Merge branch 'master' into security-md
This commit is contained in:
commit
c8a9038f27
134 changed files with 6497 additions and 4515 deletions
|
@ -1,3 +1,6 @@
|
|||
parserOptions:
|
||||
ecmaVersion: 2017
|
||||
|
||||
ecmaFeatures:
|
||||
modules: true
|
||||
jsx: true
|
||||
|
@ -10,7 +13,6 @@ env:
|
|||
node: true
|
||||
|
||||
globals:
|
||||
sjcl: false
|
||||
DOMPurify: false
|
||||
after: true
|
||||
before: true
|
||||
|
|
8
.gitattributes
vendored
8
.gitattributes
vendored
|
@ -1,10 +1,11 @@
|
|||
doc/ export-ignore
|
||||
tst/ export-ignore
|
||||
js/.istanbul.yml export-ignore
|
||||
js/.nycrc.yml export-ignore
|
||||
js/common.js export-ignore
|
||||
js/test/ export-ignore
|
||||
.codeclimate.yml export-ignore
|
||||
.csslintrc export-ignore
|
||||
.dockerignore export-ignore
|
||||
.editorconfig export-ignore
|
||||
.eslintignore export-ignore
|
||||
.eslintrc export-ignore
|
||||
|
@ -16,7 +17,6 @@ js/test/ export-ignore
|
|||
.php_cs export-ignore
|
||||
.styleci.yml export-ignore
|
||||
.travis.yml export-ignore
|
||||
Dockerfile export-ignore
|
||||
docker-compose.yml export-ignore
|
||||
docker/ export-ignore
|
||||
composer.json export-ignore
|
||||
BADGES.md export-ignore
|
||||
CODE_OF_CONDUCT.md export-ignore
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
"bitwise": true,
|
||||
"curly": true,
|
||||
"eqeqeq": true,
|
||||
"esversion": 5,
|
||||
"esversion": 6,
|
||||
"forin": true,
|
||||
"freeze": true,
|
||||
"futurehostile": true,
|
||||
|
@ -39,7 +39,6 @@
|
|||
"window": true
|
||||
},
|
||||
"globals": {
|
||||
"sjcl": true,
|
||||
"DOMPurify": true,
|
||||
"kjua": true
|
||||
}
|
||||
|
|
10
.travis.yml
10
.travis.yml
|
@ -1,22 +1,22 @@
|
|||
language: php
|
||||
sudo: false
|
||||
php:
|
||||
- '5.4'
|
||||
- '5.5'
|
||||
- '5.6'
|
||||
- '7.0'
|
||||
- '7.1'
|
||||
- '7.2'
|
||||
- '7.3'
|
||||
|
||||
# as this is a php project, node.js v4 (for JS unit testing) isn't installed
|
||||
# as this is a php project, node.js (for JS unit testing) isn't installed
|
||||
install:
|
||||
- if [ ! -d "$HOME/.nvm" ]; then mkdir -p $HOME/.nvm && curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.8/install.sh | NVM_METHOD=script bash; fi
|
||||
- source ~/.nvm/nvm.sh && nvm install 10
|
||||
- if [ ! -d "$HOME/.nvm" ]; then mkdir -p $HOME/.nvm && curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.34.0/install.sh | NVM_METHOD=script bash; fi
|
||||
- source ~/.nvm/nvm.sh && nvm install --lts
|
||||
|
||||
before_script:
|
||||
- composer install -n
|
||||
- npm install -g mocha
|
||||
- cd js && npm install jsverify jsdom@9 jsdom-global@2 mime-types
|
||||
- cd js && npm install
|
||||
|
||||
script:
|
||||
- mocha
|
||||
|
|
9
BADGES.md
Normal file
9
BADGES.md
Normal file
|
@ -0,0 +1,9 @@
|
|||
# Badges
|
||||
|
||||
[![Build Status](https://travis-ci.org/PrivateBin/PrivateBin.svg?branch=master)](https://travis-ci.org/PrivateBin/PrivateBin) [![Build Status](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/badges/build.png?b=master)](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/build-status/master)
|
||||
[![Codacy Badge](https://api.codacy.com/project/badge/Grade/094500f62abf4c9aa0c8a8a4520e4789)](https://www.codacy.com/app/PrivateBin/PrivateBin)
|
||||
[![Code Climate](https://codeclimate.com/github/PrivateBin/PrivateBin/badges/gpa.svg)](https://codeclimate.com/github/PrivateBin/PrivateBin)
|
||||
[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/?branch=master)
|
||||
[![SensioLabsInsight](https://insight.sensiolabs.com/projects/57c9e74e-c6f9-4de6-a876-df66ec2ea1ff/mini.png)](https://insight.sensiolabs.com/projects/57c9e74e-c6f9-4de6-a876-df66ec2ea1ff)
|
||||
[![Codacy Badge](https://api.codacy.com/project/badge/Coverage/094500f62abf4c9aa0c8a8a4520e4789)](https://www.codacy.com/app/PrivateBin/PrivateBin)
|
||||
[![Test Coverage](https://codeclimate.com/github/PrivateBin/PrivateBin/badges/coverage.svg)](https://codeclimate.com/github/PrivateBin/PrivateBin/coverage) [![Code Coverage](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/badges/coverage.png?b=master)](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/?branch=master)
|
22
CHANGELOG.md
22
CHANGELOG.md
|
@ -1,6 +1,26 @@
|
|||
# PrivateBin version history
|
||||
|
||||
* **1.3 (not yet released)**
|
||||
* **1.4 (not yet released)**
|
||||
* ADDED: Translation for Bulgarian (#455)
|
||||
* **1.3 (2019-07-09)**
|
||||
* ADDED: Translation for Czech (#424)
|
||||
* ADDED: Threat modeled the application (#177)
|
||||
* ADDED: Made compression configurable (#38)
|
||||
* CHANGED: Minimum required PHP version is 5.5, due to a change in the identicon library
|
||||
* CHANGED: Minimum required browser versions are Firefox 54, Chrome 57, Opera 44, Safari 11, Edge 16, due to use of WebCrypto API, async/await, ES6 & WebAssembly features - all Internet Explorer versions are incompatible
|
||||
* CHANGED: JSON and encryption formats were changed to replace SJCL library by browser integrated WebCrypto API (#28, #74)
|
||||
* CHANGED: Replaced rawdeflate.js with zlib.wasm to resolve decompression failures and gain compatibility with standard deflate implementations (#193, #260, #328, #434, #440)
|
||||
* CHANGED: Increase PBKDF2 iterations to 100k (#350)
|
||||
* CHANGED: Replaced last use of MD5 with Fowler–Noll–Vo checksum which produces the exact length we need for the paste ID (#49)
|
||||
* CHANGED: Simplified some PHP code & renamed PrivateBin class into Controller, to make MVC pattern use more obvious (#342)
|
||||
* CHANGED: Upgrading libraries to: identicon 1.2.0, random_compat 2.0.18, jQuery 3.4.1, Showdown 1.9.0, DOMpurify 1.0.11 & kjua 0.6.0
|
||||
* FIXED: Prevent Chrome from sending content of paste to Google for translation (#378)
|
||||
* FIXED: To support attachments larger then 2 MiB in newer Chrome versions, we switched to blob instead of data URIs (#432)
|
||||
* FIXED: Since Outlook strips trailing equal signs in links, the key in URL hash is now base58 encoded, instead of base64 (#377)
|
||||
* FIXED: Facebooks started injecting parameters into shared URLs for tracking that lead to inaccessible pastes (#396)
|
||||
* FIXED: Properly escaped HTML in raw text mode (#358)
|
||||
* FIXED: Made download links better readable in the dark bootstrap theme (#364)
|
||||
* FIXED: Allow Letsencrypt bot to access on apache servers (#413)
|
||||
* **1.2.1 (2018-08-11)**
|
||||
* ADDED: Add support for mega.nz links in pastes and comments (#331)
|
||||
* CHANGED: Added some missing Russian translations (#348)
|
||||
|
|
9
CODE_OF_CONDUCT.md
Normal file
9
CODE_OF_CONDUCT.md
Normal file
|
@ -0,0 +1,9 @@
|
|||
# Netiquette
|
||||
|
||||
As suggested by the current project hoster, we are hereby referring to
|
||||
[RFC 1855](https://tools.ietf.org/html/rfc1855) as a minimum set of guidelines
|
||||
of Network Etiquette for individuals interacting on this project.
|
||||
|
||||
The maintainers of this project reserve the right to remove unlawful or
|
||||
disrupting content and block users that repeatedly disturb the project at their
|
||||
discretion.
|
|
@ -4,6 +4,7 @@
|
|||
|
||||
Simon Rupf - current developer and maintainer
|
||||
rugk - security review, doc improvment, JS refactoring & various other stuff
|
||||
R4SAS - python client, compression, blob URI to support larger attachments
|
||||
|
||||
## Past contributions
|
||||
|
||||
|
@ -12,7 +13,7 @@ Sébastien Sauvage - original idea and main developer
|
|||
* Alexey Gladkov - syntax highlighting
|
||||
* Greg Knaddison - robots.txt
|
||||
* MrKooky - HTML5 markup, CSS cleanup
|
||||
* Simon Rupf - MVC refactoring, configuration, i18n and unit tests
|
||||
* Simon Rupf - WebCrypto, unit tests, current docker containers, MVC, configuration, i18n
|
||||
* Hexalyse - Password protection
|
||||
* Viktor Stanchev - File upload support
|
||||
* azlux - Tab character input support
|
||||
|
@ -21,8 +22,9 @@ Sébastien Sauvage - original idea and main developer
|
|||
* Sobak - PSR-4 and PSR-2 refactoring
|
||||
* Nathaniel Olsen - jQuery upgrade
|
||||
* Alexander Demenshin - modal password dialog
|
||||
* PunKeel - Dockerfile
|
||||
* PunKeel - first docker container
|
||||
* thororm - Display of video, audio & PDF, drag & drop, preview of attachments
|
||||
* Harald Leithner - base58 encoding of key
|
||||
|
||||
## Translations
|
||||
* Hexalyse - French
|
||||
|
@ -39,3 +41,5 @@ Sébastien Sauvage - original idea and main developer
|
|||
* Tulio Leao - Portuguese
|
||||
* Michael van Schaik - Dutch
|
||||
* Péter Tabajdi - Hungarian
|
||||
* info-path - Czech
|
||||
* BigWax - Bulgarian
|
|
@ -11,7 +11,7 @@ options](#configuration) to adjust as you see fit.
|
|||
|
||||
### Minimal requirements
|
||||
|
||||
- PHP version 5.4 or above
|
||||
- PHP version 5.5 or above
|
||||
- _one_ of the following sources of cryptographically safe randomness is required:
|
||||
- PHP 7 or higher
|
||||
- [Libsodium](https://download.libsodium.org/libsodium/content/installation/) and it's [PHP extension](https://paragonie.com/book/pecl-libsodium/read/00-intro.md#installing-libsodium)
|
||||
|
@ -165,7 +165,7 @@ CREATE INDEX parent ON prefix_comment(pasteid);
|
|||
CREATE TABLE prefix_config (
|
||||
id CHAR(16) NOT NULL, value TEXT, PRIMARY KEY (id)
|
||||
);
|
||||
INSERT INTO prefix_config VALUES('VERSION', '1.2.1');
|
||||
INSERT INTO prefix_config VALUES('VERSION', '1.3');
|
||||
```
|
||||
|
||||
In **PostgreSQL**, the data, attachment, nickname and vizhash columns needs to be TEXT and not BLOB or MEDIUMBLOB.
|
||||
|
|
66
LICENSE.md
66
LICENSE.md
|
@ -2,15 +2,15 @@
|
|||
|
||||
PrivateBin consists of PHP and JS code which was originally written by Sébastien
|
||||
Sauvage in 2012 and falls unter the Zlib/libpng license. Also included are
|
||||
libraries that fall under the GPLv2 (SJCL, rawinflate, rawdeflate), BSD
|
||||
2-clause (SJCL), BSD 3-clause (base64.js version 2.1.9, Showdown), MIT
|
||||
libraries that fall under the GPLv2 (rawinflate), BSD 3-clause (Showdown), MIT
|
||||
(base64.js version 1.7, Bootstrap, Identicon, random_compat, composer, kjua,
|
||||
base-x), Apache (prettify.js) and CC-BY (favicon, icon, logo) licenses. All of
|
||||
these license terms can be found here below:
|
||||
|
||||
## Zlib/libpng license for PrivateBin
|
||||
## Zlib/libpng license for PrivateBin and zlib
|
||||
|
||||
Copyright © 2012 Sébastien Sauvage
|
||||
Copyright © 1995-2017 Jean-loup Gailly and Mark Adler
|
||||
|
||||
This software is provided 'as-is', without any express or implied warranty. In
|
||||
no event will the authors be held liable for any damages arising from the use
|
||||
|
@ -30,7 +30,7 @@ the following restrictions:
|
|||
|
||||
3. This notice may not be removed or altered from any source distribution.
|
||||
|
||||
## GNU General Public License, version 2.0, for SJCL, rawdeflate and rawinflate
|
||||
## GNU General Public License, version 2.0, for rawinflate
|
||||
|
||||
_Version 2, June 1991_
|
||||
_Copyright © 1989, 1991 Free Software Foundation, Inc.,_
|
||||
|
@ -307,31 +307,6 @@ POSSIBILITY OF SUCH DAMAGES.
|
|||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
## BSD 2-Clause License for SJCL
|
||||
|
||||
_Copyright © 2009-2015, Emily Stark, Mike Hamburg and Dan Boneh at Stanford University._
|
||||
_All rights reserved._
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are met:
|
||||
|
||||
1. Redistributions of source code must retain the above copyright notice, this
|
||||
list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright notice,
|
||||
this list of conditions and the following disclaimer in the documentation
|
||||
and/or other materials provided with the distribution.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND
|
||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
|
||||
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
||||
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
## BSD 3-Clause License for Showdown
|
||||
|
||||
Showdown Copyright © 2007, John Fraser
|
||||
|
@ -367,38 +342,7 @@ any theory of liability, whether in contract, strict liability, or tort
|
|||
(including negligence or otherwise) arising in any way out of the use of this
|
||||
software, even if advised of the possibility of such damage.
|
||||
|
||||
## BSD 3-Clause License for base64.js version 2.1.9
|
||||
|
||||
Copyright © 2014, Dan Kogai
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are met:
|
||||
|
||||
* Redistributions of source code must retain the above copyright notice, this
|
||||
list of conditions and the following disclaimer.
|
||||
|
||||
* Redistributions in binary form must reproduce the above copyright notice,
|
||||
this list of conditions and the following disclaimer in the documentation
|
||||
and/or other materials provided with the distribution.
|
||||
|
||||
* Neither the name of base64.js nor the names of its contributors may be used
|
||||
to endorse or promote products derived from this software without specific
|
||||
prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
||||
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
|
||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
||||
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||||
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
||||
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
## MIT License for base64.js version 1.7, Bootstrap, Identicon, random_compat,
|
||||
## Composer, kjua and base-x
|
||||
## MIT License for base64.js version 1.7, Bootstrap, Identicon, random_compat, Composer, kjua and base-x
|
||||
|
||||
Copyright © 2012 Dan Kogai
|
||||
Copyright © 2011-2016 Twitter, Inc.
|
||||
|
|
11
README.md
11
README.md
|
@ -1,13 +1,6 @@
|
|||
# [<img alt="PrivateBin" src="https://cdn.rawgit.com/PrivateBin/assets/master/images/minified/logo.svg" width="500" />](https://privatebin.info/)
|
||||
[![Build Status](https://travis-ci.org/PrivateBin/PrivateBin.svg?branch=master)](https://travis-ci.org/PrivateBin/PrivateBin) [![Build Status](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/badges/build.png?b=master)](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/build-status/master)
|
||||
[![Codacy Badge](https://api.codacy.com/project/badge/Grade/094500f62abf4c9aa0c8a8a4520e4789)](https://www.codacy.com/app/PrivateBin/PrivateBin)
|
||||
[![Code Climate](https://codeclimate.com/github/PrivateBin/PrivateBin/badges/gpa.svg)](https://codeclimate.com/github/PrivateBin/PrivateBin)
|
||||
[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/?branch=master)
|
||||
[![SensioLabsInsight](https://insight.sensiolabs.com/projects/57c9e74e-c6f9-4de6-a876-df66ec2ea1ff/mini.png)](https://insight.sensiolabs.com/projects/57c9e74e-c6f9-4de6-a876-df66ec2ea1ff)
|
||||
[![Codacy Badge](https://api.codacy.com/project/badge/Coverage/094500f62abf4c9aa0c8a8a4520e4789)](https://www.codacy.com/app/PrivateBin/PrivateBin)
|
||||
[![Test Coverage](https://codeclimate.com/github/PrivateBin/PrivateBin/badges/coverage.svg)](https://codeclimate.com/github/PrivateBin/PrivateBin/coverage) [![Code Coverage](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/badges/coverage.png?b=master)](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/?branch=master)
|
||||
# [![PrivateBin](https://cdn.rawgit.com/PrivateBin/assets/master/images/preview/logoSmall.png)](https://privatebin.info/)
|
||||
|
||||
*Current version: 1.2.1*
|
||||
*Current version: 1.3*
|
||||
|
||||
**PrivateBin** is a minimalist, open source online [pastebin](https://en.wikipedia.org/wiki/Pastebin)
|
||||
where the server has zero knowledge of pasted data.
|
||||
|
|
|
@ -70,12 +70,24 @@ languageselection = false
|
|||
; Check the documentation at https://content-security-policy.com/
|
||||
; Note: If you use a bootstrap theme, you can remove the allow-popups from the sandbox restrictions.
|
||||
; By default this disallows to load images from third-party servers, e.g. when they are embedded in pastes. If you wish to allow that, you can adjust the policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images for details.
|
||||
; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; media-src data:; object-src data:; Referrer-Policy: 'no-referrer'; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals"
|
||||
; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals"
|
||||
|
||||
; stay compatible with PrivateBin Alpha 0.19, less secure
|
||||
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
|
||||
; sha256 in HMAC for the deletion token
|
||||
zerobincompatibility = false
|
||||
; zerobincompatibility = false
|
||||
|
||||
; Enable or disable the warning message when the site is served over an insecure
|
||||
; connection (insecure HTTP instead of HTTPS), defaults to true.
|
||||
; Secure transport methods like Tor and I2P domains are automatically whitelisted.
|
||||
; It is **strongly discouraged** to disable this.
|
||||
; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information.
|
||||
; httpwarning = true
|
||||
|
||||
; Pick compression algorithm or disable it. Only applies to pastes/comments
|
||||
; created after changing the setting.
|
||||
; Can be set to one these values: none / zlib (default).
|
||||
; compression = zlib
|
||||
|
||||
[expire]
|
||||
; expire value that is selected per default
|
||||
|
|
|
@ -2,19 +2,31 @@
|
|||
"name" : "privatebin/privatebin",
|
||||
"description" : "PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bit AES in Galois Counter mode (GCM).",
|
||||
"type" : "project",
|
||||
"keywords": ["private", "secure", "end-to-end-encrypted", "e2e", "paste", "pastebin", "zero", "zero-knowledge", "encryption", "encrypted", "AES"],
|
||||
"homepage": "https://github.com/PrivateBin",
|
||||
"keywords" : [
|
||||
"private",
|
||||
"secure",
|
||||
"end-to-end-encrypted",
|
||||
"e2e",
|
||||
"paste",
|
||||
"pastebin",
|
||||
"zero",
|
||||
"zero-knowledge",
|
||||
"encryption",
|
||||
"encrypted",
|
||||
"AES"
|
||||
],
|
||||
"homepage" : "https://privatebin.info/",
|
||||
"license" : "zlib-acknowledgement",
|
||||
"support" : {
|
||||
"issues" : "https://github.com/PrivateBin/PrivateBin/issues",
|
||||
"wiki" : "https://github.com/PrivateBin/PrivateBin/wiki",
|
||||
"source" : "https://github.com/PrivateBin/PrivateBin",
|
||||
"docs": "https://zerobin.dssr.ch/documentation/"
|
||||
"docs" : "https://privatebin.info/codedoc/"
|
||||
},
|
||||
"require" : {
|
||||
"php": "^5.4.0 || ^7.0",
|
||||
"paragonie/random_compat": "2.0.15",
|
||||
"yzalis/identicon": "1.1.0"
|
||||
"php" : "^5.5.0 || ^7.0",
|
||||
"paragonie/random_compat" : "2.0.18",
|
||||
"yzalis/identicon" : "1.2.0"
|
||||
},
|
||||
"require-dev" : {
|
||||
"codacy/coverage" : "dev-master",
|
||||
|
|
14
css/bootstrap/bootstrap-3.3.5.css
vendored
14
css/bootstrap/bootstrap-3.3.5.css
vendored
File diff suppressed because one or more lines are too long
5
css/bootstrap/bootstrap-3.4.1.css
vendored
Normal file
5
css/bootstrap/bootstrap-3.4.1.css
vendored
Normal file
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -315,8 +315,8 @@ th {
|
|||
}
|
||||
@font-face {
|
||||
font-family: 'Glyphicons Halflings';
|
||||
src: url(fonts/../fonts/glyphicons-halflings-regular.eot?1445975532);
|
||||
src: url(fonts/../fonts/glyphicons-halflings-regular.eot?&1445975532#iefix) format("embedded-opentype"), url(fonts/../fonts/glyphicons-halflings-regular.woff2?1445975532) format("woff2"), url(fonts/../fonts/glyphicons-halflings-regular.woff?1445975532) format("woff"), url(fonts/../fonts/glyphicons-halflings-regular.ttf?1445975532) format("truetype"), url(fonts/../fonts/glyphicons-halflings-regular.svg?1445975532#glyphicons_halflingsregular) format("svg");
|
||||
src: url(fonts/glyphicons-halflings-regular.eot?1445975532);
|
||||
src: url(fonts/glyphicons-halflings-regular.eot?&1445975532#iefix) format("embedded-opentype"), url(fonts/glyphicons-halflings-regular.woff2?1445975532) format("woff2"), url(fonts/glyphicons-halflings-regular.woff?1445975532) format("woff"), url(fonts/glyphicons-halflings-regular.ttf?1445975532) format("truetype"), url(fonts/glyphicons-halflings-regular.svg?1445975532#glyphicons_halflingsregular) format("svg");
|
||||
}
|
||||
.glyphicon {
|
||||
position: relative;
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
body {
|
||||
|
@ -86,7 +86,6 @@ body.loading {
|
|||
display:inline;
|
||||
}
|
||||
|
||||
|
||||
#deletelink {
|
||||
float: right;
|
||||
margin-left: 5px;
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
/* When there is no script at all other */
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
/* CSS Reset from YUI 3.4.1 (build 4118) - Copyright 2011 Yahoo! Inc. All rights reserved.
|
||||
|
@ -290,9 +290,9 @@ input {
|
|||
|
||||
#ienotice a { color: #000; }
|
||||
|
||||
#oldienotice { display: none; }
|
||||
#oldnotice, #httpnotice { display: none; }
|
||||
|
||||
.errorMessage {
|
||||
#errormessage, .errorMessage {
|
||||
background-color: #f77 !important;
|
||||
color:#ff0;
|
||||
}
|
||||
|
|
|
@ -20,7 +20,7 @@ $ sudo pear install phpdoc/phpDocumentor
|
|||
To generate the documentation, change into the main directory and run phpdoc:
|
||||
```console
|
||||
$ cd PrivateBin
|
||||
$ phpdoc -t doc/phpdoc -d lib/
|
||||
$ phpdoc --visibility public,protected,private -t doc/phpdoc -d lib/
|
||||
```
|
||||
|
||||
**Note:** When used with PHP 7, the prerelease of phpDocumentator 2.9 needs to be
|
||||
|
@ -55,6 +55,6 @@ $ ln -s /usr/bin/nodejs /usr/local/bin/node
|
|||
To generate the documentation, change into the main directory and run phpdoc:
|
||||
```console
|
||||
$ cd PrivateBin
|
||||
$ jsdoc -d doc/jsdoc js/privatebin.js
|
||||
$ jsdoc -p -d doc/jsdoc js/privatebin.js
|
||||
```
|
||||
|
||||
|
|
165
i18n/bg.json
Normal file
165
i18n/bg.json
Normal file
|
@ -0,0 +1,165 @@
|
|||
{
|
||||
"PrivateBin": "PrivateBin",
|
||||
"%s is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted <i>in the browser</i> using 256 bits AES. More information on the <a href=\"https://privatebin.info/\">project page</a>.":
|
||||
"%s е изчистен и изцяло достъпен като отворен код, онлайн \"paste\" услуга, където сървъра не знае подадената информация. Тя се шифрова/дешифрова <i>във браузъра</i> използвайки 256 битов AES алгоритъм. Повече информация може да намерите на <a href=\"https://privatebin.info/\">страницата на проекта (Английски)</a>",
|
||||
"Because ignorance is bliss":
|
||||
"Невежеството е блаженство",
|
||||
"en": "bg",
|
||||
"Paste does not exist, has expired or has been deleted.":
|
||||
"Информацията не съществува, срокът и е изтекъл или е била изтрита.",
|
||||
"%s requires php %s or above to work. Sorry.":
|
||||
"%s има нужда от PHP %s или по-нова, за да работи. Съжалявам.",
|
||||
"%s requires configuration section [%s] to be present in configuration file.":
|
||||
"%s задължава отдела от настройките [%s] да съществува във файла със настройките.",
|
||||
"Please wait %d seconds between each post.":
|
||||
"Моля изчакайте %d секунди между всяка публикация.",
|
||||
"Paste is limited to %s of encrypted data.":
|
||||
"Съдържанието е ограничено до %s криптирана информация.",
|
||||
"Invalid data.":
|
||||
"Невалидна информация.",
|
||||
"You are unlucky. Try again.":
|
||||
"Нямаш късмет. Пробвай отново.",
|
||||
"Error saving comment. Sorry.":
|
||||
"Грешка в запазването на коментара. Съжалявам.",
|
||||
"Error saving paste. Sorry.":
|
||||
"Грешка в записването на информацията. Съжалявам.",
|
||||
"Invalid paste ID.":
|
||||
"Невалиден идентификационен код.",
|
||||
"Paste is not of burn-after-reading type.":
|
||||
"Информацията не е от тип \"унищожаване след преглед\".",
|
||||
"Wrong deletion token. Paste was not deleted.":
|
||||
"Невалиден код за изтриване. Информацията Ви не беше изтрита.",
|
||||
"Paste was properly deleted.":
|
||||
"Информацията Ви е изтрита.",
|
||||
"JavaScript is required for %s to work.<br />Sorry for the inconvenience.":
|
||||
"Услугата %s се нуждае от JavaScript, за да работи.<br />Съжаляваме за неудобството.",
|
||||
"%s requires a modern browser to work.":
|
||||
"%s се нуждае от съвременен браузър за да работи.",
|
||||
"Still using Internet Explorer? Do yourself a favor, switch to a modern browser:":
|
||||
"Все още използваш Internet Explorer? Направи си услуга и го смени с модерен браузър:",
|
||||
"New":
|
||||
"Създаване",
|
||||
"Send":
|
||||
"Изпрати",
|
||||
"Clone":
|
||||
"Дублирай",
|
||||
"Raw text":
|
||||
"Чист текст",
|
||||
"Expires":
|
||||
"Изтича",
|
||||
"Burn after reading":
|
||||
"Унищожи след преглед",
|
||||
"Open discussion":
|
||||
"Отворена дискусия",
|
||||
"Password (recommended)":
|
||||
"Парола (препоръчва се)",
|
||||
"Discussion":
|
||||
"Коментари",
|
||||
"Toggle navigation":
|
||||
"Включи или Изключи навигацията",
|
||||
"%d seconds": ["%d секунди", "%d секунда"],
|
||||
"%d minutes": ["%d минути", "%d минута"],
|
||||
"%d hours": ["%d часа", "%d час"],
|
||||
"%d days": ["%d дни", "%d ден"],
|
||||
"%d weeks": ["%d седмици", "%d седмица"],
|
||||
"%d months": ["%d месеци", "%d месец"],
|
||||
"%d years": ["%d години", "%d година"],
|
||||
"Never":
|
||||
"Никога",
|
||||
"Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service.":
|
||||
"Забележка: Това е пробна услуга: Информацията може да бъде изтрита по всяко време. Котета ще измрат ако злоупотребиш с услугата.",
|
||||
"This document will expire in %d seconds.":
|
||||
["Този документ изтича след една секунда.", "Този документ изтича след %d секунди."],
|
||||
"This document will expire in %d minutes.":
|
||||
["Този документ изтича след една минута.", "Този документ изтича след %d минути."],
|
||||
"This document will expire in %d hours.":
|
||||
["Този документ изтича след един час.", "Този документ изтича след %d часа."],
|
||||
"This document will expire in %d days.":
|
||||
["Този документ изтича след един ден.", "Този документ изтича след %d дни."],
|
||||
"This document will expire in %d months.":
|
||||
["Този документ изтича след една година.", "Този документ изтича след %d години."],
|
||||
"Please enter the password for this paste:":
|
||||
"Моля въведете паролата за това съдържание:",
|
||||
"Could not decrypt data (Wrong key?)":
|
||||
"Информацията не можеше да се дешифрова (Грешен ключ?)",
|
||||
"Could not delete the paste, it was not stored in burn after reading mode.":
|
||||
"Изтриването на информацията беше неуспешно. Тя не е от тип \"унищожаване след преглед\".",
|
||||
"FOR YOUR EYES ONLY. Don't close this window, this message can't be displayed again.":
|
||||
"САМО ЗА ВАШИТЕ ОЧИ. Не затваряйте прозореца, понеже тази информация няма да може да бъде показана отново.",
|
||||
"Could not decrypt comment; Wrong key?":
|
||||
"Дешифроването на коментара беше неуспешно. Грешен ключ?",
|
||||
"Reply":
|
||||
"Отговор",
|
||||
"Anonymous":
|
||||
"Безименен",
|
||||
"Avatar generated from IP address":
|
||||
"Аватар (на базата на IP адреса Ви)",
|
||||
"Add comment":
|
||||
"Добави коментар",
|
||||
"Optional nickname…":
|
||||
"Избирателен псевдоним",
|
||||
"Post comment":
|
||||
"Публикувай коментара",
|
||||
"Sending comment…":
|
||||
"Изпращане на коментара Ви…",
|
||||
"Comment posted.":
|
||||
"Коментара Ви е публикуван.",
|
||||
"Could not refresh display: %s":
|
||||
"Презареждането на екрана беше неуспешно: %s",
|
||||
"unknown status":
|
||||
"Неизвестно състояние",
|
||||
"server error or not responding":
|
||||
"Грешка в сървъра или не отговаря",
|
||||
"Could not post comment: %s":
|
||||
"Публикуването на коментара Ви беше неуспешно: %s",
|
||||
"Sending paste…":
|
||||
"Изпращане на информацията Ви…",
|
||||
"Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>":
|
||||
"Вашата връзка е <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Натиснете [Ctrl]+[c] за да копирате)</span>",
|
||||
"Delete data":
|
||||
"Изтриване на информацията",
|
||||
"Could not create paste: %s":
|
||||
"Създаването на връзката ви беше неуспешно: %s",
|
||||
"Cannot decrypt paste: Decryption key missing in URL (Did you use a redirector or an URL shortener which strips part of the URL?)":
|
||||
"Дешифроването на информацията беше неуспешно: Ключа за декриптиране липсва във връзката (Да не сте използвали услуга за пренасочване или скъсяване на връзката, което би изрязало части от нея?)",
|
||||
"Format": "Format",
|
||||
"Plain Text": "Чист текст",
|
||||
"Source Code": "Изходен код",
|
||||
"Markdown": "Markdown",
|
||||
"Download attachment": "Свали прикачения файл",
|
||||
"Cloned: '%s'": "Дублирано: '%s'",
|
||||
"The cloned file '%s' was attached to this paste.": "Дублирания файл '%s' беше прикачен.",
|
||||
"Attach a file": "Прикачи файл",
|
||||
"alternatively drag & drop a file or paste an image from the clipboard": "Също можеш да пуснеш файла върху този прозорец или да поставиш изображение от клипборда",
|
||||
"File too large, to display a preview. Please download the attachment.": "Файла е твърде голям, за да се представи визуализация. Моля, свалете файла.",
|
||||
"Remove attachment": "Премахнете файла",
|
||||
"Your browser does not support uploading encrypted files. Please use a newer browser.":
|
||||
"Браузърът ви не поддържа прикачване на шифровани файлове. Моля, използвайте по-нов браузър",
|
||||
"Invalid attachment.": "Невалидно прикачване.",
|
||||
"Options": "Настройки",
|
||||
"Shorten URL": "Скъси връзката",
|
||||
"Editor": "Редактор",
|
||||
"Preview": "Визуализация",
|
||||
"%s requires the PATH to end in a \"%s\". Please update the PATH in your index.php.":
|
||||
"PATH трябва да е във края на \"%s\" за да може %s да работи правилно. Моля обновете PATH във вашият index.php .",
|
||||
"Decrypt":
|
||||
"Дешифровай",
|
||||
"Enter password":
|
||||
"Въведи паролата",
|
||||
"Loading…": "Зареждане…",
|
||||
"Decrypting paste…": "Дешифроване на информацията…",
|
||||
"Preparing new paste…": "Приготвяне на връзката Ви…",
|
||||
"In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.":
|
||||
"Във случай, че това съобщение не изчезне след време, моля прегледайте <a href=\"%s\">този FAQ (Английски)</a>, за информация, която би ви помогнала.",
|
||||
"+++ no paste text +++": "+++ няма текстово съдържание +++",
|
||||
"Could not get paste data: %s":
|
||||
"Взимането на информацията беше неуспешно: %s",
|
||||
"QR code": "QR код",
|
||||
"I love you too, bot…": "И аз те обичам, бот…",
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.":
|
||||
"Този сайт използва несигурна HTTP връзка. Моля използвайте само за проби.",
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.":
|
||||
"<a href=\"%s\">Вижте тази страница</a> за повече информация.",
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
|
||||
"Браузъра ви може да се нуждае от HTTPS връзка за да използва WebCrypto API. Пробвай <a href=\"%s\">да минеш на HTTPS</a>."
