nodiscc
3e361b0394
Redirect to homepage after adding a link via "Add Link" dialog
...
* Fixes https://github.com/shaarli/Shaarli/issues/115
2015-05-05 15:19:29 +02:00
ArthurHoaro
f2391a5793
Fixes shaarli/Shaarli#46 : allow 'javascript:' links sharing
2015-05-05 15:17:25 +02:00
Knah Tsaeb
6f4fd910a9
[add] markdown support
2015-05-05 11:41:43 +02:00
Knah Tsaeb
086adcd4a9
[fix] bad detection of favicon url
2015-01-30 10:47:07 +01:00
Knah Tsaeb
f0bec991d0
Merge branch 'favicon' into myShaarli
...
Conflicts:
index.php
2015-01-30 09:37:52 +01:00
Knah Tsaeb
268682859a
[add] show favicon of site
...
[add] fetch and cache favicon
2015-01-29 16:59:59 +01:00
Knah Tsaeb
0396d42bba
Merge branch 'master' into myShaarli
2014-02-12 10:51:35 +01:00
Knah Tsaeb
921e7020c9
Merge via branch
2014-01-03 09:49:24 +01:00
Knah Tsaeb
f1a8ca9cc8
[fix] warning in search form when empty via field
2014-01-03 09:39:02 +01:00
Knah Tsaeb
4123658eae
[upd] change via message (@via to Origine ⇒)
...
[fix] via field for atom
[fix] warning when add new link
2013-12-19 09:53:12 +01:00
Knah Tsaeb
8e2b06fd78
[fix] warning when add new link
2013-12-19 09:37:57 +01:00
Knah Tsaeb
b55c95e172
Merge branch 'master' into myShaarli
2013-12-19 09:30:59 +01:00
Knah Tsaeb
5f9bf1b96e
Merge branch 'master' into via
2013-12-19 09:30:20 +01:00
Christophe HENRY
ae00595b1c
A real "Stay signed in": keep the connection
...
Instead of trusting the php session, it uses a cookie. The php session
sooner or later is distroyed if not used. It depends upon the server
settings. Using a cookie ensures that one really stays signed in.
Dev notes: I wanted to avoid merge conflicts, stay with the main
developper standards and keep the "index.php" in one file. That's why
the code may not be that nice. My own dev level my also explain.
2013-12-05 22:26:04 +01:00
Sébastien SAUVAGE
ab0638edb0
Merge pull request #145 from Alkarex/patch-1
...
smallHash: simplified and improved performance
2013-11-29 13:01:08 -08:00
Sebastien SAUVAGE
53da201749
XSS flaw correction
...
Closes issue https://github.com/sebsauvage/Shaarli/issues/134
2013-11-29 21:53:20 +01:00
Knah Tsaeb
06d803e78e
[upd] change via message (@via to Origine =>)
...
[fix] via field for atom
2013-11-21 16:50:48 +01:00
Alexandre Alapetite
c002ca9c6b
smallHash: simplified and improved performance
...
Unchanged behaviour
2013-11-10 22:50:34 +01:00
Knah Tsaeb
e8633c6bbe
[fix] add url prefix for smallhash url for external thumbshot
2013-10-14 14:41:14 +02:00
Knah Tsaeb
3c49d5a29a
Merge branch 'master' of git://github.com/sebsauvage/Shaarli into via
2013-10-11 15:23:24 +02:00
Knah Tsaeb
040eb18ec8
Add source of link (via imput)
2013-10-11 15:18:37 +02:00
Sebastien SAUVAGE
7b2186a63e
Corrected field focus in bookmarklet
...
Focus was not properly given to description field when it's empty.
2013-09-27 17:08:31 +02:00
Knah Tsaeb
6cb22b63c5
Merge branch 'master' into myShaarli
...
Conflicts:
tpl/page.header.html
tpl/picwall.html
tpl/tagcloud.html
2013-09-27 09:53:07 +02:00
Knah Tsaeb
6f5933d23f
Sync with SebSauvage repo
2013-09-27 09:38:01 +02:00
Sébastien SAUVAGE
58a8f4cab4
Default example private link changed
...
