made compression configurable, fixes #38
This commit is contained in:
parent
848d3563f4
commit
c2e060d464
8 changed files with 35 additions and 21 deletions
|
@ -3,6 +3,7 @@
|
||||||
* **1.3 (not yet released)**
|
* **1.3 (not yet released)**
|
||||||
* ADDED: Translation for Czech (#424)
|
* ADDED: Translation for Czech (#424)
|
||||||
* ADDED: Threat modeled the application (#177)
|
* ADDED: Threat modeled the application (#177)
|
||||||
|
* ADDED: Made compression configurable (#38)
|
||||||
* CHANGED: Minimum required PHP version is 5.5, due to a change in the identicon library
|
* CHANGED: Minimum required PHP version is 5.5, due to a change in the identicon library
|
||||||
* CHANGED: Minimum required browser versions are Firefox 54, Chrome 57, Opera 44, Safari 11, Edge 16, due to use of WebCrypto API, async/await, ES6 & WebAssembly features - all Internet Explorer versions are incompatible
|
* CHANGED: Minimum required browser versions are Firefox 54, Chrome 57, Opera 44, Safari 11, Edge 16, due to use of WebCrypto API, async/await, ES6 & WebAssembly features - all Internet Explorer versions are incompatible
|
||||||
* CHANGED: JSON and encryption formats were changed to replace SJCL library by browser integrated WebCrypto API (#28, #74)
|
* CHANGED: JSON and encryption formats were changed to replace SJCL library by browser integrated WebCrypto API (#28, #74)
|
||||||
|
|
|
@ -75,13 +75,19 @@ languageselection = false
|
||||||
; stay compatible with PrivateBin Alpha 0.19, less secure
|
; stay compatible with PrivateBin Alpha 0.19, less secure
|
||||||
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
|
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
|
||||||
; sha256 in HMAC for the deletion token
|
; sha256 in HMAC for the deletion token
|
||||||
zerobincompatibility = false
|
; zerobincompatibility = false
|
||||||
|
|
||||||
; Enable or disable the warning message when the site is served over an insecure connection (insecure HTTP instead of HTTPS), defaults to true.
|
; Enable or disable the warning message when the site is served over an insecure
|
||||||
|
; connection (insecure HTTP instead of HTTPS), defaults to true.
|
||||||
; Secure transport methods like Tor and I2P domains are automatically whitelisted.
|
; Secure transport methods like Tor and I2P domains are automatically whitelisted.
|
||||||
; It is **strongly discouraged** to disable this.
|
; It is **strongly discouraged** to disable this.
|
||||||
; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information.
|
; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information.
|
||||||
httpwarning = true
|
; httpwarning = true
|
||||||
|
|
||||||
|
; Pick compression algorithm or disable it. Only applies to pastes/comments
|
||||||
|
; created after changing the setting.
|
||||||
|
; Can be set to one these values: none / zlib (default).
|
||||||
|
; compression = zlib
|
||||||
|
|
||||||
[expire]
|
[expire]
|
||||||
; expire value that is selected per default
|
; expire value that is selected per default
|
||||||
|
|
|
@ -941,14 +941,14 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
||||||
// AES in Galois Counter Mode, keysize 256 bit,
|
// AES in Galois Counter Mode, keysize 256 bit,
|
||||||
// authentication tag 128 bit, 10000 iterations in key derivation
|
// authentication tag 128 bit, 10000 iterations in key derivation
|
||||||
const spec = [
|
const spec = [
|
||||||
getRandomBytes(16), // initialization vector
|
getRandomBytes(16), // initialization vector
|
||||||
getRandomBytes(8), // salt
|
getRandomBytes(8), // salt
|
||||||
100000, // iterations
|
100000, // iterations
|
||||||
256, // key size
|
256, // key size
|
||||||
128, // tag size
|
128, // tag size
|
||||||
'aes', // algorithm
|
'aes', // algorithm
|
||||||
'gcm', // algorithm mode
|
'gcm', // algorithm mode
|
||||||
'zlib' // compression
|
$('body').data('compression') || 'zlib' // compression
|
||||||
], encodedSpec = [];
|
], encodedSpec = [];
|
||||||
for (let i = 0; i < spec.length; ++i) {
|
for (let i = 0; i < spec.length; ++i) {
|
||||||
encodedSpec[i] = i < 2 ? btoa(spec[i]) : spec[i];
|
encodedSpec[i] = i < 2 ? btoa(spec[i]) : spec[i];
|
||||||
|
|
|
@ -56,6 +56,7 @@ class Configuration
|
||||||
'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; Referrer-Policy: \'no-referrer\'; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals',
|
'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; Referrer-Policy: \'no-referrer\'; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals',
|
||||||
'zerobincompatibility' => false,
|
'zerobincompatibility' => false,
|
||||||
'httpwarning' => true,
|
