Add missing break in switch

Cleanup variables/logic
It only assigns and DomPurfies things once, instead of doing it again and again. Also uses less variables and cleans up the logic.
2020-03-06 10:03:27 +01:00 · 2020-03-04 14:32:04 +01:00 · 2020-03-04 13:44:57 +01:00 · 2020-03-04 13:29:06 +01:00 · 2020-03-04 11:45:56 +01:00
34 changed files with 165 additions and 148 deletions
--- a/.styleci.yml
+++ b/.styleci.yml
@@ -17,7 +17,7 @@ disabled:
  - concat_without_spaces
  - declare_equal_normalize
  - heredoc_to_nowdoc
-  - method_argument_space_strict
+  - method_argument_space
  - new_with_braces
  - no_alternative_syntax
  - phpdoc_align
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,12 +1,8 @@
 # PrivateBin version history

  * **1.4 (not yet released)**
-  * **1.3.4 (2020-03-22)**
    * CHANGED: Minimum required PHP version is 5.6, due to a change in the identicon library and to use php's native hash_equals()
    * CHANGED: Upgrading libraries to: identicon 2.0.0
-    * FIXED: Support custom expiration options in email function (#586)
-    * FIXED: Regression with encoding of HTML entities (#588)
-    * FIXED: Unable to paste password on paste with attachment (#565 & #595)
  * **1.3.3 (2020-02-16)**
    * CHANGED: Upgrading libraries to: DOMpurify 2.0.8
    * CHANGED: Several translations got updated with missing messages
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -187,7 +187,7 @@ CREATE INDEX parent ON prefix_comment(pasteid);
 CREATE TABLE prefix_config (
    id CHAR(16) NOT NULL, value TEXT, PRIMARY KEY (id)
 );
-INSERT INTO prefix_config VALUES('VERSION', '1.3.4');
+INSERT INTO prefix_config VALUES('VERSION', '1.3.3');
 ```

 In **PostgreSQL**, the data, attachment, nickname and vizhash columns needs to be TEXT and not BLOB or MEDIUMBLOB.
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # [![PrivateBin](https://cdn.rawgit.com/PrivateBin/assets/master/images/preview/logoSmall.png)](https://privatebin.info/)

-*Current version: 1.3.4*
+*Current version: 1.3.3*

 **PrivateBin** is a minimalist, open source online [pastebin](https://en.wikipedia.org/wiki/Pastebin)
 where the server has zero knowledge of pasted data.
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -4,8 +4,8 @@

 | Version | Supported          |
 | ------- | ------------------ |
-| 1.3.4   | :heavy_check_mark: |
-| < 1.3.4 | :x:                |
+| 1.3.3   | :heavy_check_mark: |
+| < 1.3.3 | :x:                |

 ## Reporting a Vulnerability

--- a/css/bootstrap/privatebin.css
+++ b/css/bootstrap/privatebin.css
@@ -6,7 +6,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 body {
--- a/css/noscript.css
+++ b/css/noscript.css
@@ -6,7 +6,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 /* When there is no script at all other */
--- a/css/privatebin.css
+++ b/css/privatebin.css
@@ -6,7 +6,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 /*  CSS Reset from YUI 3.4.1 (build 4118) - Copyright 2011 Yahoo! Inc. All rights reserved.
--- a/index.php
+++ b/index.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 // change this, if your php files and data is outside of your webservers document root
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -6,7 +6,7 @@
 * @see       {@link https://github.com/PrivateBin/PrivateBin}
 * @copyright 2012 Sébastien SAUVAGE ({@link http://sebsauvage.net})
 * @license   {@link https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License}
- * @version   1.3.4
+ * @version   1.3.3
 * @name      PrivateBin
 * @namespace
 */
@@ -18,14 +18,14 @@ jQuery.fn.draghover = function() {
    return this.each(function() {
        let collection = $(),
            self = $(this);
-  
+
        self.on('dragenter', function(e) {
            if (collection.length === 0) {
                self.trigger('draghoverstart');
            }
            collection = collection.add(e.target);
        });
-  
+
        self.on('dragleave drop', function(e) {
            collection = collection.not(e.target);
            if (collection.length === 0) {
@@ -375,7 +375,32 @@ jQuery.PrivateBin = (function($, RawDeflate) {
        };

        /**
-         * convert URLs to clickable links in the provided element.
