Merge branch 'Haocen-625-bugfixes'
El RIDO
commit
5450a431cf
|
|
@ -79,7 +79,7 @@ languageselection = false
|
|||
; async functions and display an error if not and for Chrome to enable
|
||||
; webassembly support (used for zlib compression). You can remove it if Chrome
|
||||
; doesn't need to be supported and old browsers don't need to be warned.
|
||||
; cspheader = "default-src 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals"
|
||||
; cspheader = "default-src 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval' resource:; style-src 'self'; font-src 'self'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals"
|
||||
|
||||
; stay compatible with PrivateBin Alpha 0.19, less secure
|
||||
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
|
||||
|
|
|
|||
|
|
@ -243,6 +243,18 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||
*/
|
||||
const day = 86400;
|
||||
|
||||
/**
|
||||
* number of seconds in a week
|
||||
*
|
||||
* = 60 * 60 * 24 * 7 seconds
|
||||
*
|
||||
* @name Helper.week
|
||||
* @private
|
||||
* @enum {number}
|
||||
* @readonly
|
||||
*/
|
||||
const week = 604800;
|
||||
|
||||
/**
|
||||
* number of seconds in a month (30 days, an approximation)
|
||||
*
|
||||
|
|
@ -326,7 +338,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||
*/
|
||||
me.durationToSeconds = function(duration)
|
||||
{
|
||||
let pieces = duration.split(/\d+/),
|
||||
let pieces = duration.split(/(\D+)/),
|
||||
factor = pieces[0] || 0,
|
||||
timespan = pieces[1] || pieces[0];
|
||||
switch (timespan)
|
||||
|
|
@ -337,6 +349,8 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||
return factor * hour;
|
||||
case 'day':
|
||||
return factor * day;
|
||||
case 'week':
|
||||
return factor * week;
|
||||
case 'month':
|
||||
return factor * month;
|
||||
case 'year':
|
||||
|
|
@ -391,9 +405,11 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||
me.urls2links = function(element)
|
||||
{
|
||||
element.html(
|
||||
element.html().replace(
|
||||
/(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
|
||||
'<a href="$1" rel="nofollow">$1</a>'
|
||||
DOMPurify.sanitize(
|
||||
element.html().replace(
|
||||
/(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
|
||||
'<a href="$1" rel="nofollow noopener noreferrer">$1</a>'
|
||||
)
|
||||
)
|
||||
);
|
||||
};
|
||||
|
|
@ -1975,15 +1991,11 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||
return a.length - b.length;
|
||||
})[0];
|
||||
if (typeof shortUrl === 'string' && shortUrl.length > 0) {
|
||||
I18n._(
|
||||
$('#pastelink'),
|
||||
'Your paste is <a id="pasteurl" href="%s">%s</a> <span id="copyhint">(Hit [Ctrl]+[c] to copy)</span>',
|
||||
shortUrl, shortUrl
|
||||
);
|
||||
// we disable the button to avoid calling shortener again
|
||||
$shortenButton.addClass('buttondisabled');
|
||||
// save newly created element
|
||||
$pasteUrl = $('#pasteurl');
|
||||
// update link
|
||||
$pasteUrl.text(shortUrl);
|
||||
$pasteUrl.prop('href', shortUrl);
|
||||
// we pre-select the link so that the user only has to [Ctrl]+[c] the link
|
||||
Helper.selectText($pasteUrl[0]);
|
||||
return;
|
||||
|
|
@ -2404,7 +2416,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||
/**
|
||||
* hides the Editor
|
||||
*
|
||||
* @name Editor.reset
|
||||
* @name Editor.hide
|
||||
* @function
|
||||
*/
|
||||
me.hide = function()
|
||||
|
|
@ -3110,19 +3122,15 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||
*/
|
||||
function addClipboardEventHandler() {
|
||||
$(document).on('paste', function (event) {
|
||||
if (TopNav.isAttachmentReadonly()) {
|
||||
event.stopPropagation();
|
||||
event.preventDefault();
|
||||
return false;
|
||||
}
|
||||
const items = (event.clipboardData || event.originalEvent.clipboardData).items;
|
||||
for (let i = 0; i < items.length; ++i) {
|
||||
if (items[i].kind === 'file') {
|
||||
//Clear the file input:
|
||||
$fileInput.wrap('<form>').closest('form').get(0).reset();
|
||||
$fileInput.unwrap();
|
||||
|
||||
readFileData(items[i].getAsFile());
|
||||
const lastItem = items[items.length - 1];
|
||||
if (lastItem.kind === 'file') {
|
||||
if (TopNav.isAttachmentReadonly()) {
|
||||
event.stopPropagation();
|
||||
event.preventDefault();
|
||||
return false;
|
||||
} else {
|
||||
readFileData(lastItem.getAsFile());
|
||||
}
|
||||
}
|
||||
});
|
||||
|
|
@ -3752,8 +3760,12 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||
if (expirationDateString !== null) {
|
||||
emailBody += EOL;
|
||||
emailBody += BULLET;
|
||||
emailBody += I18n._(
|
||||
'This link will expire after %s.',
|
||||
// avoid DOMPurify mess with forward slash in expirationDateString
|
||||
emailBody += Helper.sprintf(
|
||||
I18n._(
|
||||
'This link will expire after %s.',
|
||||
'%s'
|
||||
),
|
||||
expirationDateString
|
||||
);
|
||||
}
|
||||
|
|
@ -4280,7 +4292,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||
*/
|
||||
