Commit graph

446 commits

Author SHA1 Message Date
ArthurHoaro
db90dfcbbc Move PubSubHubbub code as a default plugin 2016-12-20 11:41:24 +01:00
Arthur
80677a23e2 Merge pull request #666 from ArthurHoaro/slim-api
REST API structure using Slim framework
2016-12-20 11:30:05 +01:00
ArthurHoaro
f4ebd5fed2 Bugfixes on link deletion, and use a GET form
Use a GET form to delete links: harmonize with edit_link and preparation for #585

Bug fixes:

  * LinkDB element can't be passed as reference, fix error:

    PHP Notice:  Indirect modification of overloaded element of LinkDB has no effect

  * Resource cache folder setting wasn't set correctly
2016-12-16 12:42:13 +01:00
ArthurHoaro
826c6af7c0 Fix a regression: permalinks change when old links are edited
fixes #713
2016-12-15 11:18:56 +01:00
ArthurHoaro
18e6796726 REST API structure using Slim framework
* REST API routes are handle by Slim.
  * Every API controller go through ApiMiddleware which handles security.
  * First service implemented `/info`, for tests purpose.
2016-12-15 10:36:00 +01:00
ArthurHoaro
cbfdcff261 Prepare settings for the API in the admin page and during the install
API settings:
   - api.enabled
   - api.secret

The API settings will be initialized (and the secret generated) with an update method.
2016-12-12 03:54:10 +01:00
ArthurHoaro
3cc8c89830 Bump version to v0.8.1
Signed-off-by: ArthurHoaro <arthur@hoa.ro>
2016-12-12 03:38:12 +01:00
ArthurHoaro
d592daea83 Add a persistent 'shorturl' key to all links
All existing link will keep their permalinks.
New links will have smallhash generated with date+id.

The purpose of this is to avoid collision between links due to their creation date.
2016-12-12 03:03:12 +01:00
ArthurHoaro
01878a75b9 Apply the new ID system accros the whole codebase 2016-12-12 03:03:12 +01:00
Teromene
caa382dd55 Disable Firefox Social in the tools section if the page is not loaded using HTTPS, as Firefox will deny the request. 2016-11-29 11:06:31 +00:00
VirtualTam
f21abf3292 LinkDB: update datastore method names
Relates to https://github.com/shaarli/Shaarli/issues/95

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-10-20 21:33:40 +02:00
ArthurHoaro
7af9a41881 Minor code cleanup: PHPDoc, spelling, unused variables, etc. 2016-10-20 11:36:11 +02:00
ArthurHoaro
7fde6de121 New init function for plugins, supports errors reporting
All plugins can optionally add an init function named `pluginname_init()` which is called when the plugin is loaded.

This function is aware of the config, and can return initialization errors, which are displayed in the header template.

Note that the previous error system hack no longer work.
2016-10-14 13:22:58 +02:00
Arthur
0354257266 Merge pull request #622 from ArthurHoaro/update-date
Save link update dates and render it in templates and feeds
2016-10-12 14:51:37 +02:00
Arthur
adcdac1dec Merge pull request #623 from ArthurHoaro/security/reverse-proxy-ban
Add trusted IPs in config and try to ban forwarded IP on failed login
2016-10-12 14:48:57 +02:00
ArthurHoaro
fdf88d1948 Bump version to v0.8.0
Signed-off-by: ArthurHoaro <arthur@hoa.ro>
2016-10-12 12:36:59 +02:00
VirtualTam
5283175367 composer: display an error message if the autoload script is missing
Closes https://github.com/shaarli/Shaarli/issues/645
Relates to https://github.com/shaarli/Shaarli/issues/607

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-09-05 00:04:57 +02:00
VirtualTam
a973afeac7 Refactor bookmark import using a generic Netscape parser
Relates to #607
Relates to #608
Relates to #493 (abandoned)

Additions:
- use Composer's autoload to load 3rd-party dependencies under vendor/

Modifications:
- [import] replace the current parser with a generic, stable parser
  - move code to application/NetscapeBookmarkUtils
  - improve status report after parsing
- [router] use the same endpoint for both bookmark upload and import dialog
- [template] update bookmark import options
  - allow adding tags to all imported links
  - allow selecting the visibility (privacy) of imported links
- [tests] ensure bookmarks are properly parsed and imported in the LinkDB
  - reuse reference input from the parser's test data

See:
- https://github.com/shaarli/netscape-bookmark-parser
- https://getcomposer.org/doc/01-basic-usage.md#autoloading

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-08-10 01:42:44 +02:00
ArthurHoaro
cdbc818037 Bugfix: wrong key used to get default private links setting 2016-08-07 12:15:08 +02:00
ArthurHoaro
edf3ff5a53 Initialize a translation function
It matches the API of ngettext().
2016-08-07 11:54:39 +02:00
ArthurHoaro
fd5ac47ea2 Generate a token for every pages 2016-08-06 14:09:26 +02:00
ArthurHoaro
50d1791838 Add trusted IPs in config and try to ban forwarded IP on failed login
* Add a new settings (which needs to be manually set): `security.trusted_proxies`
  * On login failure, if the `REMOTE_ADDR` is in the trusted proxies, try to retrieve the forwarded IP in headers.
  * If found, the client address is added in ipbans, else we do nothing.

