Age | Commit message (Collapse) | Author | Files | Lines |
|
It won't work anyway.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
chromium rejects inline css with this.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Video files won't play without this.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
With this header we tell the browser to ignore javascript, frames and
objects which decreases the exploitability of simple html pastes if
viewed raw ("<domain>/<id>", without a tailing slash) quite a lot.
You can still upload arbitrary files containing javascript code, but the
browser will refuse to execute it.
References: https://wiki.mozilla.org/Security/CSP/Specification
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Everywhere else we already do it like that.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
mime2extension tells us if the file is text that can be highlit.
filename2extension leeds to unwanted behaviour if the filename is
for example "PKGBUILD", but the file is a binary.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
valid_id() cleans up the database if the file doesn't exists. This code
didn't.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
|
|
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
|
|
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
|
|
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
|
|
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
|
|
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
|
|
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
|
|
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
|
|
The interfaces shouldn't change anymore.
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
|
|
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
|
|
Do not check the client version when downloading because this breaks
curl. Probably because we output and later set HTTP headers in
file_mod->download().
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
|
|
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
|
|
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
|