Merge remote-tracking branch 'github/v0.13' into myShaarli_commu
This commit is contained in:
commit
59416eec4d
258 changed files with 23723 additions and 10214 deletions
|
@ -1,17 +0,0 @@
|
|||
options:
|
||||
max-warnings: 0
|
||||
rules:
|
||||
property-sort-order:
|
||||
- 0
|
||||
# Sort order rule does not work with CSS variables: https://github.com/sasstools/sass-lint/issues/1161
|
||||
# - 1
|
||||
# -
|
||||
# order: 'concentric'
|
||||
no-important:
|
||||
- 0
|
||||
no-vendor-prefixes:
|
||||
- 0 # this will be fixed with v2: see https://github.com/sasstools/sass-lint/pull/1137
|
||||
nesting-depth:
|
||||
- 1
|
||||
-
|
||||
max-depth: 4
|
15
.dev/.stylelintrc.js
Normal file
15
.dev/.stylelintrc.js
Normal file
|
@ -0,0 +1,15 @@
|
|||
module.exports = {
|
||||
extends: 'stylelint-config-standard',
|
||||
plugins: [
|
||||
"stylelint-scss"
|
||||
],
|
||||
rules: {
|
||||
"indentation": [2],
|
||||
"number-leading-zero": null,
|
||||
// Replace CSS @ with SASS ones
|
||||
"at-rule-no-unknown": null,
|
||||
"scss/at-rule-no-unknown": true,
|
||||
// not compatible with SASS apparently
|
||||
"no-descending-specificity": null
|
||||
},
|
||||
}
|
|
@ -17,27 +17,14 @@ http {
|
|||
index index.html index.php;
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
root /var/www/shaarli;
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
root /var/www/shaarli;
|
||||
|
||||
access_log /var/log/nginx/shaarli.access.log;
|
||||
error_log /var/log/nginx/shaarli.error.log;
|
||||
|
||||
location ~ /\. {
|
||||
# deny access to dotfiles
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ ~$ {
|
||||
# deny access to temp editor files, e.g. "script.php~"
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
|
||||
location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|oet|woff2?)$ {
|
||||
# cache static assets
|
||||
expires max;
|
||||
add_header Pragma public;
|
||||
|
@ -49,25 +36,25 @@ http {
|
|||
alias /var/www/shaarli/images/favicon.ico;
|
||||
}
|
||||
|
||||
location / {
|
||||
# Slim - rewrite URLs
|
||||
try_files $uri /index.php$is_args$args;
|
||||
location /doc/html/ {
|
||||
default_type "text/html";
|
||||
try_files $uri $uri/ $uri.html =404;
|
||||
}
|
||||
|
||||
location ~ (index)\.php$ {
|
||||
location / {
|
||||
# Slim - rewrite URLs & do NOT serve static files through this location
|
||||
try_files _ /index.php$is_args$args;
|
||||
}
|
||||
|
||||
location ~ index\.php$ {
|
||||
# Slim - split URL path into (script_filename, path_info)
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_split_path_info ^(index.php)(/.+)$;
|
||||
|
||||
# filter and proxy PHP requests to PHP-FPM
|
||||
fastcgi_pass unix:/var/run/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi.conf;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
# deny access to all other PHP scripts
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
#!/bin/execlineb -P
|
||||
php-fpm7 -F
|
||||
php-fpm8 -F
|
||||
|
|
|
@ -2,8 +2,15 @@
|
|||
.dev
|
||||
.git
|
||||
.github
|
||||
.gitattributes
|
||||
.gitignore
|
||||
tests
|
||||
|
||||
# Docker related resources are not needed inside the container
|
||||
.dockerignore
|
||||
Dockerfile
|
||||
Dockerfile.armhf
|
||||
|
||||
# Docker Compose resources
|
||||
docker-compose.yml
|
||||
|
||||
|
@ -13,6 +20,9 @@ data/*
|
|||
pagecache/*
|
||||
tmp/*
|
||||
|
||||
# Shaarli's docs are created during the build
|
||||
doc/html/
|
||||
|
||||
# Eclipse project files
|
||||
.settings
|
||||
.buildpath
|
||||
|
|
|
@ -14,7 +14,7 @@ indent_size = 4
|
|||
indent_size = 2
|
||||
|
||||
[*.php]
|
||||
max_line_length = 100
|
||||
max_line_length = 120
|
||||
|
||||
[Dockerfile]
|
||||
max_line_length = 80
|
||||
|
|
4
.gitattributes
vendored
4
.gitattributes
vendored
|
@ -40,6 +40,8 @@ Dockerfile* export-ignore
|
|||
Doxyfile export-ignore
|
||||
Makefile export-ignore
|
||||
node_modules/ export-ignore
|
||||
mkdocs.yml export-ignore
|
||||
doc/conf.py export-ignore
|
||||
doc/requirements.txt export-ignore
|
||||
doc/html/.doctrees/ export-ignore
|
||||
phpunit.xml export-ignore
|
||||
tests/ export-ignore
|
||||
|
|
7
.github/mailmap
vendored
7
.github/mailmap
vendored
|
@ -1,13 +1,18 @@
|
|||
ArthurHoaro <arthur@hoa.ro>
|
||||
ArthurHoaro <arthur@hoa.ro> <arthur.hoareau@wizacha.com>
|
||||
ArthurHoaro <arthur@hoa.ro> Arthur
|
||||
Florian Eula <eula.florian@gmail.com> feula
|
||||
Florian Eula <eula.florian@gmail.com> <mr.pikzen@gmail.com>
|
||||
Immánuel Fodor <immanuelfactor+github@gmail.com>
|
||||
Immánuel Fodor <immanuelfactor+github@gmail.com> Immánuel! <21174107+immanuelfodor@users.noreply.github.com>
|
||||
kalvn <kalvnthereal@gmail.com> <kalvn@users.noreply.github.com>
|
||||
kalvn <kalvnthereal@gmail.com> <kalvn@pm.me>
|
||||
Neros <contact@neros.fr> <NerosTie@users.noreply.github.com>
|
||||
Nicolas Danelon <hi@nicolasmd.com.ar> nicolasm
|
||||
Nicolas Danelon <hi@nicolasmd.com.ar> <nda@3818.com.ar>
|
||||
Nicolas Danelon <hi@nicolasmd.com.ar> <nicolasdanelon@gmail.com>
|
||||
Nicolas Danelon <hi@nicolasmd.com.ar> <nicolasdanelon@users.noreply.github.com>
|
||||
Sébastien Sauvage <sebsauvage@sebsauvage.net>
|
||||
Sébastien NOBILI <code@pipoprods.org> <s-code-github@pipoprods.org>
|
||||
Timo Van Neerden <fire@lehollandaisvolant.net>
|
||||
Timo Van Neerden <fire@lehollandaisvolant.net> lehollandaisvolant <levoltigeurhollandais@gmail.com>
|
||||
VirtualTam <virtualtam@flibidi.net> <tamisier.aurelien@gmail.com>
|
||||
|
|
106
.github/workflows/ci.yml
vendored
Normal file
106
.github/workflows/ci.yml
vendored
Normal file
|
@ -0,0 +1,106 @@
|
|||
name: Shaarli CI
|
||||
on: [push, pull_request]
|
||||
jobs:
|
||||
php:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
php-versions: ['7.4', '8.0', '8.1', '8.2']
|
||||
name: PHP ${{ matrix.php-versions }}
|
||||
steps:
|
||||
- name: Set locales
|
||||
run: |
|
||||
sudo locale-gen de_DE.utf8 && \
|
||||
sudo locale-gen en_US.utf8 && \
|
||||
sudo locale-gen fr_FR.utf8 && \
|
||||
sudo dpkg-reconfigure --frontend=noninteractive locales
|
||||
|
||||
- name: Install Gettext
|
||||
run: sudo apt-get install gettext
|
||||
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Setup PHP
|
||||
uses: shivammathur/setup-php@v2
|
||||
with:
|
||||
php-version: ${{ matrix.php-versions }}
|
||||
extensions: gd, xml, curl, mbstring, intl, gettext
|
||||
tools: composer:v2
