76007b6ee9
fixing class compatibility (why is this no longer enforced in PHP > 7.1?)
2019-05-10 22:21:03 +02:00
f58cbefd1e
revert scalar type hints to retain support for PHP < 7.0
2019-05-10 22:13:11 +02:00
fb0c9c595e
remove further type hints for compatibility
2019-05-10 22:04:47 +02:00
bd4dee0f3e
fixing copy/paste errors
2019-05-10 21:52:14 +02:00
1e44902340
apply StyleCI patch
2019-05-10 21:45:34 +02:00
632d70412a
revert scalar type hints to retain support for PHP < 7.0
2019-05-10 21:35:36 +02:00
700f8a0ea7
made all php unit tests pass again
2019-05-10 07:55:39 +02:00
59569bf9fc
working on JsonApi tests
2019-05-08 22:11:21 +02:00
76dc01b959
finishing changes in models, removing last md5 test cases, tightening up allowed POST data
2019-05-06 22:15:21 +02:00
06b90ff48e
sticking to arrays to reduce conversions, inversion of control to simplify logic
2019-05-05 21:03:58 +02:00
b7a03cfdb9
enforcing parameter types, avoiding unnecessary metadata in version 2 pastes
2019-05-05 18:22:57 +02:00
6e15903f1e
make DatabaseTest work pass again, support reading & writing version 1 & 2 pastes & comments
2019-05-05 14:36:47 +02:00
bbdcb3fb0f
remove duplicate code
2019-05-05 08:53:40 +02:00
3338bd792e
implement version 2 format validation, changing ID checksum algorithm, resolves #49
2019-05-03 23:03:57 +02:00
e418b083e8
Merge branch 'master' into webcrypto
2019-01-22 20:11:42 +01:00
34c64acb75
Apply StyleCi recommendation
2019-01-22 00:14:31 +01:00
7cb942aca3
Make PHP paste ID function more robust
2019-01-21 23:19:41 +01:00
541fff199a
Put PHP paste request into own function
2019-01-21 23:06:25 +01:00
79a858f176
extracting only the 16 hex characters of the query string as paste ID, addressing #396
2019-01-20 12:20:37 +01:00
cde96d8f24
fixing bug in jsonld processing with certain URL paths
2018-12-17 19:42:26 +01:00
9ce41022cf
correcting namespaces
2018-11-19 13:09:34 +01:00
b5ebc4a3d7
incrementing version
2018-08-11 19:29:58 +02:00
a5e8eeaaf9
StyleCI: Obey the alphabet #342
2018-07-29 16:15:52 +02:00
4a35428499
cleanup of PurgeLimiter #342
2018-07-29 16:05:57 +02:00
3470dcd9a8
more compact ServerSalt #342
2018-07-29 15:50:36 +02:00
5db3412b69
cleanup of TrafficLimiter #342
2018-07-29 15:43:28 +02:00
f9c8441edb
renaming controller #342
2018-07-29 15:17:35 +02:00
720897b902
correct CSP to allow password prompt
2018-07-21 06:45:09 +00:00
cfe60db8fd
increment version number
2018-07-01 13:11:32 +02:00
6225a8ef16
updating translators in credits
2018-06-11 20:29:47 +02:00
9a0318517b
correct PHPdoc, fixes #264
2018-05-27 15:18:25 +02:00
d6f203dc4c
Removed option to hide clone button on expiring pastes, since this requires reading the paste for rendering the template, which leaks information on the pastes state
2018-05-27 15:05:31 +02:00
05c1776ada
ensure ALL read errors are only exposed in the JSON API to avoid information leakage (i.e. beviour for deleted vs expired pastes), updated test cases & removed duplicate test
2018-05-27 14:36:30 +02:00
caf87cc6f1
Merge branch 'master' into burnafterreading-fix, regression in expired paste error
2018-04-30 20:01:38 +02:00
2c82279292
Merge branch 'attachment-handling' of https://github.com/thororm/PrivateBin into thororm-attachment-handling
...
apart from resolving conflicts:
- added missing docs
- inlined functions that were used in only one location
- updated unit test to support all previews
- fixed a regression that displayed the preview even when there was no preview and too early
2018-04-29 11:57:03 +02:00
9c132cd839
Disallow form-action in CSP to limit outgoing connections
...
