Alexandre Alapetite
fc93ae1d1a
Import NETSCAPE-Bookmark compatible milliseconds
...
NETSCAPE-Bookmark sometimes contains dates as milliseconds instead of
seconds.
For instance, this is the case of the files gererated for Google +1s by
Google Takeout.
This patch make these files compatible.
2013-09-21 18:15:41 +02:00
Bronco
b607a4c503
Added the possibility to put a description in the bookmarklet's URL
...
Conflicts:
index.php
2013-09-16 12:02:34 +02:00
lehollandaisvolant
fb57aab74d
Ajout d’un UA lors de la récupération d’une page externe (certains site veulent un UA)
2013-09-16 11:47:42 +02:00
Bronco
3057373a25
Added the possibility to put a description in the bookmarklet's URL
2013-09-16 10:32:02 +02:00
7e929771eb
[upd] link to homepage
2013-09-09 10:44:42 +02:00
ba36c44c5c
[add] link to contact page
2013-09-09 10:42:27 +02:00
lehollandaisvolant
03545ef691
Ajout d’un UA lors de la récupération d’une page externe (certains site veulent un UA)
2013-09-03 15:55:13 +02:00
Alexandre Alapetite
f0075b1743
Smaller logo file
...
Better PNG compression of logo file, as produced by Page Speed.
2013-08-23 17:37:59 +02:00
Alexandre Alapetite
ff63b7d111
Corrected error message for lack of write access in ./data
2013-08-23 17:02:15 +02:00
64f4f387a0
[fix] PHP notice error
2013-08-20 15:01:45 +02:00
588c4e4be4
Merge branch 'master' into myShaarli
2013-08-07 10:11:37 +02:00
256545b392
Merge branch 'master' of git://github.com/sebsauvage/Shaarli
2013-08-07 10:09:53 +02:00
Sebastien SAUVAGE
002ef0e5c8
Better encoding handling in title parsing
...
Thanks to a patch from Le Hollandais Volant.
2013-08-03 22:10:04 +02:00
Sebastien SAUVAGE
f6a6ca0aec
SERVER_NAME changed to HTTP_HOST
...
SERVER_NAME changed to HTTP_HOST because SERVER_NAME can cause problems
on some misconfigured hosts. HTTP_HOST is usually more reliable with
those servers. (cf.
http://stackoverflow.com/questions/2297403/http-host-vs-server-name ).
This should cause less problem on most hosts.
2013-08-03 22:00:09 +02:00
BoboTiG
fbd9e52716
RSS/Atom: add a parameter to print only the N last links
2013-07-26 08:57:19 +02:00
Lionel Martin
3385af123f
Added json_encode implementation for php<5.2
2013-05-20 19:00:28 +02:00
12e74779c4
[fix] small bug (bad empty test)
2013-05-03 10:44:24 +02:00
c26d0303ee
[fix] background repeat in login page
2013-04-30 16:24:43 +02:00
c2d24b7827
[add] via input
2013-04-30 16:20:54 +02:00
5b82e59b33
Add default background color for thumbshot.
2013-04-02 16:17:11 +02:00
Christophe HENRY
1db7867707
typo
2013-03-29 17:04:15 +01:00
Christophe HENRY
6888cc6f90
Adds a configuration variable "titleLink" which allows to customize the
...
link on the title.
Conflicts:
tpl/page.header.html
2013-03-29 16:56:24 +01:00
ed5a80e732
[fix] css background linear
2013-03-29 15:59:19 +01:00
01f59ddf63
Change the tagcloud generation for better variaous size.
2013-03-29 15:51:56 +01:00
4c02d06d57
Merge remote-tracking branch 'master/master' into myShaarli
2013-03-29 15:48:58 +01:00
9550bfe181
Move inline CSS style to shaarli.css
2013-03-29 15:37:44 +01:00
dc420191df
Move inline CSS style to shaarli.css
2013-03-29 15:21:32 +01:00
b28f3129ef
just change order of few element
2013-03-21 12:24:51 +01:00
e4501035c3
Merge remote-tracking branch 'origin/master' into myShaarli
2013-03-21 10:57:51 +01:00
c98a5f2205
Create a personal themes for Shaarli.
