VirtualTam
63ea23c2a6
Refactor user credential validation at login time
...
Changed:
- move login/password verification to LoginManager
- code cleanup
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-05-29 22:53:54 +02:00
VirtualTam
49f1832316
Refactor PHP session handling during login/logout
...
Changed:
- move $_SESSION handling to SessionManager
- code cleanup
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-05-29 22:53:54 +02:00
VirtualTam
db45a36a53
Refactor SessionManager::$INACTIVITY_TIMEOUT
...
Changed:
- move INACTIVITY_TIMEOUT to SessionManager
- inject a dependency to a SessionManager instance in:
- fillSessionInfo()
- setup_login_state()
- check_auth()
- cleanup related code and comments
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-05-29 22:53:54 +02:00
VirtualTam
88110550b8
Refactor client session hijacking protection
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-05-29 22:53:54 +02:00
ArthurHoaro
f8c5660df8
Tag sort - UT + comment + fix filter and visibility
...
Before this, linksCountPerTag call without would have ignored visibility parameter
2018-05-29 20:52:30 +02:00
ArthurHoaro
f28396a2f8
Fix order of tags with the same number of occurrences
...
Fixes #1142
2018-05-19 15:47:55 +02:00
ArthurHoaro
a1b727efb7
Support redirection in cURL download callback
2018-05-01 16:44:51 +02:00
Buster One
7ca124079e
German language created ( #1114 )
...
* Added german language selection
* German language file created
* typo
* extra space removed and typo corrected
* lines 1314 through 1408 removed as suggested
2018-04-15 14:53:09 +02:00
ArthurHoaro
9b2bd66fb6
Merge pull request #1093 from ArthurHoaro/feature/theme-translation
...
Load theme translations files automatically
2018-03-26 20:26:10 +02:00
ArthurHoaro
68c6afc56f
Load theme translations files automatically
...
Fixes #1077
Take a look at the docs update to see how it works
2018-03-26 19:20:25 +02:00
ArthurHoaro
4294bc7b98
Merge pull request #1096 from ArthurHoaro/feature/download-params
...
Make max download size and timeout configurable
2018-03-13 18:02:49 +01:00
ArthurHoaro
4ff3ed1c47
Make max download size and timeout configurable
...
Fixes #1061
2018-03-07 23:03:21 +01:00
ArthurHoaro
d2d4f993e1
PSR: use elseif instead of else if
...
See https://www.php-fig.org/psr/psr-2/\#51-if-elseif-else
2018-02-28 22:34:40 +01:00
ArthurHoaro
bc4a0a672c
Merge pull request #1092 from ArthurHoaro/fix/scuttle-doctype-case
...
Ignore the case while checking DOCTYPE during the file import
2018-02-24 13:29:11 +01:00
ArthurHoaro
980efd6cf8
Use a specific page title in all pages
...
Also fixed a few French translation issues
Fixes #954 #955
2018-02-24 12:48:49 +01:00
ArthurHoaro
3ff1ce47bc
Ignore the case while checking DOCTYPE during the file import
...
Fixes #1091
2018-02-23 20:34:06 +01:00
VirtualTam
44acf70681
Refactor login / ban authentication steps
...
Relates to https://github.com/shaarli/Shaarli/issues/324
Added:
- Add the `LoginManager` class to manage logins and bans
Changed:
- Refactor IP ban management
- Simplify logic
- Avoid using globals, inject dependencies
Fixed:
- Use `ban_duration` instead of `ban_after` when setting a new ban
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-02-05 18:12:09 +01:00
ArthurHoaro
bc3ce7ec2a
Merge pull request #1038 from ArthurHoaro/feature/public-only-filter
...
Add a filter to only display public links
2018-02-02 19:22:37 +01:00
ArthurHoaro
28df9fa4f7
INTL_IDNA_VARIANT_2003 is deprecated
...
See https://wiki.php.net/rfc/deprecate-and-remove-intl_idna_variant_2003
2018-02-02 19:15:47 +01:00
ArthurHoaro
b7c412d4d0
Use LC_COLLATE instead of LC_MESSAGES if php-intl is not installed
...
