Commit graph

2327 commits

Author SHA1 Message Date
VirtualTam
460cf03d67 httpd: always forward the 'Authorization' header
On some Apache HTTPD setups where the CGI/FastCGI mode is used, the HTTP header
containing the JWT token is not forwarded, which results in the following error
when attempting to use the REST API:

  "401 Not authorized: JWT token not provided"

This patch allows forwarding the 'Authorization' header. An alternative would
be to use the `CGIPassAuth` directive to allow all authorization headers to be
forwarded.

See:
- https://secure.php.net/manual/en/features.http-auth.php#114877
- https://stackoverflow.com/questions/26475885/authorization-header-missing-in-php-post-request
- https://stackoverflow.com/questions/13387516/authorization-header-missing-in-django-rest-framework-is-apache-to-blame
- https://stackoverflow.com/questions/17018586/apache-2-4-php-fpm-and-authorization-headers
- https://httpd.apache.org/docs/2.4/en/mod/core.html#cgipassauth

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-03-22 22:23:41 +01:00
VirtualTam
e54cb1bbe7
Merge pull request #1100 from Angristan/docker-logs
Nginx logs to stdout for Docker images
2018-03-19 22:22:12 +01:00
Dennis Verspuij
b525810c14 Fix removal of on=... attributes from html generated from markdown 2018-03-19 10:01:20 +00:00
ArthurHoaro
60a94dab22
Merge pull request #1102 from ArthurHoaro/fix/settings-warning
Fix warning when trying to save redictor setting from the configure page
2018-03-14 18:25:22 +01:00
ArthurHoaro
15410df113 Fix warning when trying to save redictor setting from the configure page
It has been removed from the web page.

Fixes #1099
2018-03-13 18:11:58 +01:00
ArthurHoaro
4294bc7b98
Merge pull request #1096 from ArthurHoaro/feature/download-params
Make max download size and timeout configurable
2018-03-13 18:02:49 +01:00
Angristan
017baf57d5 Nginx logs to stdout for Docker Alpine images 2018-03-11 21:06:14 +01:00
ArthurHoaro
4ff3ed1c47 Make max download size and timeout configurable
Fixes #1061
2018-03-07 23:03:21 +01:00
ArthurHoaro
39ee93925b
Merge pull request #1097 from ArthurHoaro/fix/psr-elseif
PSR: use elseif instead of else if
2018-03-07 21:53:53 +01:00
VirtualTam
a58a8856a8
Merge pull request #1098 from josqu4red/perms-docker-alpine-latest
Fix permission issue introduced with multi-stage build
2018-03-02 16:45:16 +01:00
Jonathan Amiez
ed2de76840 Fix permission issue introduced with multi-stage build 2018-03-02 15:05:48 +01:00
ArthurHoaro
d2d4f993e1 PSR: use elseif instead of else if
See https://www.php-fig.org/psr/psr-2/\#51-if-elseif-else
2018-02-28 22:34:40 +01:00
VirtualTam
b70436373b
Merge pull request #1090 from virtualtam/fix/doxygen
Doxygen: ignore data/, simplify Make target
2018-02-26 23:20:05 +01:00
VirtualTam
ddd3c19f43
Merge pull request #1085 from virtualtam/docker/multi-stage
docker: introduce multi-stage image build (master, latest)
2018-02-24 13:36:55 +01:00
ArthurHoaro
bc4a0a672c
Merge pull request #1092 from ArthurHoaro/fix/scuttle-doctype-case
Ignore the case while checking DOCTYPE during the file import
2018-02-24 13:29:11 +01:00
ArthurHoaro
e746c237cd
Merge pull request #1062 from ArthurHoaro/feature/pages-title
Use a specific page title in all pages
2018-02-24 13:28:30 +01:00
ArthurHoaro
980efd6cf8 Use a specific page title in all pages
Also fixed a few French translation issues

Fixes #954 #955
2018-02-24 12:48:49 +01:00
ArthurHoaro
3ff1ce47bc Ignore the case while checking DOCTYPE during the file import
Fixes #1091
2018-02-23 20:34:06 +01:00
VirtualTam
ba2cff1549 Doxygen: ignore data/, simplify Make target
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-02-23 00:37:03 +01:00
VirtualTam
b9c6589363
Merge pull request #1089 from virtualtam/readme/badges
Update badges for 'stable'
2018-02-22 18:54:32 +01:00
VirtualTam
afaaee7be6 Update badges for 'stable'
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-02-22 18:51:59 +01:00
VirtualTam
2e6b9ed3b9
Merge pull request #1084 from virtualtam/doc/updates
Documentation: cleanup, update references to config(.json)?.php
2018-02-16 01:52:38 +01:00
VirtualTam
3c51135f9a docker: introduce multi-stage image build (master, latest)
Relates to https://github.com/shaarli/Shaarli/issues/755
Relates to https://github.com/shaarli/Shaarli/pull/1072

See:
- https://docs.docker.com/develop/develop-images/multistage-build/
- https://hub.docker.com/r/library/composer/
- https://github.com/composer/docker
- https://github.com/docker-library/docs/tree/master/composer

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-02-14 23:13:05 +01:00
VirtualTam
48679a159e doc: update references to config(.json)?.php
Closes https://github.com/shaarli/Shaarli/issues/1082

