From d2e9e47b673f272772a8c2c0ca6736eca083050c Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sat, 29 Feb 2020 08:45:56 +0100 Subject: [PATCH 01/13] refactor switch into nested if/else, to improve readability - no functional change --- js/privatebin.js | 78 ++++++++++++++++++++++++----------------------- tpl/bootstrap.php | 2 +- tpl/page.php | 2 +- 3 files changed, 42 insertions(+), 40 deletions(-) diff --git a/js/privatebin.js b/js/privatebin.js index e76bf98c..d2b85448 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -2422,52 +2422,54 @@ jQuery.PrivateBin = (function($, RawDeflate) { return; } - // escape HTML entities, link URLs, sanitize - const escapedLinkedText = Helper.urls2links(text), - sanitizedLinkedText = DOMPurify.sanitize( - escapedLinkedText, { - ALLOWED_TAGS: ['a'], - ALLOWED_ATTR: ['href', 'rel'] - } - ); - $plainText.html(sanitizedLinkedText); - $prettyPrint.html(sanitizedLinkedText); + if (format === 'markdown') { + const converter = new showdown.Converter({ + strikethrough: true, + tables: true, + tablesHeaderId: true, + simplifiedAutoLink: true, + excludeTrailingPunctuationFromURLs: true + }); + // let showdown convert the HTML and sanitize HTML *afterwards*! + $plainText.html( + DOMPurify.sanitize( + converter.makeHtml(text) + ) + ); + // add table classes from bootstrap css + $plainText.find('table').addClass('table-condensed table-bordered'); + } else { + // escape HTML entities, link URLs, sanitize + const escapedLinkedText = Helper.urls2links(text); + let sanitizeLinkedText = '', + sanitizerConfiguration = {}; - switch (format) { - case 'markdown': - const converter = new showdown.Converter({ - strikethrough: true, - tables: true, - tablesHeaderId: true, - simplifiedAutoLink: true, - excludeTrailingPunctuationFromURLs: true - }); - // let showdown convert the HTML and sanitize HTML *afterwards*! - $plainText.html( - DOMPurify.sanitize( - converter.makeHtml(text) - ) - ); - // add table classes from bootstrap css - $plainText.find('table').addClass('table-condensed table-bordered'); - break; - case 'syntaxhighlighting': + if (format === 'syntaxhighlighting') { // yes, this is really needed to initialize the environment if (typeof prettyPrint === 'function') { prettyPrint(); } - $prettyPrint.html( - DOMPurify.sanitize( - prettyPrintOne(escapedLinkedText, null, true) - ) + sanitizeLinkedText = prettyPrintOne( + escapedLinkedText, null, true ); - // fall through, as the rest is the same - default: // = 'plaintext' - $prettyPrint.css('white-space', 'pre-wrap'); - $prettyPrint.css('word-break', 'normal'); - $prettyPrint.removeClass('prettyprint'); + } else { + // = 'plaintext' + sanitizeLinkedText = escapedLinkedText; + sanitizerConfiguration = { + ALLOWED_TAGS: ['a'], + ALLOWED_ATTR: ['href', 'rel'] + }; + } + $prettyPrint.html( + DOMPurify.sanitize( + sanitizeLinkedText, sanitizerConfiguration + ) + ); + $prettyPrint.css('white-space', 'pre-wrap'); + $prettyPrint.css('word-break', 'normal'); + $prettyPrint.removeClass('prettyprint'); } } diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php index faaa9779..843dc6a7 100644 --- a/tpl/bootstrap.php +++ b/tpl/bootstrap.php @@ -72,7 +72,7 @@ endif; ?> - + diff --git a/tpl/page.php b/tpl/page.php index 8dc9c0d9..c976ce2f 100644 --- a/tpl/page.php +++ b/tpl/page.php @@ -50,7 +50,7 @@ endif; ?> - + From 5340f417e07fdfdab2f91f5171f4f992bc763a73 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sat, 29 Feb 2020 09:37:54 +0100 Subject: [PATCH 02/13] in Helper.urls2links(), encode HTML entities, find and insert links, partially decoding only the href property of it --- js/privatebin.js | 23 +++++++++++++++++++---- js/test/Helper.js | 11 ++++------- tpl/bootstrap.php | 2 +- tpl/page.php | 2 +- 4 files changed, 25 insertions(+), 13 deletions(-) diff --git a/js/privatebin.js b/js/privatebin.js index d2b85448..9e2b0ee2 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -297,10 +297,25 @@ jQuery.PrivateBin = (function($, RawDeflate) { */ me.urls2links = function(html) { - return html.replace( - /(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]*>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig, - '$1' - ); + let reverseEntityMap = {}; + for (let entity of ['&', '"', '/', '=']) { + reverseEntityMap[entityMap[entity]] = entity; + } + const entityRegex = new RegExp(Object.keys(reverseEntityMap).join('|'), 'g'); + + // encode HTML entities, find and insert links, partially decoding only the href property of it + return me.htmlEntities(html) + .replace( + /(((https?|ftp)://[\w?!&.-;#@~%+*-]+(?![\w\s?!&.;#~%-]*>))|((magnet):[\w?&.