@ -35,5 +35,4 @@ If you have access to the server log files, also copy them here.
<!-- The version of PrivateBin, if you use an unstable version paste the commit hash or the GitHub link to the commit here (you can get it by running `git rev-parse HEAD`) -->
**PrivateBin version:**
* I can reproduce this issue on <https://privatebin.net>: Yes / No
I can reproduce this issue on <https://privatebin.net>: Yes / No
and extract it in your web hosts folder where you want to install your PrivateBin
instance. We try to provide a safe default configuration, but we advise you to
check the options and adjust them as you see fit.
instance. We try to provide a mostly safe default configuration, but we urge you to
check the [security section](#hardening-and-security) below and the [configuration
options](#configuration) to adjust as you see fit.
## Basic installation
**NOTE:** See [our FAQ](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#how-can-i-securely-clonedownload-your-project) for information how to securely download the PrivateBin release files.
### Requirements
### Minimal requirements
- PHP version 5.4 or above
- _one_ of the following sources of cryptographically safe randomness is required:
@ -20,37 +21,11 @@ check the options and adjust them as you see fit.
Mcrypt needs to be able to access `/dev/urandom`. This means if `open_basedir` is set, it must include this file.
- GD extension
- some disk space or (optional) a database supported by [PDO](https://secure.php.net/manual/book.pdo.php)
- ability to create files and folders in the installation directory and the PATH
- some disk space or (optionally) a database supported by [PDO](https://secure.php.net/manual/book.pdo.php)
- ability to create files and folders in the installation directory and the PATH defined in index.php
- A web browser with javascript support
### Configuration
In the file `cfg/conf.ini` you can configure PrivateBin. A `cfg/conf.ini.sample`
is provided containing all options and default values. You can copy it to
`cfg/conf.ini` and adapt it as needed. The config file is divided into multiple
sections, which are enclosed in square brackets.
In the `[main]` section you can enable or disable the discussion feature, set
the limit of stored pastes and comments in bytes. The `[traffic]` section lets
you set a time limit in seconds. Users may not post more often then this limit
If you want to use PrivateBin behind Cloudflare, make sure you disabled Rocket
loader and unchecked "Javascript" for Auto Minify, found in your domain settings,
under "Speed". (More information
[in this FAQ entry](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection))
## Advanced installation
## Hardening and security
### Changing the path
@ -64,7 +39,7 @@ process (see also
> #### PATH Example
> Your PrivateBin installation lives in a subfolder called "paste" inside of
> your document root. The URL looks like this:
> https://example.com/paste/
> http://example.com/paste/
>
> The full path of PrivateBin on your webserver is:
> /home/example.com/htdocs/paste
@ -75,6 +50,29 @@ process (see also
> PrivateBin will look for your includes / data here:
> /home/example.com/secret/privatebin
### Transport security
When setting up PrivateBin, also set up HTTPS, if you haven't already. Without HTTPS
PrivateBin is not secure, as the javascript files could be manipulated during transmission.
For more information on this, see our [FAQ entry on HTTPS setup](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#how-should-i-setup-https).
## Configuration
In the file `cfg/conf.php` you can configure PrivateBin. A `cfg/conf.sample.php`
is provided containing all options and default values. You can copy it to
`cfg/conf.php` and adapt it as needed. The config file is divided into multiple
sections, which are enclosed in square brackets.
In the `[main]` section you can enable or disable the discussion feature, set
the limit of stored pastes and comments in bytes. The `[traffic]` section lets
you set a time limit in seconds. Users may not post more often then this limit
A `robots.txt` file is provided in the root dir of PrivateBin. It disallows all
@ -88,6 +86,13 @@ some known robots and link-scanning bots. If you use Apache, you can rename the
file to `.htaccess` to enable this feature. If you use another webserver, you
have to configure it manually to do the same.
