made compression configurable, fixes #38

This commit is contained in:
El RIDO 2019-06-23 19:45:40 +02:00
parent 848d3563f4
commit c2e060d464
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
8 changed files with 35 additions and 21 deletions

View file

@ -3,6 +3,7 @@
* **1.3 (not yet released)** * **1.3 (not yet released)**
* ADDED: Translation for Czech (#424) * ADDED: Translation for Czech (#424)
* ADDED: Threat modeled the application (#177) * ADDED: Threat modeled the application (#177)
* ADDED: Made compression configurable (#38)
* CHANGED: Minimum required PHP version is 5.5, due to a change in the identicon library * CHANGED: Minimum required PHP version is 5.5, due to a change in the identicon library
* CHANGED: Minimum required browser versions are Firefox 54, Chrome 57, Opera 44, Safari 11, Edge 16, due to use of WebCrypto API, async/await, ES6 & WebAssembly features - all Internet Explorer versions are incompatible * CHANGED: Minimum required browser versions are Firefox 54, Chrome 57, Opera 44, Safari 11, Edge 16, due to use of WebCrypto API, async/await, ES6 & WebAssembly features - all Internet Explorer versions are incompatible
* CHANGED: JSON and encryption formats were changed to replace SJCL library by browser integrated WebCrypto API (#28, #74) * CHANGED: JSON and encryption formats were changed to replace SJCL library by browser integrated WebCrypto API (#28, #74)

View file

@ -75,13 +75,19 @@ languageselection = false
; stay compatible with PrivateBin Alpha 0.19, less secure ; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of ; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
; sha256 in HMAC for the deletion token ; sha256 in HMAC for the deletion token
zerobincompatibility = false ; zerobincompatibility = false
; Enable or disable the warning message when the site is served over an insecure connection (insecure HTTP instead of HTTPS), defaults to true. ; Enable or disable the warning message when the site is served over an insecure
; connection (insecure HTTP instead of HTTPS), defaults to true.
; Secure transport methods like Tor and I2P domains are automatically whitelisted. ; Secure transport methods like Tor and I2P domains are automatically whitelisted.
; It is **strongly discouraged** to disable this. ; It is **strongly discouraged** to disable this.
; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information. ; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information.
httpwarning = true ; httpwarning = true
; Pick compression algorithm or disable it. Only applies to pastes/comments
; created after changing the setting.
; Can be set to one these values: none / zlib (default).
; compression = zlib
[expire] [expire]
; expire value that is selected per default ; expire value that is selected per default

View file

@ -941,14 +941,14 @@ jQuery.PrivateBin = (function($, RawDeflate) {
// AES in Galois Counter Mode, keysize 256 bit, // AES in Galois Counter Mode, keysize 256 bit,
// authentication tag 128 bit, 10000 iterations in key derivation // authentication tag 128 bit, 10000 iterations in key derivation
const spec = [ const spec = [
getRandomBytes(16), // initialization vector getRandomBytes(16), // initialization vector
getRandomBytes(8), // salt getRandomBytes(8), // salt
100000, // iterations 100000, // iterations
256, // key size 256, // key size
128, // tag size 128, // tag size
'aes', // algorithm 'aes', // algorithm
'gcm', // algorithm mode 'gcm', // algorithm mode
'zlib' // compression $('body').data('compression') || 'zlib' // compression
], encodedSpec = []; ], encodedSpec = [];
for (let i = 0; i < spec.length; ++i) { for (let i = 0; i < spec.length; ++i) {
encodedSpec[i] = i < 2 ? btoa(spec[i]) : spec[i]; encodedSpec[i] = i < 2 ? btoa(spec[i]) : spec[i];

View file

@ -56,6 +56,7 @@ class Configuration
'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; Referrer-Policy: \'no-referrer\'; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals', 'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; Referrer-Policy: \'no-referrer\'; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals',
'zerobincompatibility' => false, 'zerobincompatibility' => false,
'httpwarning' => true, 'httpwarning' => true,
'compression' => 'zlib',
), ),
'expire' => array( 'expire' => array(
'default' => '1week', 'default' => '1week',

