Additions:
- [makefile] check versioned files are not executable
- [travis] call the new make target
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Fixes#436
Modifications:
- remove calls to strval() on safe data
- update the date format: 'Y/m/d_H:i:s' => 'Y/m/d H:i:s'
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* `get_http_url()` renamed to `get_http_response()`.
* Use the same HTTP context to retrieve response headers and content.
* Follow HTTP 301 and 302 redirections to retrieve the title (default max 3 redirections).
* Add `LinkUtils` to extract titles and charset.
* Try to retrieve charset from HTTP headers first (new), then HTML content.
* Use mb_string to re-encode title if necessary.
* introduce class LinkFilter to handle link filter operation (and lighten LinkDB).
* handle 'private only' in filtering.
* update template to prefill search fields with current search terms.
* coding style.
* unit test (mostly move from LinkDB to LinkFilter).
PS: preparation for #358#315 and 'AND' search.
Parse link description in Markdown (HTML) before rendering.
* hard remove of Shaarli's HTML before parsing.
* Using Parsedown <https://github.com/erusev/parsedown> PHP lib.
* Includes basic markdown CSS.
* Style: removed 400px height max limit for shaares.
* Unit tests.
Fixes#328 - URL encode links when a redirector is set
* WARNING - template edit - new variable available : "real_url"
Contains the final real url (redirected or any other change on original URL)
* Don't redirect shaares link in RSS/Atom.
* Affects links shaared in description.
* Move text2clickable and keepMultipleSpaces to Utils.php + unit test
UPDATE:
* keepMultipleSpaces renamed to space2nbsp
* space2nbsp improved to handle single space at line beginning
* links in text description aren't 'nofollow' anymore
Relates to #40
Relates to #372
Additions:
- FileUtils: IOException
- ApplicationUtils:
- check if Shaarli resources are accessible with sufficient permissions
- basic test coverage
- index.php:
- check access permissions and redirect to an error page if needed:
- before running the first installation
Modifications:
- LinkDB:
- factorize datastore write code
- check if the datastore
(exists AND is writeable) OR (doesn't exist AND its parent dir is writable)
- raise an IOException if needed
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Relates to #314 & #326
Additions:
- add global `cleanup_url()` and `get_url_scheme()` functions
Modifications:
- replace `Url` usage in `index.php` by calls to global functions
- fix `Url` tests not being run: PHPUnit expects a single test class per file
- move classes to separate files
Modifications
- rename `pageCache` to `CachedPage`
- move utilities to `Cache`
- do not access globals
- apply coding rules
- update LinkDB and test code
- add test coverage
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Modifications
- attempt to use the server's timezone
- if none is set, use UTC
- TimeZone: apply coding conventions
- variable naming
- no closing PHP tag
Relates to #274
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* search tag
* delete tag
* pagination
* display privates only
* delete link
* new/edit/cancel link return page
Move location generation to Utils.php + unit tests.
Fixes#256
ninja
Isolate functions related to config in Config.php + add unit tests + code_sniffer.
options.php is not supported anymore, but its content will be automatically saved into config.php
Fixes #shaarli/Shaarli#41
*TODO*: update [documentation](https://github.com/shaarli/Shaarli/wiki#configuration).
Relates to #218
Removes "hidden" access to the following variables:
- $GLOBALS['config']['datastore']
- PHPPREFIX
- PHPSUFFIX
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
I reviewed character escaping everywhere with the following ideas:
* use a single common function to escape user data: `escape` using `htmlspecialchars`.
* sanitize fields in `index.php` after reading them from datastore and before sending them to templates.
It means no escaping function in Twig templates.
2 reasons:
* it reduces risks of security issue for future user made templates
* more readable templates
* sanitize user configuration fields after loading them.