Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2026-01-23 02:35:23 +00:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' into advisory-fix-1

Browse source
This commit is contained in:
El RIDO 2025-11-12 07:47:43 +01:00 committed by GitHub
commit bddfb173da
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -2,6 +2,7 @@
## 2.0.3 (not yet released)
* FIXED: Prevent arbitrary PHP file inclusion when enabling template switching
* FIXED: Malicious filename can be used for self-XSS / HTML injection locally for users
* FIXED: Unable to create a new paste from the cloned one when a JSON file attached (#1585)
## 2.0.2 (2025-10-28)

9
js/privatebin.js
View file

@ -3086,10 +3086,15 @@ jQuery.PrivateBin = (function($) {
* @name AttachmentViewer.printDragAndDropFileNames
* @private
* @function
* @param {array} fileNames
* @param {string[]} fileNames
*/
function printDragAndDropFileNames(fileNames) {
$dragAndDropFileNames.html(fileNames.join('<br>'));
$dragAndDropFileNames.empty();
fileNames.forEach(fileName => {
const name = document.createTextNode(fileName);
$dragAndDropFileNames[0].appendChild(name);
$dragAndDropFileNames[0].appendChild(document.createElement('br'));
});
}
/**

2
lib/Configuration.php
View file

@ -121,7 +121,7 @@ class Configuration
'js/kjua-0.10.0.js' => 'sha512-BYj4xggowR7QD150VLSTRlzH62YPfhpIM+b/1EUEr7RQpdWAGKulxWnOvjFx1FUlba4m6ihpNYuQab51H6XlYg==',
'js/legacy.js' => 'sha512-rGXYUpIqbFoHAgBXZ0UlJBdNAIMOC9EQ67MG0X46D5uRB8LvwzgKirbSQRGdYfk8I2jsUcm+tvHXYboUnC6DUg==',
'js/prettify.js' => 'sha512-puO0Ogy++IoA2Pb9IjSxV1n4+kQkKXYAEUtVzfZpQepyDPyXk8hokiYDS7ybMogYlyyEIwMLpZqVhCkARQWLMg==',
'js/privatebin.js' => 'sha512-D7wsi3HMNnYlVtwljJLWI5VSxAydg6E+6OfggGcZ8xV6kSpVzy7RHzefKBXcVIfGgwBU5bjDjtIrUQ3eNJQpGQ==',
'js/privatebin.js' => 'sha512-ZwoUDxBdEE+zNoGqr9o7X7CJYS4JStEeNvcOnhz69YVbXjiibNoYSY7i3vc6MLI3M/K1K6sIUmSFm8sjoUdF5Q==',
'js/purify-3.3.0.js' => 'sha512-lsHD5zxs4lu/NDzaaibe27Vd2t7Cy9JQ3qDHUvDfb4oZvKoWDNEhwUY+4bT3R68cGgpgCYp8U1x2ifeVxqurdQ==',
'js/showdown-2.1.0.js' => 'sha512-WYXZgkTR0u/Y9SVIA4nTTOih0kXMEd8RRV6MLFdL6YU8ymhR528NLlYQt1nlJQbYz4EW+ZsS0fx1awhiQJme1Q==',
'js/zlib-1.3.1-1.js' => 'sha512-5bU9IIP4PgBrOKLZvGWJD4kgfQrkTz8Z3Iqeu058mbQzW3mCumOU6M3UVbVZU9rrVoVwaW4cZK8U8h5xjF88eQ==',