As stated in the docs:
> LC_MESSAGES for system responses (available if PHP was compiled with libintl)
Fixes #1067
2018-01-31 12:39:17 +01:00
ArthurHoaro
cb4ddbe4e7
Fix warnings when upgrading from legacy SebSauvage version
...
Fixes #1040
2018-01-25 19:55:31 +01:00
ArthurHoaro
d2f6d909e5
Public/private filter: use two separate buttons
...
#1038
2018-01-24 18:46:31 +01:00
ArthurHoaro
d449f79a0d
Merge pull request #977 from ArthurHoaro/feature/dl-filter
...
Extract the title/charset during page download, and check content type
2018-01-23 18:41:38 +01:00
ArthurHoaro
9d4736a3e9
Add a filter to only display public links
...
When the key filter is clicked once, it only displays private link. When it is clicked on again, it becomes red and only public links are displayed. Another click and all links are displayed. The current visibility status is shown in the search banner
Fixes #1030
2017-12-16 14:32:56 +01:00
ArthurHoaro
101b935de4
Merge pull request #1025 from ArthurHoaro/hotfix/proxy-443
...
Force HTTPS if the original port is 443 behind a reverse proxy
2017-12-03 12:46:43 +01:00
ArthurHoaro
8e9fc6f6e6
Force HTTPS if the original port is 443 behind a reverse proxy
...
Fixes #1022
2017-12-02 15:24:35 +01:00
ArthurHoaro
877491b4ad
Merge pull request #1020 from ArthurHoaro/feature/curl-chunk
...
Increase buffer size for cURL download
2017-11-26 11:34:44 +01:00
VirtualTam
d9514becc4
Merge pull request #1016 from virtualtam/refactor/session
...
Improve SessionManager constructor and tests
2017-11-24 23:53:15 +01:00
ArthurHoaro
270da70532
Return true after update ReorderDatastore to complete it
2017-11-11 16:51:10 +01:00
ArthurHoaro
91c807d275
Increase buffer size for cURL download
...
1kB chunk size has caused me a lot of trouble with Travis which wasn't completing the download
2017-11-11 16:49:57 +01:00
VirtualTam
dd883aaf09
Improve SessionManager constructor and tests
...
Relates to https://github.com/shaarli/Shaarli/pull/1005
Changed:
- pass a copy of the ConfigManager instance instead of a reference
- move FakeConfigManager to a dedicated file
- update tests
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-11-08 20:26:03 +01:00
ArthurHoaro
fd08b50a80
Don't URL encode description links if parameter 'redirector.encode_url' is set to false
2017-11-07 20:23:58 +01:00
ArthurHoaro
d65342e304
Extract the title/charset during page download, and check content type
...
Use CURLOPT_WRITEFUNCTION to check the response code and content type (only allow HTML).
Also extract the title and charset during downloading chunk of data, and stop it when everything has been extracted.
Closes #579
2017-10-28 14:35:49 +02:00
ArthurHoaro
0926d26390
Merge pull request #962 from ArthurHoaro/feature/perfs2
...
Performances: reorder links when they're written instead of read
2017-10-28 12:44:44 +02:00
VirtualTam
fd7d84616d
Move session ID check to SessionManager
...
Relates to https://github.com/shaarli/Shaarli/issues/324
Changed:
- `is_session_id_valid()` -> `SessionManager::checkId()`
- update tests
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-10-22 19:54:44 +02:00
VirtualTam
ebd650c06c
Refactor session token management
...
Relates to https://github.com/shaarli/Shaarli/issues/324
Added:
- `SessionManager` class to group session-related features
- unit tests
Changed:
- `getToken()` -> `SessionManager->generateToken()`
- `tokenOk()` -> `SessionManager->checkToken()`
- inject a `$token` parameter to `PageBuilder`'s constructor
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-10-22 19:19:46 +02:00
ArthurHoaro
6a65bc5798
Translations : Working demo example of translation extension
2017-10-22 13:16:56 +02:00
ArthurHoaro
f39580c6fd
Add language selection in the configure page of the default theme
2017-10-22 13:16:53 +02:00
ArthurHoaro
12266213d0
Shaarli's translation
...
