changes required for jsdoc, adding legacy.js to code coverage

Tested configurations:
- browser with WASM support (Firefox 68.0.2)
  - creates paste with zlib compression, no password
  - creates paste with zlib compression, with password
  - reads paste with zlib compression, no password
  - reads paste with zlib compression, with password + retry button works
  - reads paste without compression, no password
  - reads paste without compression, with password + retry button works
- browser without WASM support (Chromium 76.0.3809.100, started via `chromium-browser --js-flags=--noexpose_wasm`)
  - creates paste without compression, no password, but shows WASM warning
  - creates paste without compression, with password, but shows WASM warning
  - fails to read paste with zlib compression, no password + shows WASM error
  - fails to read paste with zlib compression, with password + shows WASM error
  - reads paste without compression, no password
  - reads paste without compression, with password + retry button works

.eslintrc

@@ -1,3 +1,4 @@
+---
 parserOptions:
   ecmaVersion: 2017
 
@@ -11,17 +12,16 @@ env:
   es6: true
   jquery: true
   node: true
+  mocha: true
 
 globals:
-  DOMPurify: false
-  after: true
-  before: true
-  cleanup: true
-  describe: false
-  it: false
-  jsc: false
-  jsdom: true
-  kjua: true
+  DOMPurify: readonly
+  cleanup: writable
+  describe: readonly
+  jsc: readonly
+  jsdom: writable
+  kjua: writable
+  WebCrypto: writable
 
 # http://eslint.org/docs/rules/
 rules:

.gitattributes

@@ -1,5 +1,6 @@
 doc/ export-ignore
 tst/ export-ignore
+img/browserstack.svg export-ignore
 js/.istanbul.yml export-ignore
 js/.nycrc.yml export-ignore
 js/common.js export-ignore
@@ -18,3 +19,6 @@ js/test/ export-ignore
 .styleci.yml export-ignore
 .travis.yml export-ignore
 composer.json export-ignore
+composer.lock export-ignore
+BADGES.md export-ignore
+CODE_OF_CONDUCT.md export-ignore

.gitignore

@@ -12,10 +12,6 @@ data/
 doc/*
 !doc/*.md
 
-# Ignore developers composer status so it isn't accidentally checked in,
-# see https://github.com/PrivateBin/PrivateBin/issues/84
-composer.lock
-
 # Ignore vendor dir of Composer except PHP files
 vendor/*.*
 vendor/*/*.*

.htaccess.disabled

@@ -2,3 +2,11 @@ RewriteEngine on
 RewriteCond !%{HTTP_USER_AGENT} "Let's Encrypt validation server" [NC]
 RewriteCond %{HTTP_USER_AGENT} ^.*(bot|spider|crawl|https?://|WhatsApp|SkypeUriPreview|facebookexternalhit) [NC]
 RewriteRule .* - [R=403,L]
+
+<IfModule mod_php7.c>
+php_value max_execution_time 30
+php_value post_max_size 10M
+php_value upload_max_size 10M
+php_value upload_max_filesize 10M
+php_value max_file_uploads 100
+</IfModule>

.travis.yml

@@ -1,5 +1,7 @@
 language: php
 sudo: false
+# only needed for PHP 5.5 support as of 2019-07
+dist: trusty
 php:
   - '5.5'
   - '5.6'

BADGES.md

@@ -0,0 +1,11 @@
+# Badges
+
+[![Build Status](https://travis-ci.org/PrivateBin/PrivateBin.svg?branch=master)](https://travis-ci.org/PrivateBin/PrivateBin) [![Build Status](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/badges/build.png?b=master)](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/build-status/master)  
+[![Codacy Badge](https://api.codacy.com/project/badge/Grade/094500f62abf4c9aa0c8a8a4520e4789)](https://www.codacy.com/app/PrivateBin/PrivateBin)
+[![Code Climate](https://codeclimate.com/github/PrivateBin/PrivateBin/badges/gpa.svg)](https://codeclimate.com/github/PrivateBin/PrivateBin)
+[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/?branch=master)
+[![SensioLabsInsight](https://insight.sensiolabs.com/projects/57c9e74e-c6f9-4de6-a876-df66ec2ea1ff/mini.png)](https://insight.sensiolabs.com/projects/57c9e74e-c6f9-4de6-a876-df66ec2ea1ff)  
+[![Codacy Badge](https://api.codacy.com/project/badge/Coverage/094500f62abf4c9aa0c8a8a4520e4789)](https://www.codacy.com/app/PrivateBin/PrivateBin)
+[![Test Coverage](https://codeclimate.com/github/PrivateBin/PrivateBin/badges/coverage.svg)](https://codeclimate.com/github/PrivateBin/PrivateBin/coverage) [![Code Coverage](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/badges/coverage.png?b=master)](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/?branch=master)
+
+[![BrowserStack - cross browser testing](img/browserstack.svg)](https://www.browserstack.com/)

CHANGELOG.md

@@ -1,6 +1,23 @@
 # PrivateBin version history
 
-  * **1.3 (not yet released)**
+  * **1.4 (not yet released)**
+  * **1.3.1 (2019-09-22)**
+    * ADDED: Translation for Bulgarian (#455)
+    * CHANGED: Improved mobile UI - obscured send button and hard to click shortener button (#477)
+    * CHANGED: Enhanced URL shortener integration (#479)
+    * CHANGED: Improved file upload drag & drop UI (#317)
+    * CHANGED: Increased default size limit from 2 to 10 MiB, switch data from BLOB to MEDIUMBLOB in MySQL (#458)
+    * CHANGED: Upgrading libraries to: DOMpurify 2.0.1
+    * FIXED: Enabling browsers without WASM to create pastes and read uncompressed ones (#454)
+    * FIXED: Cloning related issues (#489, #491, #493, #494)
+    * FIXED: Enable file operation only when editing (#497) 
+    * FIXED: Clicking 'New' on a previously submitted paste does not blank address bar (#354)
+    * FIXED: Clear address bar when create new paste from existing paste (#479)
+    * FIXED: Discussion section not hiding when new/clone paste is clicked on (#484)
+    * FIXED: Showdown.js error when posting svg qrcode (#485)
+    * FIXED: Failed to handle the case where user cancelled attachment selection properly (#487)
+    * FIXED: Displaying the appropriate errors in older browsers (#508)
+  * **1.3 (2019-07-09)**
     * ADDED: Translation for Czech (#424)
     * ADDED: Threat modeled the application (#177)
     * ADDED: Made compression configurable (#38)

CODE_OF_CONDUCT.md

@@ -0,0 +1,9 @@
+# Netiquette
+
+As suggested by the current project hoster, we are hereby referring to
+[RFC 1855](https://tools.ietf.org/html/rfc1855) as a minimum set of guidelines
+of Network Etiquette for individuals interacting on this project.
+
+The maintainers of this project reserve the right to remove unlawful or
+disrupting content and block users that repeatedly disturb the project at their
+discretion.

CREDITS.md

@@ -25,6 +25,7 @@ Sébastien Sauvage - original idea and main developer
 * PunKeel - first docker container
 * thororm - Display of video, audio & PDF, drag & drop, preview of attachments
 * Harald Leithner - base58 encoding of key
+* Haocen - lots of bugfixes and UI improvements
 
 ## Translations
 * Hexalyse - French
@@ -41,4 +42,5 @@ Sébastien Sauvage - original idea and main developer
 * Tulio Leao - Portuguese
 * Michael van Schaik - Dutch
 * Péter Tabajdi - Hungarian
-* info-path - Czech
+* info-path - Czech
+* BigWax - Bulgarian

INSTALL.md

@@ -139,7 +139,7 @@ For reference or if you want to create the table schema for yourself to avoid ha
 ```sql
 CREATE TABLE prefix_paste (
     dataid CHAR(16) NOT NULL,
-    data BLOB,
+    data MEDIUMBLOB,
     postdate INT,
     expiredate INT,
     opendiscussion INT,
@@ -165,7 +165,7 @@ CREATE INDEX parent ON prefix_comment(pasteid);
 CREATE TABLE prefix_config (
     id CHAR(16) NOT NULL, value TEXT, PRIMARY KEY (id)
 );
-INSERT INTO prefix_config VALUES('VERSION', '1.2.1');
+INSERT INTO prefix_config VALUES('VERSION', '1.3.1');
 ```
 
 In **PostgreSQL**, the data, attachment, nickname and vizhash columns needs to be TEXT and not BLOB or MEDIUMBLOB.

README.md

@@ -1,13 +1,6 @@
-# [<img alt="PrivateBin" src="https://cdn.rawgit.com/PrivateBin/assets/master/images/minified/logo.svg" width="500" />](https://privatebin.info/)
-[![Build Status](https://travis-ci.org/PrivateBin/PrivateBin.svg?branch=master)](https://travis-ci.org/PrivateBin/PrivateBin) [![Build Status](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/badges/build.png?b=master)](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/build-status/master)  
-[![Codacy Badge](https://api.codacy.com/project/badge/Grade/094500f62abf4c9aa0c8a8a4520e4789)](https://www.codacy.com/app/PrivateBin/PrivateBin)
-[![Code Climate](https://codeclimate.com/github/PrivateBin/PrivateBin/badges/gpa.svg)](https://codeclimate.com/github/PrivateBin/PrivateBin)
-[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/?branch=master)
-[![SensioLabsInsight](https://insight.sensiolabs.com/projects/57c9e74e-c6f9-4de6-a876-df66ec2ea1ff/mini.png)](https://insight.sensiolabs.com/projects/57c9e74e-c6f9-4de6-a876-df66ec2ea1ff)  
-[![Codacy Badge](https://api.codacy.com/project/badge/Coverage/094500f62abf4c9aa0c8a8a4520e4789)](https://www.codacy.com/app/PrivateBin/PrivateBin)
-[![Test Coverage](https://codeclimate.com/github/PrivateBin/PrivateBin/badges/coverage.svg)](https://codeclimate.com/github/PrivateBin/PrivateBin/coverage) [![Code Coverage](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/badges/coverage.png?b=master)](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/?branch=master)
+# [![PrivateBin](https://cdn.rawgit.com/PrivateBin/assets/master/images/preview/logoSmall.png)](https://privatebin.info/)
 
-*Current version: 1.2.1*
+*Current version: 1.3.1*
 
 **PrivateBin** is a minimalist, open source online [pastebin](https://en.wikipedia.org/wiki/Pastebin)
 where the server has zero knowledge of pasted data.

SECURITY.md

@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.3.1   | :heavy_check_mark: |
+| < 1.3.1 | :x:                |
+
+## Reporting a Vulnerability
+
+You can send us email at security@privatebin.org. You should be able to get
+a response within a week (usually during the next weekend). The respondee will
+reply from their personal address and can offer you their GPG public key to
+support end-to-end encrypted communication on sensitive topics or attachments.
+
+You can also contact us via the regular issue tracker if the risk of early
+publication is low or you would request input from other PrivateBin users.

cfg/conf.sample.php

@@ -29,8 +29,8 @@ defaultformatter = "plaintext"
 ; (optional) set a syntax highlighting theme, as found in css/prettify/
 ; syntaxhighlightingtheme = "sons-of-obsidian"
 
-; size limit per paste or comment in bytes, defaults to 2 Mebibytes
-sizelimit = 2097152
+; size limit per paste or comment in bytes, defaults to 10 Mebibytes
+sizelimit = 10485760
 
 ; template to include, default is "bootstrap" (tpl/bootstrap.php)
 template = "bootstrap"
@@ -68,9 +68,18 @@ languageselection = false
 ; custom scripts from third-party domains to your templates, e.g. tracking
 ; scripts or run your site behind certain DDoS-protection services.
 ; Check the documentation at https://content-security-policy.com/
-; Note: If you use a bootstrap theme, you can remove the allow-popups from the sandbox restrictions.
-; By default this disallows to load images from third-party servers, e.g. when they are embedded in pastes. If you wish to allow that, you can adjust the policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images for details.
-; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals"
+; Notes:
+; - If you use a bootstrap theme, you can remove the allow-popups from the
+;   sandbox restrictions.
+; - By default this disallows to load images from third-party servers, e.g. when
+;   they are embedded in pastes. If you wish to allow that, you can adjust the
+;   policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images
+;   for details.
+; - The 'unsafe-eval' is used in two cases; to check if the browser supports
+;   async functions and display an error if not and for Chrome to enable
+;   webassembly support (used for zlib compression). You can remove it if Chrome
+;   doesn't need to be supported and old browsers don't need to be warned.
+; cspheader = "default-src 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals"
 
 ; stay compatible with PrivateBin Alpha 0.19, less secure
 ; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of

css/bootstrap/privatebin.css

@@ -6,7 +6,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 body {
@@ -80,10 +80,29 @@ body.loading {
 	margin-bottom: 20px;
 }
 
+#dropzone {
+	text-align: center;
+	position: fixed;
+	top: 0;
+	left: 0;
+	width: 100%;
+	height: 100%;
+	z-index: 1000;
+	opacity: 0.6;
+	background-color: #99ccff;
+	background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='24' height='24' viewBox='0 0 24 24'%3E%3Cpath d='M0 0h24v24H0z' fill='none'/%3E%3Cpath d='M19.35 10.04C18.67 6.59 15.64 4 12 4 9.11 4 6.6 5.64 5.35 8.04 2.34 8.36 0 10.91 0 14c0 3.31 2.69 6 6 6h13c2.76 0 5-2.24 5-5 0-2.64-2.05-4.78-4.65-4.96zM14 13v4h-4v-4H7l5-5 5 5h-3z'/%3E%3C/svg%3E");
+	background-repeat: no-repeat;
+	background-position: center;
+	background-size: 25vh;
+	outline: 2px dashed #228bff;
+	outline-offset: -50px;
+}
+
 .dragAndDropFile{
-	color:#777;
-	font-size:1em;
-	display:inline;
+	color: #777;
+	font-size: 1em;
+	display: inline;
+	white-space: normal;
 }
 
 #deletelink {
@@ -112,8 +131,9 @@ body.loading {
 	margin-bottom: 10px;
 }
 
-#message {
+#message, .replymessage {
 	font-family: monospace;
+	resize: vertical;
 }
 
 #nickname {
@@ -124,6 +144,10 @@ body.loading {
 	margin-bottom: 10px;
 }
 
+#filewrap {
+	transition: background-color 0.75s ease-out;
+}
+
 .comment {
 	border-left: 1px solid #ccc;
 	padding: 5px 0 5px 10px;
@@ -131,7 +155,7 @@ body.loading {
 	transition: background-color 0.75s ease-out;
 }
 
