Commit graph

305 commits

Author SHA1 Message Date
VirtualTam
fd7d84616d Move session ID check to SessionManager
Relates to https://github.com/shaarli/Shaarli/issues/324

Changed:
- `is_session_id_valid()` -> `SessionManager::checkId()`
- update tests

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-10-22 19:54:44 +02:00
VirtualTam
ebd650c06c Refactor session token management
Relates to https://github.com/shaarli/Shaarli/issues/324

Added:
- `SessionManager` class to group session-related features
- unit tests

Changed:
- `getToken()` -> `SessionManager->generateToken()`
- `tokenOk()` -> `SessionManager->checkToken()`
- inject a `$token` parameter to `PageBuilder`'s constructor

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-10-22 19:19:46 +02:00
ArthurHoaro
6a65bc5798 Translations : Working demo example of translation extension 2017-10-22 13:16:56 +02:00
ArthurHoaro
f39580c6fd Add language selection in the configure page of the default theme 2017-10-22 13:16:53 +02:00
ArthurHoaro
12266213d0 Shaarli's translation
* translation system and unit tests
 * Translations everywhere

Dont use translation merge

It is not available with PHP builtin gettext, so it would have lead to inconsistency.
2017-10-22 12:55:03 +02:00
ArthurHoaro
66e74d50d3 Don't write History for link import
With large imports it has a large impact on performances and isn't really useful.

Instead, write an IMPORT event, which let client using the history service resync its DB.

-> 15k link import done in 6 seconds.

Fixes #985
2017-10-07 16:40:16 +02:00
VirtualTam
c8d96b4729 Merge pull request #979 from ArthurHoaro/feature/assets-cache-version
Add a version hash for asset loading to prevent browser's cache issue
2017-10-06 14:32:07 +02:00
Mark Gerarts
722caa2090 Allow setting of a default note title, see #963 2017-10-01 14:19:57 +02:00
ArthurHoaro
b3e1f92e9c Rename shaarli_version constant to uppercase 2017-10-01 11:11:16 +02:00
ArthurHoaro
bfe4f536bb Add a version hash for asset loading to prevent browser's cache issue
The hash is generated using the same salt as the one used for credentials (1 salt per instance)  in order to avoid exposing the instance version.

Fixes #965
2017-10-01 11:10:37 +02:00
ArthurHoaro
3512f44617 Merge pull request #976 from ArthurHoaro/hotfix/url-parentheses
Fix parsing for description links with parentheses
2017-09-30 14:25:53 +02:00
VirtualTam
7c670b39a2 Merge pull request #975 from virtualtam/robustness
Improve robustness for zlib and file operations
2017-09-30 10:56:56 +02:00
ArthurHoaro
601faf9751 Fix parsing for description links with parentheses
With markdown plugin disabled

relates to #966
2017-09-29 18:52:38 +02:00
ArthurHoaro
a59bbf50d7 Merge pull request #947 from thewilli/wildcardsearch
wildcard tag search support
2017-09-29 18:38:02 +02:00
VirtualTam
8c322aaba1 Robustness: safer gzinflate/zlib usage
Relates to https://github.com/shaarli/Shaarli/pull/846

PHP's `gzinflate()` fails with an error when being passed an empty string

See:
- https://bugs.php.net/bug.php?id=71395

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-09-28 21:59:36 +02:00
VirtualTam
e4325b1517 Robustness: safer RainTPL directory handling
Relates to https://github.com/shaarli/Shaarli/issues/845
Relates to https://github.com/shaarli/Shaarli/issues/846
Relates to https://github.com/shaarli/Shaarli/pull/909

