Merge branch 'master' into keyboard-trap

2025-03-03 19:59:18 -05:00 · 2024-12-27 07:33:50 +01:00 · 2024-12-27 07:33:50 +01:00 · 84866f9b09
commit 84866f9b09
parent 99e0b7efac 15488d3405
13 changed files with 58 additions and 80 deletions
--- a/.github/workflows/test-results.yml
+++ b/.github/workflows/test-results.yml
@ -24,7 +24,7 @@ jobs:
    steps:
       - name: Download and Extract Artifacts
-         uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11
+         uses: dawidd6/action-download-artifact@80620a5d27ce0ae443b965134db88467fc607b43
         with:
          run_id: ${{ github.event.workflow_run.id }}
          path: artifacts
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,8 @@
 ## 1.7.6 (not yet released)
 * CHANGED: Allow toggling tab-key-support using `[Ctrl]+[m]` or `[Esc]` in textarea for keyboard navigation (#1386)
 * CHANGED: Switched to WASM streaming and replace unsafe-eval with wasm-unsafe-eval CSP declaration (#1464), requires webserver to have `application/wasm` MIME type configured.
 * CHANGED: Upgrading libraries to: cloud-storage 1.44.0, aws-sdk-php 3.331.0
 ## 1.7.5 (2024-11-16)
 * ADDED: Allow non persistent SQL connections, if configured (#1394)
--- a/cfg/conf.sample.php
+++ b/cfg/conf.sample.php
@ -101,11 +101,9 @@ languageselection = false
 ;   they are embedded in pastes. If you wish to allow that, you can adjust the
 ;   policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images
 ;   for details.
-; - The 'unsafe-eval' is used in two cases; to check if the browser supports
+; - The 'wasm-unsafe-eval' is used to enable webassembly support (used for zlib
-;   async functions and display an error if not and for Chrome to enable
+;   compression). You can remove it if compression doesn't need to be supported.
-;   webassembly support (used for zlib compression). You can remove it if Chrome
+; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
 ;   doesn't need to be supported and old browsers don't need to be warned.
 ; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
 ; stay compatible with PrivateBin Alpha 0.19, less secure
 ; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
--- a/codacy-analysis.yml
+++ b/codacy-analysis.yml
@ -24,7 +24,7 @@ jobs:
    steps:
      # Checkout the repository to the GitHub Actions runner
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
      - name: Run Codacy Analysis CLI
--- a/composer.json
+++ b/composer.json
@ -30,8 +30,8 @@
 		"yzalis/identicon": "2.0.0"
 	},
 	"suggest" : {
-		"google/cloud-storage" : "1.43.0",
+		"google/cloud-storage" : "1.44.0",
-		"aws/aws-sdk-php" : "3.325.0"
+		"aws/aws-sdk-php" : "3.331.0"
 	},
 	"require-dev" : {
 		"phpunit/phpunit" : "^9"
--- a/composer.lock
+++ b/composer.lock
@ -257,16 +257,16 @@
        },
        {
            "name": "myclabs/deep-copy",
-            "version": "1.12.0",
+            "version": "1.12.1",
            "source": {
                "type": "git",
                "url": "https://github.com/myclabs/DeepCopy.git",
-                "reference": "3a6b9a42cd8f8771bd4295d13e1423fa7f3d942c"
+                "reference": "123267b2c49fbf30d78a7b2d333f6be754b94845"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/3a6b9a42cd8f8771bd4295d13e1423fa7f3d942c",
+                "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/123267b2c49fbf30d78a7b2d333f6be754b94845",