|
||||
|
||||
- name: Check PHP version
|
||||
run: php -v
|
||||
|
||||
- name: Setup Composer from PHP version + update
|
||||
run: composer config --unset platform && composer config platform.php ${{ matrix.php-versions }}
|
||||
|
||||
- name: Update dependencies for PHP 8.x
|
||||
if: ${{ matrix.php-versions == '8.0' || matrix.php-versions == '8.1' }}
|
||||
run: |
|
||||
composer update && \
|
||||
composer remove --dev phpunit/phpunit && \
|
||||
composer require --dev phpunit/php-text-template ^2.0 && \
|
||||
composer require --dev phpunit/phpunit ^9.0
|
||||
|
||||
- name: Update dependencies for PHP 7.x
|
||||
if: ${{ matrix.php-versions != '8.0' && matrix.php-versions != '8.1' }}
|
||||
run: composer update
|
||||
|
||||
- name: Clean up
|
||||
run: make clean
|
||||
|
||||
- name: Check permissions
|
||||
run: make check_permissions
|
||||
|
||||
- name: Run PHPCS
|
||||
run: make code_sniffer
|
||||
|
||||
- name: Run tests
|
||||
run: make all_tests
|
||||
|
||||
node:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Setup Node.js
|
||||
uses: actions/setup-node@v3
|
||||
with:
|
||||
node-version: '14.x'
|
||||
|
||||
- name: Yarn install
|
||||
run: yarnpkg install
|
||||
|
||||
- name: Verify successful frontend builds
|
||||
run: yarnpkg run build
|
||||
|
||||
- name: JS static analysis
|
||||
run: make eslint
|
||||
|
||||
- name: Linter for SASS syntax
|
||||
run: make sasslint
|
||||
|
||||
python:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: 3.8
|
||||
|
||||
- name: Build documentation
|
||||
run: make htmldoc
|
||||
|
||||
trivy-repo:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Run trivy scanner on repository (non-blocking)
|
||||
run: make test_trivy_repo TRIVY_EXIT_CODE=0
|
45
.github/workflows/docker-latest.yml
vendored
Normal file
45
.github/workflows/docker-latest.yml
vendored
Normal file
|
@ -0,0 +1,45 @@
|
|||
name: Build/push Docker image (master/latest)
|
||||
on:
|
||||
push:
|
||||
branches: [ master ]
|
||||
jobs:
|
||||
docker-build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v2
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
|
||||
- name: Login to DockerHub
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
- name: Login to GitHub Container Registry
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.repository_owner }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Set shaarli version to the latest commit hash
|
||||
run: sed -i "s/dev/$(git rev-parse --short HEAD)/" shaarli_version.php
|
||||
|
||||
- name: Build and push
|
||||
id: docker_build
|
||||
uses: docker/build-push-action@v4
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
platforms: linux/amd64,linux/arm64,linux/arm/v7
|
||||
tags: |
|
||||
${{ secrets.DOCKER_IMAGE }}:latest
|
||||
ghcr.io/${{ secrets.DOCKER_IMAGE }}:latest
|
||||
- name: Image digest
|
||||
run: echo ${{ steps.docker_build.outputs.digest }}
|
||||
- name: Run trivy scanner on latest docker image
|
||||
run: make test_trivy_docker TRIVY_TARGET_DOCKER_IMAGE=ghcr.io/${{ secrets.DOCKER_IMAGE }}:latest
|
21
.github/workflows/docker-pr.yml
vendored
Normal file
21
.github/workflows/docker-pr.yml
vendored
Normal file
|
@ -0,0 +1,21 @@
|
|||
name: Build Docker image (Pull Request)
|
||||
on:
|
||||
pull_request:
|
||||
branches: [ master ]
|
||||
|
||||
jobs:
|
||||
docker-build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v1
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
- name: Build Docker image
|
||||
id: docker_build
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
push: false
|
||||
tags: shaarli/shaarli:pr-${{ github.event.number }}
|
||||
- name: Image digest
|
||||
run: echo ${{ steps.docker_build.outputs.digest }}
|
43
.github/workflows/docker-tags.yml
vendored
Normal file
43
.github/workflows/docker-tags.yml
vendored
Normal file
|
@ -0,0 +1,43 @@
|
|||
name: Build/push Docker image (tags/releases)
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- "v*.*.*"
|
||||
branches:
|
||||
- "v*.*"
|
||||
- release
|
||||
jobs:
|
||||
docker-build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Get the tag name
|
||||
run: echo "REF=${GITHUB_REF##*/}" >> $GITHUB_ENV
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v2
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
|
||||
- name: Login to DockerHub
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
-
|
||||
name: Login to GitHub Container Registry
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.repository_owner }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Build and push
|
||||
id: docker_build
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
push: true
|
||||
platforms: linux/amd64,linux/arm/v7
|
||||
tags: |
|
||||
${{ secrets.DOCKER_IMAGE }}:${{ env.REF }}
|
||||
ghcr.io/${{ secrets.DOCKER_IMAGE }}:${{ env.REF }}
|
||||
- name: Image digest
|
||||
run: echo ${{ steps.docker_build.outputs.digest }}
|
13
.gitignore
vendored
13
.gitignore
vendored
|
@ -25,8 +25,21 @@ coverage
|
|||
sandbox
|
||||
phpmd.html
|
||||
phpdoc.xml
|
||||
.phpunit.result.cache
|
||||
trivy
|
||||
|
||||
# User plugin configuration
|
||||
plugins/*
|
||||
!addlink_toolbar
|
||||
!archiveorg
|
||||
!default_colors
|
||||
!demo_plugin
|
||||
!isso
|
||||
!piwik
|
||||
!playvideos
|
||||
!pubsubhubbub
|
||||
!qrcode
|
||||
!wallabag
|
||||
plugins/*/config.php
|
||||
plugins/default_colors/default_colors.css
|
||||
|
||||
|
|
|
@ -5,11 +5,19 @@
|
|||
# Required
|
||||
version: 2
|
||||
|
||||
# Build documentation with MkDocs
|
||||
mkdocs:
|
||||
configuration: mkdocs.yml
|
||||
# Build documentation in the "docs/" directory with Sphinx
|
||||
sphinx:
|
||||
configuration: doc/conf.py
|
||||
builder: html
|
||||
|
||||
build:
|
||||
os: ubuntu-22.04
|
||||
tools:
|
||||
python: "3.11"
|
||||
commands:
|
||||
- pip install sphinx==7.1.0 furo==2023.7.26 myst-parser sphinx-design
|
||||
- sphinx-build -b html -c doc/ doc/md/ _readthedocs/html/
|
||||
|
||||
# Optionally set the version of Python and requirements required to build your docs
|
||||
# https://github.com/rtfd/readthedocs.org/issues/5250
|
||||
python:
|
||||
version: 3.5
|
||||
install:
|
||||
- requirements: doc/requirements.txt
|
||||
|
|
56
.travis.yml
56
.travis.yml
|
@ -1,56 +0,0 @@
|
|||
sudo: false
|
||||
dist: trusty
|
||||
|
||||
matrix:
|
||||
include:
|
||||
- language: php
|
||||