* translation system and unit tests
* Translations everywhere
Dont use translation merge
It is not available with PHP builtin gettext, so it would have lead to inconsistency.
2017-10-22 12:55:03 +02:00
ArthurHoaro
66e74d50d3
Don't write History for link import
...
With large imports it has a large impact on performances and isn't really useful.
Instead, write an IMPORT event, which let client using the history service resync its DB.
-> 15k link import done in 6 seconds.
Fixes #985
2017-10-07 16:40:16 +02:00
VirtualTam
c8d96b4729
Merge pull request #979 from ArthurHoaro/feature/assets-cache-version
...
Add a version hash for asset loading to prevent browser's cache issue
2017-10-06 14:32:07 +02:00
Mark Gerarts
722caa2090
Allow setting of a default note title, see #963
2017-10-01 14:19:57 +02:00
ArthurHoaro
b3e1f92e9c
Rename shaarli_version constant to uppercase
2017-10-01 11:11:16 +02:00
ArthurHoaro
bfe4f536bb
Add a version hash for asset loading to prevent browser's cache issue
...
The hash is generated using the same salt as the one used for credentials (1 salt per instance) in order to avoid exposing the instance version.
Fixes #965
2017-10-01 11:10:37 +02:00
ArthurHoaro
3512f44617
Merge pull request #976 from ArthurHoaro/hotfix/url-parentheses
...
Fix parsing for description links with parentheses
2017-09-30 14:25:53 +02:00
VirtualTam
7c670b39a2
Merge pull request #975 from virtualtam/robustness
...
Improve robustness for zlib and file operations
2017-09-30 10:56:56 +02:00
ArthurHoaro
601faf9751
Fix parsing for description links with parentheses
...
With markdown plugin disabled
relates to #966
2017-09-29 18:52:38 +02:00
ArthurHoaro
a59bbf50d7
Merge pull request #947 from thewilli/wildcardsearch
...
wildcard tag search support
2017-09-29 18:38:02 +02:00
VirtualTam
8c322aaba1
Robustness: safer gzinflate/zlib usage
...
Relates to https://github.com/shaarli/Shaarli/pull/846
PHP's `gzinflate()` fails with an error when being passed an empty string
See:
- https://bugs.php.net/bug.php?id=71395
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-09-28 21:59:36 +02:00
VirtualTam
e4325b1517
Robustness: safer RainTPL directory handling
...
Relates to https://github.com/shaarli/Shaarli/issues/845
Relates to https://github.com/shaarli/Shaarli/issues/846
Relates to https://github.com/shaarli/Shaarli/pull/909
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-09-28 21:57:20 +02:00
Willi Eggeling
27e21231e1
added option to redirect all anonymous users to login page
...
- new setting *force_login* added and documented
- if both, *force_login* and *hide_public_links* are set to true, all requests
(except for the feeds) are redirected to the login page
2017-09-03 11:46:49 +02:00
ArthurHoaro
9ec0a61156
Performances: reorder links when they're written instead of read
...
relates to #891
2017-09-02 15:10:44 +02:00
ArthurHoaro
96a1c79456
Merge pull request #939 from ArthurHoaro/hotfix/firefox-social-title
...
Firefox Social title: Use document.title instead of RainTPL variable
2017-09-02 13:54:38 +02:00
ArthurHoaro
a3130d2c2f
Make work behind a reverse proxy
...
Without HTTP_X_FORWARDED_PORT check, might be set to false even though the user is using HTTPS, thus disabling Firefox Social block display
2017-09-02 13:50:49 +02:00
Willi Eggeling
341527bae9
wildcard tag search support
...