-.comment.highlight {
+.highlight {
 	background-color: #ffdd86;
 	transition: background-color 0.2s ease-in;
 }
@@ -147,3 +171,12 @@ li.L0, li.L1, li.L2, li.L3, li.L5, li.L6, li.L7, li.L8 {
 .dark-theme .alert-info .alert-link {
 	color: #fff;
 }
+
+/* address 2K or 4K monitors when using bootstrap 3 */
+@media (min-width: 1280px) {
+	.container {
+		width: 100%;
+		padding-left: 4ch;
+		padding-right: 4ch;
+	}
+}

css/noscript.css

@@ -6,7 +6,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 /* When there is no script at all other */

css/privatebin.css

@@ -6,7 +6,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 /*  CSS Reset from YUI 3.4.1 (build 4118) - Copyright 2011 Yahoo! Inc. All rights reserved.
@@ -102,6 +102,7 @@ h3.title {
 	padding: 5px;
 	white-space: pre-wrap;
 	font-family: Consolas, "Lucida Console", "DejaVu Sans Mono", Monaco, monospace;
+	resize: vertical;
 }
 
 #attachmentPreview img {
@@ -115,10 +116,29 @@ h3.title {
 	margin-bottom: 20px;
 }
 
+#dropzone {
+	text-align: center;
+	position: fixed;
+	top: 0;
+	left: 0;
+	width: 100%;
+	height: 100%;
+	z-index: 1000;
+	opacity: 0.6;
+	background-color: #99ccff;
+	background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='24' height='24' viewBox='0 0 24 24'%3E%3Cpath d='M0 0h24v24H0z' fill='none'/%3E%3Cpath d='M19.35 10.04C18.67 6.59 15.64 4 12 4 9.11 4 6.6 5.64 5.35 8.04 2.34 8.36 0 10.91 0 14c0 3.31 2.69 6 6 6h13c2.76 0 5-2.24 5-5 0-2.64-2.05-4.78-4.65-4.96zM14 13v4h-4v-4H7l5-5 5 5h-3z'/%3E%3C/svg%3E");
+	background-repeat: no-repeat;
+	background-position: center;
+	background-size: 25vh;
+	outline: 2px dashed #228bff;
+	outline-offset: -50px;
+}
+
 .dragAndDropFile{
-        color:#777;
-        font-size:1em;
-        display:inline;
+	color: #777;
+	font-size: 1em;
+	display: inline;
+	white-space: normal;
 }
 
 #status {
@@ -405,6 +425,15 @@ h4.title {
 
 .commentdate { color: #bfcede; }
 
+#filewrap {
+	transition: background-color 0.75s ease-out;
+}
+
+.highlight {
+	background-color: #ffdd86;
+	transition: background-color 0.2s ease-in;
+}
+
 img.vizhash {
 	width: 16px;
 	height: 16px;

doc/README.md

@@ -55,6 +55,6 @@ $ ln -s /usr/bin/nodejs /usr/local/bin/node
 To generate the documentation, change into the main directory and run phpdoc:
 ```console
 $ cd PrivateBin
-$ jsdoc -p -d doc/jsdoc js/privatebin.js
+$ jsdoc -p -d doc/jsdoc js/privatebin.js js/legacy.js
 ```
 

i18n/bg.json

@@ -0,0 +1,164 @@
+{
+    "PrivateBin": "PrivateBin",
+    "%s is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted <i>in the browser</i> using 256 bits AES. More information on the <a href=\"https://privatebin.info/\">project page</a>.":
+        "%s е изчистен и изцяло достъпен като отворен код, онлайн \"paste\" услуга, където сървъра не знае подадената информация. Тя се шифрова/дешифрова <i>във браузъра</i> използвайки 256 битов AES алгоритъм. Повече информация може да намерите на <a href=\"https://privatebin.info/\">страницата на проекта (Английски)</a>",
+    "Because ignorance is bliss":
+        "Невежеството е блаженство",
+    "en": "bg",
+    "Paste does not exist, has expired or has been deleted.":
+        "Информацията не съществува, срокът и е изтекъл или е била изтрита.",
+    "%s requires php %s or above to work. Sorry.":
+        "%s има нужда от PHP %s или по-нова, за да работи. Съжалявам.",
+    "%s requires configuration section [%s] to be present in configuration file.":
+        "%s задължава отдела от настройките [%s] да съществува във файла със настройките.",
+    "Please wait %d seconds between each post.":
+        "Моля изчакайте %d секунди между всяка публикация.",
+    "Paste is limited to %s of encrypted data.":
+        "Съдържанието е ограничено до %s криптирана информация.",
+    "Invalid data.":
+        "Невалидна информация.",
+    "You are unlucky. Try again.":
+        "Нямаш късмет. Пробвай отново.",
+    "Error saving comment. Sorry.":
+        "Грешка в запазването на коментара. Съжалявам.",
+    "Error saving paste. Sorry.":
+        "Грешка в записването на информацията. Съжалявам.",
+    "Invalid paste ID.":
+        "Невалиден идентификационен код.",
+    "Paste is not of burn-after-reading type.":
+        "Информацията не е от тип \"унищожаване след преглед\".",
+    "Wrong deletion token. Paste was not deleted.":
+        "Невалиден код за изтриване. Информацията Ви не беше изтрита.",
+    "Paste was properly deleted.":
+        "Информацията Ви е изтрита.",
+    "JavaScript is required for %s to work.<br />Sorry for the inconvenience.":
+        "Услугата %s се нуждае от JavaScript, за да работи.<br />Съжаляваме за неудобството.",
+    "%s requires a modern browser to work.":
+        "%s се нуждае от съвременен браузър за да работи.",
+    "New":
+        "Създаване",
+    "Send":
+        "Изпрати",
+    "Clone":
+        "Дублирай",
+    "Raw text":
+        "Чист текст",
+    "Expires":
+        "Изтича",
+    "Burn after reading":
+        "Унищожи след преглед",
+    "Open discussion":
+        "Отворена дискусия",
+    "Password (recommended)":
+        "Парола (препоръчва се)",
+    "Discussion":
+        "Коментари",
+    "Toggle navigation":
+        "Включи или Изключи навигацията",
+    "%d seconds": ["%d секунди", "%d секунда"],
+    "%d minutes": ["%d минути", "%d минута"],
+    "%d hours": ["%d часа", "%d час"],
+    "%d days": ["%d дни", "%d ден"],
+    "%d weeks": ["%d седмици", "%d седмица"],
+    "%d months": ["%d месеци", "%d месец"],
+    "%d years": ["%d години", "%d година"],
+    "Never":
+        "Никога",
+    "Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service.":
+        "Забележка: Това е пробна услуга: Информацията може да бъде изтрита по всяко време. Котета ще измрат ако злоупотребиш с услугата.",
+    "This document will expire in %d seconds.":
+        ["Този документ изтича след една секунда.", "Този документ изтича след %d секунди."],
+    "This document will expire in %d minutes.":
+        ["Този документ изтича след една минута.", "Този документ изтича след %d минути."],
+    "This document will expire in %d hours.":
+        ["Този документ изтича след един час.", "Този документ изтича след %d часа."],
+    "This document will expire in %d days.":
+        ["Този документ изтича след един ден.", "Този документ изтича след %d дни."],
+    "This document will expire in %d months.":
+        ["Този документ изтича след една година.", "Този документ изтича след %d години."],
+    "Please enter the password for this paste:":
+        "Моля въведете паролата за това съдържание:",
+    "Could not decrypt data (Wrong key?)":
+        "Информацията не можеше да се дешифрова (Грешен ключ?)",
+    "Could not delete the paste, it was not stored in burn after reading mode.":
+        "Изтриването на информацията беше неуспешно. Тя не е от тип \"унищожаване след преглед\".",
+    "FOR YOUR EYES ONLY. Don't close this window, this message can't be displayed again.":
+        "САМО ЗА ВАШИТЕ ОЧИ. Не затваряйте прозореца, понеже тази информация няма да може да бъде показана отново.",
+    "Could not decrypt comment; Wrong key?":
+        "Дешифроването на коментара беше неуспешно. Грешен ключ?",
+    "Reply":
+        "Отговор",
+    "Anonymous":
+        "Безименен",
+    "Avatar generated from IP address":
+        "Аватар (на базата на IP адреса Ви)",
+    "Add comment":
+        "Добави коментар",
+    "Optional nickname…":
+        "Избирателен псевдоним",
+    "Post comment":
+        "Публикувай коментара",
+    "Sending comment…":
+        "Изпращане на коментара Ви…",
+    "Comment posted.":
+        "Коментара Ви е публикуван.",
+    "Could not refresh display: %s":
+        "Презареждането на екрана беше неуспешно: %s",
+    "unknown status":
+        "Неизвестно състояние",
+    "server error or not responding":
+        "Грешка в сървъра или не отговаря",
+    "Could not post comment: %s":
+        "Публикуването на коментара Ви беше неуспешно: %s",
+    "Sending paste…":
+        "Изпращане на информацията Ви…",
+    "Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>":
+        "Вашата връзка е <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Натиснете [Ctrl]+[c] за да копирате)</span>",
+    "Delete data":
+        "Изтриване на информацията",
+    "Could not create paste: %s":
+        "Създаването на връзката ви беше неуспешно: %s",
+    "Cannot decrypt paste: Decryption key missing in URL (Did you use a redirector or an URL shortener which strips part of the URL?)":
+        "Дешифроването на информацията беше неуспешно: Ключа за декриптиране липсва във връзката (Да не сте използвали услуга за пренасочване или скъсяване на връзката, което би изрязало части от нея?)",
+    "Format": "Format",
+    "Plain Text": "Чист текст",
+    "Source Code": "Изходен код",
+    "Markdown": "Markdown",
+    "Download attachment": "Свали прикачения файл",
+    "Cloned: '%s'": "Дублирано: '%s'",
+    "The cloned file '%s' was attached to this paste.": "Дублирания файл '%s' беше прикачен.",
+    "Attach a file": "Прикачи файл",
+    "alternatively drag & drop a file or paste an image from the clipboard": "Също можеш да пуснеш файла върху този прозорец или да поставиш изображение от клипборда",
+    "File too large, to display a preview. Please download the attachment.": "Файла е твърде голям, за да се представи визуализация. Моля, свалете файла.",
+    "Remove attachment": "Премахнете файла",
+    "Your browser does not support uploading encrypted files. Please use a newer browser.":
+        "Браузърът ви не поддържа прикачване на шифровани файлове. Моля, използвайте по-нов браузър",
+    "Invalid attachment.": "Невалидно прикачване.",
+    "Options": "Настройки",
+    "Shorten URL": "Скъси връзката",
+    "Editor": "Редактор",
+    "Preview": "Визуализация",
+    "%s requires the PATH to end in a \"%s\". Please update the PATH in your index.php.":
+        "PATH трябва да е във края на \"%s\" за да може %s да работи правилно. Моля обновете PATH във вашият index.php .",
+    "Decrypt":
+        "Дешифровай",
+    "Enter password":
+        "Въведи паролата",
+    "Loading…": "Зареждане…",
+    "Decrypting paste…": "Дешифроване на информацията…",
+    "Preparing new paste…": "Приготвяне на връзката Ви…",
+    "In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.":
+        "Във случай, че това съобщение не изчезне след време, моля прегледайте <a href=\"%s\">този FAQ (Английски)</a>, за информация, която би ви помогнала.",
+    "+++ no paste text +++": "+++ няма текстово съдържание +++",
+    "Could not get paste data: %s":
+        "Взимането на информацията беше неуспешно: %s",
+    "QR code": "QR код",
+    "This website is using an insecure HTTP connection! Please use it only for testing.":
+        "Този сайт използва несигурна HTTP връзка. Моля използвайте само за проби.",
+    "For more information <a href=\"%s\">see this FAQ entry</a>.":
+        "<a href=\"%s\">Вижте тази страница</a> за повече информация.",
+    "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
+        "Браузъра ви може да се нуждае от HTTPS връзка за да използва WebCrypto API. Пробвай <a href=\"%s\">да минеш на HTTPS</a>.",
+    "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones.":
+        "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones."
+}

i18n/cs.json

@@ -35,8 +35,6 @@
         "JavaScript is required for %s to work.<br />Sorry for the inconvenience.",
     "%s requires a modern browser to work.":
         "%%s requires a modern browser to work.",
-    "Still using Internet Explorer? Do yourself a favor, switch to a modern browser:":
-        "Still using Internet Explorer? Do yourself a favor, switch to a modern browser:",
     "New":
         "Nový",
     "Send":
@@ -155,11 +153,12 @@
     "Could not get paste data: %s":
         "Could not get paste data: %s",
     "QR code": "QR code",
-    "I love you too, bot…": "I love you too, bot…",
     "This website is using an insecure HTTP connection! Please use it only for testing.":
         "This website is using an insecure HTTP connection! Please use it only for testing.",
     "For more information <a href=\"%s\">see this FAQ entry</a>.":
         "For more information <a href=\"%s\">see this FAQ entry</a>.",
     "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
-        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
+        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.",
+    "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones.":
+        "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones."
 }

i18n/de.json

@@ -35,8 +35,6 @@
         "JavaScript ist eine Voraussetzung, um %s zu nutzen.<br />Bitte entschuldige die Unannehmlichkeiten.",
     "%s requires a modern browser to work.":
         "%s setzt einen modernen Browser voraus, um funktionieren zu können.",
-    "Still using Internet Explorer? Do yourself a favor, switch to a modern browser:":
-        "Du benutzt immer noch den Internet Explorer? Tu Dir einen Gefallen und wechsle zu einem moderneren Browser:",
     "New":
         "Neu",
     "Send":
@@ -155,11 +153,12 @@
     "Could not get paste data: %s":
         "Text konnte nicht geladen werden: %s",
     "QR code": "QR code",
-    "I love you too, bot…": "I love you too, bot…",
     "This website is using an insecure HTTP connection! Please use it only for testing.":
-        "This website is using an insecure HTTP connection! Please use it only for testing.",
+        "Diese Webseite verwendet eine unsichere HTTP Verbindung! Bitte benutze sie nur zum Testen.",
     "For more information <a href=\"%s\">see this FAQ entry</a>.":
-        "For more information <a href=\"%s\">see this FAQ entry</a>.",
+        "<a href=\"%s\">Besuche diesen FAQ Eintrag</a> für weitere Informationen dazu.",
     "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
-        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
+        "Dein Browser benötigt möglicherweise eine HTTPS Verbindung um das WebCrypto API nutzen zu können. Versuche <a href=\"%s\">auf HTTPS zu wechseln</a>.",
+    "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones.":
+        "Dein Browser unterstützt WebAssembly nicht, welches für zlib Komprimierung benötigt wird. Du kannst unkomprimierte Dokumente erzeugen, aber keine komprimierten lesen."
 }

