Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2026-01-23 02:35:23 +00:00
Code Issues Projects Releases Wiki Activity
3949 commits 9 branches 40 tags 33 MiB
Commit graph

3949 commits

This branch
This branch
All branches
Author SHA1 Message Date
El RIDO
a490390d60
incrementing version 2025-11-13 11:10:14 +01:00
El RIDO
0618a9dd74
Merge pull request #1711 from PrivateBin/1.7-backport-2.0.3 
backport security fixes for 1.7
 2025-11-13 10:59:12 +01:00
Ribas160
c116d30ada
Fix configuration combinations test errors 2025-11-12 11:56:50 +01:00
El RIDO
4563422080
document the changes 2025-11-12 11:44:06 +01:00
El RIDO
777e0e8570
apply StyleCI suggestion 2025-11-12 11:40:11 +01:00
El RIDO
7b1c3ffd40
remove dead code 2025-11-12 11:38:42 +01:00
El RIDO
5da187a496
use more straight forward in_array check 
kudos @Ribas160 for the suggestion
 2025-11-12 11:38:33 +01:00
El RIDO
125f57c5b4
ensure template cookie cannot be a path 2025-11-12 11:38:20 +01:00
El RIDO
fffa9fb4e9
remove dead code 2025-11-12 11:38:05 +01:00
El RIDO
a1a50ee3a5
do add the configured template to the available ones, if missing 2025-11-12 11:37:57 +01:00
El RIDO
194385e692
don't always set the cookie, having to unset it later 
but still unset it, if it currently should not be in use (templateselection = false)
 2025-11-12 11:37:48 +01:00
El RIDO
da9e85ecde
simplify logic and improve readability 
function was only used in one place and only indirectly tested, so it could be inlined, which also makes the test for null and the extra variable allocation unnecessary
 2025-11-12 11:37:38 +01:00
El RIDO
83b5d1fbba
use realpath and validate tpl directory contents 
to ensure only php files inside the tpl dir can get used as templates
 2025-11-12 11:37:29 +01:00
El RIDO
db251732d2
partially revert #1559 
Instead of automatically adding custom templates, we log an error if
that template is missing in the available templates. Still mitigates
arbitrary file inclusion, as the string is now checked against a fixed
allow list.
 2025-11-12 11:37:08 +01:00
El RIDO
d1124382bc
belt and braces: reset the template cookie, if function is not enabled 2025-11-12 11:36:07 +01:00
El RIDO
4ac8ffa2a4
prevent use of paths in template names, only file names inside tpl directory are allowed 2025-11-12 11:35:56 +01:00
El RIDO
fd6ba6595f
improve readability of logic 2025-11-12 11:35:47 +01:00
El RIDO
530f360497
make OPcache optional, resolves #1678 2025-11-12 11:34:03 +01:00
El RIDO
ad983ef670
ensure PHP opcache gets invalidated, when storing data in file parsed via PHP require 2025-11-12 11:32:10 +01:00
Mikhail Romanov
8c4b3bb114
Insert file names as break-separated text nodes 
Co-authored-by: El RIDO <elrido@gmx.net>
 2025-11-12 11:27:44 +01:00
Ribas160
88fd86b994
Use pure JavaScript to create a div element 2025-11-12 11:26:49 +01:00
Ribas160
b14da334f4
Insert drag and drop file names as a text, not html 2025-11-12 11:26:01 +01:00
Ribas160
d03ec380d1
fix: error fetching attachments from blob 2025-11-12 11:24:21 +01:00
El RIDO
41dcdbc41d
ensure there is still a space between commenter icon and name 2025-11-12 11:21:45 +01:00
El RIDO
68972322d9
Refactored jQuery DOM element creation 
using plain JavaScript, to ensure text nodes are sanitized
 2025-11-12 11:20:32 +01:00
El RIDO
1f5ed30a63
update DOMpurify library from 3.2.7 to 3.3.0 2025-11-12 11:17:51 +01:00
El RIDO
dc3bc8b23d
suppress noise from early initialization during unit tests 
the tests still all passed, but the missing browser globals in the node environment could cause misleading messages in the mocha output
 2025-11-12 11:11:24 +01:00
rugk
55472df906
Make sure legacy check returns true only on HTTPS (not like ftp or whatever) 
I am not sure why it was expressed so convoluted before?

Found that in https://github.com/orgs/PrivateBin/discussions/1657
 2025-11-12 11:07:17 +01:00
El RIDO
e3ec9dc963
upgrade kjua to 0.10.0 2025-11-12 11:07:03 +01:00
El RIDO
c7c0420d63
upgrade base-x to 5.0.1 2025-11-12 11:03:12 +01:00
Cél
f35d883a18
Fixed a Typo in Running Unit Tests.md #HSFDPMUW 
Fixed a typo for a command. 
I need to add this hashtag at the end because I am contributing in a project at my university.
 2025-11-12 10:54:54 +01:00
rugk
61b2783634
Fix links in doc/README.md 
* Fixing the last link, which was totally broken
* Updated links in README to use relative paths.
 2025-11-12 10:54:30 +01:00
El RIDO
3e3ee8abc5
update bootstrap CSS library from 5.3.7 to 5.3.8 2025-11-12 10:52:07 +01:00
El RIDO
eb72844588
update ip-lib library from 1.20.0 to 1.21.0 2025-11-12 10:43:29 +01:00
El RIDO
eb203e2d25
remove broken & obsolete badges 2025-11-12 10:36:48 +01:00
El RIDO
f622a04425
enable xdebug for coverage in scrutinizer 2025-11-12 10:36:30 +01:00
El RIDO
f55d027baf
attempt to upgrade to PHP 8.2 in scrutinizer 2025-11-12 10:36:30 +01:00
El RIDO
cf039f1d71
attempt to upgrade to PHP 8.3 in scrutinizer 2025-11-12 10:36:30 +01:00
El RIDO
8f55715749
attempt to upgrade to PHP 8.4 in scrutinizer 2025-11-12 10:36:30 +01:00
rugk
c6bccdbfe1
chore: always ignore composer PHP bin dir 2025-11-12 10:35:42 +01:00
dependabot[bot]
c2341032a4
Bump actions/upload-artifact from 4 to 5 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-12 10:35:18 +01:00
dependabot[bot]
ec82920a93
Bump actions/setup-node from 5 to 6 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-12 10:35:05 +01:00
El RIDO
2894ac430a
unify workflow code styles 2025-11-12 10:28:56 +01:00
El RIDO
aea562a1b4
attempting to make the condition list more readable 2025-11-12 10:27:26 +01:00
El RIDO
86d39434a3
disable running snyk if triggering user doesn't have access to the secret 2025-11-12 10:27:15 +01:00
El RIDO
7eec8caae3
apply explicit permissions as per CodeQL suggestion 
as per rule ID actions/missing-workflow-permissions
 2025-11-12 10:24:57 +01:00
El RIDO
bab4d50cd4
update codeql actions to release 4 (node 24) and enable github action scanning 2025-11-12 10:24:36 +01:00
dependabot[bot]
d4ebb12828
Bump actions/checkout from 4 to 5 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-12 10:23:56 +01:00
El RIDO
d5cd6741c5
incrementing version 2025-06-30 10:56:53 +02:00
El RIDO
1842d356e5
Merge pull request #1579 from Ribas160/page_template_scripts_load_order 
Page template scripts loading order fix
 2025-06-30 09:57:56 +02:00