Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-03-03 11:49:15 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into keyboard-trap

Browse Source
This commit is contained in:
El RIDO 2024-12-27 07:33:50 +01:00
commit 84866f9b09
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92
13 changed files with 58 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/test-results.yml vendored
View File

@ -24,7 +24,7 @@ jobs:
steps:
- name: Download and Extract Artifacts
uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11
uses: dawidd6/action-download-artifact@80620a5d27ce0ae443b965134db88467fc607b43
with:
run_id: ${{ github.event.workflow_run.id }}
path: artifacts

2
CHANGELOG.md
View File

@ -2,6 +2,8 @@
## 1.7.6 (not yet released)
* CHANGED: Allow toggling tab-key-support using `[Ctrl]+[m]` or `[Esc]` in textarea for keyboard navigation (#1386)
* CHANGED: Switched to WASM streaming and replace unsafe-eval with wasm-unsafe-eval CSP declaration (#1464), requires webserver to have `application/wasm` MIME type configured.
* CHANGED: Upgrading libraries to: cloud-storage 1.44.0, aws-sdk-php 3.331.0
## 1.7.5 (2024-11-16)
* ADDED: Allow non persistent SQL connections, if configured (#1394)

8
cfg/conf.sample.php
View File

@ -101,11 +101,9 @@ languageselection = false
; they are embedded in pastes. If you wish to allow that, you can adjust the
; policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images
; for details.
; - The 'unsafe-eval' is used in two cases; to check if the browser supports
; async functions and display an error if not and for Chrome to enable
; webassembly support (used for zlib compression). You can remove it if Chrome
; doesn't need to be supported and old browsers don't need to be warned.
; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
; - The 'wasm-unsafe-eval' is used to enable webassembly support (used for zlib
; compression). You can remove it if compression doesn't need to be supported.
; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of

2
codacy-analysis.yml
View File

@ -24,7 +24,7 @@ jobs:
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v4
# Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
- name: Run Codacy Analysis CLI

4
composer.json
View File

@ -30,8 +30,8 @@
"yzalis/identicon": "2.0.0"
},
"suggest" : {
"google/cloud-storage" : "1.43.0",
"aws/aws-sdk-php" : "3.325.0"
"google/cloud-storage" : "1.44.0",
"aws/aws-sdk-php" : "3.331.0"
},
"require-dev" : {
"phpunit/phpunit" : "^9"

12
composer.lock generated
View File

@ -257,16 +257,16 @@
},
{
"name": "myclabs/deep-copy",
"version": "1.12.0",
"version": "1.12.1",
"source": {
"type": "git",
"url": "https://github.com/myclabs/DeepCopy.git",
"reference": "3a6b9a42cd8f8771bd4295d13e1423fa7f3d942c"
"reference": "123267b2c49fbf30d78a7b2d333f6be754b94845"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/3a6b9a42cd8f8771bd4295d13e1423fa7f3d942c",
"reference": "3a6b9a42cd8f8771bd4295d13e1423fa7f3d942c",
"url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/123267b2c49fbf30d78a7b2d333f6be754b94845",
"reference": "123267b2c49fbf30d78a7b2d333f6be754b94845",
"shasum": ""
},
"require": {
@ -305,7 +305,7 @@
],
"support": {
"issues": "https://github.com/myclabs/DeepCopy/issues",
"source": "https://github.com/myclabs/DeepCopy/tree/1.12.0"
"source": "https://github.com/myclabs/DeepCopy/tree/1.12.1"
},
"funding": [
{
@ -313,7 +313,7 @@
"type": "tidelift"
}
],
"time": "2024-06-12T14:39:25+00:00"
"time": "2024-11-08T17:47:46+00:00"
},
{
"name": "nikic/php-parser",