- when searching for tags you can now include '*' as wildcard placeholder
- new search reduces overall overhead when filtering for tags
- fixed combination with description tag search ('#' prefix)
- tests added
2017-08-30 13:20:22 +02:00
VirtualTam
e4ed3a46b7
Merge pull request #944 from thewilli/configure-rememberme
...
new setting: default value for 'remember me' checkbox
2017-08-27 16:36:53 +02:00
Willi Eggeling
2e07e77573
new setting: default value for 'remember me' checkbox
...
- the default state for the login page's 'remember me' checkbox can now be configured
- adapted the default and vintage theme to consider the new setting
- added documentation for the new setting
2017-08-27 16:03:37 +02:00
Willi Eggeling
cc8f572bc0
migrated Github wiki links to readthedocs
2017-08-26 09:40:57 +02:00
ArthurHoaro
1fdb40fc16
Merge pull request #887 from ArthurHoaro/hotfix/dash-tag-rename
...
Make sure that the tag exists before altering/removing it
2017-08-05 09:59:03 +02:00
ArthurHoaro
3b67b22225
Move tag renaming code to LinkDB and unit test it
2017-08-05 09:55:20 +02:00
VirtualTam
f09e1e318e
Merge pull request #889 from Lucas-C/master
...
Using only one form in linklist.html - fix #885
2017-08-03 16:27:59 +02:00
Lucas Cimon
f210d94f71
Using only one form in linklist.html + adding untaggedonly filter - fix #885
2017-07-30 16:19:34 +02:00
Stephen Muth
b80315e238
Respect HTTP_X_FORWARDED_HOST
...
alongside _PORT and _PROTO
Fixes #879
2017-07-08 00:01:03 +00:00
ArthurHoaro
ac94db1e36
Merge pull request #880 from ArthurHoaro/hotfix/allowed-protocols
...
Add a whitelist of protocols for URLs
2017-05-31 17:52:19 +02:00
ArthurHoaro
3e395a6bc6
Merge pull request #841 from ArthurHoaro/feature/search-no-tag
...
Empty tag search will look for not tagged links
2017-05-25 15:54:20 +02:00
ArthurHoaro
7d86f40bdb
Empty tag search will look for not tagged links
...
Fixes #784
From now, searching for tags with an empty value will return only not tagged links,
with the search bar showing `x results [not tagged]`.
Note that using the api, the searchtags request parameter must be set to `false` to get the same result.
- [ ] Update API doc
2017-05-25 15:51:12 +02:00
ArthurHoaro
aa4797ba36
Adds a taglist view with edit/delete buttons
...
* The tag list can be sort alphabetically or by most used tag
* Edit/Delete are perform using AJAX, or fallback to 'do=changetag' page
* New features aren't backported to vintage theme
2017-05-25 15:25:04 +02:00
ArthurHoaro
986a521067
Add an endpoint to refresh the token
...
Useful for AJAX requests which burns the token
2017-05-25 15:05:23 +02:00
ArthurHoaro
86ceea054f
Add a whitelist of protocols for URLs
...
- for Shaare
- for markdown description links and images
Not whitelisted protocols will be replaced by `http://`
2017-05-25 14:58:34 +02:00
Lucas Cimon
6ccd0b218f
Adding ability to display subtags in tagcloud
2017-05-24 13:09:35 +02:00
ArthurHoaro
845810a8d3
Use the new 'default' theme... as default
...
Fixes #866
2017-05-09 18:22:31 +02:00
ArthurHoaro
a9fe41a818
Merge pull request #862 from ArthurHoaro/theme/tags-everywhere
...
Inject tag list everywhere to make autocomplete work on the fixed search bar
2017-05-07 18:39:25 +02:00
ArthurHoaro
3108f2a800
Merge pull request #861 from ArthurHoaro/hotfix/import-shorturl-override
...
Fix a bug happening when importing links with override option
2017-05-07 18:38:55 +02:00
ArthurHoaro
73c8962654
Inject tag list everywhere to make autocomplete work on the fixed search bar
2017-05-07 18:21:38 +02:00
ArthurHoaro
28794b69cb
Fix a bug happening when importing links with override option
...
