Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • siick/siickbin
1 result
Show changes
Commits on Source (7)
Expand all Hide whitespace changes
Inline Side-by-side
Showing
with 1520 additions and 0 deletions
.gitignore 0 → 100644
View file @ e6cb1cc1
# Ignorer tous les fichiers dans le dossier 'data'
data/*
\ No newline at end of file
.htaccess 0 → 100644
View file @ e6cb1cc1
# X-Frame-Options Protect against page-framing and click-jacking
Header always append X-Frame-Options SAMEORIGIN
# X-Content-Type nosniff
Header set X-Content-Type-Options nosniff
#HSTS Header
Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
#CSP
Header add Content-Security-Policy "form-action 'self'; base-uri 'self'; frame-ancestors 'self';"
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteCond %{HTTP_HOST} ^bin\.siick\.fr$ [OR]
RewriteCond %{HTTP_HOST} ^www\.bin\.siick\.fr$
RewriteRule ^/?$ "https\:\/\/bin\.siick\.fr\/" [R=301,L]
.htaccess.disabled 0 → 100644
View file @ e6cb1cc1
RewriteEngine on
RewriteCond !%{HTTP_USER_AGENT} "Let's Encrypt validation server" [NC]
RewriteCond %{HTTP_USER_AGENT} ^.*(bot|spider|crawl|https?://|WhatsApp|SkypeUriPreview|facebookexternalhit) [NC]
RewriteRule .* - [R=403,L]
<IfModule mod_php7.c>
php_value max_execution_time 30
php_value post_max_size 10M
php_value upload_max_size 10M
php_value upload_max_filesize 10M
php_value max_file_uploads 100
</IfModule>
CHANGELOG.md 0 → 100755
View file @ e6cb1cc1
This diff is collapsed.
CREDITS.md 0 → 100755
View file @ e6cb1cc1
# Credits
## Active contributors
* Simon Rupf - current developer and maintainer
* rugk - security review, doc improvment, JS refactoring & various other stuff
* R4SAS - python client, compression, blob URI to support larger attachments
## Past contributions
* Sébastien Sauvage - original idea and main developer
* Alexey Gladkov - syntax highlighting
* Greg Knaddison - robots.txt
* MrKooky - HTML5 markup, CSS cleanup
* Simon Rupf - WebCrypto, unit tests, container images, database backend, MVC, configuration, i18n
* Hexalyse - Password protection
* Viktor Stanchev - File upload support
* azlux - Tab character input support
* Adam Fisher - old Favicons
* rugk - new logo/icons
* Sobak - PSR-4 and PSR-2 refactoring
* Nathaniel Olsen - jQuery upgrade
* Alexander Demenshin - modal password dialog
* PunKeel - first docker container
* thororm - Display of video, audio & PDF, drag & drop, preview of attachments
* Harald Leithner - base58 encoding of key
* Haocen - lots of bugfixes and UI improvements
* Lucas Savva - configurable config file location, NixOS packaging
* rodehoed - option to exempt ips from the rate-limiter
* Mark van Holsteijn - Google Cloud Storage backend
* Austin Huang - Oracle database support
* Felix J. Ogris - S3 Storage backend, script for data backend migrations, dropped singleton behaviour of data backends
* Mounir Idrassi & J. Mozdzen - secure YOURLS integration
* Felipe Nakandakari - enabled AWS SDK to use default credential provider chain in the S3 Storage backend
* Aaron Sherber - cache control headers for API calls & use of `shortenviayourls` in query parameters
## Translations
* Hexalyse - French
* Kuba Niewiarowski - Polish
* Gabbalo - German
* Draky50110 - French
* Filip Muki Dobranić - Slovene
* Jiawei Zhou - Chinese
* Stefano Marty - Italian
* R4SAS - Russian
* Alfredo Fabián Altamirano Tena - Spanish
* Quent-in - Occitan
* idarlund - Norwegian
* Tulio Leao - Portuguese
* Michael van Schaik - Dutch
* Péter Tabajdi - Hungarian
* info-path - Czech
* BigWax - Bulgarian
* AndriiZ - Ukrainian
* Yaron Shahrabani - Hebrew
* Moo - Lithuanian
* whenwesober - Indonesian
* retiolus - Catalan
* sarnane - Estonian
* foxsouns - Lojban
* Patriccollu di Santa Maria è Sichè - Corsican
* Markus Mikkonen - Finnish
* Emir Ensar Rahmanlar - Turkish
* Stevo984 - Slovak
* Christos Karamolegkos - Greek
* jaideejung007 - Thai
* Nicolas Le Gall - Japanese
* lazerns - Arabic
* Edward205 - Romanian
INSTALL.md 0 → 100755
View file @ e6cb1cc1
# Installation
**TL;DR:** Download the
[latest release archive](https://github.com/PrivateBin/PrivateBin/releases/latest)
(with the link labelled as "Source code (…)") and extract it in your web hosts
folder where you want to install your PrivateBin instance. We try to provide a
mostly safe default configuration, but we urge you to check the
[security section](#hardening-and-security) below and the
[configuration options](#configuration) to adjust as you see fit.
**NOTE:** See our [FAQ entry on securely downloading release files](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#how-can-i-securely-clonedownload-your-project)
for more information.
**NOTE:** There is a [ansible](https://ansible.com) role by @e1mo available to
install and configure PrivateBin on your server. It's available on
[ansible galaxy](https://galaxy.ansible.com/e1mo/privatebin)
([source code](https://git.sr.ht/~e1mo/ansible-role-privatebin)).
### Minimal Requirements
- PHP version 7.0 or above
- Or PHP version 5.6 AND _one_ of the following sources of cryptographically
safe randomness:
- [Libsodium](https://download.libsodium.org/libsodium/content/installation/)
and it's [PHP extension](https://paragonie.com/book/pecl-libsodium/read/00-intro.md#installing-libsodium)
- `open_basedir` access to `/dev/urandom`
- mcrypt extension AND `open_basedir` access to `/dev/urandom`
- com_dotnet extension
- GD extension
- zlib extension
- some disk space or a database supported by [PDO](https://php.net/manual/book.pdo.php)
- ability to create files and folders in the installation directory and the PATH
defined in index.php
- A web browser with JavaScript and (optional) WebAssembly support
## Hardening and Security
### Changing the Path
In the index.php you can define a different `PATH`. This is useful to secure
your installation. You can move the configuration, data files, templates and PHP
libraries (directories cfg, doc, data, lib, tpl, tst and vendor) outside of your
document root. This new location must still be accessible to your webserver and
PHP process (see also
[open_basedir setting](https://secure.php.net/manual/en/ini.core.php#ini.open-basedir)).
