Commit Graph

508 Commits

Author SHA1 Message Date
Jens-U. Mozdzen
dce8b8d352 updated code formatting 2022-10-23 01:07:43 +02:00
Jens-U. Mozdzen
3115cb8883 added parameters for server-side YOURLS shortener call 2022-10-23 00:19:43 +02:00
Felix J. Ogris
ee212b1a33 implemented S3 storage backend
added sample configuration + aws php sdk version

coding style cleanup
2022-10-22 18:30:24 +02:00
Ra'Jiska
8dbe60621d Fix GCS Upload Metadata Mistake 2022-10-06 14:41:37 +08:00
Ra'Jiska
8dded4e8e4 GCS Support for Uniform ACL Buckets 2022-10-06 12:19:06 +08:00
El RIDO
77409e6065
crediting greek language as well, plus docs 2022-09-29 21:15:00 +02:00
El RIDO
b61b4253a6
enabled use of Slovak translations 2022-09-29 05:34:49 +02:00
rugk
e740d0f761
Remove COOP header for now
Same as https://github.com/PrivateBin/docker-nginx-fpm-alpine/pull/108

Disable the header here as it breaks links to the own site.
2022-08-22 13:25:56 +02:00
El RIDO
e6d606ba88
clarify that it is only unsupported by Oracle MySQL, while supported in MariaDB, Postgres, SQLite, ... 2022-06-29 22:25:54 +02:00
El RIDO
4ad4aed875
apply table prefix to indexes as well, to support multiple instances sharing a single database 2022-06-28 06:51:21 +02:00
El RIDO
b7cffbddd0
CREATE INDEX IF NOT EXISTS is not supported as of MySQL <= 8.0, fixes #943 2022-06-27 19:05:57 +02:00
El RIDO
07a23d7f0b
addressing deprecation warnings in php 8.1
Deprecated: strlen(): Passing null to parameter #1 ($string) of type string is deprecated in lib/Data/Database.php on line 280 & 555
2022-06-01 21:05:08 +02:00
El RIDO
f717334ee0
- credit & document Turkish translation
- remove plural indicators
- add plural logic and enable Turkish translation
2022-04-28 20:05:57 +02:00
El RIDO
0e2ec27033
Avoid privilege for setting the for MariaDB/MySQL, fixes #919 2022-04-19 18:44:00 +02:00
Harald Leithner
4b3d11c988
Add browsing-topics premission policy 2022-04-10 11:28:52 +02:00
Harald Leithner
7b8e031ab5
Remove FLoC Header
Google announced that it is discontinuing FLoC.
2022-04-10 10:36:39 +02:00
El RIDO
456ced37c2
incrementing version 2022-04-05 07:30:51 +02:00
El RIDO
f0d0daffcc
enable and credit new Finnish translation 2022-04-05 07:22:07 +02:00
El RIDO
11b16fc6fd
removed directive needed for the PDF preview in FireFox < 78
fixed in https://bugzilla.mozilla.org/show_bug.cgi?id=1582115 and
https://bugzilla.mozilla.org/show_bug.cgi?id=1638826 for FF 78
2022-03-27 08:45:33 +02:00
El RIDO
6c1f0dde0c
set CSP also as meta tag, to deal with misconfigured webservers mangling the HTTP header 2022-03-13 18:11:13 +01:00
El RIDO
3e02818335
actually support the short CIDR notation 2022-02-28 16:24:06 +01:00
El RIDO
f83f80b5f6
Merge branch 'master' into stevenandres-master 2022-02-26 11:56:58 +01:00
El RIDO
f39934a104
Merge pull request #896 from Patriccollu/PB-in-Corsican
Adding Corsican as brand new locale
2022-02-26 11:52:43 +01:00
El RIDO
fe89161848
replace deprecated function calls 2022-02-26 07:18:59 +01:00
El RIDO
288cf3f005
Merge branch 'master' into stevenandres-master 2022-02-25 06:42:18 +01:00
Patriccollu
30c0d22468
Updating I18n.php to add Corsican as new locale 2022-02-24 20:05:19 +01:00
El RIDO
0e3a7196f9
set frame-ancestors to none
disables embedding the site in any frames, which can bypass some of the security mechanisms reg. cross site scripting
2022-02-20 15:21:47 +01:00
El RIDO
f987e96d4b
apply StyleCI recommendation 2022-02-20 12:25:55 +01:00
El RIDO
1034d4038e
unify IP-related logic into traffic limiter 2022-02-20 11:25:19 +01:00
El RIDO
190a35a53b
small unit test refactoring, comment wording 2022-02-20 09:30:41 +01:00
El RIDO
91041d8c59
simplify/unify naming & wording of the two types of IP lists for the traffic limiter 2022-02-20 09:09:20 +01:00
El RIDO
d764c03759
Merge branch 'master' of https://github.com/stevenandres/PrivateBin into stevenandres-master 2022-02-20 08:44:09 +01:00
