Merge branch 'aldem-modal-decryption-password'

This commit is contained in:
El RIDO 2016-11-13 18:12:47 +01:00
commit 0493cf4463
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
15 changed files with 163 additions and 40 deletions

View file

@ -2,6 +2,7 @@
* **next (not yet released)** * **next (not yet released)**
* ADDED: Translations for Italian * ADDED: Translations for Italian
* CHANGED: Using modal dialog to request password input instead of native JS input window (#69)
* CHANGED: Suppressed referrer HTTP header sending when following links in a paste or comment (#96) and added additional HTTP headers for XSS mitigation (#91) * CHANGED: Suppressed referrer HTTP header sending when following links in a paste or comment (#96) and added additional HTTP headers for XSS mitigation (#91)
* CHANGED: Updated random_compat and jQuery libraries * CHANGED: Updated random_compat and jQuery libraries
* **1.0 (2016-08-25)** * **1.0 (2016-08-25)**

View file

@ -20,6 +20,7 @@ Sébastien Sauvage - original idea and main developer
* rugk - new logo/icons * rugk - new logo/icons
* Sobak - PSR-4 and PSR-2 refactoring * Sobak - PSR-4 and PSR-2 refactoring
* Nathaniel Olsen - jQuery upgrade * Nathaniel Olsen - jQuery upgrade
* Alexander Demenshin - modal password dialog
## Translations ## Translations
* Hexalyse - French * Hexalyse - French

View file

@ -140,5 +140,9 @@
"Editor": "Bearbeiten", "Editor": "Bearbeiten",
"Preview": "Vorschau", "Preview": "Vorschau",
"PrivateBin requires the PATH to end in a \"%s\". Please update the PATH in your index.php.": "PrivateBin requires the PATH to end in a \"%s\". Please update the PATH in your index.php.":
"Der PATH muss bei PrivateBin mit einem \"%s\" enden. Bitte passe Deinen PATH in Deiner index.php an." "Der PATH muss bei PrivateBin mit einem \"%s\" enden. Bitte passe Deinen PATH in Deiner index.php an.",
"Decrypt":
"Entschlüsseln",
"Enter password":
"Passwort eingeben"
} }

View file

@ -149,5 +149,9 @@
"Editor": "Éditer", "Editor": "Éditer",
"Preview": "Prévisualiser", "Preview": "Prévisualiser",
"PrivateBin requires the PATH to end in a \"%s\". Please update the PATH in your index.php.": "PrivateBin requires the PATH to end in a \"%s\". Please update the PATH in your index.php.":
"PrivateBin requires the PATH to end in a \"%s\". Please update the PATH in your index.php." "PrivateBin requires the PATH to end in a \"%s\". Please update the PATH in your index.php.",
"Decrypt":
"Decrypt",
"Enter password":
"Entrez le mot de passe"
} }

View file

@ -79,7 +79,7 @@
"This document will expire in %d months.": "This document will expire in %d months.":
["Questo documento scadrà tra un mese.", "Questo documento scadrà in %d mesi."], ["Questo documento scadrà tra un mese.", "Questo documento scadrà in %d mesi."],
"Please enter the password for this paste:": "Please enter the password for this paste:":
"Inserisci la passowrd per questo messaggio:", "Inserisci la password per questo messaggio:",
"Could not decrypt data (Wrong key?)": "Could not decrypt data (Wrong key?)":
"Non riesco a decifrari i dati (Chiave errata?)", "Non riesco a decifrari i dati (Chiave errata?)",
"Could not delete the paste, it was not stored in burn after reading mode.": "Could not delete the paste, it was not stored in burn after reading mode.":
@ -140,5 +140,9 @@
"Editor": "Editor", "Editor": "Editor",
"Preview": "Preview", "Preview": "Preview",
"PrivateBin requires the PATH to end in a \"%s\". Please update the PATH in your index.php.": "PrivateBin requires the PATH to end in a \"%s\". Please update the PATH in your index.php.":
"PrivateBin necessita che PATH termini con \"%s\". Aggiorna la variabile PATH nel tuo index.php." "PrivateBin necessita che PATH termini con \"%s\". Aggiorna la variabile PATH nel tuo index.php.",
"Decrypt":
"Decrypt",
"Enter password":
"Inserisci la password"
} }

