diff --git a/.github/workflows/test-results.yml b/.github/workflows/test-results.yml
index 4e20737d..5254960f 100644
--- a/.github/workflows/test-results.yml
+++ b/.github/workflows/test-results.yml
@@ -24,7 +24,7 @@ jobs:
steps:
- name: Download and Extract Artifacts
- uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11
+ uses: dawidd6/action-download-artifact@80620a5d27ce0ae443b965134db88467fc607b43
with:
run_id: ${{ github.event.workflow_run.id }}
path: artifacts
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a8f92f4a..d73e4c95 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,8 @@
## 1.7.6 (not yet released)
* CHANGED: Allow toggling tab-key-support using `[Ctrl]+[m]` or `[Esc]` in textarea for keyboard navigation (#1386)
+* CHANGED: Switched to WASM streaming and replace unsafe-eval with wasm-unsafe-eval CSP declaration (#1464), requires webserver to have `application/wasm` MIME type configured.
+* CHANGED: Upgrading libraries to: cloud-storage 1.44.0, aws-sdk-php 3.331.0
## 1.7.5 (2024-11-16)
* ADDED: Allow non persistent SQL connections, if configured (#1394)
diff --git a/cfg/conf.sample.php b/cfg/conf.sample.php
index e9880471..39ed7504 100644
--- a/cfg/conf.sample.php
+++ b/cfg/conf.sample.php
@@ -101,11 +101,9 @@ languageselection = false
; they are embedded in pastes. If you wish to allow that, you can adjust the
; policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images
; for details.
-; - The 'unsafe-eval' is used in two cases; to check if the browser supports
-; async functions and display an error if not and for Chrome to enable
-; webassembly support (used for zlib compression). You can remove it if Chrome
-; doesn't need to be supported and old browsers don't need to be warned.
-; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
+; - The 'wasm-unsafe-eval' is used to enable webassembly support (used for zlib
+; compression). You can remove it if compression doesn't need to be supported.
+; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
diff --git a/codacy-analysis.yml b/codacy-analysis.yml
index 9850708b..31d065cd 100644
--- a/codacy-analysis.yml
+++ b/codacy-analysis.yml
@@ -24,7 +24,7 @@ jobs:
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout code
- uses: actions/checkout@v2
+ uses: actions/checkout@v4
# Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
- name: Run Codacy Analysis CLI
diff --git a/composer.json b/composer.json
index d16a562b..10024a08 100644
--- a/composer.json
+++ b/composer.json
@@ -30,8 +30,8 @@
"yzalis/identicon": "2.0.0"
},
"suggest" : {
- "google/cloud-storage" : "1.43.0",
- "aws/aws-sdk-php" : "3.325.0"
+ "google/cloud-storage" : "1.44.0",
+ "aws/aws-sdk-php" : "3.331.0"
},
"require-dev" : {
"phpunit/phpunit" : "^9"
diff --git a/composer.lock b/composer.lock
index 3b298cb5..a72fb37c 100644
--- a/composer.lock
+++ b/composer.lock
@@ -257,16 +257,16 @@
},
{
"name": "myclabs/deep-copy",
- "version": "1.12.0",
+ "version": "1.12.1",
"source": {
"type": "git",
"url": "https://github.com/myclabs/DeepCopy.git",
- "reference": "3a6b9a42cd8f8771bd4295d13e1423fa7f3d942c"
+ "reference": "123267b2c49fbf30d78a7b2d333f6be754b94845"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/3a6b9a42cd8f8771bd4295d13e1423fa7f3d942c",
- "reference": "3a6b9a42cd8f8771bd4295d13e1423fa7f3d942c",
+ "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/123267b2c49fbf30d78a7b2d333f6be754b94845",
+ "reference": "123267b2c49fbf30d78a7b2d333f6be754b94845",
"shasum": ""
},
"require": {
@@ -305,7 +305,7 @@
],
"support": {
"issues": "https://github.com/myclabs/DeepCopy/issues",
- "source": "https://github.com/myclabs/DeepCopy/tree/1.12.0"