i18n/es.json

@@ -35,8 +35,6 @@
         "JavaScript es necesario para que %s funcione.<br />Sentimos los inconvenientes ocasionados.",
     "%s requires a modern browser to work.":
         "%s requiere un navegador moderno para funcionar.",
-    "Still using Internet Explorer? Do yourself a favor, switch to a modern browser:":
-        "¿Sigues usando Internet Explorer? Hazte un favor, cambia a un navegador moderno:",
     "New":
         "Nuevo",
     "Send":
@@ -155,11 +153,12 @@
     "Could not get paste data: %s":
         "No se pudieron obtener los datos: %s",
     "QR code": "Código QR",
-    "I love you too, bot…": "I love you too, bot…",
     "This website is using an insecure HTTP connection! Please use it only for testing.":
         "This website is using an insecure HTTP connection! Please use it only for testing.",
     "For more information <a href=\"%s\">see this FAQ entry</a>.":
         "For more information <a href=\"%s\">see this FAQ entry</a>.",
     "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
-        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
+        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.",
+    "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones.":
+        "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones."
 }

i18n/fr.json

@@ -35,8 +35,6 @@
         "JavaScript est requis pour faire fonctionner %s. <br />Désolé pour cet inconvénient.",
     "%s requires a modern browser to work.":
         "%s nécessite un navigateur moderne pour fonctionner.",
-    "Still using Internet Explorer? Do yourself a favor, switch to a modern browser:":
-        "Encore sur Internet Explorer ? Faites-vous une faveur, passez à un navigateur moderne :",
     "New":
         "Nouveau",
     "Send":
@@ -87,7 +85,7 @@
     "FOR YOUR EYES ONLY. Don't close this window, this message can't be displayed again.":
         "POUR VOS YEUX UNIQUEMENT. Ne fermez pas cette fenêtre, ce paste ne pourra plus être affiché.",
     "Could not decrypt comment; Wrong key?":
-        "Impossible de déchiffrer le commentaire ; mauvaise clé ?",
+        "Impossible de déchiffrer le commentaire; mauvaise clé ?",
     "Reply":
         "Répondre",
     "Anonymous":
@@ -139,8 +137,8 @@
     "Cloned: '%s'": "Cloner '%s'",
     "The cloned file '%s' was attached to this paste.": "Le fichier cloné '%s' a été attaché à ce paste.",
     "Attach a file": "Attacher un fichier ",
-    "alternatively drag & drop a file or paste an image from the clipboard": "alternatively drag & drop a file or paste an image from the clipboard",
-    "File too large, to display a preview. Please download the attachment.": "File too large, to display a preview. Please download the attachment.",
+    "alternatively drag & drop a file or paste an image from the clipboard": "alternativement, glisser & déposer un fichier ou coller une image à partir du presse-papiers",
+    "File too large, to display a preview. Please download the attachment.": "Fichier trop volumineux, pour afficher un aperçu. Veuillez télécharger la pièce jointe.",
     "Remove attachment": "Enlever l'attachement",
     "Your browser does not support uploading encrypted files. Please use a newer browser.":
         "Votre navigateur ne supporte pas l'envoi de fichiers chiffrés. Merci d'utiliser un navigateur plus récent.",
@@ -162,13 +160,14 @@
         "Si ce message ne disparaîssait pas, jetez un oeil à <a href=\"%s\">cette FAQ pour des idées de résolution</a> (en Anglais).",
     "+++ no paste text +++": "+++ pas de paste-text +++",
     "Could not get paste data: %s":
-        "Could not get paste data: %s",
+        "Impossible d'obtenir les données du paste: %s",
     "QR code": "QR code",
-    "I love you too, bot…": "I love you too, bot…",
     "This website is using an insecure HTTP connection! Please use it only for testing.":
-        "This website is using an insecure HTTP connection! Please use it only for testing.",
+        "Ce site web utilise une connexion HTTP non sécurisée ! Veuillez l’utiliser uniquement pour des tests.",
     "For more information <a href=\"%s\">see this FAQ entry</a>.":
-        "For more information <a href=\"%s\">see this FAQ entry</a>.",
+        "Pour plus d'informations <a href=\"%s\">consultez cette rubrique de la FAQ</a>.",
     "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
-        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
+        "Votre navigateur peut nécessiter une connexion HTTPS pour prendre en charge l’API WebCrypto. Essayez <a href=\"%s\">de passer en HTTPS</a>.",
+    "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones.":
+        "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones."
 }

i18n/hu.json

@@ -35,8 +35,6 @@
         "JavaScript szükséges a %s működéséhez. Elnézést a fennakadásért.",
     "%s requires a modern browser to work.":
         "A %s működéséhez a jelenleginél újabb böngészőre van szükség.",
-    "Still using Internet Explorer? Do yourself a favor, switch to a modern browser:":
-        "Még mindig Internet Explorert használsz? Ideje váltani:",
     "New":
         "Új",
     "Send":
@@ -155,11 +153,12 @@
     "Could not get paste data: %s":
         "Could not get paste data: %s",
     "QR code": "QR code",
-    "I love you too, bot…": "I love you too, bot…",
     "This website is using an insecure HTTP connection! Please use it only for testing.":
         "This website is using an insecure HTTP connection! Please use it only for testing.",
     "For more information <a href=\"%s\">see this FAQ entry</a>.":
         "For more information <a href=\"%s\">see this FAQ entry</a>.",
     "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
-        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
+        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.",
+    "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones.":
+        "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones."
 }

i18n/it.json

@@ -35,8 +35,6 @@
         "%s funziona solo con JavaScript attivo.<br />Ci dispiace per l'inconveniente.",
     "%s requires a modern browser to work.":
         "%s richiede un browser moderno e aggiornato per funzionare.",
-    "Still using Internet Explorer? Do yourself a favor, switch to a modern browser:":
-        "Usi ancora Internet Explorer? Ti consigliamo di passare ad un browser più sicuro:",
     "New":
         "Nuovo",
     "Send":
@@ -155,11 +153,12 @@
     "Could not get paste data: %s":
         "Could not get paste data: %s",
     "QR code": "QR code",
-    "I love you too, bot…": "I love you too, bot…",
     "This website is using an insecure HTTP connection! Please use it only for testing.":
         "This website is using an insecure HTTP connection! Please use it only for testing.",
     "For more information <a href=\"%s\">see this FAQ entry</a>.":
         "For more information <a href=\"%s\">see this FAQ entry</a>.",
     "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
-        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
+        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.",
+    "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones.":
+        "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones."
 }

i18n/nl.json

@@ -35,8 +35,6 @@
         "JavaScript vereist om %s te laten werken.<br />Sorry voor het ongemak.",
     "%s requires a modern browser to work.":
         "%s vereist een moderne browser om te kunnen werken ",
-    "Still using Internet Explorer? Do yourself a favor, switch to a modern browser:":
-        "Gebruik je nog steeds Internet explorer? Doe jezelf een plezier en maak gebruik van een moderne browser:",
     "New":
         "Nieuw",
     "Send":
@@ -155,11 +153,12 @@
     "Could not get paste data: %s":
         "Could not get paste data: %s",
     "QR code": "QR code",
-    "I love you too, bot…": "I love you too, bot…",
     "This website is using an insecure HTTP connection! Please use it only for testing.":
         "This website is using an insecure HTTP connection! Please use it only for testing.",
     "For more information <a href=\"%s\">see this FAQ entry</a>.":
         "For more information <a href=\"%s\">see this FAQ entry</a>.",
     "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
-        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
+        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.",
+    "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones.":
+        "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones."
 }

i18n/no.json

@@ -35,8 +35,6 @@
         "Javascript kreves for at %s skal fungere<br />Beklager.",
     "%s requires a modern browser to work.":
         "%s krever en moderne nettleser for å fungere.",
-    "Still using Internet Explorer? Do yourself a favor, switch to a modern browser:":
-        "Fortsatt bruker av Internet Explorer? Gjør deg selv en tjeneste og bytt til en moderne nettleser:",
     "New":
         "Ny",
     "Send":
@@ -154,12 +152,13 @@
     "+++ no paste text +++": "+++ ingen innleggstekst +++",
     "Could not get paste data: %s":
         "Kunne ikke hente utklippsdata: %s",
-    "QR code": "QR code",
-    "I love you too, bot…": "I love you too, bot…",
+    "QR code": "QR kode",
     "This website is using an insecure HTTP connection! Please use it only for testing.":
-        "This website is using an insecure HTTP connection! Please use it only for testing.",
+        "Denne websiden bruker usikker HTTP tilkobling! Bruk den kun for testing.",
     "For more information <a href=\"%s\">see this FAQ entry</a>.":
-        "For more information <a href=\"%s\">see this FAQ entry</a>.",
+        "For mer informasjon <a href=\"%s\">se ofte stilte spørsmål</a>.",
     "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
-        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
+        "Din nettleser har behov for HTTPS tilkobling for å støtte WebCrypto biblioteket. Prøv å <a href=\"%s\">bytt til HTTPS</a>.",
+    "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones.":
+        "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones."
 }

i18n/oc.json

@@ -30,13 +30,11 @@
     "Wrong deletion token. Paste was not deleted.":
         "Geton de supression incorrècte. Lo tèxte es pas estat suprimit.",
     "Paste was properly deleted.":
-        "Lo tèxte es estat correctament suprimit.",
+        "Lo tèxte es estat corrèctament  suprimit.",
     "JavaScript is required for %s to work.<br />Sorry for the inconvenience.":
         "JavaScript es requesit per far foncionar %s. <br />O planhèm per l’inconvenient.",
     "%s requires a modern browser to work.":
         "%s necessita un navigator modèrn per foncionar.",
-    "Still using Internet Explorer? Do yourself a favor, switch to a modern browser:":
-        "Encora sus Internet Explorer ? Fasètz-vos una favor, passatz a un navigator modèrn :",
     "New":
         "Nòu",
     "Send":
@@ -109,7 +107,7 @@
     "unknown status":
         "Estatut desconegut",
     "server error or not responding":
-        "Lo servidor respond pas o a rencontrat una error",
+        "Lo servidor respond pas o a rescontrat una error",
     "Could not post comment: %s":
         "Impossible de mandar lo comentari : %s",
     "Sending paste…":
@@ -159,16 +157,17 @@
     "Decrypting paste…": "Deschirament del tèxte…",
     "Preparing new paste…": "Preparacion…",
     "In case this message never disappears please have a look at <a href=\"%s\">this FAQ for information to troubleshoot</a>.":
-        "Se per cas aqueste messatge quita pas de s’afichar mercés de gaitar <a href=\"%s\">aquesta FAQ per las solucions</a> (en anglés).",
+        "Se per cas aqueste messatge quite pas de s’afichar mercés de gaitar <a href=\"%s\">aquesta FAQ per las solucions</a> (en anglés).",
     "+++ no paste text +++": "+++ cap de tèxte pegat +++",
     "Could not get paste data: %s":
         "Recuperacion impossibla de las donadas copiadas : %s",
     "QR code": "Còdi QR",
-    "I love you too, bot…": "I love you too, bot…",
     "This website is using an insecure HTTP connection! Please use it only for testing.":
-        "This website is using an insecure HTTP connection! Please use it only for testing.",
+        "Aqueste site utiliza una connexion HTTP pas segura ! Mercés de l’utilizar pas que per d’ensages.",
     "For more information <a href=\"%s\">see this FAQ entry</a>.":
-        "For more information <a href=\"%s\">see this FAQ entry</a>.",
+        "Per mai d’informacions <a href=\"%s\">vejatz aqueste article de FAQ</a>.",
     "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
-        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
+        "Se pòt que vòstre navigator faga besonh d’una connexion HTTPS per èsser compatible amb l’API WebCrypto. Ensajatz de <a href=\"%s\">passar al HTTPS</a>.",
+    "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones.":
+        "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones."
 }

i18n/pl.json

@@ -35,8 +35,6 @@
         "Do działania %sa jest wymagany JavaScript. Przepraszamy za tę niedogodność.",
     "%s requires a modern browser to work.":
         "%s wymaga do działania nowoczesnej przeglądarki.",
-    "Still using Internet Explorer? Do yourself a favor, switch to a modern browser:":
-        "Cały czas używasz Internet Explorera? Zrób sobie przysługę, przesiądź się na nowoczesną przeglądarkę:",
     "New":
         "Nowa",
     "Send":
@@ -155,11 +153,12 @@
     "Could not get paste data: %s":
         "Nie można było pobrać danych wklejki: %s",
     "QR code": "Kod QR",
-    "I love you too, bot…": "I love you too, bot…",
     "This website is using an insecure HTTP connection! Please use it only for testing.":
         "This website is using an insecure HTTP connection! Please use it only for testing.",
     "For more information <a href=\"%s\">see this FAQ entry</a>.":
         "For more information <a href=\"%s\">see this FAQ entry</a>.",
     "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
-        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
+        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.",
+    "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones.":
+        "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones."
 }

i18n/pt.json

@@ -35,8 +35,6 @@
         "JavaScript é necessário para que %s funcione.<br />Pedimos desculpas pela inconveniência.",
     "%s requires a modern browser to work.":
         "%s requer um navegador moderno para funcionar.",
-    "Still using Internet Explorer? Do yourself a favor, switch to a modern browser:":
-        "Ainda usando Internet Explorer? Faça-se um favor, mude para um navegador moderno:",
     "New":
         "Novo",
     "Send":
@@ -155,11 +153,12 @@
     "Could not get paste data: %s":
         "Could not get paste data: %s",
     "QR code": "QR code",
-    "I love you too, bot…": "I love you too, bot…",
     "This website is using an insecure HTTP connection! Please use it only for testing.":
         "This website is using an insecure HTTP connection! Please use it only for testing.",
     "For more information <a href=\"%s\">see this FAQ entry</a>.":
         "For more information <a href=\"%s\">see this FAQ entry</a>.",
     "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
-        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
+        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.",
+    "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones.":
+        "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones."
 }