php: 7.3
|
||||
- language: php
|
||||
php: 7.2
|
||||
- language: php
|
||||
php: 7.1
|
||||
- language: php
|
||||
php: 7.0
|
||||
- language: php
|
||||
php: 5.6
|
||||
- language: node_js
|
||||
node_js: 8
|
||||
cache:
|
||||
yarn: true
|
||||
directories:
|
||||
- $HOME/.cache/yarn
|
||||
|
||||
install:
|
||||
- yarn install
|
||||
|
||||
before_script:
|
||||
- PATH=${PATH//:\.\/node_modules\/\.bin/}
|
||||
|
||||
script:
|
||||
- yarn run build # Just to be sure that the build isn't broken
|
||||
- make eslint
|
||||
- make sasslint
|
||||
- language: python
|
||||
python: 3.6
|
||||
cache:
|
||||
directories:
|
||||
- $HOME/.cache/pip
|
||||
install:
|
||||
- pip install mkdocs
|
||||
script:
|
||||
- mkdocs build --clean
|
||||
|
||||
cache:
|
||||
directories:
|
||||
- $HOME/.composer/cache
|
||||
|
||||
install:
|
||||
- composer install --prefer-dist
|
||||
|
||||
before_script:
|
||||
- PATH=${PATH//:\.\/node_modules\/\.bin/}
|
||||
|
||||
script:
|
||||
- make clean
|
||||
- make check_permissions
|
||||
- make all_tests
|
46
AUTHORS
46
AUTHORS
|
@ -1,8 +1,8 @@
|
|||
1206 ArthurHoaro <arthur@hoa.ro>
|
||||
1216 ArthurHoaro <arthur@hoa.ro>
|
||||
456 nodiscc <nodiscc@gmail.com>
|
||||
405 VirtualTam <virtualtam@flibidi.net>
|
||||
384 nodiscc <nodiscc@gmail.com>
|
||||
56 Sébastien Sauvage <sebsauvage@sebsauvage.net>
|
||||
23 dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
||||
27 dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
||||
19 Keith Carangelo <mail@kcaran.com>
|
||||
16 Luce Carević <lcarevic@access42.net>
|
||||
15 Florian Eula <eula.florian@gmail.com>
|
||||
|
@ -15,32 +15,38 @@
|
|||
6 YFdyh000 <yfdyh000@gmail.com>
|
||||
6 kalvn <kalvnthereal@gmail.com>
|
||||
6 B. van Berkum <dev@dotmpe.com>
|
||||
6 Immánuel Fodor <immanuelfactor+github@gmail.com>
|
||||
6 YFdyh000 <yfdyh000@gmail.com>
|
||||
6 kalvn <kalvnthereal@gmail.com>
|
||||
6 llune <llune@users.noreply.github.com>
|
||||
5 Mark Schmitz <kramred@gmail.com>
|
||||
5 Sébastien NOBILI <code@pipoprods.org>
|
||||
4 Alexandre Alapetite <alexandre@alapetite.fr>
|
||||
4 yude <yudesleepy@gmail.com>
|
||||
4 David Sferruzza <david.sferruzza@gmail.com>
|
||||
4 yude <yudesleepy@gmail.com>
|
||||
3 Agurato <mail.vmonot@gmail.com>
|
||||
3 Christoph Stoettner <christoph.stoettner@stoeps.de>
|
||||
3 Olivier <bourreauolivier@gmail.com>
|
||||
3 Teromene <teromene@teromene.fr>
|
||||
3 yudete <yu@yude.moe>
|
||||
3 Agurato <mail.vmonot@gmail.com>
|
||||
3 Olivier <bourreauolivier@gmail.com>
|
||||
3 Christoph Stoettner <christoph.stoettner@stoeps.de>
|
||||
2 Alexander Railean <alexandr.railean@arculus.de>
|
||||
2 Alexandre G.-Raymond <alex@ndre.gr>
|
||||
2 Chris Kuethe <chris.kuethe@gmail.com>
|
||||
2 Doug Breaux <25640850+dougbreaux@users.noreply.github.com>
|
||||
2 Felix Bartels <felix@host-consultants.de>
|
||||
2 Ganesh Kandu <kanduganesh@gmail.com>
|
||||
2 Gregory <gregory@nosheep.fr>
|
||||
2 Guillaume Virlet <github@virlet.org>
|
||||
2 Knah Tsaeb <Knah-Tsaeb@knah-tsaeb.org>
|
||||
2 Mathieu Chabanon <git@matchab.fr>
|
||||
2 Miloš Jovanović <mjovanovic@gmail.com>
|
||||
2 Neros <contact@neros.fr>
|
||||
2 Alexandre G.-Raymond <alex@ndre.gr>
|
||||
2 Qwerty <champlywood@free.fr>
|
||||
2 Guillaume Virlet <github@virlet.org>
|
||||
2 Sebastien Wains <sebw@users.noreply.github.com>
|
||||
2 Stephen Muth <smuth4@gmail.com>
|
||||
2 Timo Van Neerden <fire@lehollandaisvolant.net>
|
||||
2 Alexander Railean <alexandr.railean@arculus.de>
|
||||
2 Doug Breaux <25640850+dougbreaux@users.noreply.github.com>
|
||||
2 flow.gunso <flow.gunso@gmail.com>
|
||||
2 Chris Kuethe <chris.kuethe@gmail.com>
|
||||
2 Ganesh Kandu <kanduganesh@gmail.com>
|
||||
2 julienCXX <software@chmodplusx.eu>
|
||||
2 Knah Tsaeb <Knah-Tsaeb@knah-tsaeb.org>
|
||||
2 philipp-r <philipp-r@users.noreply.github.com>
|
||||
|
@ -58,6 +64,8 @@
|
|||
1 Adrien le Maire <adrien@alemaire.be>
|
||||
1 Ajabep <ajabep@users.noreply.github.com>
|
||||
1 Alexis J <alexis@effingo.be>
|
||||
1 Alistair Young <avatar@arkane-systems.net>
|
||||
1 Amadeous <amadeous@users.noreply.github.com>
|
||||
1 Angristan <angristan@users.noreply.github.com>
|
||||
1 Bish Erbas <42714627+bisherbas@users.noreply.github.com>
|
||||
1 BoboTiG <bobotig@gmail.com>
|
||||
|
@ -66,6 +74,7 @@
|
|||
1 Buster One <37770318+buster-one@users.noreply.github.com>
|
||||
1 D Low <daniellowtw@gmail.com>
|
||||
1 Daniel Jakots <vigdis@chown.me>
|
||||
1 David <dajare@gmail.com>
|
||||
1 David Foucher <dev@tyjak.net>
|
||||
1 Denis Renning <denis@devtty.de>
|
||||
1 Dennis Verspuij <dennisverspuij@users.noreply.github.com>
|
||||
|
@ -75,7 +84,6 @@
|
|||
1 Florian Voigt <flvoigt@me.com>
|
||||
1 Franck Kerbiriou <FranckKe@users.noreply.github.com>
|
||||
1 Gary Marigliano <gmarigliano93@gmail.com>
|
||||
1 Gregory <gregory@nosheep.fr>
|
||||
1 Hazhar Galeh <78073762+hazhargaleh@users.noreply.github.com>
|
||||
1 Hg <dev@indigo.re>
|
||||
1 Jens Kubieziel <github@kubieziel.de>
|
||||
|
@ -90,16 +98,26 @@
|
|||
1 Mark Gerarts <mark.gerarts@gmail.com>
|
||||
1 Marsup <marsup@gmail.com>
|
||||
1 Nicolas Friedli <nicolas@theologique.ch>
|
||||
1 Nicolas Le Gaillart <nicolas@legaillart.fr>
|
||||
1 Paul van den Burg <github@paulvandenburg.nl>
|
||||
1 Adrien Oliva <adrien.oliva@yapbreak.fr>
|
||||
1 Rajat Hans <rajathans9@gmail.com>
|
||||
1 Sbgodin <Sbgodin@users.noreply.github.com>
|
||||
1 ToM <tom@leloop.org>
|
||||
1 TsT <tst2005@gmail.com>
|
||||
1 agentcobra <agentcobra@free.fr>
|
||||
1 aguy <aguytech@users.noreply.github.com>
|
||||
1 bschwede <bschwede@users.noreply.github.com>
|
||||
1 bschwede <gummibando@gmx.net>
|
||||
1 clach04 <clach04@gmail.com>
|
||||
1 dimtion <zizou.xena@gmail.com>
|
||||
1 durcheinandr <jochen@durcheinandr.de>
|
||||
1 heimpogo <hypertexthome@googlemail.com>
|
||||
1 jalr <mail@jalr.de>
|
||||
1 lapineige <lapineige@users.noreply.github.com>
|
||||
1 leyrer <gitlab@leyrer.priv.at>
|
||||
1 locness3 <37651007+locness3@users.noreply.github.com>
|
||||
1 owen bell <66233223+xfnw@users.noreply.github.com>
|
||||
1 philipp <philipp@philipp.PC.Ubuntu>
|
||||
1 rfolo9li <50079896+rfolo9li@users.noreply.github.com>
|
||||
1 sprak3000 <sprak3000+github@gmail.com>
|
||||
1 yudejp <i@yude.jp>
|
||||
|
|
51
CHANGELOG.md
51
CHANGELOG.md
|
@ -4,6 +4,57 @@ All notable changes to this project will be documented in this file.