Fixes #409
2016-08-03 10:36:47 +02:00
ArthurHoaro
9646b7da22 Save the update date in LinkDB and pass it to linklist templates
It can be used as a timestamp by templates under the key 'updated_timestamp'.
2016-08-03 09:44:04 +02:00
Arthur
a4cd07eee2 Merge pull request #604 from ArthurHoaro/no-delicious
Remove Delicious in project description in comments
2016-07-23 14:16:59 +02:00
ArthurHoaro
2d97aa7781 Remove Delicious in project description in comments 2016-07-23 14:13:56 +02:00
Arthur
8562009682 Merge pull request #601 from ArthurHoaro/hotfix/title-missing
Fixes #600 - Shaarli's title is not set with the new config manager
2016-07-23 10:31:33 +02:00
ArthurHoaro
97ef33bb72 Fixes #600 - Shaarli's title is not set with the new config manager
- Fixed title config key
  - Page title (in head tag) is no longer set through the config manager
2016-07-19 18:03:09 +02:00
ArthurHoaro
2e193ad387 Fix variable in configure.php 2016-07-10 10:42:21 +02:00
ArthurHoaro
894a3c4bf3 Rename configuration key for better sections 2016-06-11 09:30:56 +02:00
ArthurHoaro
278d9ee283 ConfigManager no longer uses singleton pattern 2016-06-11 09:30:56 +02:00
ArthurHoaro
7f179985b4 Remove remaining settings initialization in index.php
Except for those which require external data (timezone and $_SERVER).
2016-06-11 09:30:56 +02:00
ArthurHoaro
da10377b3c Rename configuration keys and fix GLOBALS in templates 2016-06-11 09:30:56 +02:00
ArthurHoaro
d93d51b213 Set the default timezone in index.php 2016-06-11 09:30:56 +02:00
ArthurHoaro
684e662a58 Replace $GLOBALS configuration with the configuration manager in the whole code base 2016-06-11 09:30:56 +02:00
ArthurHoaro
c01bd08eaf Version bump: v0.7.0
Signed-off-by: ArthurHoaro <arthur@hoa.ro>
2016-05-14 11:36:47 +02:00
Arthur
3fdcc7bd47 Merge pull request #560 from ArthurHoaro/nb-private-shaare
Private links counter in the header
2016-05-14 11:11:11 +02:00
Arthur
52ccf0d7ee Merge pull request #556 from ArthurHoaro/login-refill
Prefill the login field when the authentication has failed
2016-05-14 11:09:39 +02:00
Arthur
765391cb37 Merge pull request #559 from ArthurHoaro/startsEndWithCase
Fix startsWith and endsWith case
2016-05-14 11:09:03 +02:00
ArthurHoaro
141a86c503 Add private link counter 2016-05-13 08:48:23 +02:00
ArthurHoaro
03eb19ac60 Extract PageBuilder class from index.php 2016-05-13 08:48:18 +02:00
ArthurHoaro
465266243f Don't redirect to ?post if ?addlink is reached while logged out 2016-05-11 22:10:31 +02:00
ArthurHoaro
5046bcb6ab Fix startsWith and endsWith case 2016-05-10 23:31:41 +02:00
ArthurHoaro
85c4bdc235 Prefill the login field when the authentication has failed 2016-05-06 20:03:10 +02:00
VirtualTam
bb4a23aa86 Export: allow prepending notes with the Shaarli instance's URL
Relates to #102

Additions:
- application:
  - export: allow prepending note permalinks with the instance's URL
  - test coverage

Modifications:
- export template: switch to an HTML form
  - link selection (all/private/public)
  - prepend note permalinks with the instance's URL

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-05-06 16:12:46 +02:00
Arthur
86deafe0ff Merge pull request #551 from ArthurHoaro/hotfix/timezone
Use correct 'UTC' timezone
2016-05-05 13:21:36 +02:00
ArthurHoaro
12ff86c961 Use correct 'UTC' timezone 2016-05-03 20:09:24 +02:00
Arthur
47be060983 Merge pull request #532 from ArthurHoaro/hotfix/title-retrieve-the-return
Fixes #531 - Title retrieving is failing with multiple use case
2016-05-03 19:53:57 +02:00
ArthurHoaro
ce7b0b6480 Fixes #531 - Title retrieving is failing with multiple use case
see https://github.com/shaarli/Shaarli/issues/531 for details
2016-05-03 19:51:29 +02:00
VirtualTam
cd5327bee8 Refactor Netscape bookmark exporting
Relates to https://github.com/shaarli/netscape-bookmark-parser/issues/5

Fixes:
- respect the Netscape bookmark format "specification"

Modifications:
- [application] introduce the NetscapeBookmarkUtils class
- [template] export           - improve formatting, rename export selection parameter
- [template] export.bookmarks - template for Netscape exports
- [tests] bookmark filtering, additional field generation

