tedkulp/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2026-03-05 13:30:32 -05:00
Code Issues Packages Projects Releases Wiki Activity
3,949 Commits 11 Branches 40 Tags
a490390d60b533fcac11179569de7d70ce06ac06
Commit Graph

3949 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
El RIDO
a490390d60 incrementing version 1.7.9 2025-11-13 11:10:14 +01:00
El RIDO
0618a9dd74 Merge pull request #1711 from PrivateBin/1.7-backport-2.0.3 
backport security fixes for 1.7
 2025-11-13 10:59:12 +01:00
Ribas160
c116d30ada Fix configuration combinations test errors 2025-11-12 11:56:50 +01:00
El RIDO
4563422080 document the changes 2025-11-12 11:44:06 +01:00
El RIDO
777e0e8570 apply StyleCI suggestion 2025-11-12 11:40:11 +01:00
El RIDO
7b1c3ffd40 remove dead code 2025-11-12 11:38:42 +01:00
El RIDO
5da187a496 use more straight forward in_array check 
kudos @Ribas160 for the suggestion
 2025-11-12 11:38:33 +01:00
El RIDO
125f57c5b4 ensure template cookie cannot be a path 2025-11-12 11:38:20 +01:00
El RIDO
fffa9fb4e9 remove dead code 2025-11-12 11:38:05 +01:00
El RIDO
a1a50ee3a5 do add the configured template to the available ones, if missing 2025-11-12 11:37:57 +01:00
El RIDO
194385e692 don't always set the cookie, having to unset it later 
but still unset it, if it currently should not be in use (templateselection = false)
 2025-11-12 11:37:48 +01:00
El RIDO
da9e85ecde simplify logic and improve readability 
function was only used in one place and only indirectly tested, so it could be inlined, which also makes the test for null and the extra variable allocation unnecessary
 2025-11-12 11:37:38 +01:00
El RIDO
83b5d1fbba use realpath and validate tpl directory contents 
to ensure only php files inside the tpl dir can get used as templates
 2025-11-12 11:37:29 +01:00
El RIDO
db251732d2 partially revert #1559 
Instead of automatically adding custom templates, we log an error if
that template is missing in the available templates. Still mitigates
arbitrary file inclusion, as the string is now checked against a fixed
allow list.
 2025-11-12 11:37:08 +01:00
El RIDO
d1124382bc belt and braces: reset the template cookie, if function is not enabled 2025-11-12 11:36:07 +01:00
El RIDO
4ac8ffa2a4 prevent use of paths in template names, only file names inside tpl directory are allowed 2025-11-12 11:35:56 +01:00
El RIDO
fd6ba6595f improve readability of logic 2025-11-12 11:35:47 +01:00
El RIDO
530f360497 make OPcache optional, resolves #1678 2025-11-12 11:34:03 +01:00
El RIDO
ad983ef670 ensure PHP opcache gets invalidated, when storing data in file parsed via PHP require 2025-11-12 11:32:10 +01:00
Mikhail Romanov
8c4b3bb114 Insert file names as break-separated text nodes 
Co-authored-by: El RIDO <elrido@gmx.net>
 2025-11-12 11:27:44 +01:00
Ribas160
88fd86b994 Use pure JavaScript to create a div element 2025-11-12 11:26:49 +01:00
Ribas160
b14da334f4 Insert drag and drop file names as a text, not html 2025-11-12 11:26:01 +01:00
Ribas160
d03ec380d1 fix: error fetching attachments from blob 2025-11-12 11:24:21 +01:00
El RIDO
41dcdbc41d ensure there is still a space between commenter icon and name 2025-11-12 11:21:45 +01:00
El RIDO
68972322d9 Refactored jQuery DOM element creation 
using plain JavaScript, to ensure text nodes are sanitized
 2025-11-12 11:20:32 +01:00
El RIDO
1f5ed30a63 update DOMpurify library from 3.2.7 to 3.3.0 2025-11-12 11:17:51 +01:00
El RIDO
dc3bc8b23d suppress noise from early initialization during unit tests 
the tests still all passed, but the missing browser globals in the node environment could cause misleading messages in the mocha output
 2025-11-12 11:11:24 +01:00
rugk
55472df906 Make sure legacy check returns true only on HTTPS (not like ftp or whatever) 
I am not sure why it was expressed so convoluted before?

Found that in https://github.com/orgs/PrivateBin/discussions/1657
 2025-11-12 11:07:17 +01:00
El RIDO
e3ec9dc963 upgrade kjua to 0.10.0 2025-11-12 11:07:03 +01:00
El RIDO
c7c0420d63 upgrade base-x to 5.0.1 2025-11-12 11:03:12 +01:00
Cél
f35d883a18 Fixed a Typo in Running Unit Tests.md #HSFDPMUW 
Fixed a typo for a command. 
I need to add this hashtag at the end because I am contributing in a project at my university.
 2025-11-12 10:54:54 +01:00
rugk
61b2783634 Fix links in doc/README.md 
* Fixing the last link, which was totally broken
* Updated links in README to use relative paths.
 2025-11-12 10:54:30 +01:00
El RIDO
3e3ee8abc5 update bootstrap CSS library from 5.3.7 to 5.3.8 2025-11-12 10:52:07 +01:00
El RIDO
eb72844588 update ip-lib library from 1.20.0 to 1.21.0 2025-11-12 10:43:29 +01:00
El RIDO
eb203e2d25 remove broken & obsolete badges 2025-11-12 10:36:48 +01:00
El RIDO
f622a04425 enable xdebug for coverage in scrutinizer 2025-11-12 10:36:30 +01:00
El RIDO
f55d027baf attempt to upgrade to PHP 8.2 in scrutinizer 2025-11-12 10:36:30 +01:00
El RIDO
cf039f1d71 attempt to upgrade to PHP 8.3 in scrutinizer 2025-11-12 10:36:30 +01:00
El RIDO
8f55715749 attempt to upgrade to PHP 8.4 in scrutinizer 2025-11-12 10:36:30 +01:00
rugk
c6bccdbfe1 chore: always ignore composer PHP bin dir 2025-11-12 10:35:42 +01:00
dependabot[bot]
c2341032a4 Bump actions/upload-artifact from 4 to 5 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-12 10:35:18 +01:00
dependabot[bot]
ec82920a93 Bump actions/setup-node from 5 to 6 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-12 10:35:05 +01:00
El RIDO
2894ac430a unify workflow code styles 2025-11-12 10:28:56 +01:00
El RIDO
aea562a1b4 attempting to make the condition list more readable 2025-11-12 10:27:26 +01:00
El RIDO
86d39434a3 disable running snyk if triggering user doesn't have access to the secret 2025-11-12 10:27:15 +01:00
El RIDO
7eec8caae3 apply explicit permissions as per CodeQL suggestion 
as per rule ID actions/missing-workflow-permissions
 2025-11-12 10:24:57 +01:00
El RIDO
bab4d50cd4 update codeql actions to release 4 (node 24) and enable github action scanning 2025-11-12 10:24:36 +01:00
dependabot[bot]
d4ebb12828 Bump actions/checkout from 4 to 5 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-12 10:23:56 +01:00
El RIDO
d5cd6741c5 incrementing version 1.7.8 2025-06-30 10:56:53 +02:00
El RIDO
1842d356e5 Merge pull request #1579 from Ribas160/page_template_scripts_load_order 
Page template scripts loading order fix
 2025-06-30 09:57:56 +02:00