> #### PATH Example
> Your PrivateBin installation lives in a subfolder called "paste" inside of
> your document root. The URL looks like this:
> http://example.com/paste/
>
> The full path of PrivateBin on your webserver is:
> /srv/example.com/htdocs/paste
>
> When setting the path like this:
> define('PATH', '../../secret/privatebin/');
>
> PrivateBin will look for your includes and data here:
> /srv/example.com/secret/privatebin
### Changing the config path only
In situations where you want to keep the PrivateBin static files separate from the
rest of your data, or you want to reuse the installation files on multiple vhosts,
you may only want to change the `conf.php`. In this case, you can set the
`CONFIG_PATH` environment variable to the absolute path to the `conf.php` file.
This can be done in your web server's virtual host config, the PHP config, or in
the index.php, if you choose to customize it.
Note that your PHP process will need read access to the configuration file,
wherever it may be.
> #### CONFIG_PATH example
> Setting the value in an Apache Vhost:
> SetEnv CONFIG_PATH /var/lib/privatebin/conf.php
>
> In a php-fpm pool config:
> env[CONFIG_PATH] = /var/lib/privatebin/conf.php
>
> In the index.php, near the top:
> putenv('CONFIG_PATH=/var/lib/privatebin/conf.php');
### Transport security
When setting up PrivateBin, also set up HTTPS, if you haven't already. Without
HTTPS PrivateBin is not secure, as the JavaScript or WebAssembly files could be
manipulated during transmission. For more information on this, see our
[FAQ entry on HTTPS setup recommendations](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#how-should-i-setup-https).
### File-level permissions
After completing the installation, you should make sure, that other users on the
system cannot read the config file or the `data/` directory, as – depending on
your configuration – potentially sensitive information may be stored in there.
See our [FAQ entry on permissions](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#what-are-the-recommended-file-and-folder-permissions-for-privatebin)
for a detailed guide on how to "harden" access to files and folders.
## Configuration
In the file `cfg/conf.php` you can configure PrivateBin. A `cfg/conf.sample.php`
is provided containing all options and their default values. You can copy it to
`cfg/conf.php` and change it as needed. Alternatively you can copy it anywhere
and set the `CONFIG_PATH` environment variable (see above notes). The config
file is divided into multiple sections, which are enclosed in square brackets.
In the `[main]` section you can enable or disable the discussion feature, set
the limit of stored pastes and comments in bytes. The `[traffic]` section lets
you set a time limit in seconds. Users may not post more often then this limit
to your PrivateBin installation.
More details can be found in the
[configuration documentation](https://github.com/PrivateBin/PrivateBin/wiki/Configuration).
## Advanced installation
### Web server configuration
A `robots.txt` file is provided in the root dir of PrivateBin. It disallows all
robots from accessing your pastes. It is recommend to place it into the root of
your web directory if you have installed PrivateBin in a subdirectory. Make sure
to adjust it, so that the file paths match your installation. Of course also
adjust the file, if you already use a `robots.txt`.
A `.htaccess.disabled` file is provided in the root dir of PrivateBin. It blocks
some known robots and link-scanning bots. If you use Apache, you can rename the
file to `.htaccess` to enable this feature. If you use another webserver, you
have to configure it manually to do the same.
### On using Cloudflare
If you want to use PrivateBin behind Cloudflare, make sure you have disabled the
Rocket loader and unchecked "Javascript" for Auto Minify, found in your domain
settings, under "Speed". More information can be found in our
[FAQ entry on Cloudflare related issues](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection).
### Using a Database Instead of Flat Files
In the configuration file the `[model]` and `[model_options]` sections let you
configure your favourite way of storing the pastes and discussions on your
server.
`Filesystem` is the default model, which stores everything in files in the
data folder. This is the recommended setup for most sites on single hosts.
Under high load, in distributed setups or if you are not allowed to store files
locally, you might want to switch to the `Database` model. This lets you
store your data in a database. Basically all databases that are supported by
[PDO](https://secure.php.net/manual/en/book.pdo.php) may be used. Automatic table
creation is provided for `pdo_ibm`, `pdo_informix`, `pdo_mssql`, `pdo_mysql`,
`pdo_oci`, `pdo_pgsql` and `pdo_sqlite`. You may want to provide a table prefix,
if you have to share the PrivateBin database with another application or you want
to use a prefix for
[security reasons](https://security.stackexchange.com/questions/119510/is-using-a-db-prefix-for-tables-more-secure).
The table prefix option is called `tbl`.
> #### Note
> The `Database` model has only been tested with SQLite, MariaDB/MySQL and
> PostgreSQL, although it would not be recommended to use SQLite in a production
> environment. If you gain any experience running PrivateBin on other RDBMS,
> please let us know.
The following GRANTs (privileges) are required for the PrivateBin user in
**MariaDB/MySQL**. In normal operation:
- INSERT, SELECT, DELETE on the paste and comment tables
- SELECT on the config table
If you want PrivateBin to handle table creation (when you create the first paste)
and updates (after you update PrivateBin to a new release), you need to give the
user these additional privileges:
- CREATE, INDEX and ALTER on the database
- INSERT and UPDATE on the config table
For reference or if you want to create the table schema for yourself to avoid
having to give PrivateBin too many permissions (replace `prefix_` with your own
table prefix and create the table schema with your favourite MariaDB/MySQL
client):
```sql
CREATE TABLE prefix_paste (
dataid CHAR(16) NOT NULL,
data MEDIUMBLOB,
postdate INT,
expiredate INT,
opendiscussion INT,
burnafterreading INT,
meta TEXT,
attachment MEDIUMBLOB,
attachmentname BLOB,
PRIMARY KEY (dataid)
);
CREATE TABLE prefix_comment (
dataid CHAR(16),
pasteid CHAR(16),
parentid CHAR(16),
data BLOB,
nickname BLOB,
vizhash BLOB,
postdate INT,
PRIMARY KEY (dataid)
);
CREATE INDEX parent ON prefix_comment(pasteid);
CREATE TABLE prefix_config (
id CHAR(16) NOT NULL, value TEXT, PRIMARY KEY (id)
);
INSERT INTO prefix_config VALUES('VERSION', '1.4.0');
```
In **PostgreSQL**, the `data`, `attachment`, `nickname` and `vizhash` columns
need to be `TEXT` and not `BLOB` or `MEDIUMBLOB`. The key names in brackets,
after `PRIMARY KEY`, need to be removed.
