Commit Graph

502 Commits

Author SHA1 Message Date
El RIDO
2c711e9d3c
prevent bypassing YOURLS proxy URL filter, allowing to shorten non-self URLs 2024-06-29 20:28:18 +02:00
El RIDO
68ccaaace0 address unit test failures due to strict typing 2024-06-04 07:27:45 +02:00
El RIDO
cebc9acce6 enable strict types in PHP 2024-06-04 07:13:55 +02:00
El RIDO
05402ef304 remove version from doc blocs
- @version in file header level isn't used on code docs, it is intended
  for API versions at class or method level
- avoids needing to update all these files on version increment
- avoids needing to regenerate SRI hashes for privatebin.js through
  extra phpunit run
- simplifies VERSION_FILES list
- avoids having to filter above list during loop
- adds a few missing doc bloc headers
2024-05-28 21:03:22 +02:00
El RIDO
99a3e087ed refactor database schema upgrade to support skipping versions 2024-05-25 09:40:41 +02:00
El RIDO
b96c8ae531 revert version increment in database upgrade 2024-05-25 09:14:24 +02:00
El RIDO
22419cd68a
incrementing version 2024-05-13 19:18:30 +02:00
El RIDO
5067e9222c
incrementing version 2024-05-05 20:43:33 +02:00
El RIDO
9b99712fce
handle further PHP 8.2 deprecations
PHP 8.2 deprecates implicit conversion from float to int if it loses precision, hence the explicit conversion. I missed these in 6bcef2fa24
2024-05-05 11:17:33 +02:00
El RIDO
49bc97e295
apply StyleCI recommendation 2024-05-05 11:16:17 +02:00
El RIDO
b00528388f
Merge branch 'master' into chrono-privacy 2024-05-05 10:25:31 +02:00
El RIDO
0f9158b37b
allow disabling comment date display using discussiondatedisplay configuration option 2024-05-04 14:38:41 +02:00
El RIDO
81fdf8ebfc
re-lax samesite cookie policy
As per discussion in code review:

> Cookies are always scoped in browsers. That's not the issue. SameSite attribute just protects against CSRF attacks. But Get requests (aka links) are also "protected" with Strict, which breaks it… and for users that is highly confusing when they (apparently arbitrarily) do not get the language they have set before when clicking a link.

https://github.com/PrivateBin/PrivateBin/pull/1287#discussion_r1589299210
2024-05-04 12:12:31 +02:00
El RIDO
5425ea79f8
Merge branch 'master' into bootstrap5 2024-05-04 12:08:10 +02:00
El RIDO
041068b590
apply Scrutinizer recommendation 2024-05-01 21:07:24 +02:00
El RIDO
58a235e068
apply StyleCI recommendation 2024-05-01 21:04:29 +02:00
El RIDO
2b2b6f2e41
SQLite 3.35.0 introduced drop column support
see https://www.sqlite.org/releaselog/3_35_0.html
2024-05-01 21:01:12 +02:00
El RIDO
2cc40b2447
apply StyleCI recommendation 2024-05-01 20:36:47 +02:00
El RIDO
b2db26998d
remove the old keys, if they are still stored 2024-05-01 20:32:39 +02:00
El RIDO
a9f1926b96
implement chrono privacy for pastes, addresses #1290 2024-05-01 20:16:03 +02:00
El RIDO
142a380bb2
undo simplification, here we actually check if it is a non-empty string 2024-04-23 22:02:41 +02:00
El RIDO
f4e8e363cb
fix scrutinizer reported issue
empty only works with variables, not constants - here we want to error out if PATH either isn't defined or does not end in a directory separator, so we can concatenate onto it
2024-04-23 21:15:33 +02:00
El RIDO
658383e6d1
set lang cookie with strict SameSite property 2024-04-21 11:36:31 +02:00
El RIDO
491ed9a521
bootstrap 5 template function complete
current status:
- got expiration and format selections to work
- fixed modals (password, QR-code, etc.)
- replaced glyphicons with Bootstrap icons (needs CSP relaxation to work)
- tested the different settings and combinations
- got editor tabs to change active status

to be done:
- add "Dark Mode" to translation strings
- figure out how to change prettify theme when dark mode gets selected
- check tab alignment in HTML source
2024-04-18 21:36:43 +02:00
El RIDO
7565be8ed5
initial work on a bootstrap 5 template
current status:
- renders without PHP errors & passes unit tests
- displays pastes
- responsive navbar
- right-to-left support
- auto dark mode with toggle

to be done:
- add "Dark Mode" to translation strings
- get expiration and format selections to work
- fix modals (password, QR-code, etc.)
- replace glyphicons with Bootstrap Icons (no longer included)
- test all the different settings and combinations
- check tab alignment in HTML source
2024-04-01 18:59:28 +02:00
El RIDO
6bcef2fa24
handle PHP 8.2 deprecation
PHP 8.2 deprecates implicit conversion from float to int if it loses precision, hence the explicit conversion.