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-04-10 21:28:04 +02:00
ArthurHoaro
043eae70c4 Fixes #480: add an option to urlencode redirector URL
* New config: `$GLOBALS['config']['REDIRECTOR_URLENCODE']` (default `true`).
  * Parameter added to LinkDB constructor.
  * Fixes a bug with urlencode and escaped url.
  * In `index.php`, LinkDB is now instanciate once for `importFile()` and `showDaily()`.
  * TU
2016-04-09 16:52:32 +02:00
ArthurHoaro
b0128609f4 Fixes #526: bad font size separator in tagcloud with some locale
* Force the number format with number_format().
      * Reduce the size deciment number to 2.
2016-03-31 18:01:05 +02:00
ArthurHoaro
5f143b72ea Remove dev cache disabling 2016-03-26 16:59:22 +01:00
Arthur
f66a1990e5 Merge pull request #515 from ArthurHoaro/template-feeds
Refactor RSS feeds generation, and do it through templates
2016-03-25 19:20:55 +01:00
ArthurHoaro
528a6f8a23 Refactor filter in LinkDB
* search type now carried by LinkDB in order to factorize code between different search sources.
  * LinkDB->filter split in 3 method: filterSearch, filterHash, filterDay (we know what type of filter is needed).
  * filterHash now throw a LinkNotFoundException if it doesn't exist: internal implementation choice, still displays a 404.
  * Smallhash regex has been rewritten.
  * Unit tests update
2016-03-25 19:17:59 +01:00
ArthurHoaro
82e3680203 Create a FeedBuilder class which build data for both ATOM and RSS feed. 2016-03-25 19:17:55 +01:00
ArthurHoaro
e15f08d72a Use generateLocation to set the redirection in login (and don't escape the url) 2016-03-21 19:06:46 +01:00
ArthurHoaro
bcd078bf0a Plugin: add render_feed hook and call it while generating ATOM and RSS feed.
Create an example of the new hook in the demo plugin.
2016-03-18 19:13:48 +01:00
ArthurHoaro
e67712ba0f Refactor showRSS, and make it use the RSS template 2016-03-18 19:13:48 +01:00
ArthurHoaro
69c474b966 Refactor showAtom, and make it use the ATOM template
Minor changes:

  * Fix the date which was in a invalid format.
  * Avoid empty categories (tags).
  * Use the locale to set the language
2016-03-18 19:13:48 +01:00
ArthurHoaro
1c2fdb98b1 Add method assignAll() to pageBuilder to assign an array of data 2016-03-18 19:13:48 +01:00
ArthurHoaro
797a6f308f Bump version to v0.6.5
Signed-off-by: ArthurHoaro <arthur@hoa.ro>
2016-03-02 19:59:58 +01:00
ArthurHoaro
408def1a07 Fixes #503: check that HTTP_ACCEPT_LANGUAGE is set before calling autoLocale() 2016-02-28 15:53:28 +01:00
ArthurHoaro
09674d9359 Bump version to v0.6.4
Signed-off-by: ArthurHoaro <arthur@hoa.ro>
2016-02-28 14:33:05 +01:00
Arthur
c6744a9e89 Merge pull request #496 from ArthurHoaro/cross-search
Allow crossed search between terms and tags
2016-02-28 14:26:46 +01:00
ArthurHoaro
c51fae92dc Allow crossed search between terms and tags
* Partial fix of #449
  * Current use case: search term + click on tag.
  * LinkFilter now returns all links if no filter is given.
  * Unit tests.
2016-02-28 14:17:40 +01:00
Arthur
fa40b43f60 Merge pull request #492 from ArthurHoaro/locale-sort-fix
Fixes #481: tag cloud fatal error
2016-02-24 19:26:57 +01:00
ArthurHoaro
7eb0a83201 Fixes #481: tag cloud fatal error
Only send LC_COLLATE to Collator and check that no error occured.
2016-02-19 20:20:33 +01:00
ArthurHoaro
7b63e4ca09 Apply the locale to all categories and move autolocale to Utils.php 2016-02-19 20:14:06 +01:00
Arthur
64282b1499 Merge pull request #486 from virtualtam/refactor/datetime
cleanup: use DateTime to format dates
2016-02-18 19:53:39 +01:00
ArthurHoaro
ed853da7fd Fixes #468: don't trim description
Spaces at the start of shaares can be intended. Eg: markdown plugin.

#468
2016-02-18 19:34:33 +01:00
VirtualTam
205a42778d cleanup: use DateTime to format dates
Closes #270

Modifications:
- replace custom date parsing by DateTime calls
- use proper date formatting for RSS feeds

Deletions:
- linkdate2timestamp()
- linkdate2rfc822
- linkdate2iso8601

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-02-17 22:46:50 +01:00
Arthur
07c2f73543 Merge pull request #461 from ArthurHoaro/tagcloud-sort
Fixes #456: Tag cloud does not sort tags (fully) alphabetically
2016-02-15 21:26:33 +01:00
ArthurHoaro
ce354bf1a6 Remove first '-' char when saving tags 2016-02-15 21:06:17 +01:00
Arthur
6e607ca613 Merge pull request #479 from ArthurHoaro/pluginsadmin-error-url
Fixes typo in plugin admin redirection URL
2016-02-15 20:38:31 +01:00
Arthur
6cbff7e80f Merge pull request #460 from ArthurHoaro/440-editlink-404
Fixes #440 - 404 error after editing a link
2016-02-15 20:38:10 +01:00
Arthur
854ea37255 Merge pull request #442 from ArthurHoaro/updater
Introduce the Updater class which
2016-02-15 20:36:42 +01:00
ArthurHoaro
59edea42bb Fixes typo in plugin admin redirection URL 2016-02-15 20:34:44 +01:00
ArthurHoaro
510377d2cb Introduce the Updater class which
* contains methods designed to be run once.
  * is able to upgrade the datastore or the configuration.
  * is based on methods names, stored in a text file with ';' separator (updates.txt).
  * begins with existing function 'mergeDeprecatedConfigFile()' (options.php).
2016-02-15 20:30:24 +01:00
ArthurHoaro
fea5db7ab1 Common hooks: process includes before header/footer 2016-02-10 15:40:11 +01:00
ArthurHoaro
f1e96a06d8 Fixes #456: Tag cloud does not sort tags (fully) alphabetically
* Use Collator class to sort tags using the locale (in PECL intl, included in most PHP installation).
  * Use strcasecmp if Collator is not found.

