ea73300e15
don't always set the cookie, having to unset it later
...
but still unset it, if it currently should not be in use (templateselection = false)
2025-11-11 09:45:51 +01:00
be6a3702fc
simplify logic and improve readability
...
function was only used in one place and only indirectly tested, so it could be inlined, which also makes the test for null and the extra variable allocation unnecessary
2025-11-11 09:43:41 +01:00
f2164353c3
use realpath and validate tpl directory contents
...
to ensure only php files inside the tpl dir can get used as templates
2025-11-11 09:34:54 +01:00
dae5f7fd61
partially revert #1559
...
Instead of automatically adding custom templates, we log an error if
that template is missing in the available templates. Still mitigates
arbitrary file inclusion, as the string is now checked against a fixed
allow list.
2025-11-10 17:31:35 +01:00
14b68af528
Insert drag and drop file names as a text, not html
2025-11-10 17:59:18 +02:00
a479d75405
belt and braces: reset the template cookie, if function is not enabled
2025-11-10 12:25:19 +01:00
17ff44037a
prevent use of paths in template names, only file names inside tpl directory are allowed
2025-11-10 12:23:50 +01:00
13949349af
improve readability of logic
2025-11-10 12:22:29 +01:00
a7b253a43a
fix: error fetching attachments from blob
2025-11-05 17:33:08 +02:00
a91d0afebd
ensure there is still a space between commenter icon and name
2025-10-28 16:35:58 +01:00
2f70456e9a
incrementing version
2025-10-28 16:08:13 +01:00
43cf8b53ac
Merge branch 'master' into purify-3.3.0
2025-10-28 11:27:17 +01:00
c4f8482b30
Refactored jQuery DOM element creation
...
using plain JavaScript, to ensure text nodes are sanitized
2025-10-25 12:56:55 +02:00
fd2c2ae0c5
update DOMpurify library from 3.2.7 to 3.3.0
2025-10-25 10:52:40 +02:00
0bfa300c59
apply StyleCI recommendation
2025-10-12 18:40:48 +02:00
d76796adf3
deduplicate logic
2025-10-12 18:39:36 +02:00
60bab2badb
make OPcache optional, resolves #1678
2025-10-12 18:19:46 +02:00
6054e99849
ensure PHP opcache gets invalidated, when storing data in file parsed via PHP require
2025-10-12 11:39:58 +02:00
9b7daf5d0a
incrementing version
2025-10-12 08:50:13 +02:00
06496a1b0e
update bootstrap CSS library from 5.3.7 to 5.3.8
2025-10-09 09:24:08 +02:00
ed9bdc4272
update DOMpurify library from 3.2.6 to 3.2.7
2025-10-09 08:57:20 +02:00
e7c2aa4d60
address eslint errors
2025-10-07 00:11:49 +02:00
85962a537a
fix php unit tests & SRI hash
2025-10-06 23:53:13 +02:00
7f93242279
upgrade eslint config and remove workaround for implicit globals
...
we seem to have used eslint through codeclimate in the past, but that service seems no longer integrated, possibly due to no longer being free
2025-10-06 18:30:19 +02:00
7ca49d1363
chore: update SRI hashes
2025-09-30 20:45:24 +02:00
f03f2bf28d
simplify cache breaker extraction
2025-09-25 22:06:38 +02:00
0befe7e3cc
update SRI hash
2025-09-24 12:38:50 +02:00
fd664dd577
Update Configuration.php
2025-09-21 19:02:49 +02:00
ba42cdbe62
Update Configuration.php
2025-09-21 18:34:06 +02:00
cfc687d62b
style: fix indentation
2025-09-03 14:12:12 +00:00
879b696f22
wipfix: correct contatenation of options
2025-09-03 13:43:57 +00:00
2c1a17a07f
Strengthen validation of URL in proxy services
...
This should definitively rule out any circumstances, where invalid URLs could cause problems.
Both URL validity is checked before it is forwarded to the URL shortener proxy _and_ the host part is explicitly compared to make sure the domain is really the same one.
TOOD:
* [ ] some tests may be needed here (hmpff…)
2025-09-02 22:40:22 +02:00
5cc963be1b
deduplicate proxy view operations
2025-08-30 09:22:44 +02:00
77395c147f
updated test cases, added clarity in error messages
2025-08-20 01:23:06 +00:00
0be1cef224
i18n updates
2025-08-19 21:39:16 +01:00
7ec8bc6ef1
chore: moved proxy classes to different folder and namespaces
2025-08-19 20:34:39 +01:00
4a39a2ad0f
refactor: added AbstractProxy base class for shortener proxies
2025-08-15 23:28:44 +01:00
714e455479
style fixes
2025-08-15 00:20:11 +01:00
0808052acf
Added shlink integration
2025-08-15 00:07:51 +01:00
94e0d718cf
update SRI
2025-08-14 00:39:59 +01:00
059e64adb1
Auto Shortening URLs
2025-08-14 00:29:28 +01:00
065d9eaa23
Updated SRI and Changelog
2025-08-06 23:36:36 +05:30
f739b5b6a9
Merge pull request #1621 from jacquesbh/configuration-isnt-private
...
Use protected instead of private $_configuration
2025-08-01 07:09:30 +02:00
51d8e92e6a
feat(configuration): Use protected instead of private
...
This way we can override the $_configuration property using
a new Configuration extending the PrivateBin one.
2025-07-31 23:59:58 +02:00
79dc03660b
chore: updates SRI hash for privatebin.js
2025-07-31 16:19:42 +02:00
6003f52dba
incrementing version
2025-07-28 09:34:48 +02:00
bde805d2f1
replaced the term "paste" with the more generic "document"
...
kudos @Ribas160
2025-07-25 08:16:08 +02:00
ddd2d72064
replaced the term "paste" with the more generic "document"
...
Some of the references to "paste" in code or comments got changed as well, but to clarify the intended usage of the terms:
- A PrivateBin document can consist of a paste text (key "paste" in the encrypted payload) and one or several attachments and discussion entries.
- Internally the root document is called a "Paste" and each discussion entry is called a "Discussion".
- When referring to a whole document with one paste and optional discussion(s), we call it just "document".
- When talking about a particular JSON payload type in the internal logic, i.e. during storage or transmission, we call them a paste or discussion to distinguish which type we refer to.
closes #397
2025-07-24 10:46:31 +02:00
5d119768c3
JavaScript unit tests for new SI units added, privatebin.js SRI updated
2025-07-24 00:33:38 +03:00
863cb89ad9
Switch from binary bytes to SI-units
2025-07-23 21:06:20 +03:00
El RIDO
Ribas160
TW - Vincent
rugk
Karthik Kasturi
Jacques Bodin-Hullin
Nicolas Lepage