8
i18n/co.json
View File

@ -168,15 +168,15 @@
"Plain Text": "Testu in chjaru",
"Source Code": "Codice di fonte",
"Markdown": "Markdown",
"Download attachment": "Scaricà a pezza aghjunta",
"Download attachment": "Scaricà a pezza ghjunta",
"Cloned: '%s'": "Duppiatu : « %s »",
"The cloned file '%s' was attached to this paste.": "U schedariu duppiatu « %s » hè statu aghjuntu à stappiccicu.",
"Attach a file": "Aghjunghje un schedariu",
"alternatively drag & drop a file or paste an image from the clipboard": "in alternanza, sguillà è depone un schedariu o incullà una fiura da u premepapei",
"File too large, to display a preview. Please download the attachment.": "Schedariu troppu maiò per affissà una fighjulata. Scaricate a pezza aghjunta.",
"Remove attachment": "Caccià a pezza aghjunta",
"File too large, to display a preview. Please download the attachment.": "Schedariu troppu maiò per affissà una fighjulata. Scaricate a pezza ghjunta.",
"Remove attachment": "Caccià a pezza ghjunta",
"Your browser does not support uploading encrypted files. Please use a newer browser.": "U vostru navigatore ùn accetta micca linviu di i schedarii cifrati. Impiegate un navigatore più recente.",
"Invalid attachment.": "A pezza aghjunta hè inaccettevule.",
"Invalid attachment.": "A pezza ghjunta hè inaccettevule.",
"Options": "Ozzioni",
"Shorten URL": "Ammuzzà lindirizzu",
"Editor": "Editore",

12
i18n/th.json
View File

@ -215,12 +215,12 @@
"Trying to shorten a URL that isn't pointing at our instance.": "กำลังพยายามใช้เครื่องมือสร้างลิงก์ย่อ ที่ไม่ได้ชี้ไปที่อินสแตนซ์ของเรา",
"Error calling YOURLS. Probably a configuration issue, like wrong or missing \"apiurl\" or \"signature\".": "เกิดข้อผิดพลาดในการเรียก YOURLS อาจเป็นปัญหามาจากการกำหนดค่า เช่น \"apiurl\" หรือ \"signature\" ไม่ถูกต้องหรือขาดหายไป",
"Error parsing YOURLS response.": "เกิดข้อผิดพลาดในการแยกวิเคราะห์การตอบสนองของ YOURLS",
"This secret message can only be displayed once. Would you like to see it now?": "This secret message can only be displayed once. Would you like to see it now?",
"Yes, see it": "Yes, see it",
"Dark Mode": "โหมดืด",
"Error compressing paste, due to missing WebAssembly support.": "Error compressing paste, due to missing WebAssembly support.",
"Error decompressing paste, your browser does not support WebAssembly. Please use another browser to view this paste.": "Error decompressing paste, your browser does not support WebAssembly. Please use another browser to view this paste.",
"Start over": "Start over",
"This secret message can only be displayed once. Would you like to see it now?": "ข้อความลับนี้จะแสดงได้เพียงครั้งเดียวเท่านั้น คุณต้องการดูข้อความนี้ตอนนี้เลยใช่หรือไม่",
"Yes, see it": "ใช่ ดูเลย",
"Dark Mode": "โหมดสีเข้ม",
"Error compressing paste, due to missing WebAssembly support.": "ไม่สามารถบีบอัดข้อมูลที่คุณต้องการฝากโค้ดได้ เนื่องจากอุปกรณ์ของคุณขาดการรองรับ WebAssembly",
"Error decompressing paste, your browser does not support WebAssembly. Please use another browser to view this paste.": "ไม่สามารถอ่านข้อมูลที่คุณได้ฝากโค้ดไว้ เบราว์เซอร์ของคุณไม่รองรับ WebAssembly กรุณาลองเปลี่ยนใช้เบราว์เซอร์ตัวอื่นเพื่อดูการฝากโค้ดนี้อีกครั้ง",
"Start over": "เริ่มใหม่",
"Paste text": "Paste text",
"Tabulator key serves as character (Hit <kbd>Ctrl</kbd>+<kbd>m</kbd> or <kbd>Esc</kbd> to toggle)": "Tabulator key serves as character (Hit <kbd>Ctrl</kbd>+<kbd>m</kbd> or <kbd>Esc</kbd> to toggle)"
}