|
|||
The format is based on [Keep a Changelog](http://keepachangelog.com/)
|
||||
and this project adheres to [Semantic Versioning](http://semver.org/).
|
||||
|
||||
## [v0.13.0](https://github.com/shaarli/Shaarli/releases/tag/v0.12.3) - 2023-11-22
|
||||
|
||||
> Major changes:
|
||||
> - Security: Fix XSS vulnerability in tag search
|
||||
> - Drop support for PHP 7.1, 7.2 and 7.3
|
||||
|
||||
### Added
|
||||
* Docker build: add ARM64 platform and bump Github action version by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/1965
|
||||
* github actions: build OCI images that contain both amd64 and armv7 by @nodiscc in https://github.com/shaarli/Shaarli/pull/1962
|
||||
* Expose tags_separator config through /info API by @amadeous in https://github.com/shaarli/Shaarli/pull/1997
|
||||
* tools: github actions: build docker images on pull requests by @nodiscc in https://github.com/shaarli/Shaarli/pull/2014
|
||||
* doc: server configuration: add PHP 8.2 to PHP compatibility table by @nodiscc in https://github.com/shaarli/Shaarli/pull/2021
|
||||
* Add shaarli-stack theme to Community-and-related-software.md by @dajare in https://github.com/shaarli/Shaarli/pull/2028
|
||||
* doc: document general.download_max_size/timeout configuration settings by @nodiscc in https://github.com/shaarli/Shaarli/pull/2036
|
||||
* doc: troubleshooting: automatic title retrieval fails when it is set by javascript by @nodiscc in https://github.com/shaarli/Shaarli/pull/2037
|
||||
|
||||
### Changed
|
||||
* doc: update release procedure (merge the latest release to the release branch) + use the release branch for latest release version detection by @nodiscc in https://github.com/shaarli/Shaarli/pull/1960
|
||||
* Update german translation by @bschwede in https://github.com/shaarli/Shaarli/pull/1969
|
||||
* Update Server-configuration.md by @reinboldg in https://github.com/shaarli/Shaarli/pull/1973
|
||||
* Update Community-and-related-software.md by @nlegaillart in https://github.com/shaarli/Shaarli/pull/1984
|
||||
* doc: improve docs on usage of OR operator in tags search by @nodiscc in https://github.com/shaarli/Shaarli/pull/1987
|
||||
* docker: nginx: listen on IPv6 in addition to IPv4 by @cerebrate in https://github.com/shaarli/Shaarli/pull/1983
|
||||
* Doc update, WebSub (formerly PubSubHubbub) plugin by @clach04 in https://github.com/shaarli/Shaarli/pull/2008
|
||||
* doc: community/related software/integration with other platforms: add link to shaarli debian package by @nodiscc in https://github.com/shaarli/Shaarli/pull/2018
|
||||
* replace mkdocs with sphinx/myst-parser for HTML documentation generation, documentation improvements by @nodiscc in https://github.com/shaarli/Shaarli/pull/2025
|
||||
|
||||
### Fixed
|
||||
* Makefile: Use GNU tar if available by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/1957
|
||||
* Support: ignore disk_free_space if the function is unavailable by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/1970
|
||||
* Documentation: fix broken link to 3rd party plugins by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/1975
|
||||
* Fix autofocus: load bulk action input on linklist only by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/1976
|
||||
* doc: fix mkdocs build warnings/relative links by @nodiscc in https://github.com/shaarli/Shaarli/pull/2015
|
||||
* correct usage of hyphens in all occurences of 'super fast, database-free' by @nodiscc in https://github.com/shaarli/Shaarli/pull/2003
|
||||
|
||||
|
||||
### Removed
|
||||
* Drop support for PHP 7.1, 7.2 and 7.3 by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/1958
|
||||
* doc: themes: remove unmaintained themes by @nodiscc in https://github.com/shaarli/Shaarli/pull/2030
|
||||
* doc: remove bountysource badge by @nodiscc in https://github.com/shaarli/Shaarli/pull/2035
|
||||
|
||||
### Security
|
||||
* Fix XSS vulnerability in tag search by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/2039
|
||||
* tools: run trivy vulnerability scanner on the 'latest' docker image by @nodiscc in https://github.com/shaarli/Shaarli/pull/1980
|
||||
* github actions: fix value of TRIVY_TARGET_DOCKER_IMAGE by @nodiscc in https://github.com/shaarli/Shaarli/pull/1989
|
||||
* tools/CI: scan repository with trivy security scanner (yarn.lock, composer.lock) by @nodiscc in https://github.com/shaarli/Shaarli/pull/1998
|
||||
* tools/tests: update trivy to v0.44.0 by @nodiscc in https://github.com/shaarli/Shaarli/pull/2012
|
||||
* docker: update base alpine docker image to 3.16.7 by @nodiscc in https://github.com/shaarli/Shaarli/pull/2024
|
||||
|
||||
**Full Changelog**: https://github.com/shaarli/Shaarli/compare/v0.12.2...v0.12.3
|
||||
|
||||
## [v0.12.2](https://github.com/shaarli/Shaarli/releases/tag/v0.12.2) - 2023-03-18
|
||||
|
||||
> Docker: use `ghcr.io/shaarli/shaarli` as Docker image instead of `shaarli/shaarli`.
|
||||
|
|
49
Dockerfile
49
Dockerfile
|
@ -4,8 +4,8 @@
|
|||
FROM python:3-alpine as docs
|
||||
ADD . /usr/src/app/shaarli
|
||||
RUN cd /usr/src/app/shaarli \
|
||||
&& pip install --no-cache-dir mkdocs \
|
||||
&& mkdocs build --clean
|
||||
&& apk add --no-cache gcc musl-dev make bash \
|
||||
&& make htmldoc
|
||||
|
||||
# Stage 2:
|
||||
# - Resolve PHP dependencies with Composer
|
||||
|
@ -16,43 +16,46 @@ RUN cd shaarli \
|
|||
|
||||
# Stage 3:
|
||||
# - Frontend dependencies
|
||||
FROM node:9.9-alpine as node
|
||||
FROM node:12-alpine as node
|
||||
COPY --from=composer /app/shaarli shaarli
|
||||
RUN cd shaarli \
|
||||
&& yarn install \
|
||||
&& yarn run build \
|
||||
&& yarnpkg install \
|
||||
&& yarnpkg run build \
|
||||
&& rm -rf node_modules
|
||||
|
||||
# Stage 4:
|
||||
# - Shaarli image
|
||||
FROM alpine:3.8
|
||||
FROM alpine:3.16.7
|
||||
LABEL maintainer="Shaarli Community"
|
||||
|
||||
RUN apk --update --no-cache add \
|
||||
ca-certificates \
|
||||
nginx \
|
||||
php7 \
|
||||
php7-ctype \
|
||||
php7-curl \
|
||||
php7-fpm \
|
||||
php7-gd \
|
||||
php7-iconv \
|
||||
php7-intl \
|
||||
php7-json \
|
||||
php7-mbstring \
|
||||
php7-openssl \
|
||||
php7-session \
|
||||
php7-xml \
|
||||
php7-zlib \
|
||||
php8 \
|
||||
php8-ctype \
|
||||
php8-curl \
|
||||
php8-fpm \
|
||||
php8-gd \
|
||||
php8-gettext \
|
||||
php8-iconv \
|
||||
php8-intl \
|
||||
php8-json \
|
||||
php8-ldap \
|
||||
php8-mbstring \
|
||||
php8-openssl \
|
