Commit graph

2668 commits

Author SHA1 Message Date
VirtualTam
460cf03d67 httpd: always forward the 'Authorization' header
On some Apache HTTPD setups where the CGI/FastCGI mode is used, the HTTP header
containing the JWT token is not forwarded, which results in the following error
when attempting to use the REST API:

  "401 Not authorized: JWT token not provided"

This patch allows forwarding the 'Authorization' header. An alternative would
be to use the `CGIPassAuth` directive to allow all authorization headers to be
forwarded.

See:
- https://secure.php.net/manual/en/features.http-auth.php#114877
- https://stackoverflow.com/questions/26475885/authorization-header-missing-in-php-post-request
- https://stackoverflow.com/questions/13387516/authorization-header-missing-in-django-rest-framework-is-apache-to-blame
- https://stackoverflow.com/questions/17018586/apache-2-4-php-fpm-and-authorization-headers
- https://httpd.apache.org/docs/2.4/en/mod/core.html#cgipassauth

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-03-22 22:23:41 +01:00
VirtualTam
e54cb1bbe7
Merge pull request #1100 from Angristan/docker-logs
Nginx logs to stdout for Docker images
2018-03-19 22:22:12 +01:00
Dennis Verspuij
b525810c14 Fix removal of on=... attributes from html generated from markdown 2018-03-19 10:01:20 +00:00
ArthurHoaro
60a94dab22
Merge pull request #1102 from ArthurHoaro/fix/settings-warning
Fix warning when trying to save redictor setting from the configure page
2018-03-14 18:25:22 +01:00
ArthurHoaro
15410df113 Fix warning when trying to save redictor setting from the configure page
It has been removed from the web page.

Fixes #1099
2018-03-13 18:11:58 +01:00
ArthurHoaro
4294bc7b98
Merge pull request #1096 from ArthurHoaro/feature/download-params
Make max download size and timeout configurable
2018-03-13 18:02:49 +01:00
cdc426d560 Fix picwall 2018-03-12 16:57:33 +01:00
Angristan
017baf57d5 Nginx logs to stdout for Docker Alpine images 2018-03-11 21:06:14 +01:00
ArthurHoaro
4ff3ed1c47 Make max download size and timeout configurable
Fixes #1061
2018-03-07 23:03:21 +01:00
ArthurHoaro
39ee93925b
Merge pull request #1097 from ArthurHoaro/fix/psr-elseif
PSR: use elseif instead of else if
2018-03-07 21:53:53 +01:00
VirtualTam
a58a8856a8
Merge pull request #1098 from josqu4red/perms-docker-alpine-latest
Fix permission issue introduced with multi-stage build
2018-03-02 16:45:16 +01:00
Jonathan Amiez
ed2de76840 Fix permission issue introduced with multi-stage build 2018-03-02 15:05:48 +01:00
ArthurHoaro
d2d4f993e1 PSR: use elseif instead of else if
See https://www.php-fig.org/psr/psr-2/\#51-if-elseif-else
2018-02-28 22:34:40 +01:00
VirtualTam
b70436373b
Merge pull request #1090 from virtualtam/fix/doxygen
Doxygen: ignore data/, simplify Make target
2018-02-26 23:20:05 +01:00
VirtualTam
ddd3c19f43
Merge pull request #1085 from virtualtam/docker/multi-stage
docker: introduce multi-stage image build (master, latest)
2018-02-24 13:36:55 +01:00
ArthurHoaro
bc4a0a672c
Merge pull request #1092 from ArthurHoaro/fix/scuttle-doctype-case
Ignore the case while checking DOCTYPE during the file import
2018-02-24 13:29:11 +01:00
ArthurHoaro
e746c237cd
Merge pull request #1062 from ArthurHoaro/feature/pages-title
Use a specific page title in all pages
2018-02-24 13:28:30 +01:00
ArthurHoaro
980efd6cf8 Use a specific page title in all pages
Also fixed a few French translation issues