-;#@~%+*-]+))/ig, + function(encodedUrl) { + let decodedUrl = encodedUrl.replace( + entityRegex, function(entity) { + return reverseEntityMap[entity]; + } + ); + return '' + encodedUrl + ''; + } + ) }; /** diff --git a/js/test/Helper.js b/js/test/Helper.js index dd38e3c4..a884eee2 100644 --- a/js/test/Helper.js +++ b/js/test/Helper.js @@ -81,7 +81,7 @@ describe('Helper', function () { 'ignores non-URL content', 'string', function (content) { - return content === $.PrivateBin.Helper.urls2links(content); + return $.PrivateBin.Helper.htmlEntities(content) === $.PrivateBin.Helper.urls2links(content); } ); jsc.property( @@ -95,8 +95,7 @@ describe('Helper', function () { function (prefix, schema, address, query, fragment, postfix) { query = query.join(''); fragment = fragment.join(''); - prefix = $.PrivateBin.Helper.htmlEntities(prefix); - postfix = ' ' + $.PrivateBin.Helper.htmlEntities(postfix); + postfix = ' ' + postfix; let url = schema + '://' + address.join('') + '/?' + query + '#' + fragment; // special cases: When the query string and fragment imply the beginning of an HTML entity, eg. � or &#x @@ -109,7 +108,7 @@ describe('Helper', function () { postfix = ''; } - return prefix + '' + url + '' + postfix === $.PrivateBin.Helper.urls2links(prefix + url + postfix); + return $.PrivateBin.Helper.htmlEntities(prefix) + '' + $.PrivateBin.Helper.htmlEntities(url) + '' + $.PrivateBin.Helper.htmlEntities(postfix) === $.PrivateBin.Helper.urls2links(prefix + url + postfix); } ); jsc.property( @@ -118,10 +117,8 @@ describe('Helper', function () { jsc.array(common.jscQueryString()), 'string', function (prefix, query, postfix) { - prefix = $.PrivateBin.Helper.htmlEntities(prefix); - postfix = $.PrivateBin.Helper.htmlEntities(postfix); let url = 'magnet:?' + query.join('').replace(/^&+|&+$/gm,''); - return prefix + '' + url + ' ' + postfix === $.PrivateBin.Helper.urls2links(prefix + url + ' ' + postfix); + return $.PrivateBin.Helper.htmlEntities(prefix) + '' + $.PrivateBin.Helper.htmlEntities(url) + ' ' + $.PrivateBin.Helper.htmlEntities(postfix) === $.PrivateBin.Helper.urls2links(prefix + url + ' ' + postfix); } ); }); diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php index 843dc6a7..ba47c27a 100644 --- a/tpl/bootstrap.php +++ b/tpl/bootstrap.php @@ -72,7 +72,7 @@ endif; ?> - + diff --git a/tpl/page.php b/tpl/page.php index c976ce2f..9d66a861 100644 --- a/tpl/page.php +++ b/tpl/page.php @@ -50,7 +50,7 @@ endif; ?> - + From f05e5c2e2988ae1e86b981bceaa03fdb8fa2a1a0 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sun, 1 Mar 2020 16:14:19 +0100 Subject: [PATCH 03/13] documenting change --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2e95452c..91936c8b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ * **1.4 (not yet released)** * CHANGED: Minimum required PHP version is 5.6, due to a change in the identicon library and to use php's native hash_equals() * CHANGED: Upgrading libraries to: identicon 2.0.0 + * FIXED: Support custom expiration options in email function (#586) * **1.3.3 (2020-02-16)** * CHANGED: Upgrading libraries to: DOMpurify 2.0.8 * CHANGED: Several translations got updated with missing messages From 0564c0e62e56e6b1113bd247a3df7b633800bc66 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Fri, 6 Mar 2020 20:46:51 +0100 Subject: [PATCH 04/13] fixing 'The provided fixer 'method_argument_space' cannot be disabled unless it was already enabled by your preset.' --- .styleci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.styleci.yml b/.styleci.yml index 238f41a4..63dc73dd 100644 --- a/.styleci.yml +++ b/.styleci.yml @@ -17,7 +17,6 @@ disabled: - concat_without_spaces - declare_equal_normalize - heredoc_to_nowdoc - - method_argument_space - new_with_braces - no_alternative_syntax - phpdoc_align From 33bb0c6bd6e5bee609829e1cc5ef9b1a36f89868 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Fri, 6 Mar 2020 20:50:19 +0100 Subject: [PATCH 05/13] trying to recreate former StyleCI behaviour in changed preset --- .styleci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.styleci.yml b/.styleci.yml index 63dc73dd..9c2c76ce 100644 --- a/.styleci.yml +++ b/.styleci.yml @@ -17,6 +17,7 @@ disabled: - concat_without_spaces - declare_equal_normalize - heredoc_to_nowdoc + - method_argument_space_strict - new_with_braces - no_alternative_syntax - phpdoc_align From 8a6dcf910a17c9458e458d26f266cea82b9b45f7 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Fri, 6 Mar 2020 20:57:15 +0100 Subject: [PATCH 06/13] Revert "in Helper.urls2links(), encode HTML entities, find and insert links, partially decoding only the href property of it" This reverts commit 5340f417e07fdfdab2f91f5171f4f992bc763a73. --- js/privatebin.js | 23 ++++------------------- js/test/Helper.js | 11 +++++++---- tpl/bootstrap.php | 2 +- tpl/page.php | 2 +- 4 files changed, 13 insertions(+), 25 deletions(-) diff --git a/js/privatebin.js b/js/privatebin.js index 9e2b0ee2..d2b85448 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -297,25 +297,10 @@ jQuery.PrivateBin = (function($, RawDeflate) { */ me.urls2links = function(html) { - let reverseEntityMap = {}; - for (let entity of ['&', '"', '/', '=']) { - reverseEntityMap[entityMap[entity]] = entity; - } - const entityRegex = new RegExp(Object.keys(reverseEntityMap).join('|'), 'g'); - - // encode HTML entities, find and insert links, partially decoding only the href property of it - return me.htmlEntities(html) - .replace( - /(((https?