Knah-Tsaeb
/
MyShaarli
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,842 Commits 8 Branches 1 Tag 9.7 MiB
Commit Graph

484 Commits

Author SHA1 Message Date
ArthurHoaro b302b3c584 Thumbnails: add a common mode to only retrieve thumbs from popular media websites 2018-07-05 20:34:22 +02:00
ArthurHoaro 28f2652460 Add a page to update all thumbnails through AJAX requests in both templates 2018-07-05 20:34:22 +02:00
ArthurHoaro 787faa42f3 Take code review into account 
Upgrade web-thumbnailer and display thumbs right after download
 2018-07-05 20:34:22 +02:00
ArthurHoaro e85b7a05a1 Update thumbnail integration after rebasing the branch 2018-07-05 20:31:35 +02:00
ArthurHoaro 1b93137e16 Use web-thumbnailer to retrieve thumbnails 
* requires PHP 5.6
  * use blazy on linklist since a lot more thumbs are retrieved
  * thumbnails can be disabled
  * thumbs size is now 120x120
  * thumbs are now cropped to fit the expected size

Fixes #345 #425 #487 #543 #588 #590
 2018-07-05 20:31:35 +02:00
VirtualTam 87f1431247 Fix broken documentation links and list formatting 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-06-26 22:22:33 +02:00
ArthurHoaro cad4251ad7 Fixes an error during the install 
was out of scope
 2018-06-07 19:58:58 +02:00
ArthurHoaro d3f42ca487 Implements Tags endpoints for Shaarli's REST API 
Endpoints:

 * List All Tags [GET]
 * Get a tag [GET]
 * Update a tag [PUT]
 * Delete a tag [DELETE]

Fixes #904
References shaarli/api-documentation#34
 2018-06-04 18:51:22 +02:00
VirtualTam c689e10863 Refactor LoginManager stay-signed-in token management 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-06-02 16:46:06 +02:00
VirtualTam 51f0128cdb Refactor session and cookie timeout control 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-06-02 16:46:06 +02:00
VirtualTam fab87c2696 Move LoginManager and SessionManager to the Security namespace 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-06-02 16:46:06 +02:00
VirtualTam 68dcaccfa4 LoginManager: remove unused parameter 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-06-02 16:46:06 +02:00
VirtualTam 89ccc83ba4 Login: update PageBuilder and default/vintage templates 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-06-02 16:46:06 +02:00
VirtualTam 8474208474 Pass the client IP ID to LoginManager 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-06-02 16:46:06 +02:00
VirtualTam 63ea23c2a6 Refactor user credential validation at login time 
Changed:
- move login/password verification to LoginManager
- code cleanup

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-05-29 22:53:54 +02:00
VirtualTam 49f1832316 Refactor PHP session handling during login/logout 
Changed:
- move $_SESSION handling to SessionManager
- code cleanup

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-05-29 22:53:54 +02:00
VirtualTam db45a36a53 Refactor SessionManager::$INACTIVITY_TIMEOUT 
Changed:
- move INACTIVITY_TIMEOUT to SessionManager
- inject a dependency to a SessionManager instance in:
  - fillSessionInfo()
  - setup_login_state()
  - check_auth()
- cleanup related code and comments

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-05-29 22:53:54 +02:00
VirtualTam 88110550b8 Refactor client session hijacking protection 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-05-29 22:53:54 +02:00
ArthurHoaro 8d2cac1be6 Fix parameter order which was preventing max_dl parameter to work properly 2018-05-01 16:40:08 +02:00
ArthurHoaro 15410df113 Fix warning when trying to save redictor setting from the configure page 
It has been removed from the web page.

