Commit Graph

309 Commits

Author SHA1 Message Date
El RIDO e418b083e8
Merge branch 'master' into webcrypto 2019-01-22 20:11:42 +01:00
rugk 34c64acb75
Apply StyleCi recommendation 2019-01-22 00:14:31 +01:00
rugk 7cb942aca3
Make PHP paste ID function more robust 2019-01-21 23:19:41 +01:00
rugk 541fff199a
Put PHP paste request into own function 2019-01-21 23:06:25 +01:00
El RIDO 79a858f176
extracting only the 16 hex characters of the query string as paste ID, addressing #396 2019-01-20 12:20:37 +01:00
El RIDO cde96d8f24
fixing bug in jsonld processing with certain URL paths 2018-12-17 19:42:26 +01:00
El RIDO 9ce41022cf
correcting namespaces 2018-11-19 13:09:34 +01:00
El RIDO b5ebc4a3d7
incrementing version 2018-08-11 19:29:58 +02:00
El RIDO a5e8eeaaf9
StyleCI: Obey the alphabet #342 2018-07-29 16:15:52 +02:00
El RIDO 4a35428499
cleanup of PurgeLimiter #342 2018-07-29 16:05:57 +02:00
El RIDO 3470dcd9a8
more compact ServerSalt #342 2018-07-29 15:50:36 +02:00
El RIDO 5db3412b69
cleanup of TrafficLimiter #342 2018-07-29 15:43:28 +02:00
El RIDO f9c8441edb
renaming controller #342 2018-07-29 15:17:35 +02:00
El RIDO 720897b902 correct CSP to allow password prompt 2018-07-21 06:45:09 +00:00
El RIDO cfe60db8fd
increment version number 2018-07-01 13:11:32 +02:00
El RIDO 6225a8ef16
updating translators in credits 2018-06-11 20:29:47 +02:00
El RIDO 9a0318517b
correct PHPdoc, fixes #264 2018-05-27 15:18:25 +02:00
El RIDO d6f203dc4c
Removed option to hide clone button on expiring pastes, since this requires reading the paste for rendering the template, which leaks information on the pastes state 2018-05-27 15:05:31 +02:00
El RIDO 05c1776ada
ensure ALL read errors are only exposed in the JSON API to avoid information leakage (i.e. beviour for deleted vs expired pastes), updated test cases & removed duplicate test 2018-05-27 14:36:30 +02:00
El RIDO caf87cc6f1
Merge branch 'master' into burnafterreading-fix, regression in expired paste error 2018-04-30 20:01:38 +02:00
El RIDO 2c82279292
Merge branch 'attachment-handling' of https://github.com/thororm/PrivateBin into thororm-attachment-handling
apart from resolving conflicts:
- added missing docs
- inlined functions that were used in only one location
- updated unit test to support all previews
- fixed a regression that displayed the preview even when there was no preview and too early
2018-04-29 11:57:03 +02:00
rugk 9c132cd839
Disallow form-action in CSP to limit outgoing connections
See https://github.com/PrivateBin/PrivateBin/issues/272
2018-01-06 18:06:06 +01:00
El RIDO 3bca559826
moving access to into Request class 2018-01-06 10:27:58 +01:00
rugk 414ab0eb71
Add config and basic page template support
* load JS file asyncronously (just HTML5 async attribut)
* add basic support for page template, where it generates the code inside
  of a simple div at the top
* added option to turn off QR code support
2017-12-25 14:59:15 +01:00
El RIDO 86ecdb1155
fixing post increment 2017-11-13 22:15:14 +01:00
El RIDO 502e96c129
StyleCI recommendations 2017-10-08 19:23:33 +02:00
El RIDO a5d5f6066a
refactoring as recommended by Scrutinizer 2017-10-08 19:16:09 +02:00
