ArthurHoaro
8f8113b94b
Fixes #176 - Add opensearch functionality
...
* add a new page in Router: do=opensearch which displays the opensearch plugin
* using base64 compressed image to avoid issue encountered with HTTPS
2015-11-17 20:19:44 +01:00
VirtualTam
a7921b2445
cleanup: remove the executable bit from source scripts
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-11 19:19:24 +01:00
VirtualTam
28bb2b74e3
index.php: group globals by theme, format comments
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-11 18:45:46 +01:00
Arthur
fd006c630b
Merge pull request #275 from shaarli/plugin-proposition
...
Plugin proposition
2015-11-08 13:29:32 +01:00
ArthurHoaro
056107ab4e
Handle errors raised by plugins in template. fixes #370
2015-11-08 13:22:44 +01:00
ArthurHoaro
6fc14d5303
Plugin system - CORE
...
see shaarli/Shaarli#275
2015-11-07 15:27:17 +01:00
ArthurHoaro
d01c234235
Fixes #356
...
* adding a link should return added link's hash
* allow redirection relative urls in generateLocation
2015-11-04 19:53:59 +01:00
VirtualTam
38bedfbbcd
Bump version to 0.5.4
...
Fixes:
- PHP session IDs: handle hash algorithms and bits per char representations
Minor changes:
- HTTPS: support being served behing an SSL-enabled proxy
- HTTP/Server utilities: refactor & add test coverage
Project & documentation:
- improve/rewrite `README.md`
- update contributor list
- update `index.php` header
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-14 21:02:52 +02:00
VirtualTam
49e2b35b4a
Update project information: contributors, index.php
header
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-14 20:54:13 +02:00
VirtualTam
482d67bd52
HTTP: move server URL functions to HttpUtils.php
...
Relates to #333
Modifications:
- refactor server URL utility functions
- do not access global `$_SERVER` variables
- add test coverage
- improve readability
- apply coding conventions
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-14 20:27:16 +02:00
Fanch
7b114771d3
SSL detection: add support for X-Forwarded-Proto
...
Duplicates #332
See:
- RFC 7239 - Forwarded HTTP Extension
http://www.ietf.org/rfc/rfc7239.txt
- RFC 6238 - Deprecating the "X-" Prefix and Similar Constructs in Application Protocols
http://www.ietf.org/rfc/rfc6648.txt
- StackOverflow - Custom HTTP headers: naming conventions
http://stackoverflow.com/a/3561399
2015-09-13 21:17:01 +02:00
Guillaume Virlet
ef591e7ee2
Url: introduce global helper functions for cleanup and scheme detection
...
Relates to #314 & #326
Additions:
- add global `cleanup_url()` and `get_url_scheme()` functions
Modifications:
- replace `Url` usage in `index.php` by calls to global functions
- fix `Url` tests not being run: PHPUnit expects a single test class per file
- move classes to separate files
2015-09-08 22:00:37 +02:00
VirtualTam
451314eb48
HTTP: move utils to a proper file, add tests
...
Relates to #333
Modifications:
- move HTTP utils to 'application/HttpUtils.php'
- simplify logic
- replace 'http_parse_headers_shaarli' by built-in 'get_headers()'
- remove superfluous '$status' parameter (provided by the HTTP headers)
- apply coding conventions
- add test coverage (unitary only)
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-06 19:30:26 +02:00
VirtualTam
68bc21353a
Session ID: extend the regex to match possible hash representations
...
Improves #306
Relates to #335 & #336
Duplicated by #339
Issues:
- PHP regenerates the session ID if it is not compliant
- the regex checking the session ID does not cover all cases
- different algorithms: md5, sha1, sha256, etc.
- bit representations: 4, 5, 6
Fix:
- `index.php`:
- remove `uniqid()` usage
- call `session_regenerate_id()` if an invalid cookie is detected
- regex: support all possible characters - '[a-zA-Z,-]{2,128}'
- tests: add coverage for all algorithms & bit representations
See:
- http://php.net/manual/en/session.configuration.php#ini.session.hash-function
- https://secure.php.net/manual/en/session.configuration.php#ini.session.hash-bits-per-character
- http://php.net/manual/en/function.session-id.php
- http://php.net/manual/en/function.session-regenerate-id.php
- http://php.net/manual/en/function.hash-algos.php
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-06 16:14:24 +02:00
ArthurHoaro
ce8c4a84ba
Bump version to v0.5.3
...