+ "source": "https://github.com/myclabs/DeepCopy/tree/1.12.1"
},
"funding": [
{
@@ -313,7 +313,7 @@
"type": "tidelift"
}
],
- "time": "2024-06-12T14:39:25+00:00"
+ "time": "2024-11-08T17:47:46+00:00"
},
{
"name": "nikic/php-parser",
diff --git a/i18n/co.json b/i18n/co.json
index c815237a..beba4159 100644
--- a/i18n/co.json
+++ b/i18n/co.json
@@ -168,15 +168,15 @@
"Plain Text": "Testu in chjaru",
"Source Code": "Codice di fonte",
"Markdown": "Markdown",
- "Download attachment": "Scaricà a pezza aghjunta",
+ "Download attachment": "Scaricà a pezza ghjunta",
"Cloned: '%s'": "Duppiatu : « %s »",
"The cloned file '%s' was attached to this paste.": "U schedariu duppiatu « %s » hè statu aghjuntu à st’appiccicu.",
"Attach a file": "Aghjunghje un schedariu",
"alternatively drag & drop a file or paste an image from the clipboard": "in alternanza, sguillà è depone un schedariu o incullà una fiura da u preme’papei",
- "File too large, to display a preview. Please download the attachment.": "Schedariu troppu maiò per affissà una fighjulata. Scaricate a pezza aghjunta.",
- "Remove attachment": "Caccià a pezza aghjunta",
+ "File too large, to display a preview. Please download the attachment.": "Schedariu troppu maiò per affissà una fighjulata. Scaricate a pezza ghjunta.",
+ "Remove attachment": "Caccià a pezza ghjunta",
"Your browser does not support uploading encrypted files. Please use a newer browser.": "U vostru navigatore ùn accetta micca l’inviu di i schedarii cifrati. Impiegate un navigatore più recente.",
- "Invalid attachment.": "A pezza aghjunta hè inaccettevule.",
+ "Invalid attachment.": "A pezza ghjunta hè inaccettevule.",
"Options": "Ozzioni",
"Shorten URL": "Ammuzzà l’indirizzu",
"Editor": "Editore",
diff --git a/i18n/th.json b/i18n/th.json
index eaa2bde1..72948e33 100644
--- a/i18n/th.json
+++ b/i18n/th.json
@@ -215,12 +215,12 @@
"Trying to shorten a URL that isn't pointing at our instance.": "กำลังพยายามใช้เครื่องมือสร้างลิงก์ย่อ ที่ไม่ได้ชี้ไปที่อินสแตนซ์ของเรา",
"Error calling YOURLS. Probably a configuration issue, like wrong or missing \"apiurl\" or \"signature\".": "เกิดข้อผิดพลาดในการเรียก YOURLS อาจเป็นปัญหามาจากการกำหนดค่า เช่น \"apiurl\" หรือ \"signature\" ไม่ถูกต้องหรือขาดหายไป",
"Error parsing YOURLS response.": "เกิดข้อผิดพลาดในการแยกวิเคราะห์การตอบสนองของ YOURLS",
- "This secret message can only be displayed once. Would you like to see it now?": "This secret message can only be displayed once. Would you like to see it now?",
- "Yes, see it": "Yes, see it",
- "Dark Mode": "โหมดมืด",
- "Error compressing paste, due to missing WebAssembly support.": "Error compressing paste, due to missing WebAssembly support.",
- "Error decompressing paste, your browser does not support WebAssembly. Please use another browser to view this paste.": "Error decompressing paste, your browser does not support WebAssembly. Please use another browser to view this paste.",
- "Start over": "Start over",
+ "This secret message can only be displayed once. Would you like to see it now?": "ข้อความลับนี้จะแสดงได้เพียงครั้งเดียวเท่านั้น คุณต้องการดูข้อความนี้ตอนนี้เลยใช่หรือไม่",
+ "Yes, see it": "ใช่ ดูเลย",
+ "Dark Mode": "โหมดสีเข้ม",
+ "Error compressing paste, due to missing WebAssembly support.": "ไม่สามารถบีบอัดข้อมูลที่คุณต้องการฝากโค้ดได้ เนื่องจากอุปกรณ์ของคุณขาดการรองรับ WebAssembly",
+ "Error decompressing paste, your browser does not support WebAssembly. Please use another browser to view this paste.": "ไม่สามารถอ่านข้อมูลที่คุณได้ฝากโค้ดไว้ เบราว์เซอร์ของคุณไม่รองรับ WebAssembly กรุณาลองเปลี่ยนใช้เบราว์เซอร์ตัวอื่นเพื่อดูการฝากโค้ดนี้อีกครั้ง",
+ "Start over": "เริ่มใหม่",
"Paste text": "Paste text",
