Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
No necessary, but better safe than sorry.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
This allows to easily add LDAP and other support.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
username_exists(false) returned true because the condition matches any
existing user.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Initial-work-by: Oliver Mader <b52@reaktor42.de>
Additional-work-by: Markus Cisler <mrkscslr@gmail.com>
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Pygments calls it that and mode was an undescriptive name anyway.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Most sessions are just people viewing a paste. Those don't need a
session until they want to log in so we don't have to pollute the
database and waste resources.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
- faster than geshi
- easier to modify the css because there is only one
- geshi upstream seems pretty dead
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Muser already uses this scheme as it is easier to type.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
We don't really have to hit the db here every time.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Models shouldn't really call views
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
This allows the html page to change (user logged in/not logged in), but
still keeps etag support for content that's really going to stay the
same (images, plain file content, qr codes for urls)
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
var is deprecated since ages and in strict mode we have to initialize
$this->var as a generic object before using it.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
The table is shared with the old delete_form, but it doesn't display the
delete button in info mode.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
If a user keeps the browser open until his session expires and then
tries to upload something we now add it to the database, add the ID to
the new session and when someone logs in with that session the ID is
assigned. Until then even if you guess it correctly, you won't be able
to download it.
If the user still manages to let the 2nd session expire because he can't
find his password, the upload will be lost. Shit happens.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
It won't work anyway.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
chromium rejects inline css with this.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
The current implementation sometimes failed to generate valid hashes
(had something to do with the random salt).
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
09 should take long enough and not waste too much time.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Video files won't play without this.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
With this header we tell the browser to ignore javascript, frames and
objects which decreases the exploitability of simple html pastes if
viewed raw ("<domain>/<id>", without a tailing slash) quite a lot.
You can still upload arbitrary files containing javascript code, but the
browser will refuse to execute it.
References: https://wiki.mozilla.org/Security/CSP/Specification
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|