787faa42f3
Take code review into account
...
Upgrade web-thumbnailer and display thumbs right after download
2018-07-05 20:34:22 +02:00
e85b7a05a1
Update thumbnail integration after rebasing the branch
2018-07-05 20:31:35 +02:00
a3724717ec
ConfigManager: add a method to remove an entry
2018-07-05 20:31:35 +02:00
1b93137e16
Use web-thumbnailer to retrieve thumbnails
...
* requires PHP 5.6
* use blazy on linklist since a lot more thumbs are retrieved
* thumbnails can be disabled
* thumbs size is now 120x120
* thumbs are now cropped to fit the expected size
Fixes #345 #425 #487 #543 #588 #590
2018-07-05 20:31:35 +02:00
d3f42ca487
Implements Tags endpoints for Shaarli's REST API
...
Endpoints:
* List All Tags [GET]
* Get a tag [GET]
* Update a tag [PUT]
* Delete a tag [DELETE]
Fixes #904
References shaarli/api-documentation#34
2018-06-04 18:51:22 +02:00
17e45b2e9c
Merge pull request #1143 from ArthurHoaro/sort-equal-tags
...
Fix order of tags with the same number of occurrences
2018-06-04 18:34:50 +02:00
8edd7f1588
SessionManager+LoginManager: fix checkLoginState logic
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
704637bfeb
Add test coverage for LoginManager methods
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:26 +02:00
ebf6151738
SessionManager: remove unused UID token
...
There already are dedicated tokens for:
- CSRF protection
- user stay-signed-in feature, via cookie
This token was most likely intended as a randomly generated,
server-side, secret key to be used when generating hashes.
See http://sebsauvage.net/wiki/doku.php?id=php:session [FR]
Relevant section:
Une clé secrète unique aléatoire est générée côté serveur (et jamais
envoyée). Elle peut servir pour signer les formulaires (HMAC) ou
générer des token de formulaires (protection contre XSRF).
Voir $_SESSION['uid'].
Translation:
A unique, server-side secret key is randomly generated (and never
transmitted). It can be used to sign forms (HMAC) or generate form
tokens (protection against XSRF).
See $_SESSION['uid']
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
c689e10863
Refactor LoginManager stay-signed-in token management
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
51f0128cdb
Refactor session and cookie timeout control
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
fab87c2696
Move LoginManager and SessionManager to the Security namespace
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
68dcaccfa4
LoginManager: remove unused parameter
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
89ccc83ba4
Login: update PageBuilder and default/vintage templates
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
8474208474
Pass the client IP ID to LoginManager
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
c7721487b2
Delegate session operations to SessionManager
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:45:54 +02:00
1b28c66cc7
Document LoginManager properties
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-05-29 22:53:54 +02:00
63ea23c2a6
Refactor user credential validation at login time
...
Changed:
- move login/password verification to LoginManager
- code cleanup
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-05-29 22:53:54 +02:00
49f1832316
Refactor PHP session handling during login/logout
...
Changed:
- move $_SESSION handling to SessionManager
- code cleanup
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-05-29 22:53:54 +02:00
db45a36a53
Refactor SessionManager::$INACTIVITY_TIMEOUT
...
Changed:
- move INACTIVITY_TIMEOUT to SessionManager
- inject a dependency to a SessionManager instance in:
- fillSessionInfo()
- setup_login_state()
- check_auth()
- cleanup related code and comments
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-05-29 22:53:54 +02:00
88110550b8
Refactor client session hijacking protection
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-05-29 22:53:54 +02:00
f8c5660df8
Tag sort - UT + comment + fix filter and visibility
...
Before this, linksCountPerTag call without would have ignored visibility parameter
2018-05-29 20:52:30 +02:00
f28396a2f8
Fix order of tags with the same number of occurrences
...
Fixes #1142
2018-05-19 15:47:55 +02:00
a1b727efb7
Support redirection in cURL download callback
2018-05-01 16:44:51 +02:00
7ca124079e
German language created ( #1114 )
...
* Added german language selection
* German language file created
* typo
* extra space removed and typo corrected
* lines 1314 through 1408 removed as suggested
2018-04-15 14:53:09 +02:00
9b2bd66fb6
Merge pull request #1093 from ArthurHoaro/feature/theme-translation
...
Load theme translations files automatically
2018-03-26 20:26:10 +02:00
68c6afc56f
Load theme translations files automatically
...
Fixes #1077
Take a look at the docs update to see how it works
2018-03-26 19:20:25 +02:00
4294bc7b98
Merge pull request #1096 from ArthurHoaro/feature/download-params
...
