moved bad bot check into InitialCheck, changed old ie notice into generic update warning, when unsupported user agent is detected and made the other IE alert show in all versions as it is now entirely unsupported

This commit is contained in:
El RIDO 2019-06-17 21:09:21 +02:00
parent 748b85e025
commit fc914b4b84
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
3 changed files with 116 additions and 67 deletions

View file

@ -176,18 +176,6 @@ jQuery.PrivateBin = (function($, RawDeflate) {
const Helper = (function () { const Helper = (function () {
const me = {}; const me = {};
/**
* blacklist of UserAgents (parts) known to belong to a bot
*
* @private
* @enum {Object}
* @readonly
*/
const BadBotUA = [
'Bot',
'bot'
];
/** /**
* cache for script location * cache for script location
* *
@ -365,25 +353,6 @@ jQuery.PrivateBin = (function($, RawDeflate) {
return baseUri; return baseUri;
}; };
/**
* checks whether this is a bot we dislike
*
* @name Helper.isBadBot
* @function
* @return {bool}
*/
me.isBadBot = function() {
// check whether a bot user agent part can be found in the current
// user agent
for (let i = 0; i < BadBotUA.length; ++i) {
if (navigator.userAgent.indexOf(BadBotUA) >= 0) {
return true;
}
}
return false;
}
/** /**
* wrap an object into a Paste, used for mocking in the unit tests * wrap an object into a Paste, used for mocking in the unit tests
* *
@ -4561,15 +4530,58 @@ jQuery.PrivateBin = (function($, RawDeflate) {
* @param {object} document * @param {object} document
* @class * @class
*/ */
var InitialCheck = (function (window, document) { var InitialCheck = (function () {
var me = {}; var me = {};
/**
* blacklist of UserAgents (parts) known to belong to a bot
*
* @private
* @enum {Array}
* @readonly
*/
const badBotUA = [
'Bot',
'bot'
];
/**
* blacklist of UserAgent versions known not to work with this application
*
* @private
* @enum {Object}
* @readonly
*/
const oldUA = [
{
'regex': /Chrome\/([0-9]+)/,
'minVersion': 57,
},
{
'regex': /Edge\/([0-9]+)/,
'minVersion': 16,
},
{
'regex': /Firefox\/([0-9]+)/,
'minVersion': 54,
},
{
'regex': /Opera\/.*Version\/([0-9]+)/,
'minVersion': 44,
},
{
'regex': /Version\/([0-9]+).*Safari/,
'minVersion': 11,
}
];
/** /**
* check if the connection is insecure * check if the connection is insecure
* *
* @private * @private
* @name InitialCheck.isInsecureConnection * @name InitialCheck.isInsecureConnection
* @function * @function
* @return {bool}
*/ */
function isInsecureConnection() function isInsecureConnection()
{ {
@ -4601,20 +4613,73 @@ jQuery.PrivateBin = (function($, RawDeflate) {
} }
/** /**
* init on application start * checks whether this is a bot we dislike
*
* @private
* @name InitialCheck.isBadBot
* @function
* @return {bool}
*/
function isBadBot() {
// check whether a bot user agent part can be found in the current
// user agent
for (let i = 0; i < badBotUA.length; ++i) {
if (navigator.userAgent.indexOf(badBotUA) >= 0) {
return true;
}
}
return false;
}
/**
* checks whether this is an unsupported browser
*
* @private
* @name InitialCheck.isOldBrowser
* @function
* @return {bool}
*/
function isOldBrowser() {
for (let i = 0; i < oldUA.length; ++i) {
let result = oldUA[i]['regex'].exec(navigator.userAgent);
if (result && result[1] < oldUA[i]['minVersion']) {
return true;
}
}
return false;
}
/**
* init on application start, returns an all-clear signal
* *
* @name InitialCheck.init * @name InitialCheck.init
* @function * @function
* @return {bool}
*/ */
me.init = function() me.init = function()
{ {
// prevent bots from viewing a paste and potentially deleting data
// when burn-after-reading is set
if (isBadBot()) {
Alert.showError('I love you too, bot…');
return false;
}
if (isOldBrowser()) {
$('#oldnotice').toggle(true);
// execution will likely fail, but the user agent may be
// deliberately set to an incorrect value, so let it proceed
}
if (isInsecureConnection()) { if (isInsecureConnection()) {
Alert.showError('This instance is using an insecure connection! Please only use this for testing.'); Alert.showError('This instance is using an insecure connection! Please only use this for testing.');
} }
return true;
} }
return me; return me;
})(window, document); })();
/** /**
* (controller) main PrivateBin logic * (controller) main PrivateBin logic
@ -4663,18 +4728,6 @@ jQuery.PrivateBin = (function($, RawDeflate) {
Alert.hideLoading(); Alert.hideLoading();
}; };
/**
* shows how we much we love bots that execute JS ;)
*
* @name Controller.showBadBotMessage
* @function
*/
me.showBadBotMessage = function()
{
TopNav.hideAllButtons();
Alert.showError('I love you too, bot…');
}
/** /**
* shows the loaded paste * shows the loaded paste
* *
@ -4802,6 +4855,10 @@ jQuery.PrivateBin = (function($, RawDeflate) {
// initialize other modules/"classes" // initialize other modules/"classes"
Alert.init(); Alert.init();
if (!InitialCheck.init()) {
// something major is wrong, stop right away
return;
}
Model.init(); Model.init();
AttachmentViewer.init(); AttachmentViewer.init();
DiscussionViewer.init(); DiscussionViewer.init();
@ -4811,7 +4868,6 @@ jQuery.PrivateBin = (function($, RawDeflate) {
Prompt.init(); Prompt.init();
TopNav.init(); TopNav.init();
UiHelper.init(); UiHelper.init();
InitialCheck.init();
z = (await zlib); z = (await zlib);
// check whether existing paste needs to be shown // check whether existing paste needs to be shown
@ -4822,19 +4878,12 @@ jQuery.PrivateBin = (function($, RawDeflate) {
return me.newPaste(); return me.newPaste();
} }
// if delete token is passed (i.e. paste has been deleted by this access) // if delete token is passed (i.e. paste has been deleted by this
// there is no more stuf we need to do // access), there is nothing more to do
if (Model.hasDeleteToken()) { if (Model.hasDeleteToken()) {
return; return;
} }
// prevent bots from viewing a paste and potentially deleting data
// when burn-after-reading is set
// see https://github.com/elrido/ZeroBin/issues/11
if (Helper.isBadBot()) {
return me.showBadBotMessage();
}
// display an existing paste // display an existing paste
return me.showPaste(); return me.showPaste();
} }

