El RIDO
362045c664
re-add data-URLs to CSP for img-src, as these are used for the comment icons
2019-06-16 07:06:58 +02:00
El RIDO
f915af1a5a
adjust CSP header to allow blob URLs
2019-06-15 09:36:09 +02:00
El RIDO
a459c4692c
correcting API use, avoid history glitch
2019-06-01 23:49:40 +02:00
El RIDO
398fabd664
Chrome requires unsafe-eval for it to parse and evaluate WASM modules
2019-05-20 18:29:37 +02:00
El RIDO
12a9b2ff8e
address Scrutinizer issues with the use of getParams method
2019-05-19 10:13:47 +02:00
El RIDO
1baa1c2b0a
fixing API doc issue found by Scrutinizer
2019-05-19 10:05:04 +02:00
El RIDO
800a0df8e3
apply StyleCI patch
2019-05-19 10:01:41 +02:00
El RIDO
909ff2daa7
handle scrutinizer issues (mostly changes in API documentation)
2019-05-19 09:42:55 +02:00
El RIDO
09162a3c57
fix display of v2 pastes in JS, fixing parsing of comments in PHP, avoid exposing expiration date (we provide time_to_live, would allow calculation of creation date of paste)
2019-05-15 07:44:03 +02:00
El RIDO
cc1c55129f
switching to full JSON API without POST array use, ensure all JSON operations are done with error detection
2019-05-13 22:31:52 +02:00
El RIDO
be1e7babc0
removing dead code and improving code coverage
2019-05-11 22:18:35 +02:00
El RIDO
a622c8f484
fix logic, avoid 5.5
2019-05-10 23:27:45 +02:00
El RIDO
c3719435a3
and fixing PHP 5.5
2019-05-10 23:09:35 +02:00
El RIDO
02f3cc739f
documentation on fnv1a64 is lacking, but tests show it was only introduced with PHP 5.6
2019-05-10 22:46:39 +02:00
El RIDO
9b6b25dac0
revert scalar type hints to retain support for PHP < 7.0
2019-05-10 22:35:18 +02:00
El RIDO
76007b6ee9
fixing class compatibility (why is this no longer enforced in PHP > 7.1?)
2019-05-10 22:21:03 +02:00
El RIDO
f58cbefd1e
revert scalar type hints to retain support for PHP < 7.0
2019-05-10 22:13:11 +02:00
El RIDO
fb0c9c595e
remove further type hints for compatibility
2019-05-10 22:04:47 +02:00
El RIDO
bd4dee0f3e
fixing copy/paste errors
2019-05-10 21:52:14 +02:00
El RIDO
1e44902340
apply StyleCI patch
2019-05-10 21:45:34 +02:00
El RIDO
632d70412a
revert scalar type hints to retain support for PHP < 7.0
2019-05-10 21:35:36 +02:00
El RIDO
700f8a0ea7
made all php unit tests pass again
2019-05-10 07:55:39 +02:00
El RIDO
59569bf9fc
working on JsonApi tests
2019-05-08 22:11:21 +02:00
El RIDO
76dc01b959
finishing changes in models, removing last md5 test cases, tightening up allowed POST data
2019-05-06 22:15:21 +02:00
El RIDO
06b90ff48e
sticking to arrays to reduce conversions, inversion of control to simplify logic
2019-05-05 21:03:58 +02:00
El RIDO
b7a03cfdb9
enforcing parameter types, avoiding unnecessary metadata in version 2 pastes
2019-05-05 18:22:57 +02:00
El RIDO
6e15903f1e
make DatabaseTest work pass again, support reading & writing version 1 & 2 pastes & comments
2019-05-05 14:36:47 +02:00
El RIDO
bbdcb3fb0f
remove duplicate code
2019-05-05 08:53:40 +02:00
El RIDO
3338bd792e
implement version 2 format validation, changing ID checksum algorithm, resolves #49
2019-05-03 23:03:57 +02:00
El RIDO
e418b083e8
Merge branch 'master' into webcrypto
2019-01-22 20:11:42 +01:00
rugk
34c64acb75
Apply StyleCi recommendation
2019-01-22 00:14:31 +01:00
rugk
7cb942aca3
Make PHP paste ID function more robust
2019-01-21 23:19:41 +01:00
rugk
541fff199a
Put PHP paste request into own function
2019-01-21 23:06:25 +01:00
El RIDO
79a858f176
extracting only the 16 hex characters of the query string as paste ID, addressing #396
2019-01-20 12:20:37 +01:00
El RIDO
cde96d8f24
fixing bug in jsonld processing with certain URL paths
2018-12-17 19:42:26 +01:00
El RIDO
9ce41022cf
correcting namespaces
2018-11-19 13:09:34 +01:00
El RIDO
b5ebc4a3d7
incrementing version
2018-08-11 19:29:58 +02:00
El RIDO
a5e8eeaaf9
StyleCI: Obey the alphabet #342
