Commit graph

1905 commits

Author SHA1 Message Date
Hexalyse
9611e0ec4f The default expiration time of the paste is now also displayed before we select an expiration time. 2015-09-01 14:19:03 +02:00
El RIDO
802a0b26b9 burn after reading messages are only deleted after callback by JS when
successfully decrypted, resolves #11
2015-08-31 22:10:41 +02:00
El RIDO
9fdbba76ce working on password function for #15:
- asking again if password is wrong
- display error if user cancels dialog
- use password to encrypt comments, too (password is "stored" in the
password field)
- store password in sessionStorage when posting a comment so, that it
doesn't have to typed in again, but clear sessionStorage as soon as
password is retrieved
2015-08-31 21:14:12 +02:00
El RIDO
d3c4600806 slight configuration changes, template modifications to make discussions
and password configurable, removed generated configuration test as it
grows quite big and a new one can be generated easily if needed
2015-08-31 00:01:35 +02:00
Hexalyse
0198371049 Password input id change in zerobin.js 2015-08-30 15:06:32 +02:00
Hexalyse
eadcd60e14 Password input id change in zerobin.js 2015-08-30 15:05:50 +02:00
Hexalyse
1009491721 Fixed bug of password input not displaying on bootstrap theme 2015-08-30 14:46:43 +02:00
Hexalyse
f2532f8310 Changed ids in HTML 2015-08-30 14:44:46 +02:00
Hexalyse
2c8f5a0566 Added password field on bootstrap theme 2015-08-30 14:43:01 +02:00
Hexalyse
fa273a3429 Added password field on bootstrap theme 2015-08-30 14:36:40 +02:00
Hexalyse
95f1db925b Merge branch 'master' of https://github.com/elrido/ZeroBin
Conflicts:
	cfg/conf.ini
	js/zerobin.js
2015-08-30 14:33:09 +02:00
El RIDO
2d0668af03 concluding work on configuration test generator for #16. Replaced a few
die()s in the code with Exception, making it possible to test properly.
Fixed some outdated unit tests.
2015-08-29 20:29:14 +02:00
El RIDO
99dbb22e21 refining configuration test generator, now supporting conditions on
tests (i.e. if syntax highlighting is false, highlighting should never
be loaded)
2015-08-29 10:41:10 +02:00
El RIDO
1c4d1aa6b6 working on configuration unit test generator as described in #16 2015-08-29 01:26:48 +02:00
El RIDO
ae82e84ef8 correcting php doc comments 2015-08-27 23:58:56 +02:00
El RIDO
be91afa042 - fixing JS errors when syntax highlighting is disabled (point 1. #15)
- fixing missing url conversion in highlighted text (point 2. # 15)
2015-08-27 23:58:28 +02:00
El RIDO
d57d6cf44b created initial unit tests for main zerobin class 2015-08-27 23:30:35 +02:00
El RIDO
f775da3931 fixing nasty deletion bug from #15, included unit tests to trigger it
and reworked persistence classes to through exceptions rather to fail
silently
2015-08-27 21:41:21 +02:00
El RIDO
d042bb41ba Updated README with a security notice as mentioned in issue #13 2015-08-23 18:09:34 +02:00
El RIDO
3306bcff99 switch to bootstrap theme by default 2015-08-23 18:08:45 +02:00
El RIDO
259ca3c55f bootstrap theme should display the textarea as monospaced text, too 2015-08-23 18:07:38 +02:00
El RIDO
aa3eba9b1f Merge branch 'master' of https://github.com/elrido/ZeroBin 2015-08-23 15:55:03 +02:00
Simon Rupf
a34cc562e1 optimized bootstrap comment layout 2015-08-23 15:52:25 +02:00
Simon Rupf
c78e1fc3db optimized bootstrap comment layout 2015-08-23 15:49:51 +02:00
Hexalyse
da7ffc5d07 Changed css 2015-08-22 22:46:35 +02:00
Hexalyse
8c519db877 changed some font sizes 2015-08-22 17:40:26 +02:00
Hexalyse
2aa71708e2 Corrected display of password field 2015-08-22 17:27:43 +02:00
Hexalyse
89bfc2ffe0 Merge remote-tracking branch 'origin/master' 2015-08-22 17:24:03 +02:00
Hexalyse
3b537eda40 Added an optional password protection 2015-08-22 17:23:41 +02:00
Hexalyse
02964aa936 changed button color when Open discussion is disabled 2015-08-22 17:01:14 +02:00
Hexalyse
d600ae7319 Changed text size of about box for readability 2015-08-22 16:54:37 +02:00
Hexalyse
f2912a07b0 Changed config to use SQLite 2015-08-22 16:43:02 +02:00
El RIDO
b299a6e03e added a bootstrap theme, still needs some work in the comments layout 2015-08-17 23:19:15 +02:00
El RIDO
cb28056223 made highlighting more configurable, added all four themes, there is now a configurable flavour text (notice) 2015-08-17 23:18:33 +02:00
El RIDO
24d18c5313 cleaned up phpdoc comments, added README on how to install and use it 2015-08-16 15:55:31 +02:00
El RIDO
3a183470a6 included sons of obsidian prettify template, since the new default one is a bit bleak 2015-08-16 15:52:46 +02:00
El RIDO
0c1d5c62d5 updated de/inflate to versions 0.5/0.3, using versions found at
a3725d3bee
kudos Dan Kogai
2015-08-16 13:02:27 +02:00
El RIDO
a0107d7eae updated prettify to minified versions found at
6aa04af68e/loader/prettify.js
6aa04af68e/loader/prettify.css
kudos Mike Samuel
2015-08-16 12:46:01 +02:00
El RIDO
49c6e3c1b6 updated base64.js to version 2.1.9, using minified version found at
9192c510f5/base64.min.js
kudos Dan Kogai