+         * formats the text that needs to be formatted, so DomPurify can properly escape it.
+         *
+         * @name   Helper.preformatTextForDomPurify
+         * @function
+         * @param  {string} html
+         * @param  {'markdown'|'syntaxhighlighting'|'plaintext'} text
+         * @return {string} new text
+         */
+        me.preformatTextForDomPurify = function(text, format)
+        {
+            if (!format) {
+                throw new TypeError('invalid format parameter');
+            }
+
+            // encode < to make sure DomPurify does not interpret e.g. HTML or XML markup as code
+            // cf. https://developer.mozilla.org/en-US/docs/Web/HTML/Element/xmp#Summary
+            // As Markdown, by definition, is/allows HTML code, we do not do anything there.
+            if (format !== 'markdown') {
+                // one character is enough, as this is not security-relevant (all output will go through DOMPurify later)
+                text = text.replace(/</g, '&lt;');
+            }
+            return text;
+        };
+
+        /**
+         * convert URLs to clickable links.
         *
         * URLs to handle:
         * <pre>
@@ -386,15 +411,14 @@ jQuery.PrivateBin = (function($, RawDeflate) {
         *
         * @name   Helper.urls2links
         * @function
-         * @param  {HTMLElement} element
+         * @param  {string} html
+         * @return {string}
         */
-        me.urls2links = function(element)
+        me.urls2links = function(html)
        {
-            element.html(
-                element.html().replace(
-                    /(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
-                    '<a href="$1" rel="nofollow">$1</a>'
-                )
+            return html.replace(
+                /(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
+                '<a href="$1" rel="nofollow">$1</a>'
            );
        };

@@ -519,7 +543,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * calculate expiration date given initial date and expiration period
-         * 
+         *
         * @name   Helper.calculateExpirationDate
         * @function
         * @param  {Date} initialDate - may not be empty
@@ -532,7 +556,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
            if (typeof expirationDisplayStringOrSecondsToExpire === 'string') {
                secondsToExpiration = me.durationToSeconds(expirationDisplayStringOrSecondsToExpire);
            }
-            
+
            if (typeof secondsToExpiration !== 'number') {
                throw new Error('Cannot calculate expiration date.');
            }
@@ -2505,24 +2529,13 @@ jQuery.PrivateBin = (function($, RawDeflate) {
                return;
            }

-            if (format === 'markdown') {
-                const converter = new showdown.Converter({
-                    strikethrough: true,
-                    tables: true,
-                    tablesHeaderId: true,
-                    simplifiedAutoLink: true,
-                    excludeTrailingPunctuationFromURLs: true
-                });
-                // let showdown convert the HTML and sanitize HTML *afterwards*!
-                $plainText.html(
-                    DOMPurify.sanitize(
-                        converter.makeHtml(text)
-                    )
-                );
-                // add table classes from bootstrap css
-                $plainText.find('table').addClass('table-condensed table-bordered');
-            } else {
-                if (format === 'syntaxhighlighting') {
+            let processedText = Helper.preformatTextForDomPurify(text, format);
+
+            // link URLs
+            processedText = Helper.urls2links(processedText);
+
+            switch (format) {
+                case 'syntaxhighlighting':
                    // yes, this is really needed to initialize the environment
                    if (typeof prettyPrint === 'function')
                    {
@@ -2530,15 +2543,40 @@ jQuery.PrivateBin = (function($, RawDeflate) {
                    }

                    $prettyPrint.html(
-                        prettyPrintOne(
-                            Helper.htmlEntities(text), null, true
+                        DOMPurify.sanitize(
+                            prettyPrintOne(processedText, null, true)
                        )
                    );
-                } else {
-                    // = 'plaintext'
-                    $prettyPrint.text(text);
+                    break;
+                case 'markdown':
+                    const converter = new showdown.Converter({
+                        strikethrough: true,
+                        tables: true,
+                        tablesHeaderId: true,
+                        simplifiedAutoLink: true,
+                        excludeTrailingPunctuationFromURLs: true
+                    });
+                    // let showdown convert the HTML and sanitize HTML *afterwards*!