See https://github.com/PrivateBin/PrivateBin/issues/272
2018-01-06 18:06:06 +01:00
3bca559826
moving access to into Request class
2018-01-06 10:27:58 +01:00
414ab0eb71
Add config and basic page template support
...
* load JS file asyncronously (just HTML5 async attribut)
* add basic support for page template, where it generates the code inside
of a simple div at the top
* added option to turn off QR code support
2017-12-25 14:59:15 +01:00
86ecdb1155
fixing post increment
2017-11-13 22:15:14 +01:00
502e96c129
StyleCI recommendations
2017-10-08 19:23:33 +02:00
a5d5f6066a
refactoring as recommended by Scrutinizer
2017-10-08 19:16:09 +02:00
9f26894b2e
PHP < 5.6 compatibility and StyleCI recommendations
2017-10-08 17:10:51 +02:00
4f06feef81
implemented JSON file conversion on purge and storage in PHP files for data leak protection
2017-10-08 16:59:31 +02:00
4ded4b7f8c
adding correct HTTP error to response, as per @rugk's recommentation
2017-10-08 16:43:46 +02:00
dbfb1e83ba
removing dead code
2017-10-08 16:43:10 +02:00
62f0b95377
making StyleCI happy
2017-10-08 16:42:43 +02:00
6e8eafe129
implemented INI cenversion functionality
2017-10-08 16:42:11 +02:00
6fa2bfe30e
updated documentation, incremented version
2017-10-08 16:40:51 +02:00
f037967820
changes the file extension to php and adds a small one-liner to stop PHP from presenting the file to any website visitor
...
Signed-off-by: El RIDO <elrido@gmx.net>
2017-10-08 16:25:48 +02:00
23f5dfbff8
Merge remote-tracking branch 'remotes/thororm/master' into attachment-handling
...
# Conflicts:
# tpl/bootstrap.php
# tpl/page.php
2017-05-13 19:48:25 +02:00
283873d89a
Fix stupid copy&paste error
2017-04-13 10:52:48 +02:00
9b6748c54d
Adjust requested changes
2017-04-13 10:46:09 +02:00
f54036976a
added instantburnafterreading option to address #174
2017-04-11 17:23:26 +02:00
183ebe518b
Force JSON request for getting paste data
2017-04-11 16:34:13 +02:00
096f07f86e
Merge branch 'master' into attachment-handling
...
# Conflicts:
# js/privatebin.js
# tpl/bootstrap.php
# tpl/page.php
2017-04-02 13:30:52 +02:00
bbcc3e167b
implementing recommendations of scrutinizer
2017-03-25 00:58:59 +01:00
9b2af0abf5
fixing documentation
2017-03-24 23:54:37 +01:00
18315e7de0
removing unused class
2017-03-24 23:45:10 +01:00
f7853cf439
removing duplicate code, cleanup of temporary test files
2017-03-24 23:42:11 +01:00
ce92bfa934
updated .htaccess format, refactored .htaccess creation logic and improving code coverage, fixes #194
2017-03-24 21:30:08 +01:00
88b02d866e
fixes #186 for good
2017-03-24 19:20:34 +01:00
be0919893d
updating shipped .htaccess files for Apache 2.4 as per https://httpd.apache.org/docs/2.4/upgrading.html#access - Thanks @EchoDev, fixes #194
2017-03-11 08:56:14 +01:00
823adb78ef
bumping required PHP to 5.4, removing unneccessary code, resolves #186
2017-03-05 11:22:24 +01:00
23b09d601d
credited Tulio for the portuguese translation, updated SRI hashes
2017-03-05 11:02:18 +01:00
db307c3a77
updated test cases and delete logic to properly implement documented API, thanks @r4sas #188
2017-02-22 21:42:14 +01:00
4cb0ce5114
Removed self from cspheader
...
Refactored some variable names
2017-02-13 20:37:57 +01:00
faf596aeb7
Added preview for
...
- Video (HTML5)
- Audio (HTML5)
- PDF (Browser capabilities)
attachment.
Added drag & drop functionality
Added attachment preview to preview before submitting
2017-02-12 15:35:37 +01:00
e9b10f9e2d
Add CSP sandbox
...
Fixes https://github.com/PrivateBin/PrivateBin/issues/168
Alos needed to run some Composer stuff, no idea why my diff was different.