Both sorts are case insensitive.
2016-02-05 16:10:34 +01:00
Arthur
5369f04521 Merge pull request #458 from ArthurHoaro/plugins-init-parameters
Initialize plugin parameters array to avoid unnecessary warning.
2016-02-04 20:29:02 +01:00
ArthurHoaro
fd50e14cba Fixes #440 - 404 error after editing a link
Remove unnecessary escape().
2016-02-04 20:24:17 +01:00
ArthurHoaro
5a23950c95 Code cleanup: index.php - save_edit 2016-02-04 19:58:47 +01:00
ArthurHoaro
091e2d139d Initialize plugin parameters array to avoid unnecessary warning. 2016-02-02 21:07:25 +01:00
ArthurHoaro
7c873f1cd0 Add a default value to ENABLE_UPDATECHECK to avoid unnecessary warning. 2016-02-02 20:10:49 +01:00
ArthurHoaro
729d267172 Bump version to v0.6.3 2016-01-31 19:32:22 +01:00
ArthurHoaro
dea0ba28f9 Fixes #378 - Plugin administration UI. 2016-01-31 18:54:48 +01:00
Dimtion
f4c84ad7fc Create 404 template
Solve #430 for links
2016-01-20 22:52:28 +01:00
VirtualTam
1abe655597 Logging: move logm() from index.php to application/Utils.php
Relates to #436

Modifications:
- inject dependencies to global variables ($_SERVER, $GLOBALS)
- apply coding conventions
- add test coverage

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-01-16 16:07:16 +01:00
ArthurHoaro
1557cefbd7 Fixes #410 - Retrieve title fails in multiple cases
* `get_http_url()` renamed to `get_http_response()`.
  * Use the same HTTP context to retrieve response headers and content.
  * Follow HTTP 301 and 302 redirections to retrieve the title (default max 3 redirections).
  * Add `LinkUtils` to extract titles and charset.
  * Try to retrieve charset from HTTP headers first (new), then HTML content.
  * Use mb_string to re-encode title if necessary.
2016-01-11 21:19:31 +01:00
Arthur
88c15abb2a Merge pull request #424 from ArthurHoaro/search
Link filter refactoring
2016-01-06 19:57:42 +01:00
ArthurHoaro
2c75f8e780 Fixes #426 - Do not filter with blank tags. 2016-01-06 19:53:25 +01:00
ArthurHoaro
822bffced8 Link filter refactoring
* introduce class LinkFilter to handle link filter operation (and lighten LinkDB).
  * handle 'private only' in filtering.
  * update template to prefill search fields with current search terms.
  * coding style.
  * unit test (mostly move from LinkDB to LinkFilter).

PS: preparation for #358 #315 and 'AND' search.
2016-01-06 19:53:04 +01:00
ArthurHoaro
6a6aa2b96d Fixes #428: validate buttons presence instead of value
Also adds a validation where renaming with 'fromtag' specified and empty 'totag'.
It was causing a 404, now it just re-render the form.
2016-01-03 14:42:43 +01:00
VirtualTam
ba83317573 Bump version to v0.6.2
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-12-23 19:54:37 +01:00
VirtualTam
6ff636cdd4 Merge pull request #407 from ArthurHoaro/daily-router
Fixes #402: build the daily page through renderPage()
2015-12-08 21:41:31 +01:00
ArthurHoaro
38603b2450 Fixes #403: build the daily page through renderPage()
* new entry in the Router for daily page.
  * add an always displayed button in demo_plugin
2015-12-08 15:51:49 +01:00
ArthurHoaro
aca447a713 Reset permissions on index.php (changed in 18cca483b0 ). 2015-12-08 15:09:17 +01:00
ArthurHoaro
18cca483b0 Temporary fix for head titles
only set the title on permalink.
2015-12-07 10:29:24 +01:00
ArthurHoaro
2f5c136104 Fixes #399 - show single link title as page title 2015-12-05 11:05:08 +01:00
VirtualTam
4a7af9759a fix: assign template variables to empty values so they can be evaluated
Regression introduced in #394

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-12-03 20:30:46 +01:00
VirtualTam
9ecdeb5452 Bump version to v0.6.1
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-12-01 21:25:50 +01:00
VirtualTam
4407b45fd3 application: default to the "stable" branch for update checks
Relates to #372
Relates to #390

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-27 00:10:43 +01:00
VirtualTam
4bf35ba56b application: refactor version checks, move to ApplicationUtils
Relates to #372

Modifications:
 - move checkUpdate() to ApplicationUtils
 - reduce file I/O operations during version checks
 - apply coding conventions
 - add test coverage

Tools:
 - create a sandbox directory for tests

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-26 23:19:37 +01:00
VirtualTam
61873e3ded Merge pull request #355 from ArthurHoaro/redirector-url
URL encode links when a redirector is set
2015-11-26 23:05:58 +01:00
ArthurHoaro
657f0e25ba Fixes incorrect call to
From 2e28269bae
2015-11-26 20:51:53 +01:00
ArthurHoaro
90e5bd65c9 URL encode links when a redirector is set.
Fixes #328 - URL encode links when a redirector is set

  * WARNING - template edit - new variable available : "real_url"
  Contains the final real url (redirected or any other change on original URL)

  * Don't redirect shaares link in RSS/Atom.
  * Affects links shaared in description.
  * Move text2clickable and keepMultipleSpaces to Utils.php + unit test

UPDATE:

* keepMultipleSpaces renamed to space2nbsp
* space2nbsp improved to handle single space at line beginning
* links in text description aren't 'nofollow' anymore
2015-11-26 20:14:38 +01:00
Nicolas Danelon
1e57f90200 cleanup: remove json_encode() (built-in since PHP 5.2)
See http://php.net/manual/en/function.json-encode.php

