tedkulp/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2026-04-18 21:48:24 -04:00
Code Issues Packages Projects Releases Wiki Activity
4,371 Commits 11 Branches 40 Tags
4434dbf73ac53217fda0f90d8cf9b6110f8acc4f
Commit Graph

678 Commits

Author SHA1 Message Date
El RIDO bddfb173da Merge branch 'master' into advisory-fix-1 2025-11-12 07:47:43 +01:00
El RIDO 5b85d63942 Merge branch 'master' into advisory-fix-1 2025-11-12 07:18:43 +01:00
El RIDO e427458cd0 Merge branch 'master' into advisory-fix-1 2025-11-11 22:00:09 +01:00
Ribas160 08b3244314 privatebin.js SRI and CHANGELOG.md updated 2025-11-11 20:13:10 +02:00
El RIDO 2e11b13464 remove dead code 2025-11-11 17:56:49 +01:00
El RIDO c35fc4f790 use more straight forward in_array check 
kudos @Ribas160 for the suggestion
 2025-11-11 17:53:50 +01:00
El RIDO f456fb576e ensure template cookie cannot be a path 2025-11-11 17:52:48 +01:00
Ribas160 9c71fbcc70 Use pure JavaScript to create a div element 2025-11-11 17:45:27 +02:00
El RIDO a371f5cab5 remove dead code 2025-11-11 12:49:37 +01:00
El RIDO 94a854faca do add the configured template to the available ones, if missing 2025-11-11 10:59:55 +01:00
El RIDO ea73300e15 don't always set the cookie, having to unset it later 
but still unset it, if it currently should not be in use (templateselection = false)
 2025-11-11 09:45:51 +01:00
El RIDO be6a3702fc simplify logic and improve readability 
function was only used in one place and only indirectly tested, so it could be inlined, which also makes the test for null and the extra variable allocation unnecessary
 2025-11-11 09:43:41 +01:00
El RIDO f2164353c3 use realpath and validate tpl directory contents 
to ensure only php files inside the tpl dir can get used as templates
 2025-11-11 09:34:54 +01:00
El RIDO dae5f7fd61 partially revert #1559 
Instead of automatically adding custom templates, we log an error if
that template is missing in the available templates. Still mitigates
arbitrary file inclusion, as the string is now checked against a fixed
allow list.
 2025-11-10 17:31:35 +01:00
Ribas160 14b68af528 Insert drag and drop file names as a text, not html 2025-11-10 17:59:18 +02:00
El RIDO a479d75405 belt and braces: reset the template cookie, if function is not enabled 2025-11-10 12:25:19 +01:00
El RIDO 17ff44037a prevent use of paths in template names, only file names inside tpl directory are allowed 2025-11-10 12:23:50 +01:00
El RIDO 13949349af improve readability of logic 2025-11-10 12:22:29 +01:00
Ribas160 a7b253a43a fix: error fetching attachments from blob 2025-11-05 17:33:08 +02:00
El RIDO a91d0afebd ensure there is still a space between commenter icon and name 2025-10-28 16:35:58 +01:00
El RIDO 2f70456e9a incrementing version 2025-10-28 16:08:13 +01:00
El RIDO 43cf8b53ac Merge branch 'master' into purify-3.3.0 2025-10-28 11:27:17 +01:00
El RIDO c4f8482b30 Refactored jQuery DOM element creation 
using plain JavaScript, to ensure text nodes are sanitized
 2025-10-25 12:56:55 +02:00
El RIDO fd2c2ae0c5 update DOMpurify library from 3.2.7 to 3.3.0 2025-10-25 10:52:40 +02:00
El RIDO 0bfa300c59 apply StyleCI recommendation 2025-10-12 18:40:48 +02:00
El RIDO d76796adf3 deduplicate logic 2025-10-12 18:39:36 +02:00
El RIDO 60bab2badb make OPcache optional, resolves #1678 2025-10-12 18:19:46 +02:00
El RIDO 6054e99849 ensure PHP opcache gets invalidated, when storing data in file parsed via PHP require 2025-10-12 11:39:58 +02:00
El RIDO 9b7daf5d0a incrementing version 2025-10-12 08:50:13 +02:00
El RIDO 06496a1b0e update bootstrap CSS library from 5.3.7 to 5.3.8 2025-10-09 09:24:08 +02:00
El RIDO ed9bdc4272 update DOMpurify library from 3.2.6 to 3.2.7 2025-10-09 08:57:20 +02:00
El RIDO e7c2aa4d60 address eslint errors 2025-10-07 00:11:49 +02:00
El RIDO 85962a537a fix php unit tests & SRI hash 2025-10-06 23:53:13 +02:00
El RIDO 7f93242279 upgrade eslint config and remove workaround for implicit globals 
we seem to have used eslint through codeclimate in the past, but that service seems no longer integrated, possibly due to no longer being free
 2025-10-06 18:30:19 +02:00
El RIDO 7ca49d1363 chore: update SRI hashes 2025-09-30 20:45:24 +02:00
El RIDO f03f2bf28d simplify cache breaker extraction 2025-09-25 22:06:38 +02:00
El RIDO 0befe7e3cc update SRI hash 2025-09-24 12:38:50 +02:00
TW - Vincent fd664dd577 Update Configuration.php 2025-09-21 19:02:49 +02:00
TW - Vincent ba42cdbe62 Update Configuration.php 2025-09-21 18:34:06 +02:00
rugk cfc687d62b style: fix indentation 2025-09-03 14:12:12 +00:00
rugk 879b696f22 wipfix: correct contatenation of options 2025-09-03 13:43:57 +00:00
rugk 2c1a17a07f Strengthen validation of URL in proxy services 
This should definitively rule out any circumstances, where invalid URLs could cause problems.

Both URL validity is checked before it is forwarded to the URL shortener proxy _and_ the host part is explicitly compared to make sure the domain is really the same one.

TOOD:
* [ ] some tests may be needed here (hmpff…)
 2025-09-02 22:40:22 +02:00
El RIDO 5cc963be1b deduplicate proxy view operations 2025-08-30 09:22:44 +02:00
Karthik Kasturi 77395c147f updated test cases, added clarity in error messages 2025-08-20 01:23:06 +00:00
Karthik Kasturi 0be1cef224 i18n updates 2025-08-19 21:39:16 +01:00
Karthik Kasturi 7ec8bc6ef1 chore: moved proxy classes to different folder and namespaces 2025-08-19 20:34:39 +01:00
Karthik Kasturi 4a39a2ad0f refactor: added AbstractProxy base class for shortener proxies 2025-08-15 23:28:44 +01:00
Karthik Kasturi 714e455479 style fixes 2025-08-15 00:20:11 +01:00
Karthik Kasturi 0808052acf Added shlink integration 2025-08-15 00:07:51 +01:00
Karthik Kasturi 94e0d718cf update SRI 2025-08-14 00:39:59 +01:00