In **Oracle**, the `data`, `attachment`, `nickname` and `vizhash` columns need
to be `CLOB` and not `BLOB` or `MEDIUMBLOB`, the `id` column in the `config`
table needs to be `VARCHAR2(16)` and the `meta` column in the `paste` table
and the `value` column in the `config` table need to be `VARCHAR2(4000)`.
#### Using Google Cloud Storage
If you want to deploy PrivateBin in a serverless manner in the Google Cloud, you
can choose the `GoogleCloudStorage` as backend. To use this backend, you create
a GCS bucket and specify the name as the model option `bucket`. Alternatively,
you can set the name through the environment variable `PRIVATEBIN_GCS_BUCKET`.
The default prefix for pastes stored in the bucket is `pastes`. To change the
prefix, specify the option `prefix`.
Google Cloud Storage buckets may be significantly slower than a `FileSystem` or
`Database` backend. The big advantage is that the deployment on Google Cloud
Platform using Google Cloud Run is easy and cheap.
To use the Google Cloud Storage backend you have to install the suggested
library using the command `composer require google/cloud-storage`.
LICENSE.md 0 → 100755
View file @ e6cb1cc1
This diff is collapsed.
Procfile 0 → 100644
View file @ e6cb1cc1
web: vendor/bin/heroku-php-apache2
README.md 0 → 100755
View file @ e6cb1cc1
# [![PrivateBin](https://cdn.rawgit.com/PrivateBin/assets/master/images/preview/logoSmall.png)](https://privatebin.info/)
*Current version: 1.7.4*
**PrivateBin** is a minimalist, open source online
[pastebin](https://en.wikipedia.org/wiki/Pastebin)
where the server has zero knowledge of pasted data.
Data is encrypted and decrypted in the browser using 256bit AES in
[Galois Counter mode](https://en.wikipedia.org/wiki/Galois/Counter_Mode).
This is a fork of ZeroBin, originally developed by
[Sébastien Sauvage](https://github.com/sebsauvage/ZeroBin). PrivateBin was
refactored to allow easier and cleaner extensions and has many additional
features. It is, however, still fully compatible to the original ZeroBin 0.19
data storage scheme. Therefore, such installations can be upgraded to PrivateBin
without losing any data.
## What PrivateBin provides
+ As a server administrator you don't have to worry if your users post content
that is considered illegal in your country. You have plausible deniability of
any of the pastes content. If requested or enforced, you can delete any paste
from your system.
+ Pastebin-like system to store text documents, code samples, etc.
+ Encryption of data sent to server.
+ Possibility to set a password which is required to read the paste. It further
protects a paste and prevents people stumbling upon your paste's link
from being able to read it without the password.
## What it doesn't provide
- As a user you have to trust the server administrator not to inject any
malicious code. For security, a PrivateBin installation *has to be used over*
*HTTPS*! Otherwise you would also have to trust your internet provider, and
any jurisdiction the traffic passes through. Additionally the instance should
be secured by
[HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security). It can
use traditional certificate authorities and/or use a
[DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions)
protected
[DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities)
record.
- The "key" used to encrypt the paste is part of the URL. If you publicly post
the URL of a paste that is not password-protected, anyone can read it.
Use a password if you want your paste to remain private. In that case, make
sure to use a strong password and share it privately and end-to-end-encrypted.
- A server admin can be forced to hand over access logs to the authorities.
PrivateBin encrypts your text and the discussion contents, but who accessed a
paste (first) might still be disclosed via access logs.
- In case of a server breach your data is secure as it is only stored encrypted
on the server. However, the server could be abused or the server admin could
be legally forced into sending malicious code to their users, which logs
the decryption key and sends it to a server when a user accesses a paste.
Therefore, do not access any PrivateBin instance if you think it has been
compromised. As long as no user accesses this instance with a previously
generated URL, the content can't be decrypted.
## Options
Some features are optional and can be enabled or disabled in the [configuration
file](https://github.com/PrivateBin/PrivateBin/wiki/Configuration):
* Password protection
* Discussions, anonymous or with nicknames and IP based identicons or vizhashes
* Expiration times, including a "forever" and "burn after reading" option
* Markdown format support for HTML formatted pastes, including preview function
* Syntax highlighting for source code using prettify.js, including 4 prettify
themes
* File upload support, image, media and PDF preview (disabled by default, size
limit adjustable)
* Templates: By default there are bootstrap CSS, darkstrap and "classic ZeroBin"
to choose from and it is easy to adapt these to your own websites layout or
create your own.
* Translation system and automatic browser language detection (if enabled in
browser)
* Language selection (disabled by default, as it uses a session cookie)
* QR code for paste URLs, to easily transfer them over to mobile devices
## Further resources
* [FAQ](https://github.com/PrivateBin/PrivateBin/wiki/FAQ)
* [Installation guide](https://github.com/PrivateBin/PrivateBin/blob/master/doc/Installation.md#installation)
* [Configuration guide](https://github.com/PrivateBin/PrivateBin/wiki/Configuration)
* [Templates](https://github.com/PrivateBin/PrivateBin/wiki/Templates)
* [Translation guide](https://github.com/PrivateBin/PrivateBin/wiki/Translation)
* [Developer guide](https://github.com/PrivateBin/PrivateBin/wiki/Development)
Run into any issues? Have ideas for further developments? Please
[report](https://github.com/PrivateBin/PrivateBin/issues) them!
SECURITY.md 0 → 100755
View file @ e6cb1cc1
# Security Policy
## Supported Versions
| Version | Supported |
| ------- | ------------------ |
| 1.7.4 | :heavy_check_mark: |
| < 1.7.4 | :x: |
## Reporting a Vulnerability
You can send us email at security@privatebin.org. You should be able to get
a response within a week (usually during the next weekend). The respondee will
reply from their personal address and can offer you their GPG public key to
support end-to-end encrypted communication on sensitive topics or attachments.
