tedkulp/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2026-04-18 21:48:24 -04:00
Code Issues Packages Projects Releases Wiki Activity
3,946 Commits 11 Branches 40 Tags
4563422080de4fa988e988efb93702883c7883a7
Commit Graph

3946 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
El RIDO 4563422080 document the changes 2025-11-12 11:44:06 +01:00
El RIDO 777e0e8570 apply StyleCI suggestion 2025-11-12 11:40:11 +01:00
El RIDO 7b1c3ffd40 remove dead code 2025-11-12 11:38:42 +01:00
El RIDO 5da187a496 use more straight forward in_array check 
kudos @Ribas160 for the suggestion
 2025-11-12 11:38:33 +01:00
El RIDO 125f57c5b4 ensure template cookie cannot be a path 2025-11-12 11:38:20 +01:00
El RIDO fffa9fb4e9 remove dead code 2025-11-12 11:38:05 +01:00
El RIDO a1a50ee3a5 do add the configured template to the available ones, if missing 2025-11-12 11:37:57 +01:00
El RIDO 194385e692 don't always set the cookie, having to unset it later 
but still unset it, if it currently should not be in use (templateselection = false)
 2025-11-12 11:37:48 +01:00
El RIDO da9e85ecde simplify logic and improve readability 
function was only used in one place and only indirectly tested, so it could be inlined, which also makes the test for null and the extra variable allocation unnecessary
 2025-11-12 11:37:38 +01:00
El RIDO 83b5d1fbba use realpath and validate tpl directory contents 
to ensure only php files inside the tpl dir can get used as templates
 2025-11-12 11:37:29 +01:00
El RIDO db251732d2 partially revert #1559 
Instead of automatically adding custom templates, we log an error if
that template is missing in the available templates. Still mitigates
arbitrary file inclusion, as the string is now checked against a fixed
allow list.
 2025-11-12 11:37:08 +01:00
El RIDO d1124382bc belt and braces: reset the template cookie, if function is not enabled 2025-11-12 11:36:07 +01:00
El RIDO 4ac8ffa2a4 prevent use of paths in template names, only file names inside tpl directory are allowed 2025-11-12 11:35:56 +01:00
El RIDO fd6ba6595f improve readability of logic 2025-11-12 11:35:47 +01:00
El RIDO 530f360497 make OPcache optional, resolves #1678 2025-11-12 11:34:03 +01:00
El RIDO ad983ef670 ensure PHP opcache gets invalidated, when storing data in file parsed via PHP require 2025-11-12 11:32:10 +01:00
Mikhail Romanov 8c4b3bb114 Insert file names as break-separated text nodes 
Co-authored-by: El RIDO <elrido@gmx.net>
 2025-11-12 11:27:44 +01:00
Ribas160 88fd86b994 Use pure JavaScript to create a div element 2025-11-12 11:26:49 +01:00
Ribas160 b14da334f4 Insert drag and drop file names as a text, not html 2025-11-12 11:26:01 +01:00
Ribas160 d03ec380d1 fix: error fetching attachments from blob 2025-11-12 11:24:21 +01:00
El RIDO 41dcdbc41d ensure there is still a space between commenter icon and name 2025-11-12 11:21:45 +01:00
El RIDO 68972322d9 Refactored jQuery DOM element creation 
using plain JavaScript, to ensure text nodes are sanitized
 2025-11-12 11:20:32 +01:00
El RIDO 1f5ed30a63 update DOMpurify library from 3.2.7 to 3.3.0 2025-11-12 11:17:51 +01:00
El RIDO dc3bc8b23d suppress noise from early initialization during unit tests 
the tests still all passed, but the missing browser globals in the node environment could cause misleading messages in the mocha output
 2025-11-12 11:11:24 +01:00
rugk 55472df906 Make sure legacy check returns true only on HTTPS (not like ftp or whatever) 
I am not sure why it was expressed so convoluted before?

Found that in https://github.com/orgs/PrivateBin/discussions/1657
 2025-11-12 11:07:17 +01:00
El RIDO e3ec9dc963 upgrade kjua to 0.10.0 2025-11-12 11:07:03 +01:00
El RIDO c7c0420d63 upgrade base-x to 5.0.1 2025-11-12 11:03:12 +01:00
Cél f35d883a18 Fixed a Typo in Running Unit Tests.md #HSFDPMUW 
Fixed a typo for a command. 
I need to add this hashtag at the end because I am contributing in a project at my university.
 2025-11-12 10:54:54 +01:00
rugk 61b2783634 Fix links in doc/README.md 
* Fixing the last link, which was totally broken
* Updated links in README to use relative paths.
 2025-11-12 10:54:30 +01:00
El RIDO 3e3ee8abc5 update bootstrap CSS library from 5.3.7 to 5.3.8 2025-11-12 10:52:07 +01:00
El RIDO eb72844588 update ip-lib library from 1.20.0 to 1.21.0 2025-11-12 10:43:29 +01:00
El RIDO eb203e2d25 remove broken & obsolete badges 2025-11-12 10:36:48 +01:00
El RIDO f622a04425 enable xdebug for coverage in scrutinizer 2025-11-12 10:36:30 +01:00
El RIDO f55d027baf attempt to upgrade to PHP 8.2 in scrutinizer 2025-11-12 10:36:30 +01:00
El RIDO cf039f1d71 attempt to upgrade to PHP 8.3 in scrutinizer 2025-11-12 10:36:30 +01:00
El RIDO 8f55715749 attempt to upgrade to PHP 8.4 in scrutinizer 2025-11-12 10:36:30 +01:00
rugk c6bccdbfe1 chore: always ignore composer PHP bin dir 2025-11-12 10:35:42 +01:00
dependabot[bot] c2341032a4 Bump actions/upload-artifact from 4 to 5 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-12 10:35:18 +01:00
dependabot[bot] ec82920a93 Bump actions/setup-node from 5 to 6 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-12 10:35:05 +01:00
El RIDO 2894ac430a unify workflow code styles 2025-11-12 10:28:56 +01:00
El RIDO aea562a1b4 attempting to make the condition list more readable 2025-11-12 10:27:26 +01:00
El RIDO 86d39434a3 disable running snyk if triggering user doesn't have access to the secret 2025-11-12 10:27:15 +01:00
El RIDO 7eec8caae3 apply explicit permissions as per CodeQL suggestion 
as per rule ID actions/missing-workflow-permissions
 2025-11-12 10:24:57 +01:00
El RIDO bab4d50cd4 update codeql actions to release 4 (node 24) and enable github action scanning 2025-11-12 10:24:36 +01:00
dependabot[bot] d4ebb12828 Bump actions/checkout from 4 to 5 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-12 10:23:56 +01:00
El RIDO d5cd6741c5 incrementing version 1.7.8 2025-06-30 10:56:53 +02:00
El RIDO 1842d356e5 Merge pull request #1579 from Ribas160/page_template_scripts_load_order 
Page template scripts loading order fix
 2025-06-30 09:57:56 +02:00
Ribas160 207b5ccc5f Page template scripts loading order fix 2025-06-30 09:46:05 +03:00
El RIDO ce2942a370 Merge pull request #1577 from Ribas160/attachment_bugs_fixes 
Attachment bugs fixes
 2025-06-30 07:03:17 +02:00
Ribas160 fa662547fe Attachments with empty file name fix 2025-06-29 21:30:11 +03:00