El RIDO 9f26894b2e
PHP < 5.6 compatibility and StyleCI recommendations 2017-10-08 17:10:51 +02:00
El RIDO 4f06feef81
implemented JSON file conversion on purge and storage in PHP files for data leak protection 2017-10-08 16:59:31 +02:00
El RIDO 4ded4b7f8c
adding correct HTTP error to response, as per @rugk's recommentation 2017-10-08 16:43:46 +02:00
El RIDO dbfb1e83ba
removing dead code 2017-10-08 16:43:10 +02:00
El RIDO 62f0b95377
making StyleCI happy 2017-10-08 16:42:43 +02:00
El RIDO 6e8eafe129
implemented INI cenversion functionality 2017-10-08 16:42:11 +02:00
El RIDO 6fa2bfe30e
updated documentation, incremented version 2017-10-08 16:40:51 +02:00
rugk f037967820
changes the file extension to php and adds a small one-liner to stop PHP from presenting the file to any website visitor
Signed-off-by: El RIDO <elrido@gmx.net>
2017-10-08 16:25:48 +02:00
thororm 23f5dfbff8 Merge remote-tracking branch 'remotes/thororm/master' into attachment-handling
# Conflicts:
#	tpl/bootstrap.php
#	tpl/page.php
2017-05-13 19:48:25 +02:00
rugk 283873d89a
Fix stupid copy&paste error 2017-04-13 10:52:48 +02:00
rugk 9b6748c54d
Adjust requested changes 2017-04-13 10:46:09 +02:00
El RIDO f54036976a
added instantburnafterreading option to address #174 2017-04-11 17:23:26 +02:00
rugk 183ebe518b
Force JSON request for getting paste data 2017-04-11 16:34:13 +02:00
thororm 096f07f86e Merge branch 'master' into attachment-handling
# Conflicts:
#	js/privatebin.js
#	tpl/bootstrap.php
#	tpl/page.php
2017-04-02 13:30:52 +02:00
El RIDO bbcc3e167b
implementing recommendations of scrutinizer 2017-03-25 00:58:59 +01:00
El RIDO 9b2af0abf5
fixing documentation 2017-03-24 23:54:37 +01:00
El RIDO 18315e7de0
removing unused class 2017-03-24 23:45:10 +01:00
El RIDO f7853cf439
removing duplicate code, cleanup of temporary test files 2017-03-24 23:42:11 +01:00
El RIDO ce92bfa934
updated .htaccess format, refactored .htaccess creation logic and improving code coverage, fixes #194 2017-03-24 21:30:08 +01:00
El RIDO 88b02d866e
fixes #186 for good 2017-03-24 19:20:34 +01:00
El RIDO be0919893d
updating shipped .htaccess files for Apache 2.4 as per https://httpd.apache.org/docs/2.4/upgrading.html#access - Thanks @EchoDev, fixes #194 2017-03-11 08:56:14 +01:00
El RIDO 823adb78ef
bumping required PHP to 5.4, removing unneccessary code, resolves #186 2017-03-05 11:22:24 +01:00
El RIDO 23b09d601d
credited Tulio for the portuguese translation, updated SRI hashes 2017-03-05 11:02:18 +01:00
El RIDO db307c3a77
updated test cases and delete logic to properly implement documented API, thanks @r4sas #188 2017-02-22 21:42:14 +01:00
thororm 4cb0ce5114 Removed self from cspheader
Refactored some variable names
2017-02-13 20:37:57 +01:00
thororm faf596aeb7 Added preview for
- Video (HTML5)
- Audio (HTML5)
- PDF (Browser capabilities)
attachment.
Added drag & drop functionality
Added attachment preview to preview before submitting
2017-02-12 15:35:37 +01:00
rugk e9b10f9e2d
Add CSP sandbox
Fixes https://github.com/PrivateBin/PrivateBin/issues/168

Alos needed to run some Composer stuff, no idea why my diff was different.