You can also contact us via the regular issue tracker if the risk of early
publication is low or you would request input from other PrivateBin users.
bin/administration 0 → 100644
View file @ e6cb1cc1
#!/usr/bin/env php
<?php declare(strict_types=1);
/**
* PrivateBin
*
* a zero-knowledge paste bin
*
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
*/
namespace PrivateBin;
use Exception;
use PrivateBin\Configuration;
use PrivateBin\Data\AbstractData;
use PrivateBin\Model\Paste;
define('PATH', dirname(__FILE__) . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR);
require PATH . 'vendor' . DIRECTORY_SEPARATOR . 'autoload.php';
/**
* Administration
*
* Command line utility for administrative tasks.
*/
class Administration
{
/**
* configuration
*
* @access private
* @var Configuration
*/
private $_conf;
/**
* options, parsed from the command line arguments
*
* @access private
* @var array
*/
private $_opts = array();
/**
* data storage model
*
* @access private
* @var AbstractData
*/
private $_store;
/**
* deletes the requested paste ID, if a valid ID and it exists
*
* @access private
* @param string $pasteId
*/
private function _delete($pasteId)
{
if (!Paste::isValidId($pasteId)) {
self::_error('given ID is not a valid paste ID (16 hexadecimal digits)', 5);
}
if (!$this->_store->exists($pasteId)) {
self::_error('given ID does not exist, has expired or was already deleted', 6);
}
$this->_store->delete($pasteId);
if ($this->_store->exists($pasteId)) {
self::_error('paste ID exists after deletion, permission problem?', 7);
}
exit("paste $pasteId successfully deleted" . PHP_EOL);
}
/**
* removes empty directories, if current storage model uses Filesystem
*
* @access private
*/
private function _empty_dirs()
{
if ($this->_conf->getKey('class', 'model') !== 'Filesystem') {
self::_error('instance not using Filesystem storage, no directories to empty', 4);
}
$dir = $this->_conf->getKey('dir', 'model_options');
passthru("find $dir -type d -empty -delete", $code);
exit($code);
}
/**
* display a message on STDERR and exits
*
* @access private
* @static
* @param string $message
* @param int $code optional, defaults to 1
*/
private static function _error($message, $code = 1)
{
self::_error_echo($message);
exit($code);
}
/**
* display a message on STDERR
*
* @access private
* @static
* @param string $message
*/
private static function _error_echo($message)
{
fwrite(STDERR, 'Error: ' . $message . PHP_EOL);
}
/**
* display usage help on STDOUT and exits
*
* @access private
* @static
* @param int $code optional, defaults to 0
*/
private static function _help($code = 0)
{
echo <<<'EOT'
Usage:
administration [--delete <paste id> | --empty-dirs | --help | --purge | --statistics]
Options:
-d, --delete deletes the requested paste ID
-e, --empty-dirs removes empty directories (only if Filesystem storage is
configured)
-h, --help displays this help message
-p, --purge purge all expired pastes
-s, --statistics reads all stored pastes and comments and reports statistics
EOT, PHP_EOL;
exit($code);
}
/**
* return option for given short or long keyname, if it got set
*
* @access private
* @static
* @param string $short
* @param string $long
* @return string|null
*/
private function _option($short, $long)
{
foreach (array($short, $long) as $key) {
if (array_key_exists($key, $this->_opts)) {
return $this->_opts[$key];
}
}
return null;
}
/**
* initialize options from given argument array
*
* @access private
* @static
* @param array $arguments
*/
private function _options_initialize($arguments)
{
if ($arguments > 3) {
self::_error_echo('too many arguments given');
echo PHP_EOL;
self::_help(1);
}
if ($arguments < 2) {
self::_error_echo('missing arguments');
echo PHP_EOL;
self::_help(2);
}
$this->_opts = getopt('hd:eps', array('help', 'delete:', 'empty-dirs', 'purge', 'statistics'));
if (!$this->_opts) {
self::_error_echo('unsupported arguments given');
echo PHP_EOL;
self::_help(3);
}
}
/**
* reads all stored pastes and comments and reports statistics
*
* @access public
*/
private function _statistics()
{
$counters = array(
'burn' => 0,
'damaged' => 0,
'discussion' => 0,
'expired' => 0,
'md' => 0,
'percent' => 1,
'plain' => 0,
'progress' => 0,
'syntax' => 0,
'total' => 0,
'unknown' => 0,
);
$time = time();
$ids = $this->_store->getAllPastes();
$counters['total'] = count($ids);
$dots = $counters['total'] < 100 ? 10 : (
$counters['total'] < 1000 ? 50 : 100
);
$percentages = $counters['total'] < 100 ? 0 : (
$counters['total'] < 1000 ? 4 : 10
);
echo "Total:\t\t\t{$counters['total']}", PHP_EOL;
foreach ($ids as $pasteid) {
try {
$paste = $this->_store->read($pasteid);
} catch (Exception $e) {
echo "Error reading paste {$pasteid}: ", $e->getMessage(), PHP_EOL;
++$counters['damaged'];
}
++$counters['progress'];
if (
array_key_exists('expire_date', $paste['meta']) &&
$paste['meta']['expire_date'] < $time
) {
++$counters['expired'];
}
if (array_key_exists('adata', $paste)) {
$format = $paste['adata'][1];
$discussion = $paste['adata'][2];
$burn = $paste['adata'][3];
} else {
$format = array_key_exists('formatter', $paste['meta']) ? $paste['meta']['formatter'] : 'plaintext';
$discussion = array_key_exists('opendiscussion', $paste['meta']) ? $paste['meta']['opendiscussion'] : false;
$burn = array_key_exists('burnafterreading', $paste['meta']) ? $paste['meta']['burnafterreading'] : false;
}
if ($format === 'plaintext') {
++$counters['plain'];
} elseif ($format === 'syntaxhighlighting') {
++$counters['syntax'];
} elseif ($format === 'markdown') {
++$counters['md'];
