Commit graph

127 commits

Author SHA1 Message Date
El RIDO
8e27dbff15
clarify the use of 'unsafe-eval' and what the impact removing it has - Firefox users may not care and disable it to improve security 2019-09-19 19:24:28 +02:00
Haocen Xu
ab75b183fb
Fix click on new paste on clone paste editing view not removing custom
attachment

Fix cloning paste with attachment

Update CSP in sample and default configuration

Ensure clone paste also clone format

Fix clone button hiding logic when paste is burn after read

Remove attachment name when new paste clicked on

Enable file operation only when editing
2019-08-25 02:16:58 -04:00
El RIDO
11375a4f59
moved referrer policy from CSP & meta to proper HTTP header to avoid browser console error message about unknown CSP header and to ensure it always applies before HTML is parsed, fixes #196 2019-06-27 20:31:10 +02:00
El RIDO
c2e060d464
made compression configurable, fixes #38 2019-06-23 19:45:40 +02:00
rugk
b7db033bdd
Adjust config text 2019-06-21 19:50:40 +02:00
El RIDO
42c2003220
made notice configurable, fixing a few CSS glitches 2019-06-17 21:40:37 +02:00
El RIDO
362045c664
re-add data-URLs to CSP for img-src, as these are used for the comment icons 2019-06-16 07:06:58 +02:00
El RIDO
f915af1a5a
adjust CSP header to allow blob URLs 2019-06-15 09:36:09 +02:00
El RIDO
398fabd664
Chrome requires unsafe-eval for it to parse and evaluate WASM modules 2019-05-20 18:29:37 +02:00
El RIDO
720897b902 correct CSP to allow password prompt 2018-07-21 06:45:09 +00:00
rugk
60d4ccb02c
Add comment about blocked images
Fixes https://github.com/PrivateBin/PrivateBin/issues/275
2018-07-01 14:59:24 +02:00
El RIDO
d6f203dc4c
Removed option to hide clone button on expiring pastes, since this requires reading the paste for rendering the template, which leaks information on the pastes state 2018-05-27 15:05:31 +02:00
El RIDO
caf87cc6f1
Merge branch 'master' into burnafterreading-fix, regression in expired paste error 2018-04-30 20:01:38 +02:00
El RIDO
2c82279292
Merge branch 'attachment-handling' of https://github.com/thororm/PrivateBin into thororm-attachment-handling
apart from resolving conflicts:
- added missing docs
- inlined functions that were used in only one location
- updated unit test to support all previews
- fixed a regression that displayed the preview even when there was no preview and too early
2018-04-29 11:57:03 +02:00
rugk
9c132cd839
Disallow form-action in CSP to limit outgoing connections
See https://github.com/PrivateBin/PrivateBin/issues/272
2018-01-06 18:06:06 +01:00
rugk
414ab0eb71
Add config and basic page template support
* load JS file asyncronously (just HTML5 async attribut)
* add basic support for page template, where it generates the code inside
  of a simple div at the top
* added option to turn off QR code support
2017-12-25 14:59:15 +01:00
El RIDO
4ded4b7f8c
adding correct HTTP error to response, as per @rugk's recommentation 2017-10-08 16:43:46 +02:00
El RIDO
6625a9dc59
hiding INI contents from StyleCI 2017-10-08 16:26:21 +02:00
El RIDO
7197705d5c
updating unit test in preparation for planned file name change, currently failing 2017-10-08 16:25:11 +02:00
thororm
23f5dfbff8 Merge remote-tracking branch 'remotes/thororm/master' into attachment-handling
# Conflicts:
#	tpl/bootstrap.php
#	tpl/page.php
2017-05-13 19:48:25 +02:00
El RIDO
f54036976a
added instantburnafterreading option to address #174 2017-04-11 17:23:26 +02:00
thororm
096f07f86e Merge branch 'master' into attachment-handling
# Conflicts:
#	js/privatebin.js
#	tpl/bootstrap.php
#	tpl/page.php
2017-04-02 13:30:52 +02:00
El RIDO
be0919893d
updating shipped .htaccess files for Apache 2.4 as per https://httpd.apache.org/docs/2.4/upgrading.html#access - Thanks @EchoDev, fixes #194 2017-03-11 08:56:14 +01:00
thororm
b9737d368d Update conf.ini.sample 2017-02-13 22:57:09 +01:00
thororm
faf596aeb7 Added preview for
- Video (HTML5)
- Audio (HTML5)
- PDF (Browser capabilities)
attachment.
Added drag & drop functionality
Added attachment preview to preview before submitting
2017-02-12 15:35:37 +01:00
rugk
e9b10f9e2d
Add CSP sandbox
Fixes https://github.com/PrivateBin/PrivateBin/issues/168

