Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2024-12-25 15:29:23 -05:00
Code Issues Packages Projects Releases Wiki Activity
3,557 Commits 10 Branches 32 Tags 26 MiB
be18dcb838
Commit Graph

623 Commits

Author SHA1 Message Date
El RIDO
81fdf8ebfc
re-lax samesite cookie policy 
As per discussion in code review:

> Cookies are always scoped in browsers. That's not the issue. SameSite attribute just protects against CSRF attacks. But Get requests (aka links) are also "protected" with Strict, which breaks it… and for users that is highly confusing when they (apparently arbitrarily) do not get the language they have set before when clicking a link.

https://github.com/PrivateBin/PrivateBin/pull/1287#discussion_r1589299210
 2024-05-04 12:12:31 +02:00
rugk
4500794980 chore: ugrade DOMPurify from v3.0.8 to 3.1.2 
This incluces v3.1.1, which says:
> Note that this is a security release and should be upgraded to immediately.

https://github.com/cure53/DOMPurify/releases/tag/3.1.1

The release notes of the actual version itself are https://github.com/cure53/DOMPurify/releases/tag/3.1.2

I do not found more information on the vulnerability that apparently is in there.

* [x] manually tested and works
 2024-05-03 15:55:53 +00:00
El RIDO
c7226eedd7
Update tpl/bootstrap5.php 
Co-authored-by: rugk <rugk+git@posteo.de>
 2024-05-02 08:03:55 +02:00
El RIDO
8bfab7fd89
Update tpl/bootstrap5.php 
Co-authored-by: rugk <rugk+git@posteo.de>
 2024-05-02 08:01:37 +02:00
El RIDO
5c6bd3eba8
Update tpl/bootstrap5.php 
Co-authored-by: rugk <rugk+git@posteo.de>
 2024-04-23 23:09:21 +02:00
El RIDO
c66d3f05da
semantics 2024-04-23 22:11:58 +02:00
El RIDO
e22da2e0d1
address "oneliner-hell" 2024-04-23 21:15:33 +02:00
El RIDO
658383e6d1
set lang cookie with strict SameSite property 2024-04-21 11:36:31 +02:00
El RIDO
15481290fb
fix tab alignment 2024-04-21 11:02:14 +02:00
El RIDO
545ba7506e
bootstrap 5 - fix password modal display 2024-04-21 11:01:40 +02:00
El RIDO
a7ea62fcd0
bootstrap 5 prettify dark theme support 
current status:
- made prettify theme work with dark mode

to be done:
- fix password modal display
- add "Dark Mode" to translation strings
- check tab alignment in HTML source
 2024-04-19 14:00:49 +02:00
El RIDO
491ed9a521
bootstrap 5 template function complete 
current status:
- got expiration and format selections to work
- fixed modals (password, QR-code, etc.)
- replaced glyphicons with Bootstrap icons (needs CSP relaxation to work)
- tested the different settings and combinations
- got editor tabs to change active status

to be done:
- add "Dark Mode" to translation strings
- figure out how to change prettify theme when dark mode gets selected
- check tab alignment in HTML source
 2024-04-18 21:36:43 +02:00
El RIDO
7565be8ed5
initial work on a bootstrap 5 template 
current status:
- renders without PHP errors & passes unit tests
- displays pastes
- responsive navbar
- right-to-left support
- auto dark mode with toggle