2017-02-01 18:34:13 +01:00
a7de0e095b
added supported language, updated credits and changelog
2017-01-10 20:37:14 +01:00
67f6c4eb61
turned bootstrap template variants into logic
2017-01-08 10:02:07 +01:00
f79c00378b
Choosing correct Occitan plural formula, added unit tests for Occitan and Chinese, corrected casing of languages in unit test
2017-01-08 07:56:56 +01:00
a5d91298ff
add an option to change the site name, solves #154
2017-01-01 16:33:11 +01:00
4a036aea80
updated SRI hashes, added missing formula for slowene plurals and unit test for it, updated credits and changelog
2017-01-01 14:35:39 +01:00
1426d4e371
tagging 1.1 release and updating documentation
2016-12-26 12:13:50 +01:00
f6b8ee3e20
add missing check for non-expiring pastes, fixes #149
2016-12-25 12:15:29 +01:00
ecd8a51137
writing a unit test for #145 lead to the discovery of two errors in the polish translations: error in formula and missing number placeholders in the translation strings
2016-12-25 11:37:45 +01:00
bbcc53f08e
StyleCI fix
2016-12-16 12:25:10 +03:00
ccba2f029f
added ru plural formula
2016-12-16 12:15:37 +03:00
da10a761c4
Fix more typos
2016-12-12 18:50:00 +01:00
61ee0ef7d3
Fix typos
2016-12-12 18:49:08 +01:00
658d5ae84d
Fix style-ci errors
2016-12-12 18:43:23 +01:00
1f46823942
applying patch based on StyleCI ruleset
2016-10-29 10:24:08 +02:00
8cfcf1c9f5
Adding HTTP headers to address certain XSS attacks, resolves #91
2016-09-18 11:29:37 +02:00
1a159c973f
Prevent referrer to be send
...
Uses both CSP and Referrer-Policy
Fixes #96
2016-09-03 18:12:24 +02:00
b7184b92a3
Fix csp config unit tests
2016-08-27 14:47:21 +02:00
b11866a63b
Allow manifest loading via CSP (2)
2016-08-27 00:02:50 +02:00
a13266a784
ensure the server salt path is initialized, instead of relying on the default
2016-08-25 15:02:38 +02:00
e925833090
bumping version number to 1.0
2016-08-25 09:53:31 +02:00
6aba39488f
adding check for PATH ending in DIRECTORY_SEPARATOR, fixes #86
2016-08-22 09:46:26 +02:00
f72e260ee7
adding subresource integrity hashes for all javascript includes, resolves #6
2016-08-16 11:11:03 +02:00
75cb771e4b
Merge branch 'master' into prng, resolve merge conflicts
2016-08-15 18:15:57 +02:00
72aac25f68
added configuration for PHP Coding Standards Fixer, including its fixes, resolving #47
2016-08-15 16:45:47 +02:00
8038fde29d
Revert #44
...
Scrutinizer-ci confirmed the detection of this was a false-positive, so we can remove this workaround.
They added it to their internal issue tracker.
2016-08-12 18:30:14 +02:00
0a628e83c1
Merge pull request #59 from PrivateBin/52-identicons
...
Implementation of Identicons library
2016-08-12 12:22:20 +02:00
ca66653d0c
applying: php-cs-fixer fix lib/ --level=psr2
2016-08-11 15:05:43 +02:00
6cb7454d07
Added tests for JSON errors, should help us figure out the cause of the problem in #11
2016-08-11 14:41:52 +02:00
bea9a577a6
Use better random number generator #29
2016-08-10 23:15:06 +02:00
c237337cd2
some minor whitespace improvements detected by scrutinizer
2016-08-10 18:22:28 +02:00
3988b860b0
implemented Identicon library as new default for comment icons, made Vizhash an optional alternative, refactored Vizhash and removed string lenghtening
2016-08-10 17:41:46 +02:00
1ef28d7a5c
minor fixes, typos
2016-08-10 15:03:06 +02:00
addb666a23
introducing CSP header to mitigate XSS attacks, closes #10
2016-08-09 14:46:32 +02:00
5b7b234821
doc bloc corrections
2016-08-09 13:07:11 +02:00
c2efe2e609
some optimization
2016-08-09 12:45:26 +02:00
3fa0881c07
updated documentation, small cleanups
2016-08-09 12:21:32 +02:00
b45bef8388
Renamed classes for full PSR-2 compliance, some cleanup
2016-08-09 11:54:42 +02:00
5d7003ecc1
Convert to PSR-2 coding style (using phpcs-fixer)
2016-07-26 08:19:35 +02:00
884310add6
Oficially bump minimal PHP version to 5.3.0
2016-07-26 08:06:40 +02:00
d14eb0efe4
fixing configuration and its test to match the new namespaces
2016-07-25 11:02:39 +02:00
b1305beb0f
Improve workaround for keeping config file format BC
2016-07-22 15:31:42 +02:00
54f96b9938
Introduce PSR-4 autoloading
2016-07-22 12:11:48 +02:00
9a9362789b
addressing issues with failed attachement uploads due to webserver configuration, resolves #15
2016-07-19 15:26:41 +02:00
002046cc62
some minor cleanups
2016-07-19 14:44:17 +02:00
be4c845129
Merge branch 'master' of github.com:PrivateBin/PrivateBin
2016-07-19 14:02:45 +02:00
c5606a47fe
refactoring away RainTPL and templating, resolves #36
2016-07-19 14:02:26 +02:00
38ab755733
Replace HTTP links with HTTPS
...