2017-02-01 18:34:13 +01:00
El RIDO a7de0e095b
added supported language, updated credits and changelog 2017-01-10 20:37:14 +01:00
El RIDO 67f6c4eb61
turned bootstrap template variants into logic 2017-01-08 10:02:07 +01:00
El RIDO f79c00378b
Choosing correct Occitan plural formula, added unit tests for Occitan and Chinese, corrected casing of languages in unit test 2017-01-08 07:56:56 +01:00
El RIDO a5d91298ff
add an option to change the site name, solves #154 2017-01-01 16:33:11 +01:00
El RIDO 4a036aea80
updated SRI hashes, added missing formula for slowene plurals and unit test for it, updated credits and changelog 2017-01-01 14:35:39 +01:00
El RIDO 1426d4e371
tagging 1.1 release and updating documentation 2016-12-26 12:13:50 +01:00
El RIDO f6b8ee3e20
add missing check for non-expiring pastes, fixes #149 2016-12-25 12:15:29 +01:00
El RIDO ecd8a51137
writing a unit test for #145 lead to the discovery of two errors in the polish translations: error in formula and missing number placeholders in the translation strings 2016-12-25 11:37:45 +01:00
atnaguzin bbcc53f08e StyleCI fix 2016-12-16 12:25:10 +03:00
R4SAS ccba2f029f added ru plural formula 2016-12-16 12:15:37 +03:00
rugk da10a761c4
Fix more typos 2016-12-12 18:50:00 +01:00
rugk 61ee0ef7d3
Fix typos 2016-12-12 18:49:08 +01:00
rugk 658d5ae84d
Fix style-ci errors 2016-12-12 18:43:23 +01:00
El RIDO 1f46823942
applying patch based on StyleCI ruleset 2016-10-29 10:24:08 +02:00
El RIDO 8cfcf1c9f5
Adding HTTP headers to address certain XSS attacks, resolves #91 2016-09-18 11:29:37 +02:00
rugk 1a159c973f
Prevent referrer to be send
Uses both CSP and Referrer-Policy
Fixes #96
2016-09-03 18:12:24 +02:00
rugk b7184b92a3 Fix csp config unit tests 2016-08-27 14:47:21 +02:00
rugk b11866a63b Allow manifest loading via CSP (2) 2016-08-27 00:02:50 +02:00
El RIDO a13266a784 ensure the server salt path is initialized, instead of relying on the default 2016-08-25 15:02:38 +02:00
El RIDO e925833090 bumping version number to 1.0 2016-08-25 09:53:31 +02:00
El RIDO 6aba39488f adding check for PATH ending in DIRECTORY_SEPARATOR, fixes #86 2016-08-22 09:46:26 +02:00
El RIDO f72e260ee7 adding subresource integrity hashes for all javascript includes, resolves #6 2016-08-16 11:11:03 +02:00
rugk 75cb771e4b Merge branch 'master' into prng, resolve merge conflicts 2016-08-15 18:15:57 +02:00
El RIDO 72aac25f68 added configuration for PHP Coding Standards Fixer, including its fixes, resolving #47 2016-08-15 16:45:47 +02:00
rugk 8038fde29d Revert #44
Scrutinizer-ci confirmed the detection of this was a false-positive, so we can remove this workaround.
They added it to their internal issue tracker.
2016-08-12 18:30:14 +02:00
El RIDO 0a628e83c1 Merge pull request #59 from PrivateBin/52-identicons
Implementation of Identicons library
2016-08-12 12:22:20 +02:00
El RIDO ca66653d0c applying: php-cs-fixer fix lib/ --level=psr2 2016-08-11 15:05:43 +02:00
El RIDO 6cb7454d07 Added tests for JSON errors, should help us figure out the cause of the problem in #11 2016-08-11 14:41:52 +02:00
rugk bea9a577a6 Use better random number generator #29 2016-08-10 23:15:06 +02:00
El RIDO c237337cd2 some minor whitespace improvements detected by scrutinizer 2016-08-10 18:22:28 +02:00
El RIDO 3988b860b0 implemented Identicon library as new default for comment icons, made Vizhash an optional alternative, refactored Vizhash and removed string lenghtening 2016-08-10 17:41:46 +02:00
El RIDO 1ef28d7a5c minor fixes, typos 2016-08-10 15:03:06 +02:00
El RIDO addb666a23 introducing CSP header to mitigate XSS attacks, closes #10 2016-08-09 14:46:32 +02:00
El RIDO 5b7b234821 doc bloc corrections 2016-08-09 13:07:11 +02:00
El RIDO c2efe2e609 some optimization 2016-08-09 12:45:26 +02:00
El RIDO 3fa0881c07 updated documentation, small cleanups 2016-08-09 12:21:32 +02:00
El RIDO b45bef8388 Renamed classes for full PSR-2 compliance, some cleanup 2016-08-09 11:54:42 +02:00