} else {
++$counters['unknown'];
}
$counters['discussion'] += (int) $discussion;
$counters['burn'] += (int) $burn;
// display progress
if ($counters['progress'] % $dots === 0) {
echo '.';
if ($percentages) {
$progress = $percentages / $counters['total'] * $counters['progress'];
if ($progress >= $counters['percent']) {
printf(' %d%% ', 100 / $percentages * $progress);
++$counters['percent'];
}
}
}
}
echo PHP_EOL, <<<EOT
Expired:\t\t{$counters['expired']}
Burn after reading:\t{$counters['burn']}
Discussions:\t\t{$counters['discussion']}
Plain Text:\t\t{$counters['plain']}
Source Code:\t\t{$counters['syntax']}
Markdown:\t\t{$counters['md']}
EOT, PHP_EOL;
if ($counters['damaged'] > 0) {
echo "Damaged:\t\t{$counters['damaged']}", PHP_EOL;
}
if ($counters['unknown'] > 0) {
echo "Unknown format:\t\t{$counters['unknown']}", PHP_EOL;
}
}
/**
* constructor
*
* initializes and runs administrative tasks
*
* @access public
*/
public function __construct()
{
$this->_options_initialize($_SERVER['argc']);
if ($this->_option('h', 'help') !== null) {
self::_help();
}
$this->_conf = new Configuration;
if ($this->_option('e', 'empty-dirs') !== null) {
$this->_empty_dirs();
}
$class = 'PrivateBin\\Data\\' . $this->_conf->getKey('class', 'model');
$this->_store = new $class($this->_conf->getSection('model_options'));
if (($pasteId = $this->_option('d', 'delete')) !== null) {
$this->_delete($pasteId);
}
if ($this->_option('p', 'purge') !== null) {
try {
$this->_store->purge(PHP_INT_MAX);
} catch (Exception $e) {
echo 'Error purging pastes: ', $e->getMessage(), PHP_EOL,
'Run the statistics to find damaged paste IDs and either delete them or restore them from backup.', PHP_EOL;
}
exit('purging of expired pastes concluded' . PHP_EOL);
}
if ($this->_option('s', 'statistics') !== null) {
$this->_statistics();
}
}
}
new Administration();
bin/migrate 0 → 100644
View file @ e6cb1cc1
#!/usr/bin/env php
<?php declare(strict_types=1);
/**
* PrivateBin
*
* a zero-knowledge paste bin
*
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
*/
// change this, if your php files and data are outside of your webservers document root
define('PATH', dirname(__FILE__) . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR);
define('PUBLIC_PATH', __DIR__ . DIRECTORY_SEPARATOR);
require PATH . 'vendor' . DIRECTORY_SEPARATOR . 'autoload.php';
use PrivateBin\Configuration;
use PrivateBin\Model;
// third argument in getopt requires PHP >= 7.1
if (version_compare(PHP_VERSION, '7.1.0') < 0) {
dieerr('migrate requires php 7.1 or above to work. Sorry.');
}
$longopts = array(
"delete-after",
"delete-during",
"help"
);
$opts_arr = getopt("fhnv", $longopts, $rest);
if ($opts_arr === false) {
dieerr("Erroneous command line options. Please use --help");
}
if (array_key_exists("h", $opts_arr) || array_key_exists("help", $opts_arr)) {
helpexit();
}
$delete_after = array_key_exists("delete-after", $opts_arr);
$delete_during = array_key_exists("delete-during", $opts_arr);
$force_overwrite = array_key_exists("f", $opts_arr);
$dryrun = array_key_exists("n", $opts_arr);
$verbose = array_key_exists("v", $opts_arr);
if ($rest >= $argc) {
dieerr("Missing source configuration directory");
}
if ($delete_after && $delete_during) {
dieerr("--delete-after and --delete-during are mutually exclusive");
}
$srcconf = getConfig("source", $argv[$rest]);
$rest++;
$dstconf = getConfig("destination", ($rest < $argc ? $argv[$rest] : ""));
if (($srcconf->getSection("model") == $dstconf->getSection("model")) &&
($srcconf->getSection("model_options") == $dstconf->getSection("model_options"))) {
dieerr("Source and destination storage configurations are identical");
}
$srcmodel = new Model($srcconf);
$srcstore = $srcmodel->getStore();
$dstmodel = new Model($dstconf);
$dststore = $dstmodel->getStore();
$ids = $srcstore->getAllPastes();
foreach ($ids as $id) {
debug("Reading paste id " . $id);
$paste = $srcstore->read($id);
$comments = $srcstore->readComments($id);
savePaste($force_overwrite, $dryrun, $id, $paste, $dststore);
foreach ($comments as $comment) {
saveComment($force_overwrite, $dryrun, $id, $comment, $dststore);
}
if ($delete_during) {
deletePaste($dryrun, $id, $srcstore);
}
}
if ($delete_after) {
foreach ($ids as $id) {
deletePaste($dryrun, $id, $srcstore);
}
}
debug("Done.");
function deletePaste($dryrun, $pasteid, $srcstore)
{
if (!$dryrun) {
debug("Deleting paste id " . $pasteid);
$srcstore->delete($pasteid);
} else {
debug("Would delete paste id " . $pasteid);
}
}
function saveComment ($force_overwrite, $dryrun, $pasteid, $comment, $dststore)
{
$parentid = $comment["parentid"];
$commentid = $comment["id"];
if (!$dststore->existsComment($pasteid, $parentid, $commentid)) {
if (!$dryrun) {
debug("Saving paste id " . $pasteid . ", parent id " .
$parentid . ", comment id " . $commentid);
$dststore->createComment($pasteid, $parentid, $commentid, $comment);
} else {
debug("Would save paste id " . $pasteid . ", parent id " .
$parentid . ", comment id " . $commentid);
}
} else if ($force_overwrite) {
if (!$dryrun) {
debug("Overwriting paste id " . $pasteid . ", parent id " .
$parentid . ", comment id " . $commentid);
$dststore->createComment($pasteid, $parentid, $commentid, $comment);
} else {
debug("Would overwrite paste id " . $pasteid . ", parent id " .
$parentid . ", comment id " . $commentid);
}
} else {
if (!$dryrun) {
dieerr("Not overwriting paste id " . $pasteid . ", parent id " .
$parentid . ", comment id " . $commentid);
} else {
dieerr("Would not overwrite paste id " . $pasteid . ", parent id " .