The shorturl would be set to null, generating a lot of warnings and breaking permalinks
2017-05-07 18:02:49 +02:00
ArthurHoaro
6bc90f50af
History: fix entries order
2017-05-07 17:11:25 +02:00
ArthurHoaro
57ce6dae5d
Reset the history file due to datetime format change
2017-05-07 17:11:25 +02:00
ArthurHoaro
813849e521
Add history entries for API endpoint
...
CHANGED: datetime is now store as an object in history store file
2017-05-07 17:11:22 +02:00
ArthurHoaro
61d406933e
API: Get History endpoint
...
See http://shaarli.github.io/api-documentation/#links-history-get
2017-05-07 16:03:40 +02:00
ArthurHoaro
b8fcb7d440
Merge pull request #856 from ArthurHoaro/api/delete-link
...
API: add DELETE endpoint
2017-05-07 16:02:14 +02:00
ArthurHoaro
0843848c1d
API: add DELETE endpoint
...
Based on #840
See http://shaarli.github.io/api-documentation/\#links-link-delete
2017-05-07 15:58:49 +02:00
ArthurHoaro
77de24876f
Merge pull request #840 from ArthurHoaro/api/putLink
...
REST API: implement PUT method
2017-05-07 15:55:38 +02:00
ArthurHoaro
cf9181dddf
REST API: implement PUT method
...
* Related to #609
* Documentation: http://shaarli.github.io/api-documentation/#links-link-put
2017-05-07 15:49:16 +02:00
ArthurHoaro
f9ff7f1b69
Merge pull request #764 from ArthurHoaro/feature/history
...
History mechanism
2017-05-06 17:12:06 +02:00
ArthurHoaro
4c7045229c
Merge pull request #830 from ArthurHoaro/theme/timezone
...
Change timezone data structure send to the templates
2017-04-25 19:09:13 +02:00
ArthurHoaro
6a19124a09
Use raw bytes for upload size hidden input
2017-04-10 20:01:10 +02:00
ArthurHoaro
bc5f1597eb
Fix offset check with link ID = 0
2017-04-05 19:09:25 +02:00
ArthurHoaro
ae3aa96898
Change timezone data structure send to the templates
...
The goal of this is to be able to adapt the timezone form
in template without hacking the HTML already rendered.
* there are two arrays available:
* `continents` which contains only a list of available continents
* `cities` which contains a list of available timezone cities, associated with their continent
Note: there are two distinct array because RainTPL doesn't support nested loop very well.
2017-04-03 19:24:55 +02:00
ArthurHoaro
84315a3bad
Fix a warning generated in return_bytes function and refactor it
...
It was multiplying a string containing a letter.
Moved function to Utils.php and display a human readable limit size
2017-04-03 18:53:43 +02:00
ArthurHoaro
4b385d6c34
Merge pull request #742 from ArthurHoaro/api/postLink
...
REST API: implement POST link service
2017-04-01 10:02:03 +02:00
ArthurHoaro
81bd104daa
Theme: use format_date function for daily date
2017-03-28 20:43:30 +02:00
ArthurHoaro
68016e3798
REST API: implement POST link service
2017-03-27 18:44:50 +02:00
ArthurHoaro
64c34078e4
Merge pull request #816 from ArthurHoaro/project/master-version
...
Use 'dev' version on the master branch
2017-03-22 18:50:33 +01:00
ArthurHoaro
d16ca2e22f
History: lazy loading for the history file
...
Only read it when it's necessary
2017-03-21 20:29:20 +01:00
ArthurHoaro
4306b184c4
History mechanism
...
Use case: rest API service
* saved by default in data/history
* same format as datastore.php
* traced events:
* save/edit/delete link
* change settings or plugins settings
* rename tag
2017-03-21 20:29:20 +01:00
ArthurHoaro
b2306b0c78
Move database read/write to FileUtils class + additional unit tests
2017-03-21 20:16:26 +01:00
ArthurHoaro
c4c655d9bf
Merge pull request #804 from ArthurHoaro/feature/atom-default
...
