updated documentation, incremented version

CHANGELOG.md

@@ -1,5 +1,7 @@
 # PrivateBin version history
 
+  * **1.1.1 (2017-10-06)**
+    * CHANGED: Switched to `.php` file extension for configuration file, to avoid leaking configuration data in unprotected installation.
   * **1.1 (2016-12-26)**
     * ADDED: Translations for Italian and Russian
     * ADDED: Loading message displayed until decryption succeeded for slower (in terms of CPU or network) systems

INSTALL.md

@@ -3,14 +3,15 @@
 **TL;DR:** Download the
 [latest release archive](https://github.com/PrivateBin/PrivateBin/releases/latest)
 and extract it in your web hosts folder where you want to install your PrivateBin
-instance. We try to provide a safe default configuration, but we advise you to
-check the options and adjust them as you see fit.
+instance. We try to provide a mostly safe default configuration, but we urge you to
+check the [security section](#hardening-and-security) below and the [configuration
+options](#configuration) to adjust as you see fit.
 
-## Basic installation
+**NOTE:** See [our FAQ](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#how-can-i-securely-clonedownload-your-project) for information how to securely download the PrivateBin release files.
 
-### Requirements
+### Minimal requirements
 
-- PHP version 5.3 or above
+- PHP version 5.4 or above
 - _one_ of the following sources of cryptographically safe randomness is required:
   - PHP 7 or higher
   - [Libsodium](https://download.libsodium.org/libsodium/content/installation/) and it's [PHP extension](https://paragonie.com/book/pecl-libsodium/read/00-intro.md#installing-libsodium)
@@ -20,37 +21,11 @@ check the options and adjust them as you see fit.
   
   Mcrypt needs to be able to access `/dev/urandom`. This means if `open_basedir` is set, it must include this file.
 - GD extension
-- some disk space or (optional) a database supported by [PDO](https://secure.php.net/manual/book.pdo.php)
-- ability to create files and folders in the installation directory and the PATH
+- some disk space or (optionally) a database supported by [PDO](https://secure.php.net/manual/book.pdo.php)
+- ability to create files and folders in the installation directory and the PATH defined in index.php
 - A web browser with javascript support
 
-### Configuration
-
-In the file `cfg/conf.ini` you can configure PrivateBin. A `cfg/conf.ini.sample`
-is provided containing all options and default values. You can copy it to
-`cfg/conf.ini` and adapt it as needed. The config file is divided into multiple
-sections, which are enclosed in square brackets.
-
-In the `[main]` section you can enable or disable the discussion feature, set
-the limit of stored pastes and comments in bytes. The `[traffic]` section lets
-you set a time limit in seconds. Users may not post more often then this limit
-to your PrivateBin installation.
-
-More details can be found in the
-[configuration documentation](https://github.com/PrivateBin/PrivateBin/wiki/Configuration).
-
-## Further configuration
-
-After (or before) setting up PrivateBin, also set up HTTPS, as without HTTPS
-PrivateBin is not secure. (
-[More information](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#how-should-i-setup-https))
-
-If you want to use PrivateBin behind Cloudflare, make sure you disabled Rocket
-loader and unchecked "Javascript" for Auto Minify, found in your domain settings,
-under "Speed". (More information
-[in this FAQ entry](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection))
-
-## Advanced installation
+## Hardening and security
 
 ### Changing the path
 
@@ -75,6 +50,29 @@ process (see also
 > PrivateBin will look for your includes / data here:
 > /home/example.com/secret/privatebin
 
+### Transport security
+
+When setting up PrivateBin, also set up HTTPS, if you haven't already. Without HTTPS
+PrivateBin is not secure, as the javascript files could be manipulated during transmission.
+For more information on this, see our [FAQ entry on HTTPS setup](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#how-should-i-setup-https).
+
+## Configuration
+
+In the file `cfg/conf.php` you can configure PrivateBin. A `cfg/conf.sample.php`
+is provided containing all options and default values. You can copy it to
+`cfg/conf.php` and adapt it as needed. The config file is divided into multiple
+sections, which are enclosed in square brackets.
+
+In the `[main]` section you can enable or disable the discussion feature, set
+the limit of stored pastes and comments in bytes. The `[traffic]` section lets
+you set a time limit in seconds. Users may not post more often then this limit
+to your PrivateBin installation.
+
+More details can be found in the
+[configuration documentation](https://github.com/PrivateBin/PrivateBin/wiki/Configuration).
+
+## Advanced installation
+
 ### Web server configuration
 
 A `robots.txt` file is provided in the root dir of PrivateBin. It disallows all
@@ -88,6 +86,13 @@ some known robots and link-scanning bots. If you use Apache, you can rename the
 file to `.htaccess` to enable this feature. If you use another webserver, you
 have to configure it manually to do the same.
 
+### On using Cloudflare
+
+If you want to use PrivateBin behind Cloudflare, make sure you have disabled the Rocket
+loader and unchecked "Javascript" for Auto Minify, found in your domain settings,
+under "Speed". (More information
+[in this FAQ entry](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection))
+
 ### Using a database instead of flat files
 
 In the configuration file the `[model]` and `[model_options]` sections let you
@@ -115,34 +120,39 @@ The table prefix option is called `tbl`.
 > know.
 