|ftp)://[\w?!&.-;#@~%+*-]+(?![\w\s?!&.;#~%-]*>))|((magnet):[\w?&.-;#@~%+*-]+))/ig, - function(encodedUrl) { - let decodedUrl = encodedUrl.replace( - entityRegex, function(entity) { - return reverseEntityMap[entity]; - } - ); - return '' + encodedUrl + ''; - } - ) + return html.replace( + /(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]*>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig, + '$1' + ); }; /** diff --git a/js/test/Helper.js b/js/test/Helper.js index a884eee2..dd38e3c4 100644 --- a/js/test/Helper.js +++ b/js/test/Helper.js @@ -81,7 +81,7 @@ describe('Helper', function () { 'ignores non-URL content', 'string', function (content) { - return $.PrivateBin.Helper.htmlEntities(content) === $.PrivateBin.Helper.urls2links(content); + return content === $.PrivateBin.Helper.urls2links(content); } ); jsc.property( @@ -95,7 +95,8 @@ describe('Helper', function () { function (prefix, schema, address, query, fragment, postfix) { query = query.join(''); fragment = fragment.join(''); - postfix = ' ' + postfix; + prefix = $.PrivateBin.Helper.htmlEntities(prefix); + postfix = ' ' + $.PrivateBin.Helper.htmlEntities(postfix); let url = schema + '://' + address.join('') + '/?' + query + '#' + fragment; // special cases: When the query string and fragment imply the beginning of an HTML entity, eg. � or &#x @@ -108,7 +109,7 @@ describe('Helper', function () { postfix = ''; } - return $.PrivateBin.Helper.htmlEntities(prefix) + '' + $.PrivateBin.Helper.htmlEntities(url) + '' + $.PrivateBin.Helper.htmlEntities(postfix) === $.PrivateBin.Helper.urls2links(prefix + url + postfix); + return prefix + '' + url + '' + postfix === $.PrivateBin.Helper.urls2links(prefix + url + postfix); } ); jsc.property( @@ -117,8 +118,10 @@ describe('Helper', function () { jsc.array(common.jscQueryString()), 'string', function (prefix, query, postfix) { + prefix = $.PrivateBin.Helper.htmlEntities(prefix); + postfix = $.PrivateBin.Helper.htmlEntities(postfix); let url = 'magnet:?' + query.join('').replace(/^&+|&+$/gm,''); - return $.PrivateBin.Helper.htmlEntities(prefix) + '' + $.PrivateBin.Helper.htmlEntities(url) + ' ' + $.PrivateBin.Helper.htmlEntities(postfix) === $.PrivateBin.Helper.urls2links(prefix + url + ' ' + postfix); + return prefix + '' + url + ' ' + postfix === $.PrivateBin.Helper.urls2links(prefix + url + ' ' + postfix); } ); }); diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php index ba47c27a..843dc6a7 100644 --- a/tpl/bootstrap.php +++ b/tpl/bootstrap.php @@ -72,7 +72,7 @@ endif; ?> - + diff --git a/tpl/page.php b/tpl/page.php index 9d66a861..c976ce2f 100644 --- a/tpl/page.php +++ b/tpl/page.php @@ -50,7 +50,7 @@ endif; ?> - + From c11dc8e17effd30d047b0101b19742c9bd34fc28 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Fri, 6 Mar 2020 22:18:38 +0100 Subject: [PATCH 07/13] reverting Helper.urls2links() method to old style, applied to element instead of string, allows inserting plain text as text node --- js/privatebin.js | 48 ++++++++++++++++------------------------------- js/test/Helper.js | 43 ++++++++++++++++++++++++++++++++---------- tpl/bootstrap.php | 2 +- tpl/page.php | 2 +- 4 files changed, 51 insertions(+), 44 deletions(-) diff --git a/js/privatebin.js b/js/privatebin.js index d2b85448..73bdd924 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -281,7 +281,7 @@ jQuery.PrivateBin = (function($, RawDeflate) { }; /** - * convert URLs to clickable links. + * convert URLs to clickable links in the provided element. * * URLs to handle: * 
@@ -292,14 +292,15 @@ jQuery.PrivateBin = (function($, RawDeflate) {
          *
          * @name   Helper.urls2links
          * @function
-         * @param  {string} html
-         * @return {string}
+         * @param  {HTMLElement} element
          */
-        me.urls2links = function(html)
+        me.urls2links = function(element)
         {
-            return html.replace(
-                /(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]*>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
-                '$1'
+            element.html(
+                element.html().replace(
+                    /(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]*>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
+                    '$1'
+                )
             );
         };
 
