Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2026-01-23 02:35:23 +00:00
Code Issues Projects Releases Wiki Activity
3949 commits 9 branches 40 tags 33 MiB
Commit graph

615 commits

Author SHA1 Message Date
El RIDO
a490390d60
incrementing version 2025-11-13 11:10:14 +01:00
El RIDO
7b1c3ffd40
remove dead code 2025-11-12 11:38:42 +01:00
El RIDO
5da187a496
use more straight forward in_array check 
kudos @Ribas160 for the suggestion
 2025-11-12 11:38:33 +01:00
El RIDO
125f57c5b4
ensure template cookie cannot be a path 2025-11-12 11:38:20 +01:00
El RIDO
fffa9fb4e9
remove dead code 2025-11-12 11:38:05 +01:00
El RIDO
a1a50ee3a5
do add the configured template to the available ones, if missing 2025-11-12 11:37:57 +01:00
El RIDO
194385e692
don't always set the cookie, having to unset it later 
but still unset it, if it currently should not be in use (templateselection = false)
 2025-11-12 11:37:48 +01:00
El RIDO
da9e85ecde
simplify logic and improve readability 
function was only used in one place and only indirectly tested, so it could be inlined, which also makes the test for null and the extra variable allocation unnecessary
 2025-11-12 11:37:38 +01:00
El RIDO
83b5d1fbba
use realpath and validate tpl directory contents 
to ensure only php files inside the tpl dir can get used as templates
 2025-11-12 11:37:29 +01:00
El RIDO
db251732d2
partially revert #1559 
Instead of automatically adding custom templates, we log an error if
that template is missing in the available templates. Still mitigates
arbitrary file inclusion, as the string is now checked against a fixed
allow list.
 2025-11-12 11:37:08 +01:00
El RIDO
d1124382bc
belt and braces: reset the template cookie, if function is not enabled 2025-11-12 11:36:07 +01:00
El RIDO
4ac8ffa2a4
prevent use of paths in template names, only file names inside tpl directory are allowed 2025-11-12 11:35:56 +01:00
El RIDO
fd6ba6595f
improve readability of logic 2025-11-12 11:35:47 +01:00
El RIDO
530f360497
make OPcache optional, resolves #1678 2025-11-12 11:34:03 +01:00
El RIDO
ad983ef670
ensure PHP opcache gets invalidated, when storing data in file parsed via PHP require 2025-11-12 11:32:10 +01:00
Mikhail Romanov
8c4b3bb114
Insert file names as break-separated text nodes 
Co-authored-by: El RIDO <elrido@gmx.net>
 2025-11-12 11:27:44 +01:00
Ribas160
88fd86b994
Use pure JavaScript to create a div element 2025-11-12 11:26:49 +01:00
Ribas160
b14da334f4
Insert drag and drop file names as a text, not html 2025-11-12 11:26:01 +01:00
Ribas160
d03ec380d1
fix: error fetching attachments from blob 2025-11-12 11:24:21 +01:00
El RIDO
41dcdbc41d
ensure there is still a space between commenter icon and name 2025-11-12 11:21:45 +01:00
El RIDO
68972322d9
Refactored jQuery DOM element creation 
using plain JavaScript, to ensure text nodes are sanitized
 2025-11-12 11:20:32 +01:00
El RIDO
1f5ed30a63
update DOMpurify library from 3.2.7 to 3.3.0 2025-11-12 11:17:51 +01:00
El RIDO
dc3bc8b23d
suppress noise from early initialization during unit tests 
the tests still all passed, but the missing browser globals in the node environment could cause misleading messages in the mocha output
 2025-11-12 11:11:24 +01:00
El RIDO
e3ec9dc963
upgrade kjua to 0.10.0 2025-11-12 11:07:03 +01:00
El RIDO
c7c0420d63
upgrade base-x to 5.0.1 2025-11-12 11:03:12 +01:00
El RIDO
3e3ee8abc5
update bootstrap CSS library from 5.3.7 to 5.3.8 2025-11-12 10:52:07 +01:00
El RIDO
d5cd6741c5
incrementing version 2025-06-30 10:56:53 +02:00
Ribas160
fa662547fe Attachments with empty file name fix 2025-06-29 21:30:11 +03:00
Ribas160
fcce915a5f Duplicate attachment for every comment fix 2025-06-29 21:27:11 +03:00
El RIDO
20e30b6637
incrementing version 2025-06-28 21:23:37 +02:00
El RIDO
389b215b2f
Merge pull request #1564 from Ribas160/file_name_and_size_on_download_page 
Show file name and size on download page
 2025-06-28 14:01:41 +02:00
Ribas160
a2ca2ecb37 Use 1024 based file size units to follow consistency 2025-06-28 14:00:50 +03:00
El RIDO
964b4da50a
Merge pull request #1545 from PrivateBin/fixes 
Fixes for zlib caching & handling undefined globals
 2025-06-27 16:49:00 +02:00
Ribas160
d01c37c59d Show file name and size on download page 2025-06-26 18:12:22 +03:00
Ribas160
c7b9ce0bc2 Merge branch 'master' into dompurify-3.2.6 
# Conflicts:
#	lib/Configuration.php
 2025-06-26 13:37:00 +03:00
El RIDO
c7f465fe8b
apply StyleCI recommendation 2025-06-18 15:08:05 +02:00
Ribas160
44f8cfbfb8 Fix error when a custom template is not in the default available templates list 2025-06-18 14:51:11 +03:00
El RIDO
f49c042cc9
document change necessary to allow PDF preview to work in Firefox & Chrome 
Since attachement upload is not enabled by default, I suggest to retain the safer CSP as the default but document what is necassary. Disabling the sandboxing is problematic.
 2025-06-07 11:44:02 +02:00
El RIDO
8d720e4990
Merge branch 'master' into dompurify-3.2.6 2025-06-07 10:41:48 +02:00
El RIDO
34028229c8
Merge branch 'master' into fixes 2025-06-07 10:37:23 +02:00
Ribas160
095a5be0b6 Allow multiple files 2025-06-02 14:35:54 +03:00
Ribas160
6dac586f41 Fix the duplicated message box in comments 2025-05-24 12:38:39 +03:00
Ribas160
5654ef2db8 Hide Reply button in the discussions once clicked to avoid losing the text input 2025-05-23 13:37:38 +03:00
El RIDO
dededc9935
upgrade DOMpurify library to 3.2.6 2025-05-20 07:51:50 +02:00
El RIDO
c08a792f01
handle undefined global, fixes #1544 2025-05-18 21:15:39 +02:00
El RIDO
bace4695ac
update zlib js suffix, as a cache breaker 2025-05-18 20:21:34 +02:00
El RIDO
31162e8011
upgrading DOMpurify library to 3.2.5 2025-04-06 08:30:49 +02:00
El RIDO
bac849d98a
Merge pull request #1526 from PrivateBin/pass-by-reference 
Pass by reference & drop ctype
 2025-03-17 06:52:48 +01:00
El RIDO
46c49e5455
apply StyleCI recommendation 2025-03-13 09:32:39 +01:00
El RIDO
8ad6300c1c
pass by reference, closes #858 2025-03-13 09:22:27 +01:00