||||
php8-session \
|
||||
php8-xml \
|
||||
php8-simplexml \
|
||||
php8-zlib \
|
||||
s6
|
||||
|
||||
COPY .docker/nginx.conf /etc/nginx/nginx.conf
|
||||
COPY .docker/php-fpm.conf /etc/php7/php-fpm.conf
|
||||
COPY .docker/php-fpm.conf /etc/php8/php-fpm.conf
|
||||
COPY .docker/services.d /etc/services.d
|
||||
|
||||
RUN rm -rf /etc/php7/php-fpm.d/www.conf \
|
||||
&& sed -i 's/post_max_size.*/post_max_size = 10M/' /etc/php7/php.ini \
|
||||
&& sed -i 's/upload_max_filesize.*/upload_max_filesize = 10M/' /etc/php7/php.ini
|
||||
RUN rm -rf /etc/php8/php-fpm.d/www.conf \
|
||||
&& sed -i 's/post_max_size.*/post_max_size = 10M/' /etc/php8/php.ini \
|
||||
&& sed -i 's/upload_max_filesize.*/upload_max_filesize = 10M/' /etc/php8/php.ini
|
||||
|
||||
|
||||
WORKDIR /var/www
|
||||
|
|
|
@ -1,80 +0,0 @@
|
|||
# Stage 1:
|
||||
# - Copy Shaarli sources
|
||||
# - Build documentation
|
||||
FROM arm32v6/alpine:3.8 as docs
|
||||
ADD . /usr/src/app/shaarli
|
||||
RUN apk --update --no-cache add py2-pip \
|
||||
&& cd /usr/src/app/shaarli \
|
||||
&& pip install --no-cache-dir mkdocs \
|
||||
&& mkdocs build --clean
|
||||
|
||||
# Stage 2:
|
||||
# - Resolve PHP dependencies with Composer
|
||||
FROM arm32v6/alpine:3.8 as composer
|
||||
COPY --from=docs /usr/src/app/shaarli /app/shaarli
|
||||
RUN apk --update --no-cache add php7-curl php7-mbstring composer \
|
||||
&& cd /app/shaarli \
|
||||
&& composer --prefer-dist --no-dev install
|
||||
|
||||
# Stage 3:
|
||||
# - Frontend dependencies
|
||||
FROM arm32v6/alpine:3.8 as node
|
||||
COPY --from=composer /app/shaarli /shaarli
|
||||
RUN apk --update --no-cache add yarn nodejs-current python2 build-base \
|
||||
&& cd /shaarli \
|
||||
&& yarn install \
|
||||
&& yarn run build \
|
||||
&& rm -rf node_modules
|
||||
|
||||
# Stage 4:
|
||||
# - Shaarli image
|
||||
FROM arm32v6/alpine:3.8
|
||||
LABEL maintainer="Shaarli Community"
|
||||
MAINTAINER Shaarli Community
|
||||
|
||||
RUN apk --update --no-cache add \
|
||||
ca-certificates \
|
||||
curl \
|
||||
nginx \
|
||||
php7 \
|
||||
php7-ctype \
|
||||
php7-curl \
|
||||
php7-fpm \
|
||||
php7-gd \
|
||||
php7-iconv \
|
||||
php7-intl \
|
||||
php7-json \
|
||||
php7-mbstring \
|
||||
php7-openssl \
|
||||
php7-phar \
|
||||
php7-session \
|
||||
php7-xml \
|
||||
php7-zlib \
|
||||
s6
|
||||
|
||||
COPY .docker/nginx.conf /etc/nginx/nginx.conf
|
||||
COPY .docker/php-fpm.conf /etc/php7/php-fpm.conf
|
||||
COPY .docker/services.d /etc/services.d
|
||||
|
||||
RUN curl -sS https://getcomposer.org/installer | php7 -- --install-dir=/usr/local/bin --filename=composer \
|
||||
&& rm -rf /etc/php7/php-fpm.d/www.conf \
|
||||
&& sed -i 's/post_max_size.*/post_max_size = 10M/' /etc/php7/php.ini \
|
||||
&& sed -i 's/upload_max_filesize.*/upload_max_filesize = 10M/' /etc/php7/php.ini
|
||||
|
||||
|
||||
WORKDIR /var/www
|
||||
RUN curl -L https://github.com/shaarli/Shaarli/archive/latest.tar.gz | tar xzf - \
|
||||
&& mv Shaarli-latest shaarli \
|
||||
&& cd shaarli \
|
||||
&& composer --prefer-dist --no-dev install \
|
||||
&& rm -rf ~/.composer \
|
||||
&& chown -R nginx:nginx . \
|
||||
&& ln -sf /dev/stdout /var/log/nginx/shaarli.access.log \
|
||||
&& ln -sf /dev/stderr /var/log/nginx/shaarli.error.log
|
||||
|
||||
VOLUME /var/www/shaarli/data
|
||||
|
||||
EXPOSE 80
|
||||
|
||||
ENTRYPOINT ["/bin/s6-svscan", "/etc/services.d"]
|
||||
CMD []
|
87
Makefile
87
Makefile
|
@ -1,9 +1,9 @@
|
|||
# The personal, minimalist, super-fast, database free, bookmarking service.
|
||||
# The personal, minimalist, super fast, database-free, bookmarking service.
|
||||
# Makefile for PHP code analysis & testing, documentation and release generation
|
||||
|
||||
BIN = vendor/bin
|
||||
|
||||
all: static_analysis_summary check_permissions test
|
||||
all: check_permissions test
|
||||
|
||||
##
|
||||
# Docker test adapter
|
||||
|
@ -24,13 +24,16 @@ docker_%:
|
|||
##
|
||||
PHPCS := $(BIN)/phpcs
|
||||
|
||||
# Use GNU Tar where available
|
||||
ifneq (, $(shell which gtar))
|
||||
TAR := gtar
|
||||
else
|
||||
TAR := tar
|
||||
endif
|
||||
|
||||
code_sniffer:
|
||||
@$(PHPCS)
|
||||
|
||||
### - errors filtered by coding standard: PEAR, PSR1, PSR2, Zend...
|
||||
PHPCS_%:
|
||||
@$(PHPCS) --report-full --report-width=200 --standard=$*
|
||||
|
||||
### - errors by Git author
|
||||
code_sniffer_blame:
|
||||
@$(PHPCS) --report-gitblame
|
||||
|
@ -80,10 +83,15 @@ locale_test_%:
|
|||
--testsuite language-$(firstword $(subst _, ,$*))
|
||||
|
||||
all_tests: test locale_test_de_DE locale_test_en_US locale_test_fr_FR
|
||||
@$(BIN)/phpcov merge --html coverage coverage
|
||||
@# --The current version is not compatible with PHP 7.2
|
||||
@#$(BIN)/phpcov merge --html coverage coverage
|
||||
@# --text doesn't work with phpunit 4.* (v5 requires PHP 5.6)
|
||||
@#$(BIN)/phpcov merge --text coverage/txt coverage
|
||||
|
||||
### download 3rd-party PHP libraries, including dev dependencies
|
||||
composer_dependencies_dev: clean
|
||||
composer install --prefer-dist
|
||||
|
||||
##
|
||||
# Custom release archive generation
|
||||
#
|
||||
|
@ -105,24 +113,25 @@ composer_dependencies: clean
|
|||
|
||||
### download 3rd-party frontend libraries
|
||||
frontend_dependencies:
|
||||
yarn install
|
||||
yarnpkg install
|
||||
|
||||
### Build frontend dependencies
|
||||
build_frontend: frontend_dependencies
|
||||
yarn run build
|
||||
yarnpkg run build
|
||||
|
||||
### generate a release tarball and include 3rd-party dependencies and translations
|
||||
release_tar: composer_dependencies htmldoc translate build_frontend
|
||||
git archive --prefix=$(ARCHIVE_PREFIX) -o $(ARCHIVE_VERSION).tar HEAD
|
||||
tar rvf $(ARCHIVE_VERSION).tar --transform "s|^vendor|$(ARCHIVE_PREFIX)vendor|" vendor/
|
||||
tar rvf $(ARCHIVE_VERSION).tar --transform "s|^doc/html|$(ARCHIVE_PREFIX)doc/html|" doc/html/
|
||||
tar rvf $(ARCHIVE_VERSION).tar --transform "s|^tpl|$(ARCHIVE_PREFIX)tpl|" tpl/
|
||||
$(TAR) rvf $(ARCHIVE_VERSION).tar --transform "s|^vendor|$(ARCHIVE_PREFIX)vendor|" vendor/
|
||||
$(TAR) rvf $(ARCHIVE_VERSION).tar --transform "s|^doc/html|$(ARCHIVE_PREFIX)doc/html|" doc/html/
|
||||
$(TAR) rvf $(ARCHIVE_VERSION).tar --transform "s|^tpl|$(ARCHIVE_PREFIX)tpl|" tpl/
|
||||
gzip $(ARCHIVE_VERSION).tar
|
||||
|
||||
### generate a release zip and include 3rd-party dependencies and translations
|
||||