Legacy since php 5.2.x . If php5.3 is required for the install script
2015-11-25 09:42:29 -03:00
VirtualTam
c9cf2715f0 application: move checkPHPVersion from Utils to ApplicationUtils
Relates to #372

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-24 01:40:44 +01:00
VirtualTam
2e28269bae install: check file/directory permissions for Shaarli resources
Relates to #40
Relates to #372

Additions:
 - FileUtils: IOException
 - ApplicationUtils:
   - check if Shaarli resources are accessible with sufficient permissions
   - basic test coverage
 - index.php:
   - check access permissions and redirect to an error page if needed:
     - before running the first installation

Modifications:
 - LinkDB:
   - factorize datastore write code
   - check if the datastore
     (exists AND is writeable) OR (doesn't exist AND its parent dir is writable)
   - raise an IOException if needed

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-24 01:12:35 +01:00
VirtualTam
c580024cfb Merge pull request #384 from roidelapluie/master
fill session info when shaarli is in open mode
2015-11-23 20:24:35 +01:00
Julien Pivotto
02ad8fb6ce Fix authentification when Shaarli is in Open Mode. 2015-11-23 14:53:34 +01:00
VirtualTam
3d79d82326 Merge pull request #387 from ArthurHoaro/bookmarklet-quote
Fixes #382: Bookmarklet can not retrieve title when there is a quotation mark in it
2015-11-22 18:10:50 +01:00
VirtualTam
c07e166aa2 Merge pull request #376 from ArthurHoaro/opensearch
Fixes #176 - Add opensearch functionality
2015-11-22 17:53:24 +01:00
ArthurHoaro
739dc24344 Fixes #382: Bookmarklet can not retrieve title when there is a quotation mark in it
bookmarklet fields weren't correctly escaped
2015-11-22 15:47:41 +01:00
ArthurHoaro
e4b9a7633d Bugfix: do not store plugin errors in data.php
Before this, calling writeConfig() would have write error messages in data.php, because it uses 'plugins' array which is used for plugin configuration.

Causing the message error appear everytime.
2015-11-22 14:45:09 +01:00
ArthurHoaro
98f54239aa Bump version to v0.6.0
Signed-off-by: ArthurHoaro <arthur@hoa.ro>
2015-11-18 13:38:30 +01:00
ArthurHoaro
8f8113b94b Fixes #176 - Add opensearch functionality
* add a new page in Router: do=opensearch which displays the opensearch plugin
 * using base64 compressed image to avoid issue encountered with HTTPS
2015-11-17 20:19:44 +01:00
VirtualTam
a7921b2445 cleanup: remove the executable bit from source scripts
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-11 19:19:24 +01:00
VirtualTam
28bb2b74e3 index.php: group globals by theme, format comments
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-11 18:45:46 +01:00
Arthur
fd006c630b Merge pull request #275 from shaarli/plugin-proposition
Plugin proposition
2015-11-08 13:29:32 +01:00
ArthurHoaro
056107ab4e Handle errors raised by plugins in template. fixes #370 2015-11-08 13:22:44 +01:00
ArthurHoaro
6fc14d5303 Plugin system - CORE
see shaarli/Shaarli#275
2015-11-07 15:27:17 +01:00
ArthurHoaro
d01c234235 Fixes #356
* adding a link should return added link's hash
* allow redirection relative urls in generateLocation
2015-11-04 19:53:59 +01:00
VirtualTam
38bedfbbcd Bump version to 0.5.4
Fixes:
 - PHP session IDs: handle hash algorithms and bits per char representations

Minor changes:
 - HTTPS: support being served behing an SSL-enabled proxy
 - HTTP/Server utilities: refactor & add test coverage

Project & documentation:
 - improve/rewrite `README.md`
 - update contributor list
 - update `index.php` header

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-14 21:02:52 +02:00
VirtualTam
49e2b35b4a Update project information: contributors, index.php header
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-14 20:54:13 +02:00
VirtualTam
482d67bd52 HTTP: move server URL functions to HttpUtils.php
Relates to #333

Modifications:
 - refactor server URL utility functions
 - do not access global `$_SERVER` variables
 - add test coverage
 - improve readability
 - apply coding conventions

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-14 20:27:16 +02:00
Fanch
7b114771d3 SSL detection: add support for X-Forwarded-Proto
Duplicates #332

See:
 - RFC 7239 - Forwarded HTTP Extension
   http://www.ietf.org/rfc/rfc7239.txt
 - RFC 6238 - Deprecating the "X-" Prefix and Similar Constructs in Application Protocols
   http://www.ietf.org/rfc/rfc6648.txt
 - StackOverflow - Custom HTTP headers: naming conventions
   http://stackoverflow.com/a/3561399
2015-09-13 21:17:01 +02:00
Guillaume Virlet
ef591e7ee2 Url: introduce global helper functions for cleanup and scheme detection
Relates to #314 & #326

Additions:
 - add global `cleanup_url()` and `get_url_scheme()` functions

Modifications:
 - replace `Url` usage in `index.php` by calls to global functions
 - fix `Url` tests not being run: PHPUnit expects a single test class per file
   - move classes to separate files
2015-09-08 22:00:37 +02:00
VirtualTam
451314eb48 HTTP: move utils to a proper file, add tests
Relates to #333

