Haocen Xu
bb9a5772bc
Add resource: to script-src cspheader to allowed rendering of pdf in
...
Firefox
2020-05-30 05:37:35 -04:00
El RIDO
9aac073a49
clarifying for #525 that none is a string, as PHP might evaluate it to NULL instead
2020-01-09 05:42:42 +01:00
El RIDO
d5aeba60ca
increase default size limit to 10 MiB, documenting change
2019-09-20 07:04:26 +02:00
El RIDO
8e27dbff15
clarify the use of 'unsafe-eval' and what the impact removing it has - Firefox users may not care and disable it to improve security
2019-09-19 19:24:28 +02:00
Haocen Xu
ab75b183fb
Fix click on new paste on clone paste editing view not removing custom
...
attachment
Fix cloning paste with attachment
Update CSP in sample and default configuration
Ensure clone paste also clone format
Fix clone button hiding logic when paste is burn after read
Remove attachment name when new paste clicked on
Enable file operation only when editing
2019-08-25 02:16:58 -04:00
El RIDO
11375a4f59
moved referrer policy from CSP & meta to proper HTTP header to avoid browser console error message about unknown CSP header and to ensure it always applies before HTML is parsed, fixes #196
2019-06-27 20:31:10 +02:00
El RIDO
c2e060d464
made compression configurable, fixes #38
2019-06-23 19:45:40 +02:00
rugk
b7db033bdd
Adjust config text
2019-06-21 19:50:40 +02:00
El RIDO
42c2003220
made notice configurable, fixing a few CSS glitches
2019-06-17 21:40:37 +02:00
El RIDO
362045c664
re-add data-URLs to CSP for img-src, as these are used for the comment icons
2019-06-16 07:06:58 +02:00
El RIDO
f915af1a5a
adjust CSP header to allow blob URLs
2019-06-15 09:36:09 +02:00
El RIDO
398fabd664
Chrome requires unsafe-eval for it to parse and evaluate WASM modules
2019-05-20 18:29:37 +02:00
El RIDO
720897b902
correct CSP to allow password prompt
2018-07-21 06:45:09 +00:00
rugk
60d4ccb02c
Add comment about blocked images
...
Fixes https://github.com/PrivateBin/PrivateBin/issues/275
2018-07-01 14:59:24 +02:00
El RIDO
d6f203dc4c
Removed option to hide clone button on expiring pastes, since this requires reading the paste for rendering the template, which leaks information on the pastes state
2018-05-27 15:05:31 +02:00
El RIDO
caf87cc6f1
Merge branch 'master' into burnafterreading-fix, regression in expired paste error
2018-04-30 20:01:38 +02:00
El RIDO
2c82279292
Merge branch 'attachment-handling' of https://github.com/thororm/PrivateBin into thororm-attachment-handling
...
apart from resolving conflicts:
- added missing docs
- inlined functions that were used in only one location
- updated unit test to support all previews
- fixed a regression that displayed the preview even when there was no preview and too early
2018-04-29 11:57:03 +02:00
rugk
9c132cd839
Disallow form-action in CSP to limit outgoing connections
...
See https://github.com/PrivateBin/PrivateBin/issues/272
2018-01-06 18:06:06 +01:00
rugk
414ab0eb71
Add config and basic page template support
...
* load JS file asyncronously (just HTML5 async attribut)
* add basic support for page template, where it generates the code inside
of a simple div at the top
* added option to turn off QR code support
2017-12-25 14:59:15 +01:00
El RIDO
4ded4b7f8c
adding correct HTTP error to response, as per @rugk's recommentation
2017-10-08 16:43:46 +02:00
El RIDO
6625a9dc59
hiding INI contents from StyleCI
2017-10-08 16:26:21 +02:00
El RIDO
7197705d5c
updating unit test in preparation for planned file name change, currently failing
2017-10-08 16:25:11 +02:00
thororm
23f5dfbff8
Merge remote-tracking branch 'remotes/thororm/master' into attachment-handling
...
# Conflicts:
# tpl/bootstrap.php
# tpl/page.php
2017-05-13 19:48:25 +02:00
El RIDO
f54036976a
added instantburnafterreading option to address #174
2017-04-11 17:23:26 +02:00
thororm
096f07f86e
Merge branch 'master' into attachment-handling
...