i18n/ru.json

@@ -35,8 +35,6 @@
         "Для работы %s требуется включенный JavaScript.<br />Приносим извинения за неудобства.",
     "%s requires a modern browser to work.":
         "Для работы %s требуется более современный браузер.",
-    "Still using Internet Explorer? Do yourself a favor, switch to a modern browser:":
-        "До сих пор используете Internet Explorer? Пожалейте себя, перейдите на более современный браузер:",
     "New":
         "Новая запись",
     "Send":
@@ -164,12 +162,13 @@
     "+++ no paste text +++": "+++ в записи нет текста +++",
     "Could not get paste data: %s":
         "Не удалось получить данные записи: %s",
-    "QR code": "QR code",
-    "I love you too, bot…": "I love you too, bot…",
+    "QR code": "QR код",
     "This website is using an insecure HTTP connection! Please use it only for testing.":
-        "This website is using an insecure HTTP connection! Please use it only for testing.",
+        "Данный сайт использует незащищенное HTTP подключение! Пожалуйста используйте его только для тестирования.",
     "For more information <a href=\"%s\">see this FAQ entry</a>.":
-        "For more information <a href=\"%s\">see this FAQ entry</a>.",
+        "Для продробностей <a href=\"%s\">прочтите информацию в FAQ</a>.",
     "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
-        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
+        "Ваш браузер требует использования HTTPS подключения для поддержки WebCrypto API. Попробуйте <a href=\"%s\">переключиться на HTTPS</a>.",
+    "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones.":
+        "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones."
 }

i18n/sl.json

@@ -35,8 +35,6 @@
         "Da %s deluje, moraš vklopiti JavaScript.<br />Oprosti za povročene nevšečnosti.",
     "%s requires a modern browser to work.":
         "%s za svoje delovanje potrebuje moderen brskalnik.",
-    "Still using Internet Explorer? Do yourself a favor, switch to a modern browser:":
-        "Še vedno uporabljaš Internet Explorer? Naredi si uslugo, preklopi na moderen brskalnik:",
     "New":
         "Nov prilepek",
     "Send":
@@ -164,11 +162,12 @@
     "Could not get paste data: %s":
         "Could not get paste data: %s",
     "QR code": "QR code",
-    "I love you too, bot…": "I love you too, bot…",
     "This website is using an insecure HTTP connection! Please use it only for testing.":
         "This website is using an insecure HTTP connection! Please use it only for testing.",
     "For more information <a href=\"%s\">see this FAQ entry</a>.":
         "For more information <a href=\"%s\">see this FAQ entry</a>.",
     "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
-        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
+        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.",
+    "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones.":
+        "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones."
 }

i18n/zh.json

@@ -35,8 +35,6 @@
         "%s需要JavaScript来进行加解密。<br />给你带来的不便敬请谅解。",
     "%s requires a modern browser to work.":
         "%s需要在现代浏览器上工作。",
-    "Still using Internet Explorer? Do yourself a favor, switch to a modern browser:":
-        "还在使用Internet Explorer？对自己好点，换一个现代浏览器：",
     "New":
         "新建",
     "Send":
@@ -155,11 +153,12 @@
     "Could not get paste data: %s":
         "无法获取粘贴数据：%s",
     "QR code": "二维码",
-    "I love you too, bot…": "I love you too, bot…",
     "This website is using an insecure HTTP connection! Please use it only for testing.":
         "This website is using an insecure HTTP connection! Please use it only for testing.",
     "For more information <a href=\"%s\">see this FAQ entry</a>.":
         "For more information <a href=\"%s\">see this FAQ entry</a>.",
     "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.":
-        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>."
+        "Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href=\"%s\">switching to HTTPS</a>.",
+    "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones.":
+        "Your browser doesn't support WebAssembly, used for zlib compression. You can create uncompressed documents, but can't read compressed ones."
 }

img/browserstack.svg

@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 21.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 490.1 105.6" style="enable-background:new 0 0 490.1 105.6;" xml:space="preserve">
+<style type="text/css">
+	.st0{fill:#F4B960;}
+	.st1{fill:#E66F32;}
+	.st2{fill:#E43C41;}
+	.st3{fill:#BDD041;}
+	.st4{fill:#6DB54C;}
+	.st5{fill:#AEDAE6;}
+	.st6{fill:#56B8DE;}
+	.st7{fill:#00B1D5;}
+	.st8{fill:url(#SVGID_1_);}
+	.st9{fill:#221F1F;}
+	.st10{fill:#FFFFFF;}
+	.st11{fill:#000111;}
+</style>
+<title>Browserstack-logo-white</title>
+<circle class="st0" cx="52.8" cy="52.8" r="52.8"/>
+<circle class="st1" cx="47.5" cy="47.5" r="47.5"/>
+<circle class="st2" cx="53.8" cy="41.1" r="41.1"/>
+<circle class="st3" cx="57.1" cy="44.4" r="37.8"/>
+<circle class="st4" cx="54.3" cy="47.2" r="35.1"/>
+<circle class="st5" cx="48.8" cy="41.7" r="29.5"/>
+<circle class="st6" cx="53.6" cy="36.8" r="24.7"/>
+<circle class="st7" cx="56.6" cy="39.9" r="21.7"/>
+<radialGradient id="SVGID_1_" cx="53.45" cy="63.02" r="18.57" gradientTransform="matrix(1 0 0 -1 0 106)" gradientUnits="userSpaceOnUse">
+	<stop  offset="0" style="stop-color:#797979"/>
+	<stop  offset="1" style="stop-color:#4C4C4C"/>
+</radialGradient>
+<circle class="st8" cx="53.5" cy="43" r="18.6"/>
+<circle class="st9" cx="53.5" cy="43" r="18.6"/>
+<ellipse transform="matrix(0.4094 -0.9123 0.9123 0.4094 2.8913 76.9251)" class="st10" cx="60.9" cy="36.2" rx="5.7" ry="3.7"/>
+<path class="st11" d="M122.5,32.6c0-0.3,0.3-0.6,0.6-0.6c0,0,0,0,0.1,0h16.6c9.5,0,13.9,4.4,13.9,11c0.2,3.7-1.8,7.2-5.2,8.8v0.1
+	c3.7,1.5,6.1,5.2,6,9.3c0,8.2-5.6,12.2-15.4,12.2h-16c-0.3,0-0.6-0.2-0.7-0.5c0,0,0,0,0-0.1L122.5,32.6L122.5,32.6z M139.6,49.1
+	c3.9,0,6.4-2.2,6.4-5.4s-2.4-5.5-6.4-5.5h-8.9c-0.2,0-0.4,0.1-0.4,0.3c0,0,0,0,0,0.1v10.2c0,0.2,0.1,0.3,0.3,0.4c0,0,0,0,0.1,0
+	H139.6L139.6,49.1z M130.6,66.9h9.3c4.3,0,6.8-2.3,6.8-5.8s-2.4-5.7-6.7-5.7h-9.3c-0.2,0-0.4,0.1-0.4,0.3c0,0,0,0,0,0.1v10.7
+	C130.3,66.8,130.4,66.9,130.6,66.9C130.6,66.9,130.6,66.9,130.6,66.9L130.6,66.9z"/>
+<path class="st11" d="M159.9,73.3c-0.3,0-0.6-0.2-0.7-0.5c0,0,0,0,0-0.1V44.6c0-0.3,0.3-0.6,0.6-0.6c0,0,0,0,0.1,0h6
+	c0.3,0,0.6,0.2,0.7,0.5c0,0,0,0,0,0.1v2.5h0.1c1.5-2.2,4.2-3.8,8.2-3.8c2.4,0,4.8,0.8,6.6,2.4c0.3,0.3,0.4,0.5,0.1,0.8l-3.5,4.1
+	c-0.2,0.3-0.6,0.4-0.9,0.2c0,0,0,0-0.1,0c-1.4-0.9-3-1.4-4.7-1.4c-4.1,0-6,2.7-6,7.4v15.9c0,0.3-0.3,0.6-0.6,0.6c0,0,0,0-0.1,0
+	H159.9L159.9,73.3z"/>
+<path class="st11" d="M182.9,65.8c-0.8-2.3-1.1-4.8-1.1-7.2c-0.1-2.5,0.3-4.9,1.1-7.2c1.8-5.1,6.6-8.1,13.1-8.1s11.2,3,13,8.1
+	c0.8,2.3,1.1,4.8,1.1,7.2c0.1,2.5-0.3,4.9-1.1,7.2c-1.8,5.1-6.6,8.1-13,8.1S184.7,71,182.9,65.8z M201.9,64c0.5-1.7,0.8-3.6,0.7-5.4
+	c0.1-1.8-0.1-3.7-0.7-5.4c-0.9-2.5-3.3-4-5.9-3.8c-2.6-0.2-5.1,1.4-6,3.8c-0.5,1.8-0.8,3.6-0.7,5.4c-0.1,1.8,0.1,3.7,0.7,5.4
+	c0.9,2.5,3.4,4,6,3.8C198.6,68,201,66.5,201.9,64L201.9,64z"/>
+<path class="st11" d="M241.9,73.3c-0.4,0-0.7-0.3-0.8-0.6L235,53.9h-0.1l-6.2,18.7c-0.1,0.4-0.4,0.6-0.8,0.6h-5.4
+	c-0.4,0-0.7-0.3-0.8-0.6l-10-28.1c-0.1-0.2,0-0.5,0.2-0.6c0.1,0,0.2-0.1,0.3,0h6.3c0.4,0,0.8,0.2,0.9,0.6l6.1,19.3h0.1l6-19.3
+	c0.1-0.4,0.5-0.6,0.9-0.6h4.7c0.4,0,0.7,0.2,0.9,0.6l6.4,19.3h0.1l5.8-19.3c0.1-0.4,0.5-0.7,0.9-0.6h6.3c0.2-0.1,0.5,0.1,0.5,0.3
+	c0,0.1,0,0.2,0,0.3l-10,28.1c-0.1,0.4-0.4,0.6-0.8,0.6L241.9,73.3L241.9,73.3z"/>
+<path class="st11" d="M259.3,69.3c-0.2-0.2-0.3-0.6-0.1-0.8c0,0,0,0,0.1-0.1l3.7-3.6c0.3-0.2,0.7-0.2,0.9,0c2.6,2.1,5.9,3.3,9.3,3.3
+	c3.9,0,5.9-1.5,5.9-3.5c0-1.8-1.1-2.9-5.2-3.2l-3.4-0.3c-6.4-0.6-9.7-3.6-9.7-8.6c0-5.7,4.4-9.2,12.3-9.2c4.2-0.1,8.4,1.2,11.9,3.6
+	c0.3,0.2,0.3,0.5,0.2,0.8c0,0,0,0,0,0.1l-3.2,3.6c-0.2,0.3-0.6,0.3-0.9,0.1c-2.5-1.5-5.4-2.4-8.3-2.4c-3.1,0-4.8,1.3-4.8,3
+	s1.1,2.7,5.2,3.1l3.4,0.3c6.6,0.6,9.8,3.8,9.8,8.6c0,5.8-4.6,9.9-13.3,9.9C268,74,263.2,72.4,259.3,69.3z"/>
+<path class="st11" d="M291.2,65.8c-0.8-2.3-1.2-4.7-1.1-7.2c-0.1-2.5,0.3-4.9,1-7.2c1.8-5.1,6.6-8.1,12.9-8.1c6.5,0,11.2,3.1,13,8.1
+	c0.7,2.1,1,4.1,1,8.8c0,0.3-0.3,0.6-0.6,0.6c0,0-0.1,0-0.1,0h-19.5c-0.2,0-0.4,0.1-0.4,0.3c0,0,0,0,0,0.1c0,0.8,0.2,1.5,0.5,2.2
+	c1,2.9,3.5,4.4,7.1,4.4c2.7,0.1,5.4-0.9,7.4-2.8c0.2-0.3,0.7-0.4,1-0.1c0,0,0,0,0,0l3.9,3.2c0.2,0.1,0.3,0.5,0.2,0.7
+	c0,0.1-0.1,0.1-0.1,0.1c-2.7,2.9-7.2,5-13,5C297.8,73.9,293,70.9,291.2,65.8z M310.4,52.8c-0.9-2.4-3.2-3.8-6.2-3.8
+	s-5.4,1.4-6.2,3.8c-0.3,0.8-0.4,1.6-0.4,2.5c0,0.2,0.1,0.3,0.3,0.4c0,0,0,0,0.1,0h12.4c0.2,0,0.4-0.1,0.4-0.3c0,0,0,0,0-0.1
+	C310.8,54.5,310.6,53.6,310.4,52.8L310.4,52.8z"/>
+<path class="st11" d="M323.6,73.3c-0.3,0-0.6-0.2-0.7-0.5c0,0,0,0,0-0.1V44.6c0-0.3,0.3-0.6,0.6-0.6c0,0,0,0,0.1,0h6
+	c0.3,0,0.6,0.2,0.7,0.5c0,0,0,0,0,0.1v2.5h0.1c1.5-2.2,4.2-3.8,8.2-3.8c2.4,0,4.8,0.8,6.6,2.4c0.3,0.3,0.4,0.5,0.1,0.8l-3.5,4.1
+	c-0.2,0.3-0.6,0.4-0.9,0.2c0,0,0,0-0.1,0c-1.4-0.9-3-1.4-4.7-1.4c-4.1,0-6,2.7-6,7.4v15.9c0,0.3-0.3,0.6-0.6,0.6c0,0,0,0-0.1,0
+	H323.6L323.6,73.3z"/>
+<path class="st11" d="M346.5,68.5c-0.3-0.2-0.4-0.6-0.2-0.9c0,0,0,0,0,0l4.1-4.4c0.2-0.3,0.6-0.3,0.9-0.1c0,0,0,0,0,0
+	c3.5,2.7,7.7,4.2,12.1,4.4c5.3,0,8.4-2.5,8.4-6c0-3-2-4.9-8.1-5.7l-2.4-0.3c-8.6-1.1-13.5-4.9-13.5-11.8c0-7.5,5.9-12.4,15.1-12.4
+	c5.1-0.1,10.1,1.4,14.5,4.2c0.3,0.1,0.4,0.4,0.2,0.7c0,0.1-0.1,0.1-0.1,0.2l-3.1,4.5c-0.2,0.3-0.6,0.4-0.9,0.2
+	c-3.2-2.1-6.9-3.2-10.7-3.2c-4.5,0-7,2.3-7,5.5c0,2.9,2.2,4.8,8.2,5.6l2.4,0.3c8.6,1.1,13.3,4.9,13.3,12c0,7.3-5.7,12.8-16.8,12.8
+	C356.3,73.9,350,71.5,346.5,68.5z"/>
+<path class="st11" d="M393.3,73.8c-6.4,0-8.8-2.9-8.8-8.6V49.8c0-0.2-0.1-0.3-0.3-0.4c0,0,0,0-0.1,0H382c-0.3,0-0.6-0.2-0.7-0.5
+	c0,0,0,0,0-0.1v-4.1c0-0.3,0.3-0.6,0.6-0.6c0,0,0,0,0.1,0h2.1c0.2,0,0.4-0.1,0.4-0.3c0,0,0,0,0-0.1v-8c0-0.3,0.3-0.6,0.6-0.6
+	c0,0,0,0,0.1,0h6c0.3,0,0.6,0.2,0.7,0.5c0,0,0,0,0,0.1v8c0,0.2,0.1,0.3,0.3,0.4c0,0,0,0,0.1,0h4.2c0.3,0,0.6,0.2,0.7,0.5
+	c0,0,0,0,0,0.1v4.1c0,0.3-0.3,0.6-0.6,0.6c0,0,0,0-0.1,0h-4.2c-0.2,0-0.4,0.1-0.4,0.3c0,0,0,0,0,0.1V65c0,2.1,0.9,2.7,3,2.7h1.6
+	c0.3,0,0.6,0.2,0.7,0.5c0,0,0,0,0,0.1v4.9c0,0.3-0.3,0.6-0.6,0.6c0,0,0,0-0.1,0L393.3,73.8L393.3,73.8z"/>
+<path class="st11" d="M421.2,73.3c-0.3,0-0.6-0.2-0.7-0.5c0,0,0,0,0-0.1v-2.1h0c-1.5,2-4.5,3.4-8.9,3.4c-5.8,0-10.6-2.8-10.6-8.9
+	c0-6.4,4.9-9.3,12.7-9.3h6.4c0.2,0,0.4-0.1,0.4-0.3c0,0,0,0,0-0.1v-1.4c0-3.3-1.7-4.9-7-4.9c-2.6-0.1-5.1,0.6-7.2,2
+	c-0.3,0.2-0.7,0.2-0.9-0.1c0,0,0,0,0-0.1l-2.4-4c-0.2-0.2-0.1-0.6,0.1-0.8c0,0,0,0,0,0c2.6-1.7,6-2.9,11.2-2.9
+	c9.6,0,13.2,3,13.2,10.2v19.1c0,0.3-0.3,0.6-0.6,0.6c0,0,0,0-0.1,0H421.2L421.2,73.3z M420.4,63.4v-2.2c0-0.2-0.1-0.3-0.3-0.4
+	c0,0,0,0-0.1,0h-5.2c-4.7,0-6.8,1.2-6.8,3.9c0,2.4,1.9,3.6,5.5,3.6C417.9,68.4,420.4,66.8,420.4,63.4L420.4,63.4z"/>
+<path class="st11" d="M433.1,65.8c-0.7-2.3-1.1-4.8-1-7.2c-0.1-2.4,0.3-4.9,1-7.2c1.8-5.2,6.7-8.1,13.1-8.1c4.2-0.2,8.2,1.5,11,4.6
+	c0.2,0.2,0.2,0.6,0,0.8c0,0,0,0-0.1,0.1l-4.1,3.3c-0.3,0.2-0.7,0.2-0.9-0.1c0,0,0,0,0-0.1c-1.5-1.7-3.6-2.6-5.9-2.5
+	c-2.8,0-5,1.3-5.9,3.8c-0.5,1.8-0.8,3.6-0.7,5.4c-0.1,1.8,0.1,3.7,0.7,5.5c0.9,2.5,3.1,3.8,5.9,3.8c2.2,0.1,4.4-0.9,5.9-2.6
+	c0.2-0.3,0.6-0.3,0.9-0.1c0,0,0,0,0,0l4.1,3.3c0.3,0.2,0.3,0.5,0.1,0.8c0,0,0,0-0.1,0.1c-2.9,3-6.9,4.6-11,4.5
+	C439.8,73.9,435,71.1,433.1,65.8z"/>
+<path class="st11" d="M482.8,73.3c-0.4,0-0.8-0.2-1-0.6l-8-12.3l-4.3,4.6v7.7c0,0.3-0.3,0.6-0.6,0.6c0,0,0,0-0.1,0h-6
+	c-0.3,0-0.6-0.2-0.7-0.5c0,0,0,0,0-0.1V32.6c0-0.3,0.3-0.6,0.6-0.6c0,0,0,0,0.1,0h6c0.3,0,0.6,0.2,0.7,0.5c0,0,0,0,0,0.1v23.8
+	l10.8-11.8c0.3-0.4,0.8-0.6,1.2-0.6h6.7c0.2,0,0.4,0.1,0.4,0.3c0,0.1,0,0.3-0.1,0.3l-10.1,10.7L490,72.7c0.1,0.2,0.1,0.4,0,0.5
+	c-0.1,0.1-0.2,0.1-0.3,0.1H482.8L482.8,73.3z"/>
+</svg>

