tedkulp/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2026-04-18 21:48:24 -04:00
Code Issues Packages Projects Releases Wiki Activity
3,936 Commits 11 Branches 40 Tags
db251732d2c808b5f8419a96a1dfc64c1605b5ed
Commit Graph

606 Commits

Author SHA1 Message Date
El RIDO db251732d2 partially revert #1559 
Instead of automatically adding custom templates, we log an error if
that template is missing in the available templates. Still mitigates
arbitrary file inclusion, as the string is now checked against a fixed
allow list.
 2025-11-12 11:37:08 +01:00
El RIDO d1124382bc belt and braces: reset the template cookie, if function is not enabled 2025-11-12 11:36:07 +01:00
El RIDO 4ac8ffa2a4 prevent use of paths in template names, only file names inside tpl directory are allowed 2025-11-12 11:35:56 +01:00
El RIDO fd6ba6595f improve readability of logic 2025-11-12 11:35:47 +01:00
El RIDO 530f360497 make OPcache optional, resolves #1678 2025-11-12 11:34:03 +01:00
El RIDO ad983ef670 ensure PHP opcache gets invalidated, when storing data in file parsed via PHP require 2025-11-12 11:32:10 +01:00
Mikhail Romanov 8c4b3bb114 Insert file names as break-separated text nodes 
Co-authored-by: El RIDO <elrido@gmx.net>
 2025-11-12 11:27:44 +01:00
Ribas160 88fd86b994 Use pure JavaScript to create a div element 2025-11-12 11:26:49 +01:00
Ribas160 b14da334f4 Insert drag and drop file names as a text, not html 2025-11-12 11:26:01 +01:00
Ribas160 d03ec380d1 fix: error fetching attachments from blob 2025-11-12 11:24:21 +01:00
El RIDO 41dcdbc41d ensure there is still a space between commenter icon and name 2025-11-12 11:21:45 +01:00
El RIDO 68972322d9 Refactored jQuery DOM element creation 
using plain JavaScript, to ensure text nodes are sanitized
 2025-11-12 11:20:32 +01:00
El RIDO 1f5ed30a63 update DOMpurify library from 3.2.7 to 3.3.0 2025-11-12 11:17:51 +01:00
El RIDO dc3bc8b23d suppress noise from early initialization during unit tests 
the tests still all passed, but the missing browser globals in the node environment could cause misleading messages in the mocha output
 2025-11-12 11:11:24 +01:00
El RIDO e3ec9dc963 upgrade kjua to 0.10.0 2025-11-12 11:07:03 +01:00
El RIDO c7c0420d63 upgrade base-x to 5.0.1 2025-11-12 11:03:12 +01:00
El RIDO 3e3ee8abc5 update bootstrap CSS library from 5.3.7 to 5.3.8 2025-11-12 10:52:07 +01:00
El RIDO d5cd6741c5 incrementing version 2025-06-30 10:56:53 +02:00
Ribas160 fa662547fe Attachments with empty file name fix 2025-06-29 21:30:11 +03:00
Ribas160 fcce915a5f Duplicate attachment for every comment fix 2025-06-29 21:27:11 +03:00
El RIDO 20e30b6637 incrementing version 2025-06-28 21:23:37 +02:00
El RIDO 389b215b2f Merge pull request #1564 from Ribas160/file_name_and_size_on_download_page 
Show file name and size on download page
 2025-06-28 14:01:41 +02:00
Ribas160 a2ca2ecb37 Use 1024 based file size units to follow consistency 2025-06-28 14:00:50 +03:00
El RIDO 964b4da50a Merge pull request #1545 from PrivateBin/fixes 
Fixes for zlib caching & handling undefined globals
 2025-06-27 16:49:00 +02:00
Ribas160 d01c37c59d Show file name and size on download page 2025-06-26 18:12:22 +03:00
Ribas160 c7b9ce0bc2 Merge branch 'master' into dompurify-3.2.6 
# Conflicts:
#	lib/Configuration.php
 2025-06-26 13:37:00 +03:00
El RIDO c7f465fe8b apply StyleCI recommendation 2025-06-18 15:08:05 +02:00
Ribas160 44f8cfbfb8 Fix error when a custom template is not in the default available templates list 2025-06-18 14:51:11 +03:00
El RIDO f49c042cc9 document change necessary to allow PDF preview to work in Firefox & Chrome 
Since attachement upload is not enabled by default, I suggest to retain the safer CSP as the default but document what is necassary. Disabling the sandboxing is problematic.
 2025-06-07 11:44:02 +02:00
El RIDO 8d720e4990 Merge branch 'master' into dompurify-3.2.6 2025-06-07 10:41:48 +02:00
El RIDO 34028229c8 Merge branch 'master' into fixes 2025-06-07 10:37:23 +02:00
Ribas160 095a5be0b6 Allow multiple files 2025-06-02 14:35:54 +03:00
Ribas160 6dac586f41 Fix the duplicated message box in comments 2025-05-24 12:38:39 +03:00
Ribas160 5654ef2db8 Hide Reply button in the discussions once clicked to avoid losing the text input 2025-05-23 13:37:38 +03:00
El RIDO dededc9935 upgrade DOMpurify library to 3.2.6 2025-05-20 07:51:50 +02:00
El RIDO c08a792f01 handle undefined global, fixes #1544 2025-05-18 21:15:39 +02:00
El RIDO bace4695ac update zlib js suffix, as a cache breaker 2025-05-18 20:21:34 +02:00
El RIDO 31162e8011 upgrading DOMpurify library to 3.2.5 2025-04-06 08:30:49 +02:00
El RIDO bac849d98a Merge pull request #1526 from PrivateBin/pass-by-reference 
Pass by reference & drop ctype
 2025-03-17 06:52:48 +01:00
El RIDO 46c49e5455 apply StyleCI recommendation 2025-03-13 09:32:39 +01:00
El RIDO 8ad6300c1c pass by reference, closes #858 2025-03-13 09:22:27 +01:00
Jacques Bodin-Hullin c04a551215 feat: Allow to change the Configuration in the _construct 
So, now we can change the Configuration class, override it even if we
want.
 2025-03-13 09:22:22 +01:00
El RIDO 5d4561bd0a drop ctype requirement (only one use left) 2025-03-13 08:29:53 +01:00
El RIDO 7825471d70 avoid duplication of ID check 2025-03-13 08:14:01 +01:00
El RIDO 629f263cf5 pass by reference, closes #858 2025-03-11 08:22:21 +01:00
Jacques Bodin-Hullin c62a3fbd2d perf(configuration): Do not create multiple instances of Configuration 
Since the configuration is loaded in the _init method, and this method
is called in the _construct, there is no reason to instanciate the
Configuration class more than once.
 2025-03-09 20:23:01 +01:00
Michael Kuilboer 9221629d8d Fix available templates configuration and adding custom themes 2025-03-06 02:27:31 +01:00
Ribas160 412987ea5b Merge remote-tracking branch 'origin/master' into allow_change_template 
# Conflicts:
#	lib/Configuration.php
 2025-02-14 15:36:57 +02:00
Ribas160 b90967a14b Apply StyleCI changes 2025-02-14 15:33:34 +02:00
El RIDO 95188eea94 chore: update SRI hash 2025-02-11 19:51:24 +01:00