# Conflicts:
# js/privatebin.js
# tpl/bootstrap.php
# tpl/page.php
2017-04-02 13:30:52 +02:00
El RIDO
be0919893d
updating shipped .htaccess files for Apache 2.4 as per https://httpd.apache.org/docs/2.4/upgrading.html#access - Thanks @EchoDev, fixes #194
2017-03-11 08:56:14 +01:00
thororm
b9737d368d
Update conf.ini.sample
2017-02-13 22:57:09 +01:00
thororm
faf596aeb7
Added preview for
...
- Video (HTML5)
- Audio (HTML5)
- PDF (Browser capabilities)
attachment.
Added drag & drop functionality
Added attachment preview to preview before submitting
2017-02-12 15:35:37 +01:00
rugk
e9b10f9e2d
Add CSP sandbox
...
Fixes https://github.com/PrivateBin/PrivateBin/issues/168
Alos needed to run some Composer stuff, no idea why my diff was different.
2017-02-01 18:34:13 +01:00
El RIDO
67f6c4eb61
turned bootstrap template variants into logic
2017-01-08 10:02:07 +01:00
rugk
f5aefa5513
Update for correct spelling
2017-01-07 20:35:23 +01:00
Jordyn Carattini
36f70cad48
Fixed a spelling error in conf.ini
...
Changed "Mibibytes" to "Megabytes"
2017-01-01 17:47:07 -06:00
El RIDO
a5d91298ff
add an option to change the site name, solves #154
2017-01-01 16:33:11 +01:00
rugk
2cd4717bd2
Use default csp value by default
...
Otherwise the CSP may break updates if we later change the behaviour of PrivateBin somehow.
We should have done this before the v1.0 release, but well...
2016-09-18 12:21:42 +02:00
rugk
1a159c973f
Prevent referrer to be send
...
Uses both CSP and Referrer-Policy
Fixes #96
2016-09-03 18:12:24 +02:00
rugk
9ff74e8841
Allow manifest loading via CSP
2016-08-27 00:01:19 +02:00
rugk
3d541f867b
Update config file header
...
We really don't need to license the config file....
2016-08-12 18:23:15 +02:00
El RIDO
3988b860b0
implemented Identicon library as new default for comment icons, made Vizhash an optional alternative, refactored Vizhash and removed string lenghtening
2016-08-10 17:41:46 +02:00
El RIDO
addb666a23
introducing CSP header to mitigate XSS attacks, closes #10
2016-08-09 14:46:32 +02:00
El RIDO
b45bef8388
Renamed classes for full PSR-2 compliance, some cleanup
2016-08-09 11:54:42 +02:00
rugk
38ab755733
Replace HTTP links with HTTPS
...
Using this regexp: https://regex101.com/r/rZ2dE2/1
2016-07-19 13:56:52 +02:00
El RIDO
b53efda635
improving code coverage and unit testing
2016-07-18 14:47:32 +02:00
El RIDO
ff0c55c0d6
introduce option to disable vizhash for paranoid admins, resolves #20 point 2.4
2016-07-18 10:14:38 +02:00
El RIDO
20cf678a75
adding default configuration for purging, resolves #3 (again)
2016-07-18 09:13:23 +02:00
El RIDO
79509ad48a
renaming the fork to PrivateBin
2016-07-11 11:58:15 +02:00
Gilles
a7ef0b54e6
ZeroBin -> PrivateBin
...
Changing name
2016-07-10 11:02:31 +02:00
El RIDO
0e217a42c5
introduce new zerobincompatibility option, replacing the base64 one, if it is enabled, delete tokens use sha256; added per paste salt with server salt fallback; this resolves the points 2.2 & 2.9 in #103
2016-07-06 11:37:13 +02:00
El RIDO
a4ebdbc606
re-introducing (optional) URL shortener support, resolves #58
2016-01-31 09:56:06 +01:00
El RIDO
24a4328c55
incrementing version, updating changelog, added missing phpdoc comments
2015-11-09 21:39:42 +01:00
El RIDO
d42975580a
expire_options and formatter_options should not be filled up with
...
default values, resolves #52
2015-10-24 08:44:17 +02:00