2013-03-20 12:31:27 +01:00
8f2c12ce6a
[add] option for use external service for thumbshot
2013-03-19 17:22:50 +01:00
Sébastien SAUVAGE
99954e1290
Merge pull request #43 from dsferruzza/highlight-search-results
...
Highlight search results
2013-03-11 02:11:47 -07:00
Sébastien SAUVAGE
87e3d65023
Merge pull request #42 from matchab/master
...
Timezone par défaut
2013-03-11 01:59:48 -07:00
Sébastien SAUVAGE
2d21a179b0
Merge pull request #45 from dsferruzza/fix-picwall-bug
...
Fix picwall bugs
2013-03-11 01:49:50 -07:00
David Sferruzza
f2acdfd14e
Move lazyload init inside the body tag
2013-03-10 19:04:48 +01:00
David Sferruzza
a908244cc4
Fix bug producing invalid HTML
2013-03-10 19:03:34 +01:00
David Sferruzza
9da4953190
Avoid highlighting paging stuff
2013-03-10 18:26:16 +01:00
David Sferruzza
1b647ff409
Highlight search results (issue #4 )
...
Uses http://bartaz.github.com/sandbox.js/jquery.highlight.html
2013-03-10 18:24:05 +01:00
Mathieu Chabanon
6e330f2225
Ingore Eclipse project files
2013-03-10 14:16:29 +01:00
Mathieu Chabanon
cb49ab945f
Avoid a strict standard error when php.ini do not define the default
...
timezone.
2013-03-10 14:06:12 +01:00
Sébastien SAUVAGE
310f3ca007
Version 0.0.41 beta
2013-03-08 10:14:31 +01:00
Sébastien SAUVAGE
41a30d9b2d
Merge pull request #37 from sebsauvage/CookieDomain
...
Correction for login problem with webkit browsers on sub-domain hosted Shaarli.
2013-03-08 01:01:40 -08:00
Sebastien SAUVAGE
75e199d606
Correction for login problem with webkit browsers on sub-domain hosted Shaarli.
2013-03-06 23:31:18 +01:00
Sebastien SAUVAGE
979d6334e7
Added second check to write rights.
...
(Because on some hosts is_writable() is not reliable.)
2013-03-04 21:26:06 +01:00
Sebastien SAUVAGE
f2cb5f95a9
Check that Shaarli has the right to write in its own directory.
...
Because some user forget to check this at installation.
2013-03-04 21:14:07 +01:00
Sebastien SAUVAGE
8a80e4fe07
Got rid of small display bugs before installation.
2013-03-04 21:02:24 +01:00
Sébastien SAUVAGE
22701e2d0b
Merge pull request #30 from Knah-Tsaeb/master
...
Merged "Private by default" feature (when creating a new link).
2013-03-04 11:49:33 -08:00
bb8f712db6
[add] https://github.com/sebsauvage/Shaarli/issues/20 New links created as private by default.
2013-03-04 10:18:39 +01:00
Sebastien SAUVAGE
dd064cc315
Added https to list of authorized protocols.
2013-03-03 22:49:10 +01:00
Sebastien SAUVAGE
feebc6d466
Corrected vulnerabilities (see report below)
...
Title : Shaarli Vulnerabilities
Author : @erwan_lr | @_WPScan_
Vendor : http://sebsauvage.net/wiki/doku.php?id=php:shaarli
Download : https://github.com/sebsauvage/Shaarli/archive/master.zip |
http://sebsauvage.net/files/shaarli_0.0.40beta.zip
Affected versions : master-705F835, 0.0.40-beta (versions below may also
be vulnerable)
Vulnerabilities : Persistent XSS & Unvalidated Redirects and Forwards
Persistent XSS :
- During the instalation or configuration modification, the title field
is vulnerable. e.g <script>alert(1)</script>
Quotes can not be used because of var_export(), but String.fromCharCode
works
- The url field of a link is vulnerable :
When there is no redirector : javascript:alert(1)
Then, the code is triggered when a user click the url of a link
Or with a classic XSS : "><script>alert(1)</script>
Unvalidated Redirects and Forwards :
A request with the param linksperpage or privateonly can be used to
redirect a user to an arbitrary referer
e.g
GET /Audit/Shaarli/master-705f835/?linksperpage=10 HTTP/1.1
Host: 127.0.0.1
Referer: https://duckduckgo.com
History :
March 2, 2013
- Vendor contacted
2013-03-03 22:15:38 +01:00