Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-04-20 15:45:49 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge d2892b3139e570028cf5372614b2a08a59df9faf into 5a23284645096ba8c5eb844d417030425ad27463

Browse Source
This commit is contained in:
__cyp 2017-06-05 05:58:56 +00:00 committed by GitHub
commit e35d349ac4
3 changed files with 28 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
cfg/conf.ini.sample
View File

@ -3,9 +3,6 @@
; An explanation of each setting can be find online at https://github.com/PrivateBin/PrivateBin/wiki/Configuration.
[main]
; (optional) set a project name to be displayed on the website
; name = "PrivateBin"
; enable or disable the discussion feature, defaults to true
discussion = true
@ -21,10 +18,6 @@ fileupload = false
; preselect the burn-after-reading feature, defaults to false
burnafterreadingselected = false
; delete a burn after reading paste immediatly after it is first accessed from
; the server and do not wait for a successful decryption
instantburnafterreading = false
; which display mode to preselect by default, defaults to "plaintext"
; make sure the value exists in [formatter_options]
defaultformatter = "plaintext"
@ -32,10 +25,10 @@ defaultformatter = "plaintext"
; (optional) set a syntax highlighting theme, as found in css/prettify/
; syntaxhighlightingtheme = "sons-of-obsidian"
; size limit per paste or comment in bytes, defaults to 2 Mebibytes
; size limit per paste or comment in bytes, defaults to 2 Mibibytes
sizelimit = 2097152
; template to include, default is "bootstrap" (tpl/bootstrap.php)
; template to include, default is "bootstrap" (tpl/bootstrap.html)
template = "bootstrap"
; (optional) notice to display
@ -67,14 +60,17 @@ languageselection = false
; custom scripts from third-party domains to your templates, e.g. tracking
; scripts or run your site behind certain DDoS-protection services.
; Check the documentation at https://content-security-policy.com/
; Note: If you use a bootstrap theme, you can remove the allow-popups from the sandbox restrictions.
; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer; sandbox allow-same-origin allow-scripts allow-forms allow-popups"
; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer;"
; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
; sha256 in HMAC for the deletion token
zerobincompatibility = false
; allows you to specify the name of the web server you are using to use ParseBin.
; if you use nginx or other webserver, delete semicolon
; webserver = "nginx"
[expire]
; expire value that is selected per default
; make sure the value exists in [expire_options]

7
lib/Configuration.php
View File

@ -36,13 +36,11 @@ class Configuration
*/
private static $_defaults = array(
'main' => array(
'name' => 'PrivateBin',
'discussion' => true,
'opendiscussion' => false,
'password' => true,
'fileupload' => false,
'burnafterreadingselected' => false,
'instantburnafterreading' => false,
'defaultformatter' => 'plaintext',
'syntaxhighlightingtheme' => null,
'sizelimit' => 2097152,
@ -52,8 +50,9 @@ class Configuration
'languagedefault' => '',
'urlshortener' => '',
'icon' => 'identicon',
'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:; referrer no-referrer; sandbox allow-same-origin allow-scripts allow-forms allow-popups',
'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:; referrer no-referrer;',
'zerobincompatibility' => false,
'webserver' => 'Apache',
),
'expire' => array(
'default' => '1week',
@ -241,7 +240,7 @@ class Configuration
public function getSection($section)
{
if (!array_key_exists($section, $this->_configuration)) {
throw new Exception(I18n::_('%s requires configuration section [%s] to be present in configuration file.', I18n::_($this->getKey('name')), $section), 3);
throw new Exception(I18n::_('PrivateBin requires configuration section [%s] to be present in configuration file.', $section), 3);
}
return $this->_configuration[$section];
}

29
lib/Persistence/AbstractPersistence.php
View File

@ -36,6 +36,7 @@ abstract class AbstractPersistence
* @access public
* @static
* @param string $path
* @return void
*/
public static function setPath($path)
{
@ -79,25 +80,31 @@ abstract class AbstractPersistence
* @access protected
* @static
* @throws Exception
* @return void
*/
protected static function _initialize()
{
// Create storage directory if it does not exist.
if (!is_dir(self::$_path)) {
if (!@mkdir(self::$_path, 0700)) {
if (!@mkdir(self::$_path)) {
throw new Exception('unable to create directory ' . self::$_path, 10);
}
}
$file = self::$_path . DIRECTORY_SEPARATOR . '.htaccess';
if (!is_file($file)) {
$writtenBytes = @file_put_contents(
$file,
'Require all denied' . PHP_EOL,
LOCK_EX
);
if ($writtenBytes === false || $writtenBytes < 19) {
throw new Exception('unable to write to file ' . $file, 11);
}
if (property_exists($data->meta, 'webserver') && $data->meta->webserver && $this->_conf->getKey('webserver') == "Apache") {
// Create .htaccess file if it does not exist.
$file = self::$_path . DIRECTORY_SEPARATOR . '.htaccess';
if (!is_file($file)) {
$writtenBytes = @file_put_contents(
$file,
'Allow from none' . PHP_EOL .
'Deny from all' . PHP_EOL,
LOCK_EX
);
if ($writtenBytes === false || $writtenBytes < 30) {
throw new Exception('unable to write to file ' . $file, 11);
}
}
}
}