@@ -2439,11 +2440,6 @@ jQuery.PrivateBin = (function($, RawDeflate) {
                 // add table classes from bootstrap css
                 $plainText.find('table').addClass('table-condensed table-bordered');
             } else {
-                // escape HTML entities, link URLs, sanitize
-                const escapedLinkedText = Helper.urls2links(text);
-                let sanitizeLinkedText = '',
-                    sanitizerConfiguration = {};
-
                 if (format === 'syntaxhighlighting') {
                     // yes, this is really needed to initialize the environment
                     if (typeof prettyPrint === 'function')
@@ -2451,22 +2447,16 @@ jQuery.PrivateBin = (function($, RawDeflate) {
                         prettyPrint();
                     }
 
-                    sanitizeLinkedText = prettyPrintOne(
-                        escapedLinkedText, null, true
+                    $prettyPrint.html(
+                        prettyPrintOne(
+                            Helper.htmlEntities(text), null, true
+                        )
                     );
                 } else {
                     // = 'plaintext'
-                    sanitizeLinkedText = escapedLinkedText;
-                    sanitizerConfiguration = {
-                        ALLOWED_TAGS: ['a'],
-                        ALLOWED_ATTR: ['href', 'rel']
-                    };
+                    $prettyPrint.text(text);
                 }
-                $prettyPrint.html(
-                    DOMPurify.sanitize(
-                        sanitizeLinkedText, sanitizerConfiguration
-                    )
-                );
+                Helper.urls2links($prettyPrint);
                 $prettyPrint.css('white-space', 'pre-wrap');
                 $prettyPrint.css('word-break', 'normal');
                 $prettyPrint.removeClass('prettyprint');
@@ -3243,14 +3233,8 @@ jQuery.PrivateBin = (function($, RawDeflate) {
             const $commentEntryData = $commentEntry.find('div.commentdata');
 
