Commit graph

72 commits

Author SHA1 Message Date
Arthur
10269bc8c9 Merge pull request #491 from ArthurHoaro/markdown-escape2
Markdown: don't escape content + sanitize sensible tags
2016-02-25 08:52:42 +01:00
Arthur
fa40b43f60 Merge pull request #492 from ArthurHoaro/locale-sort-fix
Fixes #481: tag cloud fatal error
2016-02-24 19:26:57 +01:00
ArthurHoaro
7b63e4ca09 Apply the locale to all categories and move autolocale to Utils.php 2016-02-19 20:14:06 +01:00
ArthurHoaro
2925687e1e Markdown: don't escape content + sanitize sensible tags
Instead of trying to fix broken content for Markdown parsing, parse it unescaped, then sanatize sensible tags such as scripts, etc.
2016-02-19 19:37:13 +01:00
VirtualTam
205a42778d cleanup: use DateTime to format dates
Closes #270

Modifications:
- replace custom date parsing by DateTime calls
- use proper date formatting for RSS feeds

Deletions:
- linkdate2timestamp()
- linkdate2rfc822
- linkdate2iso8601

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-02-17 22:46:50 +01:00
ArthurHoaro
522b278b03 Support text search across link fields. 2016-02-15 21:38:45 +01:00
ArthurHoaro
bedd176a54 Improved search: combine AND, exact terms and exclude search. 2016-02-15 21:38:40 +01:00
ArthurHoaro
195acf9f09 Private/Hidden tags
Tags starting with a dot '.' are now private.
They can only be seen and searched when logged in.

Fixes #315
2016-02-15 21:18:43 +01:00
ArthurHoaro
21979ff11c Add exclusion in tag search
* Searching '-mytag' will now exlude all shaares with 'mytag' tag.
  * All tags starting with a '-' are renamed without it (through the Updater).
  * Unit tests.

Minor code changes:

 * LinkDB->filter() can now take no parameters (get all link depending on logged status).
 * tagsStrToArray() is now static and filters blank tags.
2016-02-15 20:40:39 +01:00
ArthurHoaro
510377d2cb Introduce the Updater class which
* contains methods designed to be run once.
  * is able to upgrade the datastore or the configuration.
  * is based on methods names, stored in a text file with ';' separator (updates.txt).
  * begins with existing function 'mergeDeprecatedConfigFile()' (options.php).
2016-02-15 20:30:24 +01:00
Arthur
268a2e5265 Merge pull request #453 from ArthurHoaro/pr450
Implemented a little more sophisticated searching (squashed)
2016-02-01 19:21:47 +01:00
Florian Voigt
ebd8075a89 Implemented searching for a phrase in double-quotes or all words in no particular order.
+ unit tests
2016-02-01 19:18:27 +01:00
Arthur
53603f5823 Merge pull request #388 from ArthurHoaro/pluginadmin
Fixes #378 - Plugin administration UI.
2016-01-31 19:00:13 +01:00
Arthur
893338f0d4 Merge pull request #379 from ArthurHoaro/plugin-markdown
PLUGIN Markdown
2016-01-31 18:57:29 +01:00
ArthurHoaro
dea0ba28f9 Fixes #378 - Plugin administration UI. 2016-01-31 18:54:48 +01:00
ArthurHoaro
55d0a5c445 Bugfix: prevent LinkFilter to work on outdated data. 2016-01-20 22:51:56 +01:00
VirtualTam
25d88c90aa Merge pull request #441 from virtualtam/tests/check-file-permissions
tests: add a make target to check file permissions
2016-01-18 00:29:14 +01:00
VirtualTam
aa7f7b3ea6 fix: use PHP_EOL for carriage returns in file logs
Relates to #436

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-01-18 00:24:36 +01:00
VirtualTam
fc17813bd1 tests: add a make target to check file permissions
Additions:
- [makefile] check versioned files are not executable
- [travis]   call the new make target

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-01-17 21:02:24 +01:00
VirtualTam
478ce8afb4 Logging: improve formatting to enable fail2ban parsing
Fixes #436

Modifications:
- remove calls to strval() on safe data
- update the date format: 'Y/m/d_H:i:s' => 'Y/m/d H:i:s'

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-01-16 16:19:44 +01:00
VirtualTam
1abe655597 Logging: move logm() from index.php to application/Utils.php
Relates to #436

Modifications:
- inject dependencies to global variables ($_SERVER, $GLOBALS)
- apply coding conventions
- add test coverage

