introduce new zerobincompatibility option, replacing the base64 one, if it is enabled, delete tokens use sha256; added per paste salt with server salt fallback; this resolves the points 2.2 & 2.9 in #103

2016-07-06 11:37:13 +02:00
parent 6b0b814dc6
commit 0e217a42c5
8 changed files with 87 additions and 38 deletions
--- a/cfg/conf.ini.sample
+++ b/cfg/conf.ini.sample
@@ -39,10 +39,6 @@ template = "bootstrap"
 ; (optional) notice to display
 ; notice = "Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service."

-; base64.js library version, defaults to 2.1.9
-; use "1.7" if you are upgrading from a ZeroBin Alpha 0.19 installation
-base64version = "2.1.9"
-
 ; by default ZeroBin will guess the visitors language based on the browsers
 ; settings. Optionally you can enable the language selection menu, which uses
 ; a session cookie to store the choice until the browser is closed.
@@ -57,6 +53,11 @@ languageselection = false
 ; the pastes encryption key
 ; urlshortener = "https://shortener.example.com/api?link="

+; stay compatible with ZeroBin Alpha 0.19, less secure
+; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
+; sha256 in HMAC for the deletion token
+zerobincompatibility = false
+
 [expire]
 ; expire value that is selected per default
 ; make sure the value exists in [expire_options]
@@ -121,4 +122,4 @@ dir = PATH "data"
 ;dsn = "sqlite:" PATH "data/db.sq3"
 ;usr = null
 ;pwd = null
-;opt[12] = true	; PDO::ATTR_PERSISTENT
+;opt[12] = true	; PDO::ATTR_PERSISTENT