+                    $plainText.html(
+                        DOMPurify.sanitize(
+                            // use original text, because showdown handles autolinking on it's own
+                            converter.makeHtml(text)
+                        )
+                    );
+                    // add table classes from bootstrap css
+                    $plainText.find('table').addClass('table-condensed table-bordered');
+                    break;
+                default: // = 'plaintext'
+                    $prettyPrint.html(DOMPurify.sanitize(
+                        processedText, {
+                            ALLOWED_TAGS: ['a'],
+                            ALLOWED_ATTR: ['href', 'rel']
+                        }
+                    ));
                }
-                Helper.urls2links($prettyPrint);
+
+            // set block style for non-Markdown formatting
+            if (format !== 'markdown') {
                $prettyPrint.css('white-space', 'pre-wrap');
                $prettyPrint.css('word-break', 'normal');
                $prettyPrint.removeClass('prettyprint');
@@ -3305,7 +3343,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
         */
        me.addComment = function(comment, commentText, nickname)
        {
-            if (commentText === '') {
+            if (!commentText) {
                commentText = 'comment decryption failed';
            }

@@ -3315,8 +3353,15 @@ jQuery.PrivateBin = (function($, RawDeflate) {
            const $commentEntryData = $commentEntry.find('div.commentdata');

            // set & parse text
-            $commentEntryData.text(commentText);
-            Helper.urls2links($commentEntryData);
+            commentText = Helper.preformatTextForDomPurify(commentText, 'plaintext');
+            $commentEntryData.html(
+                DOMPurify.sanitize(
+                    Helper.urls2links(commentText), {
+                        ALLOWED_TAGS: ['a'],
+                        ALLOWED_ATTR: ['href', 'rel']
+                    }
+                )
+            );

            // set nickname
            if (nickname.length > 0) {
@@ -3447,7 +3492,6 @@ jQuery.PrivateBin = (function($, RawDeflate) {
                if (fadeOut === true) {
                    setTimeout(function () {
                        $comment.removeClass('highlight');
-
                    }, 300);
                }
            };
@@ -3722,11 +3766,11 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * Template Email body.
-         * 
+         *
         * @name   TopNav.templateEmailBody
-         * @private 
-         * @param {string} expirationDateString 
-         * @param {bool} isBurnafterreading 
+         * @private
+         * @param {string} expirationDateString
+         * @param {bool} isBurnafterreading
         */
        function templateEmailBody(expirationDateString, isBurnafterreading)
        {
@@ -3764,10 +3808,10 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * Trigger Email send.
-         * 
+         *
         * @name   TopNav.triggerEmailSend
-         * @private 
-         * @param {string} emailBody 
+         * @private
+         * @param {string} emailBody
         */
        function triggerEmailSend(emailBody)
        {
@@ -3980,7 +4024,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * show the "email" button
-         * 
+         *
         * @name   TopNav.showEmailbutton
         * @function
         * @param {int|undefined} optionalRemainingTimeInSeconds
@@ -4008,7 +4052,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * hide the "email" button
-         * 
+         *
         * @name   TopNav.hideEmailButton
         * @function
         */
@@ -4042,7 +4086,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * only hides the qr code button
-         * 
+         *