Fixes #1099
 2018-03-13 18:11:58 +01:00
ArthurHoaro 4294bc7b98
Merge pull request #1096 from ArthurHoaro/feature/download-params 
Make max download size and timeout configurable
 2018-03-13 18:02:49 +01:00
Knah Tsaeb cdc426d560 Fix picwall 2018-03-12 16:57:33 +01:00
ArthurHoaro 4ff3ed1c47 Make max download size and timeout configurable 
Fixes #1061
 2018-03-07 23:03:21 +01:00
ArthurHoaro d2d4f993e1 PSR: use elseif instead of else if 
See https://www.php-fig.org/psr/psr-2/\#51-if-elseif-else
 2018-02-28 22:34:40 +01:00
ArthurHoaro 980efd6cf8 Use a specific page title in all pages 
Also fixed a few French translation issues

Fixes #954 #955
 2018-02-24 12:48:49 +01:00
Knah Tsaeb d923d1db2f Merge remote-tracking branch 'github/latest' into myShaarli_commu 2018-02-09 16:10:09 +01:00
Knah Tsaeb ba04c60849 Fix markdown editor with myShaarli plugin 2018-02-09 15:56:22 +01:00
VirtualTam 44acf70681 Refactor login / ban authentication steps 
Relates to https://github.com/shaarli/Shaarli/issues/324

Added:
- Add the `LoginManager` class to manage logins and bans

Changed:
- Refactor IP ban management
- Simplify logic
- Avoid using globals, inject dependencies

Fixed:
- Use `ban_duration` instead of `ban_after` when setting a new ban

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-02-05 18:12:09 +01:00
ArthurHoaro a381c373b3
Merge pull request #1074 from kalvn/feature/dailymarkdown 
Executes daily hooks before creating columns.
 2018-02-02 19:23:26 +01:00
ArthurHoaro bc3ce7ec2a
Merge pull request #1038 from ArthurHoaro/feature/public-only-filter 
Add a filter to only display public links
 2018-02-02 19:22:37 +01:00
kalvn 50142efd1b Executes daily hooks before creating columns. 2018-02-01 13:16:58 +01:00
ArthurHoaro b7c412d4d0 Use LC_COLLATE instead of LC_MESSAGES if php-intl is not installed 
As stated in the docs:

> LC_MESSAGES for system responses (available if PHP was compiled with libintl)

Fixes #1067
 2018-01-31 12:39:17 +01:00
ArthurHoaro d2f6d909e5 Public/private filter: use two separate buttons 
#1038
 2018-01-24 18:46:31 +01:00
ArthurHoaro d449f79a0d
Merge pull request #977 from ArthurHoaro/feature/dl-filter 
Extract the title/charset during page download, and check content type
 2018-01-23 18:41:38 +01:00
VirtualTam 65c002ca18 Fix XSS vulnerability 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-01-04 15:53:48 +01:00
ArthurHoaro 9d4736a3e9 Add a filter to only display public links 
When the key filter is clicked once, it only displays private link. When it is clicked on again, it becomes red and only public links are displayed. Another click and all links are displayed. The current visibility status is shown in the search banner

Fixes #1030
 2017-12-16 14:32:56 +01:00
ArthurHoaro fd08b50a80 Don't URL encode description links if parameter 'redirector.encode_url' is set to false 2017-11-07 20:23:58 +01:00
ArthurHoaro d65342e304 Extract the title/charset during page download, and check content type 
Use CURLOPT_WRITEFUNCTION to check the response code and content type (only allow HTML).
Also extract the title and charset during downloading chunk of data, and stop it when everything has been extracted.

Closes #579
 2017-10-28 14:35:49 +02:00
VirtualTam fd7d84616d Move session ID check to SessionManager 
Relates to https://github.com/shaarli/Shaarli/issues/324

Changed:
- `is_session_id_valid()` -> `SessionManager::checkId()`
- update tests

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2017-10-22 19:54:44 +02:00
VirtualTam ebd650c06c Refactor session token management 
Relates to https://github.com/shaarli/Shaarli/issues/324

Added:
- `SessionManager` class to group session-related features
- unit tests

Changed:
- `getToken()` -> `SessionManager->generateToken()`
- `tokenOk()` -> `SessionManager->checkToken()`
- inject a `$token` parameter to `PageBuilder`'s constructor