release_zip: composer_dependencies htmldoc translate build_frontend
|
||||
git archive --prefix=$(ARCHIVE_PREFIX) -o $(ARCHIVE_VERSION).zip -9 HEAD
|
||||
mkdir -p $(ARCHIVE_PREFIX)/{doc,vendor}
|
||||
mkdir -p $(ARCHIVE_PREFIX)/doc
|
||||
mkdir -p $(ARCHIVE_PREFIX)/vendor
|
||||
rsync -a doc/html/ $(ARCHIVE_PREFIX)doc/html/
|
||||
zip -r $(ARCHIVE_VERSION).zip $(ARCHIVE_PREFIX)doc/
|
||||
rsync -a vendor/ $(ARCHIVE_PREFIX)vendor/
|
||||
|
@ -138,10 +147,10 @@ release_zip: composer_dependencies htmldoc translate build_frontend
|
|||
### remove all unversioned files
|
||||
clean:
|
||||
@git clean -df
|
||||
@rm -rf sandbox
|
||||
@rm -rf sandbox trivy*
|
||||
|
||||
### generate the AUTHORS file from Git commit information
|
||||
authors:
|
||||
generate_authors:
|
||||
@cp .github/mailmap .mailmap
|
||||
@git shortlog -sne > AUTHORS
|
||||
@rm .mailmap
|
||||
|
@ -150,25 +159,57 @@ authors:
|
|||
phpdoc: clean
|
||||
@docker run --rm -v $(PWD):/data -u `id -u`:`id -g` phpdoc/phpdoc
|
||||
|
||||
### generate HTML documentation from Markdown pages with MkDocs
|
||||
### generate HTML documentation from Markdown pages with Sphinx
|
||||
htmldoc:
|
||||
python3 -m venv venv/
|
||||
bash -c 'source venv/bin/activate; \
|
||||
pip install mkdocs; \
|
||||
mkdocs build --clean'
|
||||
pip install wheel; \
|
||||
pip install sphinx==7.1.0 furo==2023.7.26 myst-parser sphinx-design; \
|
||||
sphinx-build -b html -c doc/ doc/md/ doc/html/'
|
||||
find doc/html/ -type f -exec chmod a-x '{}' \;
|
||||
rm -r venv
|
||||
|
||||
|
||||
### Generate Shaarli's translation compiled file (.mo)
|
||||
translate:
|
||||
@find inc/languages/ -name shaarli.po -execdir msgfmt shaarli.po -o shaarli.mo \;
|
||||
@echo "----------------------"
|
||||
@echo "Compile translation files"
|
||||
@echo "----------------------"
|
||||
@for pofile in `find inc/languages/ -name shaarli.po`; do \
|
||||
echo "Compiling $$pofile"; \
|
||||
msgfmt -v "$$pofile" -o "`dirname "$$pofile"`/`basename "$$pofile" .po`.mo"; \
|
||||
done;
|
||||
|
||||
### Run ESLint check against Shaarli's JS files
|
||||
eslint:
|
||||
@yarn run eslint -c .dev/.eslintrc.js assets/vintage/js/
|
||||
@yarn run eslint -c .dev/.eslintrc.js assets/default/js/
|
||||
@yarnpkg run eslint -c .dev/.eslintrc.js assets/vintage/js/
|
||||
@yarnpkg run eslint -c .dev/.eslintrc.js assets/default/js/
|
||||
@yarnpkg run eslint -c .dev/.eslintrc.js assets/common/js/
|
||||
|
||||
### Run CSSLint check against Shaarli's SCSS files
|
||||
sasslint:
|
||||
@yarn run sass-lint -c .dev/.sasslintrc 'assets/default/scss/*.scss' -v -q
|
||||
@yarnpkg run stylelint --config .dev/.stylelintrc.js 'assets/default/scss/*.scss'
|
||||
|
||||
##
|
||||
# Security scans
|
||||
##
|
||||
|
||||
# trivy version (https://github.com/aquasecurity/trivy/releases)
|
||||
TRIVY_VERSION=0.44.0
|
||||
# default trivy exit code when vulnerabilities are found
|
||||
TRIVY_EXIT_CODE=1
|
||||
# default docker image to scan with trivy
|
||||
TRIVY_TARGET_DOCKER_IMAGE=ghcr.io/shaarli/shaarli:latest
|
||||
|
||||
### download trivy vulneravbility scanner
|
||||
download_trivy:
|
||||
wget --quiet --continue -O trivy_$(TRIVY_VERSION)_Linux-64bit.tar.gz https://github.com/aquasecurity/trivy/releases/download/v$(TRIVY_VERSION)/trivy_$(TRIVY_VERSION)_Linux-64bit.tar.gz
|
||||
tar -z -x trivy -f trivy_$(TRIVY_VERSION)_Linux-64bit.tar.gz
|
||||
|
||||
### run trivy vulnerability scanner on docker image
|
||||
test_trivy_docker: download_trivy
|
||||
./trivy --exit-code $(TRIVY_EXIT_CODE) image $(TRIVY_TARGET_DOCKER_IMAGE)
|
||||
|
||||
### run trivy vulnerability scanner on composer/yarn dependency trees
|
||||
test_trivy_repo: download_trivy
|
||||
./trivy --exit-code $(TRIVY_EXIT_CODE) fs composer.lock
|
||||
./trivy --exit-code $(TRIVY_EXIT_CODE) fs yarn.lock
|
||||
|
|
|
@ -1,17 +1,16 @@
|
|||
![Shaarli logo](doc/md/images/doc-logo.png)
|
||||
|
||||
The personal, minimalist, super-fast, database free, bookmarking service.
|
||||
The personal, minimalist, super fast, database-free, bookmarking service.
|
||||
|
||||
_Do you want to share the links you discover?_
|
||||
_Shaarli is a minimalist link sharing service that you can install on your own server._
|
||||
_It is designed to be personal (single-user), fast and handy._
|
||||
|
||||
[![](https://img.shields.io/badge/stable-v0.11.1-blue.svg)](https://github.com/shaarli/Shaarli/releases/tag/v0.11.1)
|
||||
[![](https://img.shields.io/badge/latest-v0.12.1-blue.svg)](https://github.com/shaarli/Shaarli/releases/tag/v0.12.1)
|
||||
[![](https://img.shields.io/badge/master-v0.12.x-blue.svg)](https://github.com/shaarli/Shaarli)
|
||||
[![](https://img.shields.io/badge/stable-v0.12.2-blue.svg)](https://github.com/shaarli/Shaarli/releases/tag/v0.11.1)
|
||||
[![](https://img.shields.io/badge/latest-v0.13.0-blue.svg)](https://github.com/shaarli/Shaarli/releases/tag/v0.12.2)
|
||||
[![](https://img.shields.io/badge/master-v0.13.x-blue.svg)](https://github.com/shaarli/Shaarli)
|
||||
[![](https://github.com/shaarli/Shaarli/actions/workflows/ci.yml/badge.svg)](https://github.com/shaarli/Shaarli/actions)
|
||||
[![Join the chat at https://gitter.im/shaarli/Shaarli](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/shaarli/Shaarli)
|
||||
[![Bountysource](https://www.bountysource.com/badge/team?team_id=19583&style=bounties_received)](https://www.bountysource.com/teams/shaarli/issues)
|
||||
[![Docker repository](https://img.shields.io/docker/pulls/shaarli/shaarli.svg)](https://github.com/shaarli/Shaarli/pkgs/container/shaarli)
|
||||
|
||||
## Quickstart
|
||||
|
|
|
@ -1,246 +0,0 @@
|
|||
<?php
|
||||
namespace Shaarli;
|
||||
|
||||
use Exception;
|
||||
use Shaarli\Config\ConfigManager;
|
||||
|
||||
/**
|
||||
* Shaarli (application) utilities
|
||||
*/
|
||||
class ApplicationUtils
|
||||
{
|
||||
/**
|
||||
* @var string File containing the current version
|
||||
*/
|
||||
public static $VERSION_FILE = 'shaarli_version.php';
|
||||
|
||||
private static $GIT_URL = 'https://raw.githubusercontent.com/shaarli/Shaarli';
|
||||
private static $GIT_BRANCHES = array('latest', 'stable');
|
||||
private static $VERSION_START_TAG = '<?php /* ';
|
||||
private static $VERSION_END_TAG = ' */ ?>';
|
||||
|
||||
/**
|
||||
* Gets the latest version code from the Git repository
|
||||
*
|
||||
* The code is read from the raw content of the version file on the Git server.