index.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3
  */
 
 // change this, if your php files and data is outside of your webservers document root

js/.nycrc.yml

@@ -1,5 +1,6 @@
 ---
 include:
+  - legacy.js
   - privatebin.js
 reporter:
   - text

js/common.js

@@ -16,9 +16,10 @@ global.zlib = require('./zlib-1.2.11').zlib;
 require('./prettify');
 global.prettyPrint = window.PR.prettyPrint;
 global.prettyPrintOne = window.PR.prettyPrintOne;
-global.showdown = require('./showdown-1.9.0');
-global.DOMPurify = require('./purify-1.0.11');
+global.showdown = require('./showdown-1.9.1');
+global.DOMPurify = require('./purify-2.0.1');
 global.baseX = require('./base-x-3.0.5.1').baseX;
+global.Legacy = require('./legacy').Legacy;
 require('./bootstrap-3.3.7');
 require('./privatebin');
 

js/legacy.js

@@ -0,0 +1,311 @@
+/**
+ * PrivateBin
+ *
+ * a zero-knowledge paste bin
+ *
+ * @see       {@link https://github.com/PrivateBin/PrivateBin}
+ * @copyright 2012 Sébastien SAUVAGE ({@link http://sebsauvage.net})
+ * @license   {@link https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License}
+ * @version   1.3.1
+ * @name      Legacy
+ * @namespace
+ */
+
+/**
+ * IMPORTANT NOTICE FOR DEVELOPERS:
+ * The logic in this file is intended to run in legacy browsers. Avoid any use of:
+ * - jQuery (doesn't work in older browsers)
+ * - ES5 or newer in general
+ * - const/let, use the traditional var declarations instead
+ * - async/await or Promises, use traditional callbacks
+ * - shorthand function notation "() => output", use the full "function() {return output;}" style
+ * - IE doesn't support:
+ *   - URL(), use the traditional window.location object
+ *   - endsWith(), use indexof()
+ * - yes, this logic needs to support IE 6, to at least display the error message
+ */
+
+'use strict';
+(function() {
+    /**
+     * compatibility check
+     *
+     * @name   Check
+     * @class
+     */
+    var Check = (function () {
+        var me = {};
+
+        /**
+         * Status of the initial check, true means it passed
+         *
+         * @private
+         * @prop   {bool}
+         */
+        var status = false;
+
+        /**
+         * Initialization check did run
+         *
+         * @private
+         * @prop   {bool}
+         */
+        var init = false;
+
+        /**
+         * blacklist of UserAgents (parts) known to belong to a bot
+         *
+         * @private
+         * @enum   {Array}
+         * @readonly
+         */
+        var badBotUA = [
+            'Bot',
+            'bot'
+        ];
+
+        /**
+         * whitelist of top level domains to consider a secure context,
+         * regardless of protocol
+         *
+         * @private
+         * @enum   {Array}
+         * @readonly
+         */
+        var tld = [
+            '.onion',
+            '.i2p'
+        ];
+
+        /**
+         * whitelist of hostnames to consider a secure context,
+         * regardless of protocol
+         *
+         * @private
+         * @enum   {Array}
+         * @readonly
+         */
+        // whitelists of TLDs & local hostnames
+        var hostname = [
+            'localhost',
+            '127.0.0.1',
+            '[::1]'
+        ];
+
+        /**
+         * check if the context is secure
+         *
+         * @private
+         * @name   Check.isSecureContext
+         * @function
+         * @return {bool}
+         */
+        function isSecureContext()
+        {
+            // use .isSecureContext if available
+            if (window.isSecureContext === true || window.isSecureContext === false) {
+                return window.isSecureContext;
+            }
+
+            // HTTP is obviously insecure
+            if (window.location.protocol !== 'http:') {
+                return true;
+            }
+
+            // filter out actually secure connections over HTTP
+            for (var i = 0; i < tld.length; i++) {
+                if (
+                    window.location.hostname.indexOf(
+                        tld[i],
+                        window.location.hostname.length - tld[i].length
+                    ) !== -1
+                ) {
+                    return true;
+                }
+            }
+
+            // whitelist localhost for development
+            for (var j = 0; j < hostname.length; j++) {
+                if (window.location.hostname === hostname[j]) {
+                    return true;
+                }
+            }
+
+            // totally INSECURE http protocol!
+            return false;
+        }
+
+        /**
+         * checks whether this is a bot we dislike
+         *
+         * @private
+         * @name   Check.isBadBot
+         * @function
+         * @return {bool}
+         */
+        function isBadBot() {
+            // check whether a bot user agent part can be found in the current
+            // user agent
+            for (var i = 0; i < badBotUA.length; i++) {
+                if (navigator.userAgent.indexOf(badBotUA[i]) !== -1) {
+                    return true;
+                }
+            }
+            return false;
+        }
+
+        /**
+         * checks whether this is an unsupported browser, via feature detection
+         *
+         * @private
+         * @name   Check.isOldBrowser
+         * @function
+         * @return {bool}
+         */
+        function isOldBrowser() {
+            // webcrypto support
+            if (!(
+                'crypto' in window &&
+                'getRandomValues' in window.crypto &&
+                'subtle' in window.crypto &&
+                'encrypt' in window.crypto.subtle &&
+                'decrypt' in window.crypto.subtle &&
+                'Uint8Array' in window &&
+                'Uint32Array' in window
+            )) {
+                return true;
+            }
+
+            // async & ES6 support
+            try {
+                eval('async () => {}');
+            } catch (e) {
+                if (e instanceof SyntaxError) {
+                    return true;
+                } else {
+                    throw e; // throws CSP error
+                }
+            }
+
+            return false;
+        }
+
+        /**
+         * shows an error message
+         *
+         * @private
+         * @name   Check.showError
+         * @param  {string} message
+         * @function
+         */
+        function showError(message)
+        {
+            var element = document.getElementById('errormessage');
+            if (message.indexOf('<a') === -1) {
+                element.appendChild(
+                    document.createTextNode(message)
+                );
+            } else {
+                element.innerHTML = message;
+            }
+            removeHiddenFromId('errormessage');
+        }
+
+        /**
+         * removes "hidden" CSS class from element with given ID
+         *
+         * @private
+         * @name   Check.removeHiddenFromId
+         * @param  {string} id
+         * @function
+         */
+        function removeHiddenFromId(id)
+        {
+            var element = document.getElementById(id);
+            if (element) {
+                element.className = element.className.replace(/\bhidden\b/g, '');
+            }
+        }
+
+        /**
+         * returns if the check has concluded
+         *
+         * @name   Check.getInit
+         * @function
+         * @return {bool}
+         */
+        me.getInit = function()
+        {
+            return init;
+        };
+        
+        /**
+         * returns the current status of the check
+         *
+         * @name   Check.getStatus
+         * @function
+         * @return {bool}
+         */
+        me.getStatus = function()
+        {
+            return status;
+        };
+        
+        /**
+         * init on application start, returns an all-clear signal
+         *
+         * @name   Check.init
+         * @function
+         */
+        me.init = function()
+        {
+            // prevent bots from viewing a paste and potentially deleting data
+            // when burn-after-reading is set
+            if (isBadBot()) {
+                showError('I love you too, bot…');
+                init = true;
+                return;
+            }
+
+            if (isOldBrowser()) {
+                // some browsers (Chrome based ones) would have webcrypto support if using HTTPS
+                if (!isSecureContext()) {
+                    removeHiddenFromId('insecurecontextnotice');
+                }
+                removeHiddenFromId('oldnotice');
+                init = true;
+                return;
+            }
+
+            if (!isSecureContext()) {
+                removeHiddenFromId('httpnotice');
+            }
+            init = true;
+
+            // only if everything passed, we set the status to true
+            status = true;
+        };
+
+        return me;
+    })();
+
+    // main application start, called when DOM is fully loaded
+    if (document.readyState === 'complete' || (!document.attachEvent && document.readyState === 'interactive')) {
+        Check.init();
+    } else {
+        if (document.addEventListener) {
+            // first choice is DOMContentLoaded event
+            document.addEventListener('DOMContentLoaded', Check.init, false);
+            // backup is window load event
+            window.addEventListener('load', Check.init, false);
+        } else {
+            // must be IE
+            document.attachEvent('onreadystatechange', Check.init);
+            window.attachEvent('onload', Check.init);
+        }
+    }
+
+    this.Legacy = {
+        Check: Check
+    };
+}).call(this);

js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "privatebin",
-  "version": "1.2.1",
+  "version": "1.3.0",
   "description": "PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bit AES in Galois Counter mode (GCM).",
   "main": "privatebin.js",
   "directories": {