PHP 8.1 deprecates the (optional since PHP 8.0) 3rd parameter of imagefilledpolygon(), but 7.3 & 7.4 require it.
2024-04-01 14:50:16 +02:00
El RIDO
3bc09ed561
Merge pull request #1275 from PrivateBin/legacy-php-cleanup
input sanitation & removing some obsolete version checks
2024-03-26 06:33:57 +01:00
Zwyx
6130547ca6
Add response header X-Uncompressed-Content-Length for JSON API
Because the response from the API is PHP output, the usual `Content-Length` header is absent.

This [custom header technique](https://stackoverflow.com/questions/15097712/how-can-i-use-deflated-gzipped-content-with-an-xhr-onprogress-function/32799706#32799706) allows the client to know the total length of the data being received, in order to display a progress indicator.

Here's a code example with `XMLHttpRequest`:


```
xhr.addEventListener("progress", (e) => {
	if (e.lengthComputable) {
		onDownloadProgress({
			loaded: e.loaded,
			total: e.total,
		});
	} else {
		const uncompressedContentLength = xhr.getResponseHeader(
			"X-Uncompressed-Content-Length",
		);

		if (uncompressedContentLength) {
			onDownloadProgress({
				loaded: e.loaded,
				total: Number(uncompressedContentLength),
			});
		}
	}
});
```

Notes:
- `Fetch` can be used as well (only reason I use `XMLHttpRequest` is because `fetch` doesn't allow to track the progress of uploaded data (when creating a paste); whereas `XMLHttpRequest` does).
- `e.loaded` can be different between browsers; Firefox reports the length of the compressed data, Chrome reports the length of uncompressed data (see https://github.com/whatwg/xhr/issues/388). A workaround for this is to manually set our progress indicator to 100% when the request finishes.
2024-03-24 19:40:50 +08:00
El RIDO
65a626f940 inputs sanitation & remove some obsolete version checks
using filter_vars instead of filter_input, because our unit tests depend on manipulating global arrays, which are not used by filter_input - we would have to mock the function in the unit testing, it therefore is cleaner to use the same code paths in testing as in production

some inputs in I18n and TrafficLimiter remain unfiltered, since we already validate them by other means (IP lib and/or preg_match)

our minimum PHP version is 7.3, so we can drop the two < 5.6 fallback checks
2024-03-23 11:27:25 +01:00
Aaron Sherber
7c9cc7754f
Allow for shortenviayourls in query params 2024-03-16 16:55:49 -04:00
El RIDO
e1e0e8399c
phpdoc improvements 2024-03-10 18:01:46 +01:00
El RIDO
5f00587d71
phpdoc improvements, fixes #1036 2024-03-10 17:07:10 +01:00
Aaron Sherber
fd7d9f4715
Fix styleci issues 2024-03-09 16:55:44 -05:00
Aaron Sherber
8abf6ae9cb
Always add cache control headers 2024-03-09 16:49:42 -05:00
El RIDO
aad975a721
incrementing version 2024-02-11 15:31:11 +01:00
El RIDO
a3ee624d3a
incrementing version 2024-02-11 14:17:27 +01:00
El RIDO
257fc5d2b6
enable Romanian translation and credit it 2024-01-27 19:15:40 +01:00
El RIDO
2985305dbb
Merge pull request #1220 from PrivateBin/en-default-test
prevent regression around presence or absence of en.json
2023-12-23 13:06:05 +01:00
El RIDO
d49be80ffb
prevent regression around presence or absence of en.json
it gets excluded in the release archive, it's absence should not make
any difference
2023-12-18 21:49:21 +01:00
El RIDO
d88945663e detect and report on damaged pastes
May occur during statistics or purge, when existing pastes get parsed, addresses #1214
2023-12-16 07:38:09 +01:00
El RIDO
d0420fb418
1.6.2 release 2023-12-15 07:20:20 +01:00
El RIDO
684924e9e5
apply StyleCI patch 2023-12-09 12:00:57 +01:00
El RIDO
a7f720d825
ensure English is always added to available languages, fixes #1208
bug got introduced in 3668f1e3f4 and
started affecting release after 896a49c8cf
2023-12-09 11:58:29 +01:00
El RIDO
3bd570bd6a
incrementing version 2023-12-04 21:07:17 +01:00
El RIDO
5c97443d1d
add basic RTL support, drop default language key 2023-09-19 07:29:00 +02:00
El RIDO
f56907bd38
increment version 2023-09-11 19:36:45 +02:00
Sergio Giraldo
c665385ff6
feat: make the email button optional. Issue #1031
::by sergio giraldo
@ 20230909T2226CEST, gpg signed
2023-09-09 22:26:11 +02:00
El RIDO
fe37b7f0e5 enable & credit Japanese & Arabic translations 2023-08-01 14:00:45 +02:00
El RIDO
ecf100551d document change, raise minimum PHP version to 7.3, remove branch refresh 2023-07-23 10:04:57 +02:00
El RIDO
01afe7d481
incrementing version 2023-07-09 08:44:22 +02:00