|
||||
}
|
165
i18n/cs.json
Normal file
165
i18n/cs.json
Normal file
|
@ -0,0 +1,165 @@
|
|||
{
|
||||
"PrivateBin": "PrivateBin",
|
||||
"%s is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted <i>in the browser</i> using 256 bits AES. More information on the <a href=\"https://privatebin.info/\">project page</a>.":
|
||||
"%s je minimalistický open source 'pastebin' server, který neanalyzuje vložená data. Data jsou šifrována <i>v prohlížeči</i> pomocí 256 bitů AES. Více informací na <a href=\"https://privatebin.info/\">stránce projetu</a>.",
|
||||
"Because ignorance is bliss":
|
||||
"Protože nevědomost je sladká",
|
||||
"en": "cs",
|
||||
"Paste does not exist, has expired or has been deleted.":
|
||||
"Vložený text neexistuje, expiroval nebo byl odstraněn.",
|
||||
"%s requires php %s or above to work. Sorry.":
|
||||
"%s vyžaduje php %s nebo vyšší. Lituji.",
|
||||
"%s requires configuration section [%s] to be present in configuration file.":
|
||||
"%s requires configuration section [%s] to be present in configuration file.",
|
||||
"Please wait %d seconds between each post.":
|
||||
"Počet sekund do dalšího příspěvku: %d.",
|
||||
"Paste is limited to %s of encrypted data.":
|
||||
"Příspěvek je limitován na %s šífrovaných dat",
|
||||
"Invalid data.":
|
||||
"Chybná data.",
|
||||
"You are unlucky. Try again.":
|
||||
"Lituji, zkuste to znovu.",
|
||||
"Error saving comment. Sorry.":
|
||||
"Chyba při ukládání komentáře.",
|
||||
"Error saving paste. Sorry.":
|
||||
"Chyba při ukládání příspěvku.",
|
||||
"Invalid paste ID.":
|
||||
"Chybně vložené ID.",
|
||||
"Paste is not of burn-after-reading type.":
|
||||
"Paste is not of burn-after-reading type.",
|
||||
"Wrong deletion token. Paste was not deleted.":
|
||||
"Wrong deletion token. Paste was not deleted.",
|
||||
"Paste was properly deleted.":
|
||||
"Paste was properly deleted.",
|
||||
"JavaScript is required for %s to work.<br />Sorry for the inconvenience.":
|
||||
"JavaScript is required for %s to work.<br />Sorry for the inconvenience.",
|
||||
"%s requires a modern browser to work.":
|
||||
"%%s requires a modern browser to work.",
|
||||
"Still using Internet Explorer? Do yourself a favor, switch to a modern browser:":
|
||||
"Still using Internet Explorer? Do yourself a favor, switch to a modern browser:",
|
||||
"New":
|
||||
"Nový",
|
||||
"Send":
|
||||
"Odeslat",
|
||||
"Clone":
|
||||
"Klonovat",
|
||||
"Raw text":
|
||||
"Pouze Text",
|
||||
"Expires":
|
||||
"Expirace",
|
||||
"Burn after reading":
|
||||
"Po přečtení smazat",
|
||||
"Open discussion":
|
||||
"Povolit komentáře",
|
||||
"Password (recommended)":
|
||||
"Heslo (doporučeno)",
|
||||
"Discussion":
|
||||
"Komentáře",
|
||||
"Toggle navigation":
|
||||
"Toggle navigation",
|
||||
"%d seconds": ["%d sekuda", "%d sekundy", "%d sekund"],
|
||||
"%d minutes": ["%d minuta", "%d minuty", "%d minut"],
|
||||
"%d hours": ["%d hodin", "%d hodiny", "%d hodin"],
|
||||
"%d days": ["%d den", "%d dny", "%d dní"],
|
||||
"%d weeks": ["%d týden", "%d týdeny", "%d týdnů"],
|
||||
"%d months": ["%d měsíc", "%d měsíce", "%d měsíců"],
|
||||
"%d years": ["%d rok", "%d roky", "%d roků"],
|
||||
"Never":
|
||||
"Nikdy",
|
||||
"Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service.":
|
||||
"Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service.",
|
||||
"This document will expire in %d seconds.":
|
||||
["Tento dokument expiruje za %d sekundu.", "Tento dokument expiruje za %d sekundy.", "Tento dokument expiruje za %d sekund."],
|
||||
"This document will expire in %d minutes.":
|
||||
["Tento dokument expiruje za %d minutu.", "Tento dokument expiruje za %d minuty.", "Tento dokument expiruje za %d minut."],
|
||||
"This document will expire in %d hours.":
|
||||
["Tento dokument expiruje za %d hodinu.", "Tento dokument expiruje za %d hodiny.", "Tento dokument expiruje za %d hodin."],
|
||||
"This document will expire in %d days.":
|
||||
["Tento dokument expiruje za %d den.", "Tento dokument expiruje za %d dny.", "Tento dokument expiruje za %d dny."],
|
||||
"This document will expire in %d months.":
|
||||
["Tento dokument expiruje za %d měsíc.", "Tento dokument expiruje za %d měsíce.", "Tento dokument expiruje za %d měsíců."],
|
||||
"Please enter the password for this paste:":
|
||||
"Zadejte prosím heslo:",
|
||||
"Could not decrypt data (Wrong key?)":
|
||||
"Could not decrypt data (Wrong key?)",
|
||||
"Could not delete the paste, it was not stored in burn after reading mode.":
|
||||
"Could not delete the paste, it was not stored in burn after reading mode.",
|
||||
"FOR YOUR EYES ONLY. Don't close this window, this message can't be displayed again.":
|
||||
"FOR YOUR EYES ONLY. Don't close this window, this message can't be displayed again.",
|
||||
"Could not decrypt comment; Wrong key?":
|
||||
"Could not decrypt comment; Wrong key?",
|
||||
"Reply":
|
||||
"Reply",
|
||||
"Anonymous":
|
||||
"Anonym",
|
||||
"Avatar generated from IP address":
|
||||
"Avatar generated from IP address",
|
||||
"Add comment":
|
||||
"Přidat komentář",
|
||||
"Optional nickname…":
|
||||
"Volitelný nickname…",
|
||||
"Post comment":
|
||||
"Odeslat komentář",
|
||||
"Sending comment…":
|
||||
"Odesílání komentáře…",
|
||||
"Comment posted.":
|
||||
"Komentář odeslán.",
|
||||
"Could not refresh display: %s":
|
||||
"Could not refresh display: %s",
|
||||
"unknown status":
|
||||
"neznámý stav",
|
||||
"server error or not responding":
|
||||
"Chyba na serveru nebo server neodpovídá",
|
||||
"Could not post comment: %s":
|
||||
"Nelze odeslat komentář: %s",
|
||||
"Sending paste…":
|
||||
"Odesílání příspěvku…",
|
||||
"Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>":
|
||||
"Váš link je <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Stiskněte [Ctrl]+[c] pro zkopírování)</span>",
|
||||
"Delete data":
|
||||
"Odstranit data",
|
||||
"Could not create paste: %s":
|
||||
"Nelze vytvořit příspěvek: %s",
|
||||
"Cannot decrypt paste: Decryption key missing in URL (Did you use a redirector or an URL shortener which strips part of the URL?)":
|
||||
"Nepodařilo se dešifrovat příspěvek: V adrese chybí dešifrovací klíč (Možnou příčinou může být URL shortener?)",
|
||||
"Format": "Formát",
|
||||
"Plain Text": "Prostý Text",
|
||||
"Source Code": "Zdrojový kód",
|
||||
"Markdown": "Markdown",
|
||||
"Download attachment": "Stáhnout přílohu",
|
||||
"Cloned: '%s'": "Klonováno: '%s'",
|
||||
"The cloned file '%s' was attached to this paste.": "The cloned file '%s' was attached to this paste.",
|
||||
"Attach a file": "Připojit soubor",
|
||||
"alternatively drag & drop a file or paste an image from the clipboard": "alternatively drag & drop a file or paste an image from the clipboard",
|
||||
"File too large, to display a preview. Please download the attachment.": "Soubor je příliš velký pro zobrazení náhledu. Stáhněte si přílohu.",
|
||||
"Remove attachment": "Odstranit přílohu",
|
||||
"Your browser does not support uploading encrypted files. Please use a newer browser.":
|
||||
"Váš prohlížeč nepodporuje nahrávání šifrovaných souborů. Použijte modernější verzi prohlížeče.",
|
||||
"Invalid attachment.": "Chybná příloha.",
|
||||
"Options": "Volby",
|
||||
"Shorten URL": "Shorten URL",
|
||||
"Editor": "Editor",
|
||||
"Preview": "Náhled",
|
||||
"%s requires the PATH to end in a \"%s\". Please update the PATH in your index.php.":
|
||||
"%s requires the PATH to end in a \"%s\". Please update the PATH in your index.php.",
|
||||
"Decrypt":
|
||||
"Decrypt",
|
||||
"Enter password":
|
||||
"Zadejte heslo",
|
||||
"Loading…": "Loading…",
|
||||
"Decrypting paste…": "Decrypting paste…",
|
||||
"Preparing new paste…": "Preparing new paste…",
|
||||
"In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.":
|
||||
"In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.",
|
||||
"+++ no paste text +++": "+++ žádný vložený text +++",
|
||||
"Could not get paste data: %s":
|
||||
"Could not get paste data: %s",
|
||||
"QR code": "QR code",
|
||||
"I love you too, bot…": "I love you too, bot…",
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.":
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.",
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.":
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.",
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
|
||||
}
|
15
i18n/de.json
15
i18n/de.json
|
@ -112,8 +112,6 @@
|
|||
"Fehler auf dem Server oder keine Antwort vom Server",
|
||||
"Could not post comment: %s":
|
||||
"Konnte Kommentar nicht senden: %s",
|
||||
"Please move your mouse for more entropy…":
|
||||
"Bitte bewege Deine Maus um die Entropie zu erhöhen…",
|
||||
"Sending paste…":
|
||||
"Sende Paste…",
|
||||
"Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>":
|
||||
|
@ -151,10 +149,17 @@
|
|||
"Loading…": "Lädt…",
|
||||
"Decrypting paste…": "Entschlüssle Text…",
|
||||
"Preparing new paste…": "Bereite neuen Text vor…",
|
||||
"In case this message never disappears please have a look at <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">this FAQ for information to troubleshoot</a>.":
|
||||
"Wenn diese Nachricht nicht mehr verschwindet, schau bitte in <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">die FAQ</a> (englisch), um zu sehen, wie der Fehler behoben werden kann.",
|
||||
"In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.":
|
||||
"Wenn diese Nachricht nicht mehr verschwindet, schau bitte in <a href=\"%s\">die FAQ</a> (englisch), um zu sehen, wie der Fehler behoben werden kann.",
|
||||
"+++ no paste text +++": "+++ kein Paste-Text +++",
|
||||
"Could not get paste data: %s":
|
||||
"Text konnte nicht geladen werden: %s",
|
||||
"QR code": "QR code"
|
||||
"QR code": "QR code",
|
||||
"I love you too, bot…": "Ich mag Dich auch, bot…",
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.":
|
||||
"Diese Webseite verwendet eine unsichere HTTP Verbindung! Bitte benutze sie nur zum Testen.",
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.":
|
||||
"<a href=\"%s\">Besuche diesen FAQ Eintrag</a> für weitere Informationen dazu.",
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
|
||||
"Dein Browser benötigt möglicherweise eine HTTPS Verbindung um das WebCrypto API nutzen zu können. Versuche <a href=\"%s\">auf HTTPS zu wechseln</a>."
|
||||
}
|
||||
|
|
15
i18n/es.json
15
i18n/es.json
|
@ -112,8 +112,6 @@
|
|||
"Error del servidor o el servidor no responde",
|
||||
"Could not post comment: %s":
|
||||
"No fue posible publicar comentario: %s",
|
||||
"Please move your mouse for more entropy…":
|
||||
"Por favor, mueva el ratón para mayor entropía…",
|
||||
"Sending paste…":
|
||||
"Enviando \"paste\"…",
|
||||
"Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>":
|
||||
|
@ -151,10 +149,17 @@
|
|||
"Loading…": "Cargando…",
|
||||
"Decrypting paste…": "Descifrando \"paste\"…",
|
||||
"Preparing new paste…": "Preparando \"paste\" nuevo…",
|
||||
"In case this message never disappears please have a look at <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">this FAQ for information to troubleshoot</a>.":
|
||||
"En caso de que este mensaje nunca desaparezca por favor revise <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">este FAQ para obtener información para solucionar problemas</a>.",
|
||||
"In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.":
|
||||
"En caso de que este mensaje nunca desaparezca por favor revise <a href=\"%s\">este FAQ para obtener información para solucionar problemas</a>.",
|
||||
"+++ no paste text +++": "+++ \"paste\" sin texto +++",
|
||||
"Could not get paste data: %s":
|
||||
"No se pudieron obtener los datos: %s",
|
||||
"QR code": "Código QR"
|
||||
"QR code": "Código QR",
|
||||
"I love you too, bot…": "I love you too, bot…",
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.":
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.",
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.":
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.",
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
|
||||
}
|
21
i18n/fr.json
21
i18n/fr.json
|
@ -112,8 +112,6 @@
|
|||
"Le serveur ne répond pas ou a rencontré une erreur",
|
||||
"Could not post comment: %s":
|
||||
"Impossible de poster le commentaire : %s",
|
||||
"Please move your mouse for more entropy…":
|
||||
"Merci de bouger votre souris pour plus d'entropie…",
|
||||
"Sending paste…":
|
||||
"Envoi du paste…",
|
||||
"Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>":
|
||||
|
@ -141,8 +139,8 @@
|
|||
"Cloned: '%s'": "Cloner '%s'",
|
||||
"The cloned file '%s' was attached to this paste.": "Le fichier cloné '%s' a été attaché à ce paste.",
|
||||
"Attach a file": "Attacher un fichier ",
|
||||
"alternatively drag & drop a file or paste an image from the clipboard": "alternatively drag & drop a file or paste an image from the clipboard",
|
||||
"File too large, to display a preview. Please download the attachment.": "File too large, to display a preview. Please download the attachment.",
|
||||
"alternatively drag & drop a file or paste an image from the clipboard": "alternativement, glisser & déposer un fichier ou coller une image à partir du presse-papiers",
|
||||
"File too large, to display a preview. Please download the attachment.": "Fichier trop volumineux, pour afficher un aperçu. Veuillez télécharger la pièce jointe.",
|
||||
"Remove attachment": "Enlever l'attachement",
|
||||
"Your browser does not support uploading encrypted files. Please use a newer browser.":
|
||||
"Votre navigateur ne supporte pas l'envoi de fichiers chiffrés. Merci d'utiliser un navigateur plus récent.",
|
||||
|
@ -160,10 +158,17 @@
|
|||
"Loading…": "Chargement…",
|
||||
"Decrypting paste…": "Déchiffrement du paste…",
|
||||
"Preparing new paste…": "Préparation du paste…",
|
||||
"In case this message never disappears please have a look at <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">this FAQ for information to troubleshoot</a>.":
|
||||
"Si ce message ne disparaîssait pas, jetez un oeil à <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">cette FAQ pour des idées de résolution</a> (en Anglais).",
|
||||
"In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.":
|
||||
"Si ce message ne disparaîssait pas, jetez un oeil à <a href=\"%s\">cette FAQ pour des idées de résolution</a> (en Anglais).",
|
||||
"+++ no paste text +++": "+++ pas de paste-text +++",
|
||||
"Could not get paste data: %s":
|
||||
"Could not get paste data: %s",
|
||||
"QR code": "QR code"
|
||||
"Impossible d'obtenir les données du paste: %s",
|
||||
"QR code": "QR code",
|
||||
"I love you too, bot…": "Je t’aime aussi, bot…",
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.":
|
||||
"Ce site web utilise une connexion HTTP non sécurisée ! Veuillez l’utiliser uniquement pour des tests.",
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.":
|
||||
"Pour plus d'informations <a href=\"%s\">consultez cette rubrique de la FAQ</a>.",
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
|
||||
"Votre navigateur peut nécessiter une connexion HTTPS pour prendre en charge l’API WebCrypto. Essayez <a href=\"%s\">de passer en HTTPS</a>."
|
||||
}
|
15
i18n/hu.json
15
i18n/hu.json
|
@ -112,8 +112,6 @@
|
|||
"A szerveren hiba lépett fel vagy nem válaszol.",
|
||||
"Could not post comment: %s":
|
||||
"Nem tudtuk beküldeni a hozzászólást: %s",
|
||||
"Please move your mouse for more entropy…":
|
||||
"Nincs elég véletlenszerűség a rendszerben. Mozgasd az egered, hogy növeld az entrópiát.",
|
||||
"Sending paste…":
|
||||
"Bejegyzés elküldése...",
|
||||
"Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>":
|
||||
|
@ -151,10 +149,17 @@
|
|||
"Loading…": "Folyamatban...",
|
||||
"Decrypting paste…": "Bejegyzés dekódolása...",
|
||||
"Preparing new paste…": "Új bejegyzés előkészítése...",
|
||||
"In case this message never disappears please have a look at <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">this FAQ for information to troubleshoot</a>.":
|
||||
"Abban az esetben, ha ez az üzenet mindig látható lenne, látogass el a <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">Gyakran Ismételt Kérdések szekcióba a megoldásához</a>.",
|
||||
"In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.":
|
||||
"Abban az esetben, ha ez az üzenet mindig látható lenne, látogass el a <a href=\"%s\">Gyakran Ismételt Kérdések szekcióba a megoldásához</a>.",
|
||||
"+++ no paste text +++": "+++ nincs beillesztett szöveg +++",
|
||||
"Could not get paste data: %s":
|
||||
"Could not get paste data: %s",
|
||||
"QR code": "QR code"
|
||||
"QR code": "QR code",
|
||||
"I love you too, bot…": "I love you too, bot…",
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.":
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.",
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.":
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.",
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
|
||||
}
|
15
i18n/it.json
15
i18n/it.json
|
@ -112,8 +112,6 @@
|
|||
"errore o mancata risposta dal server",
|
||||
"Could not post comment: %s":
|
||||
"Impossibile inviare il commento: %s",
|
||||
"Please move your mouse for more entropy…":
|
||||
"Muovi il mouse in modo casuale, per generare maggior entropia…",
|
||||
"Sending paste…":
|
||||
"Messaggio in fase di invio…",
|
||||
"Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>":
|
||||
|
@ -151,10 +149,17 @@
|
|||
"Loading…": "Carico…",
|
||||
"Decrypting paste…": "Decifro il messaggio…",
|
||||
"Preparing new paste…": "Preparo il nuovo messaggio…",
|
||||
"In case this message never disappears please have a look at <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">this FAQ for information to troubleshoot</a>.":
|
||||
"Nel caso questo messaggio non scompaia, controlla questa <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">FAQ</a> per trovare informazioni su come risolvere il problema (in Inglese).",
|
||||
"In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.":
|
||||
"Nel caso questo messaggio non scompaia, controlla questa <a href=\"%s\">FAQ</a> per trovare informazioni su come risolvere il problema (in Inglese).",
|
||||
"+++ no paste text +++": "+++ nessun testo nel messaggio +++",
|
||||
"Could not get paste data: %s":
|
||||
"Could not get paste data: %s",
|
||||
"QR code": "QR code"
|
||||
"QR code": "QR code",
|
||||
"I love you too, bot…": "I love you too, bot…",
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.":
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.",
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.":
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.",
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
|
||||
}
|
15
i18n/nl.json
15
i18n/nl.json
|
@ -112,8 +112,6 @@
|
|||
"Serverfout of server reageert niet",
|
||||
"Could not post comment: %s":
|
||||
"Kon het commentaar niet plaatsen: %s",
|
||||
"Please move your mouse for more entropy…":
|
||||
"Aub uw muis bewegen voor meer entropie…",
|
||||
"Sending paste…":
|
||||
"Geplakte tekst verzenden…",
|
||||
"Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>":
|
||||
|
@ -151,10 +149,17 @@
|
|||
"Loading…": "Laden…",
|
||||
"Decrypting paste…": "Geplakte tekst decoderen…",
|
||||
"Preparing new paste…": "Nieuwe geplakte tekst voorbereiden…",
|
||||
"In case this message never disappears please have a look at <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">this FAQ for information to troubleshoot</a>.":
|
||||
"In het geval dat dit bericht nooit verdwijnt, kijkt u dan eens naar <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\"> veelgestelde vragen voor informatie over het oplossen van problemen </a>.",
|
||||
"In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.":
|
||||
"In het geval dat dit bericht nooit verdwijnt, kijkt u dan eens naar <a href=\"%s\"> veelgestelde vragen voor informatie over het oplossen van problemen </a>.",
|
||||
"+++ no paste text +++": "+++ geen geplakte tekst +++",
|
||||
"Could not get paste data: %s":
|
||||
"Could not get paste data: %s",
|
||||
"QR code": "QR code"
|
||||
"QR code": "QR code",
|
||||
"I love you too, bot…": "I love you too, bot…",
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.":
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.",
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.":
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.",
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
|
||||
}
|
15
i18n/no.json
15
i18n/no.json
|
@ -112,8 +112,6 @@
|
|||
"tjener feilet eller svarer ikke",
|
||||
"Could not post comment: %s":
|
||||
"Kunne ikke sende kommentar: %s",
|
||||
"Please move your mouse for more entropy…":
|
||||
"Flytt musen for mer entropi…",
|
||||
"Sending paste…":
|
||||
"Sender innlegg…",
|
||||
"Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>":
|
||||
|
@ -151,10 +149,17 @@
|
|||
"Loading…": "Laster…",
|
||||
"Decrypting paste…": "Dekrypterer innlegg…",
|
||||
"Preparing new paste…": "Klargjør nytt innlegg…",
|
||||
"In case this message never disappears please have a look at <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">this FAQ for information to troubleshoot</a>.":
|
||||
"Hvis denne meldingen ikke forsvinner kan du ta en titt på siden med <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">ofte stilte spørsmål</a> for informasjon om feilsøking.",
|
||||
"In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.":
|
||||
"Hvis denne meldingen ikke forsvinner kan du ta en titt på siden med <a href=\"%s\">ofte stilte spørsmål</a> for informasjon om feilsøking.",
|
||||
"+++ no paste text +++": "+++ ingen innleggstekst +++",
|
||||
"Could not get paste data: %s":
|
||||
"Kunne ikke hente utklippsdata: %s",
|
||||
"QR code": "QR code"
|
||||
"QR code": "QR code",
|
||||
"I love you too, bot…": "I love you too, bot…",
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.":
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.",
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.":
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.",
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
|
||||
}
|
||||
|
|
19
i18n/oc.json
19
i18n/oc.json
|
@ -30,7 +30,7 @@
|
|||
"Wrong deletion token. Paste was not deleted.":
|
||||
"Geton de supression incorrècte. Lo tèxte es pas estat suprimit.",
|
||||
"Paste was properly deleted.":
|
||||
"Lo tèxte es estat correctament suprimit.",
|
||||
"Lo tèxte es estat corrèctament suprimit.",
|
||||
"JavaScript is required for %s to work.<br />Sorry for the inconvenience.":
|
||||
"JavaScript es requesit per far foncionar %s. <br />O planhèm per l’inconvenient.",
|
||||
"%s requires a modern browser to work.":
|
||||
|
@ -109,11 +109,9 @@
|
|||
"unknown status":
|
||||
"Estatut desconegut",
|
||||
"server error or not responding":
|
||||
"Lo servidor respond pas o a rencontrat una error",
|
||||
"Lo servidor respond pas o a rescontrat una error",
|
||||
"Could not post comment: %s":
|
||||
"Impossible de mandar lo comentari : %s",
|
||||
"Please move your mouse for more entropy…":
|
||||
"Mercés de bolegar vòstra mirga per mai entropia…",
|
||||
"Sending paste…":
|
||||
"Mandadís del tèxte…",
|
||||
"Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>":
|
||||
|
@ -160,10 +158,17 @@
|
|||
"Loading…": "Cargament…",
|
||||
"Decrypting paste…": "Deschirament del tèxte…",
|
||||
"Preparing new paste…": "Preparacion…",
|
||||
"In case this message never disappears please have a look at <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">this FAQ for information to troubleshoot</a>.":
|
||||
"Se per cas aqueste messatge quita pas de s’afichar mercés de gaitar <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">aquesta FAQ per las solucions</a> (en anglés).",
|
||||
"In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.":
|
||||
"Se per cas aqueste messatge quite pas de s’afichar mercés de gaitar <a href=\"%s\">aquesta FAQ per las solucions</a> (en anglés).",
|
||||
"+++ no paste text +++": "+++ cap de tèxte pegat +++",
|
||||
"Could not get paste data: %s":
|
||||
"Recuperacion impossibla de las donadas copiadas : %s",
|
||||
"QR code": "Còdi QR"
|
||||
"QR code": "Còdi QR",
|
||||
"I love you too, bot…": "T’aimi tanben, robòt…",
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.":
|
||||
"Aqueste site utiliza una connexion HTTP pas segura ! Mercés de l’utilizar pas que per d’ensages.",
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.":
|
||||
"Per mai d’informacions <a href=\"%s\">vejatz aqueste article de FAQ</a>.",
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
|
||||
"Se pòt que vòstre navigator faga besonh d’una connexion HTTPS per èsser compatible amb l’API WebCrypto. Ensajatz de <a href=\"%s\">passar al HTTPS</a>."
|
||||
}
|
||||
|
|
18
i18n/pl.json
18
i18n/pl.json
|
@ -112,8 +112,6 @@
|
|||
"błąd serwera lub brak odpowiedzi",
|
||||
"Could not post comment: %s":
|
||||
"Nie udało się wysłać komentarza: %s",
|
||||
"Please move your mouse for more entropy…":
|
||||
"Proszę poruszać myszą, aby uzyskać większą entropię…",
|
||||
"Sending paste…":
|
||||
"Wysyłanie wklejki…",
|
||||
"Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>":
|
||||
|
@ -148,14 +146,20 @@
|
|||
"Odszyfruj",
|
||||
"Enter password":
|
||||
"Wpisz hasło",
|
||||
"Loading…":
|
||||
"Wczytywanie…",
|
||||
"Loading…": "Wczytywanie…",
|
||||
"Decrypting paste…": "Odszyfrowywanie wklejki…",
|
||||
"Preparing new paste…": "Przygotowywanie nowej wklejki…",
|
||||
"In case this message never disappears please have a look at <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">this FAQ for information to troubleshoot</a>.":
|
||||
"W przypadku gdy ten komunikat nigdy nie znika, proszę spójrz na <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">to FAQ aby rozwiązać problem</a> (po angielsku).",
|
||||
"In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.":
|
||||
"W przypadku gdy ten komunikat nigdy nie znika, proszę spójrz na <a href=\"%s\">to FAQ aby rozwiązać problem</a> (po angielsku).",
|
||||
"+++ no paste text +++": "+++ brak wklejonego tekstu +++",
|
||||
"Could not get paste data: %s":
|
||||
"Nie można było pobrać danych wklejki: %s",
|
||||
"QR code": "Kod QR"
|
||||
"QR code": "Kod QR",
|
||||
"I love you too, bot…": "I love you too, bot…",
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.":
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.",
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.":
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.",
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
|
||||
}
|
||||
|
|
15
i18n/pt.json
15
i18n/pt.json
|
@ -112,8 +112,6 @@
|
|||
"Servidor em erro ou não responsivo",
|
||||
"Could not post comment: %s":
|
||||
"Não foi possível publicar o comentário: %s",
|
||||
"Please move your mouse for more entropy…":
|
||||
"Por favor, mova o mouse para maior entropia…",
|
||||
"Sending paste…":
|
||||
"Enviando cópia…",
|
||||
"Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>":
|
||||
|
@ -151,10 +149,17 @@
|
|||
"Loading…": "Carregando…",
|
||||
"Decrypting paste…": "Decifrando cópia…",
|
||||
"Preparing new paste…": "Preparando nova cópia…",
|
||||
"In case this message never disappears please have a look at <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">this FAQ for information to troubleshoot</a>.":
|
||||
"Caso essa mensagem nunca desapareça, por favor veja <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">este FAQ para saber como resolver os problemas</a>.",
|
||||
"In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.":
|
||||
"Caso essa mensagem nunca desapareça, por favor veja <a href=\"%s\">este FAQ para saber como resolver os problemas</a>.",
|
||||
"+++ no paste text +++": "+++ sem texto de cópia +++",
|
||||
"Could not get paste data: %s":
|
||||
"Could not get paste data: %s",
|
||||
"QR code": "QR code"
|
||||
"QR code": "QR code",
|
||||
"I love you too, bot…": "I love you too, bot…",
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.":
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.",
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.":
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.",
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
|
||||
}
|
15
i18n/ru.json
15
i18n/ru.json
|
@ -112,8 +112,6 @@
|
|||
"ошибка сервера или нет ответа",
|
||||
"Could not post comment: %s":
|
||||
"Не удалось опубликовать комментарий: %s",
|
||||
"Please move your mouse for more entropy…":
|
||||
"Пожалуйста, двигайте мышкой для большей энтропии…",
|
||||
"Sending paste…":
|
||||
"Отправка записи…",
|
||||
"Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>":
|
||||
|
@ -161,10 +159,17 @@
|
|||
"Loading…": "Загрузка…",
|
||||
"Decrypting paste…": "Расшифровка записи…",
|
||||
"Preparing new paste…": "Подготовка новой записи…",
|
||||
"In case this message never disappears please have a look at <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">this FAQ for information to troubleshoot</a>.":
|
||||
"Если данное сообщение не исчезает длительное время, посмотрите <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">этот FAQ с информацией о возможном решении проблемы (на английском)</a>.",
|
||||
"In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.":
|
||||
"Если данное сообщение не исчезает длительное время, посмотрите <a href=\"%s\">этот FAQ с информацией о возможном решении проблемы (на английском)</a>.",
|
||||
"+++ no paste text +++": "+++ в записи нет текста +++",
|
||||
"Could not get paste data: %s":
|
||||
"Не удалось получить данные записи: %s",
|
||||
"QR code": "QR code"
|
||||
"QR code": "QR код",
|
||||
"I love you too, bot…": "Я тоже люблю тебя, бот…",
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.":
|
||||
"Данный сайт использует незащищенное HTTP подключение! Пожалуйста используйте его только для тестирования.",
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.":
|
||||
"Для продробностей <a href=\"%s\">прочтите информацию в FAQ</a>.",
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
|
||||
"Ваш браузер требует использования HTTPS подключения для поддержки WebCrypto API. Попробуйте <a href=\"%s\">переключиться на HTTPS</a>."
|
||||
}
|
||||
|
|
15
i18n/sl.json
15
i18n/sl.json
|
@ -112,8 +112,6 @@
|
|||
"napaka na strežniku, ali pa se strežnik ne odziva",
|
||||
"Could not post comment: %s":
|
||||
"Komentarja ni bilo mogoče objaviti : %s",
|
||||
"Please move your mouse for more entropy…":
|
||||
"Prosim premakni svojo miško za več entropije…",
|
||||
"Sending paste…":
|
||||
"Pošiljam prilepek…",
|
||||
"Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>":
|
||||
|
@ -160,10 +158,17 @@
|
|||
"Loading…": "Loading…",
|
||||
"Decrypting paste…": "Decrypting paste…",
|
||||
"Preparing new paste…": "Preparing new paste…",
|
||||
"In case this message never disappears please have a look at <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">this FAQ for information to troubleshoot</a>.":
|
||||
"In case this message never disappears please have a look at <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">this FAQ for information to troubleshoot</a> (in English).",
|
||||
"In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.":
|
||||
"In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a> (in English).",
|
||||
"+++ no paste text +++": "+++ no paste text +++",
|
||||
"Could not get paste data: %s":