Fixes #304 : use atom feed as default
2017-03-21 20:10:49 +01:00
ArthurHoaro
b786c8836f
Set Shaarli's version only in shaarli_version.php file
2017-03-21 20:08:40 +01:00
ArthurHoaro
c6a4c2882d
Proper error if the conf file is invalid instead of fatal error
...
Error:
An error occurred while parsing configuration JSON file (data/config.json.php): error code #4
➜ Syntax error
Please check your JSON syntax (without PHP comment tags) using a JSON lint tool such as jsonlint.com.
2017-03-12 16:09:34 +01:00
ArthurHoaro
bbc6b844c1
Add an updateMethod to match the current remote branch for updates
2017-03-12 15:28:23 +01:00
ArthurHoaro
b897c81f8c
Use 'dev' version on the master branch
...
Allowed check branches are now `latest` and `stable`.
2017-03-12 15:05:59 +01:00
ArthurHoaro
196808e14f
Merge pull request #779 from ArthurHoaro/feature/import-parser-logs
...
Link imports are now logged in `data/` folder, and can be debug using…
2017-03-11 14:23:05 +01:00
ArthurHoaro
2ea89aba4f
Fixes #304 : use atom feed as default
...
RSS feed is still available with the setting set to false
2017-03-11 14:13:58 +01:00
ArthurHoaro
fe83d45c46
Fix #773 : set Piwik URL protocol
2017-03-11 13:27:02 +01:00
ArthurHoaro
87e9631e4a
Fix namespace issue
2017-03-10 18:49:53 +01:00
ArthurHoaro
48417aed1d
Link imports are now logged in data/
folder, and can be debug using dev.debug=true
setting
...
related to #741 and #681
2017-03-10 18:46:53 +01:00
ArthurHoaro
5ba55f0cf2
Move config exception to dedicated classes with proper namespace
2017-03-09 19:16:42 +01:00
ArthurHoaro
e6cd773f5a
Fix blocking namespace issue
2017-03-08 20:00:21 +01:00
ArthurHoaro
03b9cb600a
Fix autoLocale error and cover it with unit tests
2017-03-07 19:27:17 +01:00
ArthurHoaro
52b503105d
Improve datetime display
...
Use php-intl extension to display datetimes a bit more nicely, depending on the locale.
What changes:
* the day is no longer displayed
* day number and month are ordered according to the locale
* the timezone is more readable (UTC+1 instead of CET)
2017-03-06 21:11:12 +01:00
ArthurHoaro
1255a42cfe
Improve autoLocale() detection
...
- Creates arrays_combination function to cover all cases
- add the underscore separator in the regex
- add `utf8` encoding in addition to `UTF-8`
2017-03-06 20:32:17 +01:00
VirtualTam
3c66e56435
application: introduce the Shaarli\Config namespace
...
Namespaces have been introduced with the REST API, and should be generalized
to the whole codebase to manage object scope and benefit from autoloading.
See:
- https://secure.php.net/manual/en/language.namespaces.php
- http://www.php-fig.org/psr/psr-4/
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-03-04 17:07:52 +01:00
ArthurHoaro
e037610115
Add markdown_escape setting
...
This setting allows to escape HTML in markdown rendering or not.
The goal behind it is to avoid XSS issue in shared instances.
More info:
* the setting is set to true by default
* it is set to false for anyone who already have the plugin enabled
(avoid breaking existing entries)
* improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof
* mention the setting in the plugin README
2017-02-28 19:16:54 +01:00
ArthurHoaro
7dcbfde5ff
Set the vintage theme by default for the time being
2017-02-27 20:20:53 +01:00
ArthurHoaro
16e3d006e9
REST API: implements getLink by ID service
...
See http://shaarli.github.io/api-documentation/#links-link-get
2017-02-19 16:45:59 +01:00
ArthurHoaro
65e56cbe49
Merge pull request #769 from ArthurHoaro/api/getlinks-visibility
...
REST API - getLinks: support the visibility parameter
2017-02-13 08:41:12 +01:00
ArthurHoaro
c03455af11
Fixes #775 : LinkDB do not access LinkDB before ID system migration
...