to be done:
- add "Dark Mode" to translation strings
- get expiration and format selections to work
- fix modals (password, QR-code, etc.)
- replace glyphicons with Bootstrap Icons (no longer included)
- test all the different settings and combinations
- check tab alignment in HTML source
 2024-04-01 18:59:28 +02:00
El RIDO
1870b9075c Merge branch 'cloudrac3r-patch-1' 2024-03-22 07:44:47 +01:00
Cadence Ember
d4fdc563ae Update all instances of text in language files 2024-03-22 11:25:17 +13:00
El RIDO
89a5d07b94
shortened paste URL does not appear in email 
fixes #606
 2024-03-10 17:26:30 +01:00
El RIDO
63b2526ee7
"Send" button now labeled "Create", fixes #946 2024-02-12 21:50:11 +01:00
El RIDO
aad975a721
incrementing version 2024-02-11 15:31:11 +01:00
El RIDO
a3ee624d3a
incrementing version 2024-02-11 14:17:27 +01:00
El RIDO
57b1890815 Merge branch 'master' into ask-before-burn 2024-02-07 19:45:54 +01:00
El RIDO
7bb913acdf
Merge pull request #1236 from PrivateBin/bump-libs 
bump libraries to DOMpurify 3.0.8 & zlib 1.3.1, increase compression level
 2024-02-07 19:30:25 +01:00
El RIDO
25de89c954
change loading confirm prefix, fix password modal focus, again 2024-02-06 20:22:47 +01:00
El RIDO
950c0b56b4
revert changing compression level 
as per discussion with @rugk, see:
https://github.com/PrivateBin/PrivateBin/pull/1236#discussion_r1473639960
 2024-02-06 19:21:14 +01:00
El RIDO
239f6da73c
Merge branch 'master' into crowdin-translation 2024-01-27 19:19:08 +01:00
El RIDO
257fc5d2b6
enable Romanian translation and credit it 2024-01-27 19:15:40 +01:00
El RIDO
03d2291ec7
Merge branch 'master' into ask-before-burn 2024-01-27 18:56:52 +01:00
El RIDO
d0e03e5167
change logic into asking for loading confirmation 
also:
- fixes #1039 - email buttons overlapping in some languages
- fixes #1191 - language change URL mangling
- adds focus to password input in modal
- prevents needless reload on visiting default URL
 2024-01-27 18:26:19 +01:00
El RIDO
0d2376cd88
bump libraries to DOMpurify 3.0.8 & zlib 1.3.1, increase compression level to 9 2024-01-27 11:33:54 +01:00
El RIDO
405479642f add YOURLS API samples for extractUrl validation 2024-01-07 17:45:01 +01:00
El RIDO
ba17e94c5e use the newer function, if possible 2024-01-05 06:40:12 +01:00
El RIDO
cc0b6e387a avoid use of bleeding edge function 
only supported in Firefox & Chrome >= 120 & node >= 19.9.0 & 18.17.0
 2024-01-04 23:23:47 +01:00
El RIDO
a80bd4e4ea fix url filter, IDN URL unit test 2024-01-04 23:08:17 +01:00
El RIDO
7cb1f8ca67 relax URL regex to support finding IDN domains, filter using built in function, removing non-URLs 2024-01-04 06:48:34 +01:00
El RIDO
dc8cb66adc
updating zlib to 1.3 2023-12-19 06:22:30 +01:00
El RIDO
d0420fb418
1.6.2 release 2023-12-15 07:20:20 +01:00
El RIDO
3bd570bd6a
incrementing version 2023-12-04 21:07:17 +01:00
El RIDO
0107b1258e
forgot to update SRI hashes 
caused in b150450fac
 2023-12-04 06:10:47 +01:00
El RIDO
aa1a44e329
upgrading DOMpurify to 3.0.6 2023-12-03 14:02:30 +01:00
El RIDO
c090f8d27f
fixed comments 
so that these functions end up on the correct jsdoc page
 2023-12-03 13:41:17 +01:00
El RIDO
5c97443d1d
add basic RTL support, drop default language key 2023-09-19 07:29:00 +02:00
El RIDO
f56907bd38
increment version 2023-09-11 19:36:45 +02:00
Sergio Giraldo
bf090fabb8