js/test/Alert.js

@@ -4,16 +4,55 @@ var common = require('../common');
 describe('Alert', function () {
     describe('showStatus', function () {
         jsc.property(
-            'shows a status message',
+            'shows a status message (basic)',
             jsc.array(common.jscAlnumString()),
             jsc.array(common.jscAlnumString()),
             function (icon, message) {
                 icon = icon.join('');
                 message = message.join('');
-                var expected = '<div id="status" role="alert" ' +
+                const expected = '<div id="status">' + message + '</div>';
+                $('body').html(
+                    '<div id="status"></div>'
+                );
+                $.PrivateBin.Alert.init();
+                $.PrivateBin.Alert.showStatus(message, icon);
+                const result = $('body').html();
+                return expected === result;
+            }
+        );
+
+        jsc.property(
+            'shows a status message (bootstrap)',
+            jsc.array(common.jscAlnumString()),
+            function (message) {
+                message = message.join('');
+                const expected = '<div id="status" role="alert" ' +
+                    'class="statusmessage alert alert-info"><span ' +
+                    'class="glyphicon glyphicon-info-sign" ' +
+                    'aria-hidden="true"></span> <span>' + message + '</span></div>';
+                $('body').html(
+                    '<div id="status" role="alert" class="statusmessage ' +
+                    'alert alert-info hidden"><span class="glyphicon ' +
+                    'glyphicon-info-sign" aria-hidden="true"></span> </div>'
+                );
+                $.PrivateBin.Alert.init();
+                $.PrivateBin.Alert.showStatus(message);
+                const result = $('body').html();
+                return expected === result;
+            }
+        );
+
+        jsc.property(
+            'shows a status message (bootstrap, custom icon)',
+            jsc.array(common.jscAlnumString()),
+            jsc.array(common.jscAlnumString()),
+            function (icon, message) {
+                icon = icon.join('');
+                message = message.join('');
+                const expected = '<div id="status" role="alert" ' +
                     'class="statusmessage alert alert-info"><span ' +
                     'class="glyphicon glyphicon-' + icon +
-                    '" aria-hidden="true"></span> ' + message + '</div>';
+                    '" aria-hidden="true"></span> <span>' + message + '</span></div>';
                 $('body').html(
                     '<div id="status" role="alert" class="statusmessage ' +
                     'alert alert-info hidden"><span class="glyphicon ' +
@@ -21,7 +60,76 @@ describe('Alert', function () {
                 );
                 $.PrivateBin.Alert.init();
                 $.PrivateBin.Alert.showStatus(message, icon);
-                var result = $('body').html();
+                const result = $('body').html();
+                return expected === result;
+            }
+        );
+    });
+
+    describe('showWarning', function () {
+        before(function () {
+            cleanup();
+        });
+
+        jsc.property(
+            'shows a warning message (basic)',
+            jsc.array(common.jscAlnumString()),
+            jsc.array(common.jscAlnumString()),
+            function (icon, message) {
+                icon = icon.join('');
+                message = message.join('');
+                const expected = '<div id="errormessage">' + message + '</div>';
+                $('body').html(
+                    '<div id="errormessage"></div>'
+                );
+                $.PrivateBin.Alert.init();
+                $.PrivateBin.Alert.showWarning(message, icon);
+                const result = $('body').html();
+                return expected === result;
+            }
+        );
+
+        jsc.property(
+            'shows a warning message (bootstrap)',
+            jsc.array(common.jscAlnumString()),
+            jsc.array(common.jscAlnumString()),
+            function (message) {
+                message = message.join('');
+                const expected = '<div id="errormessage" role="alert" ' +
+                    'class="statusmessage alert alert-danger"><span ' +
+                    'class="glyphicon glyphicon-warning-sign" ' +
+                    'aria-hidden="true"></span> <span>' + message + '</span></div>';
+                $('body').html(
+                    '<div id="errormessage" role="alert" class="statusmessage ' +
+                    'alert alert-danger hidden"><span class="glyphicon ' +
+                    'glyphicon-alert" aria-hidden="true"></span> </div>'
+                );
+                $.PrivateBin.Alert.init();
+                $.PrivateBin.Alert.showWarning(message);
+                const result = $('body').html();
+                return expected === result;
+            }
+        );
+
+        jsc.property(
+            'shows a warning message (bootstrap, custom icon)',
+            jsc.array(common.jscAlnumString()),
+            jsc.array(common.jscAlnumString()),
+            function (icon, message) {
+                icon = icon.join('');
+                message = message.join('');
+                const expected = '<div id="errormessage" role="alert" ' +
+                    'class="statusmessage alert alert-danger"><span ' +
+                    'class="glyphicon glyphicon-' + icon +
+                    '" aria-hidden="true"></span> <span>' + message + '</span></div>';
+                $('body').html(
+                    '<div id="errormessage" role="alert" class="statusmessage ' +
+                    'alert alert-danger hidden"><span class="glyphicon ' +
+                    'glyphicon-alert" aria-hidden="true"></span> </div>'
+                );
+                $.PrivateBin.Alert.init();
+                $.PrivateBin.Alert.showWarning(message, icon);
+                const result = $('body').html();
                 return expected === result;
             }
         );
@@ -33,16 +141,56 @@ describe('Alert', function () {
         });
 
         jsc.property(
-            'shows an error message',
+            'shows an error message (basic)',
             jsc.array(common.jscAlnumString()),
             jsc.array(common.jscAlnumString()),
             function (icon, message) {
                 icon = icon.join('');
                 message = message.join('');
-                var expected = '<div id="errormessage" role="alert" ' +
+                const expected = '<div id="errormessage">' + message + '</div>';
+                $('body').html(
+                    '<div id="errormessage"></div>'
+                );
+                $.PrivateBin.Alert.init();
+                $.PrivateBin.Alert.showError(message, icon);
+                const result = $('body').html();
+                return expected === result;
+            }
+        );
+
+        jsc.property(
+            'shows an error message (bootstrap)',
+            jsc.array(common.jscAlnumString()),
+            jsc.array(common.jscAlnumString()),
+            function (icon, message) {
+                message = message.join('');
+                const expected = '<div id="errormessage" role="alert" ' +
+                    'class="statusmessage alert alert-danger"><span ' +
+                    'class="glyphicon glyphicon-alert" ' +
+                    'aria-hidden="true"></span> <span>' + message + '</span></div>';
+                $('body').html(
+                    '<div id="errormessage" role="alert" class="statusmessage ' +
+                    'alert alert-danger hidden"><span class="glyphicon ' +
+                    'glyphicon-alert" aria-hidden="true"></span> </div>'
+                );
+                $.PrivateBin.Alert.init();
+                $.PrivateBin.Alert.showError(message);
+                const result = $('body').html();
+                return expected === result;
+            }
+        );
+
+        jsc.property(
+            'shows an error message (bootstrap, custom icon)',
+            jsc.array(common.jscAlnumString()),
+            jsc.array(common.jscAlnumString()),
+            function (icon, message) {
+                icon = icon.join('');
+                message = message.join('');
+                const expected = '<div id="errormessage" role="alert" ' +
                     'class="statusmessage alert alert-danger"><span ' +
                     'class="glyphicon glyphicon-' + icon +
-                    '" aria-hidden="true"></span> ' + message + '</div>';
+                    '" aria-hidden="true"></span> <span>' + message + '</span></div>';
                 $('body').html(
                     '<div id="errormessage" role="alert" class="statusmessage ' +
                     'alert alert-danger hidden"><span class="glyphicon ' +
@@ -50,7 +198,7 @@ describe('Alert', function () {
                 );
                 $.PrivateBin.Alert.init();
                 $.PrivateBin.Alert.showError(message, icon);
-                var result = $('body').html();
+                const result = $('body').html();
                 return expected === result;
             }
         );
@@ -62,17 +210,36 @@ describe('Alert', function () {
         });
 
         jsc.property(
-            'shows remaining time',
+            'shows remaining time (basic)',
             jsc.array(common.jscAlnumString()),
             jsc.array(common.jscAlnumString()),
             'integer',
             function (message, string, number) {
                 message = message.join('');
                 string = string.join('');
-                var expected = '<div id="remainingtime" role="alert" ' +
+                const expected = '<div id="remainingtime" class="">' + string + message + number + '</div>';
+                $('body').html(
+                    '<div id="remainingtime" class="hidden"></div>'
+                );
+                $.PrivateBin.Alert.init();
+                $.PrivateBin.Alert.showRemaining(['%s' + message + '%d', string, number]);
+                const result = $('body').html();
+                return expected === result;
+            }
+        );
+
+        jsc.property(
+            'shows remaining time (bootstrap)',
+            jsc.array(common.jscAlnumString()),
+            jsc.array(common.jscAlnumString()),
+            'integer',
+            function (message, string, number) {
+                message = message.join('');
+                string = string.join('');
+                const expected = '<div id="remainingtime" role="alert" ' +
                     'class="alert alert-info"><span ' +
                     'class="glyphicon glyphicon-fire" aria-hidden="true">' +
-                    '</span> ' + string + message + number + '</div>';
+                    '</span> <span>' + string + message + number + '</span></div>';
                 $('body').html(
                     '<div id="remainingtime" role="alert" class="hidden ' +
                     'alert alert-info"><span class="glyphicon ' +
@@ -80,7 +247,7 @@ describe('Alert', function () {
                 );
                 $.PrivateBin.Alert.init();
                 $.PrivateBin.Alert.showRemaining(['%s' + message + '%d', string, number]);
-                var result = $('body').html();
+                const result = $('body').html();
                 return expected === result;
             }
         );
@@ -92,20 +259,42 @@ describe('Alert', function () {
         });
 
         jsc.property(
-            'shows a loading message',
+            'shows a loading message (basic)',
             jsc.array(common.jscAlnumString()),
             jsc.array(common.jscAlnumString()),
             function (message, icon) {
                 message = message.join('');
                 icon = icon.join('');
-                var defaultMessage = 'Loading…';
+                const defaultMessage = 'Loading…';
                 if (message.length === 0) {
                     message = defaultMessage;
                 }
-                var expected = '<ul class="nav navbar-nav"><li ' +
+                const expected = '<div id="loadingindicator" class="">' + message + '</div>';
+                $('body').html(
+                    '<div id="loadingindicator" class="hidden">' + defaultMessage + '</div>'
+                );
+                $.PrivateBin.Alert.init();
+                $.PrivateBin.Alert.showLoading(message, icon);
+                const result = $('body').html();
+                return expected === result;
+            }
+        );
+
+        jsc.property(
+            'shows a loading message (bootstrap)',
+            jsc.array(common.jscAlnumString()),
+            jsc.array(common.jscAlnumString()),
+            function (message, icon) {
+                message = message.join('');
+                icon = icon.join('');
+                const defaultMessage = 'Loading…';
+                if (message.length === 0) {
+                    message = defaultMessage;
+                }
+                const expected = '<ul class="nav navbar-nav"><li ' +
                     'id="loadingindicator" class="navbar-text"><span ' +
                     'class="glyphicon glyphicon-' + icon +
-                    '" aria-hidden="true"></span> ' + message + '</li></ul>';
+                    '" aria-hidden="true"></span> <span>' + message + '</span></li></ul>';
                 $('body').html(
                     '<ul class="nav navbar-nav"><li id="loadingindicator" ' +
                     'class="navbar-text hidden"><span class="glyphicon ' +
@@ -114,7 +303,7 @@ describe('Alert', function () {
                 );
                 $.PrivateBin.Alert.init();
                 $.PrivateBin.Alert.showLoading(message, icon);
-                var result = $('body').html();
+                const result = $('body').html();
                 return expected === result;
             }
         );
@@ -182,7 +371,7 @@ describe('Alert', function () {
             jsc.array(common.jscAlnumString()),
             function (trigger, message) {
                 message = message.join('');
-                var handlerCalled = false,
+                let handlerCalled = false,
                     defaultMessage = 'Loading…',
                     functions = [
                         $.PrivateBin.Alert.showStatus,

js/test/Check.js

@@ -0,0 +1,83 @@
+'use strict';
+var common = require('../common');
+/* global Legacy, WebCrypto */
+
+describe('Check', function () {
+    describe('init', function () {
+        this.timeout(30000);
+        before(function () {
+            cleanup();
+        });
+
+        it('returns false and shows error, if a bot UA is detected', function () {
+            jsc.assert(jsc.forall(
+                'string',
+                jsc.elements(['Bot', 'bot']),
+                'string',
+                function (prefix, botBit, suffix) {
+                    const clean = jsdom(
+                        '<html><body><div id="errormessage" class="hidden"></div>' +
+                        '</body></html>', {
+                            'userAgent': prefix + botBit + suffix
+                        }
+                    );
+                    Legacy.Check.init();
+                    const result1 = Legacy.Check.getInit() && !Legacy.Check.getStatus(),
+                          result2 = (document.getElementById('errormessage').className !== 'hidden');
+                    clean();
+                    return result1 && result2;
+                }
+            ),
+            {tests: 10});
+        });
+
+        jsc.property(
+            'shows error, if no webcrypto is detected',
+            'bool',
+            jsc.elements(['localhost', '127.0.0.1', '[::1]', '']),
+            jsc.nearray(common.jscA2zString()),
+            jsc.elements(['.onion', '.i2p', '']),
+            function (secureProtocol, localhost, domain, tld) {
+                const isDomain = localhost === '',
+                      isSecureContext = secureProtocol || !isDomain || tld.length > 0,
+                      clean = jsdom(
+                          '<html><body><div id="errormessage" class="hidden"></div>' +
+                          '<div id="oldnotice" class="hidden"></div>' +
+                          '<div id="insecurecontextnotice" class="hidden"></div></body></html>',
+                          {
+                              'url': (secureProtocol ? 'https' : 'http' ) + '://' +
+                                     (isDomain ? domain.join('') + tld : localhost) + '/'
+                          }
+                      );
+                Legacy.Check.init();
+                const result1 = Legacy.Check.getInit() && !Legacy.Check.getStatus(),
+                      result2 = isSecureContext === (document.getElementById('insecurecontextnotice').className === 'hidden'),
+                      result3 = (document.getElementById('oldnotice').className !== 'hidden');
+                clean();
+                return result1 && result2 && result3;
+            }
+        );
+
+        jsc.property(
+            'shows error, if HTTP only site is detected',
+            'bool',
+            jsc.nearray(common.jscA2zString()),
+            function (secureProtocol, domain) {
+                const clean = jsdom(
+                          '<html><body><div id="httpnotice" class="hidden"></div>' +
+                          '</body></html>',
+                          {
+                              'url': (secureProtocol ? 'https' : 'http' ) + '://' + domain.join('') + '/'
+                          }
+                      );
+                window.crypto = new WebCrypto();
+                Legacy.Check.init();
+                const result1 = Legacy.Check.getInit() && Legacy.Check.getStatus(),
+                      result2 = secureProtocol === (document.getElementById('httpnotice').className === 'hidden');
+                clean();
+                return result1 && result2;
+            }
+        );
+    });
+});
+