Sobak 5d7003ecc1 Convert to PSR-2 coding style (using phpcs-fixer) 2016-07-26 08:19:35 +02:00
Sobak 884310add6 Oficially bump minimal PHP version to 5.3.0 2016-07-26 08:06:40 +02:00
Simon Rupf d14eb0efe4 fixing configuration and its test to match the new namespaces 2016-07-25 11:02:39 +02:00
Sobak b1305beb0f Improve workaround for keeping config file format BC 2016-07-22 15:31:42 +02:00
Sobak 54f96b9938 Introduce PSR-4 autoloading 2016-07-22 12:11:48 +02:00
El RIDO 9a9362789b addressing issues with failed attachement uploads due to webserver configuration, resolves #15 2016-07-19 15:26:41 +02:00
El RIDO 002046cc62 some minor cleanups 2016-07-19 14:44:17 +02:00
El RIDO be4c845129 Merge branch 'master' of github.com:PrivateBin/PrivateBin 2016-07-19 14:02:45 +02:00
El RIDO c5606a47fe refactoring away RainTPL and templating, resolves #36 2016-07-19 14:02:26 +02:00
rugk 38ab755733 Replace HTTP links with HTTPS
Using this regexp: https://regex101.com/r/rZ2dE2/1
2016-07-19 13:56:52 +02:00
El RIDO 03306dabff using TEXT data type for PostgreSQL instead of BLOB, hopefully resolves #8 2016-07-18 15:55:51 +02:00
El RIDO e7dde4d212 cleaning REQUEST_URI for good measure 2016-07-18 15:21:32 +02:00
El RIDO e1d6db88a1 Merge pull request #44 from PrivateBin/rugk-itBugsMe
Change array used for language selection
2016-07-18 15:15:41 +02:00
El RIDO afaa111d22 code style 2016-07-18 15:13:56 +02:00
El RIDO b53efda635 improving code coverage and unit testing 2016-07-18 14:47:32 +02:00
rugk 2e863e3ed9 Search key first
Looks a bit complicated, but well...
2016-07-18 13:25:41 +02:00
rugk 80e9d75477 Remove unnecessary array
Now it is right...
2016-07-18 13:12:54 +02:00
rugk 19d5659a8f Change array
https://github.com/PrivateBin/PrivateBin/issues/41

Not tested locally, let's say what Travis says... 😄
2016-07-18 13:11:15 +02:00
El RIDO ff0c55c0d6 introduce option to disable vizhash for paranoid admins, resolves #20 point 2.4 2016-07-18 10:14:38 +02:00
El RIDO f8bc40b4e4 introducing automatic purging of expired pastes, triggered by default at least 5 minutes apart, deleting a maximum of 10 pastes - resolves #3 2016-07-15 17:02:59 +02:00
El RIDO 4d10fd9690 fixing support for pre renaming configuration file format, resolves #37 2016-07-13 09:41:45 +02:00
El RIDO 90a26d8fcb removing some code smells, found in the various code checker tools 2016-07-11 15:47:42 +02:00
El RIDO c33c50f775 using table name sanitation function to ensure no weird characters are used by accident (e.g. by oddly configured table prefix) 2016-07-11 14:33:45 +02:00
El RIDO 3b3b5277eb refactoring to improve code quality 2016-07-11 14:15:20 +02:00
El RIDO 79509ad48a renaming the fork to PrivateBin 2016-07-11 11:58:15 +02:00
El RIDO b8080acc78 fixing an unhandled case found with scrutinizer-ci 2016-07-06 14:58:06 +02:00
El RIDO c13caee981 fixing some documentation issues detected by scrutinizer-ci 2016-07-06 14:12:14 +02:00
El RIDO 0e217a42c5 introduce new zerobincompatibility option, replacing the base64 one, if it is enabled, delete tokens use sha256; added per paste salt with server salt fallback; this resolves the points 2.2 & 2.9 in #103 2016-07-06 11:37:13 +02:00
El RIDO 6b0b814dc6 removing leftover from previously using a different function, resolves #83 2016-07-06 09:41:07 +02:00
El RIDO 5980f8b603 removing some unused code detected by codacy 2016-07-04 20:46:45 +02:00
rugk fd5a7a07ae Soft fail for chmod errors 2016-06-22 18:08:25 +02:00
rugk 54f1cb9d34 Only protect file if it was written 2016-06-21 21:47:03 +02:00
rugk 8a48e9ce78 Set permissions when saving files
Fixes https://github.com/elrido/ZeroBin/issues/80
2016-06-21 17:18:11 +02:00
rugk 1a1818660d Missing space 2016-05-12 20:07:58 +02:00
El RIDO 4918bef4dc Although there usually are no plurals in chinese, there's an exception
for words related to persons, when not preceeded by a numeric word.