View file

@ -140,5 +140,9 @@
"Editor": "Edytować", "Editor": "Edytować",
"Preview": "Zapowiedź", "Preview": "Zapowiedź",
"PrivateBin requires the PATH to end in a \"%s\". Please update the PATH in your index.php.": "PrivateBin requires the PATH to end in a \"%s\". Please update the PATH in your index.php.":
"PrivateBin requires the PATH to end in a \"%s\". Please update the PATH in your index.php." "PrivateBin requires the PATH to end in a \"%s\". Please update the PATH in your index.php.",
"Decrypt":
"Decrypt",
"Enter password":
"Wpisz hasło"
} }

View file

@ -149,5 +149,9 @@
"Editor": "Uredi", "Editor": "Uredi",
"Preview": "Predogled", "Preview": "Predogled",
"PrivateBin requires the PATH to end in a \"%s\". Please update the PATH in your index.php.": "PrivateBin requires the PATH to end in a \"%s\". Please update the PATH in your index.php.":
"PrivateBin requires the PATH to end in a \"%s\". Please update the PATH in your index.php." "PrivateBin requires the PATH to end in a \"%s\". Please update the PATH in your index.php.",
"Decrypt":
"Decrypt",
"Enter password":
"Prosim vnesi geslo"
} }

View file

@ -140,5 +140,9 @@
"Editor": "編輯", "Editor": "編輯",
"Preview": "預習", "Preview": "預習",
"PrivateBin requires the PATH to end in a \"%s\". Please update the PATH in your index.php.": "PrivateBin requires the PATH to end in a \"%s\". Please update the PATH in your index.php.":
"PrivateBin requires the PATH to end in a \"%s\". Please update the PATH in your index.php." "PrivateBin requires the PATH to end in a \"%s\". Please update the PATH in your index.php.",
"Decrypt":
"Decrypt",
"Enter password":
"Enter password"
} }