Default example private link changed from pastebin to ZeroBin.
2013-09-25 10:41:31 +02:00
Sebastien SAUVAGE
c677013b93
Added nb=all to get all links in RSS/ATOM feed.
2013-09-24 22:39:40 +02:00
Knah Tsaeb
1f9886dc51
Merge branch 'master' into myShaarli
...
Conflicts:
index.php
2013-09-24 13:55:49 +02:00
Sébastien SAUVAGE
eea58b3d5a
Merge pull request #87 from LionelMartin/3385af123f6b4dfc59aeaa69f180381307b64368
...
Added a json_encode implementation for PHP < 5.2 (free.fr)
2013-09-24 02:20:06 -07:00
Sébastien SAUVAGE
3fac0a5257
Added tags+private in shaarli URL
...
Manually merged pull request https://github.com/sebsauvage/Shaarli/pull/99
2013-09-24 11:17:22 +02:00
Sébastien SAUVAGE
85c0205876
Merge pull request #112 from BoboTiG/master
...
RSS/Atom: add a parameter to print only the N last links
2013-09-24 02:10:18 -07:00
Sébastien SAUVAGE
0b88c6022d
Merge pull request #118 from Alkarex/patch-1
...
Corrected error message for lack of write access in ./data
2013-09-24 02:07:21 -07:00
Sébastien SAUVAGE
c4bbb01064
Merge pull request #125 from broncowdd/master
...
Added the possibility to put a description in the bookmarklet's URL
2013-09-24 02:03:26 -07:00
Sébastien SAUVAGE
fdc3c114d1
Merge pull request #126 from Alkarex/Milliseconds
...
Import: add compatibility for milliseconds in NETSCAPE-Bookmark
2013-09-24 02:02:33 -07:00
Alexandre Alapetite
fc93ae1d1a
Import NETSCAPE-Bookmark compatible milliseconds
...
NETSCAPE-Bookmark sometimes contains dates as milliseconds instead of
seconds.
For instance, this is the case of the files gererated for Google +1s by
Google Takeout.
This patch make these files compatible.
2013-09-21 18:15:41 +02:00
Bronco
b607a4c503
Added the possibility to put a description in the bookmarklet's URL
...
Conflicts:
index.php
2013-09-16 12:02:34 +02:00
lehollandaisvolant
fb57aab74d
Ajout d’un UA lors de la récupération d’une page externe (certains site veulent un UA)
2013-09-16 11:47:42 +02:00
Bronco
3057373a25
Added the possibility to put a description in the bookmarklet's URL
2013-09-16 10:32:02 +02:00
lehollandaisvolant
03545ef691
Ajout d’un UA lors de la récupération d’une page externe (certains site veulent un UA)
2013-09-03 15:55:13 +02:00
Alexandre Alapetite
ff63b7d111
Corrected error message for lack of write access in ./data
2013-08-23 17:02:15 +02:00
Knah Tsaeb
64f4f387a0
[fix] PHP notice error
2013-08-20 15:01:45 +02:00
Knah Tsaeb
588c4e4be4
Merge branch 'master' into myShaarli
2013-08-07 10:11:37 +02:00
Sebastien SAUVAGE
002ef0e5c8
Better encoding handling in title parsing
...
Thanks to a patch from Le Hollandais Volant.
2013-08-03 22:10:04 +02:00
Sebastien SAUVAGE
f6a6ca0aec
SERVER_NAME changed to HTTP_HOST
...
SERVER_NAME changed to HTTP_HOST because SERVER_NAME can cause problems
on some misconfigured hosts. HTTP_HOST is usually more reliable with
those servers. (cf.
http://stackoverflow.com/questions/2297403/http-host-vs-server-name ).
This should cause less problem on most hosts.
