10be6c25bf
Merge pull request #1709 from PrivateBin/devcontainer/composer
...
Install PHP/composer unit testing dependencies globally for DevContainer
2025-11-12 15:37:38 +01:00
d32ac29925
chore: prepare for next release
2025-11-12 08:51:05 +01:00
19ca6d3dab
incrementing version
2025-11-12 08:00:50 +01:00
f48544978b
apply StyleCI suggestion
2025-11-12 07:57:30 +01:00
4434dbf73a
Merge commit from fork
...
Fix arbitrary PHP file inclusion when enabling template switching
2025-11-12 07:54:10 +01:00
bddfb173da
Merge branch 'master' into advisory-fix-1
2025-11-12 07:47:43 +01:00
f9550e5133
Merge commit from fork
...
Insert drag and drop file names as a text, not html
2025-11-12 07:46:35 +01:00
5b85d63942
Merge branch 'master' into advisory-fix-1
2025-11-12 07:18:43 +01:00
e427458cd0
Merge branch 'master' into advisory-fix-1
2025-11-11 22:00:09 +01:00
f9630e7e6c
Add PHP composer global installation for DevContainer
...
Updated composer commands to require google/cloud-storage globally and optimized autoloader during update.
This helps with https://github.com/PrivateBin/PrivateBin/issues/1641 (but technically not solve it).
2025-11-11 20:02:36 +01:00
1fbaba732e
Merge pull request #1702 from PrivateBin/create_cloned_paste_error
...
fix: error fetching attachments from blob
2025-11-11 20:15:00 +02:00
08b3244314
privatebin.js SRI and CHANGELOG.md updated
2025-11-11 20:13:10 +02:00
ff5aee85b4
Insert file names as break-separated text nodes
...
Co-authored-by: El RIDO <elrido@gmx.net >
2025-11-11 20:05:32 +02:00
2e11b13464
remove dead code
2025-11-11 17:56:49 +01:00
c35fc4f790
use more straight forward in_array check
...
kudos @Ribas160 for the suggestion
2025-11-11 17:53:50 +01:00
f456fb576e
ensure template cookie cannot be a path
2025-11-11 17:52:48 +01:00
9c71fbcc70
Use pure JavaScript to create a div element
2025-11-11 17:45:27 +02:00
a371f5cab5
remove dead code
2025-11-11 12:49:37 +01:00
51bb637411
document the change
2025-11-11 11:00:19 +01:00
94a854faca
do add the configured template to the available ones, if missing
2025-11-11 10:59:55 +01:00
ea73300e15
don't always set the cookie, having to unset it later
...
but still unset it, if it currently should not be in use (templateselection = false)
2025-11-11 09:45:51 +01:00
be6a3702fc
simplify logic and improve readability
...
function was only used in one place and only indirectly tested, so it could be inlined, which also makes the test for null and the extra variable allocation unnecessary
2025-11-11 09:43:41 +01:00
f2164353c3
use realpath and validate tpl directory contents
...
to ensure only php files inside the tpl dir can get used as templates
2025-11-11 09:34:54 +01:00
dae5f7fd61
partially revert #1559
...
Instead of automatically adding custom templates, we log an error if
that template is missing in the available templates. Still mitigates
arbitrary file inclusion, as the string is now checked against a fixed
allow list.
2025-11-10 17:31:35 +01:00
14b68af528
Insert drag and drop file names as a text, not html
2025-11-10 17:59:18 +02:00
a479d75405
belt and braces: reset the template cookie, if function is not enabled
2025-11-10 12:25:19 +01:00
17ff44037a
prevent use of paths in template names, only file names inside tpl directory are allowed
2025-11-10 12:23:50 +01:00
13949349af
improve readability of logic
2025-11-10 12:22:29 +01:00
5f6c2beb3b
Unit test on escaping the template directory
2025-11-10 12:00:29 +01:00
591d2d40e1
Merge pull request #1708 from calvinbui/patch-1
...
Fix typo in Shlink config docs
2025-11-09 07:46:23 +01:00
ec178e0c38
Fix typo in Shlink config docs
2025-11-09 10:00:48 +11:00
697753ab91
New Crowdin updates ( #1706 )
...
* New translations en.json (Lithuanian)
2025-11-08 06:00:28 +01:00
a7b253a43a
fix: error fetching attachments from blob
2025-11-05 17:33:08 +02:00
5e10469ffc
Merge pull request #1700 from HariZalanPrivateBin/master
...
Update hu.json
2025-11-05 07:45:54 +01:00
feeac849c4
Update hu.json
...
My own translations currently used at privbin.harizalan.hu, enhanced at various points
2025-11-05 06:29:42 +01:00
0dd275db5c
Merge pull request #1699 from PrivateBin/crowdin-translation
...
New Crowdin updates
2025-11-02 08:09:09 +01:00
cadfe65bfa
New translations en.json (Finnish)
2025-11-01 12:52:40 +01:00
9d7508f44f
chore: prepare for next release
2025-10-28 16:54:42 +01:00
5018c963f9
chore: prepare for next release
2025-10-28 16:53:07 +01:00
a91d0afebd
ensure there is still a space between commenter icon and name
2025-10-28 16:35:58 +01:00
2f70456e9a
incrementing version
2025-10-28 16:08:13 +01:00
392e160006
Merge pull request #1688 from PrivateBin/purify-3.3.0
...
update DOMpurify library from 3.2.7 to 3.3.0
2025-10-28 11:44:34 +01:00
8293d1fb5d
apply ESLint recommendation
2025-10-28 11:33:47 +01:00
43cf8b53ac
Merge branch 'master' into purify-3.3.0
2025-10-28 11:27:17 +01:00
2d8af1f31e
Merge commit from fork
...
Sanitize file name in attachment file size hints
2025-10-28 11:24:11 +01:00
0a6e7ef4f7
Merge pull request #1692 from PrivateBin/dependabot/github_actions/actions/upload-artifact-5
...
Bump actions/upload-artifact from 4 to 5
2025-10-27 13:38:15 +01:00
8526816468
Bump actions/upload-artifact from 4 to 5
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-27 12:00:40 +00:00
85ae5cf676
Merge pull request #1691 from PrivateBin/crowdin-translation
...
New Crowdin updates
2025-10-26 18:31:34 +01:00
d27d63584f
Merge branch 'master' into crowdin-translation
2025-10-26 18:26:06 +01:00
99e0d5ca4e
New translations en.json (Ukrainian)
2025-10-26 15:38:32 +01:00
rugk
El RIDO
Mikhail Romanov
Ribas160
Calvin Bui
PrivateBin Translator Bot
HariZalanPrivateBin
dependabot[bot]