mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2024-10-01 01:26:10 -04:00
Merge branch 'Haocen-625-bugfixes'
This commit is contained in:
commit
5450a431cf
@ -79,7 +79,7 @@ languageselection = false
|
|||||||
; async functions and display an error if not and for Chrome to enable
|
; async functions and display an error if not and for Chrome to enable
|
||||||
; webassembly support (used for zlib compression). You can remove it if Chrome
|
; webassembly support (used for zlib compression). You can remove it if Chrome
|
||||||
; doesn't need to be supported and old browsers don't need to be warned.
|
; doesn't need to be supported and old browsers don't need to be warned.
|
||||||
; cspheader = "default-src 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals"
|
; cspheader = "default-src 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval' resource:; style-src 'self'; font-src 'self'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals"
|
||||||
|
|
||||||
; stay compatible with PrivateBin Alpha 0.19, less secure
|
; stay compatible with PrivateBin Alpha 0.19, less secure
|
||||||
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
|
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
|
||||||
|
@ -243,6 +243,18 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||||||
*/
|
*/
|
||||||
const day = 86400;
|
const day = 86400;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* number of seconds in a week
|
||||||
|
*
|
||||||
|
* = 60 * 60 * 24 * 7 seconds
|
||||||
|
*
|
||||||
|
* @name Helper.week
|
||||||
|
* @private
|
||||||
|
* @enum {number}
|
||||||
|
* @readonly
|
||||||
|
*/
|
||||||
|
const week = 604800;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* number of seconds in a month (30 days, an approximation)
|
* number of seconds in a month (30 days, an approximation)
|
||||||
*
|
*
|
||||||
@ -326,7 +338,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||||||
*/
|
*/
|
||||||
me.durationToSeconds = function(duration)
|
me.durationToSeconds = function(duration)
|
||||||
{
|
{
|
||||||
let pieces = duration.split(/\d+/),
|
let pieces = duration.split(/(\D+)/),
|
||||||
factor = pieces[0] || 0,
|
factor = pieces[0] || 0,
|
||||||
timespan = pieces[1] || pieces[0];
|
timespan = pieces[1] || pieces[0];
|
||||||
switch (timespan)
|
switch (timespan)
|
||||||
@ -337,6 +349,8 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||||||
return factor * hour;
|
return factor * hour;
|
||||||
case 'day':
|
case 'day':
|
||||||
return factor * day;
|
return factor * day;
|
||||||
|
case 'week':
|
||||||
|
return factor * week;
|
||||||
case 'month':
|
case 'month':
|
||||||
return factor * month;
|
return factor * month;
|
||||||
case 'year':
|
case 'year':
|
||||||
@ -391,9 +405,11 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||||||
me.urls2links = function(element)
|
me.urls2links = function(element)
|
||||||
{
|
{
|
||||||
element.html(
|
element.html(
|
||||||
element.html().replace(
|
DOMPurify.sanitize(
|
||||||
/(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
|
element.html().replace(
|
||||||
'<a href="$1" rel="nofollow">$1</a>'
|
/(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
|
||||||
|
'<a href="$1" rel="nofollow noopener noreferrer">$1</a>'
|
||||||
|
)
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
@ -1975,15 +1991,11 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||||||
return a.length - b.length;
|
return a.length - b.length;
|
||||||
})[0];
|
})[0];
|
||||||
if (typeof shortUrl === 'string' && shortUrl.length > 0) {
|
if (typeof shortUrl === 'string' && shortUrl.length > 0) {
|
||||||
I18n._(
|
|
||||||
$('#pastelink'),
|
|
||||||
'Your paste is <a id="pasteurl" href="%s">%s</a> <span id="copyhint">(Hit [Ctrl]+[c] to copy)</span>',
|
|
||||||
shortUrl, shortUrl
|
|
||||||
);
|
|
||||||
// we disable the button to avoid calling shortener again
|
// we disable the button to avoid calling shortener again
|
||||||
$shortenButton.addClass('buttondisabled');
|
$shortenButton.addClass('buttondisabled');
|
||||||
// save newly created element
|
// update link
|
||||||
$pasteUrl = $('#pasteurl');
|
$pasteUrl.text(shortUrl);
|
||||||
|
$pasteUrl.prop('href', shortUrl);
|
||||||
// we pre-select the link so that the user only has to [Ctrl]+[c] the link
|
// we pre-select the link so that the user only has to [Ctrl]+[c] the link