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2017-10-22 19:19:46 +02:00
ArthurHoaro f39580c6fd Add language selection in the configure page of the default theme 2017-10-22 13:16:53 +02:00
ArthurHoaro 12266213d0 Shaarli's translation 
* translation system and unit tests
 * Translations everywhere

Dont use translation merge

It is not available with PHP builtin gettext, so it would have lead to inconsistency.
 2017-10-22 12:55:03 +02:00
ArthurHoaro be9ddff2fb Merge pull request #987 from ArthurHoaro/hotfix/security-issue 
Fix security issue reported by @chb9
 2017-10-07 11:33:20 +02:00
ArthurHoaro d14555a3df Fix security issue reported by @chbi 
Vulnerability introduced by 6ccd0b218f - release with Shaarli v0.9.1.
 2017-10-07 11:27:44 +02:00
VirtualTam c8d96b4729 Merge pull request #979 from ArthurHoaro/feature/assets-cache-version 
Add a version hash for asset loading to prevent browser's cache issue
 2017-10-06 14:32:07 +02:00
Mark Gerarts 722caa2090 Allow setting of a default note title, see #963 2017-10-01 14:19:57 +02:00
ArthurHoaro b3e1f92e9c Rename shaarli_version constant to uppercase 2017-10-01 11:11:16 +02:00
Willi Eggeling 27e21231e1 added option to redirect all anonymous users to login page 
- new setting *force_login* added and documented
- if both, *force_login* and *hide_public_links* are set to true, all requests
  (except for the feeds) are redirected to the login page
 2017-09-03 11:46:49 +02:00
ArthurHoaro 96a1c79456 Merge pull request #939 from ArthurHoaro/hotfix/firefox-social-title 
Firefox Social title: Use document.title instead of RainTPL variable
 2017-09-02 13:54:38 +02:00
ArthurHoaro a3130d2c2f Make work behind a reverse proxy 
Without HTTP_X_FORWARDED_PORT check,  might be set to false even though the user is using HTTPS, thus disabling Firefox Social block display
 2017-09-02 13:50:49 +02:00
ArthurHoaro 87d019986e Merge pull request #950 from thewilli/delete-fix 
fixed link deletion
 2017-09-01 18:25:44 +02:00
ArthurHoaro c5f5365ae6 Merge pull request #951 from thewilli/fix-daily 
fixed daily links if there are no links
 2017-09-01 18:25:09 +02:00
Willi Eggeling a74f52a8d2 fixed link deletion 
When deleting links, the js of the default theme separated ids by an escaped space ('+').
There was a trailing '+' after the ids which led to the php code detecting multiple values
even for single values. In combination with the id '0' this could led to no id found at all
and a resulting php error.