### On using Cloudflare
If you want to use PrivateBin behind Cloudflare, make sure you have disabled the Rocket
loader and unchecked "Javascript" for Auto Minify, found in your domain settings,
under "Speed". (More information
[in this FAQ entry](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection))
### Using a database instead of flat files
In the configuration file the `[model]` and `[model_options]` sections let you
@ -150,5 +155,4 @@ CREATE TABLE prefix_config (
INSERT INTO prefix_config VALUES('VERSION', '1.1');
```
In PostgreSQL the attachment column needs to be TEXT and not BLOB or MEDIUMBLOB.
In PostgreSQL, the attachment column needs to be TEXT and not BLOB or MEDIUMBLOB.
"The cloned file '%s' was attached to this paste.":"The cloned file '%s' was attached to this paste.",
"The cloned file '%s' was attached to this paste.":"El archivo clonado '%s' ha sido adjuntado a este texto.",
"Attach a file":"Adjuntar archivo",
"Remove attachment":"Remover adjunto",
"Your browser does not support uploading encrypted files. Please use a newer browser.":
@ -147,9 +147,9 @@
"Enter password":
"Ingrese contraseña",
"Loading…":"Cargando…",
"Decrypting paste…":"Decrypting paste…",
"Preparing new paste…":"Preparing new paste…",
"Decrypting paste…":"Descifrando texto…",
"Preparing new paste…":"Preparando texto nuevo…",
"In case this message never disappears please have a look at <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">this FAQ for information to troubleshoot</a>.":
"En caso de que este mensaje nunca desaparezca por favor revise <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">este FAQ para obtener información para solucionar problemas</a>.",
"Impossible de déchiffrer les données (mauvaise clé ?)",
"Could not delete the paste, it was not stored in burn after reading mode.":
"Impossible de supprimer le paste, car il n'a pas été stoclé en mode \"Effacer après lecture\".",
"Impossible de supprimer le paste, car il n'a pas été stocké en mode \"Effacer après lecture\".",
"FOR YOUR EYES ONLY. Don't close this window, this message can't be displayed again.":
"POUR VOS YEUX UNIQUEMENT. Ne fermez pas cette fenêtre, ce paste ne pourra plus être affiché.",
"Could not decrypt comment; Wrong key?":
@ -93,7 +93,7 @@
"Anonymous":
"Anonyme",
"Avatar generated from IP address":
"Avatar anonyme (Vizhash de l'adresse IP)",
"Avatar généré à partir de l'adresse IP",
"Add comment":
"Ajouter un commentaire",
"Optional nickname…":
@ -139,7 +139,7 @@
"Markdown":"Markdown",
"Download attachment":"Télécharger la pièce jointe",
"Cloned: '%s'":"Cloner '%s'",
"The cloned file '%s' was attached to this paste.":"The cloned file '%s' was attached to this paste.",
"The cloned file '%s' was attached to this paste.":"Le fichier cloné '%s' a été attaché à ce paste.",
"Attach a file":"Attacher un fichier ",
"Remove attachment":"Enlever l'attachement",
"Your browser does not support uploading encrypted files. Please use a newer browser.":
@ -160,5 +160,5 @@
"Preparing new paste…":"Préparation du paste…",
"In case this message never disappears please have a look at <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">this FAQ for information to troubleshoot</a>.":
"Si ce message ne disparaîssait pas, jetez un oeil à <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">cette FAQ pour des idées de résolution</a> (en Anglais).",
"+++ no paste text +++":"+++ no paste text +++"
"+++ no paste text +++":"+++ pas de paste-text +++"
"%s is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted <i>in the browser</i> using 256 bits AES. More information on the <a href=\"https://privatebin.info/\">project page</a>.":
"%s es un 'pastebin' (o gestionari d'extrachs de tèxte e còdi font) minimalista e open source, dins lo qual lo servidor a pas cap de coneissença de las donadas mandadas. Las donadas son chifradas/deschifradas <i>dins lo navigator</i> per un chiframent AES 256 bits. Mai informacions sus <a href=\"https://privatebin.info/\">la pagina del projècte</a>.",