$parentid . ", comment id " . $commentid);
}
}
}
function savePaste ($force_overwrite, $dryrun, $pasteid, $paste, $dststore)
{
if (!$dststore->exists($pasteid)) {
if (!$dryrun) {
debug("Saving paste id " . $pasteid);
$dststore->create($pasteid, $paste);
} else {
debug("Would save paste id " . $pasteid);
}
} else if ($force_overwrite) {
if (!$dryrun) {
debug("Overwriting paste id " . $pasteid);
$dststore->create($pasteid, $paste);
} else {
debug("Would overwrite paste id " . $pasteid);
}
} else {
if (!$dryrun) {
dieerr("Not overwriting paste id " . $pasteid);
} else {
dieerr("Would not overwrite paste id " . $pasteid);
}
}
}
function getConfig ($target, $confdir)
{
debug("Trying to load " . $target . " conf.php" .
($confdir === "" ? "" : " from " . $confdir));
putenv("CONFIG_PATH=" . $confdir);
$conf = new Configuration;
putenv("CONFIG_PATH=");
return $conf;
}
function dieerr ($text)
{
fprintf(STDERR, "ERROR: %s" . PHP_EOL, $text);
die(1);
}
function debug ($text) {
if ($GLOBALS["verbose"]) {
printf("DEBUG: %s" . PHP_EOL, $text);
}
}
function helpexit ()
{
print("migrate - Copy data between PrivateBin backends
Usage:
migrate [--delete-after] [--delete-during] [-f] [-n] [-v] srcconfdir
[<dstconfdir>]
migrate [-h|--help]
Options:
--delete-after delete data from source after all pastes and comments have
successfully been copied to the destination
--delete-during delete data from source after the current paste and its
comments have successfully been copied to the destination
-f forcefully overwrite data which already exists at the
destination
-h, --help displays this help message
-n dry run, do not copy data
-v be verbose
<srcconfdir> use storage backend configration from conf.php found in
this directory as source
<dstconfdir> optionally, use storage backend configration from conf.php
found in this directory as destination; defaults to:
" . PATH . "cfg" . DIRECTORY_SEPARATOR . "conf.php
");
exit();
}
browserconfig.xml 0 → 100755
View file @ e6cb1cc1
<?xml version="1.0" encoding="utf-8"?>
<browserconfig>
<msapplication>
<tile>
<square150x150logo src="img/mstile-150x150.png"/>
<square310x310logo src="img/mstile-310x310.png"/>
<wide310x150logo src="img/mstile-310x150.png"/>
<TileColor>#ffc40d</TileColor>
</tile>
</msapplication>
</browserconfig>
cfg/.htaccess 0 → 100755
View file @ e6cb1cc1
Require all denied
cfg/conf.php 0 → 100755
View file @ e6cb1cc1
;<?php http_response_code(403); /*
; config file for PrivateBin
;
; An explanation of each setting can be find online at https://github.com/PrivateBin/PrivateBin/wiki/Configuration.
[main]
; (optional) set a project name to be displayed on the website
name = "SiickBin"
; enable or disable the discussion feature, defaults to true
discussion = true
; preselect the discussion feature, defaults to false
opendiscussion = false
; enable or disable the password feature, defaults to true
password = true
; enable or disable the file upload feature, defaults to false
fileupload = false
; preselect the burn-after-reading feature, defaults to false
burnafterreadingselected = false
; which display mode to preselect by default, defaults to "plaintext"
; make sure the value exists in [formatter_options]
defaultformatter = "plaintext"
; (optional) set a syntax highlighting theme, as found in css/prettify/
; syntaxhighlightingtheme = "sons-of-obsidian"
; size limit per paste or comment in bytes, defaults to 10 Mebibytes
sizelimit = 10485760
; template to include, default is "bootstrap" (tpl/bootstrap.php)
template = "bootstrap"
; (optional) notice to display
; notice = "Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service."
; by default PrivateBin will guess the visitors language based on the browsers
; settings. Optionally you can enable the language selection menu, which uses
; a session cookie to store the choice until the browser is closed.
languageselection = false
; set the language your installs defaults to, defaults to English
; if this is set and language selection is disabled, this will be the only language
; languagedefault = "en"
; (optional) URL shortener address to offer after a new paste is created
; it is suggested to only use this with self-hosted shorteners as this will leak
; the pastes encryption key
; urlshortener = "https://shortener.example.com/api?link="
; (optional) Let users create a QR code for sharing the paste URL with one click.
; It works both when a new paste is created and when you view a paste.
; qrcode = true
; (optional) IP based icons are a weak mechanism to detect if a comment was from
; a different user when the same username was used in a comment. It might be
; used to get the IP of a non anonymous comment poster if the server salt is
; leaked and a SHA256 HMAC rainbow table is generated for all (relevant) IPs.
; Can be set to one these values: none / vizhash / identicon (default).
; icon = none
; Content Security Policy headers allow a website to restrict what sources are
; allowed to be accessed in its context. You need to change this if you added
; custom scripts from third-party domains to your templates, e.g. tracking
; scripts or run your site behind certain DDoS-protection services.
; Check the documentation at https://content-security-policy.com/
; Notes:
; - If you use a bootstrap theme, you can remove the allow-popups from the
; sandbox restrictions.
; - By default this disallows to load images from third-party servers, e.g. when
; they are embedded in pastes. If you wish to allow that, you can adjust the
; policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images
; for details.
; - The 'unsafe-eval' is used in two cases; to check if the browser supports
; async functions and display an error if not and for Chrome to enable
; webassembly support (used for zlib compression). You can remove it if Chrome
; doesn't need to be supported and old browsers don't need to be warned.
; cspheader = "default-src 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals"
; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
; sha256 in HMAC for the deletion token
; zerobincompatibility = false
; Enable or disable the warning message when the site is served over an insecure
; connection (insecure HTTP instead of HTTPS), defaults to true.
; Secure transport methods like Tor and I2P domains are automatically whitelisted.
; It is **strongly discouraged** to disable this.
; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information.
; httpwarning = true
; Pick compression algorithm or disable it. Only applies to pastes/comments
; created after changing the setting.
; Can be set to one these values: none / zlib (default).
