From c002ca9c6ba1d40cda342ca85fb48acda39d7e52 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 10 Nov 2013 22:50:34 +0100
Subject: [PATCH 1/3] smallHash: simplified and improved performance

Unchanged behaviour
---
 index.php | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/index.php b/index.php
index 0465a4e..24fbe43 100644
--- a/index.php
+++ b/index.php
@@ -221,7 +221,7 @@ function nl2br_escaped($html)
     return str_replace('>','&gt;',str_replace('<','&lt;',nl2br($html)));
 }
 
-/* Returns the small hash of a string
+/* Returns the small hash of a string, using RFC 4648 base64url format
    eg. smallHash('20111006_131924') --> yZH23w
    Small hashes:
      - are unique (well, as unique as crc32, at last)
@@ -233,10 +233,7 @@ function nl2br_escaped($html)
 function smallHash($text)
 {
     $t = rtrim(base64_encode(hash('crc32',$text,true)),'=');
-    $t = str_replace('+','-',$t); // Get rid of characters which need encoding in URLs.
-    $t = str_replace('/','_',$t);
-    $t = str_replace('=','@',$t);
-    return $t;
+    return strtr($t, '+/', '-_');
 }
 
 // In a string, converts urls to clickable links.

From 53da201749f8f362323ef278bf338f1d9f7a925a Mon Sep 17 00:00:00 2001
From: Sebastien SAUVAGE <sebsauvage@sebsauvage.net>
Date: Fri, 29 Nov 2013 21:53:20 +0100
Subject: [PATCH 2/3] XSS flaw correction

Closes issue https://github.com/sebsauvage/Shaarli/issues/134
---
 index.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/index.php b/index.php
index 0465a4e..884b2af 100644
--- a/index.php
+++ b/index.php
@@ -942,7 +942,7 @@ function showRSS()
         echo '<description><![CDATA['.nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description'])))).$descriptionlink.']]></description>'."\n</item>\n";
         $i++;
     }
-    echo '</channel></rss><!-- Cached version of '.pageUrl().' -->';
+    echo '</channel></rss><!-- Cached version of '.htmlspecialchars(pageUrl()).' -->';
 
     $cache->cache(ob_get_contents());
     ob_end_flush();
@@ -1027,7 +1027,7 @@ function showATOM()
     $feed.='<author><name>'.htmlspecialchars($pageaddr).'</name><uri>'.htmlspecialchars($pageaddr).'</uri></author>';
     $feed.='<id>'.htmlspecialchars($pageaddr).'</id>'."\n\n"; // Yes, I know I should use a real IRI (RFC3987), but the site URL will do.
     $feed.=$entries;
-    $feed.='</feed><!-- Cached version of '.pageUrl().' -->';
+    $feed.='</feed><!-- Cached version of '.htmlspecialchars(pageUrl()).' -->';
     echo $feed;
 
     $cache->cache(ob_get_contents());
@@ -1104,7 +1104,7 @@ function showDailyRSS()
         echo '<description><![CDATA['.$html.']]></description>'."\n</item>\n\n";
 
     }
-    echo '</channel></rss><!-- Cached version of '.pageUrl().' -->';
+    echo '</channel></rss><!-- Cached version of '.htmlspecialchars(pageUrl()).' -->';
 
     $cache->cache(ob_get_contents());
     ob_end_flush();
@@ -1747,11 +1747,11 @@ function importFile()
         }
         $LINKSDB->savedb();
 
-        echo '<script language="JavaScript">alert("File '.$filename.' ('.$filesize.' bytes) was successfully processed: '.$import_count.' links imported.");document.location=\'?\';</script>';
+        echo '<script language="JavaScript">alert("File '.json_encode($filename).' ('.$filesize.' bytes) was successfully processed: '.$import_count.' links imported.");document.location=\'?\';</script>';
     }
     else
     {
-        echo '<script language="JavaScript">alert("File '.$filename.' ('.$filesize.' bytes) has an unknown file format. Nothing was imported.");document.location=\'?\';</script>';
+        echo '<script language="JavaScript">alert("File '.json_encode($filename).' ('.$filesize.' bytes) has an unknown file format. Nothing was imported.");document.location=\'?\';</script>';
     }
 }
 

From 067e66acfee19019ea3c1efa7f4ea305259bbd74 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20SAUVAGE?= <sebsauvage@sebsauvage.net>
Date: Wed, 4 Dec 2013 13:55:42 +0100
Subject: [PATCH 3/3] Corrected overlapping tags

---
 inc/shaarli.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/shaarli.css b/inc/shaarli.css
index 52a4820..36daa51 100644
--- a/inc/shaarli.css
+++ b/inc/shaarli.css
@@ -239,7 +239,7 @@ cursor:pointer;
 .linkdescription { color:#000; margin-top:0; margin-bottom:12px; font-weight:normal; max-height:400px; overflow:auto; }
 .linkdescription a { text-decoration: none; color:#3465A4; }
 .linkdescription a:hover { color:#F57900; }
-.linktaglist { padding-top:10px;}
+.linktaglist { padding-top:10px; line-height:200%;}
 .linktag {
 
 font-size:9pt;