2
i18n/uk.json
View File

@ -220,7 +220,7 @@
"Dark Mode": "Темний режим",
"Error compressing paste, due to missing WebAssembly support.": "Помилка при стисканні допису, через відсутність підтримки WebAssembly сервера.",
"Error decompressing paste, your browser does not support WebAssembly. Please use another browser to view this paste.": "Помилка при розпакуванні допису, бо ваш браузер не підтримує WebAssembly. Будь ласка, відкрийте в іншому браузері для перегляду цього допису.",
"Start over": "Start over",
"Start over": "Почати знову",
"Paste text": "Paste text",
"Tabulator key serves as character (Hit <kbd>Ctrl</kbd>+<kbd>m</kbd> or <kbd>Esc</kbd> to toggle)": "Tabulator key serves as character (Hit <kbd>Ctrl</kbd>+<kbd>m</kbd> or <kbd>Esc</kbd> to toggle)"
}

19
js/legacy.js
View File

@ -6,7 +6,6 @@
* @see {@link https://github.com/PrivateBin/PrivateBin}
* @copyright 2012 Sébastien SAUVAGE ({@link http://sebsauvage.net})
* @license {@link https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License}
* @version 1.3.1
* @name Legacy
* @namespace
*/
@ -175,18 +174,6 @@
)) {
return true;
}
// async & ES6 support
try {
eval('async () => {}');
} catch (e) {
if (e instanceof SyntaxError) {
return true;
} else {
throw e; // throws CSP error
}
}
return false;
}
@ -238,7 +225,7 @@
{
return init;
};
/**
* returns the current status of the check
*
@ -250,7 +237,7 @@
{
return status;
};
/**
* init on application start, returns an all-clear signal
*
@ -308,4 +295,4 @@
this.Legacy = {
Check: Check
};
}).call(this);
}).call(this);

57
js/zlib-1.3.1.js
View File

@ -1,6 +1,6 @@
'use strict';
(function() {
(function () {
let ret;
async function initialize() {
@ -23,16 +23,7 @@
_abort: errno => { console.error(`Error: ${errno}`) },
_grow: () => { },
};
let buff;
if (typeof fs === 'object') {
buff = fs.readFileSync('zlib-1.3.1.wasm');
} else {
const resp = await fetch('js/zlib-1.3.1.wasm');
buff = await resp.arrayBuffer();
}
const module = await WebAssembly.compile(buff);
const ins = await WebAssembly.instantiate(module, { env });
const ins = (await WebAssembly.instantiateStreaming(fetch('js/zlib-1.3.1.wasm'), { env })).instance;
const srcPtr = ins.exports._malloc(CHUNK_SIZE);
const dstPtr = ins.exports._malloc(CHUNK_SIZE);
@ -116,28 +107,28 @@
}
ret = {
inflate(rawDeflateBuffer) {
const rawInf = new RawInf();
for (let offset = 0; offset < rawDeflateBuffer.length; offset += CHUNK_SIZE) {
const end = Math.min(offset + CHUNK_SIZE, rawDeflateBuffer.length);
const chunk = rawDeflateBuffer.subarray(offset, end);
rawInf.inflate(chunk);
}
const ret = rawInf.getBuffer();
rawInf.destroy();
return ret;
},
deflate(rawInflateBuffer) {
const rawDef = new RawDef();
for (let offset = 0; offset < rawInflateBuffer.length; offset += CHUNK_SIZE) {
const end = Math.min(offset + CHUNK_SIZE, rawInflateBuffer.length);
const chunk = rawInflateBuffer.subarray(offset, end);
rawDef.deflate(chunk, rawInflateBuffer.length <= offset + CHUNK_SIZE);
}
const ret = rawDef.getBuffer();
rawDef.destroy();
return ret;
},
inflate(rawDeflateBuffer) {
const rawInf = new RawInf();
for (let offset = 0; offset < rawDeflateBuffer.length; offset += CHUNK_SIZE) {
const end = Math.min(offset + CHUNK_SIZE, rawDeflateBuffer.length);
const chunk = rawDeflateBuffer.subarray(offset, end);
rawInf.inflate(chunk);
}
const ret = rawInf.getBuffer();
rawInf.destroy();
return ret;
},
deflate(rawInflateBuffer) {
const rawDef = new RawDef();
for (let offset = 0; offset < rawInflateBuffer.length; offset += CHUNK_SIZE) {
const end = Math.min(offset + CHUNK_SIZE, rawInflateBuffer.length);
const chunk = rawInflateBuffer.subarray(offset, end);
rawDef.deflate(chunk, rawInflateBuffer.length <= offset + CHUNK_SIZE);
}
const ret = rawDef.getBuffer();
rawDef.destroy();
return ret;
},
}
return ret;

