mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2024-12-25 23:39:23 -05:00
bc8b23d35e
With a client IE < 10 there was a XSS security flaw. Other browsers were not affected. Also corrected spacing display with IE<10. (cherry picked from commit 28813cd82ae47e556b610da3c7302a6709e27431) Conflicts: CHANGELOG.md index.php js/zerobin.js lib/vizhash16x16.php
4.5 KiB
4.5 KiB
ZeroBin version history
- Alpha 0.8 (2012-04-11):
- Source code not published yet.
- Interface completely redesigned. Icons added.
- Now properly supports IE6/7 (ugly display, but it works. "Clone" button is disabled though.)
- Added one level of depth for storage directories (This is better for higher load servers).
- php version is now checked (min: 5.2.6)
- Better checks on posted json data on server.
- Added "1 year" expiration.
- URLs are now converted to clickable links. This include http, https, ftp and magnet links.
- Clickable links include ''rel="nofollow"'' to discourage SEO.
- On my public service (http://sebsauvage.net/paste/)
- All data will be deleted (you were warned - this is a test service)
- Default paste expiration is now 1 month to prevent clogging-up my host.
- Alpha 0.9 (2012-04-11):
- Oh bummer... IE 8 is as shitty as IE6/7: Its does not seem to support ''white-space:pre-wrap'' correctly. I had to activate the special handling mode. I still have to test IE 9.
- Alpha 0.10 (2012-04-12):
- IE9 does not seem to correctly support ''pre-wrap'' either. Special handling mode activated for all version of IE<10. (Note: ALL other browsers correctly support this feature.)
- Alpha 0.11 (2012-04-12):
- Automatically ignore parameters (such as &utm_source=...) added //after// the anchor by some stupid Web 2.0 services.
- First public release.
- Alpha 0.12 (2012-04-18):
- DISCUSSIONS ! Now you can enable discussions on your pastes. Of course, posted comments and nickname are also encrypted and the server cannot see them.
- This feature implies a change in storage format. You will have to delete all previous pastes in your ZeroBin.
- Added Vizhash as avatars, so you can match posters IP addresses without revealing them. (Same image = same IP). Of course the IP address cannot be deduced from the Vizhash.
- Remaining time before expiration is now displayed.
- Explicit tags were added to CSS and jQuery selectors (eg. div#aaa instead of #aaa) to speed up browser.
- Better cleaning of the URL (to make sure the key is not broken by some stupid redirection service)
- Alpha 0.13 (2012-04-18):
- FIXED: ''imageantialias()'' call removed because it's not really usefull and can be a problem on most hosts (if GD is not compiled in php).
- FIXED: $error not properly initialized in index.php
- Alpha 0.14 (2012-04-20):
- ADDED: GD presence is checked.
- CHANGED: Traffic limiter data files moved to data/ (→easier rights management)
- ADDED: "Burn after reading" implemented. Opening the URL will display the paste and immediately destroy it on server.
- Alpha 0.15 (2012-04-20):
- FIXED: 2 minor corrections to avoid notices in php log.
- FIXED: Sources converted to UTF-8.
- Alpha 0.15 (2012-04-20):
- FIXED: 2 minor corrections to avoid notices in php log.
- FIXED: Sources converted to UTF-8.
- Alpha 0.16:
- FIXED minor php warnings.
- FIXED: zerobin.js reformated and properly commented.
- FIXED: Directory structure re-organized.
- CHANGED: URL shortening button was removed. (It was bad for privacy.)
- Alpha 0.17 (2013-02-23):
- ADDED: Deletion URL.
- small refactoring.
- improved regex checks.
- larger server alt on installation.
- Alpha 0.18 (2013-02-24):
- ADDED: The resulting URL is automatically selected after pressing "Send". You just have to press CTRL+C.
- ADDED: Automatic syntax highlighting for 53 languages using highlight.js
- ADDED: "5 minutes" and "1 week" expirations.
- ADDED: "Raw text" button.
- jQuery upgraded to 1.9.1
- sjcl upgraded to GitHub master 2013-02-23
- base64.js upgraded to 1.7
- FIXED: Dates in discussion are now proper local dates.
- ADDED: Robot meta tags in HTML to prevent search engines indexing.
- ADDED: Better json checking (including entropy).
- ADDED: Added version to js/css assets URLs in order to prevent some abusive caches to serve an obsolete version of these files when ZeroBin is upgraded.
- "Burn after reading" option has been moved out of Expiration combo to a separate checkbox. Reason is: You can prevent a read-once paste to be available ad vitam eternam on the net.
- Alpha 0.19 (2013-07-05):
- Corrected XSS security flaw which affected IE<10. Other browsers were not affected.
- Corrected spacing display in IE<10.