js/test/CryptTool.js

@@ -18,13 +18,15 @@ describe('CryptTool', function () {
                     // pause to let async functions conclude
                     await new Promise(resolve => setTimeout(resolve, 300));
                     let clean = jsdom();
+                    // ensure zlib is getting loaded
+                    $.PrivateBin.Controller.initZ();
                     window.crypto = new WebCrypto();
                     message = message.trim();
                     let cipherMessage = await $.PrivateBin.CryptTool.cipher(
                             key, password, message, []
                         ),
                         plaintext = await $.PrivateBin.CryptTool.decipher(
-                                key, password, cipherMessage
+                            key, password, cipherMessage
                         );
                     clean();
                     return message === plaintext;
@@ -179,6 +181,8 @@ describe('CryptTool', function () {
             let message = fs.readFileSync('test/compression-sample.txt', 'utf8'),
                 clean = jsdom();
             window.crypto = new WebCrypto();
+            // ensure zlib is getting loaded
+            $.PrivateBin.Controller.initZ();
             let cipherMessage = await $.PrivateBin.CryptTool.cipher(
                     'foo', 'bar', message, []
                 ),
@@ -222,6 +226,8 @@ isWhile : interp (while expr sBody) (MemElem mem) =
 conseq_or_bottom inv (interp (nth_iterate sBody n) (MemElem mem))
 `;
                     let clean = jsdom();
+                    // ensure zlib is getting loaded
+                    $.PrivateBin.Controller.initZ();
                     window.crypto = new WebCrypto();
                     let cipherMessage = await $.PrivateBin.CryptTool.cipher(
                             key, password, message, []

js/test/Helper.js

@@ -183,9 +183,9 @@ describe('Helper', function () {
             'string',
             'string',
             function (prefix, uint, middle, string, postfix) {
-                prefix  =  prefix.replace(/%(s|d)/g, '%%');
-                middle  =  middle.replace(/%(s|d)/g, '%%');
-                postfix = postfix.replace(/%(s|d)/g, '%%');
+                prefix  =  prefix.replace(/%(s|d)/g, '');
+                middle  =  middle.replace(/%(s|d)/g, '');
+                postfix = postfix.replace(/%(s|d)/g, '');
                 var params = [prefix + '%d' + middle + '%s' + postfix, uint, string],
                     result = prefix + uint + middle + string + postfix;
                 return result === $.PrivateBin.Helper.sprintf.apply(this, params);
@@ -199,9 +199,9 @@ describe('Helper', function () {
             'string',
             'string',
             function (prefix, uint, middle, string, postfix) {
-                prefix  =  prefix.replace(/%(s|d)/g, '%%');
-                middle  =  middle.replace(/%(s|d)/g, '%%');
-                postfix = postfix.replace(/%(s|d)/g, '%%');
+                prefix  =  prefix.replace(/%(s|d)/g, '');
+                middle  =  middle.replace(/%(s|d)/g, '');
+                postfix = postfix.replace(/%(s|d)/g, '');
                 var params = [prefix + '%s' + middle + '%d' + postfix, string, uint],
                     result = prefix + string + middle + uint + postfix;
                 return result === $.PrivateBin.Helper.sprintf.apply(this, params);

js/test/InitialCheck.js

@@ -1,88 +0,0 @@
-'use strict';
-var common = require('../common');
-
-describe('InitialCheck', function () {
-    describe('init', function () {
-        this.timeout(30000);
-        before(function () {
-            cleanup();
-        });
-
-        it('returns false and shows error, if a bot UA is detected', function () {
-            jsc.assert(jsc.forall(
-                'string',
-                jsc.elements(['Bot', 'bot']),
-                'string',
-                function (prefix, botBit, suffix) {
-                    const clean = jsdom('', {
-                        'userAgent': prefix + botBit + suffix
-                    });
-                    $('body').html(
-                        '<html><body><div id="errormessage" class="hidden"></div>' +
-                        '</body></html>'
-                    );
-                    $.PrivateBin.Alert.init();
-                    window.crypto = null;
-                    const result1 = !$.PrivateBin.InitialCheck.init(),
-                          result2 = !$('#errormessage').hasClass('hidden');
-                    clean();
-                    return result1 && result2;
-                }
-            ),
-            {tests: 10});
-        });
-
-        jsc.property(
-            'shows error, if no webcrypto is detected',
-            'bool',
-            jsc.elements(['localhost', '127.0.0.1', '[::1]', '']),
-            jsc.nearray(common.jscA2zString()),
-            jsc.elements(['.onion', '.i2p', '']),
-            function (secureProtocol, localhost, domain, tld) {
-                const isDomain = localhost === '',
-                      isSecureContext = secureProtocol || !isDomain || tld.length > 0,
-                      clean = jsdom('', {
-                          'url': (secureProtocol ? 'https' : 'http' ) + '://' +
-                                 (isDomain ? domain.join('') + tld : localhost) + '/'
-                      });
-                $('body').html(
-                    '<html><body><div id="errormessage" class="hidden"></div>'+
-                    '<div id="oldnotice" class="hidden"></div></body></html>'
-                );
-                $.PrivateBin.Alert.init();
-                const result1 = !$.PrivateBin.InitialCheck.init(),
-                      result2 = isSecureContext === $('#errormessage').hasClass('hidden'),
-                      result3 = !$('#oldnotice').hasClass('hidden');
-                clean();
-                return result1 && result2 && result3;
-            }
-        );
-
-        jsc.property(
-            'shows error, if HTTP only site is detected',
-            'bool',
-            jsc.elements(['localhost', '127.0.0.1', '[::1]', '']),
-            jsc.nearray(common.jscA2zString()),
-            jsc.elements(['.onion', '.i2p', '']),
-            function (secureProtocol, localhost, domain, tld) {
-                const isDomain = localhost === '',
-                      isSecureContext = secureProtocol || !isDomain || tld.length > 0,
-                      clean = jsdom('', {
-                          'url': (secureProtocol ? 'https' : 'http' ) + '://' +
-                               (isDomain ? domain.join('') + tld : localhost) + '/'
-                      });
-                $('body').html(
-                    '<html><body><div id="httpnotice" class="hidden"></div>'+
-                    '</body></html>'
-                );
-                $.PrivateBin.Alert.init();
-                window.crypto = null;
-                const result1 = $.PrivateBin.InitialCheck.init(),
-                      result2 = isSecureContext === $('#httpnotice').hasClass('hidden');
-                clean();
-                return result1 && result2;
-            }
-        );
-    });
-});
-

lib/Configuration.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 namespace PrivateBin;
@@ -45,7 +45,7 @@ class Configuration
             'burnafterreadingselected' => false,
             'defaultformatter'         => 'plaintext',
             'syntaxhighlightingtheme'  => null,
-            'sizelimit'                => 2097152,
+            'sizelimit'                => 10485760,
             'template'                 => 'bootstrap',
             'notice'                   => '',
             'languageselection'        => false,
@@ -53,7 +53,7 @@ class Configuration
             'urlshortener'             => '',
             'qrcode'                   => true,
             'icon'                     => 'identicon',
-            'cspheader'                => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals',
+            'cspheader'                => 'default-src \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals',
             'zerobincompatibility'     => false,
             'httpwarning'              => true,
             'compression'              => 'zlib',

lib/Controller.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 namespace PrivateBin;
@@ -28,7 +28,7 @@ class Controller
      *
      * @const string
      */
-    const VERSION = '1.2.1';
+    const VERSION = '1.3.1';
 
     /**
      * minimal required PHP version
@@ -388,6 +388,7 @@ class Controller
         $page->assign('URLSHORTENER', $this->_conf->getKey('urlshortener'));
         $page->assign('QRCODE', $this->_conf->getKey('qrcode'));
         $page->assign('HTTPWARNING', $this->_conf->getKey('httpwarning'));
+        $page->assign('HTTPSLINK', 'https://' . $this->_request->getHost() . $this->_request->getRequestUri());
         $page->assign('COMPRESSION', $this->_conf->getKey('compression'));
         $page->draw($this->_conf->getKey('template'));
     }

lib/Data/AbstractData.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 namespace PrivateBin\Data;

lib/Data/Database.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 namespace PrivateBin\Data;
@@ -597,6 +597,8 @@ class Database extends AbstractData
     /**
      * get the data type, depending on the database driver
      *
+     * PostgreSQL uses a different API for BLOBs then SQL, hence we use TEXT
+     *
      * @access private
      * @static
      * @return string
@@ -609,6 +611,8 @@ class Database extends AbstractData
     /**
      * get the attachment type, depending on the database driver
      *
+     * PostgreSQL uses a different API for BLOBs then SQL, hence we use TEXT
+     *
      * @access private
      * @static
      * @return string
@@ -628,16 +632,17 @@ class Database extends AbstractData
     {
         list($main_key, $after_key) = self::_getPrimaryKeyClauses();
         $dataType                   = self::_getDataType();
+        $attachmentType             = self::_getAttachmentType();
         self::$_db->exec(
             'CREATE TABLE ' . self::_sanitizeIdentifier('paste') . ' ( ' .
             "dataid CHAR(16) NOT NULL$main_key, " .
-            "data $dataType, " .
+            "data $attachmentType, " .
             'postdate INT, ' .
             'expiredate INT, ' .
             'opendiscussion INT, ' .
             'burnafterreading INT, ' .
             'meta TEXT, ' .
-            'attachment ' . self::_getAttachmentType() . ', ' .
+            "attachment $attachmentType, " .
             "attachmentname $dataType$after_key );"
         );
     }
@@ -710,7 +715,8 @@ class Database extends AbstractData
      */
     private static function _upgradeDatabase($oldversion)
     {
-        $dataType = self::_getDataType();
+        $dataType       = self::_getDataType();
+        $attachmentType = self::_getAttachmentType();
         switch ($oldversion) {
             case '0.21':
                 // create the meta column if necessary (pre 0.21 change)
@@ -722,7 +728,7 @@ class Database extends AbstractData
                 // SQLite only allows one ALTER statement at a time...
                 self::$_db->exec(
                     'ALTER TABLE ' . self::_sanitizeIdentifier('paste') .
-                    ' ADD COLUMN attachment ' . self::_getAttachmentType() . ';'
+                    " ADD COLUMN attachment $attachmentType;"
                 );
                 self::$_db->exec(
                     'ALTER TABLE ' . self::_sanitizeIdentifier('paste') . " ADD COLUMN attachmentname $dataType;"
@@ -732,7 +738,7 @@ class Database extends AbstractData
                 if (self::$_type !== 'sqlite') {
                     self::$_db->exec(
                         'ALTER TABLE ' . self::_sanitizeIdentifier('paste') .
-                        ' ADD PRIMARY KEY (dataid), MODIFY COLUMN data $dataType;'
+                        " ADD PRIMARY KEY (dataid), MODIFY COLUMN data $dataType;"
                     );
                     self::$_db->exec(
                         'ALTER TABLE ' . self::_sanitizeIdentifier('comment') .
@@ -754,6 +760,17 @@ class Database extends AbstractData
                     self::_sanitizeIdentifier('comment') . '(pasteid);'
                 );
                 // no break, continue with updates for 0.22 and later
+            case '1.3':
+                // SQLite doesn't support MODIFY, but it allows TEXT of similar
+                // size as BLOB and PostgreSQL uses TEXT, so there is no need
+                // to change it there
+                if (self::$_type !== 'sqlite' && self::$_type !== 'pgsql') {
+                    self::$_db->exec(
+                        'ALTER TABLE ' . self::_sanitizeIdentifier('paste') .
+                        " MODIFY COLUMN data $attachmentType;"
+                    );
+                }
+                // no break, continue with updates for 1.3.1 and later
             default:
                 self::_exec(
                     'UPDATE ' . self::_sanitizeIdentifier('config') .

lib/Data/Filesystem.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 namespace PrivateBin\Data;

lib/Filter.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 namespace PrivateBin;

lib/FormatV2.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 namespace PrivateBin;

lib/I18n.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 namespace PrivateBin;
@@ -306,7 +306,7 @@ class I18n
                 return $n % 10 == 1 && $n % 100 != 11 ? 0 : ($n % 10 >= 2 && $n % 10 <= 4 && ($n % 100 < 10 || $n % 100 >= 20) ? 1 : 2);
             case 'sl':
                 return $n % 100 == 1 ? 1 : ($n % 100 == 2 ? 2 : ($n % 100 == 3 || $n % 100 == 4 ? 3 : 0));
-            // de, en, es, hu, it, nl, no, pt
+            // bg, de, en, es, hu, it, nl, no, pt
             default:
                 return $n != 1 ? 1 : 0;
         }

lib/Json.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 namespace PrivateBin;

lib/Model.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 namespace PrivateBin;

lib/Model/AbstractModel.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 namespace PrivateBin\Model;

lib/Model/Comment.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 namespace PrivateBin\Model;

lib/Model/Paste.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 namespace PrivateBin\Model;

lib/Persistence/AbstractPersistence.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 namespace PrivateBin\Persistence;

lib/Persistence/PurgeLimiter.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 namespace PrivateBin\Persistence;

lib/Persistence/ServerSalt.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 namespace PrivateBin\Persistence;

lib/Persistence/TrafficLimiter.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 namespace PrivateBin\Persistence;

lib/Request.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 namespace PrivateBin;
@@ -193,6 +193,19 @@ class Request
             $this->_params[$param] : $default;
     }
 
+    /**
+     * Get host as requested by the client
+     *
+     * @access public
+     * @return string
+     */
+    public function getHost()
+    {
+        return array_key_exists('HTTP_HOST', $_SERVER) ?
+            htmlspecialchars($_SERVER['HTTP_HOST']) :
+            'localhost';
+    }
+
     /**
      * Get request URI
      *
@@ -202,8 +215,8 @@ class Request
     public function getRequestUri()
     {
         return array_key_exists('REQUEST_URI', $_SERVER) ?
-            htmlspecialchars(
-                parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH)
+        htmlspecialchars(
+            parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH)
             ) : '/';
     }
 

lib/View.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.2.1
+ * @version   1.3.1
  */
 
 namespace PrivateBin;

lib/Vizhash16x16.php

@@ -8,7 +8,7 @@
  * @link      http://sebsauvage.net/wiki/doku.php?id=php:vizhash_gd
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   0.0.5 beta PrivateBin 1.2.1
+ * @version   0.0.5 beta PrivateBin 1.3.1
  */
 
 namespace PrivateBin;

robots.txt

@@ -5,5 +5,4 @@
 # directory.
 