View file

@ -387,6 +387,7 @@ class Controller
$page->assign('URLSHORTENER', $this->_conf->getKey('urlshortener')); $page->assign('URLSHORTENER', $this->_conf->getKey('urlshortener'));
$page->assign('QRCODE', $this->_conf->getKey('qrcode')); $page->assign('QRCODE', $this->_conf->getKey('qrcode'));
$page->assign('HTTPWARNING', $this->_conf->getKey('httpwarning')); $page->assign('HTTPWARNING', $this->_conf->getKey('httpwarning'));
$page->assign('COMPRESSION', $this->_conf->getKey('compression'));
$page->draw($this->_conf->getKey('template')); $page->draw($this->_conf->getKey('template'));
} }

View file

@ -72,7 +72,7 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-qbbaN+vdcDPfAPXaU1pMI1MzHrjZNKRwgx/l7jE1Ma1ebJ8K7GhoKbOrqPi/xkYOrWPE94tBxvSxuvqe6czAqA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-wrACqkssPbx5b/OLzM+ZxUP8L1AmdG+aYefO4uFG8GedXxic3R4ICkWsrPL7jYbwLzzdmnmuIYc58JhCSVh28Q==" crossorigin="anonymous"></script>
<!--[if IE]> <!--[if IE]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
<![endif]--> <![endif]-->
@ -85,13 +85,17 @@ endif;
<meta name="msapplication-config" content="browserconfig.xml"> <meta name="msapplication-config" content="browserconfig.xml">
<meta name="theme-color" content="#ffe57e" /> <meta name="theme-color" content="#ffe57e" />
</head> </head>
<body role="document"<?php <body role="document" data-compression="<?php echo rawurlencode($COMPRESSION); ?>"<?php
if ($isCpct): $class = array();
?> class="navbar-spacing"<?php if ($isCpct) {
endif; $class[] = 'navbar-spacing';
if ($isDark): }
?> class="dark-theme"<?php if ($isDark) {
endif; $class[] = 'dark-theme';
}
if (count($class)) {
echo ' class="', implode(' ', $class), '"';
}
?>> ?>>
<div id="passwordmodal" tabindex="-1" class="modal fade" role="dialog" aria-hidden="true"> <div id="passwordmodal" tabindex="-1" class="modal fade" role="dialog" aria-hidden="true">
<div class="modal-dialog" role="document"> <div class="modal-dialog" role="document">

View file

@ -50,7 +50,7 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-qbbaN+vdcDPfAPXaU1pMI1MzHrjZNKRwgx/l7jE1Ma1ebJ8K7GhoKbOrqPi/xkYOrWPE94tBxvSxuvqe6czAqA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-wrACqkssPbx5b/OLzM+ZxUP8L1AmdG+aYefO4uFG8GedXxic3R4ICkWsrPL7jYbwLzzdmnmuIYc58JhCSVh28Q==" crossorigin="anonymous"></script>
<!--[if IE]> <!--[if IE]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
<![endif]--> <![endif]-->
@ -63,7 +63,7 @@ endif;
<meta name="msapplication-config" content="browserconfig.xml"> <meta name="msapplication-config" content="browserconfig.xml">
<meta name="theme-color" content="#ffe57e" /> <meta name="theme-color" content="#ffe57e" />
</head> </head>
<body> <body data-compression="<?php echo rawurlencode($COMPRESSION); ?>">
<header> <header>
<div id="aboutbox"> <div id="aboutbox">
<?php echo I18n::_('%s is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted <i>in the browser</i> using 256 bits AES. More information on the <a href="https://privatebin.info/">project page</a>.', I18n::_($NAME)); ?><br /> <?php echo I18n::_('%s is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted <i>in the browser</i> using 256 bits AES. More information on the <a href="https://privatebin.info/">project page</a>.', I18n::_($NAME)); ?><br />

View file

@ -56,6 +56,7 @@ class ViewTest extends PHPUnit_Framework_TestCase
$page->assign('URLSHORTENER', ''); $page->assign('URLSHORTENER', '');
$page->assign('QRCODE', true); $page->assign('QRCODE', true);
$page->assign('HTTPWARNING', true); $page->assign('HTTPWARNING', true);
$page->assign('COMPRESSION', 'zlib');
$dir = dir(PATH . 'tpl'); $dir = dir(PATH . 'tpl');
while (false !== ($file = $dir->read())) { while (false !== ($file = $dir->read())) {