|
||||
"Could not get paste data: %s",
|
||||
"QR code": "QR code"
|
||||
"QR code": "QR code",
|
||||
"I love you too, bot…": "I love you too, bot…",
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.":
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.",
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.":
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.",
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
|
||||
}
|
||||
|
|
15
i18n/zh.json
15
i18n/zh.json
|
@ -112,8 +112,6 @@
|
|||
"服务器错误或无回应",
|
||||
"Could not post comment: %s":
|
||||
"无法发送评论: %s",
|
||||
"Please move your mouse for more entropy…":
|
||||
"请移动鼠标增加随机性…",
|
||||
"Sending paste…":
|
||||
"粘贴内容提交中…",
|
||||
"Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>":
|
||||
|
@ -151,10 +149,17 @@
|
|||
"Loading…": "载入中…",
|
||||
"Decrypting paste…": "正在解密",
|
||||
"Preparing new paste…": "正在准备新的粘贴内容",
|
||||
"In case this message never disappears please have a look at <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">this FAQ for information to troubleshoot</a>.":
|
||||
"如果这个消息一直存在,请参考 <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">这里的 FAQ (英文版)</a>进行故障排除。",
|
||||
"In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.":
|
||||
"如果这个消息一直存在,请参考 <a href=\"%s\">这里的 FAQ (英文版)</a>进行故障排除。",
|
||||
"+++ no paste text +++": "+++ 没有粘贴内容 +++",
|
||||
"Could not get paste data: %s":
|
||||
"无法获取粘贴数据:%s",
|
||||
"QR code": "二维码"
|
||||
"QR code": "二维码",
|
||||
"I love you too, bot…": "I love you too, bot…",
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.":
|
||||
"This website is using an insecure HTTP connection! Please use it only for testing.",
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.":
|
||||
"For more information <a href=\"%s\">see this FAQ entry</a>.",
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
|
||||
"Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
|
||||
}
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
// change this, if your php files and data is outside of your webservers document root
|
||||
|
|
8
js/.nycrc.yml
Normal file
8
js/.nycrc.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
include:
|
||||
- privatebin.js
|
||||
reporter:
|
||||
- text
|
||||
- html
|
||||
report-dir: ../tst/log/js-coverage-report
|
||||
temp-dir: /tmp/nyc-output
|
|
@ -1 +0,0 @@
|
|||
(function(global,factory){typeof exports==="object"&&typeof module!=="undefined"?module.exports=factory(global):typeof define==="function"&&define.amd?define(factory):factory(global)})(typeof self!=="undefined"?self:typeof window!=="undefined"?window:typeof global!=="undefined"?global:this,function(global){"use strict";var _Base64=global.Base64;var version="2.4.5";var buffer;if(typeof module!=="undefined"&&module.exports){try{buffer=require("buffer").Buffer}catch(err){}}var b64chars="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";var b64tab=function(bin){var t={};for(var i=0,l=bin.length;i<l;i++)t[bin.charAt(i)]=i;return t}(b64chars);var fromCharCode=String.fromCharCode;var cb_utob=function(c){if(c.length<2){var cc=c.charCodeAt(0);return cc<128?c:cc<2048?fromCharCode(192|cc>>>6)+fromCharCode(128|cc&63):fromCharCode(224|cc>>>12&15)+fromCharCode(128|cc>>>6&63)+fromCharCode(128|cc&63)}else{var cc=65536+(c.charCodeAt(0)-55296)*1024+(c.charCodeAt(1)-56320);return fromCharCode(240|cc>>>18&7)+fromCharCode(128|cc>>>12&63)+fromCharCode(128|cc>>>6&63)+fromCharCode(128|cc&63)}};var re_utob=/[\uD800-\uDBFF][\uDC00-\uDFFFF]|[^\x00-\x7F]/g;var utob=function(u){return u.replace(re_utob,cb_utob)};var cb_encode=function(ccc){var padlen=[0,2,1][ccc.length%3],ord=ccc.charCodeAt(0)<<16|(ccc.length>1?ccc.charCodeAt(1):0)<<8|(ccc.length>2?ccc.charCodeAt(2):0),chars=[b64chars.charAt(ord>>>18),b64chars.charAt(ord>>>12&63),padlen>=2?"=":b64chars.charAt(ord>>>6&63),padlen>=1?"=":b64chars.charAt(ord&63)];return chars.join("")};var btoa=global.btoa?function(b){return global.btoa(b)}:function(b){return b.replace(/[\s\S]{1,3}/g,cb_encode)};var _encode=buffer?buffer.from&&Uint8Array&&buffer.from!==Uint8Array.from?function(u){return(u.constructor===buffer.constructor?u:buffer.from(u)).toString("base64")}:function(u){return(u.constructor===buffer.constructor?u:new buffer(u)).toString("base64")}:function(u){return btoa(utob(u))};var encode=function(u,urisafe){return!urisafe?_encode(String(u)):_encode(String(u)).replace(/[+\/]/g,function(m0){return m0=="+"?"-":"_"}).replace(/=/g,"")};var encodeURI=function(u){return encode(u,true)};var re_btou=new RegExp(["[À-ß][-¿]","[à-ï][-¿]{2}","[ð-÷][-¿]{3}"].join("|"),"g");var cb_btou=function(cccc){switch(cccc.length){case 4:var cp=(7&cccc.charCodeAt(0))<<18|(63&cccc.charCodeAt(1))<<12|(63&cccc.charCodeAt(2))<<6|63&cccc.charCodeAt(3),offset=cp-65536;return fromCharCode((offset>>>10)+55296)+fromCharCode((offset&1023)+56320);case 3:return fromCharCode((15&cccc.charCodeAt(0))<<12|(63&cccc.charCodeAt(1))<<6|63&cccc.charCodeAt(2));default:return fromCharCode((31&cccc.charCodeAt(0))<<6|63&cccc.charCodeAt(1))}};var btou=function(b){return b.replace(re_btou,cb_btou)};var cb_decode=function(cccc){var len=cccc.length,padlen=len%4,n=(len>0?b64tab[cccc.charAt(0)]<<18:0)|(len>1?b64tab[cccc.charAt(1)]<<12:0)|(len>2?b64tab[cccc.charAt(2)]<<6:0)|(len>3?b64tab[cccc.charAt(3)]:0),chars=[fromCharCode(n>>>16),fromCharCode(n>>>8&255),fromCharCode(n&255)];chars.length-=[0,0,2,1][padlen];return chars.join("")};var atob=global.atob?function(a){return global.atob(a)}:function(a){return a.replace(/[\s\S]{1,4}/g,cb_decode)};var _decode=buffer?buffer.from&&Uint8Array&&buffer.from!==Uint8Array.from?function(a){return(a.constructor===buffer.constructor?a:buffer.from(a,"base64")).toString()}:function(a){return(a.constructor===buffer.constructor?a:new buffer(a,"base64")).toString()}:function(a){return btou(atob(a))};var decode=function(a){return _decode(String(a).replace(/[-_]/g,function(m0){return m0=="-"?"+":"/"}).replace(/[^A-Za-z0-9\+\/]/g,""))};var noConflict=function(){var Base64=global.Base64;global.Base64=_Base64;return Base64};global.Base64={VERSION:version,atob:atob,btoa:btoa,fromBase64:decode,toBase64:encode,utob:utob,encode:encode,encodeURI:encodeURI,btou:btou,decode:decode,noConflict:noConflict};if(typeof Object.defineProperty==="function"){var noEnum=function(v){return{value:v,enumerable:false,writable:true,configurable:true}};global.Base64.extendString=function(){Object.defineProperty(String.prototype,"fromBase64",noEnum(function(){return decode(this)}));Object.defineProperty(String.prototype,"toBase64",noEnum(function(urisafe){return encode(this,urisafe)}));Object.defineProperty(String.prototype,"toBase64URI",noEnum(function(){return encode(this,true)}))}}if(global["Meteor"]){Base64=global.Base64}if(typeof module!=="undefined"&&module.exports){module.exports.Base64=global.Base64}else if(typeof define==="function"&&define.amd){define([],function(){return global.Base64})}return{Base64:global.Base64}});
|
|
@ -1,16 +1,35 @@
|
|||
{
|
||||
"@context": {
|
||||
"so": "https://schema.org/",
|
||||
"status": "so:Integer",
|
||||
"id": "so:name",
|
||||
"parentid": "so:name",
|
||||
"url: {
|
||||
"@id": "so:url",
|
||||
"@type": "@id"
|
||||
"pb": "?jsonld=types#",
|
||||
"cm": "?jsonld=commentmeta#",
|
||||
"status": {
|
||||
"@type": "so:Integer"
|
||||
},
|
||||
"id": {
|
||||
"@type": "so:name"
|
||||
},
|
||||
"pasteid": {
|
||||
"@type": "so:name"
|
||||
},
|
||||
"parentid": {
|
||||
"@type": "so:name"
|
||||
},
|
||||
"url": {
|
||||
"@type": "so:url"
|
||||
},
|
||||
"v": {
|
||||
"@type": "so:Integer",
|
||||
"@value": 2
|
||||
},
|
||||
"ct": {
|
||||
"@type": "pb:CipherText"
|
||||
},
|
||||
"adata": {
|
||||
"@type": "pb:CipherParameters"
|
||||
},
|
||||
"data": "so:Text",
|
||||
"meta": {
|
||||
"@id": "?jsonld=commentmeta"
|
||||
"@type": "cm:MetaData"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,8 +1,14 @@
|
|||
{
|
||||
"@context": {
|
||||
"so": "https://schema.org/",
|
||||
"postdate": "so:Integer",
|
||||
"nickname": "so:Text",
|
||||
"vizhash": "so:Text"
|
||||
"pb": "?jsonld=types#"
|
||||
},
|
||||
"MetaData": {
|
||||
"created": {
|
||||
"@type": "CreationTime"
|
||||
},
|
||||
"icon": {
|
||||
"@type": "so:url"
|
||||
}
|
||||
}
|
||||
}
|
22
js/common.js
22
js/common.js
|
@ -5,19 +5,19 @@ global.assert = require('assert');
|
|||
global.jsc = require('jsverify');
|
||||
global.jsdom = require('jsdom-global');
|
||||
global.cleanup = global.jsdom();
|
||||
global.URL = require('jsdom-url').URL;
|
||||
global.fs = require('fs');
|
||||
global.WebCrypto = require('node-webcrypto-ossl');
|
||||
|
||||
// application libraries to test
|
||||
global.$ = global.jQuery = require('./jquery-3.3.1');
|
||||
global.sjcl = require('./sjcl-1.0.7');
|
||||
global.Base64 = require('./base64-2.4.5').Base64;
|
||||
global.RawDeflate = require('./rawdeflate-0.5').RawDeflate;
|
||||
global.RawDeflate.inflate = require('./rawinflate-0.3').RawDeflate.inflate;
|
||||
global.$ = global.jQuery = require('./jquery-3.4.1');
|
||||
global.RawDeflate = require('./rawinflate-0.3').RawDeflate;
|
||||
global.zlib = require('./zlib-1.2.11').zlib;
|
||||
require('./prettify');
|
||||
global.prettyPrint = window.PR.prettyPrint;
|
||||
global.prettyPrintOne = window.PR.prettyPrintOne;
|
||||
global.showdown = require('./showdown-1.8.6');
|
||||
global.DOMPurify = require('./purify-1.0.7');
|
||||
global.showdown = require('./showdown-1.9.0');
|
||||
global.DOMPurify = require('./purify-1.0.11');
|
||||
global.baseX = require('./base-x-3.0.5.1').baseX;
|
||||
require('./bootstrap-3.3.7');
|
||||
require('./privatebin');
|
||||
|
@ -54,15 +54,9 @@ var a2zString = ['a','b','c','d','e','f','g','h','i','j','k','l','m',
|
|||
'`': '`',
|
||||
'=': '='
|
||||
},
|
||||
logFile = fs.createWriteStream('test.log'),
|
||||
mimeFile = fs.createReadStream('/etc/mime.types'),
|
||||
mimeLine = '';
|
||||
|
||||
// redirect console messages to log file
|
||||
console.info = console.warn = console.error = function () {
|
||||
logFile.write(Array.prototype.slice.call(arguments).join('') + '\n');
|
||||
};
|
||||
|
||||
// populate mime types from environment
|
||||
mimeFile.on('data', function(data) {
|
||||
mimeLine += data;
|
||||
|
@ -99,6 +93,8 @@ function parseMime(line) {
|
|||
}
|
||||
|
||||
// common testing helper functions
|
||||
exports.atob = atob;
|
||||
exports.btoa = btoa;
|
||||
|
||||
/**
|
||||
* convert all applicable characters to HTML entities
|
||||
|
|
2
js/jquery-3.3.1.js
vendored
2
js/jquery-3.3.1.js
vendored
File diff suppressed because one or more lines are too long
2
js/jquery-3.4.1.js
vendored
Normal file
2
js/jquery-3.4.1.js
vendored
Normal file
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
2
js/kjua-0.6.0.js
Normal file
2
js/kjua-0.6.0.js
Normal file
File diff suppressed because one or more lines are too long
43
js/package.json
Normal file
43
js/package.json
Normal file
|
@ -0,0 +1,43 @@
|
|||
{
|
||||
"name": "privatebin",
|
||||
"version": "1.3",
|
||||
"description": "PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bit AES in Galois Counter mode (GCM).",
|
||||
"main": "privatebin.js",
|
||||
"directories": {
|
||||
"test": "test"
|
||||
},
|
||||
"dependencies": {},
|
||||
"devDependencies": {
|
||||
"jsdom": "^9.12.0",
|
||||
"jsdom-global": "^2.1.1",
|
||||
"jsdom-url": "^2.2.1",
|
||||
"jsverify": "^0.8.3",
|
||||
"node-webcrypto-ossl": "^1.0.37"
|
||||
},
|
||||
"scripts": {
|
||||
"test": "mocha"
|
||||
},
|
||||
"repository": {
|
||||
"type": "git",
|
||||
"url": "git+https://github.com/PrivateBin/PrivateBin.git"
|
||||
},
|
||||
"keywords": [
|
||||
"private",
|
||||
"secure",
|
||||
"end-to-end-encrypted",
|
||||
"e2e",
|
||||
"paste",
|
||||
"pastebin",
|
||||
"zero",
|
||||
"zero-knowledge",
|
||||
"encryption",
|
||||
"encrypted",
|
||||
"AES"
|
||||
],
|
||||
"author": "",
|
||||
"license": "zlib-acknowledgement",
|
||||
"bugs": {
|
||||
"url": "https://github.com/PrivateBin/PrivateBin/issues"
|
||||
},
|
||||
"homepage": "https://privatebin.info/"
|
||||
}
|
|
@ -1,24 +1,42 @@
|
|||
{
|
||||
"@context": {
|
||||
"so": "https://schema.org/",
|
||||
"status": {"@id": "so:Integer"},
|
||||
"id": {"@id": "so:name"},
|
||||
"deletetoken": {"@id": "so:Text"},
|
||||
"url": {
|
||||
"@type": "@id",
|
||||
"@id": "so:url"
|
||||
"pb": "?jsonld=types#",
|
||||
"pm": "?jsonld=pastemeta#",
|
||||
"status": {
|
||||
"@type": "so:Integer"
|
||||
},
|
||||
"id": {
|
||||
"@type": "so:name"
|
||||
},
|
||||
"deletetoken": {
|
||||
"@type": "so:Text"
|
||||
},
|
||||
"url": {
|
||||
"@type": "so:url"
|
||||
},
|
||||
"v": {
|
||||
"@type": "so:Integer",
|
||||
"@value": 2
|
||||
},
|
||||
"ct": {
|
||||
"@type": "pb:CipherText"
|
||||
},
|
||||
"adata": {
|
||||
"@type": "pm:AuthenticatedData"
|
||||
},
|
||||
"data": {"@id": "so:Text"},
|
||||
"attachment": {"@id": "so:Text"},
|
||||
"attachmentname": {"@id": "so:Text"},
|
||||
"meta": {
|
||||
"@id": "?jsonld=pastemeta"
|
||||
"@type": "pm:MetaData"
|
||||
},
|
||||
"comments": {
|
||||
"@id": "?jsonld=comment",
|
||||
"@type": "?jsonld=comment",
|
||||
"@container": "@list"
|
||||
},
|
||||
"comment_count": {"@id": "so:Integer"},
|
||||
"comment_offset": {"@id": "so:Integer"}
|
||||
"comment_count": {
|
||||
"@type": "so:Integer"
|
||||
},
|
||||
"comment_offset": {
|
||||
"@type": "so:Integer"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,11 +1,31 @@
|
|||
{
|
||||
"@context": {
|
||||
"so": "https://schema.org/",
|
||||
"formatter": {"@id": "so:Text"},
|
||||
"postdate": {"@id": "so:Integer"},
|
||||
"opendiscussion": {"@id": "so:True"},
|
||||
"burnafterreading": {"@id": "so:True"},
|
||||
"expire_date": {"@id": "so:Integer"},
|
||||
"remaining_time": {"@id": "so:Integer"}
|
||||
"pb": "?jsonld=types#"
|
||||
},
|
||||
"AuthenticatedData": {
|
||||
"@container": "@list",
|
||||
"@value": [
|
||||
{
|
||||
"@type": "pb:CipherParameters"
|
||||
},
|
||||
{
|
||||
"@type": "pb:Formatter"
|
||||
},
|
||||
{
|
||||
"@type": "pb:OpenDiscussion"
|
||||
},
|
||||
{
|
||||
"@type": "pb:BurnAfterReading"
|
||||
}
|
||||
]
|
||||
},
|
||||
"MetaData": {
|
||||
"expire": {
|
||||
"@type": "pb:Expiration"
|
||||
},
|
||||
"time_to_live": {
|
||||
"@type": "pb:RemainingSeconds"
|
||||
}
|
||||
}
|
||||
}
|
1910
js/privatebin.js
1910
js/privatebin.js
File diff suppressed because it is too large
Load diff
1
js/purify-1.0.11.js
Normal file
1
js/purify-1.0.11.js
Normal file
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
1675
js/rawdeflate-0.5.js
1675
js/rawdeflate-0.5.js
File diff suppressed because it is too large
Load diff
File diff suppressed because one or more lines are too long
2
js/showdown-1.9.0.js
Normal file
2
js/showdown-1.9.0.js
Normal file
File diff suppressed because one or more lines are too long
|
@ -1,60 +0,0 @@
|
|||
"use strict";var sjcl={cipher:{},hash:{},keyexchange:{},mode:{},misc:{},codec:{},exception:{corrupt:function(a){this.toString=function(){return"CORRUPT: "+this.message};this.message=a},invalid:function(a){this.toString=function(){return"INVALID: "+this.message};this.message=a},bug:function(a){this.toString=function(){return"BUG: "+this.message};this.message=a},notReady:function(a){this.toString=function(){return"NOT READY: "+this.message};this.message=a}}};
|
||||
sjcl.cipher.aes=function(a){this.s[0][0][0]||this.O();var b,c,d,e,f=this.s[0][4],g=this.s[1];b=a.length;var h=1;if(4!==b&&6!==b&&8!==b)throw new sjcl.exception.invalid("invalid aes key size");this.b=[d=a.slice(0),e=[]];for(a=b;a<4*b+28;a++){c=d[a-1];if(0===a%b||8===b&&4===a%b)c=f[c>>>24]<<24^f[c>>16&255]<<16^f[c>>8&255]<<8^f[c&255],0===a%b&&(c=c<<8^c>>>24^h<<24,h=h<<1^283*(h>>7));d[a]=d[a-b]^c}for(b=0;a;b++,a--)c=d[b&3?a:a-4],e[b]=4>=a||4>b?c:g[0][f[c>>>24]]^g[1][f[c>>16&255]]^g[2][f[c>>8&255]]^g[3][f[c&
|
||||
255]]};
|
||||
sjcl.cipher.aes.prototype={encrypt:function(a){return t(this,a,0)},decrypt:function(a){return t(this,a,1)},s:[[[],[],[],[],[]],[[],[],[],[],[]]],O:function(){var a=this.s[0],b=this.s[1],c=a[4],d=b[4],e,f,g,h=[],k=[],l,n,m,p;for(e=0;0x100>e;e++)k[(h[e]=e<<1^283*(e>>7))^e]=e;for(f=g=0;!c[f];f^=l||1,g=k[g]||1)for(m=g^g<<1^g<<2^g<<3^g<<4,m=m>>8^m&255^99,c[f]=m,d[m]=f,n=h[e=h[l=h[f]]],p=0x1010101*n^0x10001*e^0x101*l^0x1010100*f,n=0x101*h[m]^0x1010100*m,e=0;4>e;e++)a[e][f]=n=n<<24^n>>>8,b[e][m]=p=p<<24^p>>>8;for(e=
|
||||
0;5>e;e++)a[e]=a[e].slice(0),b[e]=b[e].slice(0)}};
|
||||
function t(a,b,c){if(4!==b.length)throw new sjcl.exception.invalid("invalid aes block size");var d=a.b[c],e=b[0]^d[0],f=b[c?3:1]^d[1],g=b[2]^d[2];b=b[c?1:3]^d[3];var h,k,l,n=d.length/4-2,m,p=4,r=[0,0,0,0];h=a.s[c];a=h[0];var q=h[1],v=h[2],w=h[3],x=h[4];for(m=0;m<n;m++)h=a[e>>>24]^q[f>>16&255]^v[g>>8&255]^w[b&255]^d[p],k=a[f>>>24]^q[g>>16&255]^v[b>>8&255]^w[e&255]^d[p+1],l=a[g>>>24]^q[b>>16&255]^v[e>>8&255]^w[f&255]^d[p+2],b=a[b>>>24]^q[e>>16&255]^v[f>>8&255]^w[g&255]^d[p+3],p+=4,e=h,f=k,g=l;for(m=
|
||||
0;4>m;m++)r[c?3&-m:m]=x[e>>>24]<<24^x[f>>16&255]<<16^x[g>>8&255]<<8^x[b&255]^d[p++],h=e,e=f,f=g,g=b,b=h;return r}
|
||||
sjcl.bitArray={bitSlice:function(a,b,c){a=sjcl.bitArray.$(a.slice(b/32),32-(b&31)).slice(1);return void 0===c?a:sjcl.bitArray.clamp(a,c-b)},extract:function(a,b,c){var d=Math.floor(-b-c&31);return((b+c-1^b)&-32?a[b/32|0]<<32-d^a[b/32+1|0]>>>d:a[b/32|0]>>>d)&(1<<c)-1},concat:function(a,b){if(0===a.length||0===b.length)return a.concat(b);var c=a[a.length-1],d=sjcl.bitArray.getPartial(c);return 32===d?a.concat(b):sjcl.bitArray.$(b,d,c|0,a.slice(0,a.length-1))},bitLength:function(a){var b=a.length;return 0===
|
||||
b?0:32*(b-1)+sjcl.bitArray.getPartial(a[b-1])},clamp:function(a,b){if(32*a.length<b)return a;a=a.slice(0,Math.ceil(b/32));var c=a.length;b=b&31;0<c&&b&&(a[c-1]=sjcl.bitArray.partial(b,a[c-1]&2147483648>>b-1,1));return a},partial:function(a,b,c){return 32===a?b:(c?b|0:b<<32-a)+0x10000000000*a},getPartial:function(a){return Math.round(a/0x10000000000)||32},equal:function(a,b){if(sjcl.bitArray.bitLength(a)!==sjcl.bitArray.bitLength(b))return!1;var c=0,d;for(d=0;d<a.length;d++)c|=a[d]^b[d];return 0===
|
||||
c},$:function(a,b,c,d){var e;e=0;for(void 0===d&&(d=[]);32<=b;b-=32)d.push(c),c=0;if(0===b)return d.concat(a);for(e=0;e<a.length;e++)d.push(c|a[e]>>>b),c=a[e]<<32-b;e=a.length?a[a.length-1]:0;a=sjcl.bitArray.getPartial(e);d.push(sjcl.bitArray.partial(b+a&31,32<b+a?c:d.pop(),1));return d},i:function(a,b){return[a[0]^b[0],a[1]^b[1],a[2]^b[2],a[3]^b[3]]},byteswapM:function(a){var b,c;for(b=0;b<a.length;++b)c=a[b],a[b]=c>>>24|c>>>8&0xff00|(c&0xff00)<<8|c<<24;return a}};
|
||||
sjcl.codec.utf8String={fromBits:function(a){var b="",c=sjcl.bitArray.bitLength(a),d,e;for(d=0;d<c/8;d++)0===(d&3)&&(e=a[d/4]),b+=String.fromCharCode(e>>>8>>>8>>>8),e<<=8;return decodeURIComponent(escape(b))},toBits:function(a){a=unescape(encodeURIComponent(a));var b=[],c,d=0;for(c=0;c<a.length;c++)d=d<<8|a.charCodeAt(c),3===(c&3)&&(b.push(d),d=0);c&3&&b.push(sjcl.bitArray.partial(8*(c&3),d));return b}};
|
||||
sjcl.codec.hex={fromBits:function(a){var b="",c;for(c=0;c<a.length;c++)b+=((a[c]|0)+0xf00000000000).toString(16).substr(4);return b.substr(0,sjcl.bitArray.bitLength(a)/4)},toBits:function(a){var b,c=[],d;a=a.replace(/\s|0x/g,"");d=a.length;a=a+"00000000";for(b=0;b<a.length;b+=8)c.push(parseInt(a.substr(b,8),16)^0);return sjcl.bitArray.clamp(c,4*d)}};
|
||||
sjcl.codec.base32={B:"ABCDEFGHIJKLMNOPQRSTUVWXYZ234567",X:"0123456789ABCDEFGHIJKLMNOPQRSTUV",BITS:32,BASE:5,REMAINING:27,fromBits:function(a,b,c){var d=sjcl.codec.base32.BASE,e=sjcl.codec.base32.REMAINING,f="",g=0,h=sjcl.codec.base32.B,k=0,l=sjcl.bitArray.bitLength(a);c&&(h=sjcl.codec.base32.X);for(c=0;f.length*d<l;)f+=h.charAt((k^a[c]>>>g)>>>e),g<d?(k=a[c]<<d-g,g+=e,c++):(k<<=d,g-=d);for(;f.length&7&&!b;)f+="=";return f},toBits:function(a,b){a=a.replace(/\s|=/g,"").toUpperCase();var c=sjcl.codec.base32.BITS,
|
||||
d=sjcl.codec.base32.BASE,e=sjcl.codec.base32.REMAINING,f=[],g,h=0,k=sjcl.codec.base32.B,l=0,n,m="base32";b&&(k=sjcl.codec.base32.X,m="base32hex");for(g=0;g<a.length;g++){n=k.indexOf(a.charAt(g));if(0>n){if(!b)try{return sjcl.codec.base32hex.toBits(a)}catch(p){}throw new sjcl.exception.invalid("this isn't "+m+"!");}h>e?(h-=e,f.push(l^n>>>h),l=n<<c-h):(h+=d,l^=n<<c-h)}h&56&&f.push(sjcl.bitArray.partial(h&56,l,1));return f}};
|
||||
sjcl.codec.base32hex={fromBits:function(a,b){return sjcl.codec.base32.fromBits(a,b,1)},toBits:function(a){return sjcl.codec.base32.toBits(a,1)}};
|
||||
sjcl.codec.base64={B:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",fromBits:function(a,b,c){var d="",e=0,f=sjcl.codec.base64.B,g=0,h=sjcl.bitArray.bitLength(a);c&&(f=f.substr(0,62)+"-_");for(c=0;6*d.length<h;)d+=f.charAt((g^a[c]>>>e)>>>26),6>e?(g=a[c]<<6-e,e+=26,c++):(g<<=6,e-=6);for(;d.length&3&&!b;)d+="=";return d},toBits:function(a,b){a=a.replace(/\s|=/g,"");var c=[],d,e=0,f=sjcl.codec.base64.B,g=0,h;b&&(f=f.substr(0,62)+"-_");for(d=0;d<a.length;d++){h=f.indexOf(a.charAt(d));
|
||||
if(0>h)throw new sjcl.exception.invalid("this isn't base64!");26<e?(e-=26,c.push(g^h>>>e),g=h<<32-e):(e+=6,g^=h<<32-e)}e&56&&c.push(sjcl.bitArray.partial(e&56,g,1));return c}};sjcl.codec.base64url={fromBits:function(a){return sjcl.codec.base64.fromBits(a,1,1)},toBits:function(a){return sjcl.codec.base64.toBits(a,1)}};sjcl.hash.sha256=function(a){this.b[0]||this.O();a?(this.F=a.F.slice(0),this.A=a.A.slice(0),this.l=a.l):this.reset()};sjcl.hash.sha256.hash=function(a){return(new sjcl.hash.sha256).update(a).finalize()};
|
||||
sjcl.hash.sha256.prototype={blockSize:512,reset:function(){this.F=this.Y.slice(0);this.A=[];this.l=0;return this},update:function(a){"string"===typeof a&&(a=sjcl.codec.utf8String.toBits(a));var b,c=this.A=sjcl.bitArray.concat(this.A,a);b=this.l;a=this.l=b+sjcl.bitArray.bitLength(a);if(0x1fffffffffffff<a)throw new sjcl.exception.invalid("Cannot hash more than 2^53 - 1 bits");if("undefined"!==typeof Uint32Array){var d=new Uint32Array(c),e=0;for(b=512+b-(512+b&0x1ff);b<=a;b+=512)u(this,d.subarray(16*e,
|
||||
16*(e+1))),e+=1;c.splice(0,16*e)}else for(b=512+b-(512+b&0x1ff);b<=a;b+=512)u(this,c.splice(0,16));return this},finalize:function(){var a,b=this.A,c=this.F,b=sjcl.bitArray.concat(b,[sjcl.bitArray.partial(1,1)]);for(a=b.length+2;a&15;a++)b.push(0);b.push(Math.floor(this.l/0x100000000));for(b.push(this.l|0);b.length;)u(this,b.splice(0,16));this.reset();return c},Y:[],b:[],O:function(){function a(a){return 0x100000000*(a-Math.floor(a))|0}for(var b=0,c=2,d,e;64>b;c++){e=!0;for(d=2;d*d<=c;d++)if(0===c%d){e=
|
||||
!1;break}e&&(8>b&&(this.Y[b]=a(Math.pow(c,.5))),this.b[b]=a(Math.pow(c,1/3)),b++)}}};
|
||||
function u(a,b){var c,d,e,f=a.F,g=a.b,h=f[0],k=f[1],l=f[2],n=f[3],m=f[4],p=f[5],r=f[6],q=f[7];for(c=0;64>c;c++)16>c?d=b[c]:(d=b[c+1&15],e=b[c+14&15],d=b[c&15]=(d>>>7^d>>>18^d>>>3^d<<25^d<<14)+(e>>>17^e>>>19^e>>>10^e<<15^e<<13)+b[c&15]+b[c+9&15]|0),d=d+q+(m>>>6^m>>>11^m>>>25^m<<26^m<<21^m<<7)+(r^m&(p^r))+g[c],q=r,r=p,p=m,m=n+d|0,n=l,l=k,k=h,h=d+(k&l^n&(k^l))+(k>>>2^k>>>13^k>>>22^k<<30^k<<19^k<<10)|0;f[0]=f[0]+h|0;f[1]=f[1]+k|0;f[2]=f[2]+l|0;f[3]=f[3]+n|0;f[4]=f[4]+m|0;f[5]=f[5]+p|0;f[6]=f[6]+r|0;f[7]=
|
||||
f[7]+q|0}
|
||||
sjcl.mode.ccm={name:"ccm",G:[],listenProgress:function(a){sjcl.mode.ccm.G.push(a)},unListenProgress:function(a){a=sjcl.mode.ccm.G.indexOf(a);-1<a&&sjcl.mode.ccm.G.splice(a,1)},fa:function(a){var b=sjcl.mode.ccm.G.slice(),c;for(c=0;c<b.length;c+=1)b[c](a)},encrypt:function(a,b,c,d,e){var f,g=b.slice(0),h=sjcl.bitArray,k=h.bitLength(c)/8,l=h.bitLength(g)/8;e=e||64;d=d||[];if(7>k)throw new sjcl.exception.invalid("ccm: iv must be at least 7 bytes");for(f=2;4>f&&l>>>8*f;f++);f<15-k&&(f=15-k);c=h.clamp(c,
|
||||
8*(15-f));b=sjcl.mode.ccm.V(a,b,c,d,e,f);g=sjcl.mode.ccm.C(a,g,c,b,e,f);return h.concat(g.data,g.tag)},decrypt:function(a,b,c,d,e){e=e||64;d=d||[];var f=sjcl.bitArray,g=f.bitLength(c)/8,h=f.bitLength(b),k=f.clamp(b,h-e),l=f.bitSlice(b,h-e),h=(h-e)/8;if(7>g)throw new sjcl.exception.invalid("ccm: iv must be at least 7 bytes");for(b=2;4>b&&h>>>8*b;b++);b<15-g&&(b=15-g);c=f.clamp(c,8*(15-b));k=sjcl.mode.ccm.C(a,k,c,l,e,b);a=sjcl.mode.ccm.V(a,k.data,c,d,e,b);if(!f.equal(k.tag,a))throw new sjcl.exception.corrupt("ccm: tag doesn't match");
|
||||
return k.data},na:function(a,b,c,d,e,f){var g=[],h=sjcl.bitArray,k=h.i;d=[h.partial(8,(b.length?64:0)|d-2<<2|f-1)];d=h.concat(d,c);d[3]|=e;d=a.encrypt(d);if(b.length)for(c=h.bitLength(b)/8,65279>=c?g=[h.partial(16,c)]:0xffffffff>=c&&(g=h.concat([h.partial(16,65534)],[c])),g=h.concat(g,b),b=0;b<g.length;b+=4)d=a.encrypt(k(d,g.slice(b,b+4).concat([0,0,0])));return d},V:function(a,b,c,d,e,f){var g=sjcl.bitArray,h=g.i;e/=8;if(e%2||4>e||16<e)throw new sjcl.exception.invalid("ccm: invalid tag length");
|
||||
if(0xffffffff<d.length||0xffffffff<b.length)throw new sjcl.exception.bug("ccm: can't deal with 4GiB or more data");c=sjcl.mode.ccm.na(a,d,c,e,g.bitLength(b)/8,f);for(d=0;d<b.length;d+=4)c=a.encrypt(h(c,b.slice(d,d+4).concat([0,0,0])));return g.clamp(c,8*e)},C:function(a,b,c,d,e,f){var g,h=sjcl.bitArray;g=h.i;var k=b.length,l=h.bitLength(b),n=k/50,m=n;c=h.concat([h.partial(8,f-1)],c).concat([0,0,0]).slice(0,4);d=h.bitSlice(g(d,a.encrypt(c)),0,e);if(!k)return{tag:d,data:[]};for(g=0;g<k;g+=4)g>n&&(sjcl.mode.ccm.fa(g/
|
||||
k),n+=m),c[3]++,e=a.encrypt(c),b[g]^=e[0],b[g+1]^=e[1],b[g+2]^=e[2],b[g+3]^=e[3];return{tag:d,data:h.clamp(b,l)}}};
|
||||
sjcl.mode.ocb2={name:"ocb2",encrypt:function(a,b,c,d,e,f){if(128!==sjcl.bitArray.bitLength(c))throw new sjcl.exception.invalid("ocb iv must be 128 bits");var g,h=sjcl.mode.ocb2.S,k=sjcl.bitArray,l=k.i,n=[0,0,0,0];c=h(a.encrypt(c));var m,p=[];d=d||[];e=e||64;for(g=0;g+4<b.length;g+=4)m=b.slice(g,g+4),n=l(n,m),p=p.concat(l(c,a.encrypt(l(c,m)))),c=h(c);m=b.slice(g);b=k.bitLength(m);g=a.encrypt(l(c,[0,0,0,b]));m=k.clamp(l(m.concat([0,0,0]),g),b);n=l(n,l(m.concat([0,0,0]),g));n=a.encrypt(l(n,l(c,h(c))));
|
||||
d.length&&(n=l(n,f?d:sjcl.mode.ocb2.pmac(a,d)));return p.concat(k.concat(m,k.clamp(n,e)))},decrypt:function(a,b,c,d,e,f){if(128!==sjcl.bitArray.bitLength(c))throw new sjcl.exception.invalid("ocb iv must be 128 bits");e=e||64;var g=sjcl.mode.ocb2.S,h=sjcl.bitArray,k=h.i,l=[0,0,0,0],n=g(a.encrypt(c)),m,p,r=sjcl.bitArray.bitLength(b)-e,q=[];d=d||[];for(c=0;c+4<r/32;c+=4)m=k(n,a.decrypt(k(n,b.slice(c,c+4)))),l=k(l,m),q=q.concat(m),n=g(n);p=r-32*c;m=a.encrypt(k(n,[0,0,0,p]));m=k(m,h.clamp(b.slice(c),p).concat([0,
|
||||
0,0]));l=k(l,m);l=a.encrypt(k(l,k(n,g(n))));d.length&&(l=k(l,f?d:sjcl.mode.ocb2.pmac(a,d)));if(!h.equal(h.clamp(l,e),h.bitSlice(b,r)))throw new sjcl.exception.corrupt("ocb: tag doesn't match");return q.concat(h.clamp(m,p))},pmac:function(a,b){var c,d=sjcl.mode.ocb2.S,e=sjcl.bitArray,f=e.i,g=[0,0,0,0],h=a.encrypt([0,0,0,0]),h=f(h,d(d(h)));for(c=0;c+4<b.length;c+=4)h=d(h),g=f(g,a.encrypt(f(h,b.slice(c,c+4))));c=b.slice(c);128>e.bitLength(c)&&(h=f(h,d(h)),c=e.concat(c,[-2147483648,0,0,0]));g=f(g,c);
|
||||
return a.encrypt(f(d(f(h,d(h))),g))},S:function(a){return[a[0]<<1^a[1]>>>31,a[1]<<1^a[2]>>>31,a[2]<<1^a[3]>>>31,a[3]<<1^135*(a[0]>>>31)]}};
|
||||
sjcl.mode.gcm={name:"gcm",encrypt:function(a,b,c,d,e){var f=b.slice(0);b=sjcl.bitArray;d=d||[];a=sjcl.mode.gcm.C(!0,a,f,d,c,e||128);return b.concat(a.data,a.tag)},decrypt:function(a,b,c,d,e){var f=b.slice(0),g=sjcl.bitArray,h=g.bitLength(f);e=e||128;d=d||[];e<=h?(b=g.bitSlice(f,h-e),f=g.bitSlice(f,0,h-e)):(b=f,f=[]);a=sjcl.mode.gcm.C(!1,a,f,d,c,e);if(!g.equal(a.tag,b))throw new sjcl.exception.corrupt("gcm: tag doesn't match");return a.data},ka:function(a,b){var c,d,e,f,g,h=sjcl.bitArray.i;e=[0,0,
|
||||
0,0];f=b.slice(0);for(c=0;128>c;c++){(d=0!==(a[Math.floor(c/32)]&1<<31-c%32))&&(e=h(e,f));g=0!==(f[3]&1);for(d=3;0<d;d--)f[d]=f[d]>>>1|(f[d-1]&1)<<31;f[0]>>>=1;g&&(f[0]^=-0x1f000000)}return e},j:function(a,b,c){var d,e=c.length;b=b.slice(0);for(d=0;d<e;d+=4)b[0]^=0xffffffff&c[d],b[1]^=0xffffffff&c[d+1],b[2]^=0xffffffff&c[d+2],b[3]^=0xffffffff&c[d+3],b=sjcl.mode.gcm.ka(b,a);return b},C:function(a,b,c,d,e,f){var g,h,k,l,n,m,p,r,q=sjcl.bitArray;m=c.length;p=q.bitLength(c);r=q.bitLength(d);h=q.bitLength(e);
|
||||
g=b.encrypt([0,0,0,0]);96===h?(e=e.slice(0),e=q.concat(e,[1])):(e=sjcl.mode.gcm.j(g,[0,0,0,0],e),e=sjcl.mode.gcm.j(g,e,[0,0,Math.floor(h/0x100000000),h&0xffffffff]));h=sjcl.mode.gcm.j(g,[0,0,0,0],d);n=e.slice(0);d=h.slice(0);a||(d=sjcl.mode.gcm.j(g,h,c));for(l=0;l<m;l+=4)n[3]++,k=b.encrypt(n),c[l]^=k[0],c[l+1]^=k[1],c[l+2]^=k[2],c[l+3]^=k[3];c=q.clamp(c,p);a&&(d=sjcl.mode.gcm.j(g,h,c));a=[Math.floor(r/0x100000000),r&0xffffffff,Math.floor(p/0x100000000),p&0xffffffff];d=sjcl.mode.gcm.j(g,d,a);k=b.encrypt(e);
|
||||
d[0]^=k[0];d[1]^=k[1];d[2]^=k[2];d[3]^=k[3];return{tag:q.bitSlice(d,0,f),data:c}}};sjcl.misc.hmac=function(a,b){this.W=b=b||sjcl.hash.sha256;var c=[[],[]],d,e=b.prototype.blockSize/32;this.w=[new b,new b];a.length>e&&(a=b.hash(a));for(d=0;d<e;d++)c[0][d]=a[d]^909522486,c[1][d]=a[d]^1549556828;this.w[0].update(c[0]);this.w[1].update(c[1]);this.R=new b(this.w[0])};
|
||||
sjcl.misc.hmac.prototype.encrypt=sjcl.misc.hmac.prototype.mac=function(a){if(this.aa)throw new sjcl.exception.invalid("encrypt on already updated hmac called!");this.update(a);return this.digest(a)};sjcl.misc.hmac.prototype.reset=function(){this.R=new this.W(this.w[0]);this.aa=!1};sjcl.misc.hmac.prototype.update=function(a){this.aa=!0;this.R.update(a)};sjcl.misc.hmac.prototype.digest=function(){var a=this.R.finalize(),a=(new this.W(this.w[1])).update(a).finalize();this.reset();return a};
|
||||
sjcl.misc.pbkdf2=function(a,b,c,d,e){c=c||1E4;if(0>d||0>c)throw new sjcl.exception.invalid("invalid params to pbkdf2");"string"===typeof a&&(a=sjcl.codec.utf8String.toBits(a));"string"===typeof b&&(b=sjcl.codec.utf8String.toBits(b));e=e||sjcl.misc.hmac;a=new e(a);var f,g,h,k,l=[],n=sjcl.bitArray;for(k=1;32*l.length<(d||1);k++){e=f=a.encrypt(n.concat(b,[k]));for(g=1;g<c;g++)for(f=a.encrypt(f),h=0;h<f.length;h++)e[h]^=f[h];l=l.concat(e)}d&&(l=n.clamp(l,d));return l};
|
||||
sjcl.prng=function(a){this.c=[new sjcl.hash.sha256];this.m=[0];this.P=0;this.H={};this.N=0;this.U={};this.Z=this.f=this.o=this.ha=0;this.b=[0,0,0,0,0,0,0,0];this.h=[0,0,0,0];this.L=void 0;this.M=a;this.D=!1;this.K={progress:{},seeded:{}};this.u=this.ga=0;this.I=1;this.J=2;this.ca=0x10000;this.T=[0,48,64,96,128,192,0x100,384,512,768,1024];this.da=3E4;this.ba=80};
|
||||
sjcl.prng.prototype={randomWords:function(a,b){var c=[],d;d=this.isReady(b);var e;if(d===this.u)throw new sjcl.exception.notReady("generator isn't seeded");if(d&this.J){d=!(d&this.I);e=[];var f=0,g;this.Z=e[0]=(new Date).valueOf()+this.da;for(g=0;16>g;g++)e.push(0x100000000*Math.random()|0);for(g=0;g<this.c.length&&(e=e.concat(this.c[g].finalize()),f+=this.m[g],this.m[g]=0,d||!(this.P&1<<g));g++);this.P>=1<<this.c.length&&(this.c.push(new sjcl.hash.sha256),this.m.push(0));this.f-=f;f>this.o&&(this.o=
|
||||
f);this.P++;this.b=sjcl.hash.sha256.hash(this.b.concat(e));this.L=new sjcl.cipher.aes(this.b);for(d=0;4>d&&(this.h[d]=this.h[d]+1|0,!this.h[d]);d++);}for(d=0;d<a;d+=4)0===(d+1)%this.ca&&y(this),e=z(this),c.push(e[0],e[1],e[2],e[3]);y(this);return c.slice(0,a)},setDefaultParanoia:function(a,b){if(0===a&&"Setting paranoia=0 will ruin your security; use it only for testing"!==b)throw new sjcl.exception.invalid("Setting paranoia=0 will ruin your security; use it only for testing");this.M=a},addEntropy:function(a,
|
||||