"Tabulator key serves as character (Hit Ctrl+m or Esc to toggle)": "Tabulator key serves as character (Hit Ctrl+m or Esc to toggle)"
}
diff --git a/i18n/uk.json b/i18n/uk.json
index cea58d28..8f5f87e1 100644
--- a/i18n/uk.json
+++ b/i18n/uk.json
@@ -220,7 +220,7 @@
"Dark Mode": "Темний режим",
"Error compressing paste, due to missing WebAssembly support.": "Помилка при стисканні допису, через відсутність підтримки WebAssembly сервера.",
"Error decompressing paste, your browser does not support WebAssembly. Please use another browser to view this paste.": "Помилка при розпакуванні допису, бо ваш браузер не підтримує WebAssembly. Будь ласка, відкрийте в іншому браузері для перегляду цього допису.",
- "Start over": "Start over",
+ "Start over": "Почати знову",
"Paste text": "Paste text",
"Tabulator key serves as character (Hit Ctrl+m or Esc to toggle)": "Tabulator key serves as character (Hit Ctrl+m or Esc to toggle)"
}
diff --git a/js/legacy.js b/js/legacy.js
index 0e65ff78..922e9a0e 100644
--- a/js/legacy.js
+++ b/js/legacy.js
@@ -6,7 +6,6 @@
* @see {@link https://github.com/PrivateBin/PrivateBin}
* @copyright 2012 Sébastien SAUVAGE ({@link http://sebsauvage.net})
* @license {@link https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License}
- * @version 1.3.1
* @name Legacy
* @namespace
*/
@@ -175,18 +174,6 @@
)) {
return true;
}
-
- // async & ES6 support
- try {
- eval('async () => {}');
- } catch (e) {
- if (e instanceof SyntaxError) {
- return true;
- } else {
- throw e; // throws CSP error
- }
- }
-
return false;
}
@@ -238,7 +225,7 @@
{
return init;
};
-
+
/**
* returns the current status of the check
*
@@ -250,7 +237,7 @@
{
return status;
};
-
+
/**
* init on application start, returns an all-clear signal
*
@@ -308,4 +295,4 @@
this.Legacy = {
Check: Check
};
-}).call(this);
\ No newline at end of file
+}).call(this);
diff --git a/js/zlib-1.3.1.js b/js/zlib-1.3.1.js
index 5086102d..5d942dca 100644
--- a/js/zlib-1.3.1.js
+++ b/js/zlib-1.3.1.js
@@ -1,6 +1,6 @@
'use strict';
-(function() {
+(function () {
let ret;
async function initialize() {
@@ -23,16 +23,7 @@
_abort: errno => { console.error(`Error: ${errno}`) },
_grow: () => { },
};
-
- let buff;
- if (typeof fs === 'object') {
- buff = fs.readFileSync('zlib-1.3.1.wasm');
- } else {
- const resp = await fetch('js/zlib-1.3.1.wasm');
- buff = await resp.arrayBuffer();
- }
- const module = await WebAssembly.compile(buff);
- const ins = await WebAssembly.instantiate(module, { env });
+ const ins = (await WebAssembly.instantiateStreaming(fetch('js/zlib-1.3.1.wasm'), { env })).instance;
const srcPtr = ins.exports._malloc(CHUNK_SIZE);
const dstPtr = ins.exports._malloc(CHUNK_SIZE);
@@ -116,28 +107,28 @@
}
ret = {
- inflate(rawDeflateBuffer) {
- const rawInf = new RawInf();
- for (let offset = 0; offset < rawDeflateBuffer.length; offset += CHUNK_SIZE) {
- const end = Math.min(offset + CHUNK_SIZE, rawDeflateBuffer.length);
- const chunk = rawDeflateBuffer.subarray(offset, end);
- rawInf.inflate(chunk);
- }
- const ret = rawInf.getBuffer();
- rawInf.destroy();
- return ret;
- },
- deflate(rawInflateBuffer) {
- const rawDef = new RawDef();
- for (let offset = 0; offset < rawInflateBuffer.length; offset += CHUNK_SIZE) {
- const end = Math.min(offset + CHUNK_SIZE, rawInflateBuffer.length);
- const chunk = rawInflateBuffer.subarray(offset, end);
- rawDef.deflate(chunk, rawInflateBuffer.length <= offset + CHUNK_SIZE);
- }
- const ret = rawDef.getBuffer();
- rawDef.destroy();
- return ret;
- },
+ inflate(rawDeflateBuffer) {
+ const rawInf = new RawInf();
+ for (let offset = 0; offset < rawDeflateBuffer.length; offset += CHUNK_SIZE) {