Modifications:
 - move HTTP utils to 'application/HttpUtils.php'
 - simplify logic
   - replace 'http_parse_headers_shaarli' by built-in 'get_headers()'
   - remove superfluous '$status' parameter (provided by the HTTP headers)
 - apply coding conventions
 - add test coverage (unitary only)

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-06 19:30:26 +02:00
VirtualTam
68bc21353a Session ID: extend the regex to match possible hash representations
Improves #306
Relates to #335 & #336
Duplicated by #339

Issues:
 - PHP regenerates the session ID if it is not compliant
 - the regex checking the session ID does not cover all cases
   - different algorithms: md5, sha1, sha256, etc.
   - bit representations: 4, 5, 6

Fix:
 - `index.php`:
   - remove `uniqid()` usage
   - call `session_regenerate_id()` if an invalid cookie is detected
 - regex: support all possible characters - '[a-zA-Z,-]{2,128}'
 - tests: add coverage for all algorithms & bit representations

See:
 - http://php.net/manual/en/session.configuration.php#ini.session.hash-function
 - https://secure.php.net/manual/en/session.configuration.php#ini.session.hash-bits-per-character
 - http://php.net/manual/en/function.session-id.php
 - http://php.net/manual/en/function.session-regenerate-id.php
 - http://php.net/manual/en/function.hash-algos.php

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-06 16:14:24 +02:00
ArthurHoaro
ce8c4a84ba Bump version to v0.5.3
Fixes a bug that could prevent user to login.
2015-09-02 18:06:21 +02:00
VirtualTam
53cc2b93b8 Bump version to 0.5.2
Minor changes
 - fix Full Path Disclosure upon cookie forgery
 - fix regression preventing to load LinkDB info when adding an existing link
 - also extract HTTPS page metadata (title)
 - add PHP 7 to Travis platforms

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-31 20:39:27 +02:00
VirtualTam
6211c498f6 Merge pull request #326 from ArthurHoaro/bug-url
Fixes #325 - Shaarli does not recognize saved links
2015-08-31 20:31:41 +02:00
ArthurHoaro
26c503460c Add HTTPS support for title extracting feature 2015-08-31 12:30:59 +02:00
ArthurHoaro
9e1724f192 Fixes #325 - Shaarli does not recognize saved links
PHP doesn't seem to autoconvert objects to strings when they're use as array indexes.

Fixes regression introduced in d9d776af19
2015-08-31 12:26:38 +02:00
ArthurHoaro
06b6660a7e Avoid Full Path Disclosure error on session error.
* Add a function to validate session ID.
  * Generate a new session ID if an invalid token is passed.
2015-08-22 10:10:55 +02:00
VirtualTam
d7efade5d6 Bump version to 0.5.1
Minor changes
 - fix 404 after editing a link while being logged out
 - update local documentation
 - improve timezone detection at installation
 - improve feed cache handling
 - improve URL cleanup for new links
 - add a link to the shaarli/shaarli DockerHub repository

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-18 00:36:55 +02:00
VirtualTam
d9d776af19 Links: refactor & improve URL cleanup
Relates to #141
Relates to #133

Modifications
 - move URL cleanup to `application/Url.php`
 - rework the cleanup function
   - fragments: `#stuff`
   - GET parameters: `?var1=val1&var2=val2`
 - add documentation (APIs the params belong to)
 - add test coverage

Reference
 - http://php.net/parse_url
 - http://php.net/manual/en/language.oop5.magic.php#language.oop5.magic.tostring

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-15 15:58:38 +02:00
VirtualTam
01e48f269d CachedPage: move to a proper file, add tests
Modifications
 - rename `pageCache` to `CachedPage`
 - move utilities to `Cache`
 - do not access globals
 - apply coding rules
 - update LinkDB and test code
 - add test coverage

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-13 23:48:06 +02:00
ArthurHoaro
5fbabbb9be Fixes #299: prevent 404 on '?edit_link' while logged out
- add a use case for edit_link in logged out part.
 - *really* prevent loops on login screen.
2015-08-07 16:26:38 +02:00
VirtualTam
afd7b77b4c Installation: default to the server's timezone
Modifications
 - attempt to use the server's timezone
 - if none is set, use UTC
 - TimeZone: apply coding conventions
   - variable naming
   - no closing PHP tag

Relates to #274

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-04 23:54:03 +02:00
VirtualTam
7d4263e11a Bump version to 0.5.0
Major changes
 - fix locale handling
 - fix note URLs
 - fix page redirections
 - fix daily RSS browsing
 - fix title display
 - fix links not being hidden when `HIDE_PUBLIC_LINKS` is set
 - restore compatibility with PHP 5.3
 - remove duplicate tags in links
 - remove annoying URL patterns
 - add Firefox Social API
 - Search/Filter by tag fieds can now be accessed quickly with the `Tab` key
 - update documentation
 - start code refactoring
   - move all settings to `data/config.php`
   - refactor Config, LinkDB, TimeZone, Utils
   - add unit test coverage
   - add Travis integration

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-30 11:20:51 +02:00
VirtualTam
d1e2f8e52c PHP: ensure 5.3 compatibility, refactor timezone utilities
Relates to #250

Modifications
 - supported version
   - bump required version from 5.1.0 to 5.3.x
   - update README
   - add PHP 5.3 to Travis environments
 - rewrite array declarations: explicitely use array() instead of []
 - move checkPHPVersion to application/Utils.php
 - move timezone functions to application/TimeZone.php
   - cleanup code
   - improve test coverage

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-13 13:06:06 +02:00
VirtualTam
5b0ebbc5de Merge pull request #257 from ArthurHoaro/tag-http-referer
Prevent redirection loop everytime we rely on HTTP_REFERER
2015-07-12 19:56:13 +02:00
ArthurHoaro
775803a05c Prevent redirection loop everytime we rely on HTTP_REFERER:
* search tag
  * delete tag
  * pagination
  * display privates only
  * delete link
  * new/edit/cancel link return page

Move location generation to Utils.php + unit tests.