El RIDO
a200f8875c
php warning in templates, fixes #875 2022-02-15 19:02:44 +01:00
El RIDO
8faf0501f4
improve Lojban support
- Crowdin has to use the 3 letter language code, since Lojban has no 2 letter code. Added support for this in the PHP backend and renamed the translation file.
- Lojban has no plural cases, updated the plural-formulas accordingly.
- Credited the change and documented it.
- Updated the SRI hashes.
2022-02-12 16:17:09 +01:00
El RIDO
29ffd25c18
apply suggestion of @r4sas 2022-01-30 21:42:24 +01:00
El RIDO
1d20eee169
readability 2022-01-26 05:28:29 +01:00
El RIDO
53c0e4976b
document what the U type stands for 2022-01-26 05:26:47 +01:00
El RIDO
0333777a37
remove duplicate CLOB sanitation 2022-01-25 05:59:22 +01:00
El RIDO
f4438a0103
inserting CLOB absolutely requires a length argument
Co-authored-by: Austin Huang <im@austinhuang.me>
2022-01-24 21:44:20 +01:00
El RIDO
55db9426b9
Throws ORA-00942: table or view does not exist otherwise
Co-authored-by: Austin Huang <im@austinhuang.me>
2022-01-24 21:43:48 +01:00
El RIDO
535f038daa
handle LIMIT in oci
Co-authored-by: Austin Huang <im@austinhuang.me>
2022-01-24 21:43:31 +01:00
El RIDO
0c4852c099
this fixes the comment display issue
Co-authored-by: Austin Huang <im@austinhuang.me>
2022-01-24 21:40:10 +01:00
El RIDO
b8e8755fb1
Basically it wants a non-empty catch statement
Co-authored-by: Austin Huang <im@austinhuang.me>
2022-01-24 21:36:18 +01:00
El RIDO
0b6af67b99
removed obsolete comment 2022-01-24 17:50:24 +01:00
El RIDO
56c54dd880
prefer switch statements for complex logic, all comparing the same variable 2022-01-24 17:48:27 +01:00
El RIDO
a8e1c33b54
stick to single convention of binding parameters 2022-01-24 17:26:09 +01:00
El RIDO
0cc2b67753
bindValue doesn't need the length 2022-01-23 21:45:22 +01:00
El RIDO
4f051fe5a5
revert regression 2022-01-23 21:31:40 +01:00
El RIDO
8d63921924
workaround bug in OCI PDO driver 2022-01-23 21:24:28 +01:00
El RIDO
0be55e05bf
use quoted identifiers, tell MySQL to expect ANSI SQL 2022-01-23 20:59:02 +01:00
El RIDO
b133c2e233
sanitize both single rows and multiple ones 2022-01-23 07:32:28 +01:00
El RIDO
b54308a77e
don't mangle non-arrays 2022-01-23 07:19:35 +01:00
El RIDO
47deaeb7ca
use the correct function 2022-01-23 07:11:36 +01:00
El RIDO
35ef64ff79
remove duplication, kudos @rugk 2022-01-22 22:11:49 +01:00
El RIDO
c725b4f0fe
handle 'IF NOT EXISTS' differently in OCI 2022-01-22 21:29:39 +01:00
El RIDO
2182cdd44f
generalize OCI handling of queries and results 2022-01-22 08:45:12 +01:00
Austin Huang
041ef7f7a5
Support OCI (Satisfy the CI) 2022-01-20 13:33:23 -05:00
Austin Huang
6a489d35ab
Support OCI (Create table) 2022-01-20 09:15:10 -05:00
Austin Huang
ee99952d90
Support OCI (Read/Write) 2022-01-17 20:06:26 -05:00
El RIDO
df2f5931cd
improve readability, kudos @rugk 2021-08-19 19:28:52 +02:00
El RIDO
ff3b668958
apply StyleCI recommendation 2021-08-19 11:04:31 +02:00
El RIDO
eb10d4d35e
be more flexible with configuration paths
1. only consider CONFIG_PATH environment variable, if non-empty
2. fall back to search in PATH (defined in index.php), if CONFIG_PATH doesn't contain a readable configuration file
2021-08-19 10:21:21 +02:00
El RIDO
1fd998f325
address Scrutinizer issues 2021-06-16 05:57:26 +02:00
El RIDO
9c09018e6e
address Scrutinizer issues 2021-06-16 05:50:41 +02:00
El RIDO
be164bb6a9
apply StyleCI recommendation 2021-06-16 05:43:18 +02:00
El RIDO
fd08d991fe
log errors storing persistance 2021-06-16 05:32:45 +02:00
El RIDO
3d9ba10fcb
more consistent AbstractData implementation 2021-06-16 05:19:45 +02:00
El RIDO
3327645fd4
updated doc blocks, comments, fixed indentations, moved some constant strings 2021-06-14 06:44:30 +02:00
Mark van Holsteijn
b4c75b541b removed json encoding from get/setValue 2021-06-13 21:16:30 +02:00
El RIDO
9357f122b7