b,c){c=c||"user";var d,e,f=(new Date).valueOf(),g=this.H[c],h=this.isReady(),k=0;d=this.U[c];void 0===d&&(d=this.U[c]=this.ha++);void 0===g&&(g=this.H[c]=0);this.H[c]=(this.H[c]+1)%this.c.length;switch(typeof a){case "number":void 0===b&&(b=1);this.c[g].update([d,this.N++,1,b,f,1,a|0]);break;case "object":c=Object.prototype.toString.call(a);if("[object Uint32Array]"===c){e=[];for(c=0;c<a.length;c++)e.push(a[c]);a=e}else for("[object Array]"!==c&&(k=1),c=0;c<a.length&&!k;c++)"number"!==typeof a[c]&&
|
||||
(k=1);if(!k){if(void 0===b)for(c=b=0;c<a.length;c++)for(e=a[c];0<e;)b++,e=e>>>1;this.c[g].update([d,this.N++,2,b,f,a.length].concat(a))}break;case "string":void 0===b&&(b=a.length);this.c[g].update([d,this.N++,3,b,f,a.length]);this.c[g].update(a);break;default:k=1}if(k)throw new sjcl.exception.bug("random: addEntropy only supports number, array of numbers or string");this.m[g]+=b;this.f+=b;h===this.u&&(this.isReady()!==this.u&&A("seeded",Math.max(this.o,this.f)),A("progress",this.getProgress()))},
|
||||
isReady:function(a){a=this.T[void 0!==a?a:this.M];return this.o&&this.o>=a?this.m[0]>this.ba&&(new Date).valueOf()>this.Z?this.J|this.I:this.I:this.f>=a?this.J|this.u:this.u},getProgress:function(a){a=this.T[a?a:this.M];return this.o>=a?1:this.f>a?1:this.f/a},startCollectors:function(){if(!this.D){this.a={loadTimeCollector:B(this,this.ma),mouseCollector:B(this,this.oa),keyboardCollector:B(this,this.la),accelerometerCollector:B(this,this.ea),touchCollector:B(this,this.qa)};if(window.addEventListener)window.addEventListener("load",
|
||||
this.a.loadTimeCollector,!1),window.addEventListener("mousemove",this.a.mouseCollector,!1),window.addEventListener("keypress",this.a.keyboardCollector,!1),window.addEventListener("devicemotion",this.a.accelerometerCollector,!1),window.addEventListener("touchmove",this.a.touchCollector,!1);else if(document.attachEvent)document.attachEvent("onload",this.a.loadTimeCollector),document.attachEvent("onmousemove",this.a.mouseCollector),document.attachEvent("keypress",this.a.keyboardCollector);else throw new sjcl.exception.bug("can't attach event");
|
||||
this.D=!0}},stopCollectors:function(){this.D&&(window.removeEventListener?(window.removeEventListener("load",this.a.loadTimeCollector,!1),window.removeEventListener("mousemove",this.a.mouseCollector,!1),window.removeEventListener("keypress",this.a.keyboardCollector,!1),window.removeEventListener("devicemotion",this.a.accelerometerCollector,!1),window.removeEventListener("touchmove",this.a.touchCollector,!1)):document.detachEvent&&(document.detachEvent("onload",this.a.loadTimeCollector),document.detachEvent("onmousemove",
|
||||
this.a.mouseCollector),document.detachEvent("keypress",this.a.keyboardCollector)),this.D=!1)},addEventListener:function(a,b){this.K[a][this.ga++]=b},removeEventListener:function(a,b){var c,d,e=this.K[a],f=[];for(d in e)e.hasOwnProperty(d)&&e[d]===b&&f.push(d);for(c=0;c<f.length;c++)d=f[c],delete e[d]},la:function(){C(this,1)},oa:function(a){var b,c;try{b=a.x||a.clientX||a.offsetX||0,c=a.y||a.clientY||a.offsetY||0}catch(d){c=b=0}0!=b&&0!=c&&this.addEntropy([b,c],2,"mouse");C(this,0)},qa:function(a){a=
|
||||
a.touches[0]||a.changedTouches[0];this.addEntropy([a.pageX||a.clientX,a.pageY||a.clientY],1,"touch");C(this,0)},ma:function(){C(this,2)},ea:function(a){a=a.accelerationIncludingGravity.x||a.accelerationIncludingGravity.y||a.accelerationIncludingGravity.z;if(window.orientation){var b=window.orientation;"number"===typeof b&&this.addEntropy(b,1,"accelerometer")}a&&this.addEntropy(a,2,"accelerometer");C(this,0)}};
|
||||
function A(a,b){var c,d=sjcl.random.K[a],e=[];for(c in d)d.hasOwnProperty(c)&&e.push(d[c]);for(c=0;c<e.length;c++)e[c](b)}function C(a,b){"undefined"!==typeof window&&window.performance&&"function"===typeof window.performance.now?a.addEntropy(window.performance.now(),b,"loadtime"):a.addEntropy((new Date).valueOf(),b,"loadtime")}function y(a){a.b=z(a).concat(z(a));a.L=new sjcl.cipher.aes(a.b)}function z(a){for(var b=0;4>b&&(a.h[b]=a.h[b]+1|0,!a.h[b]);b++);return a.L.encrypt(a.h)}
|
||||
function B(a,b){return function(){b.apply(a,arguments)}}sjcl.random=new sjcl.prng(6);
|
||||
a:try{var D,E,F,G;if(G="undefined"!==typeof module&&module.exports){var H;try{H=require("crypto")}catch(a){H=null}G=E=H}if(G&&E.randomBytes)D=E.randomBytes(128),D=new Uint32Array((new Uint8Array(D)).buffer),sjcl.random.addEntropy(D,1024,"crypto['randomBytes']");else if("undefined"!==typeof window&&"undefined"!==typeof Uint32Array){F=new Uint32Array(32);if(window.crypto&&window.crypto.getRandomValues)window.crypto.getRandomValues(F);else if(window.msCrypto&&window.msCrypto.getRandomValues)window.msCrypto.getRandomValues(F);
|
||||
else break a;sjcl.random.addEntropy(F,1024,"crypto['getRandomValues']")}}catch(a){"undefined"!==typeof window&&window.console&&(console.log("There was an error collecting entropy from the browser:"),console.log(a))}
|
||||
sjcl.json={defaults:{v:1,iter:1E4,ks:128,ts:64,mode:"ccm",adata:"",cipher:"aes"},ja:function(a,b,c,d){c=c||{};d=d||{};var e=sjcl.json,f=e.g({iv:sjcl.random.randomWords(4,0)},e.defaults),g;e.g(f,c);c=f.adata;"string"===typeof f.salt&&(f.salt=sjcl.codec.base64.toBits(f.salt));"string"===typeof f.iv&&(f.iv=sjcl.codec.base64.toBits(f.iv));if(!sjcl.mode[f.mode]||!sjcl.cipher[f.cipher]||"string"===typeof a&&100>=f.iter||64!==f.ts&&96!==f.ts&&128!==f.ts||128!==f.ks&&192!==f.ks&&0x100!==f.ks||2>f.iv.length||
|
||||
4<f.iv.length)throw new sjcl.exception.invalid("json encrypt: invalid parameters");"string"===typeof a?(g=sjcl.misc.cachedPbkdf2(a,f),a=g.key.slice(0,f.ks/32),f.salt=g.salt):sjcl.ecc&&a instanceof sjcl.ecc.elGamal.publicKey&&(g=a.kem(),f.kemtag=g.tag,a=g.key.slice(0,f.ks/32));"string"===typeof b&&(b=sjcl.codec.utf8String.toBits(b));"string"===typeof c&&(f.adata=c=sjcl.codec.utf8String.toBits(c));g=new sjcl.cipher[f.cipher](a);e.g(d,f);d.key=a;f.ct="ccm"===f.mode&&sjcl.arrayBuffer&&sjcl.arrayBuffer.ccm&&
|
||||
b instanceof ArrayBuffer?sjcl.arrayBuffer.ccm.encrypt(g,b,f.iv,c,f.ts):sjcl.mode[f.mode].encrypt(g,b,f.iv,c,f.ts);return f},encrypt:function(a,b,c,d){var e=sjcl.json,f=e.ja.apply(e,arguments);return e.encode(f)},ia:function(a,b,c,d){c=c||{};d=d||{};var e=sjcl.json;b=e.g(e.g(e.g({},e.defaults),b),c,!0);var f,g;f=b.adata;"string"===typeof b.salt&&(b.salt=sjcl.codec.base64.toBits(b.salt));"string"===typeof b.iv&&(b.iv=sjcl.codec.base64.toBits(b.iv));if(!sjcl.mode[b.mode]||!sjcl.cipher[b.cipher]||"string"===
|
||||
typeof a&&100>=b.iter||64!==b.ts&&96!==b.ts&&128!==b.ts||128!==b.ks&&192!==b.ks&&0x100!==b.ks||!b.iv||2>b.iv.length||4<b.iv.length)throw new sjcl.exception.invalid("json decrypt: invalid parameters");"string"===typeof a?(g=sjcl.misc.cachedPbkdf2(a,b),a=g.key.slice(0,b.ks/32),b.salt=g.salt):sjcl.ecc&&a instanceof sjcl.ecc.elGamal.secretKey&&(a=a.unkem(sjcl.codec.base64.toBits(b.kemtag)).slice(0,b.ks/32));"string"===typeof f&&(f=sjcl.codec.utf8String.toBits(f));g=new sjcl.cipher[b.cipher](a);f="ccm"===
|
||||
b.mode&&sjcl.arrayBuffer&&sjcl.arrayBuffer.ccm&&b.ct instanceof ArrayBuffer?sjcl.arrayBuffer.ccm.decrypt(g,b.ct,b.iv,b.tag,f,b.ts):sjcl.mode[b.mode].decrypt(g,b.ct,b.iv,f,b.ts);e.g(d,b);d.key=a;return 1===c.raw?f:sjcl.codec.utf8String.fromBits(f)},decrypt:function(a,b,c,d){var e=sjcl.json;return e.ia(a,e.decode(b),c,d)},encode:function(a){var b,c="{",d="";for(b in a)if(a.hasOwnProperty(b)){if(!b.match(/^[a-z0-9]+$/i))throw new sjcl.exception.invalid("json encode: invalid property name");c+=d+'"'+
|
||||
b+'":';d=",";switch(typeof a[b]){case "number":case "boolean":c+=a[b];break;case "string":c+='"'+escape(a[b])+'"';break;case "object":c+='"'+sjcl.codec.base64.fromBits(a[b],0)+'"';break;default:throw new sjcl.exception.bug("json encode: unsupported type");}}return c+"}"},decode:function(a){a=a.replace(/\s/g,"");if(!a.match(/^\{.*\}$/))throw new sjcl.exception.invalid("json decode: this isn't json!");a=a.replace(/^\{|\}$/g,"").split(/,/);var b={},c,d;for(c=0;c<a.length;c++){if(!(d=a[c].match(/^\s*(?:(["']?)([a-z][a-z0-9]*)\1)\s*:\s*(?:(-?\d+)|"([a-z0-9+\/%*_.@=\-]*)"|(true|false))$/i)))throw new sjcl.exception.invalid("json decode: this isn't json!");
|
||||
null!=d[3]?b[d[2]]=parseInt(d[3],10):null!=d[4]?b[d[2]]=d[2].match(/^(ct|adata|salt|iv)$/)?sjcl.codec.base64.toBits(d[4]):unescape(d[4]):null!=d[5]&&(b[d[2]]="true"===d[5])}return b},g:function(a,b,c){void 0===a&&(a={});if(void 0===b)return a;for(var d in b)if(b.hasOwnProperty(d)){if(c&&void 0!==a[d]&&a[d]!==b[d])throw new sjcl.exception.invalid("required parameter overridden");a[d]=b[d]}return a},sa:function(a,b){var c={},d;for(d in a)a.hasOwnProperty(d)&&a[d]!==b[d]&&(c[d]=a[d]);return c},ra:function(a,
|
||||
b){var c={},d;for(d=0;d<b.length;d++)void 0!==a[b[d]]&&(c[b[d]]=a[b[d]]);return c}};sjcl.encrypt=sjcl.json.encrypt;sjcl.decrypt=sjcl.json.decrypt;sjcl.misc.pa={};sjcl.misc.cachedPbkdf2=function(a,b){var c=sjcl.misc.pa,d;b=b||{};d=b.iter||1E3;c=c[a]=c[a]||{};d=c[d]=c[d]||{firstSalt:b.salt&&b.salt.length?b.salt.slice(0):sjcl.random.randomWords(2,0)};c=void 0===b.salt?d.firstSalt:b.salt;d[c]=d[c]||sjcl.misc.pbkdf2(a,c,b.iter);return{key:d[c].slice(0),salt:c.slice(0)}};
|
||||
"undefined"!==typeof module&&module.exports&&(module.exports=sjcl);"function"===typeof define&&define([],function(){return sjcl});
|
|
@ -3,10 +3,6 @@ var common = require('../common');
|
|||
|
||||
describe('Alert', function () {
|
||||
describe('showStatus', function () {
|
||||
before(function () {
|
||||
cleanup();
|
||||
});
|
||||
|
||||
jsc.property(
|
||||
'shows a status message',
|
||||
jsc.array(common.jscAlnumString()),
|
||||
|
@ -218,6 +214,7 @@ describe('Alert', function () {
|
|||
return jsc.random(0, 1) ? true : $element;
|
||||
});
|
||||
functions[trigger](message);
|
||||
$.PrivateBin.Alert.setCustomHandler(null);
|
||||
return handlerCalled;
|
||||
}
|
||||
);
|
||||
|
|
|
@ -11,13 +11,13 @@ describe('AttachmentViewer', function () {
|
|||
jsc.property(
|
||||
'displays & hides data as requested',
|
||||
common.jscMimeTypes(),
|
||||
jsc.nearray(common.jscBase64String()),
|
||||
'string',
|
||||
'string',
|
||||
'string',
|
||||
function (mimeType, base64, filename, prefix, postfix) {
|
||||
'string',
|
||||
function (mimeType, rawdata, filename, prefix, postfix) {
|
||||
var clean = jsdom(),
|
||||
data = 'data:' + mimeType + ';base64,' + base64.join(''),
|
||||
data = 'data:' + mimeType + ';base64,' + btoa(rawdata),
|
||||
previewSupported = (
|
||||
mimeType.substring(0, 6) === 'image/' ||
|
||||
mimeType.substring(0, 6) === 'audio/' ||
|
||||
|
@ -34,6 +34,16 @@ describe('AttachmentViewer', function () {
|
|||
'Download attachment</a></div><div id="attachmentPrevie' +
|
||||
'w" class="hidden"></div>'
|
||||
);
|
||||
// mock createObjectURL for jsDOM
|
||||
if (typeof window.URL.createObjectURL === 'undefined') {
|
||||
Object.defineProperty(
|
||||
window.URL,
|
||||
'createObjectURL',
|
||||
{value: function(blob) {
|
||||
return 'blob:' + location.origin + '/1b9d6bcd-bbfd-4b2d-9b5d-ab8dfbbd4bed';
|
||||
}}
|
||||
)
|
||||
}
|
||||
$.PrivateBin.AttachmentViewer.init();
|
||||
results.push(
|
||||
!$.PrivateBin.AttachmentViewer.hasAttachment() &&
|
||||
|
@ -45,6 +55,8 @@ describe('AttachmentViewer', function () {
|
|||
} else {
|
||||
$.PrivateBin.AttachmentViewer.setAttachment(data);
|
||||
}
|
||||
// beyond this point we will get the blob URL instead of the data
|
||||
data = window.URL.createObjectURL(data);
|
||||
var attachment = $.PrivateBin.AttachmentViewer.getAttachment();
|
||||
results.push(
|
||||
$.PrivateBin.AttachmentViewer.hasAttachment() &&
|
||||
|
|
|
@ -3,35 +3,51 @@ require('../common');
|
|||
|
||||
describe('CryptTool', function () {
|
||||
describe('cipher & decipher', function () {
|
||||
afterEach(async function () {
|
||||
// pause to let async functions conclude
|
||||
await new Promise(resolve => setTimeout(resolve, 1900));
|
||||
});
|
||||
|
||||
this.timeout(30000);
|
||||
it('can en- and decrypt any message', function () {
|
||||
jsc.check(jsc.forall(
|
||||
jsc.assert(jsc.forall(
|
||||
'string',
|
||||
'string',
|
||||
'string',
|
||||
function (key, password, message) {
|
||||
return message === $.PrivateBin.CryptTool.decipher(
|
||||
key,
|
||||
password,
|
||||
$.PrivateBin.CryptTool.cipher(key, password, message)
|
||||
async function (key, password, message) {
|
||||
// pause to let async functions conclude
|
||||
await new Promise(resolve => setTimeout(resolve, 300));
|
||||
let clean = jsdom();
|
||||
window.crypto = new WebCrypto();
|
||||
message = message.trim();
|
||||
let cipherMessage = await $.PrivateBin.CryptTool.cipher(
|
||||
key, password, message, []
|
||||
),
|
||||
plaintext = await $.PrivateBin.CryptTool.decipher(
|
||||
key, password, cipherMessage
|
||||
);
|
||||
clean();
|
||||
return message === plaintext;
|
||||
}
|
||||
),
|
||||
// reducing amount of checks as running 100 takes about 5 minutes
|
||||
{tests: 5, quiet: true});
|
||||
{tests: 3});
|
||||
});
|
||||
|
||||
// The below static unit tests are included to ensure deciphering of "classic"
|
||||
// SJCL based pastes still works
|
||||
it(
|
||||
'supports PrivateBin v1 ciphertext (SJCL & Base64)',
|
||||
'supports PrivateBin v1 ciphertext (SJCL & browser atob)',
|
||||
function () {
|
||||
delete global.Base64;
|
||||
let clean = jsdom();
|
||||
window.crypto = new WebCrypto();
|
||||
|
||||
// Of course you can easily decipher the following texts, if you like.
|
||||
// Bonus points for finding their sources and hidden meanings.
|
||||
var paste1 = $.PrivateBin.CryptTool.decipher(
|
||||
return $.PrivateBin.CryptTool.decipher(
|
||||
'6t2qsmLyfXIokNCL+3/yl15rfTUBQvm5SOnFPvNE7Q8=',
|
||||
// -- "That's amazing. I've got the same combination on my luggage."
|
||||
Array.apply(0, Array(6)).map(function(_,b) { return b + 1; }).join(''),
|
||||
Array.apply(0, Array(6)).map((_,b) => b + 1).join(''),
|
||||
'{"iv":"4HNFIl7eYbCh6HuShctTIA==","v":1,"iter":10000,"ks"' +
|
||||
':256,"ts":128,"mode":"gcm","adata":"","cipher":"aes","sa' +
|
||||
'lt":"u0lQvePq6L0=","ct":"fGPUVrDyaVr1ZDGb+kqQ3CPEW8x4YKG' +
|
||||
|
@ -59,8 +75,8 @@ describe('CryptTool', function () {
|
|||
'QUxMXI5htsn2rf0HxCFu7Po8DNYLxTS+67hYjDIYWYaEIc8LXWMLyDm9' +
|
||||
'C5fARPJ4F2BIWgzgzkNj+dVjusft2XnziamWdbS5u3kuRlVuz5LQj+R5' +
|
||||
'imnqQAincdZTkTT1nYx+DatlOLllCYIHffpI="}'
|
||||
),
|
||||
paste2 = $.PrivateBin.CryptTool.decipher(
|
||||
).then(function (paste1) {
|
||||
$.PrivateBin.CryptTool.decipher(
|
||||
's9pmKZKOBN7EVvHpTA8jjLFH3Xlz/0l8lB4+ONPACrM=',
|
||||
'', // no password
|
||||
'{"iv":"WA42mdxIVXUwBqZu7JYNiw==","v":1,"iter":10000,"ks"' +
|
||||
|
@ -85,30 +101,30 @@ describe('CryptTool', function () {
|
|||
'XhHvixZLcSjX2KQuHmEoWzmJcr3DavdoXZmAurGWLKjzEdJc5dSD/eNr' +
|
||||
'99gjHX7wphJ6umKMM+fn6PcbYJkhDh2GlJL5COXjXfm/5aj/vuyaRRWZ' +
|
||||
'MZtmnYpGAtAPg7AUG"}'
|
||||
);
|
||||
|
||||
).then(function (paste2) {
|
||||
clean();
|
||||
assert.ok(
|
||||
paste1.includes('securely packed in iron') &&
|
||||
paste2.includes('Sol is right')
|
||||
);
|
||||
});
|
||||
});
|
||||
}
|
||||
);
|
||||
|
||||
it(
|
||||
'supports ZeroBin ciphertext (SJCL & Base64 1.7)',
|
||||
function () {
|
||||
var newBase64 = global.Base64;
|
||||
global.Base64 = require('../base64-1.7').Base64;
|
||||
jsdom();
|
||||
delete require.cache[require.resolve('../privatebin')];
|
||||
require('../privatebin');
|
||||
var clean = jsdom();
|
||||
window.crypto = new WebCrypto();
|
||||
|
||||
// Of course you can easily decipher the following texts, if you like.
|
||||
// Bonus points for finding their sources and hidden meanings.
|
||||
var paste1 = $.PrivateBin.CryptTool.decipher(
|
||||
return $.PrivateBin.CryptTool.decipher(
|
||||
'6t2qsmLyfXIokNCL+3/yl15rfTUBQvm5SOnFPvNE7Q8=',
|
||||
// -- "That's amazing. I've got the same combination on my luggage."
|
||||
Array.apply(0, Array(6)).map(function(_,b) { return b + 1; }).join(''),
|
||||
Array.apply(0, Array(6)).map((_,b) => b + 1).join(''),
|
||||
'{"iv":"aTnR2qBL1CAmLX8FdWe3VA==","v":1,"iter":10000,"ks"' +
|
||||
':256,"ts":128,"mode":"gcm","adata":"","cipher":"aes","sa' +
|
||||
'lt":"u0lQvePq6L0=","ct":"A3nBTvICZtYy6xqbIJE0c8Veored5lM' +
|
||||
|
@ -128,8 +144,8 @@ describe('CryptTool', function () {
|
|||
'7mNNo7xba/YT9KoPDaniqnYqb+q2pX1WNWE7dLS2wfroMAS3kh8P22DA' +
|
||||
'V37AeiNoD2PcI6ZcHbRdPa+XRrRcJhSPPW7UQ0z4OvBfjdu/w390QxAx' +
|
||||
'SxvZewoh49fKKB6hTsRnZb4tpHkjlww=="}'
|
||||
),
|
||||
paste2 = $.PrivateBin.CryptTool.decipher(
|
||||
).then(function (paste1) {
|
||||
$.PrivateBin.CryptTool.decipher(
|
||||
's9pmKZKOBN7EVvHpTA8jjLFH3Xlz/0l8lB4+ONPACrM=',
|
||||
'', // no password
|
||||
'{"iv":"Z7lAZQbkrqGMvruxoSm6Pw==","v":1,"iter":10000,"ks"' +
|
||||
|
@ -147,61 +163,98 @@ describe('CryptTool', function () {
|
|||
'7tmfcF73w9dufDFI3LNca2KxzBnWNPYvIZKBwWbq8ncxkb191dP6mjEi' +
|
||||
'7NnhqVk5A6vIBbu4AC5PZf76l6yep4xsoy/QtdDxCMocCXeAML9MQ9uP' +
|
||||
'QbuspOKrBvMfN5igA1kBqasnxI472KBNXsdZnaDddSVUuvhTcETM="}'
|
||||
);
|
||||
|
||||
global.Base64 = newBase64;
|
||||
jsdom();
|
||||
delete require.cache[require.resolve('../privatebin')];
|
||||
require('../privatebin');
|
||||
).then(function (paste2) {
|
||||
clean();
|
||||
delete global.Base64;
|
||||
assert.ok(
|
||||
paste1.includes('securely packed in iron') &&
|
||||
paste2.includes('Sol is right')
|
||||
);
|
||||
});
|
||||
});
|
||||
}
|
||||
);
|
||||
|
||||
it('does not truncate messages', async function () {
|
||||
let message = fs.readFileSync('test/compression-sample.txt', 'utf8'),
|
||||
clean = jsdom();
|
||||
window.crypto = new WebCrypto();
|
||||
let cipherMessage = await $.PrivateBin.CryptTool.cipher(
|
||||
'foo', 'bar', message, []
|
||||
),
|
||||
plaintext = await $.PrivateBin.CryptTool.decipher(
|
||||
'foo', 'bar', cipherMessage
|
||||
);
|
||||
clean();
|
||||
assert.strictEqual(
|
||||
message,
|
||||
plaintext
|
||||
);
|
||||
});
|
||||
|
||||
describe('isEntropyReady & addEntropySeedListener', function () {
|
||||
it(
|
||||
'lets us know that enough entropy is collected or make us wait for it',
|
||||
function(done) {
|
||||
if ($.PrivateBin.CryptTool.isEntropyReady()) {
|
||||
done();
|
||||
} else {
|
||||
$.PrivateBin.CryptTool.addEntropySeedListener(function() {
|
||||
done();
|
||||
});
|
||||
}
|
||||
}
|
||||
it('can en- and decrypt a particular message (#260)', function () {
|
||||
jsc.assert(jsc.forall(
|
||||
'string',
|
||||
'string',
|
||||
async function (key, password) {
|
||||
// pause to let async functions conclude
|
||||
await new Promise(resolve => setTimeout(resolve, 300));
|
||||
const message = `
|
||||
1 subgoal
|
||||
|
||||
inv : Assert
|
||||
expr : Expr
|
||||
sBody : Instr
|
||||
deduction : (|- [|inv /\ assertOfExpr expr|] sBody [|inv|])%assert
|
||||
IHdeduction : (|= [|inv /\ assertOfExpr expr |] sBody [|inv|])%assert
|
||||
mem : Mem
|
||||
preInMem : inv mem
|
||||
m : Mem
|
||||
n : nat
|
||||
interpRel : interp (nth_iterate sBody n) (MemElem mem) = CpoElem Mem m
|
||||
lastIter : interp (nth_iterate sBody n) (MemElem mem) |=e expr_neg expr
|
||||
notLastIter : forall p : nat,
|
||||
p < n -> interp (nth_iterate sBody p) (MemElem mem) |=e expr
|
||||
isWhile : interp (while expr sBody) (MemElem mem) =
|
||||
interp (nth_iterate sBody n) (MemElem mem)
|
||||
|
||||
======================== ( 1 / 1 )
|
||||
conseq_or_bottom inv (interp (nth_iterate sBody n) (MemElem mem))
|
||||
`;
|
||||
let clean = jsdom();
|
||||
window.crypto = new WebCrypto();
|
||||
let cipherMessage = await $.PrivateBin.CryptTool.cipher(
|
||||
key, password, message, []
|
||||
),
|
||||
plaintext = await $.PrivateBin.CryptTool.decipher(
|
||||
key, password, cipherMessage
|
||||
);
|
||||
clean();
|
||||
return message === plaintext;
|
||||
}
|
||||
),
|
||||
{tests: 3});
|
||||
});
|
||||
});
|
||||
|
||||
describe('getSymmetricKey', function () {
|
||||
this.timeout(30000);
|
||||
var keys = [];
|
||||
|
||||
// the parameter is used to ensure the test is run more then one time
|
||||
jsc.property(
|
||||
'returns random, non-empty keys',
|
||||
function() {
|
||||
'integer',
|
||||
function(counter) {
|
||||
var clean = jsdom();
|
||||
window.crypto = new WebCrypto();
|
||||
var key = $.PrivateBin.CryptTool.getSymmetricKey(),
|
||||
result = (key !== '' && keys.indexOf(key) === -1);
|
||||
keys.push(key);
|
||||
clean();
|
||||
return result;
|
||||
}
|
||||
);
|
||||
});
|
||||
|
||||
describe('Base64.js vs SJCL.js vs abab.js', function () {
|
||||
jsc.property(
|
||||
'these all return the same base64 string',
|
||||
'string',
|
||||
function(string) {
|
||||
var base64 = Base64.toBase64(string),
|
||||
sjcl = global.sjcl.codec.base64.fromBits(global.sjcl.codec.utf8String.toBits(string)),
|
||||
abab = window.btoa(Base64.utob(string));
|
||||
return base64 === sjcl && sjcl === abab;
|
||||
}
|
||||
);
|
||||
});
|
||||
});
|
||||
|
||||
|
|
|
@ -63,7 +63,7 @@ describe('DiscussionViewer', function () {
|
|||
comments.forEach(function (comment) {
|
||||
comment.id = comment.idArray.join('');
|
||||
comment.parentid = comment.parentidArray.join('');
|
||||
$.PrivateBin.DiscussionViewer.addComment(comment, comment.data, comment.meta.nickname);
|
||||
$.PrivateBin.DiscussionViewer.addComment($.PrivateBin.Helper.CommentFactory(comment), comment.data, comment.meta.nickname);
|
||||
});
|
||||
results.push(
|
||||
$('#discussion').hasClass('hidden')
|
||||
|
|
|
@ -211,17 +211,20 @@ describe('Helper', function () {
|
|||
|
||||
describe('getCookie', function () {
|
||||
this.timeout(30000);
|
||||
after(function () {
|
||||
cleanup();
|
||||
});
|
||||
|
||||
jsc.property(
|
||||
'returns the requested cookie',
|
||||
'nearray asciinestring',
|
||||
'nearray asciistring',
|
||||
jsc.nearray(jsc.nearray(common.jscAlnumString())),
|
||||
jsc.nearray(jsc.nearray(common.jscAlnumString())),
|
||||
function (labels, values) {
|
||||
var selectedKey = '', selectedValue = '',
|
||||
cookieArray = [];
|
||||
labels.forEach(function(item, i) {
|
||||
// deliberatly using a non-ascii key for replacing invalid characters
|
||||
var key = item.replace(/[\s;,=]/g, Array(i+2).join('£')),
|
||||
value = (values[i] || values[0]).replace(/[\s;,=]/g, '');
|
||||
var key = item.join(''),
|
||||
value = (values[i] || values[0]).join('');
|
||||
cookieArray.push(key + '=' + value);
|
||||
if (Math.random() < 1 / i || selectedKey === key)
|
||||
{
|
||||
|
@ -231,6 +234,7 @@ describe('Helper', function () {
|
|||
});
|
||||
var clean = jsdom('', {cookie: cookieArray}),
|
||||
result = $.PrivateBin.Helper.getCookie(selectedKey);
|
||||
$.PrivateBin.Helper.reset();
|
||||
clean();
|
||||
return result === selectedValue;
|
||||
}
|
||||
|
@ -239,21 +243,19 @@ describe('Helper', function () {
|
|||
|
||||
describe('baseUri', function () {
|
||||
this.timeout(30000);
|
||||
before(function () {
|
||||
$.PrivateBin.Helper.reset();
|
||||
});
|
||||
|
||||
jsc.property(
|
||||
'returns the URL without query & fragment',
|
||||
common.jscSchemas(),
|
||||
jsc.elements(['http', 'https']),
|
||||
jsc.nearray(common.jscA2zString()),
|
||||
jsc.array(common.jscA2zString()),
|
||||
jsc.array(common.jscQueryString()),
|
||||
'string',
|
||||
function (schema, address, query, fragment) {
|
||||
var expected = schema + '://' + address.join('') + '/',
|
||||
function (schema, address, path, query, fragment) {
|
||||
$.PrivateBin.Helper.reset();
|
||||
var path = path.join('') + (path.length > 0 ? '/' : ''),
|
||||
expected = schema + '://' + address.join('') + '/' + path,
|
||||
clean = jsdom('', {url: expected + '?' + query.join('') + '#' + fragment}),
|
||||
result = $.PrivateBin.Helper.baseUri();
|
||||
$.PrivateBin.Helper.reset();
|
||||
clean();
|
||||
return expected === result;
|
||||
}
|
||||
|
|
|
@ -87,14 +87,17 @@ describe('I18n', function () {
|
|||
'downloads and handles any supported language',
|
||||
common.jscSupportedLanguages(),
|
||||
function(language) {
|
||||
var clean = jsdom('', {url: 'https://privatebin.net/', cookie: ['lang=' + language]});
|
||||
|
||||
// cleanup
|
||||
var clean = jsdom('', {cookie: ['lang=en']});
|
||||
$.PrivateBin.I18n.reset('en');
|
||||
$.PrivateBin.I18n.loadTranslations();
|
||||
clean();
|
||||
|
||||
// mock
|
||||
clean = jsdom('', {cookie: ['lang=' + language]});
|
||||
$.PrivateBin.I18n.reset(language, require('../../i18n/' + language + '.json'));
|
||||
var result = $.PrivateBin.I18n.translate('en'),
|
||||
alias = $.PrivateBin.I18n._('en');
|
||||
|
||||
clean();
|
||||
return language === result && language === alias;
|
||||
}
|
||||
|
|
88
js/test/InitialCheck.js
Normal file
88
js/test/InitialCheck.js
Normal file
|
@ -0,0 +1,88 @@
|
|||
'use strict';
|
||||
var common = require('../common');
|
||||
|
||||
describe('InitialCheck', function () {
|
||||
describe('init', function () {
|
||||
this.timeout(30000);
|
||||
before(function () {
|
||||
cleanup();
|
||||
});
|
||||
|
||||
it('returns false and shows error, if a bot UA is detected', function () {
|
||||
jsc.assert(jsc.forall(
|
||||
'string',
|
||||
jsc.elements(['Bot', 'bot']),
|
||||
'string',
|
||||
function (prefix, botBit, suffix) {
|
||||
const clean = jsdom('', {
|
||||
'userAgent': prefix + botBit + suffix
|
||||
});
|
||||
$('body').html(
|
||||
'<html><body><div id="errormessage" class="hidden"></div>' +
|
||||
'</body></html>'
|
||||
);
|
||||
$.PrivateBin.Alert.init();
|
||||
window.crypto = null;
|
||||
const result1 = !$.PrivateBin.InitialCheck.init(),
|
||||
result2 = !$('#errormessage').hasClass('hidden');
|
||||
clean();
|
||||
return result1 && result2;
|
||||
}
|
||||
),
|
||||
{tests: 10});
|
||||
});
|
||||
|
||||
jsc.property(
|
||||
'shows error, if no webcrypto is detected',
|
||||
'bool',
|
||||
jsc.elements(['localhost', '127.0.0.1', '[::1]', '']),
|
||||
jsc.nearray(common.jscA2zString()),
|
||||
jsc.elements(['.onion', '.i2p', '']),
|
||||
function (secureProtocol, localhost, domain, tld) {
|
||||
const isDomain = localhost === '',
|
||||
isSecureContext = secureProtocol || !isDomain || tld.length > 0,
|
||||
clean = jsdom('', {
|
||||
'url': (secureProtocol ? 'https' : 'http' ) + '://' +
|
||||
(isDomain ? domain.join('') + tld : localhost) + '/'
|
||||
});
|
||||
$('body').html(
|
||||
'<html><body><div id="errormessage" class="hidden"></div>'+
|
||||
'<div id="oldnotice" class="hidden"></div></body></html>'
|
||||
);
|
||||
$.PrivateBin.Alert.init();
|
||||
const result1 = !$.PrivateBin.InitialCheck.init(),
|
||||
result2 = isSecureContext === $('#errormessage').hasClass('hidden'),
|
||||
result3 = !$('#oldnotice').hasClass('hidden');
|
||||
clean();
|
||||
return result1 && result2 && result3;
|
||||
}
|
||||
);
|
||||
|
||||
jsc.property(
|
||||
'shows error, if HTTP only site is detected',
|
||||
'bool',
|
||||
jsc.elements(['localhost', '127.0.0.1', '[::1]', '']),
|
||||
jsc.nearray(common.jscA2zString()),
|
||||
jsc.elements(['.onion', '.i2p', '']),
|
||||
function (secureProtocol, localhost, domain, tld) {
|
||||
const isDomain = localhost === '',
|
||||
isSecureContext = secureProtocol || !isDomain || tld.length > 0,
|
||||
clean = jsdom('', {
|
||||
'url': (secureProtocol ? 'https' : 'http' ) + '://' +
|
||||
(isDomain ? domain.join('') + tld : localhost) + '/'
|
||||
});
|
||||
$('body').html(
|
||||
'<html><body><div id="httpnotice" class="hidden"></div>'+
|
||||
'</body></html>'
|
||||
);
|
||||
$.PrivateBin.Alert.init();
|
||||
window.crypto = null;
|
||||
const result1 = $.PrivateBin.InitialCheck.init(),
|
||||
result2 = isSecureContext === $('#httpnotice').hasClass('hidden');
|
||||
clean();
|
||||
return result1 && result2;
|
||||
}
|
||||
);
|
||||
});
|
||||
});
|
||||
|
|
@ -72,7 +72,7 @@ describe('Model', function () {
|
|||
|
||||
describe('getPasteId', function () {
|
||||
this.timeout(30000);
|
||||
before(function () {
|
||||
beforeEach(function () {
|
||||
$.PrivateBin.Model.reset();
|
||||
cleanup();
|
||||
});
|
||||
|
@ -93,8 +93,9 @@ describe('Model', function () {
|
|||
clean = jsdom('', {
|
||||
url: schema.join('') + '://' + address.join('') +
|
||||
'/?' + queryString + '#' + fragment
|
||||
}),
|
||||
result = $.PrivateBin.Model.getPasteId();
|
||||
});
|
||||
global.URL = require('jsdom-url').URL;
|
||||
var result = $.PrivateBin.Model.getPasteId();
|
||||
$.PrivateBin.Model.reset();
|
||||
clean();
|
||||
return pasteIdString === result;
|
||||
|
@ -111,6 +112,7 @@ describe('Model', function () {
|
|||
'/#' + fragment
|
||||
}),
|
||||
result = false;
|
||||
global.URL = require('jsdom-url').URL;
|
||||
try {
|
||||
$.PrivateBin.Model.getPasteId();
|
||||
}
|
||||
|
@ -126,15 +128,20 @@ describe('Model', function () {
|
|||
|
||||
describe('getPasteKey', function () {
|
||||
this.timeout(30000);
|
||||
beforeEach(function () {
|
||||
$.PrivateBin.Model.reset();
|
||||
cleanup();
|
||||
});
|
||||
|
||||
jsc.property(
|
||||
'returns the fragment of the URL',
|
||||
'returns the fragment of a v1 URL',
|
||||
jsc.nearray(common.jscA2zString()),
|
||||
jsc.nearray(common.jscA2zString()),
|
||||
jsc.array(common.jscQueryString()),
|
||||
jsc.nearray(common.jscBase64String()),
|
||||
'nestring',
|
||||
function (schema, address, query, fragment) {
|
||||
var fragmentString = fragment.join(''),
|
||||
clean = jsdom('', {
|
||||
const fragmentString = common.btoa(fragment.padStart(32, '\u0000'));
|
||||
let clean = jsdom('', {
|
||||
url: schema.join('') + '://' + address.join('') +
|
||||
'/?' + query.join('') + '#' + fragmentString
|
||||
}),
|
||||
|
@ -145,15 +152,15 @@ describe('Model', function () {
|
|||
}
|
||||
);
|
||||
jsc.property(
|
||||
'returns the fragment stripped of trailing query parts',
|
||||
'returns the v1 fragment stripped of trailing query parts',
|
||||
jsc.nearray(common.jscA2zString()),
|
||||
jsc.nearray(common.jscA2zString()),
|
||||
jsc.array(common.jscQueryString()),
|
||||
jsc.nearray(common.jscBase64String()),
|
||||
'nestring',
|
||||
jsc.array(common.jscHashString()),
|
||||
function (schema, address, query, fragment, trail) {
|
||||
var fragmentString = fragment.join(''),
|
||||
clean = jsdom('', {
|
||||
const fragmentString = common.btoa(fragment.padStart(32, '\u0000'));
|
||||
let clean = jsdom('', {
|
||||
url: schema.join('') + '://' + address.join('') + '/?' +
|
||||
query.join('') + '#' + fragmentString + '&' + trail.join('')
|
||||
}),
|
||||
|
@ -163,6 +170,47 @@ describe('Model', function () {
|
|||
return fragmentString === result;
|
||||
}
|
||||
);
|
||||
jsc.property(
|
||||
'returns the fragment of a v2 URL',
|
||||
jsc.nearray(common.jscA2zString()),
|
||||
jsc.nearray(common.jscA2zString()),
|
||||
jsc.array(common.jscQueryString()),
|
||||
'nestring',
|
||||
function (schema, address, query, fragment) {
|
||||
// base58 strips leading NULL bytes, so the string is padded with these if not found
|
||||
fragment = fragment.padStart(32, '\u0000');
|
||||
let fragmentString = $.PrivateBin.CryptTool.base58encode(fragment),
|
||||
clean = jsdom('', {
|
||||
url: schema.join('') + '://' + address.join('') +
|
||||
'/?' + query.join('') + '#' + fragmentString
|
||||
}),
|
||||
result = $.PrivateBin.Model.getPasteKey();
|
||||
$.PrivateBin.Model.reset();
|
||||
clean();
|
||||
return fragment === result;
|
||||
}
|
||||
);
|
||||
jsc.property(
|
||||
'returns the v2 fragment stripped of trailing query parts',
|
||||
jsc.nearray(common.jscA2zString()),
|
||||
jsc.nearray(common.jscA2zString()),
|
||||
jsc.array(common.jscQueryString()),
|
||||
'nestring',
|
||||
jsc.array(common.jscHashString()),
|
||||
function (schema, address, query, fragment, trail) {
|
||||
// base58 strips leading NULL bytes, so the string is padded with these if not found
|
||||
fragment = fragment.padStart(32, '\u0000');
