Commit graph

2038 commits

Author SHA1 Message Date
VirtualTam
7a9daac56d API: fix JWT signature verification
Fixes https://github.com/shaarli/Shaarli/issues/737

Added:
- Base64Url utilities

Fixed:
- use URL-safe Base64 encoding/decoding functions
- use byte representations for HMAC digests
- all JWT parts are Base64Url-encoded

See:
- https://en.wikipedia.org/wiki/JSON_Web_Token
- https://tools.ietf.org/html/rfc7519
- https://scotch.io/tutorials/the-anatomy-of-a-json-web-token
- https://jwt.io/introduction/
- https://en.wikipedia.org/wiki/Base64#URL_applications
- https://secure.php.net/manual/en/function.base64-encode.php#103849

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-04 16:59:47 +01:00
Arthur
fc11ab2f29 Merge pull request #682 from ArthurHoaro/delete-button
Bugfixes on link deletion, and use a GET form
2017-01-04 16:35:29 +01:00
Arthur
061f04fba0 Merge pull request #733 from ArthurHoaro/hotfix/reverse-proxy-port
Hide default ports in local URL behind a reverse proxy
2017-01-04 16:34:06 +01:00
VirtualTam
2d3a9be73d Merge pull request #736 from virtualtam/url/annoying/campaign
URL cleanup: add 'campaign_' to the annoying parameters
2017-01-04 11:48:22 +01:00
VirtualTam
eaf2524887 URL cleanup: add 'campaign_' to the annoying parameters
Closes https://github.com/shaarli/Shaarli/issues/735

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-04 11:42:05 +01:00
VirtualTam
67a1d5d823 Merge pull request #731 from virtualtam/fix/api/namespaces
API: fix Slim namespaces
2017-01-03 16:21:18 +01:00
Arthur
f3ca027d3a Merge pull request #734 from ArthurHoaro/hotfix/api-install-error
Fix fatal error during the install
2017-01-03 14:45:10 +01:00
ArthurHoaro
e3a430babb Fix fatal error during the install 2017-01-03 14:25:04 +01:00
ArthurHoaro
8e4be77368 Hide default port in local URL behind a reverse proxy 2017-01-03 14:17:05 +01:00
Arthur
436479c58f Merge pull request #719 from ArthurHoaro/feed-opensearch
Add opensearch to RSS and ATOM feeds
2017-01-03 10:07:08 +01:00
Arthur
64497fb302 Merge pull request #725 from ArthurHoaro/hotfix/privatetags-split
Fixes presence of empty tags for private tags and in search results
2017-01-03 09:57:52 +01:00
ArthurHoaro
af815f771c Add opensearch to RSS and ATOM feeds
Fixes #709
2017-01-03 09:57:19 +01:00
ArthurHoaro
b3051a6aae Fixes presence of empty tags for private tags and in search results
* Private tags: make sure empty tags are properly filtered
  * Search results:
    * Use preg_split instead of function combination
    * Add normalize_spaces to remove extra whitespaces displaying empty tags search
2017-01-03 09:47:15 +01:00
VirtualTam
465b1c4090 API: fix Slim namespaces
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-02 18:37:08 +01:00
Arthur
e0177549c7 Merge pull request #620 from ArthurHoaro/pubsubhub
Move Pubsubhub to a default plugin
2016-12-20 11:44:19 +01:00
ArthurHoaro
db90dfcbbc Move PubSubHubbub code as a default plugin 2016-12-20 11:41:24 +01:00
ArthurHoaro
085efc33cc Add plugin placeholders in RSS and ATOM feeds templates 2016-12-20 11:32:15 +01:00
Arthur
80677a23e2 Merge pull request #666 from ArthurHoaro/slim-api
REST API structure using Slim framework
2016-12-20 11:30:05 +01:00
ArthurHoaro
e350aa750f Fix typo in markdown plugin meta description 2016-12-18 14:27:32 +01:00
ArthurHoaro
f4ebd5fed2 Bugfixes on link deletion, and use a GET form
Use a GET form to delete links: harmonize with edit_link and preparation for #585

Bug fixes:

  * LinkDB element can't be passed as reference, fix error:

    PHP Notice:  Indirect modification of overloaded element of LinkDB has no effect

  * Resource cache folder setting wasn't set correctly
2016-12-16 12:42:13 +01:00
Arthur
e3ffc8fdee Merge pull request #714 from ArthurHoaro/hotfix/banlogin
Fixes can login function call in loginform.html
2016-12-16 12:23:47 +01:00
Arthur
c0d96ce590 Merge pull request #716 from ArthurHoaro/hotfix/editoldlinks
Fix a regression: permalinks change when old links are edited
2016-12-15 11:41:22 +01:00
ArthurHoaro
826c6af7c0 Fix a regression: permalinks change when old links are edited
fixes #713
2016-12-15 11:18:56 +01:00
ArthurHoaro
4cfe8d3303 Fixes can login function call in loginform.html
Fixes #711
2016-12-15 10:57:11 +01:00
ArthurHoaro
18e6796726 REST API structure using Slim framework
* REST API routes are handle by Slim.
  * Every API controller go through ApiMiddleware which handles security.
  * First service implemented `/info`, for tests purpose.
2016-12-15 10:36:00 +01:00
ArthurHoaro
423ab02846 PHP requirement increased to PHP 5.5 - See #599 2016-12-15 10:04:05 +01:00
ArthurHoaro
cbfdcff261 Prepare settings for the API in the admin page and during the install
API settings:
   - api.enabled
   - api.secret

