94716fb2ba
Release v0.10.2
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEWe5LuNiFNDXAgI8BOzJIyqqwgW4FAltu2K0ACgkQOzJIyqqw
gW4fpg/+MfXOj0d4sR3QMgafKHAVtiVmrOydVwqFOjVe+BOjpxHliDtOqo++cquF
umZ3Ln9D8R3Wocw5cdLOn0/WbS+xMqyLmJWkGb1sn2NS8NWINXwCw6A8QuYF789p
NmfmhYnXCW8OoX3TWLT1RR/0UL0V2ZJsMYTWfngxM4EVSPkaZc8C7Sjqs4hL/m4w
uPcHgsCziZjxtGmdFUKLEEoFwxWKIvZTnYNTVegD6uHGb7jNZGXz1kizIpsXHC3p
LffOpx1bamTbPoNhM0PyTTRAvNF3qBWsWY58Haldv9R60KsxJ7Fxc9PXgt02vUfw
dGLMuMEd98iArAlovqQCy4/f+r1JhqJUsfj2IDJM5QSTiYWJL6zShHyHoWWifU07
4eZCOZce3kskRd8kl/0TRqdFKBB1RxIDtEZRBbmIhnkUt8E2fZG+7XPvZiIeTZSc
9/8y0KAxBnOuWtLny/NE6kS6yNUSlYooTU6kkDZ4lvsJFpHlQKwwuoFDcsD6oY0k
yZ7lCAJht645pEQAF9b7WaB+qiE55suWFUcXM/uHqRdvl+DhEJE5C/BD7orW2mi9
CVfjmqEz5UFkalG7cZpb/NB1Rtcm1YT1NlY0h1YMRtT6ZILkgUNZLWb6tuZ2e0CS
sPvVzSNzyJmw5vRC6MtwAJzRRkqa1cFJ58vnQB1n8N65n/mAFNA=
=+fbH
-----END PGP SIGNATURE-----
Merge tag 'v0.10.2' into myShaarli_commu
Release v0.10.2
2018-10-01 15:51:33 +02:00
ArthurHoaro
b5c368b858
Fix issue 'You are not authorized to add a link' with thumbnails enabled
...
Do not try to alter the datastore by updating thumbnails if the user isn't logged in.
Also, do not enable thumbnails if PHP GD extension is not installed/loaded
2018-08-10 17:09:51 +02:00
ArthurHoaro
ad5f47adba
Merge pull request #687 from ArthurHoaro/web-thumb
...
Use web-thumbnailer to retrieve thumbnails
2018-07-28 09:41:29 +02:00
ArthurHoaro
7b4fea0e39
Bunch of improvement for thumbnails integration:
...
- add a default thumb size value (125x90px)
- improve private vertical bar visual, especially with thumbnails
- translations
- add a sync thumbs button in tool and empty picwall page
- fixes WT download mode in JSON config
2018-07-17 13:16:50 +02:00
ArthurHoaro
b302b3c584
Thumbnails: add a common mode to only retrieve thumbs from popular media websites
2018-07-05 20:34:22 +02:00
ArthurHoaro
28f2652460
Add a page to update all thumbnails through AJAX requests in both templates
2018-07-05 20:34:22 +02:00
ArthurHoaro
787faa42f3
Take code review into account
...
Upgrade web-thumbnailer and display thumbs right after download
2018-07-05 20:34:22 +02:00
ArthurHoaro
e85b7a05a1
Update thumbnail integration after rebasing the branch
2018-07-05 20:31:35 +02:00
ArthurHoaro
a3724717ec
ConfigManager: add a method to remove an entry
2018-07-05 20:31:35 +02:00
ArthurHoaro
1b93137e16
Use web-thumbnailer to retrieve thumbnails
...