             // set & parse text
-            $commentEntryData.html(
-                DOMPurify.sanitize(
-                    Helper.urls2links(commentText), {
-                        ALLOWED_TAGS: ['a'],
-                        ALLOWED_ATTR: ['href', 'rel']
-                    }
-                )
-            );
+            $commentEntryData.text(commentText);
+            Helper.urls2links($commentEntryData);
 
             // set nickname
             if (nickname.length > 0) {
diff --git a/js/test/Helper.js b/js/test/Helper.js
index dd38e3c4..ab7638e9 100644
--- a/js/test/Helper.js
+++ b/js/test/Helper.js
@@ -81,7 +81,15 @@ describe('Helper', function () {
             'ignores non-URL content',
             'string',
             function (content) {
-                return content === $.PrivateBin.Helper.urls2links(content);
+                content = content.replace("\r", "\n").replace("\u0000", '');
+                let clean = jsdom();
+                $('body').html('
');
+                let e = $('#foo');
+                e.text(content);
+                $.PrivateBin.Helper.urls2links(e);
+                let result = e.text();
+                clean();
+                return content === result;
             }
         );
         jsc.property(
@@ -95,9 +103,12 @@ describe('Helper', function () {
             function (prefix, schema, address, query, fragment, postfix) {
                 query    = query.join('');
                 fragment = fragment.join('');
-                prefix   = $.PrivateBin.Helper.htmlEntities(prefix);
-                postfix  = ' ' + $.PrivateBin.Helper.htmlEntities(postfix);
-                let url  = schema + '://' + address.join('') + '/?' + query + '#' + fragment;
+                prefix = prefix.replace("\r", "\n").replace("\u0000", '');
+                postfix  = ' ' + postfix.replace("\r", "\n").replace("\u0000", '');
+                let url  = schema + '://' + address.join('') + '/?' + query + '#' + fragment,
+                    clean = jsdom();
+                $('body').html('
');
+                let e = $('#foo');
 