|
||||||
Helper.selectText($pasteUrl[0]);
|
Helper.selectText($pasteUrl[0]);
|
||||||
return;
|
return;
|
||||||
@ -2404,7 +2416,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||||||
/**
|
/**
|
||||||
* hides the Editor
|
* hides the Editor
|
||||||
*
|
*
|
||||||
* @name Editor.reset
|
* @name Editor.hide
|
||||||
* @function
|
* @function
|
||||||
*/
|
*/
|
||||||
me.hide = function()
|
me.hide = function()
|
||||||
@ -3110,19 +3122,15 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||||||
*/
|
*/
|
||||||
function addClipboardEventHandler() {
|
function addClipboardEventHandler() {
|
||||||
$(document).on('paste', function (event) {
|
$(document).on('paste', function (event) {
|
||||||
if (TopNav.isAttachmentReadonly()) {
|
|
||||||
event.stopPropagation();
|
|
||||||
event.preventDefault();
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
const items = (event.clipboardData || event.originalEvent.clipboardData).items;
|
const items = (event.clipboardData || event.originalEvent.clipboardData).items;
|
||||||
for (let i = 0; i < items.length; ++i) {
|
const lastItem = items[items.length - 1];
|
||||||
if (items[i].kind === 'file') {
|
if (lastItem.kind === 'file') {
|
||||||
//Clear the file input:
|
if (TopNav.isAttachmentReadonly()) {
|
||||||
$fileInput.wrap('<form>').closest('form').get(0).reset();
|
event.stopPropagation();
|
||||||
$fileInput.unwrap();
|
event.preventDefault();
|
||||||
|
return false;
|
||||||
readFileData(items[i].getAsFile());
|
} else {
|
||||||
|
readFileData(lastItem.getAsFile());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
@ -3752,8 +3760,12 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||||||
if (expirationDateString !== null) {
|
if (expirationDateString !== null) {
|
||||||
emailBody += EOL;
|
emailBody += EOL;
|
||||||
emailBody += BULLET;
|
emailBody += BULLET;
|
||||||
emailBody += I18n._(
|
// avoid DOMPurify mess with forward slash in expirationDateString
|
||||||
'This link will expire after %s.',
|
emailBody += Helper.sprintf(
|
||||||
|
I18n._(
|
||||||
|
'This link will expire after %s.',
|
||||||
|
'%s'
|
||||||
|
),
|
||||||
expirationDateString
|
expirationDateString
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
@ -4280,7 +4292,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||||||
*/
|
*/
|
||||||
me.isAttachmentReadonly = function()
|
me.isAttachmentReadonly = function()
|
||||||
{
|
{
|
||||||
return createButtonsDisplayed && $attach.hasClass('hidden');
|
return !createButtonsDisplayed || $attach.hasClass('hidden');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -5328,6 +5340,23 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||||||
SAFE_FOR_JQUERY: true
|
SAFE_FOR_JQUERY: true
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// Add a hook to make all links open a new window
|
||||||
|
DOMPurify.addHook('afterSanitizeAttributes', function(node) {
|
||||||
|
// set all elements owning target to target=_blank
|
||||||
|
if ('target' in node && node.id !== 'pasteurl') {
|
||||||
|
node.setAttribute('target', '_blank');
|
||||||
|
}
|
||||||
|
// set non-HTML/MathML links to xlink:show=new
|
||||||
|
if (!node.hasAttribute('target')
|
||||||
|
&& (node.hasAttribute('xlink:href')
|
||||||
|
|| node.hasAttribute('href'))) {
|
||||||
|
node.setAttribute('xlink:show', 'new');
|
||||||
|
}
|
||||||
|
if ('rel' in node) {
|
||||||
|
node.setAttribute('rel', 'nofollow noopener noreferrer');
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
// center all modals
|
// center all modals
|
||||||
$('.modal').on('show.bs.modal', function(e) {
|
$('.modal').on('show.bs.modal', function(e) {
|
||||||
$(e.target).css({
|
$(e.target).css({
|
||||||
@ -5359,6 +5388,12 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||||||
}
|
}
|
||||||
me.initZ();
|
me.initZ();
|
||||||
|
|
||||||
|
// if delete token is passed (i.e. paste has been deleted by this
|
||||||
|
// access), there is nothing more to do
|
||||||
|
if (Model.hasDeleteToken()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
// check whether existing paste needs to be shown
|
// check whether existing paste needs to be shown
|
||||||
try {
|
try {
|
||||||
Model.getPasteId();
|
Model.getPasteId();
|
||||||
@ -5367,11 +5402,10 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||||||
return me.newPaste();
|
return me.newPaste();