View file

@ -72,9 +72,9 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.10.js" integrity="sha512-CqskSFXERL38A1PJP9BlO04me7kmwgDIhN1+k24RoFiisEwXA0BMdm0lzJC7g5jCRZ4k5OYdOJGEqW9CwDl4CA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.10.js" integrity="sha512-CqskSFXERL38A1PJP9BlO04me7kmwgDIhN1+k24RoFiisEwXA0BMdm0lzJC7g5jCRZ4k5OYdOJGEqW9CwDl4CA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-RE9PlksCFEcNHrU0eXzMBdNahXuwzbJHdzmCFNR5LlXMK+bSE5f07qniZJcszcW8L0imdN7MFSsBHxXxVdaqqg==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-XBHCzQfUJpMdNvleyRI6rLt0Kvq4qvz0KOyUSOPbuEF9W4ihPFwCrwHyLS0XOxFmhAPbh81YPKCn1BPKXSQc2g==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if IE]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
<![endif]--> <![endif]-->
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" /> <link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" /> <link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
@ -449,16 +449,16 @@ endif;
<?php echo htmlspecialchars($ERROR), PHP_EOL; ?> <?php echo htmlspecialchars($ERROR), PHP_EOL; ?>
</div> </div>
<noscript> <noscript>
<div id="noscript" role="alert" class="nonworking alert alert-<?php echo $isDark ? 'error' : 'warning'; ?>"> <div id="noscript" role="alert" class="alert alert-<?php echo $isDark ? 'error' : 'warning'; ?>">
<span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span> <span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
<?php echo I18n::_('JavaScript is required for %s to work.<br />Sorry for the inconvenience.', I18n::_($NAME)), PHP_EOL; ?> <?php echo I18n::_('JavaScript is required for %s to work.<br />Sorry for the inconvenience.', I18n::_($NAME)), PHP_EOL; ?>
</div> </div>
</noscript> </noscript>
<div id="oldienotice" role="alert" class="hidden nonworking alert alert-danger"> <div id="oldnotice" role="alert" class="hidden alert alert-danger">
<span class="glyphicon glyphicon-alert" aria-hidden="true"></span> <span class="glyphicon glyphicon-alert" aria-hidden="true"></span>
<?php echo I18n::_('%s requires a modern browser to work.', I18n::_($NAME)), PHP_EOL; ?> <?php echo I18n::_('%s requires a modern browser to work.', I18n::_($NAME)), PHP_EOL; ?>
</div> </div>
<div id="ienotice" role="alert" class="hidden alert alert-<?php echo $isDark ? 'error' : 'warning'; ?>"> <div id="ienotice" role="alert" class="hidden alert alert-danger">
<span class="glyphicon glyphicon-question-sign" aria-hidden="true"></span> <span class="glyphicon glyphicon-question-sign" aria-hidden="true"></span>
<?php echo I18n::_('Still using Internet Explorer? Do yourself a favor, switch to a modern browser:'), PHP_EOL; ?> <?php echo I18n::_('Still using Internet Explorer? Do yourself a favor, switch to a modern browser:'), PHP_EOL; ?>
<a href="https://www.mozilla.org/firefox/">Firefox</a>, <a href="https://www.mozilla.org/firefox/">Firefox</a>,