Using this regexp: https://regex101.com/r/rZ2dE2/1
2016-07-19 13:56:52 +02:00
03306dabff
using TEXT data type for PostgreSQL instead of BLOB, hopefully resolves #8
2016-07-18 15:55:51 +02:00
e7dde4d212
cleaning REQUEST_URI for good measure
2016-07-18 15:21:32 +02:00
e1d6db88a1
Merge pull request #44 from PrivateBin/rugk-itBugsMe
...
Change array used for language selection
2016-07-18 15:15:41 +02:00
afaa111d22
code style
2016-07-18 15:13:56 +02:00
b53efda635
improving code coverage and unit testing
2016-07-18 14:47:32 +02:00
2e863e3ed9
Search key first
...
Looks a bit complicated, but well...
2016-07-18 13:25:41 +02:00
80e9d75477
Remove unnecessary array
...
Now it is right...
2016-07-18 13:12:54 +02:00
19d5659a8f
Change array
...
https://github.com/PrivateBin/PrivateBin/issues/41
Not tested locally, let's say what Travis says... 😄
2016-07-18 13:11:15 +02:00
ff0c55c0d6
introduce option to disable vizhash for paranoid admins, resolves #20 point 2.4
2016-07-18 10:14:38 +02:00
f8bc40b4e4
introducing automatic purging of expired pastes, triggered by default at least 5 minutes apart, deleting a maximum of 10 pastes - resolves #3
2016-07-15 17:02:59 +02:00
4d10fd9690
fixing support for pre renaming configuration file format, resolves #37
2016-07-13 09:41:45 +02:00
90a26d8fcb
removing some code smells, found in the various code checker tools
2016-07-11 15:47:42 +02:00
c33c50f775
using table name sanitation function to ensure no weird characters are used by accident (e.g. by oddly configured table prefix)
2016-07-11 14:33:45 +02:00
3b3b5277eb
refactoring to improve code quality
2016-07-11 14:15:20 +02:00
79509ad48a
renaming the fork to PrivateBin
2016-07-11 11:58:15 +02:00
b8080acc78
fixing an unhandled case found with scrutinizer-ci
2016-07-06 14:58:06 +02:00
c13caee981
fixing some documentation issues detected by scrutinizer-ci
2016-07-06 14:12:14 +02:00
0e217a42c5
introduce new zerobincompatibility option, replacing the base64 one, if it is enabled, delete tokens use sha256; added per paste salt with server salt fallback; this resolves the points 2.2 & 2.9 in #103
2016-07-06 11:37:13 +02:00
6b0b814dc6
removing leftover from previously using a different function, resolves #83
2016-07-06 09:41:07 +02:00
5980f8b603
removing some unused code detected by codacy
2016-07-04 20:46:45 +02:00
fd5a7a07ae
Soft fail for chmod errors
2016-06-22 18:08:25 +02:00
54f1cb9d34
Only protect file if it was written
2016-06-21 21:47:03 +02:00
8a48e9ce78
Set permissions when saving files
...
Fixes https://github.com/elrido/ZeroBin/issues/80
2016-06-21 17:18:11 +02:00
1a1818660d
Missing space
2016-05-12 20:07:58 +02:00
4918bef4dc
Although there usually are no plurals in chinese, there's an exception
...
for words related to persons, when not preceeded by a numeric word.