                 // special cases: When the query string and fragment imply the beginning of an HTML entity, eg. � or &#x
                 if (
@@ -108,8 +119,12 @@ describe('Helper', function () {
                     url = schema + '://' + address.join('') + '/?' + query.substring(0, query.length - 1);
                     postfix = '';
                 }
-
-                return prefix + '' + url + '' + postfix === $.PrivateBin.Helper.urls2links(prefix + url + postfix);
+                e.text(prefix + url + postfix);
+                $.PrivateBin.Helper.urls2links(e);
+                let result = e.html();
+                clean();
+                url = $('
').text(url).html();
+                return $('
').text(prefix).html() + '' + url + '' + $('
').text(postfix).html() === result;
             }
         );
         jsc.property(
@@ -118,10 +133,18 @@ describe('Helper', function () {
             jsc.array(common.jscQueryString()),
             'string',
             function (prefix, query, postfix) {
-                prefix   = $.PrivateBin.Helper.htmlEntities(prefix);
-                postfix  = $.PrivateBin.Helper.htmlEntities(postfix);
-                let url  = 'magnet:?' + query.join('').replace(/^&+|&+$/gm,'');
-                return prefix + '' + url + ' ' + postfix === $.PrivateBin.Helper.urls2links(prefix + url + ' ' + postfix);
+                prefix = prefix.replace("\r", "\n").replace("\u0000", '');
+                postfix = ' ' + postfix.replace("\r", "\n").replace("\u0000", '');
+                let url  = 'magnet:?' + query.join('').replace(/^&+|&+$/gm,''),
+                    clean = jsdom();
+                $('body').html('
');
+                let e = $('#foo');
+                e.text(prefix + url + postfix);
+                $.PrivateBin.Helper.urls2links(e);
+                let result = e.html();
+                clean();
+                url = $('
').text(url).html();
+                return $('
').text(prefix).html() + '' + url + '' + $('
').text(postfix).html() === result;
             }
         );
     });
diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php
index 843dc6a7..b511a48e 100644
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@@ -72,7 +72,7 @@ endif;
 ?>
 		
 		
-		
+		
 		
 		
 		
diff --git a/tpl/page.php b/tpl/page.php
index c976ce2f..f9b55840 100644
--- a/tpl/page.php
+++ b/tpl/page.php
@@ -50,7 +50,7 @@ endif;
 ?>
 		
 		
-		
+		
 		
 		
 		

From 7cb830e22fe8aae76498d116f20e68d0f711eeae Mon Sep 17 00:00:00 2001
From: rugk 
Date: Wed, 4 Mar 2020 11:45:56 +0100
Subject: [PATCH 08/13] It includes a change in the RegEx for URLs because that
 was broken when a & character later followed at any time after a link (even
 after a newline). (with a negative lookahead)

Test with https://regex101.com/r/i7bZ73/1

Now the RegEx does not check for _all_ chars after a link, but just for the
one following the link.
(So the lookahead is not * anymore. I guess thsi behaviour was
the expectation when it has been implemented.)
---
 js/privatebin.js  | 2 +-
 tpl/bootstrap.php | 2 +-
 tpl/page.php      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/js/privatebin.js b/js/privatebin.js
index 65b407e3..c6b98b9b 100644
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -392,7 +392,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
         {
             element.html(
                 element.html().replace(
-                    /(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]*>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
+                    /(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
                     '$1'
                 )
             );
diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php
index 1ea2686f..e9853f22 100644
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@@ -72,7 +72,7 @@ endif;
 ?>
 		
 		
-		
+		
 		
 		
 		
diff --git a/tpl/page.php b/tpl/page.php
index 935a1721..f54170e1 100644
--- a/tpl/page.php
+++ b/tpl/page.php
@@ -50,7 +50,7 @@ endif;
 ?>
 		
 		
-		
+		
 		
 		
 		

From 71c76adac4abd198dfbc4221e61c8007fd37365f Mon Sep 17 00:00:00 2001
From: El RIDO 
Date: Fri, 6 Mar 2020 23:00:48 +0100
Subject: [PATCH 09/13] addressing false positive jsverify rngState
 077c06da821594b3fe

---
 js/test/Helper.js | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/js/test/Helper.js b/js/test/Helper.js
index ab7638e9..b8f6aa21 100644
--- a/js/test/Helper.js
+++ b/js/test/Helper.js
@@ -81,7 +81,7 @@ describe('Helper', function () {
             'ignores non-URL content',
             'string',
             function (content) {
-                content = content.replace("\r", "\n").replace("\u0000", '');
+                content = content.replace(/\r/g, '\n').replace(/\u0000/g, '');
                 let clean = jsdom();
                 $('body').html('
');
                 let e = $('#foo');
@@ -103,8 +103,8 @@ describe('Helper', function () {
             function (prefix, schema, address, query, fragment, postfix) {
                 query    = query.join('');
                 fragment = fragment.join('');
-                prefix = prefix.replace("\r", "\n").replace("\u0000", '');
-                postfix  = ' ' + postfix.replace("\r", "\n").replace("\u0000", '');
+                prefix = prefix.replace(/\r/g, '\n').replace(/\u0000/g, '');
+                postfix  = ' ' + postfix.replace(/\r/g, '\n').replace(/\u0000/g, '');
                 let url  = schema + '://' + address.join('') + '/?' + query + '#' + fragment,
                     clean = jsdom();
                 $('body').html('
');
@@ -133,8 +133,8 @@ describe('Helper', function () {
             jsc.array(common.jscQueryString()),
             'string',
             function (prefix, query, postfix) {
-                prefix = prefix.replace("\r", "\n").replace("\u0000", '');
-                postfix = ' ' + postfix.replace("\r", "\n").replace("\u0000", '');
+                prefix = prefix.replace(/\r/g, '\n').replace(/\u0000/g, '');
+                postfix = ' ' + postfix.replace(/\r/g, '\n').replace(/\u0000/g, '');
                 let url  = 'magnet:?' + query.join('').replace(/^&+|&+$/gm,''),
                     clean = jsdom();
                 $('body').html('
');