|
||||||
}
|
}
|
||||||
|
|
||||||
// if delete token is passed (i.e. paste has been deleted by this
|
// always reload on back button to invalidate cache(protect burn after read paste)
|
||||||
// access), there is nothing more to do
|
window.addEventListener('popstate', () => {
|
||||||
if (Model.hasDeleteToken()) {
|
window.location.reload();
|
||||||
return;
|
});
|
||||||
}
|
|
||||||
|
|
||||||
// display an existing paste
|
// display an existing paste
|
||||||
return me.showPaste();
|
return me.showPaste();
|
||||||
|
@ -125,7 +125,7 @@ describe('Helper', function () {
|
|||||||
let result = e.html();
|
let result = e.html();
|
||||||
clean();
|
clean();
|
||||||
url = $('<div />').text(url).html();
|
url = $('<div />').text(url).html();
|
||||||
return $('<div />').text(prefix).html() + '<a href="' + url + '" rel="nofollow">' + url + '</a>' + $('<div />').text(postfix).html() === result;
|
return $('<div />').text(prefix).html() + '<a href="' + url + '" rel="nofollow noopener noreferrer">' + url + '</a>' + $('<div />').text(postfix).html() === result;
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
jsc.property(
|
jsc.property(
|
||||||
@ -145,7 +145,7 @@ describe('Helper', function () {
|
|||||||
let result = e.html();
|
let result = e.html();
|
||||||
clean();
|
clean();
|
||||||
url = $('<div />').text(url).html();
|
url = $('<div />').text(url).html();
|
||||||
return $('<div />').text(prefix).html() + '<a href="' + url + '" rel="nofollow">' + url + '</a>' + $('<div />').text(postfix).html() === result;
|
return $('<div />').text(prefix).html() + '<a href="' + url + '" rel="nofollow noopener noreferrer">' + url + '</a>' + $('<div />').text(postfix).html() === result;
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
@ -53,7 +53,7 @@ class Configuration
|
|||||||
'urlshortener' => '',
|
'urlshortener' => '',
|
||||||
'qrcode' => true,
|
'qrcode' => true,
|
||||||
'icon' => 'identicon',
|
'icon' => 'identicon',
|
||||||
'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals',
|
'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\' resource:; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals',
|
||||||
'zerobincompatibility' => false,
|
'zerobincompatibility' => false,
|
||||||
'httpwarning' => true,
|
'httpwarning' => true,
|
||||||
'compression' => 'zlib',
|
'compression' => 'zlib',
|
||||||
|
@ -72,7 +72,7 @@ endif;
|
|||||||
?>
|
?>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.8.js" integrity="sha512-QwcEKGuEmKtMguCO9pqNtUtZqq9b/tJ8gNr5qhY8hykq3zKTlDOvpZAmf6Rs8yH35Bz1ZdctUjj2qEWxT5aXCg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.8.js" integrity="sha512-QwcEKGuEmKtMguCO9pqNtUtZqq9b/tJ8gNr5qhY8hykq3zKTlDOvpZAmf6Rs8yH35Bz1ZdctUjj2qEWxT5aXCg==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-FC14dIXSJ7iLCcpPOCs7JiCe3619sRbEGsLiSqzD+dGS8qKJTR4X84UvQt0yNYTvQ84QMQ2GtoDpVrJYFeqcYw==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-pIM3/kBh5nI0TNPXyjhhqCrLE2enQc0DjiIfmpH2RoHaeDPNh2aTKIqEf8Ms6JMGWD/xJreAU7XUElWgELCkYQ==" crossorigin="anonymous"></script>
|
||||||
<!-- icon -->
|
<!-- icon -->
|
||||||
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
|
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
|
||||||
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
|
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
|
||||||
|
@ -50,7 +50,7 @@ endif;
|
|||||||
?>
|
?>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.8.js" integrity="sha512-QwcEKGuEmKtMguCO9pqNtUtZqq9b/tJ8gNr5qhY8hykq3zKTlDOvpZAmf6Rs8yH35Bz1ZdctUjj2qEWxT5aXCg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.8.js" integrity="sha512-QwcEKGuEmKtMguCO9pqNtUtZqq9b/tJ8gNr5qhY8hykq3zKTlDOvpZAmf6Rs8yH35Bz1ZdctUjj2qEWxT5aXCg==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-FC14dIXSJ7iLCcpPOCs7JiCe3619sRbEGsLiSqzD+dGS8qKJTR4X84UvQt0yNYTvQ84QMQ2GtoDpVrJYFeqcYw==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-pIM3/kBh5nI0TNPXyjhhqCrLE2enQc0DjiIfmpH2RoHaeDPNh2aTKIqEf8Ms6JMGWD/xJreAU7XUElWgELCkYQ==" crossorigin="anonymous"></script>
|
||||||
<!-- icon -->
|
<!-- icon -->
|
||||||
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
|
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
|
||||||
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
|
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
|
||||||
|
Loading…
Reference in New Issue
Block a user