-                "reference": "3a6b9a42cd8f8771bd4295d13e1423fa7f3d942c",
+                "reference": "123267b2c49fbf30d78a7b2d333f6be754b94845",
                "shasum": ""
            },
            "require": {
@ -305,7 +305,7 @@
            ],
            "support": {
                "issues": "https://github.com/myclabs/DeepCopy/issues",
-                "source": "https://github.com/myclabs/DeepCopy/tree/1.12.0"
+                "source": "https://github.com/myclabs/DeepCopy/tree/1.12.1"
            },
            "funding": [
                {
@ -313,7 +313,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2024-06-12T14:39:25+00:00"
+            "time": "2024-11-08T17:47:46+00:00"
        },
        {
            "name": "nikic/php-parser",
--- a/i18n/co.json
+++ b/i18n/co.json
@ -168,15 +168,15 @@
    "Plain Text": "Testu in chjaru",
    "Source Code": "Codice di fonte",
    "Markdown": "Markdown",
-    "Download attachment": "Scaricà a pezza aghjunta",
+    "Download attachment": "Scaricà a pezza ghjunta",
    "Cloned: '%s'": "Duppiatu : « %s »",
    "The cloned file '%s' was attached to this paste.": "U schedariu duppiatu  « %s » hè statu aghjuntu à st’appiccicu.",
    "Attach a file": "Aghjunghje un schedariu",
    "alternatively drag & drop a file or paste an image from the clipboard": "in alternanza, sguillà è depone un schedariu o incullà una fiura da u preme’papei",
-    "File too large, to display a preview. Please download the attachment.": "Schedariu troppu maiò per affissà una fighjulata. Scaricate a pezza aghjunta.",
+    "File too large, to display a preview. Please download the attachment.": "Schedariu troppu maiò per affissà una fighjulata. Scaricate a pezza ghjunta.",
-    "Remove attachment": "Caccià a pezza aghjunta",
+    "Remove attachment": "Caccià a pezza ghjunta",
    "Your browser does not support uploading encrypted files. Please use a newer browser.": "U vostru navigatore ùn accetta micca l’inviu di i schedarii cifrati. Impiegate un navigatore più recente.",
-    "Invalid attachment.": "A pezza aghjunta hè inaccettevule.",
+    "Invalid attachment.": "A pezza ghjunta hè inaccettevule.",
    "Options": "Ozzioni",
    "Shorten URL": "Ammuzzà l’indirizzu",
    "Editor": "Editore",
--- a/i18n/th.json
+++ b/i18n/th.json
@ -215,12 +215,12 @@
    "Trying to shorten a URL that isn't pointing at our instance.": "กำลังพยายามใช้เครื่องมือสร้างลิงก์ย่อ ที่ไม่ได้ชี้ไปที่อินสแตนซ์ของเรา",
    "Error calling YOURLS. Probably a configuration issue, like wrong or missing \"apiurl\" or \"signature\".": "เกิดข้อผิดพลาดในการเรียก YOURLS อาจเป็นปัญหามาจากการกำหนดค่า เช่น \"apiurl\" หรือ \"signature\" ไม่ถูกต้องหรือขาดหายไป",
    "Error parsing YOURLS response.": "เกิดข้อผิดพลาดในการแยกวิเคราะห์การตอบสนองของ YOURLS",
-    "This secret message can only be displayed once. Would you like to see it now?": "This secret message can only be displayed once. Would you like to see it now?",
+    "This secret message can only be displayed once. Would you like to see it now?": "ข้อความลับนี้จะแสดงได้เพียงครั้งเดียวเท่านั้น คุณต้องการดูข้อความนี้ตอนนี้เลยใช่หรือไม่",
-    "Yes, see it": "Yes, see it",
+    "Yes, see it": "ใช่ ดูเลย",
-    "Dark Mode": "โหมดมืด",
+    "Dark Mode": "โหมดสีเข้ม",
-    "Error compressing paste, due to missing WebAssembly support.": "Error compressing paste, due to missing WebAssembly support.",