From 0907ee90e3ba6fa575257681b673b5af65e7f90f Mon Sep 17 00:00:00 2001
From: El RIDO 
Date: Sat, 21 Mar 2020 16:07:11 +0100
Subject: [PATCH 10/13] documenting change

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 91936c8b..bbc81747 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,7 @@
     * CHANGED: Minimum required PHP version is 5.6, due to a change in the identicon library and to use php's native hash_equals()
     * CHANGED: Upgrading libraries to: identicon 2.0.0
     * FIXED: Support custom expiration options in email function (#586)
+    * FIXED: Regression with encoding of HTML entities (#588)
   * **1.3.3 (2020-02-16)**
     * CHANGED: Upgrading libraries to: DOMpurify 2.0.8
     * CHANGED: Several translations got updated with missing messages

From 1439bb291ffa16477e32b1b49251f090d3d4f543 Mon Sep 17 00:00:00 2001
From: El RIDO 
Date: Sat, 21 Mar 2020 16:53:55 +0100
Subject: [PATCH 11/13] allow pasting password on paste with attachment - big
 kudos @rugk for finding it! - fixes #565, fixes #595

---
 CHANGELOG.md      | 1 +
 js/privatebin.js  | 3 ++-
 tpl/bootstrap.php | 2 +-
 tpl/page.php      | 2 +-
 4 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bbc81747..48fe2653 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@
     * CHANGED: Upgrading libraries to: identicon 2.0.0
     * FIXED: Support custom expiration options in email function (#586)
     * FIXED: Regression with encoding of HTML entities (#588)
+    * FIXED: Unable to paste password on paste with attachment (#565 & #595)
   * **1.3.3 (2020-02-16)**
     * CHANGED: Upgrading libraries to: DOMpurify 2.0.8
     * CHANGED: Several translations got updated with missing messages
diff --git a/js/privatebin.js b/js/privatebin.js
index c6b98b9b..974b4c54 100644
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -3447,6 +3447,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
                 if (fadeOut === true) {
                     setTimeout(function () {
                         $comment.removeClass('highlight');
+
                     }, 300);
                 }
             };
@@ -4249,7 +4250,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
          */
         me.isAttachmentReadonly = function()
         {
-            return $attach.hasClass('hidden');
+            return createButtonsDisplayed && $attach.hasClass('hidden');
         }
 
         /**
diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php
index e9853f22..39d50493 100644
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@@ -72,7 +72,7 @@ endif;
 ?>
 		
 		
-		
+		
 		
 		
 		
diff --git a/tpl/page.php b/tpl/page.php
index f54170e1..7500ecae 100644
--- a/tpl/page.php
+++ b/tpl/page.php
@@ -50,7 +50,7 @@ endif;
 ?>
 		
 		
-		
+		
 		
 		
 		

From 9914c37683496d161d9f8c8355bc89c358b1b243 Mon Sep 17 00:00:00 2001
From: El RIDO 
Date: Sun, 22 Mar 2020 06:44:04 +0100
Subject: [PATCH 12/13] incrementing version

---
 CHANGELOG.md                            | 1 +
 INSTALL.md                              | 2 +-
 README.md                               | 2 +-
 SECURITY.md                             | 4 ++--
 css/bootstrap/privatebin.css            | 2 +-
 css/noscript.css                        | 2 +-
 css/privatebin.css                      | 2 +-
 index.php                               | 2 +-
 js/privatebin.js                        | 2 +-
 lib/Configuration.php                   | 2 +-
 lib/Controller.php                      | 4 ++--
 lib/Data/AbstractData.php               | 2 +-
 lib/Data/Database.php                   | 2 +-
 lib/Data/Filesystem.php                 | 2 +-
 lib/Filter.php                          | 2 +-
 lib/FormatV2.php                        | 2 +-
 lib/I18n.php                            | 2 +-
 lib/Json.php                            | 2 +-
 lib/Model.php                           | 2 +-
 lib/Model/AbstractModel.php             | 2 +-
 lib/Model/Comment.php                   | 2 +-
 lib/Model/Paste.php                     | 2 +-
 lib/Persistence/AbstractPersistence.php | 2 +-
 lib/Persistence/DataStore.php           | 2 +-
 lib/Persistence/PurgeLimiter.php        | 2 +-
 lib/Persistence/ServerSalt.php          | 2 +-
 lib/Persistence/TrafficLimiter.php      | 2 +-
 lib/Request.php                         | 2 +-
 lib/View.php                            | 2 +-
 lib/Vizhash16x16.php                    | 2 +-
 tpl/bootstrap.php                       | 2 +-
 tpl/page.php                            | 2 +-
 32 files changed, 34 insertions(+), 33 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 48fe2653..ae237250 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,7 @@
 # PrivateBin version history
 