2018-07-29 16:15:52 +02:00
El RIDO
4a35428499
cleanup of PurgeLimiter #342
2018-07-29 16:05:57 +02:00
El RIDO
3470dcd9a8
more compact ServerSalt #342
2018-07-29 15:50:36 +02:00
El RIDO
5db3412b69
cleanup of TrafficLimiter #342
2018-07-29 15:43:28 +02:00
El RIDO
f9c8441edb
renaming controller #342
2018-07-29 15:17:35 +02:00
El RIDO
720897b902
correct CSP to allow password prompt
2018-07-21 06:45:09 +00:00
El RIDO
cfe60db8fd
increment version number
2018-07-01 13:11:32 +02:00
El RIDO
6225a8ef16
updating translators in credits
2018-06-11 20:29:47 +02:00
El RIDO
9a0318517b
correct PHPdoc, fixes #264
2018-05-27 15:18:25 +02:00
El RIDO
d6f203dc4c
Removed option to hide clone button on expiring pastes, since this requires reading the paste for rendering the template, which leaks information on the pastes state
2018-05-27 15:05:31 +02:00
El RIDO
05c1776ada
ensure ALL read errors are only exposed in the JSON API to avoid information leakage (i.e. beviour for deleted vs expired pastes), updated test cases & removed duplicate test
2018-05-27 14:36:30 +02:00
El RIDO
caf87cc6f1
Merge branch 'master' into burnafterreading-fix, regression in expired paste error
2018-04-30 20:01:38 +02:00
El RIDO
2c82279292
Merge branch 'attachment-handling' of https://github.com/thororm/PrivateBin into thororm-attachment-handling
...
apart from resolving conflicts:
- added missing docs
- inlined functions that were used in only one location
- updated unit test to support all previews
- fixed a regression that displayed the preview even when there was no preview and too early
2018-04-29 11:57:03 +02:00
rugk
9c132cd839
Disallow form-action in CSP to limit outgoing connections
...
See https://github.com/PrivateBin/PrivateBin/issues/272
2018-01-06 18:06:06 +01:00
El RIDO
3bca559826
moving access to into Request class
2018-01-06 10:27:58 +01:00
rugk
414ab0eb71
Add config and basic page template support
...
* load JS file asyncronously (just HTML5 async attribut)
* add basic support for page template, where it generates the code inside
of a simple div at the top
* added option to turn off QR code support
2017-12-25 14:59:15 +01:00
El RIDO
86ecdb1155
fixing post increment
2017-11-13 22:15:14 +01:00
El RIDO
502e96c129
StyleCI recommendations
2017-10-08 19:23:33 +02:00
El RIDO
a5d5f6066a
refactoring as recommended by Scrutinizer
2017-10-08 19:16:09 +02:00
El RIDO
9f26894b2e
PHP < 5.6 compatibility and StyleCI recommendations
2017-10-08 17:10:51 +02:00
El RIDO
4f06feef81
implemented JSON file conversion on purge and storage in PHP files for data leak protection
2017-10-08 16:59:31 +02:00
El RIDO
4ded4b7f8c
adding correct HTTP error to response, as per @rugk's recommentation
2017-10-08 16:43:46 +02:00
El RIDO
dbfb1e83ba
removing dead code
2017-10-08 16:43:10 +02:00
El RIDO
62f0b95377
making StyleCI happy
2017-10-08 16:42:43 +02:00
El RIDO
6e8eafe129
implemented INI cenversion functionality
2017-10-08 16:42:11 +02:00
El RIDO
6fa2bfe30e
updated documentation, incremented version
2017-10-08 16:40:51 +02:00
rugk
f037967820
changes the file extension to php and adds a small one-liner to stop PHP from presenting the file to any website visitor
...
Signed-off-by: El RIDO <elrido@gmx.net>
2017-10-08 16:25:48 +02:00
thororm
23f5dfbff8
Merge remote-tracking branch 'remotes/thororm/master' into attachment-handling
...
# Conflicts:
# tpl/bootstrap.php
# tpl/page.php
2017-05-13 19:48:25 +02:00
rugk
283873d89a
Fix stupid copy&paste error
2017-04-13 10:52:48 +02:00
rugk
9b6748c54d
Adjust requested changes
2017-04-13 10:46:09 +02:00
El RIDO
f54036976a
added instantburnafterreading option to address #174
2017-04-11 17:23:26 +02:00
rugk
183ebe518b
Force JSON request for getting paste data
2017-04-11 16:34:13 +02:00
thororm
096f07f86e
Merge branch 'master' into attachment-handling
...