address Scrutinizer issues 2021-06-13 12:49:59 +02:00
El RIDO
d0248d55d3
address Scrutinizer issues 2021-06-13 12:43:18 +02:00
El RIDO
078c5785dd
fix unit tests on php < 7.3 2021-06-13 12:40:06 +02:00
El RIDO
68b097087d
apply StyleCI recommendation 2021-06-13 11:16:29 +02:00
El RIDO
f04043a399
address Scrutinizer issues 2021-06-13 11:02:53 +02:00
El RIDO
1f2dddd9d8
address Codacy issues 2021-06-13 10:53:01 +02:00
El RIDO
93135e0abf
improving code coverage 2021-06-13 10:44:26 +02:00
El RIDO
e294145a2b
ip-lib doesn't except on the matches interfaces 2021-06-13 08:26:05 +02:00
Mark van Holsteijn
1b88eef356 improved implementation of GoogleStorageBucket 2021-06-10 21:39:15 +02:00
El RIDO
5af069b4f0
Merge pull request #810 from binxio/persistence-into-data
added purgeValues function
2021-06-10 08:22:10 +02:00
Mark van Holsteijn
1232717334 added purgeValues to GCS 2021-06-09 22:27:34 +02:00
El RIDO
7b2f0ff302
apply StyleCI recommendation 2021-06-09 19:16:22 +02:00
El RIDO
a203e6322b
implementing key/value store of Persistance in Database storage 2021-06-09 07:47:40 +02:00
El RIDO
7901ec74a7
folding Persistance\ServerSalt into Data\Filesystem 2021-06-08 22:01:29 +02:00
El RIDO
b5a6ce323e
folding Persistance\TrafficLimiter into Data\Filesystem 2021-06-08 07:49:22 +02:00
El RIDO
3429d293d3
remove configurable dir for traffic & purge limiters 2021-06-08 06:37:27 +02:00
El RIDO
ae486d651b
folding Persistance\PurgeLimiter into Data\Filesystem 2021-06-07 21:53:42 +02:00
Mark van Holsteijn
55efc858b5 simplest implementation of kv support on gcs 2021-06-07 09:11:24 +02:00
El RIDO
7bdcc2ae15
conclude scaffolding of AbstractData key/value storage, missing implementation 2021-06-07 07:02:47 +02:00
El RIDO
1a7d0799c0
scaffolding interface for AbstractData key/value storage, folding Persistance\DataStore into Data\Filesystem 2021-06-07 06:53:15 +02:00
El RIDO
de8f40ac1a
kudos @StyleCI 2021-06-06 19:35:31 +02:00
El RIDO
c758eca0a4
removed automatic .ini configuration file migration, closes #808 2021-06-06 17:53:08 +02:00
El RIDO
2bc54caa07
fix never matched condition, kudos @ShiftLeftSecurity, found via #807 2021-06-05 10:33:01 +02:00
El RIDO
abb2b90e9b
make StyleCI happy 2021-06-05 05:52:13 +02:00
El RIDO
edb8e5e078
handle edge cases with file locking: file needs to exist before it can be locked, fixes #803 2021-06-05 05:48:17 +02:00
Mark van Holsteijn
342270d6dd added Google Cloud Storage support 2021-05-28 22:39:50 +02:00
El RIDO
b6460616ba
address Scrutinizer issues 2021-05-22 11:30:17 +02:00
El RIDO
91c8f9f23c
use namespaces 2021-05-22 11:02:54 +02:00
El RIDO
3dd01b1f70
testing IP exemption, handle corner cases found in testing 2021-05-22 10:59:47 +02:00
rodehoed
af5a14afc3 Optimized the canPass() functions 2021-05-19 09:01:45 +02:00
rodehoed
5812a6bb68 Optimized the canPass() functions 2021-05-19 08:47:35 +02:00
Rodehoed
502bb5fa15 Put the ip-matching function in a private function 2021-05-06 12:18:44 +02:00
Rodehoed
89bdc92451 Put the ip-matching function in a private function 2021-05-06 12:13:03 +02:00
LinQhost Managed hosting
63d6816c7c Merge branch 'api-ip-exempt' of https://github.com/rodehoed/PrivateBin into api-ip-exempt 2021-05-05 08:43:32 +02:00
rodehoed
a806a6455e
QA 2021-05-04 11:20:24 +02:00
rodehoed
4296b43832
QA 2021-05-04 11:19:34 +02:00
rodehoed
c3ad4a4b4d
QA 2021-05-04 11:18:06 +02:00
rodehoed
805eb288d9
QA 2021-05-04 11:14:11 +02:00
rodehoed
b21efd8336
Code quality 2021-05-04 11:01:46 +02:00
LinQhost Managed hosting
7d82c82fd9 Make it possible to exempt ips from the rate-limiter 2021-05-04 10:29:25 +02:00
El RIDO
fcb6422663
re-adding CSP directive sandbox allow-forms, it is needed for the password input form to work on the JS side 2021-04-18 21:05:32 +02:00
rugk
3ca01024fd
feat: disallow form submission alltogether
Following the tests and HTTP Observatory, I think we can disable forms altogether.

