e6eb50ced
adding new security headers, fixes #765 2021-04-16 19:19:11 +02:00
El RIDO 175d14224e
set plurals for and credit Estonian translation 2021-04-16 18:27:12 +02:00
El RIDO 458ebcb321
incrementing version 2021-04-05 17:05:14 +02:00
El RIDO da0896fe42
set plurals for and credit Catalan translation 2021-04-02 09:00:27 +02:00
El RIDO 5a9bcea3a9
set plurals for and credit Indonesian translation 2021-03-09 05:54:06 +01:00
El RIDO b38ebc503e
plural rules and documenting newly added languages 2021-01-07 21:16:03 +01:00
El RIDO bb6a44ce7a
remove double translation, avoid unsupported double quotes in INI file 2020-10-13 07:28:35 +02:00
Andreas Schneider eb32ea1419 Make it possible to change the info text
This makes it possible to change the last part of the info text and
replace it with something individual. E.g pointing to the cmdline
client.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2020-10-11 17:04:08 +02:00
El RIDO 3668f1e3f4
attempt to accomodate Crowdin by providing a single source translation file that is not actually used or loaded by our code 2020-10-04 12:39:35 +02:00
El RIDO 4204e4b8b7
make StyleCI happy and change unit test to use a string 2020-07-03 21:00:42 +02:00
ZerooCool e61c44ef46 Make Opengraph really functional
Make Opengraph really functional

Change : #664 for #651
2020-07-01 19:47:12 +02:00
ZerooCool 13c2f8d968 Make Opengraph really functional
3 URLs of images used on social networks are passed in absolute URL.

Note that I did not pass all the images in absolute URLs, but, it could be consistent to do so, but, if the images work, maybe a relative call is more efficient?

Remove the version of PrivateBin, at the end of each image. This apparently prevents the opengraph from working, and, so I deleted on all of the images, to remain consistent at this level. This will make fewer requests, and, anyway, the images are not intended to change with each version.
2020-06-30 22:42:12 +02:00
El RIDO 45a0535640
adding new flag to sandbox policy, introduced and required by Chrome 83 - fixes #634 2020-06-11 18:29:32 +02:00
El RIDO 5450a431cf
Merge branch 'Haocen-625-bugfixes' 2020-06-07 07:38:59 +02:00
El RIDO 7794915172
expose permission exceptions to the API 2020-05-31 16:33:25 +02:00
Haocen Xu bb9a5772bc
Add resource: to script-src cspheader to allowed rendering of pdf in
Firefox
2020-05-30 05:37:35 -04:00
Steven Andrés 3f75c81a2f
fixed duplicated getKey() 2020-05-08 12:18:20 -07:00
Steven Andrés effe6ad3e5
fixed spacing to please StyleCI 2020-05-08 11:37:21 -07:00
Steven Andrés 8fbdb69d8a
added check for null whitelist 2020-05-08 11:36:19 -07:00
Steven Andrés d847e2fcf2
alignment 2020-05-07 16:46:31 -07:00
Steven Andrés c152f85b50
removed $remoteip that the audit didn't like 2020-05-07 16:45:24 -07:00
Steven Andrés 819d25a74c
change to whitelist_paste_creation 2020-05-07 16:13:25 -07:00
Steven Andrés ef9780707a
Update lib/Controller.php
Co-authored-by: rugk <rugk+git@posteo.de>
2020-05-07 15:54:13 -07:00
Steven Andrés 9ca041fa06
Update lib/Controller.php
Co-authored-by: rugk <rugk+git@posteo.de>
2020-05-07 15:53:56 -07:00
Steven Andrés 9327c9b58b
added whitelist check 2020-05-05 14:18:52 -07:00
Steven Andrés 5644001c53
added "whitelist" under [traffic] 2020-05-05 14:17:15 -07:00
El RIDO 9914c37683
incrementing version 2020-03-22 06:44:04 +01:00
El RIDO afd82ac34d
Merge branch 'master' into php7.4-ci 2020-02-16 13:23:11 +01:00
El RIDO adece1d784
incrementing version 2020-02-16 11:15:51 +01:00
El RIDO 5d54006c9e
update minimum required PHP version to 5.6 and replace slowEquals() with native hash_equals() function 2020-02-05 19:30:14 +01:00
El RIDO 1b206e8495
ensuring consistent use of php side encoding, testing all encoding cases, correctly report the language in the <html> tag 2020-02-01 09:15:14 +01:00
El RIDO cc0920fc09
add HTML entity encoding to PHP translation logic, remove exception to allow <br/> tags in DOMpurify by eliminating the single case that made use of it 2020-02-01 08:46:59 +01:00
El RIDO ed590ee557
incrementing version 2020-01-08 19:31:06 +01:00
El RIDO 0efe6f7a8e
simplify logic, fullfills the unit test 2019-12-25 08:11:25 +01:00
Lucas Savva 7d9ec9509b Handle previously renamed CONFIG_PATH gracefully 2019-12-24 19:12:08 +00:00
Lucas Savva d5d13fa831 Add logic to rename insecure CONFIG_PATH 2019-12-24 18:51:47 +00:00
Lucas Savva b5c86e290f squashme: fix code style issue 2019-12-20 10:42:59 +00:00
Lucas Savva 6b0468ebff Add support for a CONFIG_PATH variable 2019-12-19 23:06:32 +00:00
El RIDO 8cf0c86ebb
simplify case statement, update documentation 2019-11-02 17:18:22 +01:00
Andriy Zhuk 65b7077756 Added plural rules for ukrainian 2019-10-18 12:31:40 +03:00
El RIDO 2d4edfe401
incrementing version number in preparation of release 2019-09-22 19:42:04 +02:00
El RIDO d5aeba60ca
increase default size limit to 10 MiB, documenting change 2019-09-20 07:04:26 +02:00
El RIDO 5c0012cf51
adding database migration to increase data to MEDIUMBLOB on MySQL by default 2019-09-20 06:57:54 +02:00
El RIDO 7c61f59dcd
removing untranslated string for non-human entities, moving insecure notice to template, so it can remains translated 2019-09-19 19:14:48 +02:00
Haocen Xu ab75b183fb
Fix click on new paste on clone paste editing view not removing custom
attachment