2013-08-03 22:00:09 +02:00
BoboTiG
fbd9e52716
RSS/Atom: add a parameter to print only the N last links
2013-07-26 08:57:19 +02:00
Lionel Martin
3385af123f
Added json_encode implementation for php<5.2
2013-05-20 19:00:28 +02:00
Knah Tsaeb
12e74779c4
[fix] small bug (bad empty test)
2013-05-03 10:44:24 +02:00
Knah Tsaeb
c2d24b7827
[add] via input
2013-04-30 16:20:54 +02:00
Christophe HENRY
6888cc6f90
Adds a configuration variable "titleLink" which allows to customize the
...
link on the title.
Conflicts:
tpl/page.header.html
2013-03-29 16:56:24 +01:00
Knah Tsaeb
01f59ddf63
Change the tagcloud generation for better variaous size.
2013-03-29 15:51:56 +01:00
Knah Tsaeb
8f2c12ce6a
[add] option for use external service for thumbshot
2013-03-19 17:22:50 +01:00
Sébastien SAUVAGE
87e3d65023
Merge pull request #42 from matchab/master
...
Timezone par défaut
2013-03-11 01:59:48 -07:00
David Sferruzza
a908244cc4
Fix bug producing invalid HTML
2013-03-10 19:03:34 +01:00
Mathieu Chabanon
cb49ab945f
Avoid a strict standard error when php.ini do not define the default
...
timezone.
2013-03-10 14:06:12 +01:00
Sébastien SAUVAGE
310f3ca007
Version 0.0.41 beta
2013-03-08 10:14:31 +01:00
Sebastien SAUVAGE
75e199d606
Correction for login problem with webkit browsers on sub-domain hosted Shaarli.
2013-03-06 23:31:18 +01:00
Sebastien SAUVAGE
979d6334e7
Added second check to write rights.
...
(Because on some hosts is_writable() is not reliable.)
2013-03-04 21:26:06 +01:00
Sebastien SAUVAGE
f2cb5f95a9
Check that Shaarli has the right to write in its own directory.
...
Because some user forget to check this at installation.
2013-03-04 21:14:07 +01:00
Sebastien SAUVAGE
8a80e4fe07
Got rid of small display bugs before installation.
2013-03-04 21:02:24 +01:00
Knah Tsaeb
bb8f712db6
[add] https://github.com/sebsauvage/Shaarli/issues/20 New links created as private by default.
2013-03-04 10:18:39 +01:00
Sebastien SAUVAGE
dd064cc315
Added https to list of authorized protocols.
2013-03-03 22:49:10 +01:00
Sebastien SAUVAGE
feebc6d466
Corrected vulnerabilities (see report below)
...
Title : Shaarli Vulnerabilities
Author : @erwan_lr | @_WPScan_
Vendor : http://sebsauvage.net/wiki/doku.php?id=php:shaarli
Download : https://github.com/sebsauvage/Shaarli/archive/master.zip |
http://sebsauvage.net/files/shaarli_0.0.40beta.zip
Affected versions : master-705F835, 0.0.40-beta (versions below may also
be vulnerable)
Vulnerabilities : Persistent XSS & Unvalidated Redirects and Forwards
Persistent XSS :
- During the instalation or configuration modification, the title field
is vulnerable. e.g <script>alert(1)</script>
Quotes can not be used because of var_export(), but String.fromCharCode
works
- The url field of a link is vulnerable :
When there is no redirector : javascript:alert(1)
Then, the code is triggered when a user click the url of a link
Or with a classic XSS : "><script>alert(1)</script>
Unvalidated Redirects and Forwards :
A request with the param linksperpage or privateonly can be used to
redirect a user to an arbitrary referer
e.g
GET /Audit/Shaarli/master-705f835/?linksperpage=10 HTTP/1.1
Host: 127.0.0.1
Referer: https://duckduckgo.com
History :
March 2, 2013
- Vendor contacted
2013-03-03 22:15:38 +01:00
Sebastien SAUVAGE
705f8355a9
Proper redirect in popup when login fails.
...
This corrects issue https://github.com/sebsauvage/Shaarli/issues/10
2013-03-02 14:07:00 +01:00
Sebastien SAUVAGE
858c5c2b43
Added option to disable jQuery and heavy javascript
...