refactor: removed unnecessary php tag 
::by sergio giraldo
@ 20230910T1650CEST, gpg signed
 2023-09-10 16:50:00 +02:00
Sergio Giraldo
c665385ff6
feat: make the email button optional. Issue #1031 
::by sergio giraldo
@ 20230909T2226CEST, gpg signed
 2023-09-09 22:26:11 +02:00
El RIDO
1dbe46cfed update SRI hashes 2023-08-01 14:05:20 +02:00
El RIDO
01afe7d481
incrementing version 2023-07-09 08:44:22 +02:00
El RIDO
f7838bfe8a bump libraries, update changelog 2023-07-01 07:58:28 +02:00
El RIDO
57be10ed53
bump libraries, update changelog 
required minimal changes in checkmark jQuery accessor code, found by unit tests
 2023-06-18 13:47:54 +02:00
El RIDO
e84a8694e4
incrementing version 2022-12-24 05:52:07 +01:00
El RIDO
b5602dd1ae
incrementing version 2022-12-11 05:02:15 +01:00
El RIDO
97047a6ef6
upgrade JS libraries 2022-11-13 06:37:23 +01:00
El RIDO
89df4a54ec
enable and credit Thai translation 2022-11-07 07:12:40 +01:00
El RIDO
849c1c7cd1
fix display of configured name in twitter title 2022-10-25 06:34:40 +02:00
El RIDO
2a162d075c
allow unit tests to pass 2022-10-23 09:12:31 +02:00
El RIDO
0dc9ab7576
refactor shortenviayourls.php for our MVC framework 2022-10-23 08:10:56 +02:00
El RIDO
08b6070359
update zlib to 1.2.13 2022-10-15 09:05:19 +02:00
El RIDO
77409e6065
crediting greek language as well, plus docs 2022-09-29 21:15:00 +02:00
El RIDO
abef3ad37b
Merge branch 'master' into slovak 2022-09-29 21:10:50 +02:00
Christos Karamolegkos
0f1c2fdb04 Update strings in el.json and enable greek language 2022-09-29 15:34:15 +03:00
El RIDO
b61b4253a6
enabled use of Slovak translations 2022-09-29 05:34:49 +02:00
El RIDO
f717334ee0
- credit & document Turkish translation 
- remove plural indicators
- add plural logic and enable Turkish translation
 2022-04-28 20:05:57 +02:00
El RIDO
456ced37c2
incrementing version 2022-04-05 07:30:51 +02:00
El RIDO
f0d0daffcc
enable and credit new Finnish translation 2022-04-05 07:22:07 +02:00
El RIDO
f2e0c1a701
upgrade to zlib 1.2.12 2022-03-30 06:05:37 +02:00
El RIDO
40d35ab3c2
update SRI-hashes 2022-03-27 08:28:54 +02:00
El RIDO
75dc346f0f
be more specific on the base type match and less specific on the subtype, in order to fail-safe (avoid being tricked into not sanitizing - the mime type is a user provided input) 2022-03-27 08:27:24 +02:00
El RIDO
36cb37c029
prevent error when attachments are disabled, but paste with attachment gets displayed 2022-03-13 20:18:51 +01:00
El RIDO
5617612eb3
upgrade to showdown 2.0.3 2022-03-13 20:05:38 +01:00
El RIDO
2a4d572c1e
Sanitize SVG preview, preventing script execution in instance context, while dropping support for attachment download in IE 2022-03-13 19:56:12 +01:00
El RIDO
6c1f0dde0c
set CSP also as meta tag, to deal with misconfigured webservers mangling the HTTP header 2022-03-13 18:11:13 +01:00
El RIDO
f83f80b5f6
Merge branch 'master' into stevenandres-master 2022-02-26 11:56:58 +01:00
El RIDO
fbf0eae513
update bootstrap JS library to 3.4.1 
note that this fails one of our unit tests
 2022-02-20 16:13:54 +01:00
El RIDO
7277d2bb43
update all libraries 2022-02-18 07:36:09 +01:00
El RIDO
9df6754dfa
Merge pull request #881 from PrivateBin/jbobau 
Lojban translation
 2022-02-13 08:58:29 +01:00
El RIDO
8faf0501f4
improve Lojban support 