Make max download size and timeout configurable
2018-03-13 18:02:49 +01:00
4ff3ed1c47
Make max download size and timeout configurable
...
Fixes #1061
2018-03-07 23:03:21 +01:00
d2d4f993e1
PSR: use elseif instead of else if
...
See https://www.php-fig.org/psr/psr-2/\#51-if-elseif-else
2018-02-28 22:34:40 +01:00
bc4a0a672c
Merge pull request #1092 from ArthurHoaro/fix/scuttle-doctype-case
...
Ignore the case while checking DOCTYPE during the file import
2018-02-24 13:29:11 +01:00
980efd6cf8
Use a specific page title in all pages
...
Also fixed a few French translation issues
Fixes #954 #955
2018-02-24 12:48:49 +01:00
3ff1ce47bc
Ignore the case while checking DOCTYPE during the file import
...
Fixes #1091
2018-02-23 20:34:06 +01:00
d923d1db2f
Merge remote-tracking branch 'github/latest' into myShaarli_commu
2018-02-09 16:10:09 +01:00
ba04c60849
Fix markdown editor with myShaarli plugin
2018-02-09 15:56:22 +01:00
44acf70681
Refactor login / ban authentication steps
...
Relates to https://github.com/shaarli/Shaarli/issues/324
Added:
- Add the `LoginManager` class to manage logins and bans
Changed:
- Refactor IP ban management
- Simplify logic
- Avoid using globals, inject dependencies
Fixed:
- Use `ban_duration` instead of `ban_after` when setting a new ban
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-02-05 18:12:09 +01:00
bc3ce7ec2a
Merge pull request #1038 from ArthurHoaro/feature/public-only-filter
...
Add a filter to only display public links
2018-02-02 19:22:37 +01:00
28df9fa4f7
INTL_IDNA_VARIANT_2003 is deprecated
...
See https://wiki.php.net/rfc/deprecate-and-remove-intl_idna_variant_2003
2018-02-02 19:15:47 +01:00
b7c412d4d0
Use LC_COLLATE instead of LC_MESSAGES if php-intl is not installed
...
As stated in the docs:
> LC_MESSAGES for system responses (available if PHP was compiled with libintl)
Fixes #1067
2018-01-31 12:39:17 +01:00
cb4ddbe4e7
Fix warnings when upgrading from legacy SebSauvage version
...
Fixes #1040
2018-01-25 19:55:31 +01:00
d2f6d909e5
Public/private filter: use two separate buttons
...
#1038
2018-01-24 18:46:31 +01:00
d449f79a0d
Merge pull request #977 from ArthurHoaro/feature/dl-filter
...
Extract the title/charset during page download, and check content type
2018-01-23 18:41:38 +01:00
9d4736a3e9
Add a filter to only display public links
...
When the key filter is clicked once, it only displays private link. When it is clicked on again, it becomes red and only public links are displayed. Another click and all links are displayed. The current visibility status is shown in the search banner
Fixes #1030
2017-12-16 14:32:56 +01:00
101b935de4
Merge pull request #1025 from ArthurHoaro/hotfix/proxy-443
...
Force HTTPS if the original port is 443 behind a reverse proxy
2017-12-03 12:46:43 +01:00
8e9fc6f6e6
Force HTTPS if the original port is 443 behind a reverse proxy
...
Fixes #1022
2017-12-02 15:24:35 +01:00
877491b4ad
Merge pull request #1020 from ArthurHoaro/feature/curl-chunk
...
Increase buffer size for cURL download
2017-11-26 11:34:44 +01:00
d9514becc4
Merge pull request #1016 from virtualtam/refactor/session
...
Improve SessionManager constructor and tests
2017-11-24 23:53:15 +01:00
270da70532
Return true after update ReorderDatastore to complete it
2017-11-11 16:51:10 +01:00
91c807d275
Increase buffer size for cURL download
...
1kB chunk size has caused me a lot of trouble with Travis which wasn't completing the download
2017-11-11 16:49:57 +01:00
dd883aaf09
Improve SessionManager constructor and tests
...
Relates to https://github.com/shaarli/Shaarli/pull/1005
Changed:
- pass a copy of the ConfigManager instance instead of a reference
- move FakeConfigManager to a dedicated file
- update tests
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-11-08 20:26:03 +01:00
fd08b50a80
Don't URL encode description links if parameter 'redirector.encode_url' is set to false
2017-11-07 20:23:58 +01:00
d65342e304
Extract the title/charset during page download, and check content type
...
Use CURLOPT_WRITEFUNCTION to check the response code and content type (only allow HTML).
Also extract the title and charset during downloading chunk of data, and stop it when everything has been extracted.