Fixes #256

ninja
2015-07-12 17:43:13 +02:00
Arthur
1dcbe29611 English mistake cf sebsauvage/Shaarli#221 2015-07-12 15:16:37 +02:00
ArthurHoaro
6ac95d9cf1 Fixes warning 'Undefined index: searchtags' while filtering by tags.
Happened if there were not any searchtags already present in the query.
2015-07-12 11:36:42 +02:00
Arthur
7bd3542b1b Merge pull request #262 from ArthurHoaro/dup-tags
Avoid tag duplicates
2015-07-12 11:01:24 +02:00
ArthurHoaro
781e8aadea Avoid tag duplicates
* Prevent duplicate client side with awesomplete
 * Prevent duplicate server side (save_edit processing)

Fixes #261
2015-07-12 10:34:29 +02:00
VirtualTam
bba021defc Merge pull request #268 from ArthurHoaro/dailrss-template
Include the whole <item> in Daily RSS template
2015-07-11 19:09:52 +02:00
ArthurHoaro
f3b8f9f0f8 Include the whole <item> in dailyRSS
Allow custom date format and title in templates.

Also a bit of code style review.

Fixes #182
2015-07-11 10:25:25 +02:00
VirtualTam
50c9a12ee6 Fix: data/config.php was not imported
Relates to #255

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-11 00:12:13 +02:00
VirtualTam
e92f1ba59e Merge pull request #255 from ArthurHoaro/config
All settings are now stored in config.php
2015-07-09 21:34:46 +02:00
ArthurHoaro
dd484b90b1 All settings are now stored in config.php
Isolate functions related to config in Config.php + add unit tests + code_sniffer.

options.php is not supported anymore, but its content will be automatically saved into config.php

Fixes #shaarli/Shaarli#41

*TODO*: update [documentation](https://github.com/shaarli/Shaarli/wiki#configuration).
2015-07-09 20:46:03 +02:00
VirtualTam
9186ab9594 LinkDB::filterDay(): check input date format
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-09 00:44:19 +02:00
ArthurHoaro
f3db3774f9 Fixes #260: previous/next day links in daily
The bug was occuring only if we tried to access to the first day.
2015-07-08 17:12:06 +02:00
VirtualTam
9c8752a206 LinkDB: do not access global variables
Relates to #218

Removes "hidden" access to the following variables:
 - $GLOBALS['config']['datastore']
 - PHPPREFIX
 - PHPSUFFIX

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-06-24 23:26:52 +02:00
nodiscc
64bc92e3ac move escape() and sanitizeLink() to application/Utils.php
prevents 'PHP Fatal error:  Call to undefined function sanitizeLink() in Shaarli/application/LinkDB.php on line 255' in tests
2015-06-24 01:08:30 +02:00
nodiscc
eaefcba724 Merge remote-tracking branch 'ArthurHoaro/input-escape' into next
Conflicts:
	index.php
2015-06-24 00:51:38 +02:00
VirtualTam
9f15ca9ee7 LinkDB: add 'hidePublicLinks' parameter to the constructor
Fixes #236
Relates to #237

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-06-24 00:26:59 +02:00
ArthurHoaro
c68da3ffbf Page title if there is a single link
Fixes #232
2015-06-23 20:22:02 +02:00
ArthurHoaro
5f85fcd863 Working on shaarli/Shaarli#224
I reviewed character escaping everywhere with the following ideas:

  * use a single common function to escape user data: `escape` using `htmlspecialchars`.
  * sanitize fields in `index.php` after reading them from datastore and before sending them to templates.
  	It means no escaping function in Twig templates.
    2 reasons:
    * it reduces risks of security issue for future user made templates
    * more readable templates
  * sanitize user configuration fields after loading them.
2015-06-23 16:35:36 +02:00
nodiscc
4a5827ff5a Merge remote-tracking branch 'ArthurHoaro/daily-date' into next 2015-06-23 15:07:03 +02:00
nodiscc
38a0c256d2 Merge remote-tracking branch 'virtualtam/test/link-db' into next
Conflicts:
	index.php
2015-06-23 14:38:43 +02:00
nodiscc
0fe36414c8 Merge remote-tracking branch 'ArthurHoaro/search-tag-awesomplete' into next 2015-06-23 14:18:31 +02:00
ArthurHoaro
4de71445d3 Daily page: date format in template
It only concerns the date of the day in the main title.

Fixes #182

Note that daily RSS feed is not generated through templates. Date are still hard formatted in that case.
2015-06-19 20:23:58 +02:00
VirtualTam
ca74886f30 LinkDB: move to a proper file, add test coverage
Relates to #71

LinkDB
 - move to application/LinkDB.php
 - code cleanup
   - indentation
   - whitespaces
   - formatting
 - comment cleanup
   - add missing documentation
   - unify formatting

Test coverage for LinkDB
 - constructor
 - public / private access
 - link-related methods

Shaarli utilities (LinkDB dependencies)
 - move startsWith() and endsWith() functions to application/Utils.php
 - add test coverage

Dev utilities
 - Composer: add PHPUnit to dev dependencies
 - Makefile:
    - update lint targets
    - add test targets
    - generate coverage reports