View file

@ -611,23 +611,26 @@ $(function() {
}, },
/** /**
* ask the user for the password and return it * ask the user for the password and set it
*
* @throws error when dialog canceled
* @return string password
*/ */
requestPassword: function() requestPassword: function()
{ {
var password = prompt(i18n._('Please enter the password for this paste:'), ''); if (this.passwordModal.length == 0) {
if (password === null) var password = prompt(i18n._('Please enter the password for this paste:'), '');
{ if (password === null)
throw 'password prompt canceled'; {
throw 'password prompt canceled';
}
if (password.length === 0)
{
this.requestPassword();
} else {
this.passwordInput.val(password);
this.displayMessages();
}
} else {
this.passwordModal.modal();
} }
if (password.length === 0)
{
return this.requestPassword();
}
return password;
}, },
/** /**
@ -688,14 +691,15 @@ $(function() {
/** /**
* Show decrypted text in the display area, including discussion (if open) * Show decrypted text in the display area, including discussion (if open)
* *
* @param string key : decryption key * @param object paste (optional) object including comments to display (items = array with keys ('data','meta')
* @param object paste : paste object including comments to display (items = array with keys ('data','meta')
*/ */
displayMessages: function(key, paste) displayMessages: function(paste)
{ {
// Try to decrypt the paste. paste = paste || $.parseJSON(this.cipherData.text());
var key = this.pageKey();
var password = this.passwordInput.val(); var password = this.passwordInput.val();
if (!this.prettyPrint.hasClass('prettyprinted')) { if (!this.prettyPrint.hasClass('prettyprinted')) {
// Try to decrypt the paste.
try try
{ {
if (paste.attachment) if (paste.attachment)
@ -705,7 +709,8 @@ $(function() {
{ {
if (password.length === 0) if (password.length === 0)
{ {
password = this.requestPassword(); this.requestPassword();
return;
} }
attachment = filter.decipher(key, password, paste.attachment); attachment = filter.decipher(key, password, paste.attachment);
} }
@ -740,8 +745,8 @@ $(function() {
var cleartext = filter.decipher(key, password, paste.data); var cleartext = filter.decipher(key, password, paste.data);
if (cleartext.length === 0 && password.length === 0 && !paste.attachment) if (cleartext.length === 0 && password.length === 0 && !paste.attachment)
{ {
password = this.requestPassword(); this.requestPassword();
cleartext = filter.decipher(key, password, paste.data); return;
} }
if (cleartext.length === 0 && !paste.attachment) if (cleartext.length === 0 && !paste.attachment)
{ {
@ -942,7 +947,7 @@ $(function() {
{ {
if (data.status === 0) if (data.status === 0)
{ {
privatebin.displayMessages(privatebin.pageKey(), data); privatebin.displayMessages(data);
} }
else if (data.status === 1) else if (data.status === 1)
{ {
@ -1161,7 +1166,7 @@ $(function() {
/** /**
* Put the screen in "Existing paste" mode. * Put the screen in "Existing paste" mode.
* *
* @param boolean preview (optional) : tell if the preview tabs should be displayed, defaults to false. * @param boolean preview (optional) tell if the preview tabs should be displayed, defaults to false.
*/ */
stateExistingPaste: function(preview) stateExistingPaste: function(preview)
{ {
@ -1420,6 +1425,34 @@ $(function() {
this.fileWrap.removeClass('hidden'); this.fileWrap.removeClass('hidden');
}, },
/**
* Focus on the modal password dialog.
*/
focusPasswordModal: function()
{
this.passwordDecrypt.focus();
},
/**
* Decrypt using the password from the modal dialog.
*/
decryptPasswordModal: function()
{
this.passwordInput.val(this.passwordDecrypt.val());
this.displayMessages();
},
/**
* Submit a password in the modal dialog.
*
* @param Event event
*/
submitPasswordModal: function(event)
{
event.preventDefault();
this.passwordModal.modal('hide');
},
/** /**
* Display an error message * Display an error message
* (We use the same function for paste and reply to comments) * (We use the same function for paste and reply to comments)
@ -1507,6 +1540,11 @@ $(function() {
// page template drop down // page template drop down
$('#language select option').click($.proxy(this.setLanguage, this)); $('#language select option').click($.proxy(this.setLanguage, this));
// handle modal password request on decryption
this.passwordModal.on('shown.bs.modal', $.proxy(this.focusPasswordModal, this));
this.passwordModal.on('hidden.bs.modal', $.proxy(this.decryptPasswordModal, this));
this.passwordForm.submit($.proxy(this.submitPasswordModal, this));
}, },
/** /**
@ -1543,6 +1581,9 @@ $(function() {
this.openDiscussion = $('#opendiscussion'); this.openDiscussion = $('#opendiscussion');
this.password = $('#password'); this.password = $('#password');
this.passwordInput = $('#passwordinput'); this.passwordInput = $('#passwordinput');
this.passwordModal = $('#passwordmodal');
this.passwordForm = $('#passwordform');
this.passwordDecrypt = $('#passworddecrypt');
this.pasteResult = $('#pasteresult'); this.pasteResult = $('#pasteresult');
this.prettyMessage = $('#prettymessage'); this.prettyMessage = $('#prettymessage');
this.prettyPrint = $('#prettyprint'); this.prettyPrint = $('#prettyprint');
@ -1573,13 +1614,9 @@ $(function() {
return; return;
} }
// List of messages to display.
var data = $.parseJSON(this.cipherData.text());
// Show proper elements on screen. // Show proper elements on screen.
this.stateExistingPaste(); this.stateExistingPaste();
this.displayMessages();
this.displayMessages(this.pageKey(), data);
} }
// Display error message from php code. // Display error message from php code.
else if (this.errorMessage.text().length > 1) else if (this.errorMessage.text().length > 1)