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-01-16 16:07:16 +01:00
ArthurHoaro
1557cefbd7 Fixes #410 - Retrieve title fails in multiple cases
* `get_http_url()` renamed to `get_http_response()`.
  * Use the same HTTP context to retrieve response headers and content.
  * Follow HTTP 301 and 302 redirections to retrieve the title (default max 3 redirections).
  * Add `LinkUtils` to extract titles and charset.
  * Try to retrieve charset from HTTP headers first (new), then HTML content.
  * Use mb_string to re-encode title if necessary.
2016-01-11 21:19:31 +01:00
Arthur
88c15abb2a Merge pull request #424 from ArthurHoaro/search
Link filter refactoring
2016-01-06 19:57:42 +01:00
ArthurHoaro
2c75f8e780 Fixes #426 - Do not filter with blank tags. 2016-01-06 19:53:25 +01:00
ArthurHoaro
822bffced8 Link filter refactoring
* introduce class LinkFilter to handle link filter operation (and lighten LinkDB).
  * handle 'private only' in filtering.
  * update template to prefill search fields with current search terms.
  * coding style.
  * unit test (mostly move from LinkDB to LinkFilter).

PS: preparation for #358 #315 and 'AND' search.
2016-01-06 19:53:04 +01:00
ArthurHoaro
1be4afacf9 PLUGIN Markdown
Parse link description in Markdown (HTML) before rendering.

      * hard remove of Shaarli's HTML before parsing.
      * Using Parsedown <https://github.com/erusev/parsedown> PHP lib.
      * Includes basic markdown CSS.
      * Style: removed 400px height max limit for shaares.
      * Unit tests.
2016-01-03 17:36:10 +01:00
VirtualTam
defc8a3f03 Merge pull request #417 from ArthurHoaro/wallabag-improve
Wallabag plugin improvement
2016-01-02 20:09:29 +01:00
ArthurHoaro
938d9cce77 Wallabag plugin improvement
* Fixes a bug where URL weren't properly encoded.
  * Adds Wallabag V2 support.
  * Adds a URL function to handle trailing slash.
  * UT.
  * README updated.
2015-12-27 15:30:34 +01:00
ArthurHoaro
49e62f22ad QRCode plugin: use url instead of real_url
Fixes #414 and avoid usage of redirector in QRCode.

Also fixed a bug with URL encoding.
2015-12-22 10:59:41 +01:00
ArthurHoaro
38603b2450 Fixes #403: build the daily page through renderPage()
* new entry in the Router for daily page.
  * add an always displayed button in demo_plugin
2015-12-08 15:51:49 +01:00
VirtualTam
4a7af9759a fix: assign template variables to empty values so they can be evaluated
Regression introduced in #394

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-12-03 20:30:46 +01:00
VirtualTam
4407b45fd3 application: default to the "stable" branch for update checks
Relates to #372
Relates to #390

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-27 00:10:43 +01:00
VirtualTam
4bf35ba56b application: refactor version checks, move to ApplicationUtils
Relates to #372

Modifications:
 - move checkUpdate() to ApplicationUtils
 - reduce file I/O operations during version checks
 - apply coding conventions
 - add test coverage

Tools:
 - create a sandbox directory for tests

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-26 23:19:37 +01:00
ArthurHoaro
90e5bd65c9 URL encode links when a redirector is set.
Fixes #328 - URL encode links when a redirector is set

  * WARNING - template edit - new variable available : "real_url"
  Contains the final real url (redirected or any other change on original URL)

  * Don't redirect shaares link in RSS/Atom.
  * Affects links shaared in description.
  * Move text2clickable and keepMultipleSpaces to Utils.php + unit test

UPDATE:

* keepMultipleSpaces renamed to space2nbsp
* space2nbsp improved to handle single space at line beginning
* links in text description aren't 'nofollow' anymore
2015-11-26 20:14:38 +01:00
VirtualTam
c9cf2715f0 application: move checkPHPVersion from Utils to ApplicationUtils
Relates to #372

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-24 01:40:44 +01:00
VirtualTam
2e28269bae install: check file/directory permissions for Shaarli resources
Relates to #40
Relates to #372

Additions:
 - FileUtils: IOException
 - ApplicationUtils:
   - check if Shaarli resources are accessible with sufficient permissions
   - basic test coverage
 - index.php:
   - check access permissions and redirect to an error page if needed:
     - before running the first installation