Closes #579
2017-10-28 14:35:49 +02:00
0926d26390
Merge pull request #962 from ArthurHoaro/feature/perfs2
...
Performances: reorder links when they're written instead of read
2017-10-28 12:44:44 +02:00
fd7d84616d
Move session ID check to SessionManager
...
Relates to https://github.com/shaarli/Shaarli/issues/324
Changed:
- `is_session_id_valid()` -> `SessionManager::checkId()`
- update tests
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-10-22 19:54:44 +02:00
ebd650c06c
Refactor session token management
...
Relates to https://github.com/shaarli/Shaarli/issues/324
Added:
- `SessionManager` class to group session-related features
- unit tests
Changed:
- `getToken()` -> `SessionManager->generateToken()`
- `tokenOk()` -> `SessionManager->checkToken()`
- inject a `$token` parameter to `PageBuilder`'s constructor
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-10-22 19:19:46 +02:00
6a65bc5798
Translations : Working demo example of translation extension
2017-10-22 13:16:56 +02:00
f39580c6fd
Add language selection in the configure page of the default theme
2017-10-22 13:16:53 +02:00
12266213d0
Shaarli's translation
...
* translation system and unit tests
* Translations everywhere
Dont use translation merge
It is not available with PHP builtin gettext, so it would have lead to inconsistency.
2017-10-22 12:55:03 +02:00
66e74d50d3
Don't write History for link import
...
With large imports it has a large impact on performances and isn't really useful.
Instead, write an IMPORT event, which let client using the history service resync its DB.
-> 15k link import done in 6 seconds.
Fixes #985
2017-10-07 16:40:16 +02:00
c8d96b4729
Merge pull request #979 from ArthurHoaro/feature/assets-cache-version
...
Add a version hash for asset loading to prevent browser's cache issue
2017-10-06 14:32:07 +02:00
722caa2090
Allow setting of a default note title, see #963
2017-10-01 14:19:57 +02:00
b3e1f92e9c
Rename shaarli_version constant to uppercase
2017-10-01 11:11:16 +02:00
bfe4f536bb
Add a version hash for asset loading to prevent browser's cache issue
...
The hash is generated using the same salt as the one used for credentials (1 salt per instance) in order to avoid exposing the instance version.
Fixes #965
2017-10-01 11:10:37 +02:00
3512f44617
Merge pull request #976 from ArthurHoaro/hotfix/url-parentheses
...
Fix parsing for description links with parentheses
2017-09-30 14:25:53 +02:00
7c670b39a2
Merge pull request #975 from virtualtam/robustness
...
Improve robustness for zlib and file operations
2017-09-30 10:56:56 +02:00
601faf9751
Fix parsing for description links with parentheses
...
With markdown plugin disabled
relates to #966
2017-09-29 18:52:38 +02:00
a59bbf50d7
Merge pull request #947 from thewilli/wildcardsearch
...
wildcard tag search support
2017-09-29 18:38:02 +02:00
8c322aaba1
Robustness: safer gzinflate/zlib usage
...
Relates to https://github.com/shaarli/Shaarli/pull/846
PHP's `gzinflate()` fails with an error when being passed an empty string
See:
- https://bugs.php.net/bug.php?id=71395
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-09-28 21:59:36 +02:00
e4325b1517
Robustness: safer RainTPL directory handling
...
Relates to https://github.com/shaarli/Shaarli/issues/845
Relates to https://github.com/shaarli/Shaarli/issues/846
Relates to https://github.com/shaarli/Shaarli/pull/909
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-09-28 21:57:20 +02:00
27e21231e1
added option to redirect all anonymous users to login page
...
- new setting *force_login* added and documented
- if both, *force_login* and *hide_public_links* are set to true, all requests
(except for the feeds) are redirected to the login page
2017-09-03 11:46:49 +02:00
9ec0a61156
Performances: reorder links when they're written instead of read
...
relates to #891
2017-09-02 15:10:44 +02:00
96a1c79456
Merge pull request #939 from ArthurHoaro/hotfix/firefox-social-title
...
Firefox Social title: Use document.title instead of RainTPL variable
2017-09-02 13:54:38 +02:00
a3130d2c2f
Make work behind a reverse proxy
...
Without HTTP_X_FORWARDED_PORT check, might be set to false even though the user is using HTTPS, thus disabling Firefox Social block display
2017-09-02 13:50:49 +02:00
341527bae9
wildcard tag search support
...