- Crowdin has to use the 3 letter language code, since Lojban has no 2 letter code. Added support for this in the PHP backend and renamed the translation file.
- Lojban has no plural cases, updated the plural-formulas accordingly.
- Credited the change and documented it.
- Updated the SRI hashes.
 2022-02-12 16:17:09 +01:00
Bjoern Becker
832f000576
update jquery 2022-02-11 12:22:16 +01:00
El RIDO
0e78534e48
re-label "Download" button to "Save paste" 2021-04-18 09:07:57 +02:00
El RIDO
3181cfe58a
translate download button, add it to page template 2021-04-17 09:15:00 +02:00
El RIDO
bc11452259
make filename unique per paste ID 2021-04-17 09:08:11 +02:00
El RIDO
853a4f386f
fix indentation 2021-04-17 08:51:25 +02:00
El RIDO
47029fb04e
Merge branch 'master' into download-feature 2021-04-17 08:47:14 +02:00
El RIDO
1dc8b24665
transmit cookie only over HTTPS, fixes #472 2021-04-16 20:15:12 +02:00
Christian Pierre MOMON
ed66351337
Added download feature (#5318). 2021-04-16 19:29:03 +02:00
El RIDO
175d14224e
set plurals for and credit Estonian translation 2021-04-16 18:27:12 +02:00
El RIDO
d65bf02d78
upgraded kjua 2021-04-05 17:33:07 +02:00
El RIDO
458ebcb321
incrementing version 2021-04-05 17:05:14 +02:00
El RIDO
a369202c51
add missing expiration reset 2021-04-05 13:47:37 +02:00
El RIDO
77ee40909f
record defaults during initialization, fixes #682 2021-04-05 13:24:53 +02:00
El RIDO
2e10bdbd22
update DOMpurify to version 2.2.7 2021-04-02 09:09:47 +02:00
El RIDO
da0896fe42
set plurals for and credit Catalan translation 2021-04-02 09:00:27 +02:00
El RIDO
5a9bcea3a9
set plurals for and credit Indonesian translation 2021-03-09 05:54:06 +01:00
El RIDO
e6e985d92d
apply StyleCI 2021-03-07 19:56:19 +01:00
hogren
42e609e66f Avoid the use of <i> markup in a translation. 2021-03-06 14:12:59 +01:00
El RIDO
b38ebc503e
plural rules and documenting newly added languages 2021-01-07 21:16:03 +01:00
techboyg5
283561e34f
Language dropdown menu to the right 2020-11-22 15:13:43 -06:00
El RIDO
bb6a44ce7a
remove double translation, avoid unsupported double quotes in INI file 2020-10-13 07:28:35 +02:00
Andreas Schneider
eb32ea1419 Make it possible to change the info text 
This makes it possible to change the last part of the info text and
replace it with something individual. E.g pointing to the cmdline
client.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2020-10-11 17:04:08 +02:00
El RIDO
417b17f86d
didn't figure out which StyleCI change suddenly requires this, so just apply the patch to stop it nagging about it 2020-10-04 12:16:42 +02:00
El RIDO
1614342248
update DOMpurify to version 2.0.14 2020-08-30 08:34:38 +02:00
ZerooCool
e61c44ef46 Make Opengraph really functional 
Make Opengraph really functional

Change : #664 for #651
 2020-07-01 19:47:12 +02:00
ZerooCool
13c2f8d968 Make Opengraph really functional 
3 URLs of images used on social networks are passed in absolute URL.

Note that I did not pass all the images in absolute URLs, but, it could be consistent to do so, but, if the images work, maybe a relative call is more efficient?

Remove the version of PrivateBin, at the end of each image. This apparently prevents the opengraph from working, and, so I deleted on all of the images, to remain consistent at this level. This will make fewer requests, and, anyway, the images are not intended to change with each version.
 2020-06-30 22:42:12 +02:00