Commit graph

17 commits

Author SHA1 Message Date
ArthurHoaro
b3051a6aae Fixes presence of empty tags for private tags and in search results
* Private tags: make sure empty tags are properly filtered
  * Search results:
    * Use preg_split instead of function combination
    * Add normalize_spaces to remove extra whitespaces displaying empty tags search
2017-01-03 09:47:15 +01:00
ArthurHoaro
cbfdcff261 Prepare settings for the API in the admin page and during the install
API settings:
   - api.enabled
   - api.secret

The API settings will be initialized (and the secret generated) with an update method.
2016-12-12 03:54:10 +01:00
ArthurHoaro
9ccca40189 Hashtag system
* Hashtag are auto-linked with a filter search
  * Supports unicode
  * Compatible with markdown (excluded in code blocks)
2016-06-06 21:04:43 +02:00
VirtualTam
aa7f7b3ea6 fix: use PHP_EOL for carriage returns in file logs
Relates to #436

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-01-18 00:24:36 +01:00
VirtualTam
478ce8afb4 Logging: improve formatting to enable fail2ban parsing
Fixes #436

Modifications:
- remove calls to strval() on safe data
- update the date format: 'Y/m/d_H:i:s' => 'Y/m/d H:i:s'

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-01-16 16:19:44 +01:00
VirtualTam
1abe655597 Logging: move logm() from index.php to application/Utils.php
Relates to #436

Modifications:
- inject dependencies to global variables ($_SERVER, $GLOBALS)
- apply coding conventions
- add test coverage

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-01-16 16:07:16 +01:00
ArthurHoaro
90e5bd65c9 URL encode links when a redirector is set.
Fixes #328 - URL encode links when a redirector is set

  * WARNING - template edit - new variable available : "real_url"
  Contains the final real url (redirected or any other change on original URL)

  * Don't redirect shaares link in RSS/Atom.
  * Affects links shaared in description.
  * Move text2clickable and keepMultipleSpaces to Utils.php + unit test

UPDATE:

* keepMultipleSpaces renamed to space2nbsp
* space2nbsp improved to handle single space at line beginning
* links in text description aren't 'nofollow' anymore
2015-11-26 20:14:38 +01:00
VirtualTam
c9cf2715f0 application: move checkPHPVersion from Utils to ApplicationUtils
Relates to #372

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-24 01:40:44 +01:00
VirtualTam
a7921b2445 cleanup: remove the executable bit from source scripts
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-11 19:19:24 +01:00
ArthurHoaro
d01c234235 Fixes #356
* adding a link should return added link's hash
* allow redirection relative urls in generateLocation
2015-11-04 19:53:59 +01:00
VirtualTam
68bc21353a Session ID: extend the regex to match possible hash representations
Improves #306
Relates to #335 & #336
Duplicated by #339

Issues:
 - PHP regenerates the session ID if it is not compliant
 - the regex checking the session ID does not cover all cases
   - different algorithms: md5, sha1, sha256, etc.
   - bit representations: 4, 5, 6

Fix:
 - `index.php`:
   - remove `uniqid()` usage
   - call `session_regenerate_id()` if an invalid cookie is detected
 - regex: support all possible characters - '[a-zA-Z,-]{2,128}'
 - tests: add coverage for all algorithms & bit representations

See:
 - http://php.net/manual/en/session.configuration.php#ini.session.hash-function
 - https://secure.php.net/manual/en/session.configuration.php#ini.session.hash-bits-per-character
 - http://php.net/manual/en/function.session-id.php
 - http://php.net/manual/en/function.session-regenerate-id.php
 - http://php.net/manual/en/function.hash-algos.php

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-06 16:14:24 +02:00
ArthurHoaro
4d30975a06 Allow uppercase letters in PHP sessionid format
Fixes shaarli/Shaarli#335 - Wrong login/password since v0.5.2

Regression introduced in 06b6660a7e
2015-09-02 17:00:38 +02:00
ArthurHoaro
06b6660a7e Avoid Full Path Disclosure error on session error.
* Add a function to validate session ID.
  * Generate a new session ID if an invalid token is passed.
2015-08-22 10:10:55 +02:00
VirtualTam
d1e2f8e52c PHP: ensure 5.3 compatibility, refactor timezone utilities
Relates to #250

Modifications
 - supported version
   - bump required version from 5.1.0 to 5.3.x
   - update README
   - add PHP 5.3 to Travis environments
 - rewrite array declarations: explicitely use array() instead of []
 - move checkPHPVersion to application/Utils.php
 - move timezone functions to application/TimeZone.php
   - cleanup code
   - improve test coverage

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-13 13:06:06 +02:00
ArthurHoaro
775803a05c Prevent redirection loop everytime we rely on HTTP_REFERER:
* search tag
  * delete tag
  * pagination
  * display privates only
  * delete link
  * new/edit/cancel link return page

Move location generation to Utils.php + unit tests.

Fixes #256

ninja
2015-07-12 17:43:13 +02:00
VirtualTam
9186ab9594 LinkDB::filterDay(): check input date format
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-09 00:44:19 +02:00
VirtualTam
ca74886f30 LinkDB: move to a proper file, add test coverage
Relates to #71

LinkDB
 - move to application/LinkDB.php
 - code cleanup
   - indentation
   - whitespaces
   - formatting
 - comment cleanup
   - add missing documentation
   - unify formatting

Test coverage for LinkDB
 - constructor
 - public / private access
 - link-related methods

Shaarli utilities (LinkDB dependencies)
 - move startsWith() and endsWith() functions to application/Utils.php
 - add test coverage

Dev utilities
 - Composer: add PHPUnit to dev dependencies
 - Makefile:
    - update lint targets
    - add test targets
    - generate coverage reports

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-06-11 00:45:45 +02:00