Alos needed to run some Composer stuff, no idea why my diff was different.
2017-02-01 18:34:13 +01:00
El RIDO
67f6c4eb61
turned bootstrap template variants into logic 2017-01-08 10:02:07 +01:00
rugk
f5aefa5513 Update for correct spelling 2017-01-07 20:35:23 +01:00
Jordyn Carattini
36f70cad48 Fixed a spelling error in conf.ini
Changed "Mibibytes" to "Megabytes"
2017-01-01 17:47:07 -06:00
El RIDO
a5d91298ff
add an option to change the site name, solves #154 2017-01-01 16:33:11 +01:00
rugk
2cd4717bd2
Use default csp value by default
Otherwise the CSP may break updates if we later change the behaviour of PrivateBin somehow.
We should have done this before the v1.0 release, but well...
2016-09-18 12:21:42 +02:00
rugk
1a159c973f
Prevent referrer to be send
Uses both CSP and Referrer-Policy
Fixes #96
2016-09-03 18:12:24 +02:00
rugk
9ff74e8841 Allow manifest loading via CSP 2016-08-27 00:01:19 +02:00
rugk
3d541f867b Update config file header
We really don't need to license the config file....
2016-08-12 18:23:15 +02:00
El RIDO
3988b860b0 implemented Identicon library as new default for comment icons, made Vizhash an optional alternative, refactored Vizhash and removed string lenghtening 2016-08-10 17:41:46 +02:00
El RIDO
addb666a23 introducing CSP header to mitigate XSS attacks, closes #10 2016-08-09 14:46:32 +02:00
El RIDO
b45bef8388 Renamed classes for full PSR-2 compliance, some cleanup 2016-08-09 11:54:42 +02:00
rugk
38ab755733 Replace HTTP links with HTTPS
Using this regexp: https://regex101.com/r/rZ2dE2/1
2016-07-19 13:56:52 +02:00
El RIDO
b53efda635 improving code coverage and unit testing 2016-07-18 14:47:32 +02:00
El RIDO
ff0c55c0d6 introduce option to disable vizhash for paranoid admins, resolves #20 point 2.4 2016-07-18 10:14:38 +02:00
El RIDO
20cf678a75 adding default configuration for purging, resolves #3 (again) 2016-07-18 09:13:23 +02:00
El RIDO
79509ad48a renaming the fork to PrivateBin 2016-07-11 11:58:15 +02:00
Gilles
a7ef0b54e6 ZeroBin -> PrivateBin
Changing name
2016-07-10 11:02:31 +02:00
El RIDO
0e217a42c5 introduce new zerobincompatibility option, replacing the base64 one, if it is enabled, delete tokens use sha256; added per paste salt with server salt fallback; this resolves the points 2.2 & 2.9 in #103 2016-07-06 11:37:13 +02:00
El RIDO
a4ebdbc606 re-introducing (optional) URL shortener support, resolves #58 2016-01-31 09:56:06 +01:00
El RIDO
24a4328c55 incrementing version, updating changelog, added missing phpdoc comments 2015-11-09 21:39:42 +01:00
El RIDO
d42975580a expire_options and formatter_options should not be filled up with
default values, resolves #52
2015-10-24 08:44:17 +02:00
El RIDO
176dff3b70 renaming config file to make updates easier, resolving #50 2015-10-22 21:13:15 +02:00
El RIDO
e3f4aa982c adding configuration option to set a default language and/or force it,
resolves #39
2015-10-18 20:38:07 +02:00
El RIDO
ca07398b66 adding option to hide clone button on expiring pastes, resolves #34 2015-10-18 17:56:45 +02:00
El RIDO
9f68658106 incrementing version number, updating changelog 2015-09-21 22:43:00 +02:00
El RIDO
608605cd54 incrementing version number, updating docs 2015-09-19 17:23:10 +02:00
El RIDO
a41d0ca4dd various fixes:
- changing default formatter option to plain text to make upgrading from
  0.19 Alpha smoother
- fixing translation message change in bootstrap templates
- adjusting how image uploads are displayed in bootstrap templates
2015-09-19 14:22:29 +02:00
El RIDO
a111357fae add optional (since it uses a session cookie) language selection 2015-09-19 11:21:13 +02:00
El RIDO
47efedf23c traffic limiter would fail behind a reverse proxy / load balancer.
Adding configuration option to set the trusted HTTP header to get the
visitors IP in such a case (avoiding security issue if malicious clients
just set these headers themselfs)
2015-09-18 22:31:01 +02:00
El RIDO
106141efa4 merging @vikstrous file upload feature for #20 from
8a6d268278
2015-09-16 22:51:48 +02:00
El RIDO
0e53d1ee86 added markdown support and a dropdown for the format selection. The
options other then markdown are plain text and source code (syntax
highlighting). Resolves #25
2015-09-12 17:33:16 +02:00
El RIDO
b060d57524 - implemented php side of plural translation
- using it to generate labels dynamically for the expire options
(deprecating the [expire_labels] configuration).
- added translation of the human readable data sizes to support the
french octet
- fixed IEC label for kibibytes
2015-09-06 19:21:17 +02:00
El RIDO
2d79ba8243 updating docs, bumping version to 0.20 2015-09-03 22:22:59 +02:00
El RIDO
d3c4600806 slight configuration changes, template modifications to make discussions
and password configurable, removed generated configuration test as it
grows quite big and a new one can be generated easily if needed
2015-08-31 00:01:35 +02:00
Hexalyse
95f1db925b Merge branch 'master' of https://github.com/elrido/ZeroBin
Conflicts:
	cfg/conf.ini
	js/zerobin.js
2015-08-30 14:33:09 +02:00
El RIDO
2d0668af03 concluding work on configuration test generator for #16. Replaced a few
die()s in the code with Exception, making it possible to test properly.
Fixed some outdated unit tests.
2015-08-29 20:29:14 +02:00
El RIDO
3306bcff99 switch to bootstrap theme by default 2015-08-23 18:08:45 +02:00
Hexalyse
da7ffc5d07 Changed css 2015-08-22 22:46:35 +02:00
Hexalyse
f2912a07b0 Changed config to use SQLite 2015-08-22 16:43:02 +02:00
El RIDO
cb28056223 made highlighting more configurable, added all four themes, there is now a configurable flavour text (notice) 2015-08-17 23:18:33 +02:00
El RIDO
49c6e3c1b6 updated base64.js to version 2.1.9, using minified version found at
9192c510f5/base64.min.js
kudos Dan Kogai

small improvements to input checking
implementing default values for most configuration options
switching to versioned JS files to avoid version hack used in template
2015-08-16 12:27:06 +02:00
El RIDO
e646729b2d fixing regressions from cherrypicking 2015-08-15 21:39:08 +02:00
Sebastien SAUVAGE
5f87ea6843 ZeroBin 0.18
(cherry picked from commit 7a8cbee2f99cd74a50bce7e8df8130e2c477d903)

Conflicts:
	CHANGELOG.md
	index.php
	js/zerobin.js
	lib/vizhash16x16.php
2015-08-15 21:06:19 +02:00
Sebastien SAUVAGE
5b253cf77c ZeroBin 0.17
* added deletion link.
* small refactoring.
* improved regex checks.
* larger server alt on installation.
2013-11-01 01:15:14 +01:00
Simon Rupf
d247bff897 syntax highlighting can now be turned off, template can be changed in
configuration
2013-10-31 22:24:40 +01:00
Simon Rupf
630e16c4a0 Added more configuration options, based on patch by Uli Köhler 2013-10-30 23:54:42 +01:00
Simon Rupf
907538875b removed leftovers from submodule uglifyjs, added credits file,
cleaned up CSS, changed template to output clean XHTML 5,
added unit tests for 60% of the code, found a few bugs by doing
that and fixed them
2012-08-26 00:49:11 +02:00
Simon Rupf
421e6cba97 implemented zerobin_db model, added more options for paste expiration, made comments and max data size configurable 2012-05-19 23:59:41 +02:00
Simon Rupf
edf95ff56d added autoloading, configurable paste size limit, changed JS to calculate localized comment times instead of UTC 2012-04-30 22:58:08 +02:00
Simon Rupf
23487ce779 Fixed bug with missing directory separator and added .htaccess files to lib & cfg directories. If those are not present, the application will create them for you. 2012-04-30 13:58:29 +02:00
Simon Rupf
ba90d0cae2 Refactoring of code base - modularized code, introduced configuration, started working on a PDO based DB connector 2012-04-29 19:15:06 +02:00