# Conflicts:
# js/privatebin.js
# tpl/bootstrap.php
# tpl/page.php
2017-04-02 13:30:52 +02:00
El RIDO
bbcc3e167b
implementing recommendations of scrutinizer
2017-03-25 00:58:59 +01:00
El RIDO
9b2af0abf5
fixing documentation
2017-03-24 23:54:37 +01:00
El RIDO
18315e7de0
removing unused class
2017-03-24 23:45:10 +01:00
El RIDO
f7853cf439
removing duplicate code, cleanup of temporary test files
2017-03-24 23:42:11 +01:00
El RIDO
ce92bfa934
updated .htaccess format, refactored .htaccess creation logic and improving code coverage, fixes #194
2017-03-24 21:30:08 +01:00
El RIDO
88b02d866e
fixes #186 for good
2017-03-24 19:20:34 +01:00
El RIDO
be0919893d
updating shipped .htaccess files for Apache 2.4 as per https://httpd.apache.org/docs/2.4/upgrading.html#access - Thanks @EchoDev, fixes #194
2017-03-11 08:56:14 +01:00
El RIDO
823adb78ef
bumping required PHP to 5.4, removing unneccessary code, resolves #186
2017-03-05 11:22:24 +01:00
El RIDO
23b09d601d
credited Tulio for the portuguese translation, updated SRI hashes
2017-03-05 11:02:18 +01:00
El RIDO
db307c3a77
updated test cases and delete logic to properly implement documented API, thanks @r4sas #188
2017-02-22 21:42:14 +01:00
thororm
4cb0ce5114
Removed self from cspheader
...
Refactored some variable names
2017-02-13 20:37:57 +01:00
thororm
faf596aeb7
Added preview for
...
- Video (HTML5)
- Audio (HTML5)
- PDF (Browser capabilities)
attachment.
Added drag & drop functionality
Added attachment preview to preview before submitting
2017-02-12 15:35:37 +01:00
rugk
e9b10f9e2d
Add CSP sandbox
...
Fixes https://github.com/PrivateBin/PrivateBin/issues/168
Alos needed to run some Composer stuff, no idea why my diff was different.
2017-02-01 18:34:13 +01:00
El RIDO
a7de0e095b
added supported language, updated credits and changelog
2017-01-10 20:37:14 +01:00
El RIDO
67f6c4eb61
turned bootstrap template variants into logic
2017-01-08 10:02:07 +01:00
El RIDO
f79c00378b
Choosing correct Occitan plural formula, added unit tests for Occitan and Chinese, corrected casing of languages in unit test
2017-01-08 07:56:56 +01:00
El RIDO
a5d91298ff
add an option to change the site name, solves #154
2017-01-01 16:33:11 +01:00
El RIDO
4a036aea80
updated SRI hashes, added missing formula for slowene plurals and unit test for it, updated credits and changelog
2017-01-01 14:35:39 +01:00
El RIDO
1426d4e371
tagging 1.1 release and updating documentation
2016-12-26 12:13:50 +01:00
El RIDO
f6b8ee3e20
add missing check for non-expiring pastes, fixes #149
2016-12-25 12:15:29 +01:00
El RIDO
ecd8a51137
writing a unit test for #145 lead to the discovery of two errors in the polish translations: error in formula and missing number placeholders in the translation strings
2016-12-25 11:37:45 +01:00
atnaguzin
bbcc53f08e
StyleCI fix
2016-12-16 12:25:10 +03:00
R4SAS
ccba2f029f
added ru plural formula
2016-12-16 12:15:37 +03:00
rugk
da10a761c4
Fix more typos
2016-12-12 18:50:00 +01:00
rugk
61ee0ef7d3
Fix typos
2016-12-12 18:49:08 +01:00
rugk
658d5ae84d
Fix style-ci errors
2016-12-12 18:43:23 +01:00
El RIDO
1f46823942
applying patch based on StyleCI ruleset
2016-10-29 10:24:08 +02:00
El RIDO
8cfcf1c9f5
Adding HTTP headers to address certain XSS attacks, resolves #91
2016-09-18 11:29:37 +02:00
rugk
1a159c973f
Prevent referrer to be send
...
Uses both CSP and Referrer-Policy
Fixes #96
2016-09-03 18:12:24 +02:00
rugk
b7184b92a3
Fix csp config unit tests
2016-08-27 14:47:21 +02:00