Sources:
- http://localization-guide.readthedocs.org/en/latest/l10n/pluralforms.html#f3
- https://answers.yahoo.com/question/index?qid=20110606153553AAAW5zX
2016-04-26 20:21:30 +02:00
El RIDO 3a92c940a9 implementing media type negotiation (based on language negotiation
logic) in cases both JSON and (X)HTML are being requested, resolving #68
2016-04-08 23:29:44 +02:00
El RIDO a4ebdbc606 re-introducing (optional) URL shortener support, resolves #58 2016-01-31 09:56:06 +01:00
El RIDO 09dd79dbc7 switching to SHA256 HMAC of IPs in traffic limiter, resolves #57 2015-12-22 20:58:23 +01:00
Mihail Fedorov a13ad6368f MD5 instead of IP 2015-12-22 06:02:41 +03:00
El RIDO 24a4328c55 incrementing version, updating changelog, added missing phpdoc comments 2015-11-09 21:39:42 +01:00
El RIDO 42a9c92b5e improved database backend support for larger files (100 KiB - 16 MiB),
introduced database versioning to reduce amount of checks done per
request
2015-11-01 17:02:20 +01:00
El RIDO d42975580a expire_options and formatter_options should not be filled up with
default values, resolves #52
2015-10-24 08:44:17 +02:00
El RIDO 176dff3b70 renaming config file to make updates easier, resolving #50 2015-10-22 21:13:15 +02:00
El RIDO e3f4aa982c adding configuration option to set a default language and/or force it,
resolves #39
2015-10-18 20:38:07 +02:00
El RIDO ca07398b66 adding option to hide clone button on expiring pastes, resolves #34 2015-10-18 17:56:45 +02:00
El RIDO 14d08ec56d working on JSON-LD validity, added CORS headers preparing external API
call support
2015-10-18 14:37:58 +02:00
El RIDO 22d0b1ec22 updating comment format to match defined JSON-LD API context 2015-10-18 11:38:48 +02:00
El RIDO f21567133c changing paste read output for API refactoring 2015-10-18 11:08:28 +02:00
El RIDO b92b38cee8 found and resolved issues in database layer, thanks to report in #42 2015-10-16 23:13:36 +02:00
El RIDO 2e3bacb699 fixing deletion issue in request refactoring, starting work on API read
refactoring
2015-10-15 22:04:57 +02:00
El RIDO 512b3d1172 fixing "missing" comments when they were posted during the same second 2015-10-12 21:07:41 +02:00
El RIDO 1d6cfb7f3b refactoring delete API, added external JSON-LD context 2015-10-11 21:22:00 +02:00
El RIDO 9e6e29bc93 working on API: simplifying PUT request mocking 2015-10-11 18:50:48 +02:00
El RIDO e5b096ed8c found and fixed a bug when using expiration together with discussion 2015-10-03 17:54:18 +02:00
El RIDO add980d36f adding UI tests for database configuration, fixed an issue with comment
table creation
2015-10-03 15:52:37 +02:00
El RIDO 7ec94e0db5 implementing request refactoring, beginning JS changes for JSON API, but
discovered that DELETE and PUT are not available on all webservers by
default
2015-09-27 20:34:39 +02:00
El RIDO 6b7dc44039 preparing unit test for request object 2015-09-27 15:37:17 +02:00
El RIDO ce3f10f143 improving unit tests, fixing regression in DB model 2015-09-27 14:36:20 +02:00
El RIDO 694138c5d4 mostly finished with data model refactoring 2015-09-27 03:03:55 +02:00