* requires PHP 5.6
* use blazy on linklist since a lot more thumbs are retrieved
* thumbnails can be disabled
* thumbs size is now 120x120
* thumbs are now cropped to fit the expected size
Fixes #345 #425 #487 #543 #588 #590
2018-07-05 20:31:35 +02:00
ArthurHoaro
d3f42ca487
Implements Tags endpoints for Shaarli's REST API
...
Endpoints:
* List All Tags [GET]
* Get a tag [GET]
* Update a tag [PUT]
* Delete a tag [DELETE]
Fixes #904
References shaarli/api-documentation#34
2018-06-04 18:51:22 +02:00
ArthurHoaro
17e45b2e9c
Merge pull request #1143 from ArthurHoaro/sort-equal-tags
...
Fix order of tags with the same number of occurrences
2018-06-04 18:34:50 +02:00
VirtualTam
8edd7f1588
SessionManager+LoginManager: fix checkLoginState logic
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
704637bfeb
Add test coverage for LoginManager methods
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:26 +02:00
VirtualTam
ebf6151738
SessionManager: remove unused UID token
...
There already are dedicated tokens for:
- CSRF protection
- user stay-signed-in feature, via cookie
This token was most likely intended as a randomly generated,
server-side, secret key to be used when generating hashes.
See http://sebsauvage.net/wiki/doku.php?id=php:session [FR]
Relevant section:
Une clé secrète unique aléatoire est générée côté serveur (et jamais
envoyée). Elle peut servir pour signer les formulaires (HMAC) ou
générer des token de formulaires (protection contre XSRF).
Voir $_SESSION['uid'].
Translation:
A unique, server-side secret key is randomly generated (and never
transmitted). It can be used to sign forms (HMAC) or generate form
tokens (protection against XSRF).
See $_SESSION['uid']
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
c689e10863
Refactor LoginManager stay-signed-in token management
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
51f0128cdb
Refactor session and cookie timeout control
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
fab87c2696
Move LoginManager and SessionManager to the Security namespace
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
68dcaccfa4
LoginManager: remove unused parameter
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
89ccc83ba4
Login: update PageBuilder and default/vintage templates
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
8474208474
Pass the client IP ID to LoginManager
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
c7721487b2
Delegate session operations to SessionManager
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:45:54 +02:00
VirtualTam
1b28c66cc7
Document LoginManager properties
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-05-29 22:53:54 +02:00
VirtualTam
63ea23c2a6
Refactor user credential validation at login time
...
Changed:
- move login/password verification to LoginManager
- code cleanup
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-05-29 22:53:54 +02:00
VirtualTam
49f1832316
Refactor PHP session handling during login/logout
...
Changed:
- move $_SESSION handling to SessionManager
- code cleanup
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-05-29 22:53:54 +02:00
VirtualTam
db45a36a53
Refactor SessionManager::$INACTIVITY_TIMEOUT
...
Changed:
- move INACTIVITY_TIMEOUT to SessionManager
- inject a dependency to a SessionManager instance in:
- fillSessionInfo()
- setup_login_state()
- check_auth()
- cleanup related code and comments
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-05-29 22:53:54 +02:00
VirtualTam
88110550b8
Refactor client session hijacking protection
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-05-29 22:53:54 +02:00
ArthurHoaro
f8c5660df8
Tag sort - UT + comment + fix filter and visibility
...
Before this, linksCountPerTag call without would have ignored visibility parameter
2018-05-29 20:52:30 +02:00
ArthurHoaro
f28396a2f8
Fix order of tags with the same number of occurrences
...
Fixes #1142
2018-05-19 15:47:55 +02:00
ArthurHoaro
a1b727efb7
Support redirection in cURL download callback
2018-05-01 16:44:51 +02:00
Buster One
7ca124079e
German language created ( #1114 )
...
* Added german language selection
* German language file created
* typo
* extra space removed and typo corrected
* lines 1314 through 1408 removed as suggested
2018-04-15 14:53:09 +02:00
ArthurHoaro
9b2bd66fb6
Merge pull request #1093 from ArthurHoaro/feature/theme-translation
...