this commit fixes the behavior and adds an additional error handling and trimming to the php code.
 2017-08-30 12:54:58 +02:00
Willi Eggeling 5a0045be79 fixed daily links if there are no links 
- the previous code tried to use links from a previous day if there are no one for the current one
- the new code skips this part if there are no entries (i.e. days) at all
- modified showDaily() to fit PSR-1 and PSR-2
 2017-08-30 12:42:58 +02:00
VirtualTam e4ed3a46b7 Merge pull request #944 from thewilli/configure-rememberme 
new setting: default value for 'remember me' checkbox
 2017-08-27 16:36:53 +02:00
Willi Eggeling 2e07e77573 new setting: default value for 'remember me' checkbox 
- the default state for the login page's 'remember me' checkbox can now be configured
- adapted the default and vintage theme to consider the new setting
- added documentation for the new setting
 2017-08-27 16:03:37 +02:00
VirtualTam fc27141cf6 Merge pull request #940 from ArthurHoaro/hotfix/empty-urls 
Generates a permalink URL if the URL is set to blank
 2017-08-27 13:15:43 +02:00
VirtualTam e8cef3ac43 Merge pull request #942 from thewilli/fix-wiki-links 
migrated Github wiki links to readthedocs
 2017-08-27 13:12:58 +02:00
Willi Eggeling a544b113f2 code clean: cookie expiration 
- unified code style (spaces around operators)
- prevented expiration time to be calculated twice
- replaced tabs with spaces
 2017-08-26 23:51:38 +02:00
Willi Eggeling 94c035ff71 removed doc and code references to magic quotes 
- removed all references to magic quotes
- magic quotes are not supported on PHP >= 5.4 (https://secure.php.net/manual/en/security.magicquotes.php)
- Shaarli does not support PHP < 5.5
 2017-08-26 11:27:18 +02:00
Willi Eggeling cc8f572bc0 migrated Github wiki links to readthedocs 2017-08-26 09:40:57 +02:00
ArthurHoaro c27f2f36f2 Generates a permalinks URL if the URL is set to blank 
Fixes #926
 2017-08-25 20:08:07 +02:00
ArthurHoaro f32ec5fb3c Sort tag cloud in alphabetical order 
Fixes #932
 2017-08-25 19:25:09 +02:00
ArthurHoaro c4925c1f66 Fix untagged only button 2017-08-19 17:41:56 +02:00
Lucas Cimon d1b69e6af1 Adding missing empty() as spotted in #889 code review 2017-08-06 21:26:37 +02:00
ArthurHoaro 1fdb40fc16 Merge pull request #887 from ArthurHoaro/hotfix/dash-tag-rename 
Make sure that the tag exists before altering/removing it
 2017-08-05 09:59:03 +02:00
ArthurHoaro 3b67b22225 Move tag renaming code to LinkDB and unit test it 2017-08-05 09:55:20 +02:00
Lucas Cimon f210d94f71 Using only one form in linklist.html + adding untaggedonly filter - fix #885 2017-07-30 16:19:34 +02:00
Lucas Cimon 49cc8e5d74 Tagcloud/list improvments 2017-06-09 10:58:12 +02:00
ArthurHoaro d99aef535f Refactoring of CHANGETAG part to avoid duplicated code 2017-05-31 18:36:35 +02:00
ArthurHoaro 4c970f099f Make sure that the tag exists before altering/removing it 
Fixes #886
 2017-05-31 18:24:21 +02:00
ArthurHoaro 5c6fac0bfc Merge pull request #882 from ArthurHoaro/feature/edit-timestamp 
Add creation date when editing a link
 2017-05-31 17:54:46 +02:00
ArthurHoaro ac94db1e36 Merge pull request #880 from ArthurHoaro/hotfix/allowed-protocols 
Add a whitelist of protocols for URLs
 2017-05-31 17:52:19 +02:00
ArthurHoaro 807cade64c Add creation date when editing a link 
Also, alter the title on edition

Fixes #431
 2017-05-31 17:50:11 +02:00
ArthurHoaro 3e395a6bc6 Merge pull request #841 from ArthurHoaro/feature/search-no-tag 
Empty tag search will look for not tagged links
 2017-05-25 15:54:20 +02:00
ArthurHoaro 7d86f40bdb Empty tag search will look for not tagged links 
Fixes #784

From now, searching for tags with an empty value will return only not tagged links,
with the search bar showing `x results [not tagged]`.

Note that using the api, the searchtags request parameter must be set to `false` to get the same result.

  - [ ] Update API doc
 2017-05-25 15:51:12 +02:00
ArthurHoaro aa4797ba36 Adds a taglist view with edit/delete buttons 
* The tag list can be sort alphabetically or by most used tag
  * Edit/Delete are perform using AJAX, or fallback to 'do=changetag' page
  * New features aren't backported to vintage theme
 2017-05-25 15:25:04 +02:00
ArthurHoaro 5893529cf4 Move tagcloud template file to tag.cloud 2017-05-25 15:05:24 +02:00
ArthurHoaro 986a521067 Add an endpoint to refresh the token 
Useful for AJAX requests which burns the token
 2017-05-25 15:05:23 +02:00
ArthurHoaro 8b27824338 Merge pull request #819 from ArthurHoaro/feature/multi-delete 
Bulk deletion
 2017-05-25 15:03:32 +02:00
ArthurHoaro 86ceea054f Add a whitelist of protocols for URLs 
- for Shaare
 - for markdown description links and images

