Commit Graph

205 Commits

Author SHA1 Message Date
El RIDO
ec2e981984
upgrading DOMpurify library to 3.1.7 2024-10-19 11:17:53 +02:00
parthiv-m
851dadf600 Update CHANGELOG.md 2024-10-17 21:56:42 -04:00
El RIDO
e865bec9c3 document changes 2024-09-03 05:53:01 +02:00
El RIDO
ab2d2f2477 upgrading DOMpurify library to 3.1.6 2024-08-03 09:52:30 +02:00
El RIDO
7294ea7847
Merge branch 'master' into sri-into-config 2024-07-09 21:32:42 +02:00
El RIDO
cf95e0b1d1
Merge branch 'master' into pg-tables-query 2024-07-09 21:30:17 +02:00
El RIDO
d2f311d246
chore: prepare for next release 2024-07-09 21:27:49 +02:00
El RIDO
031bcef317
incrementing version 2024-07-09 20:36:26 +02:00
El RIDO
0c4e810e67
Merge branch 'shorten-non-self-url' 2024-07-09 20:33:54 +02:00
El RIDO
8712ed6a5d
Merge pull request #1357 from PrivateBin/b5-textarea-height
bootstrap5 textarea height relative to viewport height
2024-07-09 20:28:17 +02:00
El RIDO
8b3b16be44
SRI hashes are now configurable, no longer hardcoded in templates
- addresses #1365
- should make upgrades easier for those using custom templates
- if the JS files got customized, the default SRI hashes can be replaced in the conf.php file, added commented section in conf.sample.php
2024-07-07 16:36:52 +02:00
El RIDO
e0bca0d4dc simpler PostgreSQL table lookup query, fixes #1361 2024-07-07 12:37:28 +02:00
El RIDO
2c711e9d3c
prevent bypassing YOURLS proxy URL filter, allowing to shorten non-self URLs 2024-06-29 20:28:18 +02:00
El RIDO
eb42915991
bootstrap5 textarea height relative to viewport height, fixes #1349 2024-06-13 20:22:40 +02:00
El RIDO
ab05ed9532
bootstrap5 dark mode toggle unset on dark browser preference, fixes #1340 2024-06-13 20:00:26 +02:00
El RIDO
662d0e1430 document change 2024-06-04 07:32:13 +02:00
El RIDO
6aa292e33d document changes 2024-05-30 07:31:13 +02:00
El RIDO
d961a892f2
chore: prepare for next release 2024-05-13 19:33:43 +02:00
El RIDO
22419cd68a
incrementing version 2024-05-13 19:18:30 +02:00
El RIDO
619fbb6653 Merge remote-tracking branch 'origin/dompurify' 2024-05-13 06:57:41 +02:00
El RIDO
435f0d8ea1 Merge remote-tracking branch 'origin/bootstrap5-navbar' 2024-05-13 06:55:50 +02:00
El RIDO
ee3b5ec08a
chore: upgrade DOMPurify from v3.1.2 to 3.1.3 2024-05-12 10:18:49 +02:00
El RIDO
976650bdde
bootstrap 5 nav bar & footer improvements, closes #1317 2024-05-09 18:18:57 +02:00
El RIDO
2c8b5ed0e4
expiration time selection for bootstrap template, fixes #1309 2024-05-09 15:55:42 +02:00
El RIDO
28f3e544b8
chore: prepare for next release 2024-05-05 22:53:19 +02:00
El RIDO
5067e9222c
incrementing version 2024-05-05 20:43:33 +02:00
El RIDO
843aa00473 Merge branch 'chrono-privacy' 2024-05-05 19:34:22 +02:00
El RIDO
6028a1d801
chore: upgrade jQuery from v3.7.0 to 3.7.1 2024-05-05 11:50:12 +02:00
El RIDO
b00528388f
Merge branch 'master' into chrono-privacy 2024-05-05 10:25:31 +02:00
El RIDO
0983d1b514
doc 2024-05-04 16:19:56 +02:00
El RIDO
06fb606aa7
Merge branch 'master' into bootstrap 2024-05-04 16:15:07 +02:00
rugk
3f1bcb5c5a
doc: add Chnagelog entry 2024-05-04 15:39:25 +02:00
El RIDO
0f9158b37b
allow disabling comment date display using discussiondatedisplay configuration option 2024-05-04 14:38:41 +02:00
El RIDO
81fdf8ebfc
re-lax samesite cookie policy
As per discussion in code review:

> Cookies are always scoped in browsers. That's not the issue. SameSite attribute just protects against CSRF attacks. But Get requests (aka links) are also "protected" with Strict, which breaks it… and for users that is highly confusing when they (apparently arbitrarily) do not get the language they have set before when clicking a link.

https://github.com/PrivateBin/PrivateBin/pull/1287#discussion_r1589299210
2024-05-04 12:12:31 +02:00
El RIDO
a9f1926b96
implement chrono privacy for pastes, addresses #1290 2024-05-01 20:16:03 +02:00
El RIDO
9bcb114a23
document changes 2024-04-21 11:46:46 +02:00
El RIDO
65a626f940 inputs sanitation & remove some obsolete version checks
using filter_vars instead of filter_input, because our unit tests depend on manipulating global arrays, which are not used by filter_input - we would have to mock the function in the unit testing, it therefore is cleaner to use the same code paths in testing as in production

some inputs in I18n and TrafficLimiter remain unfiltered, since we already validate them by other means (IP lib and/or preg_match)

our minimum PHP version is 7.3, so we can drop the two < 5.6 fallback checks
2024-03-23 11:27:25 +01:00
El RIDO
f0794e3c0b document & attribute changes from #1267 2024-03-18 07:48:20 +01:00
El RIDO
89a5d07b94
shortened paste URL does not appear in email
fixes #606
2024-03-10 17:26:30 +01:00
El RIDO
53d2d3334d
document & attribute changes 2024-03-10 16:12:40 +01:00
El RIDO
63b2526ee7
"Send" button now labeled "Create", fixes #946 2024-02-12 21:50:11 +01:00
El RIDO
eb59f3a4f3
post-release cleanup 2024-02-11 15:36:59 +01:00
El RIDO
aad975a721
incrementing version 2024-02-11 15:31:11 +01:00
El RIDO
5c29619fee
post-release cleanup
- prep changelog for future changes
- composer changes from re-running composer on the repo, testing deps
- change to phpunit coverage make target, required with newer releases
2024-02-11 15:10:01 +01:00
El RIDO
a3ee624d3a
incrementing version 2024-02-11 14:17:27 +01:00
El RIDO
57b1890815 Merge branch 'master' into ask-before-burn 2024-02-07 19:45:54 +01:00
El RIDO
7bb913acdf
Merge pull request #1236 from PrivateBin/bump-libs
bump libraries to DOMpurify 3.0.8 & zlib 1.3.1, increase compression level
2024-02-07 19:30:25 +01:00
El RIDO
950c0b56b4
revert changing compression level
as per discussion with @rugk, see:
https://github.com/PrivateBin/PrivateBin/pull/1236#discussion_r1473639960
2024-02-06 19:21:14 +01:00
El RIDO
239f6da73c
Merge branch 'master' into crowdin-translation 2024-01-27 19:19:08 +01:00
El RIDO
257fc5d2b6
enable Romanian translation and credit it 2024-01-27 19:15:40 +01:00