Fixes https://github.com/PrivateBin/PrivateBin/issues/778
2021-04-18 14:16:39 +02:00
rugk
5809a7cfa7
feat: add form-action CSP restriction
This follows a suggestion from HTTP Observatory:
> Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs

Fixes #778
2021-04-18 14:14:46 +02:00
El RIDO
9b893f09d7
Merge branch 'master' into floc 2021-04-17 08:35:21 +02:00
El RIDO
7b7a32c0a7
apply StyleCI recommendation 2021-04-17 08:20:08 +02:00
rugk
fd7d05e862
Add base URL as default CSP restriction
This follows an [HTTP Observatory recommendation](https://observatory.mozilla.org/analyze/privatebin.net):
> Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins.

Given we don't use that anywhere, this safe should be safe. (not tested practically though)
2021-04-16 22:04:28 +02:00
El RIDO
6f3bb25b09
disable Google FloC 2021-04-16 20:25:50 +02:00
El RIDO
1dc8b24665
transmit cookie only over HTTPS, fixes #472 2021-04-16 20:15:12 +02:00
El RIDO
9e6eb50ced
adding new security headers, fixes #765 2021-04-16 19:19:11 +02:00
El RIDO
175d14224e
set plurals for and credit Estonian translation 2021-04-16 18:27:12 +02:00
El RIDO
458ebcb321
incrementing version 2021-04-05 17:05:14 +02:00
El RIDO
da0896fe42
set plurals for and credit Catalan translation 2021-04-02 09:00:27 +02:00
El RIDO
5a9bcea3a9
set plurals for and credit Indonesian translation 2021-03-09 05:54:06 +01:00
El RIDO
b38ebc503e
plural rules and documenting newly added languages 2021-01-07 21:16:03 +01:00
El RIDO
bb6a44ce7a
remove double translation, avoid unsupported double quotes in INI file 2020-10-13 07:28:35 +02:00
Andreas Schneider
eb32ea1419 Make it possible to change the info text
This makes it possible to change the last part of the info text and
replace it with something individual. E.g pointing to the cmdline
client.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2020-10-11 17:04:08 +02:00
El RIDO
3668f1e3f4
attempt to accomodate Crowdin by providing a single source translation file that is not actually used or loaded by our code 2020-10-04 12:39:35 +02:00
El RIDO
4204e4b8b7
make StyleCI happy and change unit test to use a string 2020-07-03 21:00:42 +02:00
ZerooCool
e61c44ef46 Make Opengraph really functional
Make Opengraph really functional