         * @name   TopNav.hideQrCodeButton
         * @function
         */
@@ -4053,7 +4097,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * hide all irrelevant buttons when viewing burn after reading paste
-         * 
+         *
         * @name   TopNav.hideBurnAfterReadingButtons
         * @function
         */
@@ -4089,7 +4133,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * hides the custom attachment
-         * 
+         *
         * @name  TopNav.hideCustomAttachment
         * @function
         */
@@ -4213,7 +4257,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * Highlight file upload
-         * 
+         *
         * @name  TopNav.highlightFileupload
         * @function
         */
@@ -4232,7 +4276,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * set the format on bootstrap templates in dropdown programmatically
-         * 
+         *
         * @name    TopNav.setFormat
         * @function
         */
@@ -4243,14 +4287,14 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * returns if attachment dropdown is readonly, not editable
-         * 
+         *
         * @name   TopNav.isAttachmentReadonly
         * @function
         * @return {bool}
         */
        me.isAttachmentReadonly = function()
        {
-            return createButtonsDisplayed && $attach.hasClass('hidden');
+            return $attach.hasClass('hidden');
        }

        /**
--- a/js/test/Helper.js
+++ b/js/test/Helper.js
@@ -81,15 +81,7 @@ describe('Helper', function () {
            'ignores non-URL content',
            'string',
            function (content) {
-                content = content.replace(/\r/g, '\n').replace(/\u0000/g, '');
-                let clean = jsdom();
-                $('body').html('<div id="foo"></div>');
-                let e = $('#foo');
-                e.text(content);
-                $.PrivateBin.Helper.urls2links(e);
-                let result = e.text();
-                clean();
-                return content === result;
+                return content === $.PrivateBin.Helper.urls2links(content);
            }
        );
        jsc.property(
@@ -103,12 +95,9 @@ describe('Helper', function () {
            function (prefix, schema, address, query, fragment, postfix) {
                query    = query.join('');
                fragment = fragment.join('');
-                prefix = prefix.replace(/\r/g, '\n').replace(/\u0000/g, '');
-                postfix  = ' ' + postfix.replace(/\r/g, '\n').replace(/\u0000/g, '');
-                let url  = schema + '://' + address.join('') + '/?' + query + '#' + fragment,
-                    clean = jsdom();
-                $('body').html('<div id="foo"></div>');
-                let e = $('#foo');
+                prefix   = $.PrivateBin.Helper.htmlEntities(prefix);
+                postfix  = ' ' + $.PrivateBin.Helper.htmlEntities(postfix);
+                let url  = schema + '://' + address.join('') + '/?' + query + '#' + fragment;

                // special cases: When the query string and fragment imply the beginning of an HTML entity, eg. &#0 or &#x
                if (
@@ -119,12 +108,8 @@ describe('Helper', function () {
                    url = schema + '://' + address.join('') + '/?' + query.substring(0, query.length - 1);
                    postfix = '';
                }
-                e.text(prefix + url + postfix);
-                $.PrivateBin.Helper.urls2links(e);
-                let result = e.html();
-                clean();
-                url = $('<div />').text(url).html();
-                return $('<div />').text(prefix).html() + '<a href="' + url + '" rel="nofollow">' + url + '</a>' + $('<div />').text(postfix).html() === result;
+
+                return prefix + '<a href="' + url + '" rel="nofollow">' + url + '</a>' + postfix === $.PrivateBin.Helper.urls2links(prefix + url + postfix);