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-06-11 00:45:45 +02:00
ArthurHoaro
a037ac6963 Do not load links if they're hidden (also fix shaarli/Shaarli#202) 2015-06-09 14:58:54 +02:00
ArthurHoaro
65d6251744 Add awesomplete to tag search shaarli/Shaarli#49 2015-06-09 14:23:28 +02:00
nodiscc
cbecab7735 split annoyingpatterns list on multpile lines, add new patterns for removal:
* utm_content=
 * fb=
 * xtor=

closes https://github.com/shaarli/Shaarli/issues/136
2015-06-03 15:58:58 +02:00
nodiscc
f95d0428f6 Merge branch 'really-hide' of https://github.com/pikzen/Shaarli into next 2015-05-22 21:07:00 +02:00
nodiscc
8b3c67fccb Merge remote-tracking branch 'Marsup/firefox-social' into next 2015-05-22 21:04:36 +02:00
Marsup
d33c5d4c3b Add Firefox Social API to the tools. Fixes #101. 2015-05-15 16:18:54 +00:00
feula
59c90f5808 Properly hide all links
>searchtags
2015-05-11 20:08:38 +02:00
Jonathan Druart
f5b059254f Display date as today if no articles published
On "The Daily Shaarli" page (index.php?do=daily), the date is "Tuesday
30, November 1999" if no articles have been published/shared.

This patch checks the parameter ($linkdate) before the mktime call to
prevent and generate the "day 0" string.
mktime(0,0,0,0,0,0) returns 943916400 (hum?)
2015-05-11 11:16:19 +01:00
nodiscc
caee7ff9cc change wording and variable names for "Hide public links" feature 2015-04-10 20:52:12 +02:00
nodiscc
0c45b01cc2 Merge remote-tracking branch 'pikzen/disable-public' into next 2015-04-10 20:30:33 +02:00
nodiscc
507849290c Merge remote-tracking branch 'ArthurHoaro/localecharset' into next 2015-04-10 20:30:15 +02:00
nodiscc
1caf200551 Merge commit '326ae54' into next 2015-04-10 20:28:24 +02:00
feula
8fa1ebd605 Allow disabling all public links, fixes #188 2015-04-09 18:13:11 +02:00
ArthurHoaro
da49603b86 #193 add UTF8 by default to autoLocale 2015-04-08 06:53:34 +02:00
ArthurHoaro
8438a2e5d0 Fixes autoLocale function by trying several way to find a correct one.
Fix https://github.com/shaarli/Shaarli/issues/184
2015-04-05 22:01:43 +02:00
dimtion
326ae54d08 Fix missing permalink title when logged in 2015-04-05 18:18:15 +02:00
Florian Eula
b47f515ad3 Display notes as absolute URLs 2015-04-01 11:47:04 +02:00
ArthurHoaro
a5752e776c Fix bad merge commit
Define date format in templates instead of index.php.

Conflicts:
	index.php
	tpl/dailyrss.html
2015-04-01 00:32:47 +02:00
pikzen
d3b2b456e1 Display notes as absolute urls
Fixes https://github.com/shaarli/Shaarli/issues/177
Merge commit '3ea318dad05954e2043d5bb2f8572b103d7c3930' into notes-absolute-url
Conflicts:
	index.php
2015-03-31 20:16:06 +02:00
ArthurHoaro
880cbf92ca Fixes autoLocale function by trying several way to find a correct one. 2015-03-31 13:22:20 +02:00
ArthurHoaro
bec1870180 Define date format in templates instead of index.php. 2015-03-31 13:19:07 +02:00
feula
3ea318dad0 Display notes as absolute urls.
The deletion is related to Windows not handling quotes in filenames, see
 #179. It shouldn't delete the real file. Probably. Check it out.
2015-03-29 17:31:38 +02:00
nodiscc
129ff3c2e5 bump version to 0.0.45beta 2015-03-16 16:17:31 +01:00
nodiscc
b4b7d3343a Merge branch 'picwall-direct-link' into next 2015-03-15 14:24:51 +01:00
nodiscc
aa22244027 bump version to 0.0.44beta 2015-03-15 14:23:55 +01:00
nodiscc
9a631bab7f Merge remote-tracking branch 'ArthurHoaro/autocomplete' into next 2015-03-15 14:21:59 +01:00
ArthurHoaro
bdd1715b24 Use awesomplete as autocomplete lib and remove jQuery - shaarli/Shaarli#148
* Add awesomplete dependancy (source + min + CSS)
  * Remove jQuery and jQuery-UI dependancy
  * Few CSS ajustements
  * Use tags complete list as RainTPL var (and display it as HTML)
  * Remove "disable jQuery" feature
  * Remove tag list web service
2015-03-12 20:27:16 +01:00
nodiscc
4a1a1190a6 picwall: link directly to the target URL (not the permalink) 2015-03-11 19:19:18 +01:00
nodiscc
3ef1da28e8 Merge pull request #119 from ArthurHoaro/js-link
allow 'javascript:' links sharing (bookmarklets)
2015-03-11 19:17:13 +01:00
nodiscc
35c2c4db5b Redirect to homepage after adding a link via "Add Link" dialog
* Fixes https://github.com/shaarli/Shaarli/issues/115
2015-03-05 13:43:53 +01:00
nodiscc
01b8f52718 Merge pull request #141 from nodiscc/cleanurl-filters
Add URL cleaning filters + refactoring
2015-03-05 13:42:38 +01:00
nodiscc
baf5cbf27d Improve URL cleaning:
* also remove action_type_map, action_ref_map and action_object maps params used by facebook
2015-03-05 13:40:43 +01:00