"%s es un 'pastebin' (o gestionari d’extrachs de tèxte e còdi font) minimalista e open source, dins lo qual lo servidor a pas cap de coneissença de las donadas mandadas. Las donadas son chifradas/deschifradas <i>dins lo navigator</i> per un chiframent AES 256 bits. Mai informacions sus <a href=\"https://privatebin.info/\">la pagina del projècte</a>.",
"Because ignorance is bliss":
"Perque l'ignorància es bonaür",
"Perque lo bonaür es l’ignorància",
"en":"oc",
"Paste does not exist, has expired or has been deleted.":
"Lo tèxte existís pas, a expirat, o es estat suprimit.",
@ -32,11 +32,11 @@
"Paste was properly deleted.":
"Lo tèxte es estat correctament suprimit.",
"JavaScript is required for %s to work.<br />Sorry for the inconvenience.":
"JavaScript es requesit per far foncionar %s. <br />O planhèm per l'inconvenient.",
"JavaScript es requesit per far foncionar %s. <br />O planhèm per l’inconvenient.",
"%s requires a modern browser to work.":
"%s necessita un navigator modèrn per foncionar.",
"Still using Internet Explorer? Do yourself a favor, switch to a modern browser:":
"Encora sus Internet Explorer ? Fasètz-vos una favor, passatz a un navigator modèrn :",
"Encora sus Internet Explorer?Fasètz-vos una favor, passatz a un navigator modèrn:",
"New":
"Nòu",
"Send":
@ -67,7 +67,7 @@
"Never":
"Jamai",
"Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service.":
"Nota : Aquò es un servici d'espròva : las donadas pòdon èsser suprimidas a cada moment. De catons moriràn s'abusatz d'aqueste servici.",
"Nota:Aquò es un servici d’espròva:las donadas pòdon èsser suprimidas a cada moment. De catons moriràn s’abusatz d’aqueste servici.",
"This document will expire in %d seconds.":
["Ce document expirera dans %d seconde.","Aqueste document expirarà dins %d segondas."],
"This document will expire in %d minutes.":
@ -79,21 +79,21 @@
"This document will expire in %d months.":
["Ce document expirera dans %d mois.","Aqueste document expirarà dins %d meses."],
"Please enter the password for this paste:":
"Picatz lo senhal per aqueste tèxte:",
"Picatz lo senhal per aqueste tèxte:",
"Could not decrypt data (Wrong key?)":
"Impossible de deschifrar las donadas (marrida clau?)",
"Impossible de deschifrar las donadas (marrida clau?)",
"Could not delete the paste, it was not stored in burn after reading mode.":
"Impossible de suprimir lo tèxte, perque es pas estat gardat en mòde \"Escafar aprèp lectura\".",
"FOR YOUR EYES ONLY. Don't close this window, this message can't be displayed again.":
"PER VÒSTRES UÈLHS SOLAMENT. Tampetz pas aquesta fenèstra, aqueste tèxte poirà pas mai èsser afichat.",
"Could not decrypt comment; Wrong key?":
"Impossible de deschifrar lo comentari ; marrida clau?",
"Impossible de deschifrar lo comentari ; marrida clau?",
"Reply":
"Respondre",
"Anonymous":
"Anonime",
"Avatar generated from IP address":
"Avatar anonime (Vizhash de l'adreça IP)",
"Avatar anonime (Vizhash de l’adreça IP)",
"Add comment":
"Apondre un comentari",
"Optional nickname…":
@ -105,25 +105,25 @@
"Comment posted.":
"Comentari mandat.",
"Could not refresh display: %s":
"Impossible d'actualizar l'afichatge : %s",
"Impossible d’actualizar l’afichatge:%s",
"unknown status":
"Estatut desconegut",
"server error or not responding":
"Lo servidor respond pas o a rencontrat una error",
"Could not post comment: %s":
"Impossible de mandar lo comentari : %s",
"Impossible de mandar lo comentari:%s",
"Please move your mouse for more entropy…":
"Mercés de bolegar vòstra mirga per mai entropia…",
"Sending paste…":
"Mandadís del tèxte…",
"Your paste is <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Hit [Ctrl]+[c] to copy)</span>":
"Vòstre tèxte es disponible a l'adreça <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Picatz sus [Ctrl]+[c] per copiar)</span>",