|
||||
*
|
||||
* @param string $url URL to reach to get the latest version.
|
||||
* @param int $timeout Timeout to check the URL (in seconds).
|
||||
*
|
||||
* @return mixed the version code from the repository if available, else 'false'
|
||||
*/
|
||||
public static function getLatestGitVersionCode($url, $timeout = 2)
|
||||
{
|
||||
list($headers, $data) = get_http_response($url, $timeout);
|
||||
|
||||
if (strpos($headers[0], '200 OK') === false) {
|
||||
error_log('Failed to retrieve ' . $url);
|
||||
return false;
|
||||
}
|
||||
|
||||
return $data;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve the version from a remote URL or a file.
|
||||
*
|
||||
* @param string $remote URL or file to fetch.
|
||||
* @param int $timeout For URLs fetching.
|
||||
*
|
||||
* @return bool|string The version or false if it couldn't be retrieved.
|
||||
*/
|
||||
public static function getVersion($remote, $timeout = 2)
|
||||
{
|
||||
if (startsWith($remote, 'http')) {
|
||||
if (($data = static::getLatestGitVersionCode($remote, $timeout)) === false) {
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
if (!is_file($remote)) {
|
||||
return false;
|
||||
}
|
||||
$data = file_get_contents($remote);
|
||||
}
|
||||
|
||||
return str_replace(
|
||||
array(self::$VERSION_START_TAG, self::$VERSION_END_TAG, PHP_EOL),
|
||||
array('', '', ''),
|
||||
$data
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if a new Shaarli version has been published on the Git repository
|
||||
*
|
||||
* Updates checks are run periodically, according to the following criteria:
|
||||
* - the update checks are enabled (install, global config);
|
||||
* - the user is logged in (or this is an open instance);
|
||||
* - the last check is older than a given interval;
|
||||
* - the check is non-blocking if the HTTPS connection to Git fails;
|
||||
* - in case of failure, the update file's modification date is updated,
|
||||
* to avoid intempestive connection attempts.
|
||||
*
|
||||
* @param string $currentVersion the current version code
|
||||
* @param string $updateFile the file where to store the latest version code
|
||||
* @param int $checkInterval the minimum interval between update checks (in seconds
|
||||
* @param bool $enableCheck whether to check for new versions
|
||||
* @param bool $isLoggedIn whether the user is logged in
|
||||
* @param string $branch check update for the given branch
|
||||
*
|
||||
* @throws Exception an invalid branch has been set for update checks
|
||||
*
|
||||
* @return mixed the new version code if available and greater, else 'false'
|
||||
*/
|
||||
public static function checkUpdate(
|
||||
$currentVersion,
|
||||
$updateFile,
|
||||
$checkInterval,
|
||||
$enableCheck,
|
||||
$isLoggedIn,
|
||||
$branch = 'stable'
|
||||
) {
|
||||
// Do not check versions for visitors
|
||||
// Do not check if the user doesn't want to
|
||||
// Do not check with dev version
|
||||
if (!$isLoggedIn || empty($enableCheck) || $currentVersion === 'dev') {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (is_file($updateFile) && (filemtime($updateFile) > time() - $checkInterval)) {
|
||||
// Shaarli has checked for updates recently - skip HTTP query
|
||||
$latestKnownVersion = file_get_contents($updateFile);
|
||||
|
||||
if (version_compare($latestKnownVersion, $currentVersion) == 1) {
|
||||
return $latestKnownVersion;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!in_array($branch, self::$GIT_BRANCHES)) {
|
||||
throw new Exception(
|
||||
'Invalid branch selected for updates: "' . $branch . '"'
|
||||
);
|
||||
}
|
||||
|
||||
// Late Static Binding allows overriding within tests
|
||||
// See http://php.net/manual/en/language.oop5.late-static-bindings.php
|
||||
$latestVersion = static::getVersion(
|
||||
self::$GIT_URL . '/' . $branch . '/' . self::$VERSION_FILE
|
||||
);
|
||||
|
||||
if (!$latestVersion) {
|
||||
// Only update the file's modification date
|
||||
file_put_contents($updateFile, $currentVersion);
|
||||
return false;
|
||||
}
|
||||
|
||||
// Update the file's content and modification date
|
||||
file_put_contents($updateFile, $latestVersion);
|
||||
|
||||
if (version_compare($latestVersion, $currentVersion) == 1) {
|
||||
return $latestVersion;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks the PHP version to ensure Shaarli can run
|
||||
*
|
||||
* @param string $minVersion minimum PHP required version
|
||||
* @param string $curVersion current PHP version (use PHP_VERSION)
|
||||
*
|
||||
* @throws Exception the PHP version is not supported
|
||||
*/
|
||||
public static function checkPHPVersion($minVersion, $curVersion)
|
||||
{
|
||||
if (version_compare($curVersion, $minVersion) < 0) {
|
||||
$msg = t(
|
||||
'Your PHP version is obsolete!'
|
||||
. ' Shaarli requires at least PHP %s, and thus cannot run.'
|
||||
. ' Your PHP version has known security vulnerabilities and should be'
|
||||
. ' updated as soon as possible.'
|
||||
);
|
||||
throw new Exception(sprintf($msg, $minVersion));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks Shaarli has the proper access permissions to its resources
|
||||
*
|
||||
* @param ConfigManager $conf Configuration Manager instance.
|
||||
*
|
||||
* @return array A list of the detected configuration issues
|
||||
*/
|
||||
public static function checkResourcePermissions($conf)
|
||||
{
|
||||
$errors = array();
|
||||
$rainTplDir = rtrim($conf->get('resource.raintpl_tpl'), '/');
|
||||
|
||||
// Check script and template directories are readable
|
||||
foreach (array(
|
||||
'application',
|
||||
'inc',
|
||||
'plugins',
|
||||
$rainTplDir,
|
||||
$rainTplDir . '/' . $conf->get('resource.theme'),
|
||||
) as $path) {
|
||||
if (!is_readable(realpath($path))) {
|
||||
$errors[] = '"' . $path . '" ' . t('directory is not readable');
|
||||
}
|
||||
}
|
||||
|
||||
// Check cache and data directories are readable and writable
|
||||
foreach (array(
|
||||
$conf->get('resource.thumbnails_cache'),
|
||||
$conf->get('resource.data_dir'),
|
||||
$conf->get('resource.page_cache'),
|
||||
$conf->get('resource.raintpl_tmp'),
|
||||
) as $path) {
|
||||
if (!is_readable(realpath($path))) {
|
||||
$errors[] = '"' . $path . '" ' . t('directory is not readable');
|
||||
}
|
||||
if (!is_writable(realpath($path))) {
|
||||
$errors[] = '"' . $path . '" ' . t('directory is not writable');
|
||||
}
|
||||
}
|
||||
|
||||
// Check configuration files are readable and writable
|
||||
foreach (array(
|
||||
$conf->getConfigFileExt(),
|
||||
$conf->get('resource.datastore'),
|
||||
$conf->get('resource.ban_file'),
|
||||
$conf->get('resource.log'),
|
||||
$conf->get('resource.update_check'),
|
||||
) as $path) {
|
||||
if (!is_file(realpath($path))) {
|
||||
# the file may not exist yet
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!is_readable(realpath($path))) {
|
||||
$errors[] = '"' . $path . '" ' . t('file is not readable');
|
||||
}
|
||||
if (!is_writable(realpath($path))) {
|
||||
$errors[] = '"' . $path . '" ' . t('file is not writable');
|
||||
}
|
||||
}
|
||||
|
||||
return $errors;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a salted hash representing the current Shaarli version.