The API settings will be initialized (and the secret generated) with an update method.
2016-12-12 03:54:10 +01:00
ArthurHoaro
624f999fb7 Ignore compressed tar archive 2016-12-12 03:51:48 +01:00
Arthur
ab18fe06d6 Merge pull request #708 from ArthurHoaro/v0.8.1
Bump version to v0.8.1
2016-12-12 03:40:09 +01:00
ArthurHoaro
3cc8c89830 Bump version to v0.8.1
Signed-off-by: ArthurHoaro <arthur@hoa.ro>
2016-12-12 03:38:12 +01:00
Arthur
75f7adee19 Merge pull request #707 from ArthurHoaro/changelog
changelog: add release date for v0.8.1 and add section v0.9.0
2016-12-12 03:32:13 +01:00
ArthurHoaro
00670b2071 changelog: add release date for v0.8.1 and add section v0.9.0 2016-12-12 03:30:54 +01:00
Arthur
622d7864e9 Merge pull request #706 from ArthurHoaro/changelog
changelog update
2016-12-12 03:28:02 +01:00
ArthurHoaro
6c1be5bcec changelog update 2016-12-12 03:26:56 +01:00
Arthur
9cf93bcfc5 Merge pull request #697 from ArthurHoaro/feature/ids-bis
Link ID refactoring
2016-12-12 03:15:32 +01:00
Arthur
a0d079141e Merge pull request #679 from ArthurHoaro/plugins/header
Improve theme dependent plugin placeholders:
2016-12-12 03:07:13 +01:00
ArthurHoaro
d592daea83 Add a persistent 'shorturl' key to all links
All existing link will keep their permalinks.
New links will have smallhash generated with date+id.

The purpose of this is to avoid collision between links due to their creation date.
2016-12-12 03:03:12 +01:00
ArthurHoaro
c3dfd89959 Unit Test for the new ID system 2016-12-12 03:03:12 +01:00
ArthurHoaro
01878a75b9 Apply the new ID system accros the whole codebase 2016-12-12 03:03:12 +01:00
ArthurHoaro
1dc37f9cf8 Update method to use the new ID system, which replaces linkdate primary keys.
creation and update dates are now DateTime objects.
Since this update is very sensitve (changing the whole database), the datastore will be automatically backed up into the file datastore.<datetime>.php.
2016-12-12 03:02:01 +01:00
ArthurHoaro
29d108820f Link ID refactoring
Links now use an incremental unique numeric identifier.
    This ID is persistent and must never change.

    ArrayAccess is used to match the link ID with the array keys (see the comment in LinkDB for more details)

    Key 'created' added, with creation date as a DateTime object. 'updated' is now also a DateTime.
2016-12-12 03:02:01 +01:00
Arthur
bea80e43a3 Merge pull request #702 from ArthurHoaro/feed-cdata
Remove new line between content tag and CDATA in ATOM feed
2016-12-05 11:18:59 +01:00
Arthur
cd93689537 Merge pull request #703 from ArthurHoaro/changelog
Add latest merged changes to the CHANGELOG
2016-12-05 11:18:39 +01:00
ArthurHoaro
b92287b698 Add latest merged changes to the CHANGELOG 2016-12-03 09:17:14 +01:00
Arthur
19b3930ff3 Merge pull request #701 from ArthurHoaro/plugins/md-html-doc
Describe markdown HTML rendering and display a warning
2016-12-03 08:52:12 +01:00
ArthurHoaro
1d2cef8aef Remove new line between content tag and CDATA in ATOM feed
Content not starting directly with CDATA can be misinterpreted by some feed parsers.
2016-12-02 18:37:41 +01:00
ArthurHoaro
3d8f5cf84b Describe markdown HTML rendering and display a warning
Fixes #688
2016-12-01 12:44:37 +01:00
ArthurHoaro
ba0fd80732 Improve theme dependent plugin placeholders:
- buttons_toolbar: now expect links represented by an array instead of HTML content
  - fields_toolbar: now expect a form represented by an array instead of HTML content
  - action_plugin: now expect links represented by an array instead of HTML content

Default templates updated accordingly
mprove theme dependent plugin placeholders:
2016-12-01 11:38:21 +01:00
Arthur
6781465fda Merge pull request #691 from ArthurHoaro/plugins/no-md-feed
Markdown: fixes feed rendering with nomarkdown tag
2016-12-01 11:13:04 +01:00
Arthur
2a54398371 Merge pull request #700 from teromene/firefox-social-title
Show page title when sharing via Firefox Social.
2016-11-30 09:13:38 +01:00