ArthurHoaro
d01c234235
Fixes #356
...
* adding a link should return added link's hash
* allow redirection relative urls in generateLocation
2015-11-04 19:53:59 +01:00
VirtualTam
38bedfbbcd
Bump version to 0.5.4
...
Fixes:
- PHP session IDs: handle hash algorithms and bits per char representations
Minor changes:
- HTTPS: support being served behing an SSL-enabled proxy
- HTTP/Server utilities: refactor & add test coverage
Project & documentation:
- improve/rewrite `README.md`
- update contributor list
- update `index.php` header
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-14 21:02:52 +02:00
VirtualTam
49e2b35b4a
Update project information: contributors, index.php
header
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-14 20:54:13 +02:00
VirtualTam
482d67bd52
HTTP: move server URL functions to HttpUtils.php
...
Relates to #333
Modifications:
- refactor server URL utility functions
- do not access global `$_SERVER` variables
- add test coverage
- improve readability
- apply coding conventions
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-14 20:27:16 +02:00
Fanch
7b114771d3
SSL detection: add support for X-Forwarded-Proto
...
Duplicates #332
See:
- RFC 7239 - Forwarded HTTP Extension
http://www.ietf.org/rfc/rfc7239.txt
- RFC 6238 - Deprecating the "X-" Prefix and Similar Constructs in Application Protocols
http://www.ietf.org/rfc/rfc6648.txt
- StackOverflow - Custom HTTP headers: naming conventions
http://stackoverflow.com/a/3561399
2015-09-13 21:17:01 +02:00
Guillaume Virlet
ef591e7ee2
Url: introduce global helper functions for cleanup and scheme detection
...
Relates to #314 & #326
Additions:
- add global `cleanup_url()` and `get_url_scheme()` functions
Modifications:
- replace `Url` usage in `index.php` by calls to global functions
- fix `Url` tests not being run: PHPUnit expects a single test class per file
- move classes to separate files
2015-09-08 22:00:37 +02:00
VirtualTam
451314eb48
HTTP: move utils to a proper file, add tests
...
Relates to #333
Modifications:
- move HTTP utils to 'application/HttpUtils.php'
- simplify logic
- replace 'http_parse_headers_shaarli' by built-in 'get_headers()'
- remove superfluous '$status' parameter (provided by the HTTP headers)
- apply coding conventions
- add test coverage (unitary only)
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-06 19:30:26 +02:00
VirtualTam
68bc21353a
Session ID: extend the regex to match possible hash representations
...
Improves #306
Relates to #335 & #336
Duplicated by #339
Issues:
- PHP regenerates the session ID if it is not compliant
- the regex checking the session ID does not cover all cases
- different algorithms: md5, sha1, sha256, etc.
- bit representations: 4, 5, 6
Fix:
- `index.php`:
- remove `uniqid()` usage
- call `session_regenerate_id()` if an invalid cookie is detected
- regex: support all possible characters - '[a-zA-Z,-]{2,128}'
- tests: add coverage for all algorithms & bit representations
See:
- http://php.net/manual/en/session.configuration.php#ini.session.hash-function
- https://secure.php.net/manual/en/session.configuration.php#ini.session.hash-bits-per-character
- http://php.net/manual/en/function.session-id.php
- http://php.net/manual/en/function.session-regenerate-id.php
- http://php.net/manual/en/function.hash-algos.php
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-06 16:14:24 +02:00
ArthurHoaro
ce8c4a84ba
Bump version to v0.5.3
...
Fixes a bug that could prevent user to login.
2015-09-02 18:06:21 +02:00
VirtualTam
53cc2b93b8
Bump version to 0.5.2
...
Minor changes
- fix Full Path Disclosure upon cookie forgery
- fix regression preventing to load LinkDB info when adding an existing link
- also extract HTTPS page metadata (title)
- add PHP 7 to Travis platforms
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-31 20:39:27 +02:00
VirtualTam
6211c498f6
Merge pull request #326 from ArthurHoaro/bug-url
...
Fixes #325 - Shaarli does not recognize saved links
2015-08-31 20:31:41 +02:00
ArthurHoaro
26c503460c
Add HTTPS support for title extracting feature
2015-08-31 12:30:59 +02:00
ArthurHoaro
9e1724f192
Fixes #325 - Shaarli does not recognize saved links
...
PHP doesn't seem to autoconvert objects to strings when they're use as array indexes.
Fixes regression introduced in d9d776af19
2015-08-31 12:26:38 +02:00
ArthurHoaro
06b6660a7e
Avoid Full Path Disclosure error on session error.
...
* Add a function to validate session ID.
* Generate a new session ID if an invalid token is passed.