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-09-28 21:57:20 +02:00
Willi Eggeling
27e21231e1 added option to redirect all anonymous users to login page
- new setting *force_login* added and documented
- if both, *force_login* and *hide_public_links* are set to true, all requests
  (except for the feeds) are redirected to the login page
2017-09-03 11:46:49 +02:00
ArthurHoaro
9ec0a61156 Performances: reorder links when they're written instead of read
relates to #891
2017-09-02 15:10:44 +02:00
ArthurHoaro
96a1c79456 Merge pull request #939 from ArthurHoaro/hotfix/firefox-social-title
Firefox Social title: Use document.title instead of RainTPL variable
2017-09-02 13:54:38 +02:00
ArthurHoaro
a3130d2c2f Make work behind a reverse proxy
Without HTTP_X_FORWARDED_PORT check,  might be set to false even though the user is using HTTPS, thus disabling Firefox Social block display
2017-09-02 13:50:49 +02:00
Willi Eggeling
341527bae9 wildcard tag search support
- when searching for tags you can now include '*' as wildcard placeholder
- new search reduces overall overhead when filtering for tags
- fixed combination with description tag search ('#' prefix)
- tests added
2017-08-30 13:20:22 +02:00
VirtualTam
e4ed3a46b7 Merge pull request #944 from thewilli/configure-rememberme
new setting: default value for 'remember me' checkbox
2017-08-27 16:36:53 +02:00
Willi Eggeling
2e07e77573 new setting: default value for 'remember me' checkbox
- the default state for the login page's 'remember me' checkbox can now be configured
- adapted the default and vintage theme to consider the new setting
- added documentation for the new setting
2017-08-27 16:03:37 +02:00
Willi Eggeling
cc8f572bc0 migrated Github wiki links to readthedocs 2017-08-26 09:40:57 +02:00
ArthurHoaro
1fdb40fc16 Merge pull request #887 from ArthurHoaro/hotfix/dash-tag-rename
Make sure that the tag exists before altering/removing it
2017-08-05 09:59:03 +02:00
ArthurHoaro
3b67b22225 Move tag renaming code to LinkDB and unit test it 2017-08-05 09:55:20 +02:00
VirtualTam
f09e1e318e Merge pull request #889 from Lucas-C/master
Using only one form in linklist.html - fix #885
2017-08-03 16:27:59 +02:00
Lucas Cimon
f210d94f71 Using only one form in linklist.html + adding untaggedonly filter - fix #885 2017-07-30 16:19:34 +02:00
Stephen Muth
b80315e238 Respect HTTP_X_FORWARDED_HOST
alongside _PORT and _PROTO
Fixes #879
2017-07-08 00:01:03 +00:00
ArthurHoaro
ac94db1e36 Merge pull request #880 from ArthurHoaro/hotfix/allowed-protocols
Add a whitelist of protocols for URLs
2017-05-31 17:52:19 +02:00
ArthurHoaro
3e395a6bc6 Merge pull request #841 from ArthurHoaro/feature/search-no-tag
Empty tag search will look for not tagged links
2017-05-25 15:54:20 +02:00
ArthurHoaro
7d86f40bdb Empty tag search will look for not tagged links
Fixes #784

From now, searching for tags with an empty value will return only not tagged links,
with the search bar showing `x results [not tagged]`.

Note that using the api, the searchtags request parameter must be set to `false` to get the same result.

  - [ ] Update API doc
2017-05-25 15:51:12 +02:00
ArthurHoaro
aa4797ba36 Adds a taglist view with edit/delete buttons
* The tag list can be sort alphabetically or by most used tag
  * Edit/Delete are perform using AJAX, or fallback to 'do=changetag' page
  * New features aren't backported to vintage theme
2017-05-25 15:25:04 +02:00
ArthurHoaro
986a521067 Add an endpoint to refresh the token
Useful for AJAX requests which burns the token
2017-05-25 15:05:23 +02:00
ArthurHoaro
86ceea054f Add a whitelist of protocols for URLs
- for Shaare
 - for markdown description links and images