Sources:
- http://localization-guide.readthedocs.org/en/latest/l10n/pluralforms.html#f3
- https://answers.yahoo.com/question/index?qid=20110606153553AAAW5zX
2016-04-26 20:21:30 +02:00
3a92c940a9
implementing media type negotiation (based on language negotiation
...
logic) in cases both JSON and (X)HTML are being requested, resolving #68
2016-04-08 23:29:44 +02:00
a4ebdbc606
re-introducing (optional) URL shortener support, resolves #58
2016-01-31 09:56:06 +01:00
09dd79dbc7
switching to SHA256 HMAC of IPs in traffic limiter, resolves #57
2015-12-22 20:58:23 +01:00
a13ad6368f
MD5 instead of IP
2015-12-22 06:02:41 +03:00
24a4328c55
incrementing version, updating changelog, added missing phpdoc comments
2015-11-09 21:39:42 +01:00
42a9c92b5e
improved database backend support for larger files (100 KiB - 16 MiB),
...
introduced database versioning to reduce amount of checks done per
request
2015-11-01 17:02:20 +01:00
d42975580a
expire_options and formatter_options should not be filled up with
...
default values, resolves #52
2015-10-24 08:44:17 +02:00
176dff3b70
renaming config file to make updates easier, resolving #50
2015-10-22 21:13:15 +02:00
e3f4aa982c
adding configuration option to set a default language and/or force it,
...
resolves #39
2015-10-18 20:38:07 +02:00
ca07398b66
adding option to hide clone button on expiring pastes, resolves #34
2015-10-18 17:56:45 +02:00
14d08ec56d
working on JSON-LD validity, added CORS headers preparing external API
...
call support
2015-10-18 14:37:58 +02:00
22d0b1ec22
updating comment format to match defined JSON-LD API context
2015-10-18 11:38:48 +02:00
f21567133c
changing paste read output for API refactoring
2015-10-18 11:08:28 +02:00
b92b38cee8
found and resolved issues in database layer, thanks to report in #42
2015-10-16 23:13:36 +02:00
2e3bacb699
fixing deletion issue in request refactoring, starting work on API read
...
refactoring
2015-10-15 22:04:57 +02:00
512b3d1172
fixing "missing" comments when they were posted during the same second
2015-10-12 21:07:41 +02:00
1d6cfb7f3b
refactoring delete API, added external JSON-LD context
2015-10-11 21:22:00 +02:00
9e6e29bc93
working on API: simplifying PUT request mocking
2015-10-11 18:50:48 +02:00
e5b096ed8c
found and fixed a bug when using expiration together with discussion
2015-10-03 17:54:18 +02:00
add980d36f
adding UI tests for database configuration, fixed an issue with comment
...
table creation
2015-10-03 15:52:37 +02:00
7ec94e0db5
implementing request refactoring, beginning JS changes for JSON API, but
...
discovered that DELETE and PUT are not available on all webservers by
default
2015-09-27 20:34:39 +02:00
6b7dc44039
preparing unit test for request object
2015-09-27 15:37:17 +02:00
ce3f10f143
improving unit tests, fixing regression in DB model
2015-09-27 14:36:20 +02:00
694138c5d4
mostly finished with data model refactoring
2015-09-27 03:03:55 +02:00
211d3e4622
preparing unit test for model refactoring, refactoring traffic limiter
2015-09-26 17:57:46 +02:00
d04eab52c9
refactoring how attachments are stored
2015-09-26 12:29:27 +02:00
6d24ff824e
refactoring configuration
2015-09-22 23:21:31 +02:00
9f68658106
incrementing version number, updating changelog
2015-09-21 22:43:00 +02:00
0de9f868fa
improving unit tests, fixing #38
2015-09-21 22:32:52 +02:00
608605cd54
incrementing version number, updating docs
2015-09-19 17:23:10 +02:00
a41d0ca4dd
various fixes:
...
- changing default formatter option to plain text to make upgrading from
0.19 Alpha smoother
- fixing translation message change in bootstrap templates
- adjusting how image uploads are displayed in bootstrap templates
2015-09-19 14:22:29 +02:00
a111357fae
add optional (since it uses a session cookie) language selection
2015-09-19 11:21:13 +02:00
47efedf23c
traffic limiter would fail behind a reverse proxy / load balancer.
...