+ const end = Math.min(offset + CHUNK_SIZE, rawDeflateBuffer.length);
+ const chunk = rawDeflateBuffer.subarray(offset, end);
+ rawInf.inflate(chunk);
+ }
+ const ret = rawInf.getBuffer();
+ rawInf.destroy();
+ return ret;
+ },
+ deflate(rawInflateBuffer) {
+ const rawDef = new RawDef();
+ for (let offset = 0; offset < rawInflateBuffer.length; offset += CHUNK_SIZE) {
+ const end = Math.min(offset + CHUNK_SIZE, rawInflateBuffer.length);
+ const chunk = rawInflateBuffer.subarray(offset, end);
+ rawDef.deflate(chunk, rawInflateBuffer.length <= offset + CHUNK_SIZE);
+ }
+ const ret = rawDef.getBuffer();
+ rawDef.destroy();
+ return ret;
+ },
}
return ret;
diff --git a/lib/Configuration.php b/lib/Configuration.php
index a1afdda7..dc1fcb94 100644
--- a/lib/Configuration.php
+++ b/lib/Configuration.php
@@ -54,7 +54,7 @@ class Configuration
'qrcode' => true,
'email' => true,
'icon' => 'identicon',
- 'cspheader' => 'default-src \'none\'; base-uri \'self\'; form-action \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; frame-ancestors \'none\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads',
+ 'cspheader' => 'default-src \'none\'; base-uri \'self\'; form-action \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'wasm-unsafe-eval\'; style-src \'self\'; font-src \'self\'; frame-ancestors \'none\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads',
'zerobincompatibility' => false,
'httpwarning' => true,
'compression' => 'zlib',
@@ -106,13 +106,13 @@ class Configuration
'js/dark-mode-switch.js' => 'sha512-BhY7dNU14aDN5L+muoUmA66x0CkYUWkQT0nxhKBLP/o2d7jE025+dvWJa4OiYffBGEFgmhrD/Sp+QMkxGMTz2g==',
'js/jquery-3.7.1.js' => 'sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==',
'js/kjua-0.9.0.js' => 'sha512-CVn7af+vTMBd9RjoS4QM5fpLFEOtBCoB0zPtaqIDC7sF4F8qgUSRFQQpIyEDGsr6yrjbuOLzdf20tkHHmpaqwQ==',
- 'js/legacy.js' => 'sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==',
+ 'js/legacy.js' => 'sha512-UxW/TOZKon83n6dk/09GsYKIyeO5LeBHokxyIq+r7KFS5KMBeIB/EM7NrkVYIezwZBaovnyNtY2d9tKFicRlXg==',
'js/prettify.js' => 'sha512-puO0Ogy++IoA2Pb9IjSxV1n4+kQkKXYAEUtVzfZpQepyDPyXk8hokiYDS7ybMogYlyyEIwMLpZqVhCkARQWLMg==',
'js/privatebin.js' => 'sha512-5JuYesxfZ0hS5Auqm5QkDsUy7ZzVabjcfS3zbVLfwkhJVt8ekzU5tYLbhaDTM+wmq3xwV+8N8krpp9fuF5kS3A==',
'js/purify-3.1.7.js' => 'sha512-LegvqULiMtOfboJZw9MpETN/b+xnLRXZI90gG7oIFHW+yAeHmKvRtEUbiMFx2WvUqQoL9XB3gwU+hWXUT0X+8A==',
'js/rawinflate-0.3.js' => 'sha512-g8uelGgJW9A/Z1tB6Izxab++oj5kdD7B4qC7DHwZkB6DGMXKyzx7v5mvap2HXueI2IIn08YlRYM56jwWdm2ucQ==',
'js/showdown-2.1.0.js' => 'sha512-WYXZgkTR0u/Y9SVIA4nTTOih0kXMEd8RRV6MLFdL6YU8ymhR528NLlYQt1nlJQbYz4EW+ZsS0fx1awhiQJme1Q==',
- 'js/zlib-1.3.1.js' => 'sha512-Z90oppVx/mn0DG2k9airjFVQuliELlXLeT3SRiO6MLiUSbhGlAq+UFwmYbG4i9mwW87dkG8fgJPapGwnUq7Osg==',
+ 'js/zlib-1.3.1.js' => 'sha512-5bU9IIP4PgBrOKLZvGWJD4kgfQrkTz8Z3Iqeu058mbQzW3mCumOU6M3UVbVZU9rrVoVwaW4cZK8U8h5xjF88eQ==',
),
);
diff --git a/vendor/composer/installed.php b/vendor/composer/installed.php
index 6631bab7..7c68f160 100644
--- a/vendor/composer/installed.php
+++ b/vendor/composer/installed.php
@@ -3,7 +3,7 @@
'name' => 'privatebin/privatebin',
'pretty_version' => 'dev-master',
'version' => 'dev-master',
- 'reference' => '365782ebeb864a851a9ece915028f6cac97f8fab',
+ 'reference' => '1c7d63954642b3852177793c0c17963303484051',
'type' => 'project',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
@@ -31,7 +31,7 @@
'privatebin/privatebin' => array(
'pretty_version' => 'dev-master',
'version' => 'dev-master',
- 'reference' => '365782ebeb864a851a9ece915028f6cac97f8fab',
+ 'reference' => '1c7d63954642b3852177793c0c17963303484051',
'type' => 'project',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),