            }
        );
        jsc.property(
@@ -133,18 +118,10 @@ describe('Helper', function () {
            jsc.array(common.jscQueryString()),
            'string',
            function (prefix, query, postfix) {
-                prefix = prefix.replace(/\r/g, '\n').replace(/\u0000/g, '');
-                postfix = ' ' + postfix.replace(/\r/g, '\n').replace(/\u0000/g, '');
-                let url  = 'magnet:?' + query.join('').replace(/^&+|&+$/gm,''),
-                    clean = jsdom();
-                $('body').html('<div id="foo"></div>');
-                let e = $('#foo');
-                e.text(prefix + url + postfix);
-                $.PrivateBin.Helper.urls2links(e);
-                let result = e.html();
-                clean();
-                url = $('<div />').text(url).html();
-                return $('<div />').text(prefix).html() + '<a href="' + url + '" rel="nofollow">' + url + '</a>' + $('<div />').text(postfix).html() === result;
+                prefix   = $.PrivateBin.Helper.htmlEntities(prefix);
+                postfix  = $.PrivateBin.Helper.htmlEntities(postfix);
+                let url  = 'magnet:?' + query.join('').replace(/^&+|&+$/gm,'');
+                return prefix + '<a href="' + url + '" rel="nofollow">' + url + '</a> ' + postfix === $.PrivateBin.Helper.urls2links(prefix + url + ' ' + postfix);
            }
        );
    });
--- a/lib/Configuration.php
+++ b/lib/Configuration.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 namespace PrivateBin;
--- a/lib/Controller.php
+++ b/lib/Controller.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 namespace PrivateBin;
@@ -28,7 +28,7 @@ class Controller
     *
     * @const string
     */
-    const VERSION = '1.3.4';
+    const VERSION = '1.3.3';

    /**
     * minimal required PHP version
--- a/lib/Data/AbstractData.php
+++ b/lib/Data/AbstractData.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 namespace PrivateBin\Data;
--- a/lib/Data/Database.php
+++ b/lib/Data/Database.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 namespace PrivateBin\Data;
--- a/lib/Data/Filesystem.php
+++ b/lib/Data/Filesystem.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 namespace PrivateBin\Data;
--- a/lib/Filter.php
+++ b/lib/Filter.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 namespace PrivateBin;
--- a/lib/FormatV2.php
+++ b/lib/FormatV2.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 namespace PrivateBin;
--- a/lib/I18n.php
+++ b/lib/I18n.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 namespace PrivateBin;
--- a/lib/Json.php
+++ b/lib/Json.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 namespace PrivateBin;
--- a/lib/Model.php
+++ b/lib/Model.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 namespace PrivateBin;
--- a/lib/Model/AbstractModel.php
+++ b/lib/Model/AbstractModel.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 namespace PrivateBin\Model;
--- a/lib/Model/Comment.php
+++ b/lib/Model/Comment.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 namespace PrivateBin\Model;
--- a/lib/Model/Paste.php
+++ b/lib/Model/Paste.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 namespace PrivateBin\Model;
--- a/lib/Persistence/AbstractPersistence.php
+++ b/lib/Persistence/AbstractPersistence.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 namespace PrivateBin\Persistence;
--- a/lib/Persistence/DataStore.php
+++ b/lib/Persistence/DataStore.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.1
 */

 namespace PrivateBin\Persistence;
--- a/lib/Persistence/PurgeLimiter.php
+++ b/lib/Persistence/PurgeLimiter.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 namespace PrivateBin\Persistence;
--- a/lib/Persistence/ServerSalt.php