Adding configuration option to set the trusted HTTP header to get the
visitors IP in such a case (avoiding security issue if malicious clients
just set these headers themselfs)
2015-09-18 22:31:01 +02:00
ed9c4f45f4
adding file name support for #20 , solving issue with unencryptable file
2015-09-18 12:33:10 +02:00
ec8851e46c
support < 0.21 syntax highlighting
2015-09-17 20:47:00 +02:00
106141efa4
merging @vikstrous file upload feature for #20 from
...
8a6d268278
2015-09-16 22:51:48 +02:00
0e53d1ee86
added markdown support and a dropdown for the format selection. The
...
options other then markdown are plain text and source code (syntax
highlighting). Resolves #25
2015-09-12 17:33:16 +02:00
b060d57524
- implemented php side of plural translation
...
- using it to generate labels dynamically for the expire options
(deprecating the [expire_labels] configuration).
- added translation of the human readable data sizes to support the
french octet
- fixed IEC label for kibibytes
2015-09-06 19:21:17 +02:00
eee7b0144a
covering JS side of translations ( #7 ), added the messages to the
...
translation files and translated the german ones
2015-09-06 13:07:46 +02:00
a2af88a36e
initial work on translations, covering the PHP side of it
2015-09-05 02:24:56 +02:00
28776ac178
formatting RainTPL class
2015-09-05 01:55:19 +02:00
411419d597
adding tests and unifying paste creation output
2015-09-03 22:55:36 +02:00
2d79ba8243
updating docs, bumping version to 0.20
2015-09-03 22:22:59 +02:00
602fc4705e
change for API consistency
2015-09-01 23:51:31 +02:00
b25022e403
refactored JSON API, its now possible to retrieve pastes as JSON, which
...
is now used when posting comments, eliminating the need to store the
password in sessionStorage
2015-09-01 22:33:07 +02:00
802a0b26b9
burn after reading messages are only deleted after callback by JS when
...
successfully decrypted, resolves #11
2015-08-31 22:10:41 +02:00
d3c4600806
slight configuration changes, template modifications to make discussions
...
and password configurable, removed generated configuration test as it
grows quite big and a new one can be generated easily if needed
2015-08-31 00:01:35 +02:00
2d0668af03
concluding work on configuration test generator for #16 . Replaced a few
...
die()s in the code with Exception, making it possible to test properly.
Fixed some outdated unit tests.
2015-08-29 20:29:14 +02:00
1c4d1aa6b6
working on configuration unit test generator as described in #16
2015-08-29 01:26:48 +02:00
ae82e84ef8
correcting php doc comments
2015-08-27 23:58:56 +02:00
d57d6cf44b
created initial unit tests for main zerobin class
2015-08-27 23:30:35 +02:00
f775da3931
fixing nasty deletion bug from #15 , included unit tests to trigger it
...
and reworked persistence classes to through exceptions rather to fail
silently
2015-08-27 21:41:21 +02:00
cb28056223
made highlighting more configurable, added all four themes, there is now a configurable flavour text (notice)
2015-08-17 23:18:33 +02:00
24d18c5313
cleaned up phpdoc comments, added README on how to install and use it
2015-08-16 15:55:31 +02:00
49c6e3c1b6
updated base64.js to version 2.1.9, using minified version found at
...
9192c510f5/base64.min.js
2015-08-16 12:27:06 +02:00
769768d25e
updated jquery to 1.11.3
2015-08-16 11:20:06 +02:00
8881b3047a
changing version string
2015-08-16 00:04:14 +02:00
43a439e7d0
Time attack protection on hmac comparison
...
This fixes issue 2.7 of https://defuse.ca/audits/zerobin.htm , and thus
(with commit a24212afda90ca3e4b4ff5ce30d2012709b58a28) also issue 2.8.
(cherry picked from commit 0b4db7ece313dd268e51fc47a0293a649927558a)
Conflicts:
index.php
2015-08-15 23:44:03 +02:00
e7feca0e53
Stronger server salt
...
ZeroBin now generates a much stronger salt. This fixes issue #68
(mentioned in section 2.1 of https://defuse.ca/audits/zerobin.htm )
(cherry picked from commit a24212afda90ca3e4b4ff5ce30d2012709b58a28)
Conflicts:
lib/serversalt.php
lib/vizhash16x16.php
2015-08-15 22:18:57 +02:00
4f72f04eda
Prevent inconstitent /data/trafic_limiter.php due to file read while writing
...
(cherry picked from commit 71a7f6adaea9a86a84fa8ebbcb9e5c506a785527)
Conflicts:
index.php
2015-08-15 22:10:05 +02:00
5b54ca34ad
Update index.php
...