2015-08-22 10:10:55 +02:00
VirtualTam
d7efade5d6
Bump version to 0.5.1
...
Minor changes
- fix 404 after editing a link while being logged out
- update local documentation
- improve timezone detection at installation
- improve feed cache handling
- improve URL cleanup for new links
- add a link to the shaarli/shaarli DockerHub repository
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-18 00:36:55 +02:00
VirtualTam
d9d776af19
Links: refactor & improve URL cleanup
...
Relates to #141
Relates to #133
Modifications
- move URL cleanup to `application/Url.php`
- rework the cleanup function
- fragments: `#stuff`
- GET parameters: `?var1=val1&var2=val2`
- add documentation (APIs the params belong to)
- add test coverage
Reference
- http://php.net/parse_url
- http://php.net/manual/en/language.oop5.magic.php#language.oop5.magic.tostring
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-15 15:58:38 +02:00
VirtualTam
01e48f269d
CachedPage: move to a proper file, add tests
...
Modifications
- rename `pageCache` to `CachedPage`
- move utilities to `Cache`
- do not access globals
- apply coding rules
- update LinkDB and test code
- add test coverage
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-13 23:48:06 +02:00
ArthurHoaro
5fbabbb9be
Fixes #299 : prevent 404 on '?edit_link' while logged out
...
- add a use case for edit_link in logged out part.
- *really* prevent loops on login screen.
2015-08-07 16:26:38 +02:00
VirtualTam
afd7b77b4c
Installation: default to the server's timezone
...
Modifications
- attempt to use the server's timezone
- if none is set, use UTC
- TimeZone: apply coding conventions
- variable naming
- no closing PHP tag
Relates to #274
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-04 23:54:03 +02:00
VirtualTam
7d4263e11a
Bump version to 0.5.0
...
Major changes
- fix locale handling
- fix note URLs
- fix page redirections
- fix daily RSS browsing
- fix title display
- fix links not being hidden when `HIDE_PUBLIC_LINKS` is set
- restore compatibility with PHP 5.3
- remove duplicate tags in links
- remove annoying URL patterns
- add Firefox Social API
- Search/Filter by tag fieds can now be accessed quickly with the `Tab` key
- update documentation
- start code refactoring
- move all settings to `data/config.php`
- refactor Config, LinkDB, TimeZone, Utils
- add unit test coverage
- add Travis integration
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-30 11:20:51 +02:00
VirtualTam
d1e2f8e52c
PHP: ensure 5.3 compatibility, refactor timezone utilities
...
Relates to #250
Modifications
- supported version
- bump required version from 5.1.0 to 5.3.x
- update README
- add PHP 5.3 to Travis environments
- rewrite array declarations: explicitely use array() instead of []
- move checkPHPVersion to application/Utils.php
- move timezone functions to application/TimeZone.php
- cleanup code
- improve test coverage
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-13 13:06:06 +02:00
VirtualTam
5b0ebbc5de
Merge pull request #257 from ArthurHoaro/tag-http-referer
...
Prevent redirection loop everytime we rely on HTTP_REFERER
2015-07-12 19:56:13 +02:00
ArthurHoaro
775803a05c
Prevent redirection loop everytime we rely on HTTP_REFERER:
...
* search tag
* delete tag
* pagination
* display privates only
* delete link
* new/edit/cancel link return page
Move location generation to Utils.php + unit tests.
Fixes #256
ninja
2015-07-12 17:43:13 +02:00
Arthur
1dcbe29611
English mistake cf sebsauvage/Shaarli#221
2015-07-12 15:16:37 +02:00
ArthurHoaro
6ac95d9cf1
Fixes warning 'Undefined index: searchtags' while filtering by tags.
...
Happened if there were not any searchtags already present in the query.
2015-07-12 11:36:42 +02:00
Arthur
7bd3542b1b
Merge pull request #262 from ArthurHoaro/dup-tags
...
Avoid tag duplicates
2015-07-12 11:01:24 +02:00
ArthurHoaro
781e8aadea
Avoid tag duplicates
...
* Prevent duplicate client side with awesomplete
* Prevent duplicate server side (save_edit processing)
Fixes #261
2015-07-12 10:34:29 +02:00
VirtualTam
bba021defc
Merge pull request #268 from ArthurHoaro/dailrss-template
...
Include the whole <item> in Daily RSS template
2015-07-11 19:09:52 +02:00
ArthurHoaro
f3b8f9f0f8
Include the whole <item> in dailyRSS
...
Allow custom date format and title in templates.
Also a bit of code style review.
Fixes #182
2015-07-11 10:25:25 +02:00
VirtualTam
50c9a12ee6
Fix: data/config.php was not imported
...
Relates to #255
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-11 00:12:13 +02:00
VirtualTam
e92f1ba59e
Merge pull request #255 from ArthurHoaro/config
...
