Commit graph

8 commits

Author SHA1 Message Date
ArthurHoaro
5f85fcd863 Working on shaarli/Shaarli#224
I reviewed character escaping everywhere with the following ideas:

  * use a single common function to escape user data: `escape` using `htmlspecialchars`.
  * sanitize fields in `index.php` after reading them from datastore and before sending them to templates.
  	It means no escaping function in Twig templates.
    2 reasons:
    * it reduces risks of security issue for future user made templates
    * more readable templates
  * sanitize user configuration fields after loading them.
2015-06-23 16:35:36 +02:00
ArthurHoaro
4de71445d3 Daily page: date format in template
It only concerns the date of the day in the main title.

Fixes #182

Note that daily RSS feed is not generated through templates. Date are still hard formatted in that case.
2015-06-19 20:23:58 +02:00
ArthurHoaro
bec1870180 Define date format in templates instead of index.php. 2015-03-31 13:19:07 +02:00
VirtualTam
38a2d03e34 daily: display link timestamps
Fixes #26

Signed-off-by: VirtualTam <virtualtam@flibidi.org>
2015-01-15 00:05:26 +01:00
ArthurHoaro
8079dfd1cd W3C compliance (work on issue #64 - https://github.com/shaarli/Shaarli/issues/64):
* fix duplicate IDs - #paging_older, #paging_newer become classes as the paging is displayed twice (top, bottom) in the linklist
  * fix duplicate IDs - #paging_privatelinks and #paging_linksperpage become classes
  * daily links are now valid (use &amp)
  * name attribute is not used anymore on a tag in link list
  * center tag is replaced by CSS in picwall and tag cloud
  * action in form tag can't be empty, use # instead
  * fixed configure table with CSS instead of cellpadding, border, and valign
  * export links are now valid
  * remove "size" in input tag
  * Fix missing alt attributes for img elements
  * tpl/daily: Use HTML entities instead of char escape codes
  * tpl/export: fix missing </span> closing tag
  * Remove obsolete language attribute on <script> elements
2015-01-08 10:15:05 +01:00
Florian Eula
cae64e52e4 Refactored the daily column generation (only one loop) 2014-12-25 01:10:58 +01:00
VirtualTam
c133612f32 CSS: remove hardcoded style from templates
Fixes shaarli/Shaarli#29

Style elements refactored as follows:
- use existing ids and classes if possible,
- else, define new ones and stick with the existing naming convention,
- remove hardcoded style attributes from RainTPL templates.

Exception:
In tpl/tagcloud.html, the display size of each tag is computed at page
generation.

Signed-off-by: VirtualTam <virtualtam@flibidi.org>
2014-12-03 19:28:43 +01:00
Sébastien SAUVAGE
450342737c Initial commit (version 0.0.40 beta) 2013-02-26 10:09:41 +01:00