Removed ugly error message when paste identifier is invalid (eg. http://mydomain.com/zerobin?foo )
(cherry picked from commit 43fa904979a29e4c205b9f4f08e1c487555bbe1c)
Conflicts:
index.php
2015-08-15 22:07:07 +02:00
bc8b23d35e
XSS flaw correction
...
With a client IE < 10 there was a XSS security flaw. Other browsers were
not affected.
Also corrected spacing display with IE<10.
(cherry picked from commit 28813cd82ae47e556b610da3c7302a6709e27431)
Conflicts:
CHANGELOG.md
index.php
js/zerobin.js
lib/vizhash16x16.php
2015-08-15 22:01:43 +02:00
e646729b2d
fixing regressions from cherrypicking
2015-08-15 21:39:08 +02:00
5f87ea6843
ZeroBin 0.18
...
(cherry picked from commit 7a8cbee2f99cd74a50bce7e8df8130e2c477d903)
Conflicts:
CHANGELOG.md
index.php
js/zerobin.js
lib/vizhash16x16.php
2015-08-15 21:06:19 +02:00
cff4d99f05
"Burn after reading" as a checkbox
...
"Burn after reading" option has been moved out of Expiration combo to a
separate checkbox.
Reason is: You can prevent a read-once paste to be available ad vitam
eternam on the net.
(cherry picked from commit 190b278402c086ebc4d1a78aae27d1e2666e3e7a)
Conflicts:
css/zerobin.css
index.php
js/zerobin.js
tpl/page.html
2015-08-15 19:01:03 +02:00
ad70051323
reviewed unit tests, fixing line endings, added more tests
2015-08-15 18:32:31 +02:00
7db76d8d71
Updated json checking.
...
- adapted to SJCL changed
- added entropy checking (from
f2ee2e8ba2
2015-08-15 18:16:55 +02:00
134d22c958
small unit testing improvements, removing never accessed code
2015-08-15 16:37:44 +02:00
badf459390
split common persistance logic into abstract class
2013-11-01 01:15:58 +01:00
5b253cf77c
ZeroBin 0.17
...
* added deletion link.
* small refactoring.
* improved regex checks.
* larger server alt on installation.
2013-11-01 01:15:14 +01:00
c26c4a8bec
arbitrary JSON file disclosure correction
...
The following securit issue has been fixed:
https://github.com/sebsauvage/ZeroBin/issues/30
2013-10-31 22:53:22 +01:00
d247bff897
syntax highlighting can now be turned off, template can be changed in
...
configuration
2013-10-31 22:24:40 +01:00
630e16c4a0
Added more configuration options, based on patch by Uli Köhler
2013-10-30 23:54:42 +01:00
51008d3e68
added test for entropy of cypher text - closes #3
2012-09-08 19:54:24 +02:00
2d4f155064
had to revert to HTML5 instead of XHTML5 because of compatibility
...
problem with code prettifier, fixed some display bugs
2012-08-28 23:28:41 +02:00
907538875b
removed leftovers from submodule uglifyjs, added credits file,
...
cleaned up CSS, changed template to output clean XHTML 5,
added unit tests for 60% of the code, found a few bugs by doing
that and fixed them
2012-08-26 00:49:11 +02:00
421e6cba97
implemented zerobin_db model, added more options for paste expiration, made comments and max data size configurable
2012-05-19 23:59:41 +02:00
edf95ff56d
added autoloading, configurable paste size limit, changed JS to calculate localized comment times instead of UTC
2012-04-30 22:58:08 +02:00
23487ce779
Fixed bug with missing directory separator and added .htaccess files to lib & cfg directories. If those are not present, the application will create them for you.
2012-04-30 13:58:29 +02:00
ba90d0cae2
Refactoring of code base - modularized code, introduced configuration, started working on a PDO based DB connector
2012-04-29 19:15:06 +02:00
6083c7a23c
refactoring files and directory structure
2012-04-22 13:34:17 +02:00
d92d8658a5
refactoring zerobin js, adding JSDoc
2012-04-22 12:45:45 +02:00
52630374e5
Initial commit of version 0.15 alpha.
2012-04-21 21:59:45 +02:00
El RIDO
rugk
thororm
atnaguzin
R4SAS
Sobak
Simon Rupf
Mihail Fedorov
Sebastien SAUVAGE
jeldrik
Simon Rupf
Thierry Poinot