Commit graph

328 commits

Author SHA1 Message Date
El RIDO
d0248d55d3
address Scrutinizer issues 2021-06-13 12:43:18 +02:00
El RIDO
078c5785dd
fix unit tests on php < 7.3 2021-06-13 12:40:06 +02:00
El RIDO
68b097087d
apply StyleCI recommendation 2021-06-13 11:16:29 +02:00
El RIDO
f04043a399
address Scrutinizer issues 2021-06-13 11:02:53 +02:00
El RIDO
1f2dddd9d8
address Codacy issues 2021-06-13 10:53:01 +02:00
El RIDO
93135e0abf
improving code coverage 2021-06-13 10:44:26 +02:00
El RIDO
e294145a2b
ip-lib doesn't except on the matches interfaces 2021-06-13 08:26:05 +02:00
Mark van Holsteijn
1b88eef356 improved implementation of GoogleStorageBucket 2021-06-10 21:39:15 +02:00
El RIDO
5af069b4f0
Merge pull request #810 from binxio/persistence-into-data
added purgeValues function
2021-06-10 08:22:10 +02:00
Mark van Holsteijn
1232717334 added purgeValues to GCS 2021-06-09 22:27:34 +02:00
El RIDO
7b2f0ff302
apply StyleCI recommendation 2021-06-09 19:16:22 +02:00
El RIDO
a203e6322b
implementing key/value store of Persistance in Database storage 2021-06-09 07:47:40 +02:00
El RIDO
7901ec74a7
folding Persistance\ServerSalt into Data\Filesystem 2021-06-08 22:01:29 +02:00
El RIDO
b5a6ce323e
folding Persistance\TrafficLimiter into Data\Filesystem 2021-06-08 07:49:22 +02:00
El RIDO
3429d293d3
remove configurable dir for traffic & purge limiters 2021-06-08 06:37:27 +02:00
El RIDO
ae486d651b
folding Persistance\PurgeLimiter into Data\Filesystem 2021-06-07 21:53:42 +02:00
Mark van Holsteijn
55efc858b5 simplest implementation of kv support on gcs 2021-06-07 09:11:24 +02:00
El RIDO
7bdcc2ae15
conclude scaffolding of AbstractData key/value storage, missing implementation 2021-06-07 07:02:47 +02:00
El RIDO
1a7d0799c0
scaffolding interface for AbstractData key/value storage, folding Persistance\DataStore into Data\Filesystem 2021-06-07 06:53:15 +02:00
El RIDO
de8f40ac1a
kudos @StyleCI 2021-06-06 19:35:31 +02:00
El RIDO
c758eca0a4
removed automatic .ini configuration file migration, closes #808 2021-06-06 17:53:08 +02:00
El RIDO
2bc54caa07
fix never matched condition, kudos @ShiftLeftSecurity, found via #807 2021-06-05 10:33:01 +02:00
El RIDO
abb2b90e9b
make StyleCI happy 2021-06-05 05:52:13 +02:00
El RIDO
edb8e5e078
handle edge cases with file locking: file needs to exist before it can be locked, fixes #803 2021-06-05 05:48:17 +02:00
Mark van Holsteijn
342270d6dd added Google Cloud Storage support 2021-05-28 22:39:50 +02:00
El RIDO
b6460616ba
address Scrutinizer issues 2021-05-22 11:30:17 +02:00
El RIDO
91c8f9f23c
use namespaces 2021-05-22 11:02:54 +02:00
El RIDO
3dd01b1f70
testing IP exemption, handle corner cases found in testing 2021-05-22 10:59:47 +02:00
rodehoed
af5a14afc3 Optimized the canPass() functions 2021-05-19 09:01:45 +02:00
rodehoed
5812a6bb68 Optimized the canPass() functions 2021-05-19 08:47:35 +02:00
Rodehoed
502bb5fa15 Put the ip-matching function in a private function 2021-05-06 12:18:44 +02:00
Rodehoed
89bdc92451 Put the ip-matching function in a private function 2021-05-06 12:13:03 +02:00
LinQhost Managed hosting
63d6816c7c Merge branch 'api-ip-exempt' of https://github.com/rodehoed/PrivateBin into api-ip-exempt 2021-05-05 08:43:32 +02:00
rodehoed
a806a6455e
QA 2021-05-04 11:20:24 +02:00
rodehoed
4296b43832
QA 2021-05-04 11:19:34 +02:00
rodehoed
c3ad4a4b4d
QA 2021-05-04 11:18:06 +02:00
rodehoed
805eb288d9
QA 2021-05-04 11:14:11 +02:00
rodehoed
b21efd8336
Code quality 2021-05-04 11:01:46 +02:00
LinQhost Managed hosting
7d82c82fd9 Make it possible to exempt ips from the rate-limiter 2021-05-04 10:29:25 +02:00
El RIDO
fcb6422663
re-adding CSP directive sandbox allow-forms, it is needed for the password input form to work on the JS side 2021-04-18 21:05:32 +02:00
rugk
3ca01024fd
feat: disallow form submission alltogether
Following the tests and HTTP Observatory, I think we can disable forms altogether.

Fixes https://github.com/PrivateBin/PrivateBin/issues/778
2021-04-18 14:16:39 +02:00
rugk
5809a7cfa7
feat: add form-action CSP restriction
This follows a suggestion from HTTP Observatory:
> Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs

Fixes #778
2021-04-18 14:14:46 +02:00
El RIDO
9b893f09d7
Merge branch 'master' into floc 2021-04-17 08:35:21 +02:00
El RIDO
7b7a32c0a7
apply StyleCI recommendation 2021-04-17 08:20:08 +02:00
rugk
fd7d05e862
Add base URL as default CSP restriction
This follows an [HTTP Observatory recommendation](https://observatory.mozilla.org/analyze/privatebin.net):
> Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins.

Given we don't use that anywhere, this safe should be safe. (not tested practically though)
2021-04-16 22:04:28 +02:00
El RIDO
6f3bb25b09
disable Google FloC 2021-04-16 20:25:50 +02:00
El RIDO
1dc8b24665
transmit cookie only over HTTPS, fixes #472 2021-04-16 20:15:12 +02:00
El RIDO
9e6eb50ced
adding new security headers, fixes #765 2021-04-16 19:19:11 +02:00
El RIDO
175d14224e
set plurals for and credit Estonian translation 2021-04-16 18:27:12 +02:00
El RIDO
458ebcb321
incrementing version 2021-04-05 17:05:14 +02:00