Permalink
Switch branches/tags
Nothing to show
Commits on Dec 5, 2016
  1. Merge pull request #107 from rugk/patch-1

    sebsauvage committed Dec 5, 2016
    Merge request with a link to a more up-to-date fork of ZeroBin.
Commits on Jul 9, 2016
  1. New repo name

    rugk committed Jul 9, 2016
Commits on Jul 7, 2016
  1. Add unmaintained note

    rugk committed Jul 7, 2016
    Please merge this, @sebsauvage.
Commits on Feb 6, 2014
  1. Merge pull request #75 from cese/master

    sebsauvage committed Feb 6, 2014
    Fix security issue (arbitrary file unlink)
  2. Time attack protection on hmac comparison

    sebsauvage committed Feb 6, 2014
    This fixes issue 2.7 of https://defuse.ca/audits/zerobin.htm, and thus
    (with commit a24212a) also issue 2.8.
  3. Stronger server salt

    sebsauvage committed Feb 6, 2014
    ZeroBin now generates a much stronger salt. This fixes issue #68
    (mentioned in section 2.1 of https://defuse.ca/audits/zerobin.htm)
Commits on Feb 4, 2014
  1. Fix security issue

    cese committed Feb 4, 2014
Commits on Feb 3, 2014
  1. Merge pull request #61 from jelhan/master

    sebsauvage committed Feb 3, 2014
    File lock for write on /data/traffic_limiter.php
Commits on Jan 20, 2014
  1. Potentiel security bug corrected

    sebsauvage committed Jan 20, 2014
    Bug reproduction: 1) paste texte containing html/javascript. 2) send 3)
    clic "Raw text"  4) refresh: The html/javascript is interpreted instead
    of just displayed.
    Under some versions of Chrome, it happens without refreshing.
    This bug was corrected.
Commits on Sep 28, 2013
  1. Prevent inconstitent /data/trafic_limiter.php due to file read while …

    jeldrik
    jeldrik committed Sep 28, 2013
    …writing
Commits on Sep 3, 2013
  1. Update index.php

    sebsauvage committed Sep 3, 2013
    Removed ugly error message when paste identifier is invalid (eg. http://mydomain.com/zerobin?foo)
Commits on Jul 4, 2013
  1. XSS flaw correction

    sebsauvage committed Jul 4, 2013
    With a client IE < 10 there was a XSS security flaw. Other browsers were
    not affected.
    Also corrected spacing display with IE<10.
Commits on Mar 23, 2013
  1. Merge pull request #39 from ic0nic/master

    sebsauvage committed Mar 23, 2013
    Incorrect structure
Commits on Mar 21, 2013
  1. Incorrect structure

    ic0nic committed Mar 21, 2013
    The structure for robots.txt is incorrect for some/most search engines.
Commits on Mar 17, 2013
  1. Merge pull request #38 from kolobus/master

    sebsauvage committed Mar 17, 2013
    Ignore .htaccess and .htpasswd for safety
Commits on Mar 14, 2013
Commits on Feb 24, 2013
  1. Make sure there is enough entropy.

    sebsauvage committed Feb 24, 2013
    This patch will improve key randomness by requiring the user to move the
    mouse if there is not enough entropy.
  2. ZeroBin 0.18

    sebsauvage committed Feb 24, 2013
  3. replaceState() changed to pushState()

    sebsauvage committed Feb 24, 2013
    so that the "Back" button works after clicking on "Raw text".
  4. Added "Raw text" button.

    sebsauvage committed Feb 24, 2013
  5. Small typo correction.

    sebsauvage committed Feb 24, 2013
  6. Removed dead code.

    sebsauvage committed Feb 24, 2013
  7. "Burn after reading" as a checkbox

    sebsauvage committed Feb 24, 2013
    "Burn after reading" option has been moved out of Expiration combo to a
    separate checkbox.
    Reason is: You can prevent a read-once paste to be available ad vitam
    eternam on the net.
Commits on Feb 23, 2013
  1. base64.js downgraded from 2.6 to 1.7

    sebsauvage committed Feb 23, 2013
    because otherwise it would have broken compatibility with data files.
  2. Added version to js/css assets URLs.

    sebsauvage committed Feb 23, 2013
    (in order to prevent some abusive caches to serve an obsolete version of
    these files when ZeroBin is upgraded.)
  3. Removed unused icon.

    sebsauvage committed Feb 23, 2013
  4. Updated json checking.

    sebsauvage committed Feb 23, 2013
    - adapted to SJCL changed
    - added entropy checking (from
    vikstrous@f2ee2e8)
  5. Allow discovery

    sebsauvage committed Feb 23, 2013
  6. Corrected dates in discussion

    sebsauvage committed Feb 23, 2013
    Date in discussion has been changed to display local date.
  7. Syntax coloring

    sebsauvage committed Feb 23, 2013
    Added simple syntax coloring using highlight.js.
    * Lightweight.
    * Automatic detection of language.