Modifications:
 - LinkDB:
   - factorize datastore write code
   - check if the datastore
     (exists AND is writeable) OR (doesn't exist AND its parent dir is writable)
   - raise an IOException if needed

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-24 01:12:35 +01:00
ArthurHoaro
8f8113b94b Fixes #176 - Add opensearch functionality
* add a new page in Router: do=opensearch which displays the opensearch plugin
 * using base64 compressed image to avoid issue encountered with HTTPS
2015-11-17 20:19:44 +01:00
VirtualTam
a7921b2445 cleanup: remove the executable bit from source scripts
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-11 19:19:24 +01:00
Arthur
fd006c630b Merge pull request #275 from shaarli/plugin-proposition
Plugin proposition
2015-11-08 13:29:32 +01:00
ArthurHoaro
567967fdf9 Template upgrade to handle plugin zones
Add a bunch of plugin placeholders in templates
2015-11-07 15:27:22 +01:00
ArthurHoaro
6fc14d5303 Plugin system - CORE
see shaarli/Shaarli#275
2015-11-07 15:27:17 +01:00
ArthurHoaro
d01c234235 Fixes #356
* adding a link should return added link's hash
* allow redirection relative urls in generateLocation
2015-11-04 19:53:59 +01:00
VirtualTam
482d67bd52 HTTP: move server URL functions to HttpUtils.php
Relates to #333

Modifications:
 - refactor server URL utility functions
 - do not access global `$_SERVER` variables
 - add test coverage
 - improve readability
 - apply coding conventions

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-14 20:27:16 +02:00
Guillaume Virlet
ef591e7ee2 Url: introduce global helper functions for cleanup and scheme detection
Relates to #314 & #326

Additions:
 - add global `cleanup_url()` and `get_url_scheme()` functions

Modifications:
 - replace `Url` usage in `index.php` by calls to global functions
 - fix `Url` tests not being run: PHPUnit expects a single test class per file
   - move classes to separate files
2015-09-08 22:00:37 +02:00
VirtualTam
451314eb48 HTTP: move utils to a proper file, add tests
Relates to #333

Modifications:
 - move HTTP utils to 'application/HttpUtils.php'
 - simplify logic
   - replace 'http_parse_headers_shaarli' by built-in 'get_headers()'
   - remove superfluous '$status' parameter (provided by the HTTP headers)
 - apply coding conventions
 - add test coverage (unitary only)

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-06 19:30:26 +02:00
VirtualTam
68bc21353a Session ID: extend the regex to match possible hash representations
Improves #306
Relates to #335 & #336
Duplicated by #339

Issues:
 - PHP regenerates the session ID if it is not compliant
 - the regex checking the session ID does not cover all cases
   - different algorithms: md5, sha1, sha256, etc.
   - bit representations: 4, 5, 6

Fix:
 - `index.php`:
   - remove `uniqid()` usage
   - call `session_regenerate_id()` if an invalid cookie is detected
 - regex: support all possible characters - '[a-zA-Z,-]{2,128}'
 - tests: add coverage for all algorithms & bit representations

See:
 - http://php.net/manual/en/session.configuration.php#ini.session.hash-function
 - https://secure.php.net/manual/en/session.configuration.php#ini.session.hash-bits-per-character
 - http://php.net/manual/en/function.session-id.php
 - http://php.net/manual/en/function.session-regenerate-id.php
 - http://php.net/manual/en/function.hash-algos.php

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-06 16:14:24 +02:00
ArthurHoaro
4d30975a06 Allow uppercase letters in PHP sessionid format
Fixes shaarli/Shaarli#335 - Wrong login/password since v0.5.2

Regression introduced in 06b6660a7e
2015-09-02 17:00:38 +02:00
VirtualTam
6211c498f6 Merge pull request #326 from ArthurHoaro/bug-url
Fixes #325 - Shaarli does not recognize saved links
2015-08-31 20:31:41 +02:00
ArthurHoaro
9e1724f192 Fixes #325 - Shaarli does not recognize saved links
PHP doesn't seem to autoconvert objects to strings when they're use as array indexes.

Fixes regression introduced in d9d776af19
2015-08-31 12:26:38 +02:00
ArthurHoaro
06b6660a7e Avoid Full Path Disclosure error on session error.
* Add a function to validate session ID.
  * Generate a new session ID if an invalid token is passed.
2015-08-22 10:10:55 +02:00