mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2024-10-01 01:26:10 -04:00
XSS flaw correction
With a client IE < 10 there was a XSS security flaw. Other browsers were not affected. Also corrected spacing display with IE<10. (cherry picked from commit 28813cd82ae47e556b610da3c7302a6709e27431) Conflicts: CHANGELOG.md index.php js/zerobin.js lib/vizhash16x16.php
This commit is contained in:
parent
d9930978ba
commit
bc8b23d35e
@ -63,4 +63,7 @@
|
|||||||
* ADDED: Better json checking (including entropy).
|
* ADDED: Better json checking (including entropy).
|
||||||
* ADDED: Added version to js/css assets URLs in order to prevent some abusive caches to serve an obsolete version of these files when ZeroBin is upgraded.
|
* ADDED: Added version to js/css assets URLs in order to prevent some abusive caches to serve an obsolete version of these files when ZeroBin is upgraded.
|
||||||
* "Burn after reading" option has been moved out of Expiration combo to a separate checkbox. Reason is: You can prevent a read-once paste to be available ad vitam eternam on the net.
|
* "Burn after reading" option has been moved out of Expiration combo to a separate checkbox. Reason is: You can prevent a read-once paste to be available ad vitam eternam on the net.
|
||||||
|
* **Alpha 0.19 (2013-07-05)**:
|
||||||
|
* Corrected XSS security flaw which affected IE<10. Other browsers were not affected.
|
||||||
|
* Corrected spacing display in IE<10.
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
ZeroBin 0.18 Alpha
|
ZeroBin 0.19 Alpha
|
||||||
|
|
||||||
==== THIS IS ALPHA SOFTWARE - USE AT YOUR OWN RISKS ====
|
==== THIS IS ALPHA SOFTWARE - USE AT YOUR OWN RISKS ====
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
/* ZeroBin 0.18 - http://sebsauvage.net/wiki/doku.php?id=php:zerobin */
|
/* ZeroBin 0.19 - http://sebsauvage.net/wiki/doku.php?id=php:zerobin */
|
||||||
|
|
||||||
|
|
||||||
/* CSS Reset from YUI 3.4.1 (build 4118) - Copyright 2011 Yahoo! Inc. All rights reserved.
|
/* CSS Reset from YUI 3.4.1 (build 4118) - Copyright 2011 Yahoo! Inc. All rights reserved.
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
||||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||||
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||||
* @version 0.18
|
* @version 0.19
|
||||||
*/
|
*/
|
||||||
|
|
||||||
// change this, if your php files and data is outside of your webservers document root
|
// change this, if your php files and data is outside of your webservers document root
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
||||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||||
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||||
* @version 0.18
|
* @version 0.19
|
||||||
*/
|
*/
|
||||||
|
|
||||||
// Immediately start random number generator collector.
|
// Immediately start random number generator collector.
|
||||||
@ -152,6 +152,9 @@ function pasteID() {
|
|||||||
return window.location.search.substring(1);
|
return window.location.search.substring(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function htmlEntities(str) {
|
||||||
|
return String(str).replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>').replace(/"/g, '"');
|
||||||
|
}
|
||||||
/**
|
/**
|
||||||
* Set text of a DOM element (required for IE)
|
* Set text of a DOM element (required for IE)
|
||||||
* This is equivalent to element.text(text)
|
* This is equivalent to element.text(text)
|
||||||
@ -162,8 +165,8 @@ function setElementText(element, text) {
|
|||||||
// For IE<10.
|
// For IE<10.
|
||||||
if ($('div#oldienotice').is(":visible")) {
|
if ($('div#oldienotice').is(":visible")) {
|
||||||
// IE<10 does not support white-space:pre-wrap; so we have to do this BIG UGLY STINKING THING.
|
// IE<10 does not support white-space:pre-wrap; so we have to do this BIG UGLY STINKING THING.
|
||||||
element.text(text.replace(/\n/ig,'{BIG_UGLY_STINKING_THING__OH_GOD_I_HATE_IE}'));
|
var html = htmlEntities(text).replace(/\n/ig,"\r\n<br>");
|
||||||
element.html(element.text().replace(/{BIG_UGLY_STINKING_THING__OH_GOD_I_HATE_IE}/ig,"\n<br />"));
|
element.html('<pre>'+html+'</pre>');
|
||||||
}
|
}
|
||||||
// for other (sane) browsers:
|
// for other (sane) browsers:
|
||||||
else {
|
else {
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
||||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||||
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||||
* @version 0.18
|
* @version 0.19
|
||||||
*/
|
*/
|
||||||
|
|
||||||
spl_autoload_register('auto::loader');
|
spl_autoload_register('auto::loader');
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
||||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||||
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||||
* @version 0.18
|
* @version 0.19
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
||||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||||
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||||
* @version 0.18
|
* @version 0.19
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
||||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||||
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||||
* @version 0.18
|
* @version 0.19
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
||||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||||
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||||
* @version 0.18
|
* @version 0.19
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
||||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||||
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||||
* @version 0.18
|
* @version 0.19
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
* @link http://sebsauvage.net/wiki/doku.php?id=php:vizhash_gd
|
* @link http://sebsauvage.net/wiki/doku.php?id=php:vizhash_gd
|
||||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||||
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||||
* @version 0.0.4 beta ZeroBin 0.18
|
* @version 0.0.4 beta ZeroBin 0.19
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
||||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||||
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||||
* @version 0.18
|
* @version 0.19
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
||||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||||
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||||
* @version 0.18
|
* @version 0.19
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
||||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||||
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||||
* @version 0.18
|
* @version 0.19
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
* @link http://sebsauvage.net/wiki/doku.php?id=php:zerobin
|
||||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||||
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||||
* @version 0.18
|
* @version 0.19
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user