+++ b/lib/Persistence/ServerSalt.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 namespace PrivateBin\Persistence;
--- a/lib/Persistence/TrafficLimiter.php
+++ b/lib/Persistence/TrafficLimiter.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 namespace PrivateBin\Persistence;
--- a/lib/Request.php
+++ b/lib/Request.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 namespace PrivateBin;
--- a/lib/View.php
+++ b/lib/View.php
@@ -7,7 +7,7 @@
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.3.4
+ * @version   1.3.3
 */

 namespace PrivateBin;
--- a/lib/Vizhash16x16.php
+++ b/lib/Vizhash16x16.php
@@ -8,7 +8,7 @@
 * @link      http://sebsauvage.net/wiki/doku.php?id=php:vizhash_gd
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   0.0.5 beta PrivateBin 1.3.4
+ * @version   0.0.5 beta PrivateBin 1.3.3
 */

 namespace PrivateBin;
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@@ -41,38 +41,38 @@ if ($SYNTAXHIGHLIGHTING):
 endif;
 ?>
 		<noscript><link type="text/css" rel="stylesheet" href="css/noscript.css" /></noscript>
-		<script type="text/javascript" data-cfasync="false" src="js/jquery-3.4.1.js" integrity="sha512-bnIvzh6FU75ZKxp0GXLH9bewza/OIw6dLVh9ICg0gogclmYGguQJWl8U30WpbsGTqbIiAwxTsbe76DErLq5EDQ==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/jquery-3.4.1.js" integrity="sha512-9anGruNHwVXk3XlsUXFrdEe8Iq5EdB/Otrz+4C+VWtQGPThhPyQRCKPh8+H1QPyu2NmEi5oPuCPACVXPmhnvrQ==" crossorigin="anonymous"></script>
 <?php
 if ($QRCODE):
 ?>
-		<script async type="text/javascript" data-cfasync="false" src="js/kjua-0.6.0.js" integrity="sha512-GEEIHvphDt1NmaxzX8X1ZkBiGKXCv+Ofzwi8SMEH5wQVWqdGIvBO/fnxxKZ90RU1bVp6srS68nHIpZo6iVcG9g==" crossorigin="anonymous"></script>
+		<script async type="text/javascript" data-cfasync="false" src="js/kjua-0.6.0.js" integrity="sha512-mS5pSr1OST+Q29k4J4epdY+UFR9EmQ/mm96tV4QN22NHQPaWAXuDOAEAA9RAPpmY5jY2SDz8lMHN9CPysV/Dsg==" crossorigin="anonymous"></script>
 <?php
 endif;
 if ($ZEROBINCOMPATIBILITY):
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/base64-1.7.js" integrity="sha512-JdwsSP3GyHR+jaCkns9CL9NTt4JUJqm/BsODGmYhBcj5EAPKcHYh+OiMfyHbcDLECe17TL0hjXADFkusAqiYgA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/base64-1.7.js" integrity="sha512-V6V3jxySWm/c62rSuY64hIU1/xYwaeQ+RJQyOzUMiZEMMlZXlnbif6/v/4v3Nck/cch7LylQU8lMplZUnIhSoA==" crossorigin="anonymous"></script>
 <?php
 endif;
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/zlib-1.2.11.js" integrity="sha512-Yey/0yoaVmSbqMEyyff3DIu8kCPwpHvHf7tY1AuZ1lrX9NPCMg87PwzngMi+VNbe4ilCApmePeuKT869RTcyCQ==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/base-x-3.0.7.js" integrity="sha512-/Bi1AJIP0TtxEB+Jh6Hk809H1G7vn4iJV80qagslf0+Hm0UjUi1s3qNrn1kZULjzUYuaf6ck0ndLGJ7MxWLmgQ==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/rawinflate-0.3.js" integrity="sha512-g8uelGgJW9A/Z1tB6Izxab++oj5kdD7B4qC7DHwZkB6DGMXKyzx7v5mvap2HXueI2IIn08YlRYM56jwWdm2ucQ==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/bootstrap-3.3.7.js" integrity="sha512-iztkobsvnjKfAtTNdHkGVjAYTrrtlC7mGp/54c40wowO7LhURYl3gVzzcEqGl/qKXQltJ2HwMrdLcNUdo+N/RQ==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/zlib-1.2.11.js" integrity="sha512-ltQiYRTMNyL8c4rObU3wsq1IY9qXWlw3ev19xbLZywKhzLy9Ys3QWkUfbokF8V1yZPGdfFqCPLGpbj+D4NhtDA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/base-x-3.0.7.js" integrity="sha512-1PEa62gwxcuweDJX3y/hE5hqV1WwUcKWdXnCPVBPu2J0QoONNH90gJSfKqdQCnsJhjMGNUWH6/UFQs1D3ufczQ==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/rawinflate-0.3.js" integrity="sha512-oC3qyjPVFoECDz+NY8EWEweqMF9Aobh+bxwfQsWTO+75CzsvHkZUZHiFI1iWPnCymurCZ8N1IRiA1lQstakAjw==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/bootstrap-3.3.7.js" integrity="sha512-4nvga8iY3PiT8GzEnK/LtrpuOmkQaomlAPaZPldgCzY2OSeEgRI3oaeDln2+BdV6B2nHj4B0oMOlmxa2VbHTUA==" crossorigin="anonymous"></script>
 <?php
 if ($SYNTAXHIGHLIGHTING):