me.isAttachmentReadonly = function()
|
||||
{
|
||||
return createButtonsDisplayed && $attach.hasClass('hidden');
|
||||
return !createButtonsDisplayed || $attach.hasClass('hidden');
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -5328,6 +5340,23 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||
SAFE_FOR_JQUERY: true
|
||||
});
|
||||
|
||||
// Add a hook to make all links open a new window
|
||||
DOMPurify.addHook('afterSanitizeAttributes', function(node) {
|
||||
// set all elements owning target to target=_blank
|
||||
if ('target' in node && node.id !== 'pasteurl') {
|
||||
node.setAttribute('target', '_blank');
|
||||
}
|
||||
// set non-HTML/MathML links to xlink:show=new
|
||||
if (!node.hasAttribute('target')
|
||||
&& (node.hasAttribute('xlink:href')
|
||||
|| node.hasAttribute('href'))) {
|
||||
node.setAttribute('xlink:show', 'new');
|
||||
}
|
||||
if ('rel' in node) {
|
||||
node.setAttribute('rel', 'nofollow noopener noreferrer');
|
||||
}
|
||||
});
|
||||
|
||||
// center all modals
|
||||
$('.modal').on('show.bs.modal', function(e) {
|
||||
$(e.target).css({
|
||||
|
|
@ -5359,6 +5388,12 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||
}
|
||||
me.initZ();
|
||||
|
||||
// if delete token is passed (i.e. paste has been deleted by this
|
||||
// access), there is nothing more to do
|
||||
if (Model.hasDeleteToken()) {
|
||||
return;
|
||||
}
|
||||
|
||||
// check whether existing paste needs to be shown
|
||||
try {
|
||||
Model.getPasteId();
|
||||
|
|
@ -5367,11 +5402,10 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||
return me.newPaste();
|
||||
}
|
||||
|
||||
// if delete token is passed (i.e. paste has been deleted by this
|
||||
// access), there is nothing more to do
|
||||
if (Model.hasDeleteToken()) {
|
||||
return;
|
||||
}
|
||||
// always reload on back button to invalidate cache(protect burn after read paste)
|
||||
window.addEventListener('popstate', () => {
|
||||
window.location.reload();
|
||||
});
|
||||
|
||||
// display an existing paste
|
||||
return me.showPaste();
|
||||
|
|
|
|||
|
|
@ -125,7 +125,7 @@ describe('Helper', function () {
|
|||
let result = e.html();
|
||||
clean();
|
||||
url = $('<div />').text(url).html();
|
||||
return $('<div />').text(prefix).html() + '<a href="' + url + '" rel="nofollow">' + url + '</a>' + $('<div />').text(postfix).html() === result;
|
||||
return $('<div />').text(prefix).html() + '<a href="' + url + '" rel="nofollow noopener noreferrer">' + url + '</a>' + $('<div />').text(postfix).html() === result;
|
||||
}
|
||||
);
|
||||
jsc.property(
|
||||
|
|
@ -145,7 +145,7 @@ describe('Helper', function () {
|
|||
let result = e.html();
|
||||
clean();
|
||||
url = $('<div />').text(url).html();
|
||||
return $('<div />').text(prefix).html() + '<a href="' + url + '" rel="nofollow">' + url + '</a>' + $('<div />').text(postfix).html() === result;
|
||||
return $('<div />').text(prefix).html() + '<a href="' + url + '" rel="nofollow noopener noreferrer">' + url + '</a>' + $('<div />').text(postfix).html() === result;
|
||||
}
|
||||
);
|
||||
});
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ class Configuration
|
|||
'urlshortener' => '',
|
||||
'qrcode' => true,
|
||||
'icon' => 'identicon',
|
||||
'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals',
|
||||
'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\' resource:; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals',
|
||||
'zerobincompatibility' => false,
|
||||
'httpwarning' => true,
|
||||
'compression' => 'zlib',
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ endif;
|
|||
?>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.8.js" integrity="sha512-QwcEKGuEmKtMguCO9pqNtUtZqq9b/tJ8gNr5qhY8hykq3zKTlDOvpZAmf6Rs8yH35Bz1ZdctUjj2qEWxT5aXCg==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-FC14dIXSJ7iLCcpPOCs7JiCe3619sRbEGsLiSqzD+dGS8qKJTR4X84UvQt0yNYTvQ84QMQ2GtoDpVrJYFeqcYw==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-pIM3/kBh5nI0TNPXyjhhqCrLE2enQc0DjiIfmpH2RoHaeDPNh2aTKIqEf8Ms6JMGWD/xJreAU7XUElWgELCkYQ==" crossorigin="anonymous"></script>
|
||||
<!-- icon -->
|
||||
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
|
||||
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ endif;
|
|||
?>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.8.js" integrity="sha512-QwcEKGuEmKtMguCO9pqNtUtZqq9b/tJ8gNr5qhY8hykq3zKTlDOvpZAmf6Rs8yH35Bz1ZdctUjj2qEWxT5aXCg==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-FC14dIXSJ7iLCcpPOCs7JiCe3619sRbEGsLiSqzD+dGS8qKJTR4X84UvQt0yNYTvQ84QMQ2GtoDpVrJYFeqcYw==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-pIM3/kBh5nI0TNPXyjhhqCrLE2enQc0DjiIfmpH2RoHaeDPNh2aTKIqEf8Ms6JMGWD/xJreAU7XUElWgELCkYQ==" crossorigin="anonymous"></script>
|
||||
<!-- icon -->
|
||||
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
|
||||
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
|
||||
|
|
|
|||
Loading…
Reference in New Issue