Shaarli uses light Javascript in its normal operation, and some jQuery
for some features (autocomplete in tags, QR-Code popup...).
jQuery can be slow on small computers. An option has been added in
configuration screen to disable javascript features which are hard on
CPU.
(Note that the Picture Wall is awfully heavy *without* jQuery.)
(Side note: A *LOT* of users want Shaarli to work without javasript at
all, if possible. That's why I try to use as few javascript as possible:
It keeps Shaarli pages fast.)
2013-03-01 22:21:10 +01:00
Sebastien SAUVAGE
58046a19ae
URL source in cached RSS feeds.
2013-03-01 17:43:20 +01:00
Sebastien SAUVAGE
dd62b9ba2a
Sort tags
2013-03-01 17:09:52 +01:00
Sebastien SAUVAGE
925f6108ba
Corrected: "Nothing found" when logging out when only private links were displayed.
...
This closes the issues https://github.com/sebsauvage/Shaarli/issues/25
2013-03-01 16:57:34 +01:00
Sébastien SAUVAGE
3e0ef647a3
RSS patch for Thunderbird (and some RSS clients).
...
In the RSS specifications, the "link" tags contains the URL to follow,
and the "guid" contains a unique identifier (which may or may not be an
URL).
RSS clients should always use "link" to follow the link (and most do),
but Thunderbird uses the "guid" if it find a valid URL inside (and only
falls back to "link" if "guid" is not an URL).
I have patched the RSS feed so that Thunderbird ignores the URL in guid.
2013-02-28 14:48:11 +01:00
Sébastien SAUVAGE
f37664a2b8
Check that sessions work before installation.
...
This is necessary because some hosts do not have a properly set
session.save_path parameter in php config, or do not have write access
to the directory.
2013-02-28 10:37:43 +01:00
Sébastien SAUVAGE
a1f5a6ec17
Improved token security
...
...by adding salt. These token are used in form which act on data to
prevent CSRF attacks.
This closes issue https://github.com/sebsauvage/Shaarli/issues/24
2013-02-28 09:19:00 +01:00
Sebastien SAUVAGE
9e8209064d
Corrected thumbnail creation.
...
Because some systems do not allow file overwriting when doing a
rename().
2013-02-27 21:24:41 +01:00
Sébastien SAUVAGE
b342b2a4c7
After clicking save/cancel on a link, scroll to the link itself.
2013-02-27 18:24:07 +01:00
Sébastien SAUVAGE
9e975d86e4
Remove script name from URL if it's index.php
...
(for better looking URLs, eg. http://mysite.com/shaarli/?abcde instead
of http://mysite.com/shaarli/index.php?abcde )
2013-02-27 16:52:32 +01:00
Sébastien SAUVAGE
2abd39052d
Link in description & option to invert link/permalink.
...
Patch for issue https://github.com/sebsauvage/Shaarli/issues/19
Now:
* The (perma)link is added at the bottom of description.
* If "permalinks" is added in URL parameters, link/permalinks will be
swapped.
eg.
* Normal link in title + permalink in description:
http://mysite.com/shaarli/?do=rss
* Permalink in title + normal link in description :
http://mysite.com/shaarli/?do=rss&permalinks
It works for the ATOM feed too.
(Happy ? :-D )
2013-02-27 16:39:16 +01:00
Sébastien SAUVAGE
30b0672d04
Support for magnet links in description.
2013-02-27 15:49:32 +01:00
Sébastien SAUVAGE
64bf914aea
Corrected bug in cache purge.
2013-02-26 16:03:47 +01:00
Sébastien SAUVAGE
543e0c7b56
Typo correction.
2013-02-26 15:01:15 +01:00
Sébastien SAUVAGE
2d9fab88be
Login problem correction
...
This corrects the session problem with some browsers when Shaarli is
hosted on a sub-domain. Please tell me if this corrects login problems
if you had one.
2013-02-26 14:47:47 +01:00
Sébastien SAUVAGE
450342737c
Initial commit (version 0.0.40 beta)
2013-02-26 10:09:41 +01:00