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/prettify.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-puO0Ogy++IoA2Pb9IjSxV1n4+kQkKXYAEUtVzfZpQepyDPyXk8hokiYDS7ybMogYlyyEIwMLpZqVhCkARQWLMg==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/prettify.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-8Yo8AyWGdIAIogswah43R44ykWSTkNhgYaR4fsn49WSIsZ6GQF8HgO5ZbomYG7N459Rd2Ycl+JZTmJWovIy5TA==" crossorigin="anonymous"></script>
 <?php
 endif;
 if ($MARKDOWN):
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/showdown-1.9.1.js" integrity="sha512-nRri7kqh3iRLdHbhtjfe8w9eAQPmt+ubH5U88UZyKbz6O9Q0q4haaXF0krOUclKmRJou/kKZYulgBHvHXPqOvg==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/showdown-1.9.1.js" integrity="sha512-XaY4Yp8taiarnpsT49pd5AWWq9BfheHGV7MTt7ER2N5/rcq3v2DK7lbhdAhMic9eCoOD1cnBIgMCcV85ew4OSA==" crossorigin="anonymous"></script>
 <?php
 endif;
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.8.js" integrity="sha512-QwcEKGuEmKtMguCO9pqNtUtZqq9b/tJ8gNr5qhY8hykq3zKTlDOvpZAmf6Rs8yH35Bz1ZdctUjj2qEWxT5aXCg==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-+4ay2Dw/9w/DOTutdpoiHvF6RxqV0V8ABSXHlebjGbQ7Td+3If7mOZ5OIu/lWCifcgP6vyhJuiB8+jl8FGtuwg==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.8.js" integrity="sha512-x2Kev3A7fqc/QKCzRHoJ7qCiglgxXtY8WDUMPOUBI6jVueqRkRMGjP1IqD9iUWVuND81ckCCS27Br5M11tw0IA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-3L/E22cdC3wDFXKM1i32bw4HdrfX14du2xswUKanOY6CLrD+e0hykmLvES+zfBKF1GFQFKr3OmdCVH2y+zHlsA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-orzZ0Xa2whu2x2rgs9pUPD3cbbw2kMK9GeCIQPC50/H66tgobl3LjsGNREI6s0porBoJ+Wp6icp+Z1FqyQ/bxA==" crossorigin="anonymous"></script>
 		<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
 		<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
 		<link rel="icon" type="image/png" href="img/favicon-16x16.png?<?php echo rawurlencode($VERSION); ?>" sizes="16x16" />
--- a/tpl/page.php
+++ b/tpl/page.php
@@ -20,37 +20,37 @@ if ($SYNTAXHIGHLIGHTING):
    endif;
 endif;
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/jquery-3.4.1.js" integrity="sha512-bnIvzh6FU75ZKxp0GXLH9bewza/OIw6dLVh9ICg0gogclmYGguQJWl8U30WpbsGTqbIiAwxTsbe76DErLq5EDQ==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/jquery-3.4.1.js" integrity="sha512-9anGruNHwVXk3XlsUXFrdEe8Iq5EdB/Otrz+4C+VWtQGPThhPyQRCKPh8+H1QPyu2NmEi5oPuCPACVXPmhnvrQ==" crossorigin="anonymous"></script>
 <?php
 if ($QRCODE):
 ?>
-		<script async type="text/javascript" data-cfasync="false" src="js/kjua-0.6.0.js" integrity="sha512-GEEIHvphDt1NmaxzX8X1ZkBiGKXCv+Ofzwi8SMEH5wQVWqdGIvBO/fnxxKZ90RU1bVp6srS68nHIpZo6iVcG9g==" crossorigin="anonymous"></script>
+		<script async type="text/javascript" data-cfasync="false" src="js/kjua-0.6.0.js" integrity="sha512-mS5pSr1OST+Q29k4J4epdY+UFR9EmQ/mm96tV4QN22NHQPaWAXuDOAEAA9RAPpmY5jY2SDz8lMHN9CPysV/Dsg==" crossorigin="anonymous"></script>
 <?php
 endif;
 if ($ZEROBINCOMPATIBILITY):
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/base64-1.7.js" integrity="sha512-JdwsSP3GyHR+jaCkns9CL9NTt4JUJqm/BsODGmYhBcj5EAPKcHYh+OiMfyHbcDLECe17TL0hjXADFkusAqiYgA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/base64-1.7.js" integrity="sha512-V6V3jxySWm/c62rSuY64hIU1/xYwaeQ+RJQyOzUMiZEMMlZXlnbif6/v/4v3Nck/cch7LylQU8lMplZUnIhSoA==" crossorigin="anonymous"></script>
 <?php
 endif;