6
lib/Configuration.php
View File

@ -54,7 +54,7 @@ class Configuration
'qrcode' => true,
'email' => true,
'icon' => 'identicon',
'cspheader' => 'default-src \'none\'; base-uri \'self\'; form-action \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; frame-ancestors \'none\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads',
'cspheader' => 'default-src \'none\'; base-uri \'self\'; form-action \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'wasm-unsafe-eval\'; style-src \'self\'; font-src \'self\'; frame-ancestors \'none\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads',
'zerobincompatibility' => false,
'httpwarning' => true,
'compression' => 'zlib',
@ -106,13 +106,13 @@ class Configuration
'js/dark-mode-switch.js' => 'sha512-BhY7dNU14aDN5L+muoUmA66x0CkYUWkQT0nxhKBLP/o2d7jE025+dvWJa4OiYffBGEFgmhrD/Sp+QMkxGMTz2g==',
'js/jquery-3.7.1.js' => 'sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==',
'js/kjua-0.9.0.js' => 'sha512-CVn7af+vTMBd9RjoS4QM5fpLFEOtBCoB0zPtaqIDC7sF4F8qgUSRFQQpIyEDGsr6yrjbuOLzdf20tkHHmpaqwQ==',
'js/legacy.js' => 'sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==',
'js/legacy.js' => 'sha512-UxW/TOZKon83n6dk/09GsYKIyeO5LeBHokxyIq+r7KFS5KMBeIB/EM7NrkVYIezwZBaovnyNtY2d9tKFicRlXg==',
'js/prettify.js' => 'sha512-puO0Ogy++IoA2Pb9IjSxV1n4+kQkKXYAEUtVzfZpQepyDPyXk8hokiYDS7ybMogYlyyEIwMLpZqVhCkARQWLMg==',
'js/privatebin.js' => 'sha512-5JuYesxfZ0hS5Auqm5QkDsUy7ZzVabjcfS3zbVLfwkhJVt8ekzU5tYLbhaDTM+wmq3xwV+8N8krpp9fuF5kS3A==',
'js/purify-3.1.7.js' => 'sha512-LegvqULiMtOfboJZw9MpETN/b+xnLRXZI90gG7oIFHW+yAeHmKvRtEUbiMFx2WvUqQoL9XB3gwU+hWXUT0X+8A==',
'js/rawinflate-0.3.js' => 'sha512-g8uelGgJW9A/Z1tB6Izxab++oj5kdD7B4qC7DHwZkB6DGMXKyzx7v5mvap2HXueI2IIn08YlRYM56jwWdm2ucQ==',
'js/showdown-2.1.0.js' => 'sha512-WYXZgkTR0u/Y9SVIA4nTTOih0kXMEd8RRV6MLFdL6YU8ymhR528NLlYQt1nlJQbYz4EW+ZsS0fx1awhiQJme1Q==',
'js/zlib-1.3.1.js' => 'sha512-Z90oppVx/mn0DG2k9airjFVQuliELlXLeT3SRiO6MLiUSbhGlAq+UFwmYbG4i9mwW87dkG8fgJPapGwnUq7Osg==',
'js/zlib-1.3.1.js' => 'sha512-5bU9IIP4PgBrOKLZvGWJD4kgfQrkTz8Z3Iqeu058mbQzW3mCumOU6M3UVbVZU9rrVoVwaW4cZK8U8h5xjF88eQ==',
),
);

4
vendor/composer/installed.php vendored
View File

@ -3,7 +3,7 @@
'name' => 'privatebin/privatebin',
'pretty_version' => 'dev-master',
'version' => 'dev-master',
'reference' => '365782ebeb864a851a9ece915028f6cac97f8fab',
'reference' => '1c7d63954642b3852177793c0c17963303484051',
'type' => 'project',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
@ -31,7 +31,7 @@
'privatebin/privatebin' => array(
'pretty_version' => 'dev-master',
'version' => 'dev-master',
'reference' => '365782ebeb864a851a9ece915028f6cac97f8fab',
'reference' => '1c7d63954642b3852177793c0c17963303484051',
'type' => 'project',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),