- asking again if password is wrong
- display error if user cancels dialog
- use password to encrypt comments, too (password is "stored" in the
password field)
- store password in sessionStorage when posting a comment so, that it
doesn't have to typed in again, but clear sessionStorage as soon as
password is retrieved
9192c510f5/base64.min.js
kudos Dan Kogai
small improvements to input checking
implementing default values for most configuration options
switching to versioned JS files to avoid version hack used in template
This fixes issue 2.7 of https://defuse.ca/audits/zerobin.htm, and thus
(with commit a24212afda90ca3e4b4ff5ce30d2012709b58a28) also issue 2.8.
(cherry picked from commit 0b4db7ece313dd268e51fc47a0293a649927558a)
Conflicts:
index.php
Bug reproduction: 1) paste texte containing html/javascript. 2) send 3)
clic "Raw text" 4) refresh: The html/javascript is interpreted instead
of just displayed.
Under some versions of Chrome, it happens without refreshing.
This bug was corrected.
(cherry picked from commit 4f8750bbddcb137213529875e45e3ace3be9a769)
ZeroBin now generates a much stronger salt. This fixes issue #68
(mentioned in section 2.1 of https://defuse.ca/audits/zerobin.htm)
(cherry picked from commit a24212afda90ca3e4b4ff5ce30d2012709b58a28)
Conflicts:
lib/serversalt.php
lib/vizhash16x16.php
With a client IE < 10 there was a XSS security flaw. Other browsers were
not affected.
Also corrected spacing display with IE<10.
(cherry picked from commit 28813cd82ae47e556b610da3c7302a6709e27431)
Conflicts:
CHANGELOG.md
index.php
js/zerobin.js
lib/vizhash16x16.php
This patch will improve key randomness by requiring the user to move the
mouse if there is not enough entropy.
(cherry picked from commit c6e98045aa833dff824f892eb3392744c03a59f7)