Fix cloning paste with attachment

Update CSP in sample and default configuration

Ensure clone paste also clone format

Fix clone button hiding logic when paste is burn after read

Remove attachment name when new paste clicked on

Enable file operation only when editing
2019-08-25 02:16:58 -04:00
El RIDO b0d1a3949e
add bulgarian to the supported languages 2019-07-11 16:50:32 +02:00
El RIDO 07018e5876
incrementing version number in preparation of release 2019-07-08 18:35:34 +02:00
El RIDO 11375a4f59
moved referrer policy from CSP & meta to proper HTTP header to avoid browser console error message about unknown CSP header and to ensure it always applies before HTML is parsed, fixes #196 2019-06-27 20:31:10 +02:00
El RIDO c2e060d464
made compression configurable, fixes #38 2019-06-23 19:45:40 +02:00
El RIDO 848d3563f4
making StyleCI & Scrutinizer happy 2019-06-23 16:10:05 +02:00
El RIDO 8dc9db90c9
added translation for Czech, provided by @info-path, fixes #424 2019-06-23 12:06:36 +02:00
El RIDO 42c2003220
made notice configurable, fixing a few CSS glitches 2019-06-17 21:40:37 +02:00
El RIDO 4d6897f063
increasing minimum PHP version to 5.5 as this is required by the yzalis/identicon library upgrade to version 1.2.0 2019-06-16 10:50:52 +02:00
El RIDO 362045c664
re-add data-URLs to CSP for img-src, as these are used for the comment icons 2019-06-16 07:06:58 +02:00
El RIDO f915af1a5a
adjust CSP header to allow blob URLs 2019-06-15 09:36:09 +02:00
El RIDO a459c4692c
correcting API use, avoid history glitch 2019-06-01 23:49:40 +02:00
El RIDO 398fabd664
Chrome requires unsafe-eval for it to parse and evaluate WASM modules 2019-05-20 18:29:37 +02:00
El RIDO 12a9b2ff8e
address Scrutinizer issues with the use of getParams method 2019-05-19 10:13:47 +02:00
El RIDO 1baa1c2b0a
fixing API doc issue found by Scrutinizer 2019-05-19 10:05:04 +02:00
El RIDO 800a0df8e3
apply StyleCI patch 2019-05-19 10:01:41 +02:00
El RIDO 909ff2daa7
handle scrutinizer issues (mostly changes in API documentation) 2019-05-19 09:42:55 +02:00
El RIDO 09162a3c57
fix display of v2 pastes in JS, fixing parsing of comments in PHP, avoid exposing expiration date (we provide time_to_live, would allow calculation of creation date of paste) 2019-05-15 07:44:03 +02:00