To access LinkDB items with its ArrayAccess implementation, the IDs must be consistent, which isn't the case before `updateMethodDatastoreIds()` execution. v0.6.4 method `updateMethodRenameDashTags()` was accessing it, so an upgrade <0.6.4 to >0.8.x was failing.
This just move the minor update `RenameDashTags` after the IDs update.
2017-02-04 12:01:48 +01:00
ArthurHoaro
c37a6f820b
REST API - getLinks: support the visibility parameter
2017-01-17 18:53:18 +01:00
ArthurHoaro
7f96d9ec21
Update LinkFilter to be able to filter only public links
...
No update regarding the UI or the API for now
Fixes #758
2017-01-16 13:57:11 +01:00
ArthurHoaro
9977c418d6
Merge pull request #727 from ArthurHoaro/api/getlinks
...
REST API: implement getLinks service
2017-01-15 16:49:50 +01:00
ArthurHoaro
c3b00963fe
REST API: implement getLinks service
...
See http://shaarli.github.io/api-documentation/#links-links-collection-get
2017-01-15 13:55:22 +01:00
VirtualTam
63ef549749
API: expect JWT in the Authorization header
...
Relates to https://github.com/shaarli/Shaarli/pull/731
Added:
- require the presence of the 'Authorization' header
Changed:
- use the HTTP Bearer Token authorization schema
See:
- https://jwt.io/introduction/#how-do-json-web-tokens-work-
- https://tools.ietf.org/html/rfc6750
- http://security.stackexchange.com/q/108662
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-15 13:41:04 +01:00
ArthurHoaro
7282418baa
Move user.css to data folder
2017-01-14 16:43:32 +01:00
VirtualTam
ee6f4b64a9
Cleanup: use safe boolean comparisons
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-07 14:37:40 +01:00
Arthur
7418f7cb60
Merge pull request #732 from ArthurHoaro/feature/theme-manager
...
Theme manager: improvements
2017-01-06 11:40:54 +01:00
VirtualTam
93b1fe54fb
Cleanup: explicit method visibility
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-05 19:52:04 +01:00
VirtualTam
724f1e3229
Cleanup: remove unused variables
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-05 19:51:50 +01:00
ArthurHoaro
04a0e8ea34
Updater: keep custom theme preference with the new theme setting
2017-01-05 16:16:27 +01:00
ArthurHoaro
a0df06517b
Minor improvements regarding #705 (coding style, unit tests, etc.)
2017-01-05 16:16:23 +01:00
adc4aee80f
Change templates set through administration UI
2017-01-05 12:04:02 +01:00
VirtualTam
7a9daac56d
API: fix JWT signature verification
...
Fixes https://github.com/shaarli/Shaarli/issues/737
Added:
- Base64Url utilities
Fixed:
- use URL-safe Base64 encoding/decoding functions
- use byte representations for HMAC digests
- all JWT parts are Base64Url-encoded
See:
- https://en.wikipedia.org/wiki/JSON_Web_Token
- https://tools.ietf.org/html/rfc7519
- https://scotch.io/tutorials/the-anatomy-of-a-json-web-token
- https://jwt.io/introduction/
- https://en.wikipedia.org/wiki/Base64#URL_applications
- https://secure.php.net/manual/en/function.base64-encode.php#103849
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-04 16:59:47 +01:00
Arthur
fc11ab2f29
Merge pull request #682 from ArthurHoaro/delete-button
...
Bugfixes on link deletion, and use a GET form
2017-01-04 16:35:29 +01:00
Arthur
061f04fba0
Merge pull request #733 from ArthurHoaro/hotfix/reverse-proxy-port
...
Hide default ports in local URL behind a reverse proxy
2017-01-04 16:34:06 +01:00
VirtualTam
eaf2524887
URL cleanup: add 'campaign_' to the annoying parameters
...
Closes https://github.com/shaarli/Shaarli/issues/735
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-04 11:42:05 +01:00
ArthurHoaro
8e4be77368
Hide default port in local URL behind a reverse proxy
2017-01-03 14:17:05 +01:00
ArthurHoaro
b3051a6aae
Fixes presence of empty tags for private tags and in search results
...