Not whitelisted protocols will be replaced by `http://`
2017-05-25 14:58:34 +02:00
Lucas Cimon
6ccd0b218f Adding ability to display subtags in tagcloud 2017-05-24 13:09:35 +02:00
ArthurHoaro
845810a8d3 Use the new 'default' theme... as default
Fixes #866
2017-05-09 18:22:31 +02:00
ArthurHoaro
a9fe41a818 Merge pull request #862 from ArthurHoaro/theme/tags-everywhere
Inject tag list everywhere to make autocomplete work on the fixed search bar
2017-05-07 18:39:25 +02:00
ArthurHoaro
3108f2a800 Merge pull request #861 from ArthurHoaro/hotfix/import-shorturl-override
Fix a bug happening when importing links with override option
2017-05-07 18:38:55 +02:00
ArthurHoaro
73c8962654 Inject tag list everywhere to make autocomplete work on the fixed search bar 2017-05-07 18:21:38 +02:00
ArthurHoaro
28794b69cb Fix a bug happening when importing links with override option
The shorturl would be set to null, generating a lot of warnings and breaking permalinks
2017-05-07 18:02:49 +02:00
ArthurHoaro
6bc90f50af History: fix entries order 2017-05-07 17:11:25 +02:00
ArthurHoaro
57ce6dae5d Reset the history file due to datetime format change 2017-05-07 17:11:25 +02:00
ArthurHoaro
813849e521 Add history entries for API endpoint
CHANGED: datetime is now store as an object in history store file
2017-05-07 17:11:22 +02:00
ArthurHoaro
61d406933e API: Get History endpoint
See http://shaarli.github.io/api-documentation/#links-history-get
2017-05-07 16:03:40 +02:00
ArthurHoaro
b8fcb7d440 Merge pull request #856 from ArthurHoaro/api/delete-link
API: add DELETE endpoint
2017-05-07 16:02:14 +02:00
ArthurHoaro
0843848c1d API: add DELETE endpoint
Based on #840

See http://shaarli.github.io/api-documentation/\#links-link-delete
2017-05-07 15:58:49 +02:00
ArthurHoaro
77de24876f Merge pull request #840 from ArthurHoaro/api/putLink
REST API: implement PUT method
2017-05-07 15:55:38 +02:00
ArthurHoaro
cf9181dddf REST API: implement PUT method
* Related to #609
  * Documentation: http://shaarli.github.io/api-documentation/#links-link-put
2017-05-07 15:49:16 +02:00
ArthurHoaro
f9ff7f1b69 Merge pull request #764 from ArthurHoaro/feature/history
History mechanism
2017-05-06 17:12:06 +02:00
ArthurHoaro
4c7045229c Merge pull request #830 from ArthurHoaro/theme/timezone
Change timezone data structure send to the templates
2017-04-25 19:09:13 +02:00
ArthurHoaro
6a19124a09 Use raw bytes for upload size hidden input 2017-04-10 20:01:10 +02:00
ArthurHoaro
bc5f1597eb Fix offset check with link ID = 0 2017-04-05 19:09:25 +02:00
ArthurHoaro
ae3aa96898 Change timezone data structure send to the templates
The goal of this is to be able to adapt the timezone form
in template without hacking the HTML already rendered.

  * there are two arrays available:
    * `continents` which contains only a list of available continents
    * `cities` which contains a list of available timezone cities, associated with their continent

Note: there are two distinct array because RainTPL doesn't support nested loop very well.
2017-04-03 19:24:55 +02:00
ArthurHoaro
84315a3bad Fix a warning generated in return_bytes function and refactor it
It was multiplying a string containing a letter.

Moved function to Utils.php and display a human readable limit size
2017-04-03 18:53:43 +02:00
ArthurHoaro
4b385d6c34 Merge pull request #742 from ArthurHoaro/api/postLink
REST API: implement POST link service
2017-04-01 10:02:03 +02:00
ArthurHoaro
81bd104daa Theme: use format_date function for daily date 2017-03-28 20:43:30 +02:00
ArthurHoaro
68016e3798 REST API: implement POST link service 2017-03-27 18:44:50 +02:00
ArthurHoaro
64c34078e4 Merge pull request #816 from ArthurHoaro/project/master-version
Use 'dev' version on the master branch
2017-03-22 18:50:33 +01:00
ArthurHoaro
d16ca2e22f History: lazy loading for the history file
Only read it when it's necessary
2017-03-21 20:29:20 +01:00
ArthurHoaro
4306b184c4 History mechanism
Use case: rest API service