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-02-14 22:02:50 +01:00
VirtualTam
4c1bcd8b25 doc: update Directory Structure
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-02-14 21:58:41 +01:00
VirtualTam
8b48e36594
Merge pull request #1059 from virtualtam/fix/htaccess-git
htaccess: prevent accessing resources not managed by SCM
2018-02-05 18:21:59 +01:00
VirtualTam
cabf1b6bec htaccess: prevent accessing resources not managed by SCM
See:
- https://en.internetwache.org/dont-publicly-expose-git-or-how-we-downloaded-your-websites-sourcecode-an-analysis-of-alexas-1m-28-07-2015/
- https://stackoverflow.com/questions/2530372/how-do-i-disable-directory-browsing
- https://httpd.apache.org/docs/current/mod/mod_rewrite.html

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-02-05 18:18:52 +01:00
VirtualTam
91f17fc92a
Merge pull request #1008 from virtualtam/refactor/authentication
Refactor login / ban management
2018-02-05 18:16:32 +01:00
VirtualTam
44acf70681 Refactor login / ban authentication steps
Relates to https://github.com/shaarli/Shaarli/issues/324

Added:
- Add the `LoginManager` class to manage logins and bans

Changed:
- Refactor IP ban management
- Simplify logic
- Avoid using globals, inject dependencies

Fixed:
- Use `ban_duration` instead of `ban_after` when setting a new ban

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-02-05 18:12:09 +01:00
ArthurHoaro
a381c373b3
Merge pull request #1074 from kalvn/feature/dailymarkdown
Executes daily hooks before creating columns.
2018-02-02 19:23:26 +01:00
ArthurHoaro
bc3ce7ec2a
Merge pull request #1038 from ArthurHoaro/feature/public-only-filter
Add a filter to only display public links
2018-02-02 19:22:37 +01:00
ArthurHoaro
17b4baedec
Merge pull request #1003 from ArthurHoaro/ci/php7.2
Drop PHP 5.5 compatibility and run Travis UT against PHP 7.2
2018-02-02 19:20:11 +01:00
ArthurHoaro
28df9fa4f7 INTL_IDNA_VARIANT_2003 is deprecated
See https://wiki.php.net/rfc/deprecate-and-remove-intl_idna_variant_2003
2018-02-02 19:15:47 +01:00
ArthurHoaro
5617dcf9d2 Drop PHP 5.5 compatibility and upgrade PHPUnit to v5.x
PHPUnit 4.x contains deprecated PHP functions in PHP 7.2.
2018-02-02 19:15:47 +01:00
ArthurHoaro
402f58e0ba CI: run UT against PHP 7.2 (currently in Release Candidate) 2018-02-02 19:15:10 +01:00
ArthurHoaro
91813a3634 Badge 2018-02-02 19:07:31 +01:00
ArthurHoaro
a3b9b8c4ff
Merge pull request #1076 from ArthurHoaro/changelog-v0.9.5
CHANGELOG + AUTHORS (v0.9.5)
2018-02-02 19:02:51 +01:00
ArthurHoaro
715ad9bd6b CHANGELOG + AUTHORS 2018-02-02 18:59:55 +01:00
ArthurHoaro
40e816e379
Merge pull request #1070 from ArthurHoaro/hotfix/lc-messages-warning
Use LC_COLLATE instead of LC_MESSAGES if php-intl is not installed
2018-02-02 18:51:53 +01:00
kalvn
50142efd1b Executes daily hooks before creating columns. 2018-02-01 13:16:58 +01:00
ArthurHoaro
499bd43c37
Merge pull request #1069 from ArthurHoaro/feature/dependencies
Update dependencies and include latest version netscape-bookmark-parser
2018-01-31 16:15:23 +01:00
ArthurHoaro
b7c412d4d0 Use LC_COLLATE instead of LC_MESSAGES if php-intl is not installed
As stated in the docs:

> LC_MESSAGES for system responses (available if PHP was compiled with libintl)

Fixes #1067
2018-01-31 12:39:17 +01:00
ArthurHoaro
44c818cebd Update dependencies and include latest version netscape-bookmark-parser 2018-01-31 12:23:43 +01:00
ArthurHoaro
2cbf4acdde
Merge pull request #1063 from ArthurHoaro/hotfix/legacy-warnings
Fix warnings when upgrading from legacy SebSauvage version
2018-01-31 12:18:31 +01:00
ArthurHoaro
5d924cba64 Update badges 2018-01-30 19:11:17 +01:00
ArthurHoaro
0fa18d4c5d
Merge pull request #1065 from ArthurHoaro/release-v9.0.4
pre release v0.9.4
2018-01-30 18:51:52 +01:00
ArthurHoaro
b49a25d33c Update AUTHORS 2018-01-30 18:49:51 +01:00
ArthurHoaro
f211618f20 Update CHANGELOG 2018-01-30 18:49:22 +01:00
ArthurHoaro
cb4ddbe4e7 Fix warnings when upgrading from legacy SebSauvage version
Fixes #1040
2018-01-25 19:55:31 +01:00
ArthurHoaro
d2f6d909e5 Public/private filter: use two separate buttons
#1038
2018-01-24 18:46:31 +01:00