This setting allows to escape HTML in markdown rendering or not.
The goal behind it is to avoid XSS issue in shared instances.
More info:
* the setting is set to true by default
* it is set to false for anyone who already have the plugin enabled
(avoid breaking existing entries)
* improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof
* mention the setting in the plugin README
All existing link will keep their permalinks.
New links will have smallhash generated with date+id.
The purpose of this is to avoid collision between links due to their creation date.
creation and update dates are now DateTime objects.
Since this update is very sensitve (changing the whole database), the datastore will be automatically backed up into the file datastore.<datetime>.php.
Links now use an incremental unique numeric identifier.
This ID is persistent and must never change.
ArrayAccess is used to match the link ID with the array keys (see the comment in LinkDB for more details)
Key 'created' added, with creation date as a DateTime object. 'updated' is now also a DateTime.
All plugins can optionally add an init function named `pluginname_init()` which is called when the plugin is loaded.
This function is aware of the config, and can return initialization errors, which are displayed in the header template.
Note that the previous error system hack no longer work.
Relates to https://github.com/shaarli/Shaarli/issues/607
Modifications:
- [application][tests] NetscapeBookmarkUtils: more permissive doctype detection
The IE bookmark exports contain extra escape sequences, which can be observed
by binary comparison of the reference input data used in tests:
$ cmp -b -l -n 8 netscape_basic.htm internet_explorer_encoding.htm
1 74 < 357 M-o
2 41 ! 273 M-;
3 104 D 277 M-?
4 117 O 74 <
5 103 C 41 !
6 124 T 104 D
7 131 Y 117 O
8 120 P 103 C
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Relates to #607
Relates to #608
Relates to #493 (abandoned)
Additions:
- use Composer's autoload to load 3rd-party dependencies under vendor/
Modifications:
- [import] replace the current parser with a generic, stable parser
- move code to application/NetscapeBookmarkUtils
- improve status report after parsing
- [router] use the same endpoint for both bookmark upload and import dialog
- [template] update bookmark import options
- allow adding tags to all imported links
- allow selecting the visibility (privacy) of imported links
- [tests] ensure bookmarks are properly parsed and imported in the LinkDB
- reuse reference input from the parser's test data
See:
- https://github.com/shaarli/netscape-bookmark-parser
- https://getcomposer.org/doc/01-basic-usage.md#autoloading
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Add a new settings (which needs to be manually set): `security.trusted_proxies`
* On login failure, if the `REMOTE_ADDR` is in the trusted proxies, try to retrieve the forwarded IP in headers.
* If found, the client address is added in ipbans, else we do nothing.
Fixes#409