|
||||
let fragmentString = $.PrivateBin.CryptTool.base58encode(fragment),
|
||||
clean = jsdom('', {
|
||||
url: schema.join('') + '://' + address.join('') + '/?' +
|
||||
query.join('') + '#' + fragmentString + '&' + trail.join('')
|
||||
}),
|
||||
result = $.PrivateBin.Model.getPasteKey();
|
||||
$.PrivateBin.Model.reset();
|
||||
clean();
|
||||
return fragment === result;
|
||||
}
|
||||
);
|
||||
jsc.property(
|
||||
'throws exception on empty fragment of the URL',
|
||||
jsc.nearray(common.jscA2zString()),
|
||||
|
@ -188,7 +236,7 @@ describe('Model', function () {
|
|||
});
|
||||
|
||||
describe('getTemplate', function () {
|
||||
before(function () {
|
||||
beforeEach(function () {
|
||||
$.PrivateBin.Model.reset();
|
||||
cleanup();
|
||||
});
|
||||
|
|
|
@ -4,9 +4,6 @@ var common = require('../common');
|
|||
describe('PasteStatus', function () {
|
||||
describe('createPasteNotification', function () {
|
||||
this.timeout(30000);
|
||||
before(function () {
|
||||
cleanup();
|
||||
});
|
||||
|
||||
jsc.property(
|
||||
'creates a notification after a successfull paste upload',
|
||||
|
@ -24,7 +21,7 @@ describe('PasteStatus', function () {
|
|||
var expected1 = schema1 + '://' + address1.join('') + '/?' +
|
||||
encodeURI(query1.join('').replace(/^&+|&+$/gm,'') + '#' + fragment1),
|
||||
expected2 = schema2 + '://' + address2.join('') + '/?' +
|
||||
encodeURI(query2.join('')),
|
||||
encodeURI(query2.join('').replace(/^&+|&+$/gm,'')),
|
||||
clean = jsdom();
|
||||
$('body').html('<div><div id="deletelink"></div><div id="pastelink"></div></div>');
|
||||
$.PrivateBin.PasteStatus.init();
|
||||
|
@ -44,7 +41,7 @@ describe('PasteStatus', function () {
|
|||
});
|
||||
|
||||
jsc.property(
|
||||
'shows burn after reading message or remaining time',
|
||||
'shows burn after reading message or remaining time v1',
|
||||
'bool',
|
||||
'nat',
|
||||
jsc.nearray(common.jscA2zString()),
|
||||
|
@ -62,11 +59,51 @@ describe('PasteStatus', function () {
|
|||
result;
|
||||
$('body').html('<div id="remainingtime" class="hidden"></div>');
|
||||
$.PrivateBin.PasteStatus.init();
|
||||
$.PrivateBin.PasteStatus.showRemainingTime({
|
||||
$.PrivateBin.PasteStatus.showRemainingTime($.PrivateBin.Helper.PasteFactory({'meta': {
|
||||
'burnafterreading': burnafterreading,
|
||||
'remaining_time': remainingTime,
|
||||
'expire_date': remainingTime ? ((new Date()).getTime() / 1000) + remainingTime : 0
|
||||
});
|
||||
'remaining_time': remainingTime
|
||||
}}));
|
||||
if (burnafterreading) {
|
||||
result = $('#remainingtime').hasClass('foryoureyesonly') &&
|
||||
!$('#remainingtime').hasClass('hidden');
|
||||
} else if (remainingTime) {
|
||||
result =!$('#remainingtime').hasClass('foryoureyesonly') &&
|
||||
!$('#remainingtime').hasClass('hidden');
|
||||
} else {
|
||||
result = $('#remainingtime').hasClass('hidden') &&
|
||||
!$('#remainingtime').hasClass('foryoureyesonly');
|
||||
}
|
||||
clean();
|
||||
return result;
|
||||
}
|
||||
);
|
||||
|
||||
jsc.property(
|
||||
'shows burn after reading message or remaining time v2',
|
||||
'bool',
|
||||
'nat',
|
||||
jsc.nearray(common.jscA2zString()),
|
||||
jsc.nearray(common.jscA2zString()),
|
||||
jsc.nearray(common.jscQueryString()),
|
||||
'string',
|
||||
function (
|
||||
burnafterreading, remainingTime,
|
||||
schema, address, query, fragment
|
||||
) {
|
||||
var clean = jsdom('', {
|
||||
url: schema.join('') + '://' + address.join('') +
|
||||
'/?' + query.join('') + '#' + fragment
|
||||
}),
|
||||
result;
|
||||
$('body').html('<div id="remainingtime" class="hidden"></div>');
|
||||
$.PrivateBin.PasteStatus.init();
|
||||
$.PrivateBin.PasteStatus.showRemainingTime($.PrivateBin.Helper.PasteFactory({
|
||||
'adata': [null, null, null, burnafterreading],
|
||||
'v': 2,
|
||||
'meta': {
|
||||
'time_to_live': remainingTime
|
||||
}
|
||||
}));
|
||||
if (burnafterreading) {
|
||||
result = $('#remainingtime').hasClass('foryoureyesonly') &&
|
||||
!$('#remainingtime').hasClass('hidden');
|
||||
|
|
|
@ -30,8 +30,10 @@ describe('Prompt', function () {
|
|||
$.PrivateBin.Prompt.init();
|
||||
$.PrivateBin.Prompt.requestPassword();
|
||||
$('#passworddecrypt').val(password);
|
||||
$('#passwordform').submit();
|
||||
var result = $.PrivateBin.Prompt.getPassword();
|
||||
// TODO triggers error messages in current jsDOM version, find better solution
|
||||
//$('#passwordform').submit();
|
||||
//var result = $.PrivateBin.Prompt.getPassword();
|
||||
var result = $('#passworddecrypt').val();
|
||||
$.PrivateBin.Model.reset();
|
||||
clean();
|
||||
return result === password;
|
||||
|
|
40
js/test/ServerInteraction.js
Normal file
40
js/test/ServerInteraction.js
Normal file
|
@ -0,0 +1,40 @@
|
|||
'use strict';
|
||||
require('../common');
|
||||
|
||||
describe('ServerInteraction', function () {
|
||||
describe('prepare', function () {
|
||||
afterEach(async function () {
|
||||
// pause to let async functions conclude
|
||||
await new Promise(resolve => setTimeout(resolve, 1900));
|
||||
});
|
||||
this.timeout(30000);
|
||||
it('can prepare an encrypted paste', function () {
|
||||
jsc.assert(jsc.forall(
|
||||
'string',
|
||||
'string',
|
||||
'string',
|
||||
async function (key, password, message) {
|
||||
// pause to let async functions conclude
|
||||
await new Promise(resolve => setTimeout(resolve, 300));
|
||||
let clean = jsdom();
|
||||
window.crypto = new WebCrypto();
|
||||
message = message.trim();
|
||||
|
||||
$.PrivateBin.ServerInteraction.prepare();
|
||||
$.PrivateBin.ServerInteraction.setCryptParameters(password, key);
|
||||
$.PrivateBin.ServerInteraction.setUnencryptedData('adata', [
|
||||
// encryption parameters defined by CryptTool, format, discussion, burn after reading
|
||||
null, 'plaintext', 0, 0
|
||||
]);
|
||||
$.PrivateBin.ServerInteraction.setUnencryptedData('meta', {'expire': '5min'});
|
||||
await $.PrivateBin.ServerInteraction.setCipherMessage({'paste': message});
|
||||
//console.log($.PrivateBin.ServerInteraction.getData());
|
||||
clean();
|
||||
// TODO currently not testing anything and just used to generate v2 pastes for starting development of server side v2 implementation
|
||||
return true;
|
||||
}
|
||||
),
|
||||
{tests: 3});
|
||||
});
|
||||
});
|
||||
});
|
|
@ -6,7 +6,7 @@ describe('UiHelper', function () {
|
|||
// for now we use a mock function to trigger the event
|
||||
describe('historyChange', function () {
|
||||
this.timeout(30000);
|
||||
before(function () {
|
||||
beforeEach(function () {
|
||||
$.PrivateBin.Helper.reset();
|
||||
cleanup();
|
||||
});
|
||||
|
|
1910
js/test/compression-sample.txt
Normal file
1910
js/test/compression-sample.txt
Normal file
File diff suppressed because it is too large
Load diff
124
js/types.jsonld
Normal file
124
js/types.jsonld
Normal file
|
@ -0,0 +1,124 @@
|
|||
{
|
||||
"@context": {
|
||||
"so": "https://schema.org/",
|
||||
"dp": "http://dbpedia.org/resource/",
|
||||
"pb": "?jsonld=types#"
|
||||
},
|
||||
"Base64": {
|
||||
"@type": "so:Text"
|
||||
},
|
||||
"CipherText": {
|
||||
"@type": "pb:Base64"
|
||||
},
|
||||
"PasteCipherMessage": {
|
||||
"paste": {
|
||||
"@type": "so:Text"
|
||||
},
|
||||
"attachment": {
|
||||
"@type": "so:MediaObject"
|
||||
},
|
||||
"attachment_name": {
|
||||
"@type": "so:Text"
|
||||
}
|
||||
},
|
||||
"CommentCipherMessage": {
|
||||
"comment": {
|
||||
"@type": "so:Text"
|
||||
},
|
||||
"nickname": {
|
||||
"@type": "so:Text"
|
||||
}
|
||||
},
|
||||
"InitializationVector": {
|
||||
"@type": "pb:Base64"
|
||||
},
|
||||
"Salt": {
|
||||
"@type": "pb:Base64"
|
||||
},
|
||||
"Iterations": {
|
||||
"@type": "so:Integer",
|
||||
"@minimum": 1
|
||||
},
|
||||
"KeySize": {
|
||||
"@type": "so:Integer",
|
||||
"@value": 256,
|
||||
"@minimum": 128,
|
||||
"@maximum": 256,
|
||||
"@enum": [128, 196, 256]
|
||||
},
|
||||
"TagSize": {
|
||||
"@type": "so:Integer",
|
||||
"@value": 128,
|
||||
"@minimum": 32,
|
||||
"@maximum": 128,
|
||||
"@enum": [32, 64, 96, 104, 112, 120, 128]
|
||||
},
|
||||
"Algorithm": {
|
||||
"@type": "so:Text",
|
||||
"@value": "aes"
|
||||
},
|
||||
"Mode": {
|
||||
"@type": "so:Text",
|
||||
"@value": "gcm",
|
||||
"@enum": ["ctr", "cbc", "gcm"]
|
||||
},
|
||||
"Compression": {
|
||||
"@type": "so:Text",
|
||||
"@value": "zlib",
|
||||
"@enum": ["zlib", "none"]
|
||||
},
|
||||
"Formatter": {
|
||||
"@type": "so:Text",
|
||||
"@value": "plaintext",
|
||||
"@enum": ["plaintext", "syntaxhighlighting", "markdown"]
|
||||
},
|
||||
"Expiration": {
|
||||
"@type": "so:Text",
|
||||
"@value": "1week",
|
||||
"@enum": ["5min", "10min", "1hour", "1day", "1week", "1month", "1year", "never"]
|
||||
},
|
||||
"OpenDiscussion": {
|
||||
"@type": "so:Boolean",
|
||||
"@enum": [false, true]
|
||||
},
|
||||
"BurnAfterReading": {
|
||||
"@type": "so:Boolean",
|
||||
"@enum": [false, true]
|
||||
},
|
||||
"CreationTime": {
|
||||
"@type": "dp:Unix_time"
|
||||
},
|
||||
"RemainingSeconds": {
|
||||
"@type": "dp:Second",
|
||||
"@minimum": 1
|
||||
},
|
||||
"CipherParameters": {
|
||||
"@container": "@list",
|
||||
"@value": [
|
||||
{
|
||||
"@type": "pb:InitializationVector"
|
||||
},
|
||||
{
|
||||
"@type": "pb:Salt"
|
||||
},
|
||||
{
|
||||
"@type": "pb:Iterations"
|
||||
},
|
||||
{
|
||||
"@type": "pb:KeySize"
|
||||
},
|
||||
{
|
||||
"@type": "pb:TagSize"
|
||||
},
|
||||
{
|
||||
"@type": "pb:Algorithm"
|
||||
},
|
||||
{
|
||||
"@type": "pb:Mode"
|
||||
},
|
||||
{
|
||||
"@type": "pb:Compression"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
146
js/zlib-1.2.11.js
Normal file
146
js/zlib-1.2.11.js
Normal file
|
@ -0,0 +1,146 @@
|
|||
'use strict';
|
||||
|
||||
(function() {
|
||||
let ret;
|
||||
|
||||
async function initialize() {
|
||||
if (ret) return ret;
|
||||
|
||||
const COMPRESSION_LEVEL = 7;
|
||||
const NO_ZLIB_HEADER = -1;
|
||||
const CHUNK_SIZE = 32 * 1024;
|
||||
const map = {};
|
||||
const memory = new WebAssembly.Memory({
|
||||
initial: 1,
|
||||
maximum: 1024, // 64MB
|
||||
});
|
||||
const env = {
|
||||
memory,
|
||||
writeToJs(ptr, size) {
|
||||
const o = map[ptr];
|
||||
o.onData(new Uint8Array(memory.buffer, dstPtr, size));
|
||||
},
|
||||
_abort: errno => { console.error(`Error: ${errno}`) },
|
||||
_grow: () => { },
|
||||
};
|
||||
|
||||
let buff;
|
||||
if (typeof fetch === 'undefined') {
|
||||
buff = fs.readFileSync('zlib-1.2.11.wasm');
|
||||
} else {
|
||||
const resp = await fetch('js/zlib-1.2.11.wasm');
|
||||
buff = await resp.arrayBuffer();
|
||||
}
|
||||
const module = await WebAssembly.compile(buff);
|
||||
const ins = await WebAssembly.instantiate(module, { env });
|
||||
|
||||
const srcPtr = ins.exports._malloc(CHUNK_SIZE);
|
||||
const dstPtr = ins.exports._malloc(CHUNK_SIZE);
|
||||
|
||||
class RawDef {
|
||||
constructor() {
|
||||
this.zstreamPtr = ins.exports._createDeflateContext(COMPRESSION_LEVEL, NO_ZLIB_HEADER);
|
||||
map[this.zstreamPtr] = this;
|
||||
this.offset = 0;
|
||||
this.buff = new Uint8Array(CHUNK_SIZE);
|
||||
}
|
||||
|
||||
deflate(chunk, flush) {
|
||||
const src = new Uint8Array(memory.buffer, srcPtr, chunk.length);
|
||||
src.set(chunk);
|
||||
ins.exports._deflate(this.zstreamPtr, srcPtr, dstPtr, chunk.length, CHUNK_SIZE, flush);
|
||||
}
|
||||
|
||||
onData(chunk) {
|
||||
if (this.buff.length < this.offset + chunk.length) {
|
||||
const buff = this.buff;
|
||||
this.buff = new Uint8Array(this.buff.length * 2);
|
||||
this.buff.set(buff);
|
||||
}
|
||||
this.buff.set(chunk, this.offset);
|
||||
this.offset += chunk.length;
|
||||
}
|
||||
|
||||
destroy() {
|
||||
ins.exports._freeDeflateContext(this.zstreamPtr);
|
||||
delete map[this.zstreamPtr];
|
||||
this.buff = null;
|
||||
}
|
||||
|
||||
getBuffer() {
|
||||
const res = new Uint8Array(this.offset);
|
||||
for (let i = 0; i < this.offset; ++i) {
|
||||
res[i] = this.buff[i];
|
||||
}
|
||||
return res;
|
||||
}
|
||||
}
|
||||
|
||||
class RawInf {
|
||||
constructor() {
|
||||
this.zstreamPtr = ins.exports._createInflateContext(NO_ZLIB_HEADER);
|
||||
map[this.zstreamPtr] = this;
|
||||
this.offset = 0;
|
||||
this.buff = new Uint8Array(CHUNK_SIZE);
|
||||
}
|
||||
|
||||
inflate(chunk) {
|
||||
const src = new Uint8Array(memory.buffer, srcPtr, chunk.length);
|
||||
src.set(chunk);
|
||||
ins.exports._inflate(this.zstreamPtr, srcPtr, dstPtr, chunk.length, CHUNK_SIZE);
|
||||
}
|
||||
|
||||
onData(chunk) {
|
||||
if (this.buff.length < this.offset + chunk.length) {
|
||||
const buff = this.buff;
|
||||
this.buff = new Uint8Array(this.buff.length * 2);
|
||||
this.buff.set(buff);
|
||||
}
|
||||
this.buff.set(chunk, this.offset);
|
||||
this.offset += chunk.length;
|
||||
}
|
||||
|
||||
destroy() {
|
||||
ins.exports._freeInflateContext(this.zstreamPtr);
|
||||
delete map[this.zstreamPtr];
|
||||
this.buff = null;
|
||||
}
|
||||
|
||||
getBuffer() {
|
||||
const res = new Uint8Array(this.offset);
|
||||
for (let i = 0; i < this.offset; ++i) {
|
||||
res[i] = this.buff[i];
|
||||
}
|
||||
return res;
|
||||
}
|
||||
}
|
||||
|
||||
ret = {
|
||||
inflate(rawDeflateBuffer) {
|
||||
const rawInf = new RawInf();
|
||||
for (let offset = 0; offset < rawDeflateBuffer.length; offset += CHUNK_SIZE) {
|
||||
const end = Math.min(offset + CHUNK_SIZE, rawDeflateBuffer.length);
|
||||
const chunk = rawDeflateBuffer.subarray(offset, end);
|
||||
rawInf.inflate(chunk);
|
||||
}
|
||||
const ret = rawInf.getBuffer();
|
||||
rawInf.destroy();
|
||||
return ret;
|
||||
},
|
||||
deflate(rawInflateBuffer) {
|
||||
const rawDef = new RawDef();
|
||||
for (let offset = 0; offset < rawInflateBuffer.length; offset += CHUNK_SIZE) {
|
||||
const end = Math.min(offset + CHUNK_SIZE, rawInflateBuffer.length);
|
||||
const chunk = rawInflateBuffer.subarray(offset, end);
|
||||
rawDef.deflate(chunk, rawInflateBuffer.length <= offset + CHUNK_SIZE);
|
||||
}
|
||||
const ret = rawDef.getBuffer();
|
||||
rawDef.destroy();
|
||||
return ret;
|
||||
},
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
this.zlib = initialize();
|
||||
}).call(this);
|
BIN
js/zlib-1.2.11.wasm
Normal file
BIN
js/zlib-1.2.11.wasm
Normal file
Binary file not shown.
|
@ -7,7 +7,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
namespace PrivateBin;
|
||||
|
@ -53,8 +53,10 @@ class Configuration
|
|||
'urlshortener' => '',
|
||||
'qrcode' => true,
|
||||
'icon' => 'identicon',
|
||||
'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:; media-src data:; object-src data:; Referrer-Policy: \'no-referrer\'; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals',
|
||||
'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals',
|
||||
'zerobincompatibility' => false,
|
||||
'httpwarning' => true,
|
||||
'compression' => 'zlib',
|
||||
),
|
||||
'expire' => array(
|
||||
'default' => '1week',
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
namespace PrivateBin;
|
||||
|
@ -28,14 +28,14 @@ class Controller
|
|||
*
|
||||
* @const string
|
||||
*/
|
||||
const VERSION = '1.2.1';
|
||||
const VERSION = '1.3';
|
||||
|
||||
/**
|
||||
* minimal required PHP version
|
||||
*
|
||||
* @const string
|
||||
*/
|
||||
const MIN_PHP_VERSION = '5.4.0';
|
||||
const MIN_PHP_VERSION = '5.5.0';
|
||||
|
||||
/**
|
||||
* show the same error message if the paste expired or does not exist
|
||||
|
@ -154,6 +154,7 @@ class Controller
|
|||
* initialize PrivateBin
|
||||
*
|
||||
* @access private
|
||||
* @throws Exception
|
||||
*/
|
||||
private function _init()
|
||||
{
|
||||
|
@ -177,16 +178,16 @@ class Controller
|
|||
* Store new paste or comment
|
||||
*
|
||||
* POST contains one or both:
|
||||
* data = json encoded SJCL encrypted text (containing keys: iv,v,iter,ks,ts,mode,adata,cipher,salt,ct)
|
||||
* attachment = json encoded SJCL encrypted text (containing keys: iv,v,iter,ks,ts,mode,adata,cipher,salt,ct)
|
||||
* data = json encoded FormatV2 encrypted text (containing keys: iv,v,iter,ks,ts,mode,adata,cipher,salt,ct)
|
||||
* attachment = json encoded FormatV2 encrypted text (containing keys: iv,v,iter,ks,ts,mode,adata,cipher,salt,ct)
|
||||
*
|
||||
* All optional data will go to meta information:
|
||||
* expire (optional) = expiration delay (never,5min,10min,1hour,1day,1week,1month,1year,burn) (default:never)
|
||||
* formatter (optional) = format to display the paste as (plaintext,syntaxhighlighting,markdown) (default:syntaxhighlighting)
|
||||
* burnafterreading (optional) = if this paste may only viewed once ? (0/1) (default:0)
|
||||
* opendiscusssion (optional) = is the discussion allowed on this paste ? (0/1) (default:0)
|
||||
* attachmentname = json encoded SJCL encrypted text (containing keys: iv,v,iter,ks,ts,mode,adata,cipher,salt,ct)
|
||||
* nickname (optional) = in discussion, encoded SJCL encrypted text nickname of author of comment (containing keys: iv,v,iter,ks,ts,mode,adata,cipher,salt,ct)
|
||||
* attachmentname = json encoded FormatV2 encrypted text (containing keys: iv,v,iter,ks,ts,mode,adata,cipher,salt,ct)
|
||||
* nickname (optional) = in discussion, encoded FormatV2 encrypted text nickname of author of comment (containing keys: iv,v,iter,ks,ts,mode,adata,cipher,salt,ct)
|
||||
* parentid (optional) = in discussion, which comment this comment replies to.
|
||||
* pasteid (optional) = in discussion, which paste this comment belongs to.
|
||||
*
|
||||
|
@ -198,59 +199,52 @@ class Controller
|
|||
// Ensure last paste from visitors IP address was more than configured amount of seconds ago.
|
||||
TrafficLimiter::setConfiguration($this->_conf);
|
||||
if (!TrafficLimiter::canPass()) {
|
||||
return $this->_return_message(
|
||||
$this->_return_message(
|
||||
1, I18n::_(
|
||||
'Please wait %d seconds between each post.',
|
||||
$this->_conf->getKey('limit', 'traffic')
|
||||
)
|
||||
);
|
||||
return;
|
||||
}
|
||||
|
||||
$data = $this->_request->getParam('data');
|
||||
$attachment = $this->_request->getParam('attachment');
|
||||
$attachmentname = $this->_request->getParam('attachmentname');
|
||||
|
||||
// Ensure content is not too big.
|
||||
$data = $this->_request->getData();
|
||||
$isComment = array_key_exists('pasteid', $data) &&
|
||||
!empty($data['pasteid']) &&
|
||||
array_key_exists('parentid', $data) &&
|
||||
!empty($data['parentid']);
|
||||
if (!FormatV2::isValid($data, $isComment)) {
|
||||
$this->_return_message(1, I18n::_('Invalid data.'));
|
||||
return;
|
||||
}
|
||||
$sizelimit = $this->_conf->getKey('sizelimit');
|
||||
if (
|
||||
strlen($data) + strlen($attachment) + strlen($attachmentname) > $sizelimit
|
||||
) {
|
||||
return $this->_return_message(
|
||||
// Ensure content is not too big.
|
||||
if (strlen($data['ct']) > $sizelimit) {
|
||||
$this->_return_message(
|
||||
1,
|
||||
I18n::_(
|
||||
'Paste is limited to %s of encrypted data.',
|
||||
Filter::formatHumanReadableSize($sizelimit)
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
// Ensure attachment did not get lost due to webserver limits or Suhosin
|
||||
if (strlen($attachmentname) > 0 && strlen($attachment) == 0) {
|
||||
return $this->_return_message(1, 'Attachment missing in data received by server. Please check your webserver or suhosin configuration for maximum POST parameter limitations.');
|
||||
return;
|
||||
}
|
||||
|
||||
// The user posts a comment.
|
||||
$pasteid = $this->_request->getParam('pasteid');
|
||||
$parentid = $this->_request->getParam('parentid');
|
||||
if (!empty($pasteid) && !empty($parentid)) {
|
||||
$paste = $this->_model->getPaste($pasteid);
|
||||
if ($isComment) {
|
||||
$paste = $this->_model->getPaste($data['pasteid']);
|
||||
if ($paste->exists()) {
|
||||
try {
|
||||
$comment = $paste->getComment($parentid);
|
||||
|
||||
$nickname = $this->_request->getParam('nickname');
|
||||
if (!empty($nickname)) {
|
||||
$comment->setNickname($nickname);
|
||||
}
|
||||
|
||||
$comment = $paste->getComment($data['parentid']);
|
||||
$comment->setData($data);
|
||||
$comment->store();
|
||||
} catch (Exception $e) {
|
||||
return $this->_return_message(1, $e->getMessage());
|
||||
$this->_return_message(1, $e->getMessage());
|
||||
return;
|
||||
}
|
||||
$this->_return_message(0, $comment->getId());
|
||||
} else {
|
||||
$this->_return_message(1, 'Invalid data.');
|
||||
$this->_return_message(1, I18n::_('Invalid data.'));
|
||||
}
|
||||
}
|
||||
// The user posts a standard paste.
|
||||
|
@ -259,34 +253,6 @@ class Controller
|
|||
$paste = $this->_model->getPaste();
|
||||
try {
|
||||
$paste->setData($data);
|
||||
|
||||
if (!empty($attachment)) {
|
||||
$paste->setAttachment($attachment);
|
||||
if (!empty($attachmentname)) {
|
||||
$paste->setAttachmentName($attachmentname);
|
||||
}
|
||||
}
|
||||
|
||||
$expire = $this->_request->getParam('expire');
|
||||
if (!empty($expire)) {
|
||||
$paste->setExpiration($expire);
|
||||
}
|
||||
|
||||
$burnafterreading = $this->_request->getParam('burnafterreading');
|
||||
if (!empty($burnafterreading)) {
|
||||
$paste->setBurnafterreading($burnafterreading);
|
||||
}
|
||||
|
||||
$opendiscussion = $this->_request->getParam('opendiscussion');
|
||||
if (!empty($opendiscussion)) {
|
||||
$paste->setOpendiscussion($opendiscussion);
|
||||
}
|
||||
|
||||
$formatter = $this->_request->getParam('formatter');
|
||||
if (!empty($formatter)) {
|
||||
$paste->setFormatter($formatter);
|
||||
}
|
||||
|
||||
$paste->store();
|
||||
} catch (Exception $e) {
|
||||
return $this->_return_message(1, $e->getMessage());
|
||||
|
@ -307,23 +273,18 @@ class Controller
|
|||
try {
|
||||
$paste = $this->_model->getPaste($dataid);
|
||||
if ($paste->exists()) {
|
||||
// accessing this property ensures that the paste would be
|
||||
// accessing this method ensures that the paste would be
|
||||
// deleted if it has already expired
|
||||
$burnafterreading = $paste->isBurnafterreading();
|
||||
$paste->get();
|
||||
if (
|
||||
($burnafterreading && $deletetoken == 'burnafterreading') || // either we burn-after it has been read //@TODO: not needed anymore now?
|
||||
Filter::slowEquals($deletetoken, $paste->getDeleteToken()) // or we manually delete it with this secret token
|
||||
Filter::slowEquals($deletetoken, $paste->getDeleteToken())
|
||||
) {
|
||||
// Paste exists and deletion token (if required) is valid: Delete the paste.
|
||||
// Paste exists and deletion token is valid: Delete the paste.
|
||||
$paste->delete();
|
||||
$this->_status = 'Paste was properly deleted.';
|
||||
} else {
|
||||
if (!$burnafterreading && $deletetoken == 'burnafterreading') {
|
||||
$this->_error = 'Paste is not of burn-after-reading type.';
|
||||
} else {
|
||||
$this->_error = 'Wrong deletion token. Paste was not deleted.';
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$this->_error = self::GENERIC_ERROR;
|
||||
}
|
||||
|
@ -355,8 +316,8 @@ class Controller
|
|||
$paste = $this->_model->getPaste($dataid);
|
||||
if ($paste->exists()) {
|
||||
$data = $paste->get();
|
||||
if (property_exists($data->meta, 'salt')) {
|
||||
unset($data->meta->salt);
|
||||
if (array_key_exists('salt', $data['meta'])) {
|
||||
unset($data['meta']['salt']);
|
||||
}
|
||||
$this->_return_message(0, $dataid, (array) $data);
|
||||
} else {
|
||||
|
@ -382,6 +343,7 @@ class Controller
|
|||
header('Last-Modified: ' . $time);
|
||||
header('Vary: Accept');
|
||||
header('Content-Security-Policy: ' . $this->_conf->getKey('cspheader'));
|
||||
header('Referrer-Policy: no-referrer');
|
||||
header('X-Xss-Protection: 1; mode=block');
|
||||
header('X-Frame-Options: DENY');
|
||||
header('X-Content-Type-Options: nosniff');
|
||||
|
@ -425,6 +387,8 @@ class Controller
|
|||
$page->assign('EXPIREDEFAULT', $this->_conf->getKey('default', 'expire'));
|
||||
$page->assign('URLSHORTENER', $this->_conf->getKey('urlshortener'));
|
||||
$page->assign('QRCODE', $this->_conf->getKey('qrcode'));
|
||||
$page->assign('HTTPWARNING', $this->_conf->getKey('httpwarning'));
|
||||
$page->assign('COMPRESSION', $this->_conf->getKey('compression'));
|
||||
$page->draw($this->_conf->getKey('template'));
|
||||
}
|
||||
|
||||
|
@ -476,6 +440,6 @@ class Controller
|
|||
$result['url'] = $this->_urlBase . '?' . $message;
|
||||
}
|
||||
$result += $other;
|
||||
$this->_json = json_encode($result);
|
||||
$this->_json = Json::encode($result);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -7,13 +7,11 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
namespace PrivateBin\Data;
|
||||
|
||||
use stdClass;
|
||||
|
||||
/**
|
||||
* AbstractData
|
||||
*
|
||||
|
@ -60,7 +58,7 @@ abstract class AbstractData
|
|||
* @param array $options
|
||||
* @return AbstractData
|
||||
*/
|
||||
public static function getInstance($options)
|
||||
public static function getInstance(array $options)
|
||||
{
|
||||
}
|
||||
|
||||
|
@ -72,14 +70,14 @@ abstract class AbstractData
|
|||
* @param array $paste
|
||||
* @return bool
|
||||
*/
|
||||
abstract public function create($pasteid, $paste);
|
||||
abstract public function create($pasteid, array $paste);
|
||||
|
||||
/**
|
||||
* Read a paste.
|
||||
*
|
||||
* @access public
|
||||
* @param string $pasteid
|
||||
* @return stdClass|false
|
||||
* @return array|false
|
||||
*/
|
||||
abstract public function read($pasteid);
|
||||
|
||||
|
@ -110,7 +108,7 @@ abstract class AbstractData
|
|||
* @param array $comment
|
||||
* @return bool
|
||||
*/
|
||||
abstract public function createComment($pasteid, $parentid, $commentid, $comment);
|
||||
abstract public function createComment($pasteid, $parentid, $commentid, array $comment);
|
||||
|
||||
/**
|
||||
* Read all comments of paste.
|
||||
|
@ -163,12 +161,12 @@ abstract class AbstractData
|
|||
/**
|
||||
* Get next free slot for comment from postdate.
|
||||
*
|
||||
* @access public
|
||||
* @access protected
|
||||
* @param array $comments
|
||||
* @param int|string $postdate
|
||||
* @return int|string
|
||||
*/
|
||||
protected function getOpenSlot(&$comments, $postdate)
|
||||
protected function getOpenSlot(array &$comments, $postdate)
|
||||
{
|
||||
if (array_key_exists($postdate, $comments)) {
|
||||
$parts = explode('.', $postdate, 2);
|
||||
|
@ -180,4 +178,25 @@ abstract class AbstractData
|
|||
}
|
||||
return $postdate;
|
||||
}
|
||||
|
||||
/**
|
||||
* Upgrade pre-version 1 pastes with attachment to version 1 format.
|
||||
*
|
||||
* @access protected
|
||||
* @static
|
||||
* @param array $paste
|
||||
* @return array
|
||||
*/
|
||||
protected static function upgradePreV1Format(array $paste)
|
||||
{
|
||||
if (array_key_exists('attachment', $paste['meta'])) {
|
||||
$paste['attachment'] = $paste['meta']['attachment'];
|
||||
unset($paste['meta']['attachment']);
|
||||
if (array_key_exists('attachmentname', $paste['meta'])) {
|
||||
$paste['attachmentname'] = $paste['meta']['attachmentname'];
|
||||
unset($paste['meta']['attachmentname']);
|
||||
}
|
||||
}
|
||||
return $paste;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
namespace PrivateBin\Data;
|
||||
|
@ -16,7 +16,7 @@ use Exception;
|
|||
use PDO;
|
||||
use PDOException;
|
||||
use PrivateBin\Controller;
|
||||
use stdClass;
|
||||
use PrivateBin\Json;
|
||||
|
||||
/**
|
||||
* Database
|
||||
|
@ -68,14 +68,13 @@ class Database extends AbstractData
|
|||
* @throws Exception
|
||||
* @return Database
|
||||
*/
|
||||
public static function getInstance($options = null)
|
||||
public static function getInstance(array $options)
|
||||
{
|
||||
// if needed initialize the singleton
|
||||
if (!(self::$_instance instanceof self)) {
|
||||
self::$_instance = new self;
|
||||
}
|
||||
|
||||
if (is_array($options)) {
|
||||
// set table prefix if given
|
||||
if (array_key_exists('tbl', $options)) {
|
||||
self::$_prefix = $options['tbl'];
|
||||
|
@ -142,7 +141,6 @@ class Database extends AbstractData
|
|||
'Missing configuration for key dsn, usr, pwd or opt in the section model_options, please check your configuration file', 6
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
return self::$_instance;
|
||||
}
|
||||
|
@ -155,7 +153,7 @@ class Database extends AbstractData
|
|||
* @param array $paste
|
||||
* @return bool
|
||||
*/
|
||||
public function create($pasteid, $paste)
|
||||
public function create($pasteid, array $paste)
|
||||
{
|
||||
if (
|
||||
array_key_exists($pasteid, self::$_cache)
|
||||
|
@ -167,42 +165,50 @@ class Database extends AbstractData
|
|||
}
|
||||
}
|
||||
|
||||
$opendiscussion = $burnafterreading = false;
|
||||
$attachment = $attachmentname = '';
|
||||
$meta = $paste['meta'];
|
||||
unset($meta['postdate']);
|
||||
$expire_date = 0;
|
||||
if (array_key_exists('expire_date', $paste['meta'])) {
|
||||
$expire_date = (int) $paste['meta']['expire_date'];
|
||||
$opendiscussion = $burnafterreading = false;
|
||||
$attachment = $attachmentname = null;
|
||||
$meta = $paste['meta'];
|
||||
$isVersion1 = array_key_exists('data', $paste);
|
||||
list($createdKey) = self::_getVersionedKeys($isVersion1 ? 1 : 2);
|
||||
$created = (int) $meta[$createdKey];
|
||||
unset($meta[$createdKey], $paste['meta']);
|
||||
if (array_key_exists('expire_date', $meta)) {
|
||||
$expire_date = (int) $meta['expire_date'];
|
||||
unset($meta['expire_date']);
|
||||
}
|
||||
if (array_key_exists('opendiscussion', $paste['meta'])) {
|
||||
$opendiscussion = (bool) $paste['meta']['opendiscussion'];
|
||||
if (array_key_exists('opendiscussion', $meta)) {
|
||||
$opendiscussion = $meta['opendiscussion'];
|
||||
unset($meta['opendiscussion']);
|
||||
}
|
||||
if (array_key_exists('burnafterreading', $paste['meta'])) {
|
||||
$burnafterreading = (bool) $paste['meta']['burnafterreading'];
|
||||
if (array_key_exists('burnafterreading', $meta)) {
|
||||
$burnafterreading = $meta['burnafterreading'];
|
||||
unset($meta['burnafterreading']);
|
||||
}
|
||||
if (array_key_exists('attachment', $paste['meta'])) {
|
||||
$attachment = $paste['meta']['attachment'];
|
||||
if ($isVersion1) {
|
||||
if (array_key_exists('attachment', $meta)) {
|
||||
$attachment = $meta['attachment'];
|
||||
unset($meta['attachment']);
|
||||
}
|
||||
if (array_key_exists('attachmentname', $paste['meta'])) {
|
||||
$attachmentname = $paste['meta']['attachmentname'];
|
||||
if (array_key_exists('attachmentname', $meta)) {
|
||||
$attachmentname = $meta['attachmentname'];
|
||||
unset($meta['attachmentname']);
|
||||
}
|
||||
} else {
|
||||
$opendiscussion = $paste['adata'][2];
|
||||
$burnafterreading = $paste['adata'][3];
|
||||
}
|
||||
return self::_exec(
|
||||
'INSERT INTO ' . self::_sanitizeIdentifier('paste') .
|
||||
' VALUES(?,?,?,?,?,?,?,?,?)',
|
||||
array(
|
||||
$pasteid,
|
||||
$paste['data'],
|
||||
$paste['meta']['postdate'],
|
||||
$isVersion1 ? $paste['data'] : Json::encode($paste),
|
||||
$created,
|
||||
$expire_date,
|
||||
(int) $opendiscussion,
|
||||
(int) $burnafterreading,
|
||||
json_encode($meta),
|
||||
Json::encode($meta),
|
||||
$attachment,
|
||||
$attachmentname,
|
||||
)
|
||||
|
@ -214,64 +220,62 @@ class Database extends AbstractData
|
|||
*
|
||||
* @access public
|
||||
* @param string $pasteid
|
||||
* @return stdClass|false
|
||||
* @return array|false
|
||||
*/
|
||||
public function read($pasteid)
|
||||
{
|
||||
if (
|
||||
!array_key_exists($pasteid, self::$_cache)
|
||||
) {
|
||||
if (array_key_exists($pasteid, self::$_cache)) {
|
||||
return self::$_cache[$pasteid];
|
||||
}
|
||||
|
||||
self::$_cache[$pasteid] = false;
|
||||
$paste = self::_select(
|
||||
'SELECT * FROM ' . self::_sanitizeIdentifier('paste') .