View file

@ -50,9 +50,9 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.10.js" integrity="sha512-CqskSFXERL38A1PJP9BlO04me7kmwgDIhN1+k24RoFiisEwXA0BMdm0lzJC7g5jCRZ4k5OYdOJGEqW9CwDl4CA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.10.js" integrity="sha512-CqskSFXERL38A1PJP9BlO04me7kmwgDIhN1+k24RoFiisEwXA0BMdm0lzJC7g5jCRZ4k5OYdOJGEqW9CwDl4CA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-RE9PlksCFEcNHrU0eXzMBdNahXuwzbJHdzmCFNR5LlXMK+bSE5f07qniZJcszcW8L0imdN7MFSsBHxXxVdaqqg==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-XBHCzQfUJpMdNvleyRI6rLt0Kvq4qvz0KOyUSOPbuEF9W4ihPFwCrwHyLS0XOxFmhAPbh81YPKCn1BPKXSQc2g==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if IE]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
<![endif]--> <![endif]-->
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" /> <link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" /> <link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
@ -78,8 +78,8 @@ endif;
<h2 class="title"><?php echo I18n::_('Because ignorance is bliss'); ?></h2><br /> <h2 class="title"><?php echo I18n::_('Because ignorance is bliss'); ?></h2><br />
<h3 class="title"><?php echo $VERSION; ?></h3> <h3 class="title"><?php echo $VERSION; ?></h3>
<noscript><div id="noscript" class="nonworking"><?php echo I18n::_('JavaScript is required for %s to work.<br />Sorry for the inconvenience.', I18n::_($NAME)); ?></div></noscript> <noscript><div id="noscript" class="nonworking"><?php echo I18n::_('JavaScript is required for %s to work.<br />Sorry for the inconvenience.', I18n::_($NAME)); ?></div></noscript>
<div id="oldienotice" class="nonworking"><?php echo I18n::_('%s requires a modern browser to work.', I18n::_($NAME)); ?></div> <div id="oldnotice" class="nonworking"><?php echo I18n::_('%s requires a modern browser to work.', I18n::_($NAME)); ?></div>
<div id="ienotice"><?php echo I18n::_('Still using Internet Explorer? Do yourself a favor, switch to a modern browser:'), PHP_EOL; ?> <div id="ienotice" class="nonworking"><?php echo I18n::_('Still using Internet Explorer? Do yourself a favor, switch to a modern browser:'), PHP_EOL; ?>
<a href="https://www.mozilla.org/firefox/">Firefox</a>, <a href="https://www.mozilla.org/firefox/">Firefox</a>,
<a href="https://www.opera.com/">Opera</a>, <a href="https://www.opera.com/">Opera</a>,
<a href="https://www.google.com/chrome">Chrome</a> <a href="https://www.google.com/chrome">Chrome</a>