View file

@ -52,7 +52,7 @@ if ($MARKDOWN):
<?php <?php
endif; endif;
?> ?>
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-h/cw2lgocVvgjmYWShhbnz5nSzyUv4rVY1JgN7vmkZq8VJX9KVXPoC7oYX+YGFk+0FYw+c/uofVW9yyU5TJv+w==" crossorigin="anonymous"></script> <script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-cQXLXYKNq6ecCb0lA9BSQ0urt16yDERYnT5vcjeE3UJb6W5PUjwN/jtVsGBoRzoGGEll+N3stvgIXGjkjaYj5g==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->
@ -66,6 +66,21 @@ endif;
<meta name="theme-color" content="#ffe57e" /> <meta name="theme-color" content="#ffe57e" />
</head> </head>
<body role="document" class="navbar-spacing"> <body role="document" class="navbar-spacing">
<div id="passwordmodal" class="modal fade" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-body">
<form id="passwordform" role="form">
<div class="form-group">
<label for="passworddecrypt"><span class="glyphicon glyphicon-eye-open"></span> <?php echo I18n::_('Please enter the password for this paste:') ?></label>
<input id="passworddecrypt" type="password" class="form-control" placeholder="<?php echo I18n::_('Enter password') ?>" autofocus>
</div>
<button type="submit" class="btn btn-success btn-block"><span class="glyphicon glyphicon-off"></span> <?php echo I18n::_('Decrypt') ?></button>
</form>
</div>
</div>
</div>
</div>
<nav class="navbar navbar-default navbar-fixed-top"> <nav class="navbar navbar-default navbar-fixed-top">
<div class="container"> <div class="container">
<div class="navbar-header"> <div class="navbar-header">

View file

@ -52,7 +52,7 @@ if ($MARKDOWN):
<?php <?php
endif; endif;
?> ?>
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-h/cw2lgocVvgjmYWShhbnz5nSzyUv4rVY1JgN7vmkZq8VJX9KVXPoC7oYX+YGFk+0FYw+c/uofVW9yyU5TJv+w==" crossorigin="anonymous"></script> <script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-cQXLXYKNq6ecCb0lA9BSQ0urt16yDERYnT5vcjeE3UJb6W5PUjwN/jtVsGBoRzoGGEll+N3stvgIXGjkjaYj5g==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->

View file

@ -52,7 +52,7 @@ if ($MARKDOWN):
<?php <?php
endif; endif;
?> ?>
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-h/cw2lgocVvgjmYWShhbnz5nSzyUv4rVY1JgN7vmkZq8VJX9KVXPoC7oYX+YGFk+0FYw+c/uofVW9yyU5TJv+w==" crossorigin="anonymous"></script> <script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-cQXLXYKNq6ecCb0lA9BSQ0urt16yDERYnT5vcjeE3UJb6W5PUjwN/jtVsGBoRzoGGEll+N3stvgIXGjkjaYj5g==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->
@ -66,6 +66,21 @@ endif;
<meta name="theme-color" content="#ffe57e" /> <meta name="theme-color" content="#ffe57e" />
</head> </head>
<body role="document"> <body role="document">
<div id="passwordmodal" class="modal fade" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-body">
<form id="passwordform" role="form">
<div class="form-group">
<label for="passworddecrypt"><span class="glyphicon glyphicon-eye-open"></span> <?php echo I18n::_('Please enter the password for this paste:') ?></label>
<input id="passworddecrypt" type="password" class="form-control" placeholder="<?php echo I18n::_('Enter password') ?>" autofocus>
</div>
<button type="submit" class="btn btn-success btn-block"><span class="glyphicon glyphicon-off"></span> <?php echo I18n::_('Decrypt') ?></button>
</form>
</div>
</div>
</div>
</div>
<nav class="navbar navbar-inverse navbar-static-top"> <nav class="navbar navbar-inverse navbar-static-top">
<div class="navbar-header"> <div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">