|
||||
' WHERE dataid = ?', array($pasteid), true
|
||||
);
|
||||
|
||||
if (false !== $paste) {
|
||||
// create object
|
||||
self::$_cache[$pasteid] = new stdClass;
|
||||
self::$_cache[$pasteid]->data = $paste['data'];
|
||||
|
||||
$meta = json_decode($paste['meta']);
|
||||
if (!is_object($meta)) {
|
||||
$meta = new stdClass;
|
||||
if ($paste === false) {
|
||||
return false;
|
||||
}
|
||||
// create array
|
||||
$data = Json::decode($paste['data']);
|
||||
$isVersion2 = array_key_exists('v', $data) && $data['v'] >= 2;
|
||||
if ($isVersion2) {
|
||||
self::$_cache[$pasteid] = $data;
|
||||
list($createdKey) = self::_getVersionedKeys(2);
|
||||
} else {
|
||||
self::$_cache[$pasteid] = array('data' => $paste['data']);
|
||||
list($createdKey) = self::_getVersionedKeys(1);
|
||||
}
|
||||
|
||||
// support older attachments
|
||||
if (property_exists($meta, 'attachment')) {
|
||||
self::$_cache[$pasteid]->attachment = $meta->attachment;
|
||||
unset($meta->attachment);
|
||||
if (property_exists($meta, 'attachmentname')) {
|
||||
self::$_cache[$pasteid]->attachmentname = $meta->attachmentname;
|
||||
unset($meta->attachmentname);
|
||||
try {
|
||||
$paste['meta'] = Json::decode($paste['meta']);
|
||||
} catch (Exception $e) {
|
||||
$paste['meta'] = array();
|
||||
}
|
||||
}
|
||||
// support current attachments
|
||||
elseif (array_key_exists('attachment', $paste) && strlen($paste['attachment'])) {
|
||||
self::$_cache[$pasteid]->attachment = $paste['attachment'];
|
||||
if (array_key_exists('attachmentname', $paste) && strlen($paste['attachmentname'])) {
|
||||
self::$_cache[$pasteid]->attachmentname = $paste['attachmentname'];
|
||||
}
|
||||
}
|
||||
self::$_cache[$pasteid]->meta = $meta;
|
||||
self::$_cache[$pasteid]->meta->postdate = (int) $paste['postdate'];
|
||||
$paste = self::upgradePreV1Format($paste);
|
||||
self::$_cache[$pasteid]['meta'] = $paste['meta'];
|
||||
self::$_cache[$pasteid]['meta'][$createdKey] = (int) $paste['postdate'];
|
||||
$expire_date = (int) $paste['expiredate'];
|
||||
if (
|
||||
$expire_date > 0
|
||||
) {
|
||||
self::$_cache[$pasteid]->meta->expire_date = $expire_date;
|
||||
if ($expire_date > 0) {
|
||||
self::$_cache[$pasteid]['meta']['expire_date'] = $expire_date;
|
||||
}
|
||||
if (
|
||||
$paste['opendiscussion']
|
||||
) {
|
||||
self::$_cache[$pasteid]->meta->opendiscussion = true;
|
||||
if ($isVersion2) {
|
||||
return self::$_cache[$pasteid];
|
||||
}
|
||||
if (
|
||||
$paste['burnafterreading']
|
||||
) {
|
||||
self::$_cache[$pasteid]->meta->burnafterreading = true;
|
||||
|
||||
// support v1 attachments
|
||||
if (array_key_exists('attachment', $paste) && strlen($paste['attachment'])) {
|
||||
self::$_cache[$pasteid]['attachment'] = $paste['attachment'];
|
||||
if (array_key_exists('attachmentname', $paste) && strlen($paste['attachmentname'])) {
|
||||
self::$_cache[$pasteid]['attachmentname'] = $paste['attachmentname'];
|
||||
}
|
||||
}
|
||||
if ($paste['opendiscussion']) {
|
||||
self::$_cache[$pasteid]['meta']['opendiscussion'] = true;
|
||||
}
|
||||
if ($paste['burnafterreading']) {
|
||||
self::$_cache[$pasteid]['meta']['burnafterreading'] = true;
|
||||
}
|
||||
|
||||
return self::$_cache[$pasteid];
|
||||
|
@ -327,11 +331,21 @@ class Database extends AbstractData
|
|||
* @param array $comment
|
||||
* @return bool
|
||||
*/
|
||||
public function createComment($pasteid, $parentid, $commentid, $comment)
|
||||
public function createComment($pasteid, $parentid, $commentid, array $comment)
|
||||
{
|
||||
foreach (array('nickname', 'vizhash') as $key) {
|
||||
if (!array_key_exists($key, $comment['meta'])) {
|
||||
$comment['meta'][$key] = null;
|
||||
if (array_key_exists('data', $comment)) {
|
||||
$version = 1;
|
||||
$data = $comment['data'];
|
||||
} else {
|
||||
$version = 2;
|
||||
$data = Json::encode($comment);
|
||||
}
|
||||
list($createdKey, $iconKey) = self::_getVersionedKeys($version);
|
||||
$meta = $comment['meta'];
|
||||
unset($comment['meta']);
|
||||
foreach (array('nickname', $iconKey) as $key) {
|
||||
if (!array_key_exists($key, $meta)) {
|
||||
$meta[$key] = null;
|
||||
}
|
||||
}
|
||||
return self::_exec(
|
||||
|
@ -341,10 +355,10 @@ class Database extends AbstractData
|
|||
$commentid,
|
||||
$pasteid,
|
||||
$parentid,
|
||||
$comment['data'],
|
||||
$comment['meta']['nickname'],
|
||||
$comment['meta']['vizhash'],
|
||||
$comment['meta']['postdate'],
|
||||
$data,
|
||||
$meta['nickname'],
|
||||
$meta[$iconKey],
|
||||
$meta[$createdKey],
|
||||
)
|
||||
);
|
||||
}
|
||||
|
@ -368,15 +382,21 @@ class Database extends AbstractData
|
|||
if (count($rows)) {
|
||||
foreach ($rows as $row) {
|
||||
$i = $this->getOpenSlot($comments, (int) $row['postdate']);
|
||||
$comments[$i] = new stdClass;
|
||||
$comments[$i]->id = $row['dataid'];
|
||||
$comments[$i]->parentid = $row['parentid'];
|
||||
$comments[$i]->data = $row['data'];
|
||||
$comments[$i]->meta = new stdClass;
|
||||
$comments[$i]->meta->postdate = (int) $row['postdate'];
|
||||
foreach (array('nickname', 'vizhash') as $key) {
|
||||
if (array_key_exists($key, $row) && !empty($row[$key])) {
|
||||
$comments[$i]->meta->$key = $row[$key];
|
||||
$data = Json::decode($row['data']);
|
||||
if (array_key_exists('v', $data) && $data['v'] >= 2) {
|
||||
$version = 2;
|
||||
$comments[$i] = $data;
|
||||
} else {
|
||||
$version = 1;
|
||||
$comments[$i] = array('data' => $row['data']);
|
||||
}
|
||||
list($createdKey, $iconKey) = self::_getVersionedKeys($version);
|
||||
$comments[$i]['id'] = $row['dataid'];
|
||||
$comments[$i]['parentid'] = $row['parentid'];
|
||||
$comments[$i]['meta'] = array($createdKey => (int) $row['postdate']);
|
||||
foreach (array('nickname' => 'nickname', 'vizhash' => $iconKey) as $rowKey => $commentKey) {
|
||||
if (array_key_exists($rowKey, $row) && !empty($row[$rowKey])) {
|
||||
$comments[$i]['meta'][$commentKey] = $row[$rowKey];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -415,7 +435,8 @@ class Database extends AbstractData
|
|||
$pastes = array();
|
||||
$rows = self::_select(
|
||||
'SELECT dataid FROM ' . self::_sanitizeIdentifier('paste') .
|
||||
' WHERE expiredate < ? AND expiredate != ? LIMIT ?', array(time(), 0, $batchsize)
|
||||
' WHERE expiredate < ? AND expiredate != ? LIMIT ?',
|
||||
array(time(), 0, $batchsize)
|
||||
);
|
||||
if (count($rows)) {
|
||||
foreach ($rows as $row) {
|
||||
|
@ -452,7 +473,7 @@ class Database extends AbstractData
|
|||
* @param array $params
|
||||
* @param bool $firstOnly if only the first row should be returned
|
||||
* @throws PDOException
|
||||
* @return array
|
||||
* @return array|false
|
||||
*/
|
||||
private static function _select($sql, array $params, $firstOnly = false)
|
||||
{
|
||||
|
@ -465,6 +486,22 @@ class Database extends AbstractData
|
|||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* get version dependent key names
|
||||
*
|
||||
* @access private
|
||||
* @static
|
||||
* @param int $version
|
||||
* @return array
|
||||
*/
|
||||
private static function _getVersionedKeys($version)
|
||||
{
|
||||
if ($version === 1) {
|
||||
return array('postdate', 'vizhash');
|
||||
}
|
||||
return array('created', 'icon');
|
||||
}
|
||||
|
||||
/**
|
||||
* get table list query, depending on the database type
|
||||
*
|
||||
|
@ -557,6 +594,30 @@ class Database extends AbstractData
|
|||
return array($main_key, $after_key);
|
||||
}
|
||||
|
||||
/**
|
||||
* get the data type, depending on the database driver
|
||||
*
|
||||
* @access private
|
||||
* @static
|
||||
* @return string
|
||||
*/
|
||||
private static function _getDataType()
|
||||
{
|
||||
return self::$_type === 'pgsql' ? 'TEXT' : 'BLOB';
|
||||
}
|
||||
|
||||
/**
|
||||
* get the attachment type, depending on the database driver
|
||||
*
|
||||
* @access private
|
||||
* @static
|
||||
* @return string
|
||||
*/
|
||||
private static function _getAttachmentType()
|
||||
{
|
||||
return self::$_type === 'pgsql' ? 'TEXT' : 'MEDIUMBLOB';
|
||||
}
|
||||
|
||||
/**
|
||||
* create the paste table
|
||||
*
|
||||
|
@ -566,7 +627,7 @@ class Database extends AbstractData
|
|||
private static function _createPasteTable()
|
||||
{
|
||||
list($main_key, $after_key) = self::_getPrimaryKeyClauses();
|
||||
$dataType = self::$_type === 'pgsql' ? 'TEXT' : 'BLOB';
|
||||
$dataType = self::_getDataType();
|
||||
self::$_db->exec(
|
||||
'CREATE TABLE ' . self::_sanitizeIdentifier('paste') . ' ( ' .
|
||||
"dataid CHAR(16) NOT NULL$main_key, " .
|
||||
|
@ -576,7 +637,7 @@ class Database extends AbstractData
|
|||
'opendiscussion INT, ' .
|
||||
'burnafterreading INT, ' .
|
||||
'meta TEXT, ' .
|
||||
'attachment ' . (self::$_type === 'pgsql' ? 'TEXT' : 'MEDIUMBLOB') . ', ' .
|
||||
'attachment ' . self::_getAttachmentType() . ', ' .
|
||||
"attachmentname $dataType$after_key );"
|
||||
);
|
||||
}
|
||||
|
@ -590,7 +651,7 @@ class Database extends AbstractData
|
|||
private static function _createCommentTable()
|
||||
{
|
||||
list($main_key, $after_key) = self::_getPrimaryKeyClauses();
|
||||
$dataType = self::$_type === 'pgsql' ? 'text' : 'BLOB';
|
||||
$dataType = self::_getDataType();
|
||||
self::$_db->exec(
|
||||
'CREATE TABLE ' . self::_sanitizeIdentifier('comment') . ' ( ' .
|
||||
"dataid CHAR(16) NOT NULL$main_key, " .
|
||||
|
@ -649,7 +710,7 @@ class Database extends AbstractData
|
|||
*/
|
||||
private static function _upgradeDatabase($oldversion)
|
||||
{
|
||||
$dataType = self::$_type === 'pgsql' ? 'TEXT' : 'BLOB';
|
||||
$dataType = self::_getDataType();
|
||||
switch ($oldversion) {
|
||||
case '0.21':
|
||||
// create the meta column if necessary (pre 0.21 change)
|
||||
|
@ -661,8 +722,7 @@ class Database extends AbstractData
|
|||
// SQLite only allows one ALTER statement at a time...
|
||||
self::$_db->exec(
|
||||
'ALTER TABLE ' . self::_sanitizeIdentifier('paste') .
|
||||
' ADD COLUMN attachment ' .
|
||||
(self::$_type === 'pgsql' ? 'TEXT' : 'MEDIUMBLOB') . ';'
|
||||
' ADD COLUMN attachment ' . self::_getAttachmentType() . ';'
|
||||
);
|
||||
self::$_db->exec(
|
||||
'ALTER TABLE ' . self::_sanitizeIdentifier('paste') . " ADD COLUMN attachmentname $dataType;"
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
namespace PrivateBin\Data;
|
||||
|
@ -29,7 +29,7 @@ class Filesystem extends AbstractData
|
|||
* @param array $options
|
||||
* @return Filesystem
|
||||
*/
|
||||
public static function getInstance($options = null)
|
||||
public static function getInstance(array $options)
|
||||
{
|
||||
// if needed initialize the singleton
|
||||
if (!(self::$_instance instanceof self)) {
|
||||
|
@ -53,7 +53,7 @@ class Filesystem extends AbstractData
|
|||
* @param array $paste
|
||||
* @return bool
|
||||
*/
|
||||
public function create($pasteid, $paste)
|
||||
public function create($pasteid, array $paste)
|
||||
{
|
||||
$storagedir = self::_dataid2path($pasteid);
|
||||
$file = $storagedir . $pasteid . '.php';
|
||||
|
@ -71,23 +71,16 @@ class Filesystem extends AbstractData
|
|||
*
|
||||
* @access public
|
||||
* @param string $pasteid
|
||||
* @return \stdClass|false
|
||||
* @return array|false
|
||||
*/
|
||||
public function read($pasteid)
|
||||
{
|
||||
if (!$this->exists($pasteid)) {
|
||||
return false;
|
||||
}
|
||||
$paste = DataStore::get(self::_dataid2path($pasteid) . $pasteid . '.php');
|
||||
if (property_exists($paste->meta, 'attachment')) {
|
||||
$paste->attachment = $paste->meta->attachment;
|
||||
unset($paste->meta->attachment);
|
||||
if (property_exists($paste->meta, 'attachmentname')) {
|
||||
$paste->attachmentname = $paste->meta->attachmentname;
|
||||
unset($paste->meta->attachmentname);
|
||||
}
|
||||
}
|
||||
return $paste;
|
||||
return self::upgradePreV1Format(
|
||||
DataStore::get(self::_dataid2path($pasteid) . $pasteid . '.php')
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -162,7 +155,7 @@ class Filesystem extends AbstractData
|
|||
* @param array $comment
|
||||
* @return bool
|
||||
*/
|
||||
public function createComment($pasteid, $parentid, $commentid, $comment)
|
||||
public function createComment($pasteid, $parentid, $commentid, array $comment)
|
||||
{
|
||||
$storagedir = self::_dataid2discussionpath($pasteid);
|
||||
$file = $storagedir . $pasteid . '.' . $commentid . '.' . $parentid . '.php';
|
||||
|
@ -197,11 +190,11 @@ class Filesystem extends AbstractData
|
|||
$comment = DataStore::get($discdir . $filename);
|
||||
$items = explode('.', $filename);
|
||||
// Add some meta information not contained in file.
|
||||
$comment->id = $items[1];
|
||||
$comment->parentid = $items[2];
|
||||
$comment['id'] = $items[1];
|
||||
$comment['parentid'] = $items[2];
|
||||
|
||||
// Store in array
|
||||
$key = $this->getOpenSlot($comments, (int) $comment->meta->postdate);
|
||||
$key = $this->getOpenSlot($comments, (int) $comment['meta']['created']);
|
||||
$comments[$key] = $comment;
|
||||
}
|
||||
}
|
||||
|
@ -290,8 +283,8 @@ class Filesystem extends AbstractData
|
|||
if ($this->exists($pasteid)) {
|
||||
$data = $this->read($pasteid);
|
||||
if (
|
||||
property_exists($data->meta, 'expire_date') &&
|
||||
$data->meta->expire_date < time()
|
||||
array_key_exists('expire_date', $data['meta']) &&
|
||||
$data['meta']['expire_date'] < time()
|
||||
) {
|
||||
$pastes[] = $pasteid;
|
||||
if (count($pastes) >= $batchsize) {
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
namespace PrivateBin;
|
||||
|
|
127
lib/FormatV2.php
Normal file
127
lib/FormatV2.php
Normal file
|
@ -0,0 +1,127 @@
|
|||
<?php
|
||||
/**
|
||||
* PrivateBin
|
||||
*
|
||||
* a zero-knowledge paste bin
|
||||
*
|
||||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
namespace PrivateBin;
|
||||
|
||||
/**
|
||||
* FormatV2
|
||||
*
|
||||
* Provides validation function for version 2 format of pastes & comments.
|
||||
*/
|
||||
class FormatV2
|
||||
{
|
||||
/**
|
||||
* version 2 format validator
|
||||
*
|
||||
* Checks if the given array is a proper version 2 formatted, encrypted message.
|
||||
*
|
||||
* @access public
|
||||
* @static
|
||||
* @param array $message
|
||||
* @param bool $isComment
|
||||
* @return bool
|
||||
*/
|
||||
public static function isValid($message, $isComment = false)
|
||||
{
|
||||
$required_keys = array('adata', 'v', 'ct');
|
||||
if ($isComment) {
|
||||
$required_keys[] = 'pasteid';
|
||||
$required_keys[] = 'parentid';
|
||||
} else {
|
||||
$required_keys[] = 'meta';
|
||||
}
|
||||
|
||||
// Make sure no additionnal keys were added.
|
||||
if (count(array_keys($message)) != count($required_keys)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Make sure required fields are present.
|
||||
foreach ($required_keys as $k) {
|
||||
if (!array_key_exists($k, $message)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
$cipherParams = $isComment ? $message['adata'] : $message['adata'][0];
|
||||
|
||||
// Make sure some fields are base64 data:
|
||||
// - initialization vector
|
||||
if (!base64_decode($cipherParams[0], true)) {
|
||||
return false;
|
||||
}
|
||||
// - salt
|
||||
if (!base64_decode($cipherParams[1], true)) {
|
||||
return false;
|
||||
}
|
||||
// - cipher text
|
||||
if (!($ct = base64_decode($message['ct'], true))) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Make sure some fields have a reasonable size:
|
||||
// - initialization vector
|
||||
if (strlen($cipherParams[0]) > 24) {
|
||||
return false;
|
||||
}
|
||||
// - salt
|
||||
if (strlen($cipherParams[1]) > 14) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Make sure some fields contain no unsupported values:
|
||||
// - version
|
||||
if (!(is_int($message['v']) || is_float($message['v'])) || (float) $message['v'] < 2) {
|
||||
return false;
|
||||
}
|
||||
// - iterations, refuse less then 10000 iterations (minimum NIST recommendation)
|
||||
if (!is_int($cipherParams[2]) || $cipherParams[2] <= 10000) {
|
||||
return false;
|
||||
}
|
||||
// - key size
|
||||
if (!in_array($cipherParams[3], array(128, 192, 256), true)) {
|
||||
return false;
|
||||
}
|
||||
// - tag size
|
||||
if (!in_array($cipherParams[4], array(64, 96, 128), true)) {
|
||||
return false;
|
||||
}
|
||||
// - algorithm, must be AES
|
||||
if ($cipherParams[5] !== 'aes') {
|
||||
return false;
|
||||
}
|
||||
// - mode
|
||||
if (!in_array($cipherParams[6], array('ctr', 'cbc', 'gcm'), true)) {
|
||||
return false;
|
||||
}
|
||||
// - compression
|
||||
if (!in_array($cipherParams[7], array('zlib', 'none'), true)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Reject data if entropy is too low
|
||||
if (strlen($ct) > strlen(gzdeflate($ct))) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// require only the key 'expire' in the metadata of pastes
|
||||
if (!$isComment && (
|
||||
count($message['meta']) === 0 ||
|
||||
!array_key_exists('expire', $message['meta']) ||
|
||||
count($message['meta']) > 1
|
||||
)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
13
lib/I18n.php
13
lib/I18n.php
|
@ -7,7 +7,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
namespace PrivateBin;
|
||||
|
@ -156,9 +156,8 @@ class I18n
|
|||
|
||||
// load translations
|
||||
self::$_language = $match;
|
||||
self::$_translations = ($match == 'en') ? array() : json_decode(
|
||||
file_get_contents(self::_getPath($match . '.json')),
|
||||
true
|
||||
self::$_translations = ($match == 'en') ? array() : Json::decode(
|
||||
file_get_contents(self::_getPath($match . '.json'))
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -244,7 +243,7 @@ class I18n
|
|||
{
|
||||
$file = self::_getPath('languages.json');
|
||||
if (count(self::$_languageLabels) == 0 && is_readable($file)) {
|
||||
self::$_languageLabels = json_decode(file_get_contents($file), true);
|
||||
self::$_languageLabels = Json::decode(file_get_contents($file));
|
||||
}
|
||||
if (count($languages) == 0) {
|
||||
return self::$_languageLabels;
|
||||
|
@ -295,6 +294,8 @@ class I18n
|
|||
protected static function _getPluralForm($n)
|
||||
{
|
||||
switch (self::$_language) {
|
||||
case 'cs':
|
||||
return $n == 1 ? 0 : ($n >= 2 && $n <= 4 ? 1 : 2);
|
||||
case 'fr':
|
||||
case 'oc':
|
||||
case 'zh':
|
||||
|
@ -305,7 +306,7 @@ class I18n
|
|||
return $n % 10 == 1 && $n % 100 != 11 ? 0 : ($n % 10 >= 2 && $n % 10 <= 4 && ($n % 100 < 10 || $n % 100 >= 20) ? 1 : 2);
|
||||
case 'sl':
|
||||
return $n % 100 == 1 ? 1 : ($n % 100 == 2 ? 2 : ($n % 100 == 3 || $n % 100 == 4 ? 3 : 0));
|
||||
// de, en, es, hu, it, nl, no, pt
|
||||
// bg, de, en, es, hu, it, nl, no, pt
|
||||
default:
|
||||
return $n != 1 ? 1 : 0;
|
||||
}
|
||||
|
|
34
lib/Json.php
34
lib/Json.php
|
@ -7,7 +7,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
namespace PrivateBin;
|
||||
|
@ -33,9 +33,39 @@ class Json
|
|||
public static function encode($input)
|
||||
{
|
||||
$jsonString = json_encode($input);
|
||||
self::_detectError();
|
||||
return $jsonString;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns an array with the contents as described in the given JSON input
|
||||
*
|
||||
* @access public
|
||||
* @static
|
||||
* @param string $input
|
||||
* @throws Exception
|
||||
* @return array
|
||||
*/
|
||||
public static function decode($input)
|
||||
{
|
||||
$array = json_decode($input, true);
|
||||
self::_detectError();
|
||||
return $array;
|
||||
}
|
||||
|
||||
/**
|
||||
* Detects JSON errors and raises an exception if one is found
|
||||
*
|
||||
* @access private
|
||||
* @static
|
||||
* @throws Exception
|
||||
* @return void
|
||||
*/
|
||||
private static function _detectError()
|
||||
{
|
||||
$errorCode = json_last_error();
|
||||
if ($errorCode === JSON_ERROR_NONE) {
|
||||
return $jsonString;
|
||||
return;
|
||||
}
|
||||
|
||||
$message = 'A JSON error occurred';
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
namespace PrivateBin;
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
namespace PrivateBin\Model;
|
||||
|
@ -15,8 +15,6 @@ namespace PrivateBin\Model;
|
|||
use Exception;
|
||||
use PrivateBin\Configuration;
|
||||
use PrivateBin\Data\AbstractData;
|
||||
use PrivateBin\Sjcl;
|
||||
use stdClass;
|
||||
|
||||
/**
|
||||
* AbstractModel
|
||||
|
@ -37,9 +35,9 @@ abstract class AbstractModel
|
|||
* Instance data.
|
||||
*
|
||||
* @access protected
|
||||
* @var stdClass
|
||||
* @var array
|
||||
*/
|
||||
protected $_data;
|
||||
protected $_data = array('meta' => array());
|
||||
|
||||
/**
|
||||
* Configuration.
|
||||
|
@ -68,8 +66,6 @@ abstract class AbstractModel
|
|||
{
|
||||
$this->_conf = $configuration;
|
||||
$this->_store = $storage;
|
||||
$this->_data = new stdClass;
|
||||
$this->_data->meta = new stdClass;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -102,28 +98,29 @@ abstract class AbstractModel
|
|||
* Set data and recalculate ID.
|
||||
*
|
||||
* @access public
|
||||
* @param string $data
|
||||
* @param array $data
|
||||
* @throws Exception
|
||||
*/
|
||||
public function setData($data)
|
||||
public function setData(array $data)
|
||||
{
|
||||
if (!Sjcl::isValid($data)) {
|
||||
throw new Exception('Invalid data.', 61);
|
||||
}
|
||||
$this->_data->data = $data;
|
||||
$data = $this->_sanitize($data);
|
||||
$this->_validate($data);
|
||||
$this->_data = $data;
|
||||
|
||||
// We just want a small hash to avoid collisions:
|
||||
// Half-MD5 (64 bits) will do the trick
|
||||
$this->setId(substr(hash('md5', $data), 0, 16));
|
||||
// calculate a 64 bit checksum to avoid collisions
|
||||
$this->setId(hash(version_compare(PHP_VERSION, '5.6', '<') ? 'fnv164' : 'fnv1a64', $data['ct']));
|
||||
}
|
||||
|
||||
/**
|
||||
* Get instance data.
|
||||
*
|
||||
* @access public
|
||||
* @return stdClass
|
||||
* @return array
|
||||
*/
|
||||
abstract public function get();
|
||||
public function get()
|
||||
{
|
||||
return $this->_data;
|
||||
}
|
||||
|
||||
/**
|
||||
* Store the instance's data.
|
||||
|
@ -161,4 +158,24 @@ abstract class AbstractModel
|
|||
{
|
||||
return (bool) preg_match('#\A[a-f\d]{16}\z#', (string) $id);
|
||||
}
|
||||
|
||||
/**
|
||||
* Sanitizes data to conform with current configuration.
|
||||
*
|
||||
* @access protected
|
||||
* @param array $data
|
||||
* @return array
|
||||
*/
|
||||
abstract protected function _sanitize(array $data);
|
||||
|
||||
/**
|
||||
* Validate data.
|
||||
*
|
||||
* @access protected
|
||||
* @param array $data
|
||||
* @throws Exception
|
||||
*/
|
||||
protected function _validate(array $data)
|
||||
{
|
||||
}
|
||||
}
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
namespace PrivateBin\Model;
|
||||
|
@ -15,7 +15,6 @@ namespace PrivateBin\Model;
|
|||
use Exception;
|
||||
use Identicon\Identicon;
|
||||
use PrivateBin\Persistence\TrafficLimiter;
|
||||
use PrivateBin\Sjcl;
|
||||
use PrivateBin\Vizhash16x16;
|
||||
|
||||
/**
|
||||
|
@ -33,29 +32,6 @@ class Comment extends AbstractModel
|
|||
*/
|
||||
private $_paste;
|
||||
|
||||
/**
|
||||
* Get comment data.
|
||||
*
|
||||
* @access public
|
||||
* @throws Exception
|
||||
* @return \stdClass
|
||||
*/
|
||||
public function get()
|
||||
{
|
||||
// @todo add support to read specific comment
|
||||
$comments = $this->_store->readComments($this->getPaste()->getId());
|
||||
foreach ($comments as $comment) {
|
||||
if (
|
||||
$comment->parentid == $this->getParentId() &&
|
||||
$comment->id == $this->getId()
|
||||
) {
|
||||
$this->_data = $comment;
|
||||
break;
|
||||
}
|
||||
}
|
||||
return $this->_data;
|
||||
}
|
||||
|
||||
/**
|
||||
* Store the comment's data.
|
||||
*
|
||||
|
@ -80,7 +56,7 @@ class Comment extends AbstractModel
|
|||
throw new Exception('You are unlucky. Try again.', 69);
|
||||
}
|
||||
|
||||
$this->_data->meta->postdate = time();
|
||||
$this->_data['meta']['created'] = time();
|
||||
|
||||
// store comment
|
||||
if (
|
||||
|
@ -88,7 +64,7 @@ class Comment extends AbstractModel
|
|||
$pasteid,
|
||||
$this->getParentId(),
|
||||
$this->getId(),
|
||||
json_decode(json_encode($this->_data), true)
|
||||
$this->_data
|
||||
) === false
|
||||
) {
|
||||
throw new Exception('Error saving comment. Sorry.', 70);
|
||||
|
@ -131,7 +107,7 @@ class Comment extends AbstractModel
|
|||
public function setPaste(Paste $paste)
|
||||
{
|
||||
$this->_paste = $paste;
|
||||
$this->_data->meta->pasteid = $paste->getId();
|
||||
$this->_data['pasteid'] = $paste->getId();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -157,7 +133,7 @@ class Comment extends AbstractModel
|
|||
if (!self::isValidId($id)) {
|
||||
throw new Exception('Invalid paste ID.', 65);
|
||||
}
|
||||
$this->_data->meta->parentid = $id;
|
||||
$this->_data['parentid'] = $id;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -168,29 +144,22 @@ class Comment extends AbstractModel
|
|||
*/
|
||||
public function getParentId()
|
||||
{
|
||||
if (!property_exists($this->_data->meta, 'parentid')) {
|
||||
$this->_data->meta->parentid = '';
|
||||
if (!array_key_exists('parentid', $this->_data)) {
|
||||
$this->_data['parentid'] = $this->getPaste()->getId();
|
||||
}
|
||||
return $this->_data->meta->parentid;
|
||||
return $this->_data['parentid'];
|
||||
}
|
||||
|
||||
/**
|
||||
* Set nickname.
|
||||
* Sanitizes data to conform with current configuration.
|
||||
*
|
||||
* @access public
|
||||
* @param string $nickname
|
||||
* @throws Exception
|
||||
* @access protected
|
||||
* @param array $data
|
||||
* @return array
|
||||
*/
|
||||
public function setNickname($nickname)
|
||||
protected function _sanitize(array $data)
|
||||
{
|
||||
if (!Sjcl::isValid($nickname)) {
|
||||
throw new Exception('Invalid data.', 66);
|
||||
}
|
||||
$this->_data->meta->nickname = $nickname;
|
||||
|
||||
// If a nickname is provided, we generate an icon based on a SHA512 HMAC
|
||||
// of the users IP. (We assume that if the user did not enter a nickname,
|
||||
// the user wants to be anonymous and we will not generate an icon.)
|
||||
// we generate an icon based on a SHA512 HMAC of the users IP, if configured
|
||||
$icon = $this->_conf->getKey('icon');
|
||||
if ($icon != 'none') {
|
||||
$pngdata = '';
|
||||
|
@ -205,9 +174,12 @@ class Comment extends AbstractModel
|
|||
);
|
||||
}
|
||||
if ($pngdata != '') {
|
||||
$this->_data->meta->vizhash = $pngdata;
|
||||
if (!array_key_exists('meta', $data)) {
|
||||
$data['meta'] = array();
|
||||
}
|
||||
$data['meta']['icon'] = $pngdata;
|
||||
}
|
||||
}
|
||||
// Once the icon is generated, we do not keep the IP address hash.
|
||||
return $data;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
namespace PrivateBin\Model;
|
||||
|
@ -15,7 +15,6 @@ namespace PrivateBin\Model;
|
|||
use Exception;
|
||||
use PrivateBin\Controller;
|
||||
use PrivateBin\Persistence\ServerSalt;
|
||||
use PrivateBin\Sjcl;
|
||||
|
||||
/**
|
||||
* Paste
|
||||
|
@ -28,8 +27,8 @@ class Paste extends AbstractModel
|
|||
* Get paste data.
|
||||
*
|
||||
* @access public
|
||||
* @throws \Exception
|
||||
* @return \stdClass
|
||||
* @throws Exception
|
||||
* @return array
|
||||
*/
|
||||
public function get()
|
||||
{
|
||||
|
@ -39,45 +38,44 @@ class Paste extends AbstractModel
|
|||
}
|
||||
|
||||
// check if paste has expired and delete it if neccessary.
|
||||
if (property_exists($data->meta, 'expire_date')) {
|
||||
if ($data->meta->expire_date < time()) {
|
||||
if (array_key_exists('expire_date', $data['meta'])) {
|
||||
if ($data['meta']['expire_date'] < time()) {
|
||||
$this->delete();
|
||||
throw new Exception(Controller::GENERIC_ERROR, 63);
|
||||
}
|
||||
// We kindly provide the remaining time before expiration (in seconds)
|
||||
$data->meta->remaining_time = $data->meta->expire_date - time();
|
||||
$data['meta']['time_to_live'] = $data['meta']['expire_date'] - time();
|
||||
unset($data['meta']['expire_date']);
|
||||
}
|
||||
|
||||
// check if non-expired burn after reading paste needs to be deleted
|
||||
if (property_exists($data->meta, 'burnafterreading') && $data->meta->burnafterreading) {
|
||||
if (
|
||||
(array_key_exists('adata', $data) && $data['adata'][3] === 1) ||
|
||||
(array_key_exists('burnafterreading', $data['meta']) && $data['meta']['burnafterreading'])
|
||||
) {
|
||||
$this->delete();
|
||||
}
|
||||
|
||||
// set formatter for for the view.
|
||||
if (!property_exists($data->meta, 'formatter')) {
|
||||
// set formatter for the view in version 1 pastes.
|
||||
if (array_key_exists('data', $data) && !array_key_exists('formatter', $data['meta'])) {
|
||||
// support < 0.21 syntax highlighting
|
||||
if (property_exists($data->meta, 'syntaxcoloring') && $data->meta->syntaxcoloring === true) {
|
||||
$data->meta->formatter = 'syntaxhighlighting';
|
||||
if (array_key_exists('syntaxcoloring', $data['meta']) && $data['meta']['syntaxcoloring'] === true) {
|
||||
$data['meta']['formatter'] = 'syntaxhighlighting';
|
||||
} else {
|
||||
$data->meta->formatter = $this->_conf->getKey('defaultformatter');
|
||||
$data['meta']['formatter'] = $this->_conf->getKey('defaultformatter');
|
||||
}
|
||||
}
|
||||
|
||||
// support old paste format with server wide salt
|
||||
if (!property_exists($data->meta, 'salt')) {
|
||||
$data->meta->salt = ServerSalt::get();
|
||||
if (!array_key_exists('salt', $data['meta'])) {
|
||||
$data['meta']['salt'] = ServerSalt::get();
|
||||
}
|
||||
$data->comments = array_values($this->getComments());
|
||||
$data->comment_count = count($data->comments);
|
||||
$data->comment_offset = 0;
|
||||
$data->{'@context'} = 'js/paste.jsonld';
|
||||
$data['comments'] = array_values($this->getComments());
|
||||
$data['comment_count'] = count($data['comments']);
|
||||
$data['comment_offset'] = 0;
|
||||
$data['@context'] = '?jsonld=paste';
|
||||
$this->_data = $data;
|
||||
|
||||
// If the paste was meant to be read only once, delete it.
|
||||
if ($this->isBurnafterreading()) {
|
||||
$this->delete();
|
||||
}
|
||||
|
||||
return $this->_data;
|
||||
}
|
||||
|
||||
|
@ -94,14 +92,14 @@ class Paste extends AbstractModel
|
|||
throw new Exception('You are unlucky. Try again.', 75);
|
||||
}
|
||||
|
||||
$this->_data->meta->postdate = time();
|
||||
$this->_data->meta->salt = serversalt::generate();
|
||||
$this->_data['meta']['created'] = time();
|
||||
$this->_data['meta']['salt'] = serversalt::generate();
|
||||
|
||||
// store paste
|
||||
if (
|
||||
$this->_store->create(
|
||||
$this->getId(),
|
||||
json_decode(json_encode($this->_data), true)
|
||||
$this->_data
|
||||
) === false
|
||||
) {
|
||||
throw new Exception('Error saving paste. Sorry.', 76);
|
||||
|
@ -139,7 +137,7 @@ class Paste extends AbstractModel
|
|||
* @throws Exception
|
||||
* @return Comment
|
||||
*/
|
||||
public function getComment($parentId, $commentId = null)
|
||||
public function getComment($parentId, $commentId = '')
|
||||
{
|
||||
if (!$this->exists()) {
|
||||
throw new Exception('Invalid data.', 62);
|
||||
|
@ -147,7 +145,7 @@ class Paste extends AbstractModel
|
|||
$comment = new Comment($this->_conf, $this->_store);
|
||||
$comment->setPaste($this);
|
||||
$comment->setParentId($parentId);
|
||||
if ($commentId !== null) {
|
||||
if ($commentId !== '') {
|
||||
$comment->setId($commentId);
|
||||
}
|
||||
return $comment;
|
||||
|
@ -176,140 +174,16 @@ class Paste extends AbstractModel
|
|||
*/
|
||||
public function getDeleteToken()
|
||||
{
|
||||
if (!property_exists($this->_data->meta, 'salt')) {
|
||||
if (!array_key_exists('salt', $this->_data['meta'])) {
|
||||
$this->get();
|
||||
}
|
||||
return hash_hmac(
|
||||
$this->_conf->getKey('zerobincompatibility') ? 'sha1' : 'sha256',
|
||||
$this->getId(),
|
||||
$this->_data->meta->salt
|
||||
$this->_data['meta']['salt']
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Set paste's attachment.
|
||||
*
|
||||
* @access public
|
||||
* @param string $attachment
|
||||
* @throws Exception
|
||||
*/
|
||||
public function setAttachment($attachment)
|
||||
{
|
||||
if (!$this->_conf->getKey('fileupload') || !Sjcl::isValid($attachment)) {
|
||||
throw new Exception('Invalid attachment.', 71);
|
||||
}
|
||||
$this->_data->meta->attachment = $attachment;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set paste's attachment name.
|
||||
*
|
||||
* @access public
|
||||
* @param string $attachmentname
|
||||
* @throws Exception
|
||||
*/
|
||||
public function setAttachmentName($attachmentname)
|
||||
{
|
||||
if (!$this->_conf->getKey('fileupload') || !Sjcl::isValid($attachmentname)) {
|
||||
throw new Exception('Invalid attachment.', 72);
|
||||
}
|
||||
$this->_data->meta->attachmentname = $attachmentname;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set paste expiration.
|
||||
*
|
||||
* @access public
|
||||
* @param string $expiration
|
||||
*/
|
||||
public function setExpiration($expiration)
|
||||
{
|
||||
$expire_options = $this->_conf->getSection('expire_options');
|
||||
if (array_key_exists($expiration, $expire_options)) {
|
||||
$expire = $expire_options[$expiration];
|
||||
} else {
|
||||
// using getKey() to ensure a default value is present
|
||||
$expire = $this->_conf->getKey($this->_conf->getKey('default', 'expire'), 'expire_options');
|
||||
}
|
||||
if ($expire > 0) {
|
||||
$this->_data->meta->expire_date = time() + $expire;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Set paste's burn-after-reading type.
|
||||
*
|
||||
* @access public
|
||||
* @param string $burnafterreading
|
||||
* @throws Exception
|
||||
*/
|
||||
public function setBurnafterreading($burnafterreading = '1')
|
||||
{
|
||||
if ($burnafterreading === '0') {
|
||||
$this->_data->meta->burnafterreading = false;
|
||||
} else {
|
||||
if ($burnafterreading !== '1') {
|
||||
throw new Exception('Invalid data.', 73);
|
||||
}
|
||||
$this->_data->meta->burnafterreading = true;
|
||||
$this->_data->meta->opendiscussion = false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Set paste's discussion state.