; compression = zlib
[expire]
; expire value that is selected per default
; make sure the value exists in [expire_options]
default = "1week"
[expire_options]
; Set each one of these to the number of seconds in the expiration period,
; or 0 if it should never expire
5min = 300
10min = 600
1hour = 3600
1day = 86400
1week = 604800
; Well this is not *exactly* one month, it's 30 days:
1month = 2592000
1year = 31536000
never = 0
[formatter_options]
; Set available formatters, their order and their labels
plaintext = "Plain Text"
syntaxhighlighting = "Source Code"
markdown = "Markdown"
[traffic]
; time limit between calls from the same IP address in seconds
; Set this to 0 to disable rate limiting.
limit = 10
; (optional) if your website runs behind a reverse proxy or load balancer,
; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR
; header = "X_FORWARDED_FOR"
; directory to store the traffic limits in
dir = PATH "data"
[purge]
; minimum time limit between two purgings of expired pastes, it is only
; triggered when pastes are created
; Set this to 0 to run a purge every time a paste is created.
limit = 300
; maximum amount of expired pastes to delete in one purge
; Set this to 0 to disable purging. Set it higher, if you are running a large
; site
batchsize = 10
; directory to store the purge limit in
dir = PATH "data"
[model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
class = Filesystem
[model_options]
dir = PATH "data"
;[model]
; example of DB configuration for MySQL
;class = Database
;[model_options]
;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
;tbl = "privatebin_" ; table prefix
;usr = "privatebin"
;pwd = "Z3r0P4ss"
;opt[12] = true ; PDO::ATTR_PERSISTENT
;[model]
; example of DB configuration for SQLite
;class = Database
;[model_options]
;dsn = "sqlite:" PATH "data/db.sq3"
;usr = null
;pwd = null
;opt[12] = true ; PDO::ATTR_PERSISTENT
cfg/conf.sample.php 0 → 100755
View file @ e6cb1cc1
;<?php http_response_code(403); /*
; config file for PrivateBin
;
; An explanation of each setting can be find online at https://github.com/PrivateBin/PrivateBin/wiki/Configuration.
[main]
; (optional) set a project name to be displayed on the website
; name = "PrivateBin"
; The full URL, with the domain name and directories that point to the
; PrivateBin files, including an ending slash (/). This URL is essential to
; allow Opengraph images to be displayed on social networks.
; basepath = "https://privatebin.example.com/"
; enable or disable the discussion feature, defaults to true
discussion = true
; preselect the discussion feature, defaults to false
opendiscussion = false
; enable or disable the display of dates & times in the comments, defaults to true
; Note that internally the creation time will still get tracked in order to sort
; the comments by creation time, but you can choose not to display them.
; discussiondatedisplay = false
; enable or disable the password feature, defaults to true
password = true
; enable or disable the file upload feature, defaults to false
fileupload = false
; preselect the burn-after-reading feature, defaults to false
burnafterreadingselected = false
; which display mode to preselect by default, defaults to "plaintext"
; make sure the value exists in [formatter_options]
defaultformatter = "plaintext"
; (optional) set a syntax highlighting theme, as found in css/prettify/
; syntaxhighlightingtheme = "sons-of-obsidian"
; size limit per paste or comment in bytes, defaults to 10 Mebibytes
sizelimit = 10485760
; template to include, default is "bootstrap" (tpl/bootstrap.php), also
; available are "page" (tpl/page.php), the classic ZeroBin style and several
; bootstrap variants: "bootstrap-dark", "bootstrap-compact", "bootstrap-page",
; which can be combined with "-dark" and "-compact" for "bootstrap-dark-page"
; and finally "bootstrap-compact-page" - previews at:
; https://privatebin.info/screenshots.html
template = "bootstrap"
; (optional) info text to display
; use single, instead of double quotes for HTML attributes
;info = "More information on the <a href='https://privatebin.info/'>project page</a>."
; (optional) notice to display
; notice = "Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service."
; by default PrivateBin will guess the visitors language based on the browsers
; settings. Optionally you can enable the language selection menu, which uses
; a session cookie to store the choice until the browser is closed.
languageselection = false
; set the language your installs defaults to, defaults to English
; if this is set and language selection is disabled, this will be the only language
; languagedefault = "en"
; (optional) URL shortener address to offer after a new paste is created.
; It is suggested to only use this with self-hosted shorteners as this will leak
; the pastes encryption key.
; urlshortener = "https://shortener.example.com/api?link="
; (optional) Let users create a QR code for sharing the paste URL with one click.
; It works both when a new paste is created and when you view a paste.
; qrcode = true
; (optional) Let users send an email sharing the paste URL with one click.
; It works both when a new paste is created and when you view a paste.
; email = true
; (optional) IP based icons are a weak mechanism to detect if a comment was from
; a different user when the same username was used in a comment. It might get
; used to get the IP of a comment poster if the server salt is leaked and a
; SHA512 HMAC rainbow table is generated for all (relevant) IPs.
; Can be set to one these values:
; "none" / "identicon" (default) / "jdenticon" / "vizhash".
; icon = "none"
; Content Security Policy headers allow a website to restrict what sources are
; allowed to be accessed in its context. You need to change this if you added
; custom scripts from third-party domains to your templates, e.g. tracking
; scripts or run your site behind certain DDoS-protection services.
; Check the documentation at https://content-security-policy.com/
; Notes:
; - If you use any bootstrap theme, you can remove the allow-popups from the
; sandbox restrictions.
; - If you use the bootstrap5 theme, you must change default-src to 'self' to
; enable display of the svg icons
; - By default this disallows to load images from third-party servers, e.g. when
; they are embedded in pastes. If you wish to allow that, you can adjust the
; policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images
; for details.
; - The 'unsafe-eval' is used in two cases; to check if the browser supports
; async functions and display an error if not and for Chrome to enable
; webassembly support (used for zlib compression). You can remove it if Chrome
; doesn't need to be supported and old browsers don't need to be warned.
; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
; sha256 in HMAC for the deletion token
; zerobincompatibility = false
; Enable or disable the warning message when the site is served over an insecure
; connection (insecure HTTP instead of HTTPS), defaults to true.
; Secure transport methods like Tor and I2P domains are automatically whitelisted.
; It is **strongly discouraged** to disable this.
; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information.
; httpwarning = true
; Pick compression algorithm or disable it. Only applies to pastes/comments
; created after changing the setting.
; Can be set to one these values: "none" / "zlib" (default).