 For reference or if you want to create the table schema for yourself (replace
-`prefix_` with your own table prefix):
+`prefix_` with your own table prefix and create the table schema with phpMyAdmin
+or the MYSQL console):
 
-    CREATE TABLE prefix_paste (
-        dataid CHAR(16) NOT NULL,
-        data BLOB,
-        postdate INT,
-        expiredate INT,
-        opendiscussion INT,
-        burnafterreading INT,
-        meta TEXT,
-        attachment MEDIUMBLOB,
-        attachmentname BLOB,
-        PRIMARY KEY (dataid)
-    );
-    
-    CREATE TABLE prefix_comment (
-        dataid CHAR(16),
-        pasteid CHAR(16),
-        parentid CHAR(16),
-        data BLOB,
-        nickname BLOB,
-        vizhash BLOB,
-        postdate INT,
-        PRIMARY KEY (dataid)
-    );
-    CREATE INDEX parent ON prefix_comment(pasteid);
-    
-    CREATE TABLE prefix_config (
-        id CHAR(16) NOT NULL, value TEXT, PRIMARY KEY (id)
-    );
-    INSERT INTO prefix_config VALUES('VERSION', '1.1');
+```sql
+CREATE TABLE prefix_paste (
+    dataid CHAR(16) NOT NULL,
+    data BLOB,
+    postdate INT,
+    expiredate INT,
+    opendiscussion INT,
+    burnafterreading INT,
+    meta TEXT,
+    attachment MEDIUMBLOB,
+    attachmentname BLOB,
+    PRIMARY KEY (dataid)
+);
+
+CREATE TABLE prefix_comment (
+    dataid CHAR(16),
+    pasteid CHAR(16),
+    parentid CHAR(16),
+    data BLOB,
+    nickname BLOB,
+    vizhash BLOB,
+    postdate INT,
+    PRIMARY KEY (dataid)
+);
+CREATE INDEX parent ON prefix_comment(pasteid);
+
+CREATE TABLE prefix_config (
+    id CHAR(16) NOT NULL, value TEXT, PRIMARY KEY (id)
+);
+INSERT INTO prefix_config VALUES('VERSION', '1.1');
+```
+
+In PostgreSQL, the attachment column needs to be TEXT and not BLOB or MEDIUMBLOB.

README.md

@@ -7,7 +7,7 @@
 [![Codacy Badge](https://api.codacy.com/project/badge/Coverage/094500f62abf4c9aa0c8a8a4520e4789)](https://www.codacy.com/app/PrivateBin/PrivateBin)
 [![Test Coverage](https://codeclimate.com/github/PrivateBin/PrivateBin/badges/coverage.svg)](https://codeclimate.com/github/PrivateBin/PrivateBin/coverage) [![Code Coverage](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/badges/coverage.png?b=master)](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/?branch=master)
 
-*Current version: 1.1*
+*Current version: 1.1.1*
 
 **PrivateBin** is a minimalist, open source online pastebin where the server has
 zero knowledge of pasted data.

css/bootstrap/privatebin.css

@@ -6,7 +6,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 body {

css/noscript.css

@@ -6,7 +6,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.0
+ * @version   1.1.1
  */
 
 /* When there is no script at all other */

css/privatebin.css

@@ -6,7 +6,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 /*  CSS Reset from YUI 3.4.1 (build 4118) - Copyright 2011 Yahoo! Inc. All rights reserved.

js/privatebin.js

@@ -6,7 +6,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 'use strict';

lib/Configuration.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 namespace PrivateBin;

lib/Data/AbstractData.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 namespace PrivateBin\Data;

lib/Data/Database.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 namespace PrivateBin\Data;

lib/Data/Filesystem.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 namespace PrivateBin\Data;

lib/Filter.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 namespace PrivateBin;

lib/I18n.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 namespace PrivateBin;

lib/Json.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 namespace PrivateBin;

lib/Model.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 namespace PrivateBin;

lib/Model/AbstractModel.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 namespace PrivateBin\Model;

lib/Model/Comment.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 namespace PrivateBin\Model;

lib/Model/Paste.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 namespace PrivateBin\Model;

lib/Persistence/AbstractPersistence.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 namespace PrivateBin\Persistence;

lib/Persistence/PurgeLimiter.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 namespace PrivateBin\Persistence;

lib/Persistence/ServerSalt.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 namespace PrivateBin\Persistence;

lib/Persistence/TrafficLimiter.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 namespace PrivateBin\Persistence;

lib/PrivateBin.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 namespace PrivateBin;
@@ -28,7 +28,7 @@ class PrivateBin
      *
      * @const string
      */
-    const VERSION = '1.1';
+    const VERSION = '1.1.1';
 
     /**
      * show the same error message if the paste expired or does not exist

lib/Request.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 namespace PrivateBin;

lib/Sjcl.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 namespace PrivateBin;

lib/View.php

@@ -7,7 +7,7 @@
  * @link      https://github.com/PrivateBin/PrivateBin
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   http://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   1.1
+ * @version   1.1.1
  */
 
 namespace PrivateBin;

lib/Vizhash16x16.php

@@ -8,7 +8,7 @@
  * @link      http://sebsauvage.net/wiki/doku.php?id=php:vizhash_gd
  * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
  * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
- * @version   0.0.5 beta PrivateBin 1.1
+ * @version   0.0.5 beta PrivateBin 1.1.1
  */
 
 namespace PrivateBin;