  * saved by default in data/history
  * same format as datastore.php
  * traced events:
     * save/edit/delete link
     * change settings or plugins settings
     * rename tag
2017-03-21 20:29:20 +01:00
ArthurHoaro
b2306b0c78 Move database read/write to FileUtils class + additional unit tests 2017-03-21 20:16:26 +01:00
ArthurHoaro
c4c655d9bf Merge pull request #804 from ArthurHoaro/feature/atom-default
Fixes #304: use atom feed as default
2017-03-21 20:10:49 +01:00
ArthurHoaro
b786c8836f Set Shaarli's version only in shaarli_version.php file 2017-03-21 20:08:40 +01:00
ArthurHoaro
c6a4c2882d Proper error if the conf file is invalid instead of fatal error
Error:

An error occurred while parsing configuration JSON file (data/config.json.php): error code #4
➜ Syntax error
Please check your JSON syntax (without PHP comment tags) using a JSON lint tool such as jsonlint.com.
2017-03-12 16:09:34 +01:00
ArthurHoaro
bbc6b844c1 Add an updateMethod to match the current remote branch for updates 2017-03-12 15:28:23 +01:00
ArthurHoaro
b897c81f8c Use 'dev' version on the master branch
Allowed check branches are now `latest` and `stable`.
2017-03-12 15:05:59 +01:00
ArthurHoaro
196808e14f Merge pull request #779 from ArthurHoaro/feature/import-parser-logs
Link imports are now logged in `data/` folder, and can be debug using…
2017-03-11 14:23:05 +01:00
ArthurHoaro
2ea89aba4f Fixes #304: use atom feed as default
RSS feed is still available with the  setting set to false
2017-03-11 14:13:58 +01:00
ArthurHoaro
fe83d45c46 Fix #773: set Piwik URL protocol 2017-03-11 13:27:02 +01:00
ArthurHoaro
87e9631e4a Fix namespace issue 2017-03-10 18:49:53 +01:00
ArthurHoaro
48417aed1d Link imports are now logged in data/ folder, and can be debug using dev.debug=true setting
related to #741 and #681
2017-03-10 18:46:53 +01:00
ArthurHoaro
5ba55f0cf2 Move config exception to dedicated classes with proper namespace 2017-03-09 19:16:42 +01:00
ArthurHoaro
e6cd773f5a Fix blocking namespace issue 2017-03-08 20:00:21 +01:00
ArthurHoaro
03b9cb600a Fix autoLocale error and cover it with unit tests 2017-03-07 19:27:17 +01:00
ArthurHoaro
52b503105d Improve datetime display
Use php-intl extension to display datetimes a bit more nicely, depending on the locale.

What changes:

  * the day is no longer displayed
  * day number and month are ordered according to the locale
  * the timezone is more readable (UTC+1 instead of CET)
2017-03-06 21:11:12 +01:00
ArthurHoaro
1255a42cfe Improve autoLocale() detection
- Creates arrays_combination function to cover all cases
  - add the underscore separator in the regex
  - add `utf8` encoding in addition to `UTF-8`
2017-03-06 20:32:17 +01:00
VirtualTam
3c66e56435 application: introduce the Shaarli\Config namespace
Namespaces have been introduced with the REST API, and should be generalized
to the whole codebase to manage object scope and benefit from autoloading.

See:
- https://secure.php.net/manual/en/language.namespaces.php
- http://www.php-fig.org/psr/psr-4/

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-03-04 17:07:52 +01:00
ArthurHoaro
e037610115 Add markdown_escape setting
This setting allows to escape HTML in markdown rendering or not.
The goal behind it is to avoid XSS issue in shared instances.

More info:

  * the setting is set to true by default
  * it is set to false for anyone who already have the plugin enabled
  (avoid breaking existing entries)
  * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof
  * mention the setting in the plugin README
2017-02-28 19:16:54 +01:00
ArthurHoaro
7dcbfde5ff Set the vintage theme by default for the time being 2017-02-27 20:20:53 +01:00
ArthurHoaro
16e3d006e9 REST API: implements getLink by ID service
See http://shaarli.github.io/api-documentation/#links-link-get
2017-02-19 16:45:59 +01:00
ArthurHoaro
65e56cbe49 Merge pull request #769 from ArthurHoaro/api/getlinks-visibility
REST API - getLinks: support the visibility parameter
2017-02-13 08:41:12 +01:00
ArthurHoaro
c03455af11 Fixes #775: LinkDB do not access LinkDB before ID system migration
To access LinkDB items with its ArrayAccess implementation, the IDs must be consistent, which isn't the case before `updateMethodDatastoreIds()` execution. v0.6.4 method `updateMethodRenameDashTags()` was accessing it, so an upgrade <0.6.4 to >0.8.x was failing.