small improvements to input checking
implementing default values for most configuration options
switching to versioned JS files to avoid version hack used in template
2015-08-16 12:27:06 +02:00
El RIDO
7bc8c14df6 updated sjcl to version 1.0.2, using minified version found at
11a673d1d3/sjcl.js
kudos Nils Kenneweg
2015-08-16 11:29:01 +02:00
El RIDO
769768d25e updated jquery to 1.11.3 2015-08-16 11:20:06 +02:00
El RIDO
3aa4911991 Small text message changes 2015-08-16 01:56:39 +02:00
El RIDO
8881b3047a changing version string 2015-08-16 00:04:14 +02:00
Sebastien SAUVAGE
43a439e7d0 Time attack protection on hmac comparison
This fixes issue 2.7 of https://defuse.ca/audits/zerobin.htm, and thus
(with commit a24212afda90ca3e4b4ff5ce30d2012709b58a28) also issue 2.8.

(cherry picked from commit 0b4db7ece313dd268e51fc47a0293a649927558a)

Conflicts:
	index.php
2015-08-15 23:44:03 +02:00
Sebastien SAUVAGE
daf5522b1e Potentiel security bug corrected
Bug reproduction: 1) paste texte containing html/javascript. 2) send 3)
clic "Raw text"  4) refresh: The html/javascript is interpreted instead
of just displayed.
Under some versions of Chrome, it happens without refreshing.
This bug was corrected.

(cherry picked from commit 4f8750bbddcb137213529875e45e3ace3be9a769)
2015-08-15 22:24:25 +02:00
Sebastien SAUVAGE
e7feca0e53 Stronger server salt
ZeroBin now generates a much stronger salt. This fixes issue #68
(mentioned in section 2.1 of https://defuse.ca/audits/zerobin.htm)

(cherry picked from commit a24212afda90ca3e4b4ff5ce30d2012709b58a28)

Conflicts:
	lib/serversalt.php
	lib/vizhash16x16.php
2015-08-15 22:18:57 +02:00
jeldrik
4f72f04eda Prevent inconstitent /data/trafic_limiter.php due to file read while writing
(cherry picked from commit 71a7f6adaea9a86a84fa8ebbcb9e5c506a785527)

Conflicts:
	index.php
2015-08-15 22:10:05 +02:00
Sébastien SAUVAGE
5b54ca34ad Update index.php
Removed ugly error message when paste identifier is invalid (eg. http://mydomain.com/zerobin?foo)
(cherry picked from commit 43fa904979a29e4c205b9f4f08e1c487555bbe1c)

Conflicts:
	index.php
2015-08-15 22:07:07 +02:00
Sebastien SAUVAGE
bc8b23d35e XSS flaw correction
With a client IE < 10 there was a XSS security flaw. Other browsers were
not affected.
Also corrected spacing display with IE<10.

(cherry picked from commit 28813cd82ae47e556b610da3c7302a6709e27431)

Conflicts:
	CHANGELOG.md
	index.php
	js/zerobin.js
	lib/vizhash16x16.php
2015-08-15 22:01:43 +02:00
Sebastien SAUVAGE
d9930978ba Make sure there is enough entropy.
This patch will improve key randomness by requiring the user to move the
mouse if there is not enough entropy.

(cherry picked from commit c6e98045aa833dff824f892eb3392744c03a59f7)
2015-08-15 21:52:14 +02:00