* Private tags: make sure empty tags are properly filtered
* Search results:
* Use preg_split instead of function combination
* Add normalize_spaces to remove extra whitespaces displaying empty tags search
2017-01-03 09:47:15 +01:00
ArthurHoaro
db90dfcbbc
Move PubSubHubbub code as a default plugin
2016-12-20 11:41:24 +01:00
ArthurHoaro
f4ebd5fed2
Bugfixes on link deletion, and use a GET form
...
Use a GET form to delete links: harmonize with edit_link and preparation for #585
Bug fixes:
* LinkDB element can't be passed as reference, fix error:
PHP Notice: Indirect modification of overloaded element of LinkDB has no effect
* Resource cache folder setting wasn't set correctly
2016-12-16 12:42:13 +01:00
ArthurHoaro
18e6796726
REST API structure using Slim framework
...
* REST API routes are handle by Slim.
* Every API controller go through ApiMiddleware which handles security.
* First service implemented `/info`, for tests purpose.
2016-12-15 10:36:00 +01:00
ArthurHoaro
cbfdcff261
Prepare settings for the API in the admin page and during the install
...
API settings:
- api.enabled
- api.secret
The API settings will be initialized (and the secret generated) with an update method.
2016-12-12 03:54:10 +01:00
ArthurHoaro
d592daea83
Add a persistent 'shorturl' key to all links
...
All existing link will keep their permalinks.
New links will have smallhash generated with date+id.
The purpose of this is to avoid collision between links due to their creation date.
2016-12-12 03:03:12 +01:00
ArthurHoaro
01878a75b9
Apply the new ID system accros the whole codebase
2016-12-12 03:03:12 +01:00
ArthurHoaro
1dc37f9cf8
Update method to use the new ID system, which replaces linkdate primary keys.
...
creation and update dates are now DateTime objects.
Since this update is very sensitve (changing the whole database), the datastore will be automatically backed up into the file datastore.<datetime>.php.
2016-12-12 03:02:01 +01:00
ArthurHoaro
29d108820f
Link ID refactoring
...
Links now use an incremental unique numeric identifier.
This ID is persistent and must never change.
ArrayAccess is used to match the link ID with the array keys (see the comment in LinkDB for more details)
Key 'created' added, with creation date as a DateTime object. 'updated' is now also a DateTime.
2016-12-12 03:02:01 +01:00
ArthurHoaro
5ebc1d504b
.htaccess files: support Apache 2.4+ syntax
...
If `mod_version` is enabled, the previous syntax will apply for Apache <2.4.
If not, the new syntax is used by default.
Fixes #676
`mod_version` identifier is `version_module` across all Apache versions. See:
* https://httpd.apache.org/docs/current/mod/mod_version.html
* https://httpd.apache.org/docs/2.2/mod/mod_version.html
* https://serverfault.com/questions/733910/how-do-i-load-mod-version-only-if-it-isnt-built-in-to-apache
Note that version_module comes built-in with Debian (and derivatives) Apache2 packages, see https://wiki.debian.org/Apache/PackagingFor24
2016-11-08 11:38:14 +01:00
VirtualTam
3d5e0aede3
Merge pull request #673 from virtualtam/cleanup/linkdb
...
LinkDB: code cleanup
2016-10-21 11:04:52 +02:00
VirtualTam
954dc2446c
Merge pull request #665 from ArthurHoaro/fix/feed-hashtags
...
Fix hashtag links in Feeds
2016-10-20 21:37:28 +02:00
VirtualTam
735ed4a94e
LinkDB: explicit method visibility
...
Relates to https://github.com/shaarli/Shaarli/issues/95
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-10-20 21:33:42 +02:00
VirtualTam
f21abf3292
LinkDB: update datastore method names
...
Relates to https://github.com/shaarli/Shaarli/issues/95
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-10-20 21:33:40 +02:00
VirtualTam
628b97cbdf
LinkDB: do not prefix privates with an underscore
...
Relates to #95
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-10-20 21:10:56 +02:00