All settings are now stored in config.php
2015-07-09 21:34:46 +02:00
ArthurHoaro
dd484b90b1
All settings are now stored in config.php
...
Isolate functions related to config in Config.php + add unit tests + code_sniffer.
options.php is not supported anymore, but its content will be automatically saved into config.php
Fixes #shaarli/Shaarli#41
*TODO*: update [documentation](https://github.com/shaarli/Shaarli/wiki#configuration ).
2015-07-09 20:46:03 +02:00
VirtualTam
9186ab9594
LinkDB::filterDay(): check input date format
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-09 00:44:19 +02:00
ArthurHoaro
f3db3774f9
Fixes #260 : previous/next day links in daily
...
The bug was occuring only if we tried to access to the first day.
2015-07-08 17:12:06 +02:00
VirtualTam
9c8752a206
LinkDB: do not access global variables
...
Relates to #218
Removes "hidden" access to the following variables:
- $GLOBALS['config']['datastore']
- PHPPREFIX
- PHPSUFFIX
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-06-24 23:26:52 +02:00
nodiscc
64bc92e3ac
move escape() and sanitizeLink() to application/Utils.php
...
prevents 'PHP Fatal error: Call to undefined function sanitizeLink() in Shaarli/application/LinkDB.php on line 255' in tests
2015-06-24 01:08:30 +02:00
nodiscc
eaefcba724
Merge remote-tracking branch 'ArthurHoaro/input-escape' into next
...
Conflicts:
index.php
2015-06-24 00:51:38 +02:00
VirtualTam
9f15ca9ee7
LinkDB: add 'hidePublicLinks' parameter to the constructor
...
Fixes #236
Relates to #237
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-06-24 00:26:59 +02:00
ArthurHoaro
c68da3ffbf
Page title if there is a single link
...
Fixes #232
2015-06-23 20:22:02 +02:00
ArthurHoaro
5f85fcd863
Working on shaarli/Shaarli#224
...
I reviewed character escaping everywhere with the following ideas:
* use a single common function to escape user data: `escape` using `htmlspecialchars`.
* sanitize fields in `index.php` after reading them from datastore and before sending them to templates.
It means no escaping function in Twig templates.
2 reasons:
* it reduces risks of security issue for future user made templates
* more readable templates
* sanitize user configuration fields after loading them.
2015-06-23 16:35:36 +02:00
nodiscc
4a5827ff5a
Merge remote-tracking branch 'ArthurHoaro/daily-date' into next
2015-06-23 15:07:03 +02:00
nodiscc
38a0c256d2
Merge remote-tracking branch 'virtualtam/test/link-db' into next
...
Conflicts:
index.php
2015-06-23 14:38:43 +02:00
nodiscc
0fe36414c8
Merge remote-tracking branch 'ArthurHoaro/search-tag-awesomplete' into next
2015-06-23 14:18:31 +02:00
ArthurHoaro
4de71445d3
Daily page: date format in template
...
It only concerns the date of the day in the main title.
Fixes #182
Note that daily RSS feed is not generated through templates. Date are still hard formatted in that case.
2015-06-19 20:23:58 +02:00
VirtualTam
ca74886f30
LinkDB: move to a proper file, add test coverage
...
Relates to #71
LinkDB
- move to application/LinkDB.php
- code cleanup
- indentation
- whitespaces
- formatting
- comment cleanup
- add missing documentation
- unify formatting
Test coverage for LinkDB
- constructor
- public / private access
- link-related methods
Shaarli utilities (LinkDB dependencies)
- move startsWith() and endsWith() functions to application/Utils.php
- add test coverage
Dev utilities
- Composer: add PHPUnit to dev dependencies
- Makefile:
- update lint targets
- add test targets
- generate coverage reports
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-06-11 00:45:45 +02:00
ArthurHoaro
a037ac6963
Do not load links if they're hidden (also fix shaarli/Shaarli#202 )
2015-06-09 14:58:54 +02:00
ArthurHoaro
65d6251744
Add awesomplete to tag search shaarli/Shaarli#49
2015-06-09 14:23:28 +02:00
nodiscc
cbecab7735
split annoyingpatterns list on multpile lines, add new patterns for removal:
...
* utm_content=
* fb=
* xtor=
closes https://github.com/shaarli/Shaarli/issues/136
2015-06-03 15:58:58 +02:00
nodiscc
f95d0428f6
Merge branch 'really-hide' of https://github.com/pikzen/Shaarli into next
2015-05-22 21:07:00 +02:00
nodiscc
8b3c67fccb
Merge remote-tracking branch 'Marsup/firefox-social' into next
2015-05-22 21:04:36 +02:00