; compression = "zlib"
[expire]
; expire value that is selected per default
; make sure the value exists in [expire_options]
default = "1week"
[expire_options]
; Set each one of these to the number of seconds in the expiration period,
; or 0 if it should never expire
5min = 300
10min = 600
1hour = 3600
1day = 86400
1week = 604800
; Well this is not *exactly* one month, it's 30 days:
1month = 2592000
1year = 31536000
never = 0
[formatter_options]
; Set available formatters, their order and their labels
plaintext = "Plain Text"
syntaxhighlighting = "Source Code"
markdown = "Markdown"
[traffic]
; time limit between calls from the same IP address in seconds
; Set this to 0 to disable rate limiting.
limit = 10
; (optional) Set IPs addresses (v4 or v6) or subnets (CIDR) which are exempted
; from the rate-limit. Invalid IPs will be ignored. If multiple values are to
; be exempted, the list needs to be comma separated. Leave unset to disable
; exemptions.
; exempted = "1.2.3.4,10.10.10/24"
; (optional) If you want only some source IP addresses (v4 or v6) or subnets
; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be
; ignored. If multiple values are to be exempted, the list needs to be comma
; separated. Leave unset to allow anyone to create pastes.
; creators = "1.2.3.4,10.10.10/24"
; (optional) if your website runs behind a reverse proxy or load balancer,
; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR
; header = "X_FORWARDED_FOR"
[purge]
; minimum time limit between two purgings of expired pastes, it is only
; triggered when pastes are created
; Set this to 0 to run a purge every time a paste is created.
limit = 300
; maximum amount of expired pastes to delete in one purge
; Set this to 0 to disable purging. Set it higher, if you are running a large
; site
batchsize = 10
[model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
class = Filesystem
[model_options]
dir = PATH "data"
;[model]
; example of a Google Cloud Storage configuration
;class = GoogleCloudStorage
;[model_options]
;bucket = "my-private-bin"
;prefix = "pastes"
;uniformacl = false
;[model]
; example of DB configuration for MySQL
;class = Database
;[model_options]
;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
;tbl = "privatebin_" ; table prefix
;usr = "privatebin"
;pwd = "Z3r0P4ss"
;opt[12] = true ; PDO::ATTR_PERSISTENT
;[model]
; example of DB configuration for SQLite
;class = Database
;[model_options]
;dsn = "sqlite:" PATH "data/db.sq3"
;usr = null
;pwd = null
;opt[12] = true ; PDO::ATTR_PERSISTENT
;[model]
; example of DB configuration for PostgreSQL
;class = Database
;[model_options]
;dsn = "pgsql:host=localhost;dbname=privatebin"
;tbl = "privatebin_" ; table prefix
;usr = "privatebin"
;pwd = "Z3r0P4ss"
;opt[12] = true ; PDO::ATTR_PERSISTENT
;[model]
; example of S3 configuration for Rados gateway / CEPH
;class = S3Storage
;[model_options]
;region = ""
;version = "2006-03-01"
;endpoint = "https://s3.my-ceph.invalid"
;use_path_style_endpoint = true
;bucket = "my-bucket"
;accesskey = "my-rados-user"
;secretkey = "my-rados-pass"
;[model]
; example of S3 configuration for AWS
;class = S3Storage
;[model_options]
;region = "eu-central-1"
;version = "latest"
;bucket = "my-bucket"
;accesskey = "access key id"
;secretkey = "secret access key"
;[model]
; example of S3 configuration for AWS using its SDK default credential provider chain
; if relying on environment variables, the AWS SDK will look for the following:
; - AWS_ACCESS_KEY_ID
; - AWS_SECRET_ACCESS_KEY
; - AWS_SESSION_TOKEN (if needed)
; for more details, see https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials.html#default-credential-chain
;class = S3Storage
;[model_options]
;region = "eu-central-1"
;version = "latest"
;bucket = "my-bucket"
[yourls]
; When using YOURLS as a "urlshortener" config item:
; - By default, "urlshortener" will point to the YOURLS API URL, with or without
; credentials, and will be visible in public on the PrivateBin web page.
; Only use this if you allow short URL creation without credentials.
; - Alternatively, using the parameters in this section ("signature" and
; "apiurl"), "urlshortener" needs to point to the base URL of your PrivateBin
; instance with "?shortenviayourls&link=" appended. For example:
; urlshortener = "${basepath}?shortenviayourls&link="
; This URL will in turn call YOURLS on the server side, using the URL from
; "apiurl" and the "access signature" from the "signature" parameters below.
; (optional) the "signature" (access key) issued by YOURLS for the using account
; signature = ""
; (optional) the URL of the YOURLS API, called to shorten a PrivateBin URL
; apiurl = "https://yourls.example.com/yourls-api.php"
composer.json 0 → 100644
View file @ e6cb1cc1
{
"name" : "privatebin/privatebin",
"description" : "PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bit AES in Galois Counter mode (GCM).",
"type" : "project",
"keywords" : [
"private",
"secure",
"end-to-end-encrypted",
"e2e",
"paste",
"pastebin",
"zero",
"zero-knowledge",
"encryption",
"encrypted",
"AES"
],
"homepage" : "https://privatebin.info/",
"license" : "zlib-acknowledgement",
"support" : {
"issues" : "https://github.com/PrivateBin/PrivateBin/issues",
"wiki" : "https://github.com/PrivateBin/PrivateBin/wiki",
"source" : "https://github.com/PrivateBin/PrivateBin",
"docs" : "https://privatebin.info/codedoc/"
},
"require" : {
"php": "^7.3 || ^8.0",
"jdenticon/jdenticon": "1.0.2",
"mlocati/ip-lib": "1.18.0",
"yzalis/identicon": "2.0.0"
},
"suggest" : {
"google/cloud-storage" : "1.41.0",
"aws/aws-sdk-php" : "3.302.0"
},
"require-dev" : {
"phpunit/phpunit" : "^9"
},
"autoload" : {
"psr-4" : {
"PrivateBin\\" : "lib/"
}
},
"config" : {
"autoloader-suffix" : "DontChange",
"optimize-autoloader": true,
"preferred-install": "dist",
"sort-packages": true,
"platform": {
"php": "7.3"
}
}
}
composer.lock 0 → 100644
View file @ e6cb1cc1
This diff is collapsed.
css/bootstrap/bootstrap-3.4.1.css 0 → 100755
View file @ e6cb1cc1
This diff is collapsed.
css/bootstrap/bootstrap-theme-3.4.1.css 0 → 100755
View file @ e6cb1cc1
This diff is collapsed.