Not whitelisted protocols will be replaced by `http://`
 2017-05-25 14:58:34 +02:00
Lucas Cimon 6ccd0b218f Adding ability to display subtags in tagcloud 2017-05-24 13:09:35 +02:00
ArthurHoaro 033cf2a1e5 PubSubHub: remove dead code 2017-05-09 18:26:34 +02:00
ArthurHoaro 29a837f347 Bulk deletion 
* Add a checkboxes in linklist which display a sub-header containing action buttons
  * Strongly rely on JS
  * Requires a modern browser (ES6 syntax support)
  * Checkboxes are hidden if the browser is old or JS disabled
 2017-05-08 14:27:20 +02:00
ArthurHoaro 73c8962654 Inject tag list everywhere to make autocomplete work on the fixed search bar 2017-05-07 18:21:38 +02:00
ArthurHoaro b86aeccf6a Add settings history only when they're updated 2017-05-07 17:11:25 +02:00
ArthurHoaro 813849e521 Add history entries for API endpoint 
CHANGED: datetime is now store as an object in history store file
 2017-05-07 17:11:22 +02:00
ArthurHoaro 61d406933e API: Get History endpoint 
See http://shaarli.github.io/api-documentation/#links-history-get
 2017-05-07 16:03:40 +02:00
ArthurHoaro b8fcb7d440 Merge pull request #856 from ArthurHoaro/api/delete-link 
API: add DELETE endpoint
 2017-05-07 16:02:14 +02:00
ArthurHoaro 0843848c1d API: add DELETE endpoint 
Based on #840

See http://shaarli.github.io/api-documentation/\#links-link-delete
 2017-05-07 15:58:49 +02:00
ArthurHoaro 77de24876f Merge pull request #840 from ArthurHoaro/api/putLink 
REST API: implement PUT method
 2017-05-07 15:55:38 +02:00
ArthurHoaro cf9181dddf REST API: implement PUT method 
* Related to #609
  * Documentation: http://shaarli.github.io/api-documentation/#links-link-put
 2017-05-07 15:49:16 +02:00
ArthurHoaro f9ff7f1b69 Merge pull request #764 from ArthurHoaro/feature/history 
History mechanism
 2017-05-06 17:12:06 +02:00
ArthurHoaro 4c7045229c Merge pull request #830 from ArthurHoaro/theme/timezone 
Change timezone data structure send to the templates
 2017-04-25 19:09:13 +02:00
ArthurHoaro 6a19124a09 Use raw bytes for upload size hidden input 2017-04-10 20:01:10 +02:00
ArthurHoaro ae3aa96898 Change timezone data structure send to the templates 
The goal of this is to be able to adapt the timezone form
in template without hacking the HTML already rendered.

  * there are two arrays available:
    * `continents` which contains only a list of available continents
    * `cities` which contains a list of available timezone cities, associated with their continent

Note: there are two distinct array because RainTPL doesn't support nested loop very well.
 2017-04-03 19:24:55 +02:00
ArthurHoaro 84315a3bad Fix a warning generated in return_bytes function and refactor it 
It was multiplying a string containing a letter.

Moved function to Utils.php and display a human readable limit size
 2017-04-03 18:53:43 +02:00
ArthurHoaro 4b385d6c34 Merge pull request #742 from ArthurHoaro/api/postLink 
REST API: implement POST link service
 2017-04-01 10:02:03 +02:00
ArthurHoaro e96be632f5 Merge pull request #839 from ArthurHoaro/theme/daily-page-title 
Display daily date in the page title (browser title)
 2017-03-29 18:38:52 +02:00
ArthurHoaro 935222b8b2 Display daily date in the page title (browser title) 
Fixes #211
Depends on #838
 2017-03-28 20:51:11 +02:00