Fixes a bug that could prevent user to login.
2015-09-02 18:06:21 +02:00
VirtualTam
53cc2b93b8
Bump version to 0.5.2
...
Minor changes
- fix Full Path Disclosure upon cookie forgery
- fix regression preventing to load LinkDB info when adding an existing link
- also extract HTTPS page metadata (title)
- add PHP 7 to Travis platforms
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-31 20:39:27 +02:00
VirtualTam
6211c498f6
Merge pull request #326 from ArthurHoaro/bug-url
...
Fixes #325 - Shaarli does not recognize saved links
2015-08-31 20:31:41 +02:00
ArthurHoaro
26c503460c
Add HTTPS support for title extracting feature
2015-08-31 12:30:59 +02:00
ArthurHoaro
9e1724f192
Fixes #325 - Shaarli does not recognize saved links
...
PHP doesn't seem to autoconvert objects to strings when they're use as array indexes.
Fixes regression introduced in d9d776af19
2015-08-31 12:26:38 +02:00
ArthurHoaro
06b6660a7e
Avoid Full Path Disclosure error on session error.
...
* Add a function to validate session ID.
* Generate a new session ID if an invalid token is passed.
2015-08-22 10:10:55 +02:00
VirtualTam
d7efade5d6
Bump version to 0.5.1
...
Minor changes
- fix 404 after editing a link while being logged out
- update local documentation
- improve timezone detection at installation
- improve feed cache handling
- improve URL cleanup for new links
- add a link to the shaarli/shaarli DockerHub repository
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-18 00:36:55 +02:00
VirtualTam
d9d776af19
Links: refactor & improve URL cleanup
...
Relates to #141
Relates to #133
Modifications
- move URL cleanup to `application/Url.php`
- rework the cleanup function
- fragments: `#stuff`
- GET parameters: `?var1=val1&var2=val2`
- add documentation (APIs the params belong to)
- add test coverage
Reference
- http://php.net/parse_url
- http://php.net/manual/en/language.oop5.magic.php#language.oop5.magic.tostring
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-15 15:58:38 +02:00
VirtualTam
01e48f269d
CachedPage: move to a proper file, add tests
...
Modifications
- rename `pageCache` to `CachedPage`
- move utilities to `Cache`
- do not access globals
- apply coding rules
- update LinkDB and test code
- add test coverage
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-13 23:48:06 +02:00
ArthurHoaro
5fbabbb9be
Fixes #299 : prevent 404 on '?edit_link' while logged out
...
- add a use case for edit_link in logged out part.
- *really* prevent loops on login screen.
2015-08-07 16:26:38 +02:00
VirtualTam
afd7b77b4c
Installation: default to the server's timezone
...
Modifications
- attempt to use the server's timezone
- if none is set, use UTC
- TimeZone: apply coding conventions
- variable naming
- no closing PHP tag
Relates to #274
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-04 23:54:03 +02:00
VirtualTam
7d4263e11a
Bump version to 0.5.0
...
Major changes
- fix locale handling
- fix note URLs
- fix page redirections
- fix daily RSS browsing
- fix title display
- fix links not being hidden when `HIDE_PUBLIC_LINKS` is set
- restore compatibility with PHP 5.3
- remove duplicate tags in links
- remove annoying URL patterns
- add Firefox Social API
- Search/Filter by tag fieds can now be accessed quickly with the `Tab` key
- update documentation
- start code refactoring
- move all settings to `data/config.php`
- refactor Config, LinkDB, TimeZone, Utils
- add unit test coverage
- add Travis integration
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-30 11:20:51 +02:00
VirtualTam
d1e2f8e52c
PHP: ensure 5.3 compatibility, refactor timezone utilities
...
Relates to #250
Modifications
- supported version
- bump required version from 5.1.0 to 5.3.x
- update README
- add PHP 5.3 to Travis environments
- rewrite array declarations: explicitely use array() instead of []
- move checkPHPVersion to application/Utils.php
- move timezone functions to application/TimeZone.php
- cleanup code
- improve test coverage
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-13 13:06:06 +02:00
VirtualTam
5b0ebbc5de
Merge pull request #257 from ArthurHoaro/tag-http-referer
...
Prevent redirection loop everytime we rely on HTTP_REFERER
2015-07-12 19:56:13 +02:00
ArthurHoaro
775803a05c
Prevent redirection loop everytime we rely on HTTP_REFERER:
...