 User-agent: *
-Allow: /index.php
 Disallow: /

tpl/bootstrap.php

@@ -66,15 +66,13 @@ if ($SYNTAXHIGHLIGHTING):
 endif;
 if ($MARKDOWN):
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/showdown-1.9.0.js" integrity="sha512-Kv8oAge9h2QmRyzb52jUomyXAvSMrpE9kWF3QRMFajo1a/TXjtY8u71vUA6t4+LE7huz4TSVH8VLJBEmcZiPRA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/showdown-1.9.1.js" integrity="sha512-VeINC2WUWLyxgeQ56SsYFjQ5+d7RLvLPYOEYDFtEDd3AyVsgIsHYsWZ6WwgALwB6YR6qrVEM3IH4Bck96IfbMw==" crossorigin="anonymous"></script>
 <?php
 endif;
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-Yq2HyT+H1PmQxCaDeh6E/ChOrTBSYsu8BuS4yb8UPHlyMVaxqSOtyfy6hx6vAsVT0G3bKeLRAuejhvPTOoz7fQ==" crossorigin="anonymous"></script>
-		<!--[if IE]>
-		<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
-		<![endif]-->
+		<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.1.js" integrity="sha512-ddI36MdUoXp/o7yhQtr9/qj4G3oFwCRga4jCGaoUYtORg0PPmFKVKG4Ess3fIknYzxwwKMlrIL9o4NwuPTCc1Q==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-iZeao0p5riUgentjlrI2cY7Y8KRLTO42bQ4VGy6ky5FS0UjqXW4UkEJQcvR01SxbUFUz7h5AwzC8CVnUHDwRUg==" crossorigin="anonymous"></script>
 		<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
 		<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
 		<link rel="icon" type="image/png" href="img/favicon-16x16.png?<?php echo rawurlencode($VERSION); ?>" sizes="16x16" />
@@ -397,20 +395,6 @@ if (strlen($LANGUAGESELECTION)):
 <?php
 endif;
 ?>
-					<li>
-<?php
-if ($isPage):
-?>
-						<button id="newbutton" type="button" class="reloadlink hidden btn btn-<?php echo $isDark ? 'warning' : 'default'; ?> navbar-btn">
-							<span class="glyphicon glyphicon-file" aria-hidden="true"></span> <?php echo I18n::_('New'), PHP_EOL;
-else:
-?>
-						<button id="sendbutton" type="button" class="hidden btn btn-<?php echo $isDark ? 'warning' : 'primary'; ?> navbar-btn">
-							<span class="glyphicon glyphicon-upload" aria-hidden="true"></span> <?php echo I18n::_('Send'), PHP_EOL;
-endif;
-?>
-						</button>
-					</li>
 				</ul>
 			</div>
 		<?php
@@ -460,10 +444,6 @@ endif;
 				<div id="oldnotice" role="alert" class="hidden alert alert-danger">
 					<span class="glyphicon glyphicon-alert" aria-hidden="true"></span>
 					<?php echo I18n::_('%s requires a modern browser to work.', I18n::_($NAME)), PHP_EOL; ?>
-				</div>
-				<div id="ienotice" role="alert" class="hidden alert alert-danger">
-					<span class="glyphicon glyphicon-question-sign" aria-hidden="true"></span>
-					<?php echo I18n::_('Still using Internet Explorer? Do yourself a favor, switch to a modern browser:'), PHP_EOL; ?>
 					<a href="https://www.mozilla.org/firefox/">Firefox</a>,
 					<a href="https://www.opera.com/">Opera</a>,
 					<a href="https://www.google.com/chrome">Chrome</a>…
@@ -476,19 +456,31 @@ if ($HTTPWARNING):
 					<?php echo I18n::_('This website is using an insecure connection! Please only use it for testing.'), PHP_EOL; ?><br />
 					<span class="small"><?php echo I18n::_('For more information <a href="%s">see this FAQ entry</a>.', 'https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection'); ?></span>
 				</div>
+				<div id="insecurecontextnotice" role="alert" class="hidden alert alert-danger">
+					<span class="glyphicon glyphicon-alert" aria-hidden="true"></span>
+					<?php echo I18n::_('Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href="%s">switching to HTTPS</a>.', $HTTPSLINK); ?>
+				</div>
 <?php
 endif;
 ?>
-				<div id="pastesuccess" role="alert" class="hidden alert alert-success">
-					<span class="glyphicon glyphicon-ok" aria-hidden="true"></span>
-					<div id="deletelink"></div>
-					<div id="pastelink"></div>
+				<div id="pastesuccess" class="hidden">
+					<div role="alert" class="alert alert-success">
+						<span class="glyphicon glyphicon-ok" aria-hidden="true"></span>
+						<div id="deletelink"></div>
+						<div id="pastelink"></div>
+					</div>
 <?php
 if (strlen($URLSHORTENER)):
 ?>
-					<button id="shortenbutton" data-shortener="<?php echo htmlspecialchars($URLSHORTENER); ?>" type="button" class="btn btn-<?php echo $isDark ? 'warning' : 'primary'; ?>">
+					<p>
+						<button id="shortenbutton" data-shortener="<?php echo htmlspecialchars($URLSHORTENER); ?>" type="button" class="btn btn-<?php echo $isDark ? 'warning' : 'primary'; ?> btn-block">
 						<span class="glyphicon glyphicon-send" aria-hidden="true"></span> <?php echo I18n::_('Shorten URL'), PHP_EOL; ?>
 					</button>
+					</p>
+					<div role="alert" class="alert alert-danger">
+						<span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
+						<?php echo I18n::_('URL shortener may expose your decrypt key in URL.'), PHP_EOL; ?>
+					</div>
 <?php
 endif;
 ?>
@@ -496,6 +488,20 @@ endif;
 				<ul id="editorTabs" class="nav nav-tabs hidden">
 					<li role="presentation" class="active"><a id="messageedit" href="#"><?php echo I18n::_('Editor'); ?></a></li>
 					<li role="presentation"><a id="messagepreview" href="#"><?php echo I18n::_('Preview'); ?></a></li>
+					<li role="presentation" class="pull-right">
+<?php
+if ($isPage):
+?>
+						<button id="newbutton" type="button" class="reloadlink hidden btn btn-<?php echo $isDark ? 'warning' : 'default'; ?>">
+							<span class="glyphicon glyphicon-file" aria-hidden="true"></span> <?php echo I18n::_('New'), PHP_EOL;
+else:
+?>
+						<button id="sendbutton" type="button" class="hidden btn btn-<?php echo $isDark ? 'warning' : 'primary'; ?>">
+							<span class="glyphicon glyphicon-upload" aria-hidden="true"></span> <?php echo I18n::_('Send'), PHP_EOL;
+endif;
+?>
+						</button>
+					</li>
 				</ul>
 			</section>
 			<section class="container">
@@ -544,6 +550,13 @@ if ($DISCUSSION):
 		</div>
 <?php
 endif;
+?>
+<?php
+if ($FILEUPLOAD):
+?>
+		<div id="dropzone" class="hidden" tabindex="-1" aria-hidden="true"></div>
+<?php
+endif;
 ?>
 	</body>
 </html>

tpl/page.php

@@ -44,15 +44,13 @@ if ($SYNTAXHIGHLIGHTING):
 endif;
 if ($MARKDOWN):
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/showdown-1.9.0.js" integrity="sha512-Kv8oAge9h2QmRyzb52jUomyXAvSMrpE9kWF3QRMFajo1a/TXjtY8u71vUA6t4+LE7huz4TSVH8VLJBEmcZiPRA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/showdown-1.9.1.js" integrity="sha512-VeINC2WUWLyxgeQ56SsYFjQ5+d7RLvLPYOEYDFtEDd3AyVsgIsHYsWZ6WwgALwB6YR6qrVEM3IH4Bck96IfbMw==" crossorigin="anonymous"></script>
 <?php
 endif;
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-Yq2HyT+H1PmQxCaDeh6E/ChOrTBSYsu8BuS4yb8UPHlyMVaxqSOtyfy6hx6vAsVT0G3bKeLRAuejhvPTOoz7fQ==" crossorigin="anonymous"></script>
-		<!--[if IE]>
-		<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
-		<![endif]-->
+		<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.1.js" integrity="sha512-ddI36MdUoXp/o7yhQtr9/qj4G3oFwCRga4jCGaoUYtORg0PPmFKVKG4Ess3fIknYzxwwKMlrIL9o4NwuPTCc1Q==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-iZeao0p5riUgentjlrI2cY7Y8KRLTO42bQ4VGy6ky5FS0UjqXW4UkEJQcvR01SxbUFUz7h5AwzC8CVnUHDwRUg==" crossorigin="anonymous"></script>
 		<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
 		<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
 		<link rel="icon" type="image/png" href="img/favicon-16x16.png?<?php echo rawurlencode($VERSION); ?>" sizes="16x16" />
@@ -77,8 +75,7 @@ endif;
 			<h2 class="title"><?php echo I18n::_('Because ignorance is bliss'); ?></h2><br />
 			<h3 class="title"><?php echo $VERSION; ?></h3>
 			<noscript><div id="noscript" class="nonworking"><?php echo I18n::_('JavaScript is required for %s to work.<br />Sorry for the inconvenience.', I18n::_($NAME)); ?></div></noscript>
-			<div id="oldnotice" class="nonworking"><?php echo I18n::_('%s requires a modern browser to work.', I18n::_($NAME)); ?></div>
-			<div id="ienotice" class="nonworking"><?php echo I18n::_('Still using Internet Explorer? Do yourself a favor, switch to a modern browser:'), PHP_EOL; ?>
+			<div id="oldnotice" class="nonworking hidden"><?php echo I18n::_('%s requires a modern browser to work.', I18n::_($NAME)), PHP_EOL; ?>
 				<a href="https://www.mozilla.org/firefox/">Firefox</a>,
 				<a href="https://www.opera.com/">Opera</a>,
 				<a href="https://www.google.com/chrome">Chrome</a>…
@@ -86,10 +83,13 @@ endif;
 <?php
 if ($HTTPWARNING):
 ?>
-			<div id="httpnotice" class="errorMessage">
+			<div id="httpnotice" class="errorMessage hidden">
 				<?php echo I18n::_('This website is using an insecure connection! Please only use it for testing.'); ?>
 				<span class="small"><?php echo I18n::_('For more information <a href="%s">see this FAQ entry</a>.', 'https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection'); ?></span>
 			</div>
+			<div id="insecurecontextnotice" class="errorMessage hidden">
+				<?php echo I18n::_('Your browser may require an HTTPS connection to support the WebCrypto API. Try <a href="%s">switching to HTTPS</a>.', $HTTPSLINK); ?>
+			</div>
 <?php
 endif;
 ?>
@@ -254,6 +254,13 @@ if ($DISCUSSION):
 		</div>
 <?php
 endif;
+?>
+<?php
+if ($FILEUPLOAD):
+?>
+		<div id="dropzone" class="hidden" tabindex="-1" aria-hidden="true"></div>
+<?php
+endif;
 ?>
 		<section class="container">
 			<div id="noscript" role="alert" class="nonworking alert alert-info noscript-hide"><span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true">

tst/ConfigurationTestGenerator.php

@@ -387,7 +387,7 @@ class ConfigurationTestGenerator
                     }
                 }
                 $code .= $this->_getFunction(
-                    ucfirst($step), $key, $options, $preCode, $testCode
+                    ucfirst($step), $key, $options, $preCode, $testCode, $fullOptions['main']['discussion']
                 );
             }
         }
@@ -408,10 +408,11 @@ class ConfigurationTestGenerator
  * DO NOT EDIT: This file is generated automatically using configGenerator.php
  */
 
-use PrivateBin\PrivateBin;
+use PrivateBin\Controller;
 use PrivateBin\Data\Filesystem;
 use PrivateBin\Persistence\ServerSalt;
 use PrivateBin\Persistence\TrafficLimiter;
+use PrivateBin\Request;
 
 class ConfigurationCombinationsTest extends PHPUnit_Framework_TestCase
 {
@@ -448,8 +449,8 @@ class ConfigurationCombinationsTest extends PHPUnit_Framework_TestCase
         if ($this->_model->exists(Helper::getPasteId()))
             $this->_model->delete(Helper::getPasteId());
         $configuration['model_options']['dir'] = $this->_path;
-        $configuration['traffic']['dir'] = $this->_path;
-        $configuration['purge']['dir'] = $this->_path;
+        $configuration['traffic']['dir']       = $this->_path;
+        $configuration['purge']['dir']         = $this->_path;
         Helper::createIniFile(CONF, $configuration);
     }
 
@@ -467,7 +468,7 @@ EOT;
      * @param array $testCode
      * @return string
      */
-    private function _getFunction($step, $key, &$options, $preCode, $testCode)
+    private function _getFunction($step, $key, &$options, $preCode, $testCode, $discussionEnabled)
     {
         if (count($testCode) == 0) {
             echo "skipping creation of test$step$key, no valid tests found for configuration: $options" . PHP_EOL;
@@ -495,18 +496,31 @@ EOT;
         // step specific initialization
         switch ($step) {
             case 'Create':
+                if ($discussionEnabled) {
+                    $code .= PHP_EOL . <<<'EOT'
+        $paste = Helper::getPasteJson();
+EOT;
+                } else {
+                    $code .= PHP_EOL . <<<'EOT'
+        $paste = json_decode(Helper::getPasteJson(), true);
+        $paste['adata'][2] = 0;
+        $paste = json_encode($paste);
+EOT;
+                }
                 $code .= PHP_EOL . <<<'EOT'
-        $_POST = Helper::getPaste();
+        $file  = tempnam(sys_get_temp_dir(), 'FOO');
+        file_put_contents($file, $paste);
+        Request::setInputStream($file);
         $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
-        $_SERVER['REQUEST_METHOD'] = 'POST';
-        $_SERVER['REMOTE_ADDR'] = '::1';
+        $_SERVER['REQUEST_METHOD']        = 'POST';
+        $_SERVER['REMOTE_ADDR']           = '::1';
         TrafficLimiter::canPass();
 EOT;
                 break;
             case 'Read':
                 $code .= PHP_EOL . <<<'EOT'
         $this->_model->create(Helper::getPasteId(), Helper::getPaste());
-        $_SERVER['QUERY_STRING'] = Helper::getPasteId();
+        $_SERVER['QUERY_STRING']    = Helper::getPasteId();
         $_GET[Helper::getPasteId()] = '';
         $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
 EOT;
@@ -525,7 +539,7 @@ EOT;
         $code .= PHP_EOL . $preString;
         $code .= <<<'EOT'
         ob_start();
-        new PrivateBin;
+        new Controller;
         $content = ob_get_contents();
         ob_end_clean();
 EOT;

tst/ViewTest.php

@@ -56,6 +56,7 @@ class ViewTest extends PHPUnit_Framework_TestCase
         $page->assign('URLSHORTENER', '');
         $page->assign('QRCODE', true);
         $page->assign('HTTPWARNING', true);
+        $page->assign('HTTPSLINK', 'https://example.com/');
         $page->assign('COMPRESSION', 'zlib');
 
         $dir = dir(PATH . 'tpl');