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/zlib-1.2.11.js" integrity="sha512-Yey/0yoaVmSbqMEyyff3DIu8kCPwpHvHf7tY1AuZ1lrX9NPCMg87PwzngMi+VNbe4ilCApmePeuKT869RTcyCQ==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/base-x-3.0.7.js" integrity="sha512-/Bi1AJIP0TtxEB+Jh6Hk809H1G7vn4iJV80qagslf0+Hm0UjUi1s3qNrn1kZULjzUYuaf6ck0ndLGJ7MxWLmgQ==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/rawinflate-0.3.js" integrity="sha512-g8uelGgJW9A/Z1tB6Izxab++oj5kdD7B4qC7DHwZkB6DGMXKyzx7v5mvap2HXueI2IIn08YlRYM56jwWdm2ucQ==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/zlib-1.2.11.js" integrity="sha512-ltQiYRTMNyL8c4rObU3wsq1IY9qXWlw3ev19xbLZywKhzLy9Ys3QWkUfbokF8V1yZPGdfFqCPLGpbj+D4NhtDA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/base-x-3.0.7.js" integrity="sha512-1PEa62gwxcuweDJX3y/hE5hqV1WwUcKWdXnCPVBPu2J0QoONNH90gJSfKqdQCnsJhjMGNUWH6/UFQs1D3ufczQ==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/rawinflate-0.3.js" integrity="sha512-oC3qyjPVFoECDz+NY8EWEweqMF9Aobh+bxwfQsWTO+75CzsvHkZUZHiFI1iWPnCymurCZ8N1IRiA1lQstakAjw==" crossorigin="anonymous"></script>
 <?php
 if ($SYNTAXHIGHLIGHTING):
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/prettify.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-puO0Ogy++IoA2Pb9IjSxV1n4+kQkKXYAEUtVzfZpQepyDPyXk8hokiYDS7ybMogYlyyEIwMLpZqVhCkARQWLMg==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/prettify.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-8Yo8AyWGdIAIogswah43R44ykWSTkNhgYaR4fsn49WSIsZ6GQF8HgO5ZbomYG7N459Rd2Ycl+JZTmJWovIy5TA==" crossorigin="anonymous"></script>
 <?php
 endif;
 if ($MARKDOWN):
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/showdown-1.9.1.js" integrity="sha512-nRri7kqh3iRLdHbhtjfe8w9eAQPmt+ubH5U88UZyKbz6O9Q0q4haaXF0krOUclKmRJou/kKZYulgBHvHXPqOvg==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/showdown-1.9.1.js" integrity="sha512-XaY4Yp8taiarnpsT49pd5AWWq9BfheHGV7MTt7ER2N5/rcq3v2DK7lbhdAhMic9eCoOD1cnBIgMCcV85ew4OSA==" crossorigin="anonymous"></script>
 <?php
 endif;
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.8.js" integrity="sha512-QwcEKGuEmKtMguCO9pqNtUtZqq9b/tJ8gNr5qhY8hykq3zKTlDOvpZAmf6Rs8yH35Bz1ZdctUjj2qEWxT5aXCg==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-+4ay2Dw/9w/DOTutdpoiHvF6RxqV0V8ABSXHlebjGbQ7Td+3If7mOZ5OIu/lWCifcgP6vyhJuiB8+jl8FGtuwg==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.8.js" integrity="sha512-x2Kev3A7fqc/QKCzRHoJ7qCiglgxXtY8WDUMPOUBI6jVueqRkRMGjP1IqD9iUWVuND81ckCCS27Br5M11tw0IA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-3L/E22cdC3wDFXKM1i32bw4HdrfX14du2xswUKanOY6CLrD+e0hykmLvES+zfBKF1GFQFKr3OmdCVH2y+zHlsA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-orzZ0Xa2whu2x2rgs9pUPD3cbbw2kMK9GeCIQPC50/H66tgobl3LjsGNREI6s0porBoJ+Wp6icp+Z1FqyQ/bxA==" crossorigin="anonymous"></script>
 		<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
 		<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
 		<link rel="icon" type="image/png" href="img/favicon-16x16.png?<?php echo rawurlencode($VERSION); ?>" sizes="16x16" />
Author	SHA1	Message	Date
rugk	470e0fc33c	Add missing break in switch	2020-03-06 10:03:27 +01:00
rugk	f13a5d0a55	Cleanup variables/logic It only assigns and DomPurfies things once, instead of doing it again and again. Also uses less variables and cleans up the logic.	2020-03-04 14:32:04 +01:00
rugk	552e0cac3a	Fix .getText of PasteViewer to return original text string The issue was that I reused an existing module variable. Now we have (yet another one) temp var for that. Practically this fixes the "clone paste" button by using the original text.	2020-03-04 13:44:57 +01:00
rugk	294b8804a4	Fix source code escaping in comments Also fix comments.	2020-03-04 13:29:06 +01:00
rugk	005d223c0d	Fix source code being not rendered If special characters were included the source code (HTML-like ones like < and >) is was not rendered. Fixes https://github.com/PrivateBin/PrivateBin/issues/588 It includes a change in the RegEx for URLs because that was broken when a & character later followed at any time after a link (even after a newline). (with a negative lookahead) Test with https://regex101.com/r/i7bZ73/1 Now the RegEx does not check for _all_ chars after a link, but just for the one following the link. (So the lookahead is not * anymore. I guess thsi behaviour was the expectation when it has been implemented.)	2020-03-04 11:45:56 +01:00