|
||||
*
|
||||
* @access public
|
||||
* @param string $opendiscussion
|
||||
* @throws Exception
|
||||
*/
|
||||
public function setOpendiscussion($opendiscussion = '1')
|
||||
{
|
||||
if (
|
||||
!$this->_conf->getKey('discussion') ||
|
||||
$this->isBurnafterreading() ||
|
||||
$opendiscussion === '0'
|
||||
) {
|
||||
$this->_data->meta->opendiscussion = false;
|
||||
} else {
|
||||
if ($opendiscussion !== '1') {
|
||||
throw new Exception('Invalid data.', 74);
|
||||
}
|
||||
$this->_data->meta->opendiscussion = true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Set paste's format.
|
||||
*
|
||||
* @access public
|
||||
* @param string $format
|
||||
* @throws Exception
|
||||
*/
|
||||
public function setFormatter($format)
|
||||
{
|
||||
if (!array_key_exists($format, $this->_conf->getSection('formatter_options'))) {
|
||||
$format = $this->_conf->getKey('defaultformatter');
|
||||
}
|
||||
$this->_data->meta->formatter = $format;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if paste is of burn-after-reading type.
|
||||
*
|
||||
* @access public
|
||||
* @throws Exception
|
||||
* @return bool
|
||||
*/
|
||||
public function isBurnafterreading()
|
||||
{
|
||||
if (!property_exists($this->_data, 'data')) {
|
||||
$this->get();
|
||||
}
|
||||
return property_exists($this->_data->meta, 'burnafterreading') &&
|
||||
$this->_data->meta->burnafterreading === true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if paste has discussions enabled.
|
||||
*
|
||||
|
@ -319,10 +193,66 @@ class Paste extends AbstractModel
|
|||
*/
|
||||
public function isOpendiscussion()
|
||||
{
|
||||
if (!property_exists($this->_data, 'data')) {
|
||||
if (!array_key_exists('adata', $this->_data) && !array_key_exists('data', $this->_data)) {
|
||||
$this->get();
|
||||
}
|
||||
return property_exists($this->_data->meta, 'opendiscussion') &&
|
||||
$this->_data->meta->opendiscussion === true;
|
||||
return
|
||||
(array_key_exists('adata', $this->_data) && $this->_data['adata'][2] === 1) ||
|
||||
(array_key_exists('opendiscussion', $this->_data['meta']) && $this->_data['meta']['opendiscussion']);
|
||||
}
|
||||
|
||||
/**
|
||||
* Sanitizes data to conform with current configuration.
|
||||
*
|
||||
* @access protected
|
||||
* @param array $data
|
||||
* @return array
|
||||
*/
|
||||
protected function _sanitize(array $data)
|
||||
{
|
||||
$expiration = $data['meta']['expire'];
|
||||
unset($data['meta']['expire']);
|
||||
$expire_options = $this->_conf->getSection('expire_options');
|
||||
if (array_key_exists($expiration, $expire_options)) {
|
||||
$expire = $expire_options[$expiration];
|
||||
} else {
|
||||
// using getKey() to ensure a default value is present
|
||||
$expire = $this->_conf->getKey($this->_conf->getKey('default', 'expire'), 'expire_options');
|
||||
}
|
||||
if ($expire > 0) {
|
||||
$data['meta']['expire_date'] = time() + $expire;
|
||||
}
|
||||
return $data;
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate data.
|
||||
*
|
||||
* @access protected
|
||||
* @param array $data
|
||||
* @throws Exception
|
||||
*/
|
||||
protected function _validate(array $data)
|
||||
{
|
||||
// reject invalid or disabled formatters
|
||||
if (!array_key_exists($data['adata'][1], $this->_conf->getSection('formatter_options'))) {
|
||||
throw new Exception('Invalid data.', 75);
|
||||
}
|
||||
|
||||
// discussion requested, but disabled in config or burn after reading requested as well, or invalid integer
|
||||
if (
|
||||
($data['adata'][2] === 1 && ( // open discussion flag
|
||||
!$this->_conf->getKey('discussion') ||
|
||||
$data['adata'][3] === 1 // burn after reading flag
|
||||
)) ||
|
||||
($data['adata'][2] !== 0 && $data['adata'][2] !== 1)
|
||||
) {
|
||||
throw new Exception('Invalid data.', 74);
|
||||
}
|
||||
|
||||
// reject invalid burn after reading
|
||||
if ($data['adata'][3] !== 0 && $data['adata'][3] !== 1) {
|
||||
throw new Exception('Invalid data.', 73);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
namespace PrivateBin\Persistence;
|
||||
|
|
|
@ -45,7 +45,10 @@ class DataStore extends AbstractPersistence
|
|||
$filename = substr($filename, strlen($path));
|
||||
}
|
||||
try {
|
||||
self::_store($filename, self::PROTECTION_LINE . PHP_EOL . Json::encode($data));
|
||||
self::_store(
|
||||
$filename,
|
||||
self::PROTECTION_LINE . PHP_EOL . Json::encode($data)
|
||||
);
|
||||
return true;
|
||||
} catch (Exception $e) {
|
||||
return false;
|
||||
|
@ -58,11 +61,16 @@ class DataStore extends AbstractPersistence
|
|||
* @access public
|
||||
* @static
|
||||
* @param string $filename
|
||||
* @return \stdClass|false $data
|
||||
* @return array|false $data
|
||||
*/
|
||||
public static function get($filename)
|
||||
{
|
||||
return json_decode(substr(file_get_contents($filename), strlen(self::PROTECTION_LINE . PHP_EOL)));
|
||||
return Json::decode(
|
||||
substr(
|
||||
file_get_contents($filename),
|
||||
strlen(self::PROTECTION_LINE . PHP_EOL)
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
namespace PrivateBin\Persistence;
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
namespace PrivateBin\Persistence;
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
namespace PrivateBin\Persistence;
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
namespace PrivateBin;
|
||||
|
@ -107,10 +107,10 @@ class Request
|
|||
switch (array_key_exists('REQUEST_METHOD', $_SERVER) ? $_SERVER['REQUEST_METHOD'] : 'GET') {
|
||||
case 'DELETE':
|
||||
case 'PUT':
|
||||
parse_str(file_get_contents(self::$_inputStream), $this->_params);
|
||||
break;
|
||||
case 'POST':
|
||||
$this->_params = $_POST;
|
||||
$this->_params = Json::decode(
|
||||
file_get_contents(self::$_inputStream)
|
||||
);
|
||||
break;
|
||||
default:
|
||||
$this->_params = $_GET;
|
||||
|
@ -126,8 +126,8 @@ class Request
|
|||
|
||||
// prepare operation, depending on current parameters
|
||||
if (
|
||||
(array_key_exists('data', $this->_params) && !empty($this->_params['data'])) ||
|
||||
(array_key_exists('attachment', $this->_params) && !empty($this->_params['attachment']))
|
||||
array_key_exists('ct', $this->_params) &&
|
||||
!empty($this->_params['ct'])
|
||||
) {
|
||||
$this->_operation = 'create';
|
||||
} elseif (array_key_exists('pasteid', $this->_params) && !empty($this->_params['pasteid'])) {
|
||||
|
@ -152,6 +152,33 @@ class Request
|
|||
return $this->_operation;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get data of paste or comment
|
||||
*
|
||||
* @access public
|
||||
* @return array
|
||||
*/
|
||||
public function getData()
|
||||
{
|
||||
$data = array(
|
||||
'adata' => $this->getParam('adata'),
|
||||
);
|
||||
$required_keys = array('v', 'ct');
|
||||
$meta = $this->getParam('meta');
|
||||
if (empty($meta)) {
|
||||
$required_keys[] = 'pasteid';
|
||||
$required_keys[] = 'parentid';
|
||||
} else {
|
||||
$data['meta'] = $meta;
|
||||
}
|
||||
foreach ($required_keys as $key) {
|
||||
$data[$key] = $this->getParam($key);
|
||||
}
|
||||
// forcing a cast to int or float
|
||||
$data['v'] = $data['v'] + 0;
|
||||
return $data;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a request parameter
|
||||
*
|
||||
|
@ -175,7 +202,9 @@ class Request
|
|||
public function getRequestUri()
|
||||
{
|
||||
return array_key_exists('REQUEST_URI', $_SERVER) ?
|
||||
htmlspecialchars($_SERVER['REQUEST_URI']) : '/';
|
||||
htmlspecialchars(
|
||||
parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH)
|
||||
) : '/';
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
103
lib/Sjcl.php
103
lib/Sjcl.php
|
@ -1,103 +0,0 @@
|
|||
<?php
|
||||
/**
|
||||
* PrivateBin
|
||||
*
|
||||
* a zero-knowledge paste bin
|
||||
*
|
||||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
*/
|
||||
|
||||
namespace PrivateBin;
|
||||
|
||||
/**
|
||||
* Sjcl
|
||||
*
|
||||
* Provides SJCL validation function.
|
||||
*/
|
||||
class Sjcl
|
||||
{
|
||||
/**
|
||||
* SJCL validator
|
||||
*
|
||||
* Checks if a json string is a proper SJCL encrypted message.
|
||||
*
|
||||
* @access public
|
||||
* @static
|
||||
* @param string $encoded JSON
|
||||
* @return bool
|
||||
*/
|
||||
public static function isValid($encoded)
|
||||
{
|
||||
$accepted_keys = array('iv', 'v', 'iter', 'ks', 'ts', 'mode', 'adata', 'cipher', 'salt', 'ct');
|
||||
|
||||
// Make sure content is valid json
|
||||
$decoded = json_decode($encoded);
|
||||
if (is_null($decoded)) {
|
||||
return false;
|
||||
}
|
||||
$decoded = (array) $decoded;
|
||||
|
||||
// Make sure no additionnal keys were added.
|
||||
if (
|
||||
count(array_keys($decoded)) != count($accepted_keys)
|
||||
) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Make sure required fields are present and contain base64 data.
|
||||
foreach ($accepted_keys as $k) {
|
||||
if (!array_key_exists($k, $decoded)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
// Make sure some fields are base64 data.
|
||||
if (!base64_decode($decoded['iv'], true)) {
|
||||
return false;
|
||||
}
|
||||
if (!base64_decode($decoded['salt'], true)) {
|
||||
return false;
|
||||
}
|
||||
if (!($ct = base64_decode($decoded['ct'], true))) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Make sure some fields have a reasonable size.
|
||||
if (strlen($decoded['iv']) > 24) {
|
||||
return false;
|
||||
}
|
||||
if (strlen($decoded['salt']) > 14) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Make sure some fields contain no unsupported values.
|
||||
if (!(is_int($decoded['v']) || is_float($decoded['v'])) || (float) $decoded['v'] < 1) {
|
||||
return false;
|
||||
}
|
||||
if (!is_int($decoded['iter']) || $decoded['iter'] <= 100) {
|
||||
return false;
|
||||
}
|
||||
if (!in_array($decoded['ks'], array(128, 192, 256), true)) {
|
||||
return false;
|
||||
}
|
||||
if (!in_array($decoded['ts'], array(64, 96, 128), true)) {
|
||||
return false;
|
||||
}
|
||||
if (!in_array($decoded['mode'], array('ccm', 'ocb2', 'gcm'), true)) {
|
||||
return false;
|
||||
}
|
||||
if ($decoded['cipher'] !== 'aes') {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Reject data if entropy is too low
|
||||
if (strlen($ct) > strlen(gzdeflate($ct))) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
|
@ -7,7 +7,7 @@
|
|||
* @link https://github.com/PrivateBin/PrivateBin
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 1.2.1
|
||||
* @version 1.3
|
||||
*/
|
||||
|
||||
namespace PrivateBin;
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
* @link http://sebsauvage.net/wiki/doku.php?id=php:vizhash_gd
|
||||
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
||||
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
||||
* @version 0.0.5 beta PrivateBin 1.2.1
|
||||
* @version 0.0.5 beta PrivateBin 1.3
|
||||
*/
|
||||
|
||||
namespace PrivateBin;
|
||||
|
|
|
@ -10,17 +10,16 @@ $isPage = substr($template, -5) === '-page';
|
|||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<meta name="robots" content="noindex" />
|
||||
<meta name="referrer" content="no-referrer">
|
||||
<meta name="google" content="notranslate">
|
||||
<title><?php echo I18n::_($NAME); ?></title>
|
||||
<?php
|
||||
if (!$isDark):
|
||||
?>
|
||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-3.3.5.css" />
|
||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-3.4.1.css" />
|
||||
<?php
|
||||
endif;
|
||||
?>
|
||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-theme-3.3.5.css" />
|
||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-theme-3.4.1.css" />
|
||||
<?php
|
||||
if ($isDark):
|
||||
?>
|
||||
|
@ -42,26 +41,21 @@ if ($SYNTAXHIGHLIGHTING):
|
|||
endif;
|
||||
?>
|
||||
<noscript><link type="text/css" rel="stylesheet" href="css/noscript.css" /></noscript>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/jquery-3.3.1.js" integrity="sha512-+NqPlbbtM1QqiK8ZAo4Yrj2c4lNQoGv8P79DPtKzj++l5jnN39rHA/xsqn8zE9l0uSoxaCdrOgFs6yjyfbBxSg==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/sjcl-1.0.7.js" integrity="sha512-J2eNenPwyfXkMVNMFz9Q54kKfYi5AA3mQWpNgtjSJzsKHtpbhUt/7bvcjGwwmzE8ZUVWMI/ndagIX1lG+SfxGA==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/jquery-3.4.1.js" integrity="sha512-bnIvzh6FU75ZKxp0GXLH9bewza/OIw6dLVh9ICg0gogclmYGguQJWl8U30WpbsGTqbIiAwxTsbe76DErLq5EDQ==" crossorigin="anonymous"></script>
|
||||
<?php
|
||||
if ($QRCODE):
|
||||
?>
|
||||
<script async type="text/javascript" data-cfasync="false" src="js/kjua-0.1.2.js" integrity="sha512-hmvfOhcr4J8bjQ2GuNVzfSbuulv72wgQCJpgnXc2+cCHKqvYo8pK2nc0Q4Esem2973zo1radyIMTEkt+xJlhBA==" crossorigin="anonymous"></script>
|
||||
<script async type="text/javascript" data-cfasync="false" src="js/kjua-0.6.0.js" integrity="sha512-GEEIHvphDt1NmaxzX8X1ZkBiGKXCv+Ofzwi8SMEH5wQVWqdGIvBO/fnxxKZ90RU1bVp6srS68nHIpZo6iVcG9g==" crossorigin="anonymous"></script>
|
||||
<?php
|
||||
endif;
|
||||
if ($ZEROBINCOMPATIBILITY):
|
||||
?>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/base64-1.7.js" integrity="sha512-JdwsSP3GyHR+jaCkns9CL9NTt4JUJqm/BsODGmYhBcj5EAPKcHYh+OiMfyHbcDLECe17TL0hjXADFkusAqiYgA==" crossorigin="anonymous"></script>
|
||||
<?php
|
||||
else:
|
||||
?>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/base64-2.4.5.js" integrity="sha512-YINE6agO8ZrYuzlrZZwQJTu0uqURJDxD4gjsfZ6mV4fP2gW5j8giNJ734iyJVTBrnF2XMiUBM/DSi7ON1V5RMQ==" crossorigin="anonymous"></script>
|
||||
<?php
|
||||
endif;
|
||||
?>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/zlib-1.2.11.js" integrity="sha512-Yey/0yoaVmSbqMEyyff3DIu8kCPwpHvHf7tY1AuZ1lrX9NPCMg87PwzngMi+VNbe4ilCApmePeuKT869RTcyCQ==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/base-x-3.0.5.1.js" integrity="sha512-/zL3MWKMtl1IBF0URx3laql2jUw+rWfFFabNlILY/Qm+hUsQR/XULjUyNHkW/FkrV7A0sMQ7tsppH7sj5ht8wA==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/rawdeflate-0.5.js" integrity="sha512-tTdZ7qMr7tt5VQy4iCHu6/aGB12eRwbUy+AEI5rXntfsjcRfBeeqJloMsBU9FrGk1bIYLiuND/FhU42LO1bi0g==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/rawinflate-0.3.js" integrity="sha512-g8uelGgJW9A/Z1tB6Izxab++oj5kdD7B4qC7DHwZkB6DGMXKyzx7v5mvap2HXueI2IIn08YlRYM56jwWdm2ucQ==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/bootstrap-3.3.7.js" integrity="sha512-iztkobsvnjKfAtTNdHkGVjAYTrrtlC7mGp/54c40wowO7LhURYl3gVzzcEqGl/qKXQltJ2HwMrdLcNUdo+N/RQ==" crossorigin="anonymous"></script>
|
||||
<?php
|
||||
|
@ -72,14 +66,14 @@ if ($SYNTAXHIGHLIGHTING):
|
|||
endif;
|
||||
if ($MARKDOWN):
|
||||
?>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/showdown-1.8.6.js" integrity="sha512-YFg2sBCGT00I6X5KzgCLP4VqRlmPMRhkVvJS9oJKk5LxiUzzcjzV5m4fNf6mQMctLrhgS5LFKiFF3vzIuXbjAw==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/showdown-1.9.0.js" integrity="sha512-Kv8oAge9h2QmRyzb52jUomyXAvSMrpE9kWF3QRMFajo1a/TXjtY8u71vUA6t4+LE7huz4TSVH8VLJBEmcZiPRA==" crossorigin="anonymous"></script>
|
||||
<?php
|
||||
endif;
|
||||
?>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-IFu+B5qYMnATrGKpfxXw3TdUoxBV31HiaGGP76RknlT62iiugvTHikKX9yW5AxqaRd+12mefuoF80GXgoa35Tg==" crossorigin="anonymous"></script>
|
||||
<!--[if lt IE 10]>
|
||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-8n4HbSmQC++v3AfA2nqlueUp3RkfeU7POcpga+yS4Rlz95G+paRjMmw5B+3HAC7TlswME16n0wIxHD1dkScC8A==" crossorigin="anonymous"></script>
|
||||
<!--[if IE]>
|
||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
|
||||
<![endif]-->
|
||||
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
|
||||
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
|
||||
|
@ -90,13 +84,17 @@ endif;
|
|||
<meta name="msapplication-config" content="browserconfig.xml">
|
||||
<meta name="theme-color" content="#ffe57e" />
|
||||
</head>
|
||||
<body role="document"<?php
|
||||
if ($isCpct):
|
||||
?> class="navbar-spacing"<?php
|
||||
endif;
|
||||
if ($isDark):
|
||||
?> class="dark-theme"<?php
|
||||
endif;
|
||||
<body role="document" data-compression="<?php echo rawurlencode($COMPRESSION); ?>"<?php
|
||||
$class = array();
|
||||
if ($isCpct) {
|
||||
$class[] = 'navbar-spacing';
|
||||
}
|
||||
if ($isDark) {
|
||||
$class[] = 'dark-theme';
|
||||
}
|
||||
if (count($class)) {
|
||||
echo ' class="', implode(' ', $class), '"';
|
||||
}
|
||||
?>>
|
||||
<div id="passwordmodal" tabindex="-1" class="modal fade" role="dialog" aria-hidden="true">
|
||||
<div class="modal-dialog" role="document">
|
||||
|
@ -217,8 +215,8 @@ endforeach;
|
|||
<?php
|
||||
if ($isCpct):
|
||||
?>
|
||||
<li id="formatter" class="dropdown">
|
||||
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false"><?php echo I18n::_('Options'); ?> <span class="caret"></span></a>
|
||||
<li class="dropdown">
|
||||
<a id="formatter" href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false"><?php echo I18n::_('Options'); ?> <span class="caret"></span></a>
|
||||
<ul class="dropdown-menu">
|
||||
<li id="burnafterreadingoption" class="checkbox hidden">
|
||||
<label>
|
||||
|
@ -445,31 +443,42 @@ if ($FILEUPLOAD):
|
|||
<?php
|
||||
endif;
|
||||
?>
|
||||
<div id="status" role="alert" class="statusmessage alert alert-info<?php echo empty($STATUS) ? ' hidden' : '' ?>">
|
||||
<div id="status" role="alert" class="alert alert-info<?php echo empty($STATUS) ? ' hidden' : '' ?>">
|
||||
<span class="glyphicon glyphicon-info-sign" aria-hidden="true"></span>
|
||||
<?php echo htmlspecialchars($STATUS), PHP_EOL; ?>
|
||||
</div>
|
||||
<div id="errormessage" role="alert" class="statusmessage<?php echo empty($ERROR) ? ' hidden' : '' ?> alert alert-danger">
|
||||
<div id="errormessage" role="alert" class="<?php echo empty($ERROR) ? 'hidden' : '' ?> alert alert-danger">
|
||||
<span class="glyphicon glyphicon-alert" aria-hidden="true"></span>
|
||||
<?php echo htmlspecialchars($ERROR), PHP_EOL; ?>
|
||||
</div>
|
||||
<noscript>
|
||||
<div id="noscript" role="alert" class="nonworking alert alert-<?php echo $isDark ? 'error' : 'warning'; ?>">
|
||||
<div id="noscript" role="alert" class="alert alert-<?php echo $isDark ? 'error' : 'warning'; ?>">
|
||||
<span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
|
||||
<?php echo I18n::_('JavaScript is required for %s to work.<br />Sorry for the inconvenience.', I18n::_($NAME)), PHP_EOL; ?>
|
||||
</div>
|
||||
</noscript>
|
||||
<div id="oldienotice" role="alert" class="hidden nonworking alert alert-danger">
|
||||
<div id="oldnotice" role="alert" class="hidden alert alert-danger">
|
||||
<span class="glyphicon glyphicon-alert" aria-hidden="true"></span>
|
||||
<?php echo I18n::_('%s requires a modern browser to work.', I18n::_($NAME)), PHP_EOL; ?>
|
||||
</div>
|
||||
<div id="ienotice" role="alert" class="hidden alert alert-<?php echo $isDark ? 'error' : 'warning'; ?>">
|
||||
<div id="ienotice" role="alert" class="hidden alert alert-danger">
|
||||
<span class="glyphicon glyphicon-question-sign" aria-hidden="true"></span>
|
||||
<?php echo I18n::_('Still using Internet Explorer? Do yourself a favor, switch to a modern browser:'), PHP_EOL; ?>
|
||||
<a href="https://www.mozilla.org/firefox/">Firefox</a>,
|
||||
<a href="https://www.opera.com/">Opera</a>,
|
||||
<a href="https://www.google.com/chrome">Chrome</a>…
|
||||
</div>
|
||||
<?php
|
||||
if ($HTTPWARNING):
|
||||
?>
|
||||
<div id="httpnotice" role="alert" class="hidden alert alert-danger">
|
||||
<span class="glyphicon glyphicon-alert" aria-hidden="true"></span>
|
||||
<?php echo I18n::_('This website is using an insecure connection! Please only use it for testing.'), PHP_EOL; ?><br />
|
||||
<span class="small"><?php echo I18n::_('For more information <a href="%s">see this FAQ entry</a>.', 'https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection'); ?></span>
|
||||
</div>
|
||||
<?php
|
||||
endif;
|
||||
?>
|
||||
<div id="pastesuccess" role="alert" class="hidden alert alert-success">
|
||||
<span class="glyphicon glyphicon-ok" aria-hidden="true"></span>
|
||||
<div id="deletelink"></div>
|
||||
|
@ -507,10 +516,10 @@ endif;
|
|||
</div>
|
||||
</section>
|
||||
<section class="container">
|
||||
<div id="noscript" role="alert" class="nonworking alert alert-info noscript-hide">
|
||||
<div id="noscript" role="alert" class="alert alert-info noscript-hide">
|
||||
<span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
|
||||
<?php echo I18n::_('Loading…'); ?><br />
|
||||
<span class="small"><?php echo I18n::_('In case this message never disappears please have a look at <a href="https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away">this FAQ for information to troubleshoot</a>.'); ?></span>
|
||||
<span class="small"><?php echo I18n::_('In case this message never disappears please have a look at <a href="%s">this FAQ for information to troubleshoot</a>.', 'https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away'); ?></span>
|
||||
</div>
|
||||
</section>
|
||||
<footer class="container">
|
||||
|
|
38
tpl/page.php
38
tpl/page.php
|
@ -5,7 +5,6 @@ use PrivateBin\I18n;
|
|||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<meta name="robots" content="noindex" />
|
||||
<meta name="referrer" content="no-referrer">
|
||||
<meta name="google" content="notranslate">
|
||||
<title><?php echo I18n::_($NAME); ?></title>
|
||||
<link type="text/css" rel="stylesheet" href="css/privatebin.css?<?php echo rawurlencode($VERSION); ?>" />
|
||||
|
@ -21,26 +20,21 @@ if ($SYNTAXHIGHLIGHTING):
|
|||
endif;
|
||||
endif;
|
||||
?>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/jquery-3.3.1.js" integrity="sha512-+NqPlbbtM1QqiK8ZAo4Yrj2c4lNQoGv8P79DPtKzj++l5jnN39rHA/xsqn8zE9l0uSoxaCdrOgFs6yjyfbBxSg==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/sjcl-1.0.7.js" integrity="sha512-J2eNenPwyfXkMVNMFz9Q54kKfYi5AA3mQWpNgtjSJzsKHtpbhUt/7bvcjGwwmzE8ZUVWMI/ndagIX1lG+SfxGA==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/jquery-3.4.1.js" integrity="sha512-bnIvzh6FU75ZKxp0GXLH9bewza/OIw6dLVh9ICg0gogclmYGguQJWl8U30WpbsGTqbIiAwxTsbe76DErLq5EDQ==" crossorigin="anonymous"></script>
|
||||
<?php
|
||||
if ($QRCODE):
|
||||
?>
|
||||
<script async type="text/javascript" data-cfasync="false" src="js/kjua-0.1.2.js" integrity="sha512-hmvfOhcr4J8bjQ2GuNVzfSbuulv72wgQCJpgnXc2+cCHKqvYo8pK2nc0Q4Esem2973zo1radyIMTEkt+xJlhBA==" crossorigin="anonymous"></script>
|
||||
<script async type="text/javascript" data-cfasync="false" src="js/kjua-0.6.0.js" integrity="sha512-GEEIHvphDt1NmaxzX8X1ZkBiGKXCv+Ofzwi8SMEH5wQVWqdGIvBO/fnxxKZ90RU1bVp6srS68nHIpZo6iVcG9g==" crossorigin="anonymous"></script>
|
||||
<?php
|
||||
endif;
|
||||
if ($ZEROBINCOMPATIBILITY):
|
||||
?>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/base64-1.7.js" integrity="sha512-JdwsSP3GyHR+jaCkns9CL9NTt4JUJqm/BsODGmYhBcj5EAPKcHYh+OiMfyHbcDLECe17TL0hjXADFkusAqiYgA==" crossorigin="anonymous"></script>
|
||||
<?php
|
||||
else:
|
||||
?>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/base64-2.4.5.js" integrity="sha512-YINE6agO8ZrYuzlrZZwQJTu0uqURJDxD4gjsfZ6mV4fP2gW5j8giNJ734iyJVTBrnF2XMiUBM/DSi7ON1V5RMQ==" crossorigin="anonymous"></script>
|
||||
<?php
|
||||
endif;
|
||||
?>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/zlib-1.2.11.js" integrity="sha512-Yey/0yoaVmSbqMEyyff3DIu8kCPwpHvHf7tY1AuZ1lrX9NPCMg87PwzngMi+VNbe4ilCApmePeuKT869RTcyCQ==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/base-x-3.0.5.1.js" integrity="sha512-/zL3MWKMtl1IBF0URx3laql2jUw+rWfFFabNlILY/Qm+hUsQR/XULjUyNHkW/FkrV7A0sMQ7tsppH7sj5ht8wA==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/rawdeflate-0.5.js" integrity="sha512-tTdZ7qMr7tt5VQy4iCHu6/aGB12eRwbUy+AEI5rXntfsjcRfBeeqJloMsBU9FrGk1bIYLiuND/FhU42LO1bi0g==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/rawinflate-0.3.js" integrity="sha512-g8uelGgJW9A/Z1tB6Izxab++oj5kdD7B4qC7DHwZkB6DGMXKyzx7v5mvap2HXueI2IIn08YlRYM56jwWdm2ucQ==" crossorigin="anonymous"></script>
|
||||
<?php
|
||||
if ($SYNTAXHIGHLIGHTING):
|
||||
|
@ -50,14 +44,14 @@ if ($SYNTAXHIGHLIGHTING):
|
|||
endif;
|
||||
if ($MARKDOWN):
|
||||
?>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/showdown-1.8.6.js" integrity="sha512-YFg2sBCGT00I6X5KzgCLP4VqRlmPMRhkVvJS9oJKk5LxiUzzcjzV5m4fNf6mQMctLrhgS5LFKiFF3vzIuXbjAw==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/showdown-1.9.0.js" integrity="sha512-Kv8oAge9h2QmRyzb52jUomyXAvSMrpE9kWF3QRMFajo1a/TXjtY8u71vUA6t4+LE7huz4TSVH8VLJBEmcZiPRA==" crossorigin="anonymous"></script>
|
||||
<?php
|
||||
endif;
|
||||
?>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-IFu+B5qYMnATrGKpfxXw3TdUoxBV31HiaGGP76RknlT62iiugvTHikKX9yW5AxqaRd+12mefuoF80GXgoa35Tg==" crossorigin="anonymous"></script>
|
||||
<!--[if lt IE 10]>
|
||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-8n4HbSmQC++v3AfA2nqlueUp3RkfeU7POcpga+yS4Rlz95G+paRjMmw5B+3HAC7TlswME16n0wIxHD1dkScC8A==" crossorigin="anonymous"></script>
|
||||
<!--[if IE]>
|
||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
|
||||
<![endif]-->
|
||||
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
|
||||
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
|
||||
|
@ -68,7 +62,7 @@ endif;
|
|||
<meta name="msapplication-config" content="browserconfig.xml">
|
||||
<meta name="theme-color" content="#ffe57e" />
|
||||
</head>
|
||||
<body>
|
||||
<body data-compression="<?php echo rawurlencode($COMPRESSION); ?>">
|
||||
<header>
|
||||
<div id="aboutbox">
|
||||
<?php echo I18n::_('%s is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted <i>in the browser</i> using 256 bits AES. More information on the <a href="https://privatebin.info/">project page</a>.', I18n::_($NAME)); ?><br />
|
||||
|
@ -83,12 +77,22 @@ endif;
|
|||
<h2 class="title"><?php echo I18n::_('Because ignorance is bliss'); ?></h2><br />
|
||||
<h3 class="title"><?php echo $VERSION; ?></h3>
|
||||
<noscript><div id="noscript" class="nonworking"><?php echo I18n::_('JavaScript is required for %s to work.<br />Sorry for the inconvenience.', I18n::_($NAME)); ?></div></noscript>
|
||||
<div id="oldienotice" class="nonworking"><?php echo I18n::_('%s requires a modern browser to work.', I18n::_($NAME)); ?></div>
|
||||
<div id="ienotice"><?php echo I18n::_('Still using Internet Explorer? Do yourself a favor, switch to a modern browser:'), PHP_EOL; ?>
|
||||
<div id="oldnotice" class="nonworking"><?php echo I18n::_('%s requires a modern browser to work.', I18n::_($NAME)); ?></div>
|
||||
<div id="ienotice" class="nonworking"><?php echo I18n::_('Still using Internet Explorer? Do yourself a favor, switch to a modern browser:'), PHP_EOL; ?>
|
||||
<a href="https://www.mozilla.org/firefox/">Firefox</a>,
|
||||
<a href="https://www.opera.com/">Opera</a>,
|
||||
<a href="https://www.google.com/chrome">Chrome</a>…
|
||||
</div>
|
||||
<?php
|
||||
if ($HTTPWARNING):
|
||||
?>
|
||||
<div id="httpnotice" class="errorMessage">
|
||||
<?php echo I18n::_('This website is using an insecure connection! Please only use it for testing.'); ?>
|
||||
<span class="small"><?php echo I18n::_('For more information <a href="%s">see this FAQ entry</a>.', 'https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection'); ?></span>
|
||||
</div>
|
||||
<?php
|
||||
endif;
|
||||
?>
|
||||
</header>
|
||||
<section>
|
||||
<article>
|
||||
|
|
|
@ -28,14 +28,14 @@ class Helper
|
|||
*
|
||||
* @var string
|
||||
*/
|
||||
private static $pasteid = '5e9bc25c89fb3bf9';
|
||||
private static $pasteid = '5b65a01b43987bc2';
|
||||
|
||||
/**
|
||||
* example paste
|
||||
* example paste version 1
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
private static $paste = array(
|
||||
private static $pasteV1 = array(
|
||||
'data' => '{"iv":"EN39/wd5Nk8HAiSG2K5AsQ","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"QKN1DBXe5PI","ct":"8hA83xDdXjD7K2qfmw5NdA"}',
|
||||
'attachment' => '{"iv":"Pd4pOKWkmDTT9uPwVwd5Ag","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"6nOCU3peNDclDDpFtJEBKA"}',
|
||||
'attachmentname' => '{"iv":"76MkAtOGC4oFogX/aSMxRA","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"b6Ae/U1xJdsX/+lATud4sQ"}',
|
||||
|
@ -46,6 +46,35 @@ class Helper
|
|||
),
|
||||
);
|
||||
|
||||
/**
|
||||
* example paste version 2
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
private static $pasteV2 = array(
|
||||
'adata' => array(
|
||||
array(
|
||||
'gMSNoLOk4z0RnmsYwXZ8mw==',
|
||||
'TZO+JWuIuxs=',
|
||||
100000,
|
||||
256,
|
||||
128,
|
||||
'aes',
|
||||
'gcm',
|
||||
'zlib',
|
||||
),
|
||||
'plaintext',
|
||||
1,
|
||||
0,
|
||||
),
|
||||
'meta' => array(
|
||||
'expire' => '5min',
|
||||
'created' => 1344803344,
|
||||
),
|
||||
'v' => 2,
|
||||
'ct' => 'ME5JF/YBEijp2uYMzLZozbKtWc5wfy6R59NBb7SmRig=',
|
||||
);
|
||||
|
||||
/**
|
||||
* example ID of a comment
|
||||
*
|
||||
|
@ -58,7 +87,7 @@ class Helper
|
|||
*
|
||||
* @var array
|
||||
*/
|
||||
private static $comment = array(
|
||||
private static $commentV1 = array(
|
||||
'data' => '{"iv":"Pd4pOKWkmDTT9uPwVwd5Ag","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"6nOCU3peNDclDDpFtJEBKA"}',
|
||||
'meta' => array(
|
||||
'nickname' => '{"iv":"76MkAtOGC4oFogX/aSMxRA","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"ZIUhFTliVz4","ct":"b6Ae/U1xJdsX/+lATud4sQ"}',
|
||||
|
@ -81,52 +110,65 @@ class Helper
|
|||
*/
|
||||
public static function getPasteId()
|
||||
{
|
||||
return self::$pasteid;
|
||||
return version_compare(PHP_VERSION, '5.6', '<') ? hash('fnv164', self::$pasteV2['ct']) : self::$pasteid;
|
||||
}
|
||||
|
||||
/**
|
||||
* get example paste
|
||||
* get example paste, as stored on server
|
||||
*
|
||||
* @param int $version
|
||||
* @param array $meta
|
||||
* @return array
|
||||
*/
|
||||
public static function getPaste($meta = array())
|
||||
public static function getPaste($version = 2, array $meta = array())
|
||||
{
|
||||
$example = self::getPasteWithAttachment($meta);
|
||||
$example = self::getPasteWithAttachment($version, $meta);
|
||||
// v1 has the attachment stored in a separate property
|
||||
if ($version === 1) {
|
||||
unset($example['attachment'], $example['attachmentname']);
|
||||
}
|
||||
return $example;
|
||||
}
|
||||
|
||||
/**
|
||||
* get example paste
|
||||
* get example paste with attachment, as stored on server
|
||||
*
|
||||
* @param int $version
|
||||
* @param array $meta
|
||||
* @return array
|
||||
*/
|
||||
public static function getPasteWithAttachment($meta = array())
|
||||
public static function getPasteWithAttachment($version = 2, array $meta = array())
|
||||
{
|
||||
$example = self::$paste;
|
||||
$example = $version === 1 ? self::$pasteV1 : self::$pasteV2;
|
||||
$example['meta']['salt'] = ServerSalt::generate();
|
||||
$example['meta'] = array_merge($example['meta'], $meta);
|
||||
return $example;
|
||||
}
|
||||
|
||||
/**
|
||||
* get example paste
|
||||
* get example paste, as decoded from POST by the request object
|
||||
*
|
||||
* @param int $version
|
||||
* @param array $meta
|
||||
* @return array
|
||||
*/
|
||||
public static function getPasteAsJson($meta = array())
|
||||
public static function getPastePost($version = 2, array $meta = array())
|
||||
{
|
||||
$example = self::getPaste();
|
||||
// the JSON shouldn't contain the salt
|
||||
unset($example['meta']['salt']);
|
||||
if (count($meta)) {
|
||||
$example['meta'] = $meta;
|
||||
$example = self::getPaste($version, $meta);
|
||||
$example['meta'] = array('expire' => $example['meta']['expire']);
|
||||
return $example;
|
||||
}
|
||||
$example['comments'] = array();
|
||||
$example['comment_count'] = 0;
|
||||
$example['comment_offset'] = 0;
|
||||
$example['@context'] = 'js/paste.jsonld';
|
||||
return json_encode($example);
|
||||
|
||||
/**
|
||||
* get example paste, as received via POST by the user
|
||||
*
|
||||
* @param int $version
|
||||
* @param array $meta
|
||||
* @return array
|
||||
*/
|
||||
public static function getPasteJson($version = 2, array $meta = array())
|
||||
{
|
||||
return json_encode(self::getPastePost($version, $meta));
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -140,30 +182,50 @@ class Helper
|
|||
}
|
||||
|
||||
/**
|
||||
* get example comment
|
||||
* get example comment, as stored on server
|
||||
*
|
||||
* @param int $version
|
||||
* @param array $meta
|
||||
* @return array
|
||||
*/
|
||||
public static function getComment($meta = array())
|
||||
public static function getComment($version = 2, array $meta = array())
|
||||
{
|
||||
$example = self::$comment;
|
||||
$example = $version === 1 ? self::$commentV1 : self::$pasteV2;
|
||||
if ($version === 2) {
|
||||
$example['adata'] = $example['adata'][0];
|
||||
$example['pasteid'] = $example['parentid'] = self::getPasteId();
|
||||
$example['meta']['created'] = self::$commentV1['meta']['postdate'];
|
||||
$example['meta']['icon'] = self::$commentV1['meta']['vizhash'];
|
||||
unset($example['meta']['expire']);
|
||||
}
|
||||
$example['meta'] = array_merge($example['meta'], $meta);
|
||||
return $example;
|
||||
}
|
||||
|
||||
/**
|
||||
* get example comment
|
||||
* get example comment, as decoded from POST by the request object
|
||||
*
|
||||
* @param int $version
|
||||
* @return array
|
||||
*/
|
||||
public static function getCommentPost($meta = array())
|
||||
public static function getCommentPost()
|
||||
{
|
||||
$example = self::getComment($meta);
|
||||
$example['nickname'] = $example['meta']['nickname'];
|
||||
unset($example['meta']['nickname']);
|
||||
$example = self::getComment();
|
||||
unset($example['meta']);
|
||||
return $example;
|
||||
}
|
||||
|
||||
/**
|
||||
* get example comment, as received via POST by user
|
||||
*
|
||||
* @param int $version
|
||||
* @return array
|
||||
*/
|
||||
public static function getCommentJson()
|
||||
{
|
||||
return json_encode(self::getCommentPost());
|
||||
}
|
||||
|
||||
/**
|
||||
* delete directory and all its contents recursively
|
||||
*
|
||||
|
@ -229,7 +291,7 @@ class Helper
|
|||
* @param string $pathToFile
|
||||
* @param array $values
|
||||
*/
|
||||
public static function createIniFile($pathToFile, $values)
|
||||
public static function createIniFile($pathToFile, array $values)
|
||||
{
|
||||
if (count($values)) {
|
||||
@unlink($pathToFile);
|
||||
|
|
|
@ -387,7 +387,7 @@ class ConfigurationTestGenerator
|
|||
}
|
||||
}
|
||||
$code .= $this->_getFunction(
|
||||
ucfirst($step), $key, $options, $preCode, $testCode
|
||||
ucfirst($step), $key, $options, $preCode, $testCode, $fullOptions['main']['discussion']
|
||||
);
|
||||
}
|
||||
}
|
||||
|
@ -408,10 +408,11 @@ class ConfigurationTestGenerator
|
|||
* DO NOT EDIT: This file is generated automatically using configGenerator.php
|
||||
*/
|
||||
|
||||
use PrivateBin\PrivateBin;
|
||||
use PrivateBin\Controller;
|
||||
use PrivateBin\Data\Filesystem;
|
||||
use PrivateBin\Persistence\ServerSalt;
|
||||
use PrivateBin\Persistence\TrafficLimiter;
|
||||
use PrivateBin\Request;
|
||||
|
||||
class ConfigurationCombinationsTest extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
|
@ -467,7 +468,7 @@ EOT;
|
|||
* @param array $testCode
|
||||
* @return string
|
||||
*/
|
||||
private function _getFunction($step, $key, &$options, $preCode, $testCode)
|
||||
private function _getFunction($step, $key, &$options, $preCode, $testCode, $discussionEnabled)
|
||||
{
|
||||
if (count($testCode) == 0) {
|
||||
echo "skipping creation of test$step$key, no valid tests found for configuration: $options" . PHP_EOL;
|
||||
|
@ -495,8 +496,21 @@ EOT;
|
|||
// step specific initialization
|
||||
switch ($step) {
|
||||
case 'Create':
|
||||
if ($discussionEnabled) {
|
||||
$code .= PHP_EOL . <<<'EOT'
|
||||
$_POST = Helper::getPaste();
|
||||
$paste = Helper::getPasteJson();
|
||||
EOT;
|
||||
} else {
|
||||
$code .= PHP_EOL . <<<'EOT'
|
||||
$paste = json_decode(Helper::getPasteJson(), true);
|
||||
$paste['adata'][2] = 0;
|
||||
$paste = json_encode($paste);
|
||||
EOT;
|
||||
}
|
||||
$code .= PHP_EOL . <<<'EOT'
|
||||
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
||||
file_put_contents($file, $paste);
|
||||
Request::setInputStream($file);
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
|
@ -516,7 +530,7 @@ EOT;
|
|||
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
|
||||
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
|
||||
$_GET['pasteid'] = Helper::getPasteId();
|
||||
$_GET['deletetoken'] = hash_hmac('sha256', Helper::getPasteId(), $this->_model->read(Helper::getPasteId())->meta->salt);
|
||||
$_GET['deletetoken'] = hash_hmac('sha256', Helper::getPasteId(), $this->_model->read(Helper::getPasteId())['meta']['salt']);
|
||||
EOT;
|
||||
break;
|
||||
}
|
||||
|
@ -525,7 +539,7 @@ EOT;
|
|||
$code .= PHP_EOL . $preString;
|
||||
$code .= <<<'EOT'
|
||||
ob_start();
|
||||
new PrivateBin;
|
||||
new Controller;
|
||||
$content = ob_get_contents();
|
||||
ob_end_clean();
|
||||
EOT;
|
||||
|
|
|
@ -4,10 +4,11 @@ use PrivateBin\Controller;
|
|||
use PrivateBin\Data\Filesystem;
|
||||
use PrivateBin\Persistence\ServerSalt;
|
||||
use PrivateBin\Persistence\TrafficLimiter;
|
||||
use PrivateBin\Request;
|
||||
|
||||
class ControllerTest extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
protected $_model;
|
||||
protected $_data;
|
||||
|
||||
protected $_path;
|
||||
|
||||
|
@ -15,7 +16,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
{
|
||||
/* Setup Routine */
|
||||
$this->_path = sys_get_temp_dir() . DIRECTORY_SEPARATOR . 'privatebin_data';
|
||||
$this->_model = Filesystem::getInstance(array('dir' => $this->_path));
|
||||
$this->_data = Filesystem::getInstance(array('dir' => $this->_path));
|
||||
$this->reset();
|
||||
}
|
||||
|
||||
|
@ -32,8 +33,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$_POST = array();
|
||||
$_GET = array();
|
||||
$_SERVER = array();
|
||||
if ($this->_model->exists(Helper::getPasteId())) {
|
||||
$this->_model->delete(Helper::getPasteId());