View file

@ -52,7 +52,7 @@ if ($MARKDOWN):
<?php <?php
endif; endif;
?> ?>
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-h/cw2lgocVvgjmYWShhbnz5nSzyUv4rVY1JgN7vmkZq8VJX9KVXPoC7oYX+YGFk+0FYw+c/uofVW9yyU5TJv+w==" crossorigin="anonymous"></script> <script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-cQXLXYKNq6ecCb0lA9BSQ0urt16yDERYnT5vcjeE3UJb6W5PUjwN/jtVsGBoRzoGGEll+N3stvgIXGjkjaYj5g==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->
@ -66,6 +66,21 @@ endif;
<meta name="theme-color" content="#ffe57e" /> <meta name="theme-color" content="#ffe57e" />
</head> </head>
<body role="document"> <body role="document">
<div id="passwordmodal" class="modal fade" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-body">
<form id="passwordform" role="form">
<div class="form-group">
<label for="passworddecrypt"><span class="glyphicon glyphicon-eye-open"></span> <?php echo I18n::_('Please enter the password for this paste:') ?></label>
<input id="passworddecrypt" type="password" class="form-control" placeholder="<?php echo I18n::_('Enter password') ?>" autofocus>
</div>
<button type="submit" class="btn btn-success btn-block"><span class="glyphicon glyphicon-off"></span> <?php echo I18n::_('Decrypt') ?></button>
</form>
</div>
</div>
</div>
</div>
<nav class="navbar navbar-default navbar-static-top"> <nav class="navbar navbar-default navbar-static-top">
<div class="navbar-header"> <div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">

View file

@ -52,7 +52,7 @@ if ($MARKDOWN):
<?php <?php
endif; endif;
?> ?>
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-h/cw2lgocVvgjmYWShhbnz5nSzyUv4rVY1JgN7vmkZq8VJX9KVXPoC7oYX+YGFk+0FYw+c/uofVW9yyU5TJv+w==" crossorigin="anonymous"></script> <script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-cQXLXYKNq6ecCb0lA9BSQ0urt16yDERYnT5vcjeE3UJb6W5PUjwN/jtVsGBoRzoGGEll+N3stvgIXGjkjaYj5g==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->
@ -66,6 +66,21 @@ endif;
<meta name="theme-color" content="#ffe57e" /> <meta name="theme-color" content="#ffe57e" />
</head> </head>
<body role="document"> <body role="document">
<div id="passwordmodal" class="modal fade" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-body">
<form id="passwordform" role="form">
<div class="form-group">
<label for="passworddecrypt"><span class="glyphicon glyphicon-eye-open"></span> <?php echo I18n::_('Please enter the password for this paste:') ?></label>
<input id="passworddecrypt" type="password" class="form-control" placeholder="<?php echo I18n::_('Enter password') ?>" autofocus>
</div>
<button type="submit" class="btn btn-success btn-block"><span class="glyphicon glyphicon-off"></span> <?php echo I18n::_('Decrypt') ?></button>
</form>
</div>
</div>
</div>
</div>
<nav class="navbar navbar-default navbar-static-top"> <nav class="navbar navbar-default navbar-static-top">
<div class="navbar-header"> <div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">

View file

@ -47,7 +47,7 @@ if ($MARKDOWN):
<?php <?php
endif; endif;
?> ?>
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-h/cw2lgocVvgjmYWShhbnz5nSzyUv4rVY1JgN7vmkZq8VJX9KVXPoC7oYX+YGFk+0FYw+c/uofVW9yyU5TJv+w==" crossorigin="anonymous"></script> <script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-cQXLXYKNq6ecCb0lA9BSQ0urt16yDERYnT5vcjeE3UJb6W5PUjwN/jtVsGBoRzoGGEll+N3stvgIXGjkjaYj5g==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->