+    "Error compressing paste, due to missing WebAssembly support.": "ไม่สามารถบีบอัดข้อมูลที่คุณต้องการฝากโค้ดได้ เนื่องจากอุปกรณ์ของคุณขาดการรองรับ WebAssembly",
-    "Error decompressing paste, your browser does not support WebAssembly. Please use another browser to view this paste.": "Error decompressing paste, your browser does not support WebAssembly. Please use another browser to view this paste.",
+    "Error decompressing paste, your browser does not support WebAssembly. Please use another browser to view this paste.": "ไม่สามารถอ่านข้อมูลที่คุณได้ฝากโค้ดไว้ เบราว์เซอร์ของคุณไม่รองรับ WebAssembly กรุณาลองเปลี่ยนใช้เบราว์เซอร์ตัวอื่นเพื่อดูการฝากโค้ดนี้อีกครั้ง",
-    "Start over": "Start over",
+    "Start over": "เริ่มใหม่",
    "Paste text": "Paste text",
    "Tabulator key serves as character (Hit <kbd>Ctrl</kbd>+<kbd>m</kbd> or <kbd>Esc</kbd> to toggle)": "Tabulator key serves as character (Hit <kbd>Ctrl</kbd>+<kbd>m</kbd> or <kbd>Esc</kbd> to toggle)"
 }
--- a/i18n/uk.json
+++ b/i18n/uk.json
@ -220,7 +220,7 @@
    "Dark Mode": "Темний режим",
    "Error compressing paste, due to missing WebAssembly support.": "Помилка при стисканні допису, через відсутність підтримки WebAssembly сервера.",
    "Error decompressing paste, your browser does not support WebAssembly. Please use another browser to view this paste.": "Помилка при розпакуванні допису, бо ваш браузер не підтримує WebAssembly. Будь ласка, відкрийте в іншому браузері для перегляду цього допису.",
-    "Start over": "Start over",
+    "Start over": "Почати знову",
    "Paste text": "Paste text",
    "Tabulator key serves as character (Hit <kbd>Ctrl</kbd>+<kbd>m</kbd> or <kbd>Esc</kbd> to toggle)": "Tabulator key serves as character (Hit <kbd>Ctrl</kbd>+<kbd>m</kbd> or <kbd>Esc</kbd> to toggle)"
 }
--- a/js/legacy.js
+++ b/js/legacy.js
@ -6,7 +6,6 @@
 * @see       {@link https://github.com/PrivateBin/PrivateBin}
 * @copyright 2012 Sébastien SAUVAGE ({@link http://sebsauvage.net})
 * @license   {@link https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License}
 * @version   1.3.1
 * @name      Legacy
 * @namespace
 */
@ -175,18 +174,6 @@
            )) {
                return true;
            }
            // async & ES6 support
            try {
                eval('async () => {}');
            } catch (e) {
                if (e instanceof SyntaxError) {
                    return true;
                } else {
                    throw e; // throws CSP error
                }
            }
            return false;
        }
--- a/js/zlib-1.3.1.js
+++ b/js/zlib-1.3.1.js
@ -1,6 +1,6 @@
 'use strict';
-(function() {
+(function () {
    let ret;
    async function initialize() {
@ -23,16 +23,7 @@
            _abort: errno => { console.error(`Error: ${errno}`) },
            _grow: () => { },
        };
-
+        const ins = (await WebAssembly.instantiateStreaming(fetch('js/zlib-1.3.1.wasm'), { env })).instance;
        let buff;
        if (typeof fs === 'object') {
            buff = fs.readFileSync('zlib-1.3.1.wasm');
        } else {
            const resp = await fetch('js/zlib-1.3.1.wasm');
            buff = await resp.arrayBuffer();
        }
        const module = await WebAssembly.compile(buff);
        const ins = await WebAssembly.instantiate(module, { env });
        const srcPtr = ins.exports._malloc(CHUNK_SIZE);
        const dstPtr = ins.exports._malloc(CHUNK_SIZE);
--- a/lib/Configuration.php