   * **1.4 (not yet released)**
+  * **1.3.4 (2020-03-22)**
     * CHANGED: Minimum required PHP version is 5.6, due to a change in the identicon library and to use php's native hash_equals()
     * CHANGED: Upgrading libraries to: identicon 2.0.0
     * FIXED: Support custom expiration options in email function (#586)
diff --git a/INSTALL.md b/INSTALL.md
index 2f3900c6..93a12843 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -187,7 +187,7 @@ CREATE INDEX parent ON prefix_comment(pasteid);
 CREATE TABLE prefix_config (
     id CHAR(16) NOT NULL, value TEXT, PRIMARY KEY (id)
 );
-INSERT INTO prefix_config VALUES('VERSION', '1.3.3');
+INSERT INTO prefix_config VALUES('VERSION', '1.3.4');
 ```
 
 In **PostgreSQL**, the data, attachment, nickname and vizhash columns needs to be TEXT and not BLOB or MEDIUMBLOB.
diff --git a/README.md b/README.md
index d05a8654..d35035f0 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # [![PrivateBin](https://cdn.rawgit.com/PrivateBin/assets/master/images/preview/logoSmall.png)](https://privatebin.info/)
 
-*Current version: 1.3.3*
+*Current version: 1.3.4*
 
 **PrivateBin** is a minimalist, open source online [pastebin](https://en.wikipedia.org/wiki/Pastebin)
 where the server has zero knowledge of pasted data.
diff --git a/SECURITY.md b/SECURITY.md
index f3b02da2..1a5bf963 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -4,8 +4,8 @@
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 1.3.3   | :heavy_check_mark: |
-| < 1.3.3 | :x:                |
+| 1.3.4   | :heavy_check_mark: |
+| < 1.3.4 | :x:                |
 
 ## Reporting a Vulnerability
 
diff --git a/css/bootstrap/privatebin.css b/css/bootstrap/privatebin.css
index 7bd85f55..72e420ed 100644
--- a/css/bootstrap/privatebin.css
+++ b/css/bootstrap/privatebin.css
@@ -6,7 +6,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 body {
diff --git a/css/noscript.css b/css/noscript.css
index 3679c279..e44670f0 100644
--- a/css/noscript.css
+++ b/css/noscript.css
@@ -6,7 +6,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 /* When there is no script at all other */
diff --git a/css/privatebin.css b/css/privatebin.css
index 350d6217..a3ab5ea6 100644
--- a/css/privatebin.css
+++ b/css/privatebin.css
@@ -6,7 +6,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 /*  CSS Reset from YUI 3.4.1 (build 4118) - Copyright 2011 Yahoo! Inc. All rights reserved.
diff --git a/index.php b/index.php
index f346a598..a6d7cdf2 100644
--- a/index.php
+++ b/index.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 // change this, if your php files and data is outside of your webservers document root
diff --git a/js/privatebin.js b/js/privatebin.js
index 974b4c54..6ed9325b 100644
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -6,7 +6,7 @@
  * @see       {@link https://github.com/PrivateBin/PrivateBin}
  * @copyright 2012 Sébastien SAUVAGE ({@link http://sebsauvage.net})
  * @license   {@link https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License}
- * @version   1.3.3
+ * @version   1.3.4
  * @name      PrivateBin
  * @namespace
  */
diff --git a/lib/Configuration.php b/lib/Configuration.php
index d7877e21..06edf68b 100644
--- a/lib/Configuration.php
+++ b/lib/Configuration.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 namespace PrivateBin;
diff --git a/lib/Controller.php b/lib/Controller.php
index 0a3e69c8..21a27b27 100644
--- a/lib/Controller.php
+++ b/lib/Controller.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 namespace PrivateBin;
@@ -28,7 +28,7 @@ class Controller
      *
      * @const string
      */
-    const VERSION = '1.3.3';
+    const VERSION = '1.3.4';
 
     /**
      * minimal required PHP version
diff --git a/lib/Data/AbstractData.php b/lib/Data/AbstractData.php
index f0572ac0..9c925838 100644
--- a/lib/Data/AbstractData.php
+++ b/lib/Data/AbstractData.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 namespace PrivateBin\Data;
diff --git a/lib/Data/Database.php b/lib/Data/Database.php
index ed52a63a..aa05e95a 100644
--- a/lib/Data/Database.php
+++ b/lib/Data/Database.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 namespace PrivateBin\Data;
diff --git a/lib/Data/Filesystem.php b/lib/Data/Filesystem.php
index 372fb022..3e9b237f 100644
--- a/lib/Data/Filesystem.php
+++ b/lib/Data/Filesystem.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 namespace PrivateBin\Data;
diff --git a/lib/Filter.php b/lib/Filter.php
index cc4a6a2e..547e2395 100644
--- a/lib/Filter.php
+++ b/lib/Filter.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 namespace PrivateBin;
diff --git a/lib/FormatV2.php b/lib/FormatV2.php
index 127b6a88..31cc5b84 100644
--- a/lib/FormatV2.php
+++ b/lib/FormatV2.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 namespace PrivateBin;
diff --git a/lib/I18n.php b/lib/I18n.php
index ffb781f1..a5ddaeaf 100644
--- a/lib/I18n.php
+++ b/lib/I18n.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 namespace PrivateBin;
diff --git a/lib/Json.php b/lib/Json.php
index b00d2c58..6916d27f 100644
--- a/lib/Json.php
+++ b/lib/Json.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 namespace PrivateBin;
diff --git a/lib/Model.php b/lib/Model.php
index b3c66a30..f5dd5577 100644
--- a/lib/Model.php
+++ b/lib/Model.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 namespace PrivateBin;
diff --git a/lib/Model/AbstractModel.php b/lib/Model/AbstractModel.php
index 9e1ac61e..b7273399 100644
--- a/lib/Model/AbstractModel.php
+++ b/lib/Model/AbstractModel.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 namespace PrivateBin\Model;
diff --git a/lib/Model/Comment.php b/lib/Model/Comment.php
index 2e45a034..68045aa9 100644
--- a/lib/Model/Comment.php
+++ b/lib/Model/Comment.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 namespace PrivateBin\Model;
diff --git a/lib/Model/Paste.php b/lib/Model/Paste.php
index 263a06f3..0aa2a967 100644
--- a/lib/Model/Paste.php
+++ b/lib/Model/Paste.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 namespace PrivateBin\Model;
diff --git a/lib/Persistence/AbstractPersistence.php b/lib/Persistence/AbstractPersistence.php
index 7d5a4b22..a4011d2d 100644
--- a/lib/Persistence/AbstractPersistence.php
+++ b/lib/Persistence/AbstractPersistence.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 namespace PrivateBin\Persistence;
diff --git a/lib/Persistence/DataStore.php b/lib/Persistence/DataStore.php
index 27ebd9cd..f60fc972 100644
--- a/lib/Persistence/DataStore.php
+++ b/lib/Persistence/DataStore.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.3.4
  */
 
 namespace PrivateBin\Persistence;
diff --git a/lib/Persistence/PurgeLimiter.php b/lib/Persistence/PurgeLimiter.php
index 22e2e1ad..0e987953 100644
--- a/lib/Persistence/PurgeLimiter.php
+++ b/lib/Persistence/PurgeLimiter.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 namespace PrivateBin\Persistence;
diff --git a/lib/Persistence/ServerSalt.php b/lib/Persistence/ServerSalt.php
index 3e8a290b..7764129f 100644
--- a/lib/Persistence/ServerSalt.php
+++ b/lib/Persistence/ServerSalt.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 namespace PrivateBin\Persistence;
diff --git a/lib/Persistence/TrafficLimiter.php b/lib/Persistence/TrafficLimiter.php
index b5c0de6c..0e6a34b0 100644
--- a/lib/Persistence/TrafficLimiter.php
+++ b/lib/Persistence/TrafficLimiter.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 namespace PrivateBin\Persistence;
diff --git a/lib/Request.php b/lib/Request.php
index 636a0f01..785f0f45 100644
--- a/lib/Request.php
+++ b/lib/Request.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 namespace PrivateBin;
diff --git a/lib/View.php b/lib/View.php
index d0993dd5..b154ed86 100644
--- a/lib/View.php
+++ b/lib/View.php
@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.3
+ * @version   1.3.4
  */
 
 namespace PrivateBin;
diff --git a/lib/Vizhash16x16.php b/lib/Vizhash16x16.php
index 14d8d49e..0292de3c 100644
--- a/lib/Vizhash16x16.php
+++ b/lib/Vizhash16x16.php
@@ -8,7 +8,7 @@
  * @link      http://sebsauvage.net/wiki/doku.php?id=php:vizhash_gd
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   0.0.5 beta PrivateBin 1.3.3
+ * @version   0.0.5 beta PrivateBin 1.3.4
  */
 
 namespace PrivateBin;
diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php
index 39d50493..87faa556 100644
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@@ -72,7 +72,7 @@ endif;
 ?>
 		
 		
-		
+		
 		
 		
 		
diff --git a/tpl/page.php b/tpl/page.php
index 7500ecae..a2cac4f3 100644
--- a/tpl/page.php
+++ b/tpl/page.php
@@ -50,7 +50,7 @@ endif;
 ?>
 		
 		
-		
+		
 		
 		
 		

From c63dc3df7bdd8517c5fc37a25b22d03b0c8c7ace Mon Sep 17 00:00:00 2001
From: El RIDO 
Date: Sun, 22 Mar 2020 06:56:18 +0100
Subject: [PATCH 13/13] increase timeout for nyc JS code coverage generator

---
 js/test/Helper.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/js/test/Helper.js b/js/test/Helper.js
index b8f6aa21..f58d73ab 100644
--- a/js/test/Helper.js
+++ b/js/test/Helper.js
@@ -73,6 +73,7 @@ describe('Helper', function () {
     });
 
     describe('urls2links', function () {
+        this.timeout(30000);
         before(function () {
             cleanup = jsdom();
         });