Fixes #954 #955
2018-02-24 12:48:49 +01:00
ArthurHoaro
3ff1ce47bc Ignore the case while checking DOCTYPE during the file import
Fixes #1091
2018-02-23 20:34:06 +01:00
VirtualTam
ba2cff1549 Doxygen: ignore data/, simplify Make target
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-02-23 00:37:03 +01:00
VirtualTam
b9c6589363
Merge pull request #1089 from virtualtam/readme/badges
Update badges for 'stable'
2018-02-22 18:54:32 +01:00
VirtualTam
afaaee7be6 Update badges for 'stable'
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-02-22 18:51:59 +01:00
VirtualTam
2e6b9ed3b9
Merge pull request #1084 from virtualtam/doc/updates
Documentation: cleanup, update references to config(.json)?.php
2018-02-16 01:52:38 +01:00
VirtualTam
3c51135f9a docker: introduce multi-stage image build (master, latest)
Relates to https://github.com/shaarli/Shaarli/issues/755
Relates to https://github.com/shaarli/Shaarli/pull/1072

See:
- https://docs.docker.com/develop/develop-images/multistage-build/
- https://hub.docker.com/r/library/composer/
- https://github.com/composer/docker
- https://github.com/docker-library/docs/tree/master/composer

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-02-14 23:13:05 +01:00
VirtualTam
48679a159e doc: update references to config(.json)?.php
Closes https://github.com/shaarli/Shaarli/issues/1082

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-02-14 22:02:50 +01:00
VirtualTam
4c1bcd8b25 doc: update Directory Structure
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-02-14 21:58:41 +01:00
c111704f8c Auto add link to contact page if contact.php exist 2018-02-13 14:46:06 +01:00
7a4ff2cd78 Add thumbshot key 2018-02-13 11:41:56 +01:00
d923d1db2f Merge remote-tracking branch 'github/latest' into myShaarli_commu 2018-02-09 16:10:09 +01:00
ba04c60849 Fix markdown editor with myShaarli plugin 2018-02-09 15:56:22 +01:00
VirtualTam
8b48e36594
Merge pull request #1059 from virtualtam/fix/htaccess-git
htaccess: prevent accessing resources not managed by SCM
2018-02-05 18:21:59 +01:00
VirtualTam
cabf1b6bec htaccess: prevent accessing resources not managed by SCM
See:
- https://en.internetwache.org/dont-publicly-expose-git-or-how-we-downloaded-your-websites-sourcecode-an-analysis-of-alexas-1m-28-07-2015/
- https://stackoverflow.com/questions/2530372/how-do-i-disable-directory-browsing
- https://httpd.apache.org/docs/current/mod/mod_rewrite.html

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-02-05 18:18:52 +01:00
VirtualTam
91f17fc92a
Merge pull request #1008 from virtualtam/refactor/authentication
Refactor login / ban management
2018-02-05 18:16:32 +01:00
VirtualTam
44acf70681 Refactor login / ban authentication steps
Relates to https://github.com/shaarli/Shaarli/issues/324

Added:
- Add the `LoginManager` class to manage logins and bans

Changed:
- Refactor IP ban management
- Simplify logic
- Avoid using globals, inject dependencies