+++ b/lib/Configuration.php
@ -54,7 +54,7 @@ class Configuration
            'qrcode'                   => true,
            'email'                    => true,
            'icon'                     => 'identicon',
-            'cspheader'                => 'default-src \'none\'; base-uri \'self\'; form-action \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; frame-ancestors \'none\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads',
+            'cspheader'                => 'default-src \'none\'; base-uri \'self\'; form-action \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'wasm-unsafe-eval\'; style-src \'self\'; font-src \'self\'; frame-ancestors \'none\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads',
            'zerobincompatibility'     => false,
            'httpwarning'              => true,
            'compression'              => 'zlib',
@ -106,13 +106,13 @@ class Configuration
            'js/dark-mode-switch.js' => 'sha512-BhY7dNU14aDN5L+muoUmA66x0CkYUWkQT0nxhKBLP/o2d7jE025+dvWJa4OiYffBGEFgmhrD/Sp+QMkxGMTz2g==',
            'js/jquery-3.7.1.js'     => 'sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==',
            'js/kjua-0.9.0.js'       => 'sha512-CVn7af+vTMBd9RjoS4QM5fpLFEOtBCoB0zPtaqIDC7sF4F8qgUSRFQQpIyEDGsr6yrjbuOLzdf20tkHHmpaqwQ==',
-            'js/legacy.js'           => 'sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==',
+            'js/legacy.js'           => 'sha512-UxW/TOZKon83n6dk/09GsYKIyeO5LeBHokxyIq+r7KFS5KMBeIB/EM7NrkVYIezwZBaovnyNtY2d9tKFicRlXg==',
            'js/prettify.js'         => 'sha512-puO0Ogy++IoA2Pb9IjSxV1n4+kQkKXYAEUtVzfZpQepyDPyXk8hokiYDS7ybMogYlyyEIwMLpZqVhCkARQWLMg==',
            'js/privatebin.js'       => 'sha512-5JuYesxfZ0hS5Auqm5QkDsUy7ZzVabjcfS3zbVLfwkhJVt8ekzU5tYLbhaDTM+wmq3xwV+8N8krpp9fuF5kS3A==',
            'js/purify-3.1.7.js'     => 'sha512-LegvqULiMtOfboJZw9MpETN/b+xnLRXZI90gG7oIFHW+yAeHmKvRtEUbiMFx2WvUqQoL9XB3gwU+hWXUT0X+8A==',
            'js/rawinflate-0.3.js'   => 'sha512-g8uelGgJW9A/Z1tB6Izxab++oj5kdD7B4qC7DHwZkB6DGMXKyzx7v5mvap2HXueI2IIn08YlRYM56jwWdm2ucQ==',
            'js/showdown-2.1.0.js'   => 'sha512-WYXZgkTR0u/Y9SVIA4nTTOih0kXMEd8RRV6MLFdL6YU8ymhR528NLlYQt1nlJQbYz4EW+ZsS0fx1awhiQJme1Q==',
-            'js/zlib-1.3.1.js'       => 'sha512-Z90oppVx/mn0DG2k9airjFVQuliELlXLeT3SRiO6MLiUSbhGlAq+UFwmYbG4i9mwW87dkG8fgJPapGwnUq7Osg==',
+            'js/zlib-1.3.1.js'       => 'sha512-5bU9IIP4PgBrOKLZvGWJD4kgfQrkTz8Z3Iqeu058mbQzW3mCumOU6M3UVbVZU9rrVoVwaW4cZK8U8h5xjF88eQ==',
        ),
    );
--- a/vendor/composer/installed.php
+++ b/vendor/composer/installed.php
@ -3,7 +3,7 @@
        'name' => 'privatebin/privatebin',
        'pretty_version' => 'dev-master',
        'version' => 'dev-master',
-        'reference' => '365782ebeb864a851a9ece915028f6cac97f8fab',
+        'reference' => '1c7d63954642b3852177793c0c17963303484051',
        'type' => 'project',
        'install_path' => __DIR__ . '/../../',
        'aliases' => array(),
@ -31,7 +31,7 @@
        'privatebin/privatebin' => array(
            'pretty_version' => 'dev-master',
            'version' => 'dev-master',
-            'reference' => '365782ebeb864a851a9ece915028f6cac97f8fab',
+            'reference' => '1c7d63954642b3852177793c0c17963303484051',
            'type' => 'project',
            'install_path' => __DIR__ . '/../../',
            'aliases' => array(),