Change : #664 for #651
2020-07-01 19:47:12 +02:00
ZerooCool
13c2f8d968 Make Opengraph really functional
3 URLs of images used on social networks are passed in absolute URL.

Note that I did not pass all the images in absolute URLs, but, it could be consistent to do so, but, if the images work, maybe a relative call is more efficient?

Remove the version of PrivateBin, at the end of each image. This apparently prevents the opengraph from working, and, so I deleted on all of the images, to remain consistent at this level. This will make fewer requests, and, anyway, the images are not intended to change with each version.
2020-06-30 22:42:12 +02:00
El RIDO
45a0535640
adding new flag to sandbox policy, introduced and required by Chrome 83 - fixes #634 2020-06-11 18:29:32 +02:00
El RIDO
5450a431cf
Merge branch 'Haocen-625-bugfixes' 2020-06-07 07:38:59 +02:00
El RIDO
7794915172
expose permission exceptions to the API 2020-05-31 16:33:25 +02:00
Haocen Xu
bb9a5772bc
Add resource: to script-src cspheader to allowed rendering of pdf in
Firefox
2020-05-30 05:37:35 -04:00
Steven Andrés
3f75c81a2f
fixed duplicated getKey() 2020-05-08 12:18:20 -07:00
Steven Andrés
effe6ad3e5
fixed spacing to please StyleCI 2020-05-08 11:37:21 -07:00
Steven Andrés
8fbdb69d8a
added check for null whitelist 2020-05-08 11:36:19 -07:00
Steven Andrés
d847e2fcf2
alignment 2020-05-07 16:46:31 -07:00
Steven Andrés
c152f85b50
removed $remoteip that the audit didn't like 2020-05-07 16:45:24 -07:00
Steven Andrés
819d25a74c
change to whitelist_paste_creation 2020-05-07 16:13:25 -07:00
Steven Andrés
ef9780707a
Update lib/Controller.php
Co-authored-by: rugk <rugk+git@posteo.de>
2020-05-07 15:54:13 -07:00
Steven Andrés
9ca041fa06
Update lib/Controller.php
Co-authored-by: rugk <rugk+git@posteo.de>
2020-05-07 15:53:56 -07:00
Steven Andrés
9327c9b58b
added whitelist check 2020-05-05 14:18:52 -07:00
Steven Andrés
5644001c53
added "whitelist" under [traffic] 2020-05-05 14:17:15 -07:00
El RIDO
9914c37683
incrementing version 2020-03-22 06:44:04 +01:00
El RIDO
afd82ac34d
Merge branch 'master' into php7.4-ci 2020-02-16 13:23:11 +01:00
El RIDO
adece1d784
incrementing version 2020-02-16 11:15:51 +01:00
El RIDO
5d54006c9e
update minimum required PHP version to 5.6 and replace slowEquals() with native hash_equals() function 2020-02-05 19:30:14 +01:00
El RIDO
1b206e8495
ensuring consistent use of php side encoding, testing all encoding cases, correctly report the language in the <html> tag 2020-02-01 09:15:14 +01:00
El RIDO
cc0920fc09
add HTML entity encoding to PHP translation logic, remove exception to allow <br/> tags in DOMpurify by eliminating the single case that made use of it 2020-02-01 08:46:59 +01:00
El RIDO
ed590ee557
incrementing version 2020-01-08 19:31:06 +01:00