- when searching for tags you can now include '*' as wildcard placeholder
- new search reduces overall overhead when filtering for tags
- fixed combination with description tag search ('#' prefix)
- tests added
2017-08-30 13:20:22 +02:00
e4ed3a46b7
Merge pull request #944 from thewilli/configure-rememberme
...
new setting: default value for 'remember me' checkbox
2017-08-27 16:36:53 +02:00
2e07e77573
new setting: default value for 'remember me' checkbox
...
- the default state for the login page's 'remember me' checkbox can now be configured
- adapted the default and vintage theme to consider the new setting
- added documentation for the new setting
2017-08-27 16:03:37 +02:00
cc8f572bc0
migrated Github wiki links to readthedocs
2017-08-26 09:40:57 +02:00
1fdb40fc16
Merge pull request #887 from ArthurHoaro/hotfix/dash-tag-rename
...
Make sure that the tag exists before altering/removing it
2017-08-05 09:59:03 +02:00
3b67b22225
Move tag renaming code to LinkDB and unit test it
2017-08-05 09:55:20 +02:00
f09e1e318e
Merge pull request #889 from Lucas-C/master
...
Using only one form in linklist.html - fix #885
2017-08-03 16:27:59 +02:00
f210d94f71
Using only one form in linklist.html + adding untaggedonly filter - fix #885
2017-07-30 16:19:34 +02:00
b80315e238
Respect HTTP_X_FORWARDED_HOST
...
alongside _PORT and _PROTO
Fixes #879
2017-07-08 00:01:03 +00:00
ac94db1e36
Merge pull request #880 from ArthurHoaro/hotfix/allowed-protocols
...
Add a whitelist of protocols for URLs
2017-05-31 17:52:19 +02:00
3e395a6bc6
Merge pull request #841 from ArthurHoaro/feature/search-no-tag
...
Empty tag search will look for not tagged links
2017-05-25 15:54:20 +02:00
7d86f40bdb
Empty tag search will look for not tagged links
...
Fixes #784
From now, searching for tags with an empty value will return only not tagged links,
with the search bar showing `x results [not tagged]`.
Note that using the api, the searchtags request parameter must be set to `false` to get the same result.
- [ ] Update API doc
2017-05-25 15:51:12 +02:00
aa4797ba36
Adds a taglist view with edit/delete buttons
...
* The tag list can be sort alphabetically or by most used tag
* Edit/Delete are perform using AJAX, or fallback to 'do=changetag' page
* New features aren't backported to vintage theme
2017-05-25 15:25:04 +02:00
986a521067
Add an endpoint to refresh the token
...
Useful for AJAX requests which burns the token
2017-05-25 15:05:23 +02:00
86ceea054f
Add a whitelist of protocols for URLs
...
- for Shaare
- for markdown description links and images
Not whitelisted protocols will be replaced by `http://`
2017-05-25 14:58:34 +02:00
6ccd0b218f
Adding ability to display subtags in tagcloud
2017-05-24 13:09:35 +02:00
845810a8d3
Use the new 'default' theme... as default
...
Fixes #866
2017-05-09 18:22:31 +02:00
a9fe41a818
Merge pull request #862 from ArthurHoaro/theme/tags-everywhere
...
Inject tag list everywhere to make autocomplete work on the fixed search bar
2017-05-07 18:39:25 +02:00
3108f2a800
Merge pull request #861 from ArthurHoaro/hotfix/import-shorturl-override
...
Fix a bug happening when importing links with override option
2017-05-07 18:38:55 +02:00
73c8962654
Inject tag list everywhere to make autocomplete work on the fixed search bar
2017-05-07 18:21:38 +02:00
28794b69cb
Fix a bug happening when importing links with override option
...
The shorturl would be set to null, generating a lot of warnings and breaking permalinks
2017-05-07 18:02:49 +02:00
6bc90f50af
History: fix entries order
2017-05-07 17:11:25 +02:00
57ce6dae5d
Reset the history file due to datetime format change
2017-05-07 17:11:25 +02:00
813849e521
Add history entries for API endpoint
...
CHANGED: datetime is now store as an object in history store file
2017-05-07 17:11:22 +02:00
61d406933e
API: Get History endpoint
...
See http://shaarli.github.io/api-documentation/#links-history-get
2017-05-07 16:03:40 +02:00
b8fcb7d440
Merge pull request #856 from ArthurHoaro/api/delete-link
...
API: add DELETE endpoint
2017-05-07 16:02:14 +02:00
0843848c1d
API: add DELETE endpoint
...
Based on #840
See http://shaarli.github.io/api-documentation/\#links-link-delete
2017-05-07 15:58:49 +02:00
ArthurHoaro
VirtualTam
Buster One
Knah Tsaeb
VirtualTam
Mark Gerarts
Willi Eggeling
Willi Eggeling
Lucas Cimon
Stephen Muth