|
||||
if ($this->_data->exists(Helper::getPasteId())) {
|
||||
$this->_data->delete(Helper::getPasteId());
|
||||
}
|
||||
$options = parse_ini_file(CONF_SAMPLE, true);
|
||||
$options['purge']['dir'] = $this->_path;
|
||||
|
@ -131,10 +132,13 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
*/
|
||||
public function testHtaccess()
|
||||
{
|
||||
$file = $this->_path . DIRECTORY_SEPARATOR . '.htaccess';
|
||||
@unlink($file);
|
||||
$htaccess = $this->_path . DIRECTORY_SEPARATOR . '.htaccess';
|
||||
@unlink($htaccess);
|
||||
|
||||
$_POST = Helper::getPaste();
|
||||
$paste = Helper::getPasteJson();
|
||||
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
||||
file_put_contents($file, $paste);
|
||||
Request::setInputStream($file);
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
|
@ -142,7 +146,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
new Controller;
|
||||
ob_end_clean();
|
||||
|
||||
$this->assertFileExists($file, 'htaccess recreated');
|
||||
$this->assertFileExists($htaccess, 'htaccess recreated');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -163,7 +167,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$options = parse_ini_file(CONF, true);
|
||||
$options['traffic']['limit'] = 0;
|
||||
Helper::createIniFile(CONF, $options);
|
||||
$_POST = Helper::getPaste();
|
||||
$paste = Helper::getPasteJson();
|
||||
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
||||
file_put_contents($file, $paste);
|
||||
Request::setInputStream($file);
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
|
@ -173,10 +180,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(0, $response['status'], 'outputs status');
|
||||
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
|
||||
$paste = $this->_model->read($response['id']);
|
||||
$this->assertTrue($this->_data->exists($response['id']), 'paste exists after posting data');
|
||||
$paste = $this->_data->read($response['id']);
|
||||
$this->assertEquals(
|
||||
hash_hmac('sha256', $response['id'], $paste->meta->salt),
|
||||
hash_hmac('sha256', $response['id'], $paste['meta']['salt']),
|
||||
$response['deletetoken'],
|
||||
'outputs valid delete token'
|
||||
);
|
||||
|
@ -190,7 +197,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$options = parse_ini_file(CONF, true);
|
||||
$options['traffic']['limit'] = 0;
|
||||
Helper::createIniFile(CONF, $options);
|
||||
$_POST = Helper::getPaste(array('expire' => 25));
|
||||
$paste = Helper::getPasteJson(2, array('expire' => 25));
|
||||
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
||||
file_put_contents($file, $paste);
|
||||
Request::setInputStream($file);
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
|
@ -201,10 +211,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(0, $response['status'], 'outputs status');
|
||||
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
|
||||
$paste = $this->_model->read($response['id']);
|
||||
$this->assertTrue($this->_data->exists($response['id']), 'paste exists after posting data');
|
||||
$paste = $this->_data->read($response['id']);
|
||||
$this->assertEquals(
|
||||
hash_hmac('sha256', $response['id'], $paste->meta->salt),
|
||||
hash_hmac('sha256', $response['id'], $paste['meta']['salt']),
|
||||
$response['deletetoken'],
|
||||
'outputs valid delete token'
|
||||
);
|
||||
|
@ -219,7 +229,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$options['main']['sizelimit'] = 10;
|
||||
$options['traffic']['limit'] = 0;
|
||||
Helper::createIniFile(CONF, $options);
|
||||
$_POST = Helper::getPaste();
|
||||
$paste = Helper::getPasteJson();
|
||||
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
||||
file_put_contents($file, $paste);
|
||||
Request::setInputStream($file);
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
|
@ -229,7 +242,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(1, $response['status'], 'outputs error status');
|
||||
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data');
|
||||
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste exists after posting data');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -240,7 +253,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$options = parse_ini_file(CONF, true);
|
||||
$options['traffic']['header'] = 'X_FORWARDED_FOR';
|
||||
Helper::createIniFile(CONF, $options);
|
||||
$_POST = Helper::getPaste();
|
||||
$paste = Helper::getPasteJson();
|
||||
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
||||
file_put_contents($file, $paste);
|
||||
Request::setInputStream($file);
|
||||
$_SERVER['HTTP_X_FORWARDED_FOR'] = '::2';
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
|
@ -251,10 +267,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(0, $response['status'], 'outputs status');
|
||||
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
|
||||
$paste = $this->_model->read($response['id']);
|
||||
$this->assertTrue($this->_data->exists($response['id']), 'paste exists after posting data');
|
||||
$paste = $this->_data->read($response['id']);
|
||||
$this->assertEquals(
|
||||
hash_hmac('sha256', $response['id'], $paste->meta->salt),
|
||||
hash_hmac('sha256', $response['id'], $paste['meta']['salt']),
|
||||
$response['deletetoken'],
|
||||
'outputs valid delete token'
|
||||
);
|
||||
|
@ -268,8 +284,11 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$options = parse_ini_file(CONF, true);
|
||||
$options['traffic']['limit'] = 0;
|
||||
Helper::createIniFile(CONF, $options);
|
||||
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
|
||||
$_POST = Helper::getPaste();
|
||||
$this->_data->create(Helper::getPasteId(), Helper::getPaste());
|
||||
$paste = Helper::getPasteJson();
|
||||
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
||||
file_put_contents($file, $paste);
|
||||
Request::setInputStream($file);
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
|
@ -279,7 +298,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(1, $response['status'], 'outputs error status');
|
||||
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data');
|
||||
$this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists after posting data');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -290,9 +309,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$options = parse_ini_file(CONF, true);
|
||||
$options['traffic']['limit'] = 0;
|
||||
Helper::createIniFile(CONF, $options);
|
||||
$_POST = Helper::getPaste();
|
||||
$_POST['expire'] = '5min';
|
||||
$_POST['formatter'] = 'foo';
|
||||
$paste = Helper::getPasteJson();
|
||||
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
||||
file_put_contents($file, $paste);
|
||||
Request::setInputStream($file);
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
|
@ -303,14 +323,14 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(0, $response['status'], 'outputs status');
|
||||
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
|
||||
$paste = $this->_model->read($response['id']);
|
||||
$this->assertTrue($this->_data->exists($response['id']), 'paste exists after posting data');
|
||||
$paste = $this->_data->read($response['id']);
|
||||
$this->assertEquals(
|
||||
hash_hmac('sha256', $response['id'], $paste->meta->salt),
|
||||
hash_hmac('sha256', $response['id'], $paste['meta']['salt']),
|
||||
$response['deletetoken'],
|
||||
'outputs valid delete token'
|
||||
);
|
||||
$this->assertGreaterThanOrEqual($time + 300, $paste->meta->expire_date, 'time is set correctly');
|
||||
$this->assertGreaterThanOrEqual($time + 300, $paste['meta']['expire_date'], 'time is set correctly');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -321,9 +341,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$options = parse_ini_file(CONF, true);
|
||||
$options['traffic']['limit'] = 0;
|
||||
Helper::createIniFile(CONF, $options);
|
||||
$_POST = Helper::getPaste();
|
||||
$_POST['expire'] = '5min';
|
||||
$_POST['opendiscussion'] = '1';
|
||||
$paste = Helper::getPasteJson();
|
||||
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
||||
file_put_contents($file, $paste);
|
||||
Request::setInputStream($file);
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
|
@ -334,15 +355,15 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(0, $response['status'], 'outputs status');
|
||||
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
|
||||
$paste = $this->_model->read($response['id']);
|
||||
$this->assertTrue($this->_data->exists($response['id']), 'paste exists after posting data');
|
||||
$paste = $this->_data->read($response['id']);
|
||||
$this->assertEquals(
|
||||
hash_hmac('sha256', $response['id'], $paste->meta->salt),
|
||||
hash_hmac('sha256', $response['id'], $paste['meta']['salt']),
|
||||
$response['deletetoken'],
|
||||
'outputs valid delete token'
|
||||
);
|
||||
$this->assertGreaterThanOrEqual($time + 300, $paste->meta->expire_date, 'time is set correctly');
|
||||
$this->assertEquals(1, $paste->meta->opendiscussion, 'discussion is enabled');
|
||||
$this->assertGreaterThanOrEqual($time + 300, $paste['meta']['expire_date'], 'time is set correctly');
|
||||
$this->assertEquals(1, $paste['adata'][2], 'discussion is enabled');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -353,8 +374,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$options = parse_ini_file(CONF, true);
|
||||
$options['traffic']['limit'] = 0;
|
||||
Helper::createIniFile(CONF, $options);
|
||||
$_POST = Helper::getPaste();
|
||||
$_POST['expire'] = 'foo';
|
||||
$paste = Helper::getPasteJson(2, array('expire' => 'foo'));
|
||||
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
||||
file_put_contents($file, $paste);
|
||||
Request::setInputStream($file);
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
|
@ -364,10 +387,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(0, $response['status'], 'outputs status');
|
||||
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
|
||||
$paste = $this->_model->read($response['id']);
|
||||
$this->assertTrue($this->_data->exists($response['id']), 'paste exists after posting data');
|
||||
$paste = $this->_data->read($response['id']);
|
||||
$this->assertEquals(
|
||||
hash_hmac('sha256', $response['id'], $paste->meta->salt),
|
||||
hash_hmac('sha256', $response['id'], $paste['meta']['salt']),
|
||||
$response['deletetoken'],
|
||||
'outputs valid delete token'
|
||||
);
|
||||
|
@ -381,8 +404,11 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$options = parse_ini_file(CONF, true);
|
||||
$options['traffic']['limit'] = 0;
|
||||
Helper::createIniFile(CONF, $options);
|
||||
$_POST = Helper::getPaste();
|
||||
$_POST['burnafterreading'] = 'neither 1 nor 0';
|
||||
$paste = Helper::getPastePost();
|
||||
$paste['adata'][3] = 'neither 1 nor 0';
|
||||
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
||||
file_put_contents($file, json_encode($paste));
|
||||
Request::setInputStream($file);
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
|
@ -392,7 +418,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(1, $response['status'], 'outputs error status');
|
||||
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data');
|
||||
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste exists after posting data');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -403,8 +429,11 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$options = parse_ini_file(CONF, true);
|
||||
$options['traffic']['limit'] = 0;
|
||||
Helper::createIniFile(CONF, $options);
|
||||
$_POST = Helper::getPaste();
|
||||
$_POST['opendiscussion'] = 'neither 1 nor 0';
|
||||
$paste = Helper::getPastePost();
|
||||
$paste['adata'][2] = 'neither 1 nor 0';
|
||||
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
||||
file_put_contents($file, json_encode($paste));
|
||||
Request::setInputStream($file);
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
|
@ -414,40 +443,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(1, $response['status'], 'outputs error status');
|
||||
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data');
|
||||
}
|
||||
|
||||
/**
|
||||
* @runInSeparateProcess
|
||||
*/
|
||||
public function testCreateAttachment()
|
||||
{
|
||||
$options = parse_ini_file(CONF, true);
|
||||
$options['traffic']['limit'] = 0;
|
||||
$options['main']['fileupload'] = true;
|
||||
Helper::createIniFile(CONF, $options);
|
||||
$_POST = Helper::getPasteWithAttachment();
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste does not exists before posting data');
|
||||
ob_start();
|
||||
new Controller;
|
||||
$content = ob_get_contents();
|
||||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(0, $response['status'], 'outputs status');
|
||||
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
|
||||
$original = json_decode(json_encode($_POST));
|
||||
$stored = $this->_model->read($response['id']);
|
||||
foreach (array('data', 'attachment', 'attachmentname') as $key) {
|
||||
$this->assertEquals($original->$key, $stored->$key);
|
||||
}
|
||||
$this->assertEquals(
|
||||
hash_hmac('sha256', $response['id'], $stored->meta->salt),
|
||||
$response['deletetoken'],
|
||||
'outputs valid delete token'
|
||||
);
|
||||
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste exists after posting data');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -455,26 +451,21 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
* silently removed, check that this case is handled
|
||||
*
|
||||
* @runInSeparateProcess
|
||||
* @expectedException Exception
|
||||
* @expectedExceptionCode 90
|
||||
*/
|
||||
public function testCreateBrokenAttachmentUpload()
|
||||
public function testCreateBrokenUpload()
|
||||
{
|
||||
$options = parse_ini_file(CONF, true);
|
||||
$options['traffic']['limit'] = 0;
|
||||
$options['main']['fileupload'] = true;
|
||||
Helper::createIniFile(CONF, $options);
|
||||
$_POST = Helper::getPasteWithAttachment();
|
||||
unset($_POST['attachment']);
|
||||
$paste = substr(Helper::getPasteJson(), 0, -10);
|
||||
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
||||
file_put_contents($file, $paste);
|
||||
Request::setInputStream($file);
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste does not exists before posting data');
|
||||
ob_start();
|
||||
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste does not exists before posting data');
|
||||
new Controller;
|
||||
$content = ob_get_contents();
|
||||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(1, $response['status'], 'outputs error status');
|
||||
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data');
|
||||
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste exists after posting data');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -482,74 +473,24 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
*/
|
||||
public function testCreateTooSoon()
|
||||
{
|
||||
$_POST = Helper::getPaste();
|
||||
$paste = Helper::getPasteJson();
|
||||
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
||||
file_put_contents($file, $paste);
|
||||
Request::setInputStream($file);
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
ob_start();
|
||||
new Controller;
|
||||
ob_end_clean();
|
||||
$this->_model->delete(Helper::getPasteId());
|
||||
$this->_data->delete(Helper::getPasteId());
|
||||
ob_start();
|
||||
new Controller;
|
||||
$content = ob_get_contents();
|
||||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(1, $response['status'], 'outputs error status');
|
||||
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data');
|
||||
}
|
||||
|
||||
/**
|
||||
* @runInSeparateProcess
|
||||
*/
|
||||
public function testCreateValidNick()
|
||||
{
|
||||
$options = parse_ini_file(CONF, true);
|
||||
$options['traffic']['limit'] = 0;
|
||||
Helper::createIniFile(CONF, $options);
|
||||
$_POST = Helper::getPaste();
|
||||
$_POST['nickname'] = Helper::getComment()['meta']['nickname'];
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
ob_start();
|
||||
new Controller;
|
||||
$content = ob_get_contents();
|
||||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(0, $response['status'], 'outputs status');
|
||||
$this->assertTrue($this->_model->exists($response['id']), 'paste exists after posting data');
|
||||
$paste = $this->_model->read($response['id']);
|
||||
$this->assertEquals(
|
||||
hash_hmac('sha256', $response['id'], $paste->meta->salt),
|
||||
$response['deletetoken'],
|
||||
'outputs valid delete token'
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @runInSeparateProcess
|
||||
*/
|
||||
public function testCreateInvalidNick()
|
||||
{
|
||||
$options = parse_ini_file(CONF, true);
|
||||
$options['traffic']['limit'] = 0;
|
||||
Helper::createIniFile(CONF, $options);
|
||||
$_POST = Helper::getCommentPost();
|
||||
$_POST['pasteid'] = Helper::getPasteId();
|
||||
$_POST['parentid'] = Helper::getPasteId();
|
||||
$_POST['nickname'] = 'foo';
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
|
||||
ob_start();
|
||||
new Controller;
|
||||
$content = ob_get_contents();
|
||||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(1, $response['status'], 'outputs error status');
|
||||
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists after posting data');
|
||||
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste exists after posting data');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -560,20 +501,21 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$options = parse_ini_file(CONF, true);
|
||||
$options['traffic']['limit'] = 0;
|
||||
Helper::createIniFile(CONF, $options);
|
||||
$_POST = Helper::getCommentPost();
|
||||
$_POST['pasteid'] = Helper::getPasteId();
|
||||
$_POST['parentid'] = Helper::getPasteId();
|
||||
$comment = Helper::getCommentJson();
|
||||
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
||||
file_put_contents($file, $comment);
|
||||
Request::setInputStream($file);
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
|
||||
$this->_data->create(Helper::getPasteId(), Helper::getPaste());
|
||||
ob_start();
|
||||
new Controller;
|
||||
$content = ob_get_contents();
|
||||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(0, $response['status'], 'outputs status');
|
||||
$this->assertTrue($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), $response['id']), 'paste exists after posting data');
|
||||
$this->assertTrue($this->_data->existsComment(Helper::getPasteId(), Helper::getPasteId(), $response['id']), 'paste exists after posting data');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -584,20 +526,22 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$options = parse_ini_file(CONF, true);
|
||||
$options['traffic']['limit'] = 0;
|
||||
Helper::createIniFile(CONF, $options);
|
||||
$_POST = Helper::getCommentPost();
|
||||
$_POST['pasteid'] = Helper::getPasteId();
|
||||
$_POST['parentid'] = 'foo';
|
||||
$comment = Helper::getCommentPost();
|
||||
$comment['parentid'] = 'foo';
|
||||
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
||||
file_put_contents($file, json_encode($comment));
|
||||
Request::setInputStream($file);
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
|
||||
$this->_data->create(Helper::getPasteId(), Helper::getPaste());
|
||||
ob_start();
|
||||
new Controller;
|
||||
$content = ob_get_contents();
|
||||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(1, $response['status'], 'outputs error status');
|
||||
$this->assertFalse($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'paste exists after posting data');
|
||||
$this->assertFalse($this->_data->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'paste exists after posting data');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -608,21 +552,23 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$options = parse_ini_file(CONF, true);
|
||||
$options['traffic']['limit'] = 0;
|
||||
Helper::createIniFile(CONF, $options);
|
||||
$_POST = Helper::getCommentPost();
|
||||
$_POST['pasteid'] = Helper::getPasteId();
|
||||
$_POST['parentid'] = Helper::getPasteId();
|
||||
$comment = Helper::getCommentJson();
|
||||
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
||||
file_put_contents($file, $comment);
|
||||
Request::setInputStream($file);
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
$paste = Helper::getPaste(array('opendiscussion' => false));
|
||||
$this->_model->create(Helper::getPasteId(), $paste);
|
||||
$paste = Helper::getPaste();
|
||||
$paste['adata'][2] = 0;
|
||||
$this->_data->create(Helper::getPasteId(), $paste);
|
||||
ob_start();
|
||||
new Controller;
|
||||
$content = ob_get_contents();
|
||||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(1, $response['status'], 'outputs error status');
|
||||
$this->assertFalse($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'paste exists after posting data');
|
||||
$this->assertFalse($this->_data->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'paste exists after posting data');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -633,9 +579,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$options = parse_ini_file(CONF, true);
|
||||
$options['traffic']['limit'] = 0;
|
||||
Helper::createIniFile(CONF, $options);
|
||||
$_POST = Helper::getCommentPost();
|
||||
$_POST['pasteid'] = Helper::getPasteId();
|
||||
$_POST['parentid'] = Helper::getPasteId();
|
||||
$comment = Helper::getCommentJson();
|
||||
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
||||
file_put_contents($file, $comment);
|
||||
Request::setInputStream($file);
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
|
@ -645,7 +592,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(1, $response['status'], 'outputs error status');
|
||||
$this->assertFalse($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'paste exists after posting data');
|
||||
$this->assertFalse($this->_data->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'paste exists after posting data');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -656,12 +603,13 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$options = parse_ini_file(CONF, true);
|
||||
$options['traffic']['limit'] = 0;
|
||||
Helper::createIniFile(CONF, $options);
|
||||
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
|
||||
$this->_model->createComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId(), Helper::getComment());
|
||||
$this->assertTrue($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'comment exists before posting data');
|
||||
$_POST = Helper::getCommentPost();
|
||||
$_POST['pasteid'] = Helper::getPasteId();
|
||||
$_POST['parentid'] = Helper::getPasteId();
|
||||
$this->_data->create(Helper::getPasteId(), Helper::getPaste());
|
||||
$this->_data->createComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId(), Helper::getComment());
|
||||
$this->assertTrue($this->_data->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId()), 'comment exists before posting data');
|
||||
$comment = Helper::getCommentJson();
|
||||
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
||||
file_put_contents($file, $comment);
|
||||
Request::setInputStream($file);
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
$_SERVER['REMOTE_ADDR'] = '::1';
|
||||
|
@ -671,7 +619,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(1, $response['status'], 'outputs error status');
|
||||
$this->assertTrue($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'paste exists after posting data');
|
||||
$this->assertTrue($this->_data->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getPasteId()), 'paste exists after posting data');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -713,8 +661,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
*/
|
||||
public function testReadExpired()
|
||||
{
|
||||
$expiredPaste = Helper::getPaste(array('expire_date' => 1344803344));
|
||||
$this->_model->create(Helper::getPasteId(), $expiredPaste);
|
||||
$expiredPaste = Helper::getPaste(2, array('expire_date' => 1344803344));
|
||||
$this->_data->create(Helper::getPasteId(), $expiredPaste);
|
||||
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
||||
$_GET[Helper::getPasteId()] = '';
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
|
@ -732,8 +680,9 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
*/
|
||||
public function testReadBurn()
|
||||
{
|
||||
$paste = Helper::getPaste(array('burnafterreading' => true));
|
||||
$this->_model->create(Helper::getPasteId(), $paste);
|
||||
$paste = Helper::getPaste();
|
||||
$paste['adata'][3] = 1;
|
||||
$this->_data->create(Helper::getPasteId(), $paste);
|
||||
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
||||
$_GET[Helper::getPasteId()] = '';
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
|
@ -745,15 +694,15 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$this->assertEquals(0, $response['status'], 'outputs success status');
|
||||
$this->assertEquals(Helper::getPasteId(), $response['id'], 'outputs data correctly');
|
||||
$this->assertStringEndsWith('?' . $response['id'], $response['url'], 'returned URL points to new paste');
|
||||
$this->assertEquals($paste['data'], $response['data'], 'outputs data correctly');
|
||||
$this->assertEquals($paste['meta']['formatter'], $response['meta']['formatter'], 'outputs format correctly');
|
||||
$this->assertEquals($paste['meta']['postdate'], $response['meta']['postdate'], 'outputs postdate correctly');
|
||||
$this->assertEquals($paste['meta']['opendiscussion'], $response['meta']['opendiscussion'], 'outputs opendiscussion correctly');
|
||||
$this->assertEquals(1, $response['meta']['burnafterreading'], 'outputs burnafterreading correctly');
|
||||
$this->assertEquals($paste['ct'], $response['ct'], 'outputs ct correctly');
|
||||
$this->assertEquals($paste['adata'][1], $response['adata'][1], 'outputs formatter correctly');
|
||||
$this->assertEquals($paste['adata'][2], $response['adata'][2], 'outputs opendiscussion correctly');
|
||||
$this->assertEquals($paste['adata'][3], $response['adata'][3], 'outputs burnafterreading correctly');
|
||||
$this->assertEquals($paste['meta']['created'], $response['meta']['created'], 'outputs created correctly');
|
||||
$this->assertEquals(0, $response['comment_count'], 'outputs comment_count correctly');
|
||||
$this->assertEquals(0, $response['comment_offset'], 'outputs comment_offset correctly');
|
||||
// by default it will be deleted instantly after it is read
|
||||
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after reading');
|
||||
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste exists after reading');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -762,7 +711,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
public function testReadJson()
|
||||
{
|
||||
$paste = Helper::getPaste();
|
||||
$this->_model->create(Helper::getPasteId(), $paste);
|
||||
$this->_data->create(Helper::getPasteId(), $paste);
|
||||
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
||||
$_GET[Helper::getPasteId()] = '';
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
|
@ -774,10 +723,11 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$this->assertEquals(0, $response['status'], 'outputs success status');
|
||||
$this->assertEquals(Helper::getPasteId(), $response['id'], 'outputs data correctly');
|
||||
$this->assertStringEndsWith('?' . $response['id'], $response['url'], 'returned URL points to new paste');
|
||||
$this->assertEquals($paste['data'], $response['data'], 'outputs data correctly');
|
||||
$this->assertEquals($paste['meta']['formatter'], $response['meta']['formatter'], 'outputs format correctly');
|
||||
$this->assertEquals($paste['meta']['postdate'], $response['meta']['postdate'], 'outputs postdate correctly');
|
||||
$this->assertEquals($paste['meta']['opendiscussion'], $response['meta']['opendiscussion'], 'outputs opendiscussion correctly');
|
||||
$this->assertEquals($paste['ct'], $response['ct'], 'outputs ct correctly');
|
||||
$this->assertEquals($paste['adata'][1], $response['adata'][1], 'outputs formatter correctly');
|
||||
$this->assertEquals($paste['adata'][2], $response['adata'][2], 'outputs opendiscussion correctly');
|
||||
$this->assertEquals($paste['adata'][3], $response['adata'][3], 'outputs burnafterreading correctly');
|
||||
$this->assertEquals($paste['meta']['created'], $response['meta']['created'], 'outputs created correctly');
|
||||
$this->assertEquals(0, $response['comment_count'], 'outputs comment_count correctly');
|
||||
$this->assertEquals(0, $response['comment_offset'], 'outputs comment_offset correctly');
|
||||
}
|
||||
|
@ -787,13 +737,13 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
*/
|
||||
public function testReadOldSyntax()
|
||||
{
|
||||
$paste = Helper::getPaste();
|
||||
$paste = Helper::getPaste(1);
|
||||
$paste['meta'] = array(
|
||||
'syntaxcoloring' => true,
|
||||
'postdate' => $paste['meta']['postdate'],
|
||||
'opendiscussion' => $paste['meta']['opendiscussion'],
|
||||
);
|
||||
$this->_model->create(Helper::getPasteId(), $paste);
|
||||
$this->_data->create(Helper::getPasteId(), $paste);
|
||||
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
||||
$_GET[Helper::getPasteId()] = '';
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
|
@ -813,16 +763,37 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$this->assertEquals(0, $response['comment_offset'], 'outputs comment_offset correctly');
|
||||
}
|
||||
|
||||
/**
|
||||
* @runInSeparateProcess
|
||||
*/
|
||||
public function testReadBurnAfterReading()
|
||||
{
|
||||
$burnPaste = Helper::getPaste();
|
||||
$burnPaste['adata'][3] = 1;
|
||||
$this->_data->create(Helper::getPasteId(), $burnPaste);
|
||||
$this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists before deleting data');
|
||||
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
||||
$_GET[Helper::getPasteId()] = '';
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
ob_start();
|
||||
new Controller;
|
||||
$content = ob_get_contents();
|
||||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(0, $response['status'], 'outputs status');
|
||||
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste successfully deleted');
|
||||
}
|
||||
|
||||
/**
|
||||
* @runInSeparateProcess
|
||||
*/
|
||||
public function testDelete()
|
||||
{
|
||||
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
|
||||
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
|
||||
$paste = $this->_model->read(Helper::getPasteId());
|
||||
$this->_data->create(Helper::getPasteId(), Helper::getPaste());
|
||||
$this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists before deleting data');
|
||||
$paste = $this->_data->read(Helper::getPasteId());
|
||||
$_GET['pasteid'] = Helper::getPasteId();
|
||||
$_GET['deletetoken'] = hash_hmac('sha256', Helper::getPasteId(), $paste->meta->salt);
|
||||
$_GET['deletetoken'] = hash_hmac('sha256', Helper::getPasteId(), $paste['meta']['salt']);
|
||||
ob_start();
|
||||
new Controller;
|
||||
$content = ob_get_contents();
|
||||
|
@ -832,7 +803,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$content,
|
||||
'outputs deleted status correctly'
|
||||
);
|
||||
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste successfully deleted');
|
||||
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste successfully deleted');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -840,7 +811,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
*/
|
||||
public function testDeleteInvalidId()
|
||||
{
|
||||
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
|
||||
$this->_data->create(Helper::getPasteId(), Helper::getPaste());
|
||||
$_GET['pasteid'] = 'foo';
|
||||
$_GET['deletetoken'] = 'bar';
|
||||
ob_start();
|
||||
|
@ -852,7 +823,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$content,
|
||||
'outputs delete error correctly'
|
||||
);
|
||||
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists after failing to delete data');
|
||||
$this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists after failing to delete data');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -878,7 +849,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
*/
|
||||
public function testDeleteInvalidToken()
|
||||
{
|
||||
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
|
||||
$this->_data->create(Helper::getPasteId(), Helper::getPaste());
|
||||
$_GET['pasteid'] = Helper::getPasteId();
|
||||
$_GET['deletetoken'] = 'bar';
|
||||
ob_start();
|
||||
|
@ -890,29 +861,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$content,
|
||||
'outputs delete error correctly'
|
||||
);
|
||||
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists after failing to delete data');
|
||||
}
|
||||
|
||||
/**
|
||||
* @runInSeparateProcess
|
||||
*/
|
||||
public function testDeleteBurnAfterReading()
|
||||
{
|
||||
$burnPaste = Helper::getPaste(array('burnafterreading' => true));
|
||||
$this->_model->create(Helper::getPasteId(), $burnPaste);
|
||||
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
|
||||
$_POST['deletetoken'] = 'burnafterreading';
|
||||
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
||||
$_GET[Helper::getPasteId()] = '';
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
$_SERVER['REQUEST_METHOD'] = 'POST';
|
||||
ob_start();
|
||||
new Controller;
|
||||
$content = ob_get_contents();
|
||||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(0, $response['status'], 'outputs status');
|
||||
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste successfully deleted');
|
||||
$this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists after failing to delete data');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -920,9 +869,13 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
*/
|
||||
public function testDeleteInvalidBurnAfterReading()
|
||||
{
|
||||
$this->_model->create(Helper::getPasteId(), Helper::getPaste());
|
||||
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
|
||||
$_POST['deletetoken'] = 'burnafterreading';
|
||||
$this->_data->create(Helper::getPasteId(), Helper::getPaste());
|
||||
$this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists before deleting data');
|
||||
$file = tempnam(sys_get_temp_dir(), 'FOO');
|
||||
file_put_contents($file, json_encode(array(
|
||||
'deletetoken' => 'burnafterreading',
|
||||
)));
|
||||
Request::setInputStream($file);
|
||||
$_SERVER['QUERY_STRING'] = Helper::getPasteId();
|
||||
$_GET[Helper::getPasteId()] = '';
|
||||
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
|
||||
|
@ -933,7 +886,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
ob_end_clean();
|
||||
$response = json_decode($content, true);
|
||||
$this->assertEquals(1, $response['status'], 'outputs status');
|
||||
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists after failing to delete data');
|
||||
$this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists after failing to delete data');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -941,10 +894,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
*/
|
||||
public function testDeleteExpired()
|
||||
{
|
||||
$expiredPaste = Helper::getPaste(array('expire_date' => 1000));
|
||||
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste does not exist before being created');
|
||||
$this->_model->create(Helper::getPasteId(), $expiredPaste);
|
||||
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
|
||||
$expiredPaste = Helper::getPaste(2, array('expire_date' => 1000));
|
||||
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste does not exist before being created');
|
||||
$this->_data->create(Helper::getPasteId(), $expiredPaste);
|
||||
$this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists before deleting data');
|
||||
$_GET['pasteid'] = Helper::getPasteId();
|
||||
$_GET['deletetoken'] = 'does not matter in this context, but has to be set';
|
||||
ob_start();
|
||||
|
@ -956,7 +909,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$content,
|
||||
'outputs error correctly'
|
||||
);
|
||||
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste successfully deleted');
|
||||
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste successfully deleted');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -966,8 +919,8 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
{
|
||||
$paste = Helper::getPaste();
|
||||
unset($paste['meta']['salt']);
|
||||
$this->_model->create(Helper::getPasteId(), $paste);
|
||||
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
|
||||
$this->_data->create(Helper::getPasteId(), $paste);
|
||||
$this->assertTrue($this->_data->exists(Helper::getPasteId()), 'paste exists before deleting data');
|
||||
$_GET['pasteid'] = Helper::getPasteId();
|
||||
$_GET['deletetoken'] = hash_hmac('sha256', Helper::getPasteId(), ServerSalt::get());
|
||||
ob_start();
|
||||
|
@ -979,6 +932,6 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
|||
$content,
|
||||
'outputs deleted status correctly'
|
||||
);
|
||||
$this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste successfully deleted');
|
||||
$this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste successfully deleted');
|
||||
}
|
||||
}
|
||||
|
|
|
@ -23,7 +23,7 @@ class ControllerWithDbTest extends ControllerTest
|
|||
mkdir($this->_path);
|
||||
}
|
||||
$this->_options['dsn'] = 'sqlite:' . $this->_path . DIRECTORY_SEPARATOR . 'tst.sq3';
|
||||
$this->_model = Database::getInstance($this->_options);
|
||||
$this->_data = Database::getInstance($this->_options);
|
||||
$this->reset();
|
||||
}
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue