Commit graph

2262 commits

Author SHA1 Message Date
El RIDO
40d35ab3c2
update SRI-hashes 2022-03-27 08:28:54 +02:00
El RIDO
82be7c6354
Merge branch 'hardening' of github.com:PrivateBin/PrivateBin into hardening 2022-03-27 08:28:10 +02:00
El RIDO
75dc346f0f
be more specific on the base type match and less specific on the subtype, in order to fail-safe (avoid being tricked into not sanitizing - the mime type is a user provided input) 2022-03-27 08:27:24 +02:00
El RIDO
960faf4417
wording
Co-authored-by: rugk <rugk+git@posteo.de>
2022-03-27 07:58:25 +02:00
El RIDO
36cb37c029
prevent error when attachments are disabled, but paste with attachment gets displayed 2022-03-13 20:18:51 +01:00
El RIDO
5617612eb3
upgrade to showdown 2.0.3 2022-03-13 20:05:38 +01:00
El RIDO
2a4d572c1e
Sanitize SVG preview, preventing script execution in instance context, while dropping support for attachment download in IE 2022-03-13 19:56:12 +01:00
El RIDO
6c1f0dde0c
set CSP also as meta tag, to deal with misconfigured webservers mangling the HTTP header 2022-03-13 18:11:13 +01:00
El RIDO
1807580226
Merge pull request #900 from PrivateBin/crowdin-translation
New Crowdin updates
2022-03-01 06:44:43 +01:00
PrivateBin Translator Bot
cc60ab701b New translations en.json (German) 2022-02-28 19:34:00 +01:00
El RIDO
389b07bd2d
Merge pull request #901 from PrivateBin/trafficlimit-short-subnets
Allow short subnet notation
2022-02-28 19:21:45 +01:00
PrivateBin Translator Bot
e9d6996db4 New translations en.json (Italian) 2022-02-28 17:27:05 +01:00
PrivateBin Translator Bot
a58bba0958 New translations en.json (German) 2022-02-28 17:27:04 +01:00
PrivateBin Translator Bot
abaa9eca35 New translations en.json (French) 2022-02-28 17:27:03 +01:00
El RIDO
3e02818335
actually support the short CIDR notation 2022-02-28 16:24:06 +01:00
El RIDO
6b001b5e4a
typo 2022-02-28 16:23:11 +01:00
PrivateBin Translator Bot
ccdb26df51 New translations en.json (Corsican) 2022-02-28 12:45:13 +01:00
PrivateBin Translator Bot
bef5c647cf New translations en.json (Occitan) 2022-02-28 11:29:33 +01:00
El RIDO
2b46fdd626
Merge branch 'stevenandres-master' 2022-02-27 19:32:43 +01:00
El RIDO
f83f80b5f6
Merge branch 'master' into stevenandres-master 2022-02-26 11:56:58 +01:00
El RIDO
f39934a104
Merge pull request #896 from Patriccollu/PB-in-Corsican
Adding Corsican as brand new locale
2022-02-26 11:52:43 +01:00
Patriccollu
4c8d23d3a5
Adding co.json for Corsican 2022-02-26 10:35:08 +01:00
El RIDO
fe89161848
replace deprecated function calls 2022-02-26 07:18:59 +01:00
El RIDO
d544d5e763
Update tst/Persistence/TrafficLimiterTest.php
Co-authored-by: rugk <rugk+git@posteo.de>
2022-02-26 06:59:11 +01:00
El RIDO
094c96afc6
Update tst/Persistence/TrafficLimiterTest.php
Co-authored-by: rugk <rugk+git@posteo.de>
2022-02-26 06:59:02 +01:00
El RIDO
247992fbca
Update tst/Persistence/TrafficLimiterTest.php
Co-authored-by: rugk <rugk+git@posteo.de>
2022-02-26 06:58:54 +01:00
El RIDO
77153a9b49
Update tst/Persistence/TrafficLimiterTest.php
Co-authored-by: rugk <rugk+git@posteo.de>
2022-02-26 06:58:41 +01:00
Patriccollu
110962bc8e
Updating CREDITS.md for new locale Corsican 2022-02-25 13:18:01 +01:00
Patriccollu
d73cfb093c
Updating CHANGELOG.md for new locale Corsican 2022-02-25 13:17:50 +01:00
El RIDO
288cf3f005
Merge branch 'master' into stevenandres-master 2022-02-25 06:42:18 +01:00
El RIDO
a62f29f052
Merge branch 'lib-update' 2022-02-25 06:40:56 +01:00
Patriccollu
9b9be50678
Adding co.json for Corsican 2022-02-25 00:02:58 +01:00
Patriccollu
30c0d22468
Updating I18n.php to add Corsican as new locale 2022-02-24 20:05:19 +01:00
Patriccollu
004e2dd75c
Update to add Corsican as new locale 2022-02-24 20:03:48 +01:00
Patriccollu
d5d06caf40
Adding co.json for Corsican 2022-02-24 19:50:27 +01:00
El RIDO
7a6f36a789
disable failing part of the test 2022-02-23 06:04:05 +01:00
El RIDO
a0f8a667ae
deprecated functions, fix test partially 2022-02-20 21:07:04 +01:00
El RIDO
fbf0eae513
update bootstrap JS library to 3.4.1
note that this fails one of our unit tests
2022-02-20 16:13:54 +01:00
El RIDO
0e3a7196f9
set frame-ancestors to none
disables embedding the site in any frames, which can bypass some of the security mechanisms reg. cross site scripting
2022-02-20 15:21:47 +01:00
El RIDO
f987e96d4b
apply StyleCI recommendation 2022-02-20 12:25:55 +01:00
El RIDO
1054319313
add new translation string 2022-02-20 12:22:34 +01:00
El RIDO
6b59d4f380
document change 2022-02-20 11:51:41 +01:00
El RIDO
1034d4038e
unify IP-related logic into traffic limiter 2022-02-20 11:25:19 +01:00
El RIDO
dbe8debe30
add creator unit tests for refactoring target, currently failing 2022-02-20 09:35:05 +01:00
El RIDO
190a35a53b
small unit test refactoring, comment wording 2022-02-20 09:30:41 +01:00
El RIDO
91041d8c59
simplify/unify naming & wording of the two types of IP lists for the traffic limiter 2022-02-20 09:09:20 +01:00
El RIDO
d764c03759
Merge branch 'master' of https://github.com/stevenandres/PrivateBin into stevenandres-master 2022-02-20 08:44:09 +01:00
El RIDO
7277d2bb43
update all libraries 2022-02-18 07:36:09 +01:00
El RIDO
c8c6a67530
Merge pull request #887 from PrivateBin/crowdin-translation
New Crowdin updates
2022-02-18 06:50:44 +01:00
El RIDO
9443900f66
Merge pull request #886 from PrivateBin/scrutinizer-i18n-test
allow for Lojban (jbo) to be the "any" language pick
2022-02-18 06:17:50 +01:00