|
||||
*
|
||||
* Useful for assets browser cache.
|
||||
*
|
||||
* @param string $currentVersion of Shaarli
|
||||
* @param string $salt User personal salt, also used for the authentication
|
||||
*
|
||||
* @return string version hash
|
||||
*/
|
||||
public static function getVersionHash($currentVersion, $salt)
|
||||
{
|
||||
return hash_hmac('sha256', $currentVersion, $salt);
|
||||
}
|
||||
}
|
|
@ -1,84 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Shaarli;
|
||||
|
||||
use Shaarli\Exceptions\IOException;
|
||||
|
||||
/**
|
||||
* Class FileUtils
|
||||
*
|
||||
* Utility class for file manipulation.
|
||||
*/
|
||||
class FileUtils
|
||||
{
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
protected static $phpPrefix = '<?php /* ';
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
protected static $phpSuffix = ' */ ?>';
|
||||
|
||||
/**
|
||||
* Write data into a file (Shaarli database format).
|
||||
* The data is stored in a PHP file, as a comment, in compressed base64 format.
|
||||
*
|
||||
* The file will be created if it doesn't exist.
|
||||
*
|
||||
* @param string $file File path.
|
||||
* @param mixed $content Content to write.
|
||||
*
|
||||
* @return int|bool Number of bytes written or false if it fails.
|
||||
*
|
||||
* @throws IOException The destination file can't be written.
|
||||
*/
|
||||
public static function writeFlatDB($file, $content)
|
||||
{
|
||||
if (is_file($file) && !is_writeable($file)) {
|
||||
// The datastore exists but is not writeable
|
||||
throw new IOException($file);
|
||||
} elseif (!is_file($file) && !is_writeable(dirname($file))) {
|
||||
// The datastore does not exist and its parent directory is not writeable
|
||||
throw new IOException(dirname($file));
|
||||
}
|
||||
|
||||
return file_put_contents(
|
||||
$file,
|
||||
self::$phpPrefix . base64_encode(gzdeflate(serialize($content))) . self::$phpSuffix
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Read data from a file containing Shaarli database format content.
|
||||
*
|
||||
* If the file isn't readable or doesn't exist, default data will be returned.
|
||||
*
|
||||
* @param string $file File path.
|
||||
* @param mixed $default The default value to return if the file isn't readable.
|
||||
*
|
||||
* @return mixed The content unserialized, or default if the file isn't readable, or false if it fails.
|
||||
*/
|
||||
public static function readFlatDB($file, $default = null)
|
||||
{
|
||||
// Note that gzinflate is faster than gzuncompress.
|
||||
// See: http://www.php.net/manual/en/function.gzdeflate.php#96439
|
||||
if (!is_readable($file)) {
|
||||
return $default;
|
||||
}
|
||||
|
||||
$data = file_get_contents($file);
|
||||
if ($data == '') {
|
||||
return $default;
|
||||
}
|
||||
|
||||
return unserialize(
|
||||
gzinflate(
|
||||
base64_decode(
|
||||
substr($data, strlen(self::$phpPrefix), -strlen(self::$phpSuffix))
|
||||
)
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
|
@ -1,184 +0,0 @@
|
|||
<?php
|
||||
namespace Shaarli;
|
||||
|
||||
/**
|
||||
* Class Router
|
||||
*
|
||||
* (only displayable pages here)
|
||||
*/
|
||||
class Router
|
||||
{
|
||||
public static $AJAX_THUMB_UPDATE = 'ajax_thumb_update';
|
||||
|
||||
public static $PAGE_LOGIN = 'login';
|
||||
|
||||
public static $PAGE_PICWALL = 'picwall';
|
||||
|
||||
public static $PAGE_TAGCLOUD = 'tagcloud';
|
||||
|
||||
public static $PAGE_TAGLIST = 'taglist';
|
||||
|
||||
public static $PAGE_DAILY = 'daily';
|
||||
|
||||
public static $PAGE_FEED_ATOM = 'atom';
|
||||
|
||||
public static $PAGE_FEED_RSS = 'rss';
|
||||
|
||||
public static $PAGE_TOOLS = 'tools';
|
||||
|
||||
public static $PAGE_CHANGEPASSWORD = 'changepasswd';
|
||||
|
||||
public static $PAGE_CONFIGURE = 'configure';
|
||||
|
||||
public static $PAGE_CHANGETAG = 'changetag';
|
||||
|
||||
public static $PAGE_ADDLINK = 'addlink';
|
||||
|
||||
public static $PAGE_EDITLINK = 'edit_link';
|
||||
|
||||
public static $PAGE_DELETELINK = 'delete_link';
|
||||
|
||||
public static $PAGE_CHANGE_VISIBILITY = 'change_visibility';
|
||||
|
||||
public static $PAGE_PINLINK = 'pin';
|
||||
|
||||
public static $PAGE_EXPORT = 'export';
|
||||
|
||||
public static $PAGE_IMPORT = 'import';
|
||||
|
||||
public static $PAGE_OPENSEARCH = 'opensearch';
|
||||
|
||||
public static $PAGE_LINKLIST = 'linklist';
|
||||
|
||||
public static $PAGE_PLUGINSADMIN = 'pluginadmin';
|
||||
|
||||
public static $PAGE_SAVE_PLUGINSADMIN = 'save_pluginadmin';
|
||||
|
||||
public static $PAGE_THUMBS_UPDATE = 'thumbs_update';
|
||||
|
||||
public static $GET_TOKEN = 'token';
|
||||
|
||||
/**
|
||||
* Reproducing renderPage() if hell, to avoid regression.
|
||||
*
|
||||
* This highlights how bad this needs to be rewrite,
|
||||
* but let's focus on plugins for now.
|
||||
*
|
||||
* @param string $query $_SERVER['QUERY_STRING'].
|
||||
* @param array $get $_SERVER['GET'].
|
||||
* @param bool $loggedIn true if authenticated user.
|
||||
*
|
||||
* @return string page found.
|
||||
*/
|
||||
public static function findPage($query, $get, $loggedIn)
|
||||
{
|
||||
$loggedIn = ($loggedIn === true) ? true : false;
|
||||
|
||||
if (empty($query) && !isset($get['edit_link']) && !isset($get['post'])) {
|
||||
return self::$PAGE_LINKLIST;
|
||||
}
|
||||
|
||||
if (startsWith($query, 'do=' . self::$PAGE_LOGIN) && $loggedIn === false) {
|
||||
return self::$PAGE_LOGIN;
|
||||
}
|
||||
|
||||
if (startsWith($query, 'do=' . self::$PAGE_PICWALL)) {
|
||||
return self::$PAGE_PICWALL;
|
||||
}
|
||||
|
||||
if (startsWith($query, 'do=' . self::$PAGE_TAGCLOUD)) {
|
||||
return self::$PAGE_TAGCLOUD;
|
||||
}
|
||||
|
||||
if (startsWith($query, 'do=' . self::$PAGE_TAGLIST)) {
|
||||
return self::$PAGE_TAGLIST;
|
||||
}
|
||||
|
||||
if (startsWith($query, 'do=' . self::$PAGE_OPENSEARCH)) {
|
||||
return self::$PAGE_OPENSEARCH;
|
||||
}
|
||||
|
||||
if (startsWith($query, 'do=' . self::$PAGE_DAILY)) {
|
||||
return self::$PAGE_DAILY;
|
||||
}
|
||||
|
||||
if (startsWith($query, 'do=' . self::$PAGE_FEED_ATOM)) {
|
||||
return self::$PAGE_FEED_ATOM;
|
||||
}
|
||||
|
||||
if (startsWith($query, 'do=' . self::$PAGE_FEED_RSS)) {
|
||||
return self::$PAGE_FEED_RSS;
|
||||
}
|
||||
|
||||
if (startsWith($query, 'do=' . self::$PAGE_THUMBS_UPDATE)) {
|
||||
return self::$PAGE_THUMBS_UPDATE;
|
||||
}
|
||||
|
||||
if (startsWith($query, 'do=' . self::$AJAX_THUMB_UPDATE)) {
|
||||