This just move the minor update `RenameDashTags` after the IDs update.
2017-02-04 12:01:48 +01:00
ArthurHoaro
c37a6f820b REST API - getLinks: support the visibility parameter 2017-01-17 18:53:18 +01:00
ArthurHoaro
7f96d9ec21 Update LinkFilter to be able to filter only public links
No update regarding the UI or the API for now

Fixes #758
2017-01-16 13:57:11 +01:00
ArthurHoaro
9977c418d6 Merge pull request #727 from ArthurHoaro/api/getlinks
REST API: implement getLinks service
2017-01-15 16:49:50 +01:00
ArthurHoaro
c3b00963fe REST API: implement getLinks service
See http://shaarli.github.io/api-documentation/#links-links-collection-get
2017-01-15 13:55:22 +01:00
VirtualTam
63ef549749 API: expect JWT in the Authorization header
Relates to https://github.com/shaarli/Shaarli/pull/731

Added:
- require the presence of the 'Authorization' header

Changed:
- use the HTTP Bearer Token authorization schema

See:
- https://jwt.io/introduction/#how-do-json-web-tokens-work-
- https://tools.ietf.org/html/rfc6750
- http://security.stackexchange.com/q/108662

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-15 13:41:04 +01:00
ArthurHoaro
7282418baa Move user.css to data folder 2017-01-14 16:43:32 +01:00
VirtualTam
ee6f4b64a9 Cleanup: use safe boolean comparisons
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-07 14:37:40 +01:00
Arthur
7418f7cb60 Merge pull request #732 from ArthurHoaro/feature/theme-manager
Theme manager: improvements
2017-01-06 11:40:54 +01:00
VirtualTam
93b1fe54fb Cleanup: explicit method visibility
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-05 19:52:04 +01:00
VirtualTam
724f1e3229 Cleanup: remove unused variables
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-05 19:51:50 +01:00
ArthurHoaro
04a0e8ea34 Updater: keep custom theme preference with the new theme setting 2017-01-05 16:16:27 +01:00
ArthurHoaro
a0df06517b Minor improvements regarding #705 (coding style, unit tests, etc.) 2017-01-05 16:16:23 +01:00
adc4aee80f Change templates set through administration UI 2017-01-05 12:04:02 +01:00
VirtualTam
7a9daac56d API: fix JWT signature verification
Fixes https://github.com/shaarli/Shaarli/issues/737

Added:
- Base64Url utilities

Fixed:
- use URL-safe Base64 encoding/decoding functions
- use byte representations for HMAC digests
- all JWT parts are Base64Url-encoded

See:
- https://en.wikipedia.org/wiki/JSON_Web_Token
- https://tools.ietf.org/html/rfc7519
- https://scotch.io/tutorials/the-anatomy-of-a-json-web-token
- https://jwt.io/introduction/
- https://en.wikipedia.org/wiki/Base64#URL_applications
- https://secure.php.net/manual/en/function.base64-encode.php#103849

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-04 16:59:47 +01:00
Arthur
fc11ab2f29 Merge pull request #682 from ArthurHoaro/delete-button
Bugfixes on link deletion, and use a GET form
2017-01-04 16:35:29 +01:00
Arthur
061f04fba0 Merge pull request #733 from ArthurHoaro/hotfix/reverse-proxy-port
Hide default ports in local URL behind a reverse proxy
2017-01-04 16:34:06 +01:00
VirtualTam
eaf2524887 URL cleanup: add 'campaign_' to the annoying parameters
Closes https://github.com/shaarli/Shaarli/issues/735

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-04 11:42:05 +01:00