Load theme translations files automatically
2018-03-26 20:26:10 +02:00
ArthurHoaro
68c6afc56f
Load theme translations files automatically
...
Fixes #1077
Take a look at the docs update to see how it works
2018-03-26 19:20:25 +02:00
ArthurHoaro
4294bc7b98
Merge pull request #1096 from ArthurHoaro/feature/download-params
...
Make max download size and timeout configurable
2018-03-13 18:02:49 +01:00
ArthurHoaro
4ff3ed1c47
Make max download size and timeout configurable
...
Fixes #1061
2018-03-07 23:03:21 +01:00
ArthurHoaro
d2d4f993e1
PSR: use elseif instead of else if
...
See https://www.php-fig.org/psr/psr-2/\#51-if-elseif-else
2018-02-28 22:34:40 +01:00
ArthurHoaro
bc4a0a672c
Merge pull request #1092 from ArthurHoaro/fix/scuttle-doctype-case
...
Ignore the case while checking DOCTYPE during the file import
2018-02-24 13:29:11 +01:00
ArthurHoaro
980efd6cf8
Use a specific page title in all pages
...
Also fixed a few French translation issues
Fixes #954 #955
2018-02-24 12:48:49 +01:00
ArthurHoaro
3ff1ce47bc
Ignore the case while checking DOCTYPE during the file import
...
Fixes #1091
2018-02-23 20:34:06 +01:00
d923d1db2f
Merge remote-tracking branch 'github/latest' into myShaarli_commu
2018-02-09 16:10:09 +01:00
ba04c60849
Fix markdown editor with myShaarli plugin
2018-02-09 15:56:22 +01:00
VirtualTam
44acf70681
Refactor login / ban authentication steps
...
Relates to https://github.com/shaarli/Shaarli/issues/324
Added:
- Add the `LoginManager` class to manage logins and bans
Changed:
- Refactor IP ban management
- Simplify logic
- Avoid using globals, inject dependencies
Fixed:
- Use `ban_duration` instead of `ban_after` when setting a new ban
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-02-05 18:12:09 +01:00
ArthurHoaro
bc3ce7ec2a
Merge pull request #1038 from ArthurHoaro/feature/public-only-filter
...
Add a filter to only display public links
2018-02-02 19:22:37 +01:00
ArthurHoaro
28df9fa4f7
INTL_IDNA_VARIANT_2003 is deprecated
...
See https://wiki.php.net/rfc/deprecate-and-remove-intl_idna_variant_2003
2018-02-02 19:15:47 +01:00
ArthurHoaro
b7c412d4d0
Use LC_COLLATE instead of LC_MESSAGES if php-intl is not installed
...
As stated in the docs:
> LC_MESSAGES for system responses (available if PHP was compiled with libintl)
Fixes #1067
2018-01-31 12:39:17 +01:00
ArthurHoaro
cb4ddbe4e7
Fix warnings when upgrading from legacy SebSauvage version
...
Fixes #1040
2018-01-25 19:55:31 +01:00
ArthurHoaro
d2f6d909e5
Public/private filter: use two separate buttons
...
#1038
2018-01-24 18:46:31 +01:00
ArthurHoaro
d449f79a0d
Merge pull request #977 from ArthurHoaro/feature/dl-filter
...
Extract the title/charset during page download, and check content type
2018-01-23 18:41:38 +01:00
ArthurHoaro
9d4736a3e9
Add a filter to only display public links
...
When the key filter is clicked once, it only displays private link. When it is clicked on again, it becomes red and only public links are displayed. Another click and all links are displayed. The current visibility status is shown in the search banner
Fixes #1030
2017-12-16 14:32:56 +01:00
ArthurHoaro
101b935de4
Merge pull request #1025 from ArthurHoaro/hotfix/proxy-443
...
Force HTTPS if the original port is 443 behind a reverse proxy
2017-12-03 12:46:43 +01:00