Fixed:
- Use `ban_duration` instead of `ban_after` when setting a new ban

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-02-05 18:12:09 +01:00
ArthurHoaro
a381c373b3
Merge pull request #1074 from kalvn/feature/dailymarkdown
Executes daily hooks before creating columns.
2018-02-02 19:23:26 +01:00
ArthurHoaro
bc3ce7ec2a
Merge pull request #1038 from ArthurHoaro/feature/public-only-filter
Add a filter to only display public links
2018-02-02 19:22:37 +01:00
ArthurHoaro
17b4baedec
Merge pull request #1003 from ArthurHoaro/ci/php7.2
Drop PHP 5.5 compatibility and run Travis UT against PHP 7.2
2018-02-02 19:20:11 +01:00
ArthurHoaro
28df9fa4f7 INTL_IDNA_VARIANT_2003 is deprecated
See https://wiki.php.net/rfc/deprecate-and-remove-intl_idna_variant_2003
2018-02-02 19:15:47 +01:00
ArthurHoaro
5617dcf9d2 Drop PHP 5.5 compatibility and upgrade PHPUnit to v5.x
PHPUnit 4.x contains deprecated PHP functions in PHP 7.2.
2018-02-02 19:15:47 +01:00
ArthurHoaro
402f58e0ba CI: run UT against PHP 7.2 (currently in Release Candidate) 2018-02-02 19:15:10 +01:00
ArthurHoaro
2c6e9ce465 Release v0.9.5
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEWe5LuNiFNDXAgI8BOzJIyqqwgW4FAlp0qF0ACgkQOzJIyqqw
 gW5u4A//TkhJ47pye6+O4cdsr6rU29Byz+hvSS+YEaTx1JSxsehR+pxJqye6QSpU
 DmFVJ7fkKKuIyDwEY6yI5mz/We4w+MBbASpzKHTxOar1TdZF+aJn+wIU7R971rJ3
 JbtSvd6inGO3v27g4ACy3GgvWffPMDfRMUp1j855PuJ8gP48c1oppZOiQxEuY9A7
 v5YDsrO3TuqZZl0HywH2/thgZap7LrTFVjPNRcT5CoY//t1gSw/aabUnA7Brw0Xn
 Sg6ejLKF2S273hBurZKyQcuPqPyGZP8SuLP0XgSKbh4JG3IX6K+7AIVfLMJZ1U2r
 MgC8NsKL3ZrDRZjCwz2jyOBLn7a/bbQ1isgvrBiLvsrQsf2OoXbraa5UkF+n20ri
 s4jPwRRIjSWzYmUlWLD+7OIb5HsVFPKqNi0uxnYPkXhEQKGWqsnmK7e99IjvkWhK
 QIaym5p/O6aoXIA0aE8tDq/XOM+SdRii9TlmuSHiT+sU7HtGOJ7OTlW7aKRnaoI0
 18ScTYiJfkjicBe0uZfbGoD4rXPXHg6xSV6IG/F9NzTgGmOm7im20oP9sOWSqVmL
 lX4mycWZRx9YfUjDRnZmqPYHKu7sdfPmNbDiXIr93pubIIF+OzY/kYjZunyDTMQz
 Mv8g9mRdZHuhyuP4lBn1T0EeaNWJj2gwekh1h6B8Fbqsf7gwsBU=
 =YmGW
 -----END PGP SIGNATURE-----

Merge tag 'v0.9.5' into latest

Release v0.9.5
2018-02-02 19:11:29 +01:00
ArthurHoaro
91813a3634 Badge 2018-02-02 19:07:31 +01:00
ArthurHoaro
06ca7c102b Bump Shaarli version to v0.9.5
Signed-off-by: ArthurHoaro <arthur@hoa.ro>
2018-02-02 19:04:08 +01:00
ArthurHoaro
5a6161162d Bump Shaarli version to v0.9.4 2018-02-02 19:03:24 +01:00
VirtualTam
5bb7f37139 Bump Shaarli version to v0.9.3
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-02-02 19:03:24 +01:00
ArthurHoaro
033276a8cf Bump Shaarli version to v0.9.2
Signed-off-by: ArthurHoaro <arthur@hoa.ro>
2018-02-02 19:03:24 +01:00
VirtualTam
5c6a45ec94 Bump version to v0.9.1
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-02-02 19:03:24 +01:00
ArthurHoaro
e6faed3477 Fix version file 2018-02-02 19:03:24 +01:00
ArthurHoaro
658573678b Bump version to v0.9.0
Signed-off-by: ArthurHoaro <arthur@hoa.ro>
2018-02-02 19:03:24 +01:00
ArthurHoaro
a3b9b8c4ff
Merge pull request #1076 from ArthurHoaro/changelog-v0.9.5
CHANGELOG + AUTHORS (v0.9.5)
2018-02-02 19:02:51 +01:00