'httpwarning' => true,
|
||||||
|
'compression' => 'zlib',
|
||||||
),
|
),
|
||||||
'expire' => array(
|
'expire' => array(
|
||||||
'default' => '1week',
|
'default' => '1week',
|
||||||
|
|
|
@ -387,6 +387,7 @@ class Controller
|
||||||
$page->assign('URLSHORTENER', $this->_conf->getKey('urlshortener'));
|
$page->assign('URLSHORTENER', $this->_conf->getKey('urlshortener'));
|
||||||
$page->assign('QRCODE', $this->_conf->getKey('qrcode'));
|
$page->assign('QRCODE', $this->_conf->getKey('qrcode'));
|
||||||
$page->assign('HTTPWARNING', $this->_conf->getKey('httpwarning'));
|
$page->assign('HTTPWARNING', $this->_conf->getKey('httpwarning'));
|
||||||
|
$page->assign('COMPRESSION', $this->_conf->getKey('compression'));
|
||||||
$page->draw($this->_conf->getKey('template'));
|
$page->draw($this->_conf->getKey('template'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -72,7 +72,7 @@ if ($MARKDOWN):
|
||||||
endif;
|
endif;
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-qbbaN+vdcDPfAPXaU1pMI1MzHrjZNKRwgx/l7jE1Ma1ebJ8K7GhoKbOrqPi/xkYOrWPE94tBxvSxuvqe6czAqA==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-wrACqkssPbx5b/OLzM+ZxUP8L1AmdG+aYefO4uFG8GedXxic3R4ICkWsrPL7jYbwLzzdmnmuIYc58JhCSVh28Q==" crossorigin="anonymous"></script>
|
||||||
<!--[if IE]>
|
<!--[if IE]>
|
||||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
|
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
|
||||||
<![endif]-->
|
<![endif]-->
|
||||||
|
@ -85,13 +85,17 @@ endif;
|
||||||
<meta name="msapplication-config" content="browserconfig.xml">
|
<meta name="msapplication-config" content="browserconfig.xml">
|
||||||
<meta name="theme-color" content="#ffe57e" />
|
<meta name="theme-color" content="#ffe57e" />
|
||||||
</head>
|
</head>
|
||||||
<body role="document"<?php
|
<body role="document" data-compression="<?php echo rawurlencode($COMPRESSION); ?>"<?php
|
||||||
if ($isCpct):
|
$class = array();
|
||||||
?> class="navbar-spacing"<?php
|
if ($isCpct) {
|
||||||
endif;
|
$class[] = 'navbar-spacing';
|
||||||
if ($isDark):
|
}
|
||||||
?> class="dark-theme"<?php
|
if ($isDark) {
|
||||||
endif;
|
$class[] = 'dark-theme';
|
||||||
|
}
|
||||||
|
if (count($class)) {
|
||||||
|
echo ' class="', implode(' ', $class), '"';
|
||||||
|
}
|
||||||
?>>
|
?>>
|
||||||
<div id="passwordmodal" tabindex="-1" class="modal fade" role="dialog" aria-hidden="true">
|
<div id="passwordmodal" tabindex="-1" class="modal fade" role="dialog" aria-hidden="true">
|
||||||
<div class="modal-dialog" role="document">
|
<div class="modal-dialog" role="document">
|
||||||
|
|
|
@ -50,7 +50,7 @@ if ($MARKDOWN):
|
||||||
endif;
|
endif;
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-qbbaN+vdcDPfAPXaU1pMI1MzHrjZNKRwgx/l7jE1Ma1ebJ8K7GhoKbOrqPi/xkYOrWPE94tBxvSxuvqe6czAqA==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-wrACqkssPbx5b/OLzM+ZxUP8L1AmdG+aYefO4uFG8GedXxic3R4ICkWsrPL7jYbwLzzdmnmuIYc58JhCSVh28Q==" crossorigin="anonymous"></script>
|
||||||
<!--[if IE]>
|
<!--[if IE]>
|
||||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
|
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
|
||||||
<![endif]-->
|
<![endif]-->
|
||||||
|
@ -63,7 +63,7 @@ endif;
|
||||||
<meta name="msapplication-config" content="browserconfig.xml">
|
<meta name="msapplication-config" content="browserconfig.xml">
|
||||||
<meta name="theme-color" content="#ffe57e" />
|
<meta name="theme-color" content="#ffe57e" />
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body data-compression="<?php echo rawurlencode($COMPRESSION); ?>">
|
||||||
<header>
|
<header>
|
||||||
<div id="aboutbox">
|
<div id="aboutbox">
|
||||||
<?php echo I18n::_('%s is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted <i>in the browser</i> using 256 bits AES. More information on the <a href="https://privatebin.info/">project page</a>.', I18n::_($NAME)); ?><br />
|
<?php echo I18n::_('%s is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted <i>in the browser</i> using 256 bits AES. More information on the <a href="https://privatebin.info/">project page</a>.', I18n::_($NAME)); ?><br />
|
||||||
|
|
|
@ -56,6 +56,7 @@ class ViewTest extends PHPUnit_Framework_TestCase
|
||||||
$page->assign('URLSHORTENER', '');
|
$page->assign('URLSHORTENER', '');
|
||||||
$page->assign('QRCODE', true);
|
$page->assign('QRCODE', true);
|
||||||
$page->assign('HTTPWARNING', true);
|
$page->assign('HTTPWARNING', true);
|
||||||
|
$page->assign('COMPRESSION', 'zlib');
|
||||||
|
|
||||||
$dir = dir(PATH . 'tpl');
|
$dir = dir(PATH . 'tpl');
|
||||||
while (false !== ($file = $dir->read())) {
|
while (false !== ($file = $dir->read())) {
|
||||||
|
|
Loading…
Reference in a new issue