george/PrivateBin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,275 Commits 14 Branches 20 Tags
3a7350c5c4ed4d6b8e2d501b0c5bf9fec8133867
Commit Graph

391 Commits

Author SHA1 Message Date
El RIDO
3327645fd4 updated doc blocks, comments, fixed indentations, moved some constant strings 2021-06-14 06:44:30 +02:00
Mark van Holsteijn
b4c75b541b removed json encoding from get/setValue 2021-06-13 21:16:30 +02:00
El RIDO
9357f122b7 address Scrutinizer issues 2021-06-13 12:49:59 +02:00
El RIDO
d0248d55d3 address Scrutinizer issues 2021-06-13 12:43:18 +02:00
El RIDO
078c5785dd fix unit tests on php < 7.3 2021-06-13 12:40:06 +02:00
El RIDO
68b097087d apply StyleCI recommendation 2021-06-13 11:16:29 +02:00
El RIDO
f04043a399 address Scrutinizer issues 2021-06-13 11:02:53 +02:00
El RIDO
1f2dddd9d8 address Codacy issues 2021-06-13 10:53:01 +02:00
El RIDO
93135e0abf improving code coverage 2021-06-13 10:44:26 +02:00
El RIDO
e294145a2b ip-lib doesn't except on the matches interfaces 2021-06-13 08:26:05 +02:00
Mark van Holsteijn
1b88eef356 improved implementation of GoogleStorageBucket 2021-06-10 21:39:15 +02:00
El RIDO
5af069b4f0 Merge pull request #810 from binxio/persistence-into-data 
added purgeValues function
 2021-06-10 08:22:10 +02:00
Mark van Holsteijn
1232717334 added purgeValues to GCS 2021-06-09 22:27:34 +02:00
El RIDO
7b2f0ff302 apply StyleCI recommendation 2021-06-09 19:16:22 +02:00
El RIDO
a203e6322b implementing key/value store of Persistance in Database storage 2021-06-09 07:47:40 +02:00
El RIDO
7901ec74a7 folding Persistance\ServerSalt into Data\Filesystem 2021-06-08 22:01:29 +02:00
El RIDO
b5a6ce323e folding Persistance\TrafficLimiter into Data\Filesystem 2021-06-08 07:49:22 +02:00
El RIDO
3429d293d3 remove configurable dir for traffic & purge limiters 2021-06-08 06:37:27 +02:00
El RIDO
ae486d651b folding Persistance\PurgeLimiter into Data\Filesystem 2021-06-07 21:53:42 +02:00
Mark van Holsteijn
55efc858b5 simplest implementation of kv support on gcs 2021-06-07 09:11:24 +02:00
El RIDO
7bdcc2ae15 conclude scaffolding of AbstractData key/value storage, missing implementation 2021-06-07 07:02:47 +02:00
El RIDO
1a7d0799c0 scaffolding interface for AbstractData key/value storage, folding Persistance\DataStore into Data\Filesystem 2021-06-07 06:53:15 +02:00
El RIDO
de8f40ac1a kudos @StyleCI 2021-06-06 19:35:31 +02:00
El RIDO
c758eca0a4 removed automatic .ini configuration file migration, closes #808 2021-06-06 17:53:08 +02:00
El RIDO
2bc54caa07 fix never matched condition, kudos @ShiftLeftSecurity, found via #807 2021-06-05 10:33:01 +02:00
El RIDO
abb2b90e9b make StyleCI happy 2021-06-05 05:52:13 +02:00
El RIDO
edb8e5e078 handle edge cases with file locking: file needs to exist before it can be locked, fixes #803 2021-06-05 05:48:17 +02:00
Mark van Holsteijn
342270d6dd added Google Cloud Storage support 2021-05-28 22:39:50 +02:00
El RIDO
b6460616ba address Scrutinizer issues 2021-05-22 11:30:17 +02:00
El RIDO
91c8f9f23c use namespaces 2021-05-22 11:02:54 +02:00
El RIDO
3dd01b1f70 testing IP exemption, handle corner cases found in testing 2021-05-22 10:59:47 +02:00
rodehoed
af5a14afc3 Optimized the canPass() functions 2021-05-19 09:01:45 +02:00
rodehoed
5812a6bb68 Optimized the canPass() functions 2021-05-19 08:47:35 +02:00
Rodehoed
502bb5fa15 Put the ip-matching function in a private function 2021-05-06 12:18:44 +02:00
Rodehoed
89bdc92451 Put the ip-matching function in a private function 2021-05-06 12:13:03 +02:00
LinQhost Managed hosting
63d6816c7c Merge branch 'api-ip-exempt' of https://github.com/rodehoed/PrivateBin into api-ip-exempt 2021-05-05 08:43:32 +02:00
rodehoed
a806a6455e QA 2021-05-04 11:20:24 +02:00
rodehoed
4296b43832 QA 2021-05-04 11:19:34 +02:00
rodehoed
c3ad4a4b4d QA 2021-05-04 11:18:06 +02:00
rodehoed
805eb288d9 QA 2021-05-04 11:14:11 +02:00
rodehoed
b21efd8336 Code quality 2021-05-04 11:01:46 +02:00
LinQhost Managed hosting
7d82c82fd9 Make it possible to exempt ips from the rate-limiter 2021-05-04 10:29:25 +02:00
El RIDO
fcb6422663 re-adding CSP directive sandbox allow-forms, it is needed for the password input form to work on the JS side 2021-04-18 21:05:32 +02:00
rugk
3ca01024fd feat: disallow form submission alltogether 
Following the tests and HTTP Observatory, I think we can disable forms altogether.

Fixes https://github.com/PrivateBin/PrivateBin/issues/778
 2021-04-18 14:16:39 +02:00
rugk
5809a7cfa7 feat: add form-action CSP restriction 
This follows a suggestion from HTTP Observatory:
> Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs

Fixes #778
 2021-04-18 14:14:46 +02:00
El RIDO
9b893f09d7 Merge branch 'master' into floc 2021-04-17 08:35:21 +02:00
El RIDO
7b7a32c0a7 apply StyleCI recommendation 2021-04-17 08:20:08 +02:00
rugk
fd7d05e862 Add base URL as default CSP restriction 
This follows an [HTTP Observatory recommendation](https://observatory.mozilla.org/analyze/privatebin.net):
> Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins.

Given we don't use that anywhere, this safe should be safe. (not tested practically though)
 2021-04-16 22:04:28 +02:00
El RIDO
6f3bb25b09 disable Google FloC 2021-04-16 20:25:50 +02:00
El RIDO
1dc8b24665 transmit cookie only over HTTPS, fixes #472 2021-04-16 20:15:12 +02:00