"Vòstre tèxte es disponible a l’adreça <a id=\"pasteurl\" href=\"%s\">%s</a> <span id=\"copyhint\">(Picatz sus [Ctrl]+[c] per copiar)</span>",
"Delete data":
"Supprimir las donadas del tèxte",
"Could not create paste: %s":
"Impossible de crear lo tèxte : %s",
"Impossible de crear lo tèxte:%s",
"Cannot decrypt paste: Decryption key missing in URL (Did you use a redirector or an URL shortener which strips part of the URL?)":
"Impossible de deschifrar lo tèxte : Clau de deschiframent absenta de l'URL (Avètz utilizat un redirector o un site de reduccion d'URL que suprimís una partida de l'URL ?)",
"Impossible de deschifrar lo tèxte:Clau de deschiframent absenta de l’URL (Avètz utilizat un redirector o un site de reduccion d’URL que suprimís una partida de l’URL?)",
"B":"o",
"KiB":"Kio",
"MiB":"Mio",
@ -139,14 +139,14 @@
"Markdown":"Markdown",
"Download attachment":"Telecargar la pèça junta",
"Cloned: '%s'":"Clonar: '%s'",
"The cloned file '%s' was attached to this paste.":"The cloned file '%s' was attached to this paste.",
"The cloned file '%s' was attached to this paste.":"Aqueste fichièr clonat '%s' es estat ajustat a aqueste tèxte.",
"Attach a file":"Juntar un fichièr ",
"Remove attachment":"Levar la pèca junta",
"Your browser does not support uploading encrypted files. Please use a newer browser.":
"Vòstre navigator es pas compatible amb lo mandadís de fichièrs chifrats. Mercés d'emplegar un navigator mai recent.",
"Vòstre navigator es pas compatible amb lo mandadís de fichièrs chifrats. Mercés d’emplegar un navigator mai recent.",
"Invalid attachment.":"Pèça junta invalida.",
"Options":"Opcions",
"Shorten URL":"Acorchir l'URL",
"Shorten URL":"Acorchir l’URL",
"Editor":"Editar",
"Preview":"Previsualizar",
"%s requires the PATH to end in a \"%s\". Please update the PATH in your index.php.":
@ -159,6 +159,6 @@
"Decrypting paste…":"Decrypting paste…",
"Preparing new paste…":"Preparing new paste…",
"In case this message never disappears please have a look at <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">this FAQ for information to troubleshoot</a>.":
"Se per cas aqueste messatge quita pas de s'afichar mercés de gaitar <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">aquesta FAQ per las solucions</a> (en Anglés).",
"Se per cas aqueste messatge quita pas de s’afichar mercés de gaitar <a href=\"https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-the-loading-message-go-away\">aquesta FAQ per las solucions</a> (en Anglés).",
@ -130,4 +130,49 @@ class FilesystemTest extends PHPUnit_Framework_TestCase
$this->assertFalse($this->_model->createComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId(), $comment), 'unable to store broken comment');
$this->assertFalse($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'comment does still not exist');
}
public function testOldFilesGetConverted()
{
// generate 10 (default purge batch size) pastes in the old format
$paste = Helper::getPaste();
$comment = Helper::getComment();
$commentid = Helper::getCommentId();
$ids = array();
for ($i = 0, $max = 10; $i < $max; ++$i) {
// PHPs mt_rand only supports 32 bit or up 0x7fffffff on 64 bit systems to be precise :-/
$this->assertFileExists($storagedir . $dataid . '.' . $commentid . '.' . $dataid . '.php', "comment of $dataid exists in new format");
$this->assertFileNotExists($storagedir . $dataid . '.' . $commentid . '.' . $dataid, "old format comment of $dataid got removed");
$this->assertTrue($this->_model->existsComment($dataid, $dataid, $commentid), "comment in paste $dataid exists");
$comment = json_decode(json_encode($comment));
$comment->id = $commentid;
$comment->parentid = $dataid;
$this->assertEquals($this->_model->readComments($dataid), array($comment->meta->postdate => $comment), "comment of $dataid wasn't modified in the conversion");