* search tag
* delete tag
* pagination
* display privates only
* delete link
* new/edit/cancel link return page
Move location generation to Utils.php + unit tests.
Fixes #256
ninja
2015-07-12 17:43:13 +02:00
Arthur
1dcbe29611
English mistake cf sebsauvage/Shaarli#221
2015-07-12 15:16:37 +02:00
ArthurHoaro
6ac95d9cf1
Fixes warning 'Undefined index: searchtags' while filtering by tags.
...
Happened if there were not any searchtags already present in the query.
2015-07-12 11:36:42 +02:00
Arthur
7bd3542b1b
Merge pull request #262 from ArthurHoaro/dup-tags
...
Avoid tag duplicates
2015-07-12 11:01:24 +02:00
ArthurHoaro
781e8aadea
Avoid tag duplicates
...
* Prevent duplicate client side with awesomplete
* Prevent duplicate server side (save_edit processing)
Fixes #261
2015-07-12 10:34:29 +02:00
VirtualTam
bba021defc
Merge pull request #268 from ArthurHoaro/dailrss-template
...
Include the whole <item> in Daily RSS template
2015-07-11 19:09:52 +02:00
ArthurHoaro
f3b8f9f0f8
Include the whole <item> in dailyRSS
...
Allow custom date format and title in templates.
Also a bit of code style review.
Fixes #182
2015-07-11 10:25:25 +02:00
VirtualTam
50c9a12ee6
Fix: data/config.php was not imported
...
Relates to #255
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-11 00:12:13 +02:00
VirtualTam
e92f1ba59e
Merge pull request #255 from ArthurHoaro/config
...
All settings are now stored in config.php
2015-07-09 21:34:46 +02:00
ArthurHoaro
dd484b90b1
All settings are now stored in config.php
...
Isolate functions related to config in Config.php + add unit tests + code_sniffer.
options.php is not supported anymore, but its content will be automatically saved into config.php
Fixes #shaarli/Shaarli#41
*TODO*: update [documentation](https://github.com/shaarli/Shaarli/wiki#configuration ).
2015-07-09 20:46:03 +02:00
VirtualTam
9186ab9594
LinkDB::filterDay(): check input date format
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-09 00:44:19 +02:00
ArthurHoaro
f3db3774f9
Fixes #260 : previous/next day links in daily
...
The bug was occuring only if we tried to access to the first day.
2015-07-08 17:12:06 +02:00
VirtualTam
9c8752a206
LinkDB: do not access global variables
...
Relates to #218
Removes "hidden" access to the following variables:
- $GLOBALS['config']['datastore']
- PHPPREFIX
- PHPSUFFIX
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-06-24 23:26:52 +02:00
nodiscc
64bc92e3ac
move escape() and sanitizeLink() to application/Utils.php
...
prevents 'PHP Fatal error: Call to undefined function sanitizeLink() in Shaarli/application/LinkDB.php on line 255' in tests
2015-06-24 01:08:30 +02:00
nodiscc
eaefcba724
Merge remote-tracking branch 'ArthurHoaro/input-escape' into next
...
Conflicts:
index.php
2015-06-24 00:51:38 +02:00
VirtualTam
9f15ca9ee7
LinkDB: add 'hidePublicLinks' parameter to the constructor
...
Fixes #236
Relates to #237
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-06-24 00:26:59 +02:00
ArthurHoaro
c68da3ffbf
Page title if there is a single link
...
Fixes #232
2015-06-23 20:22:02 +02:00
ArthurHoaro
5f85fcd863
Working on shaarli/Shaarli#224
...
I reviewed character escaping everywhere with the following ideas:
* use a single common function to escape user data: `escape` using `htmlspecialchars`.
* sanitize fields in `index.php` after reading them from datastore and before sending them to templates.
It means no escaping function in Twig templates.
2 reasons:
* it reduces risks of security issue for future user made templates
* more readable templates
* sanitize user configuration fields after loading them.
2015-06-23 16:35:36 +02:00
nodiscc
4a5827ff5a
Merge remote-tracking branch 'ArthurHoaro/daily-date' into next
2015-06-23 15:07:03 +02:00
nodiscc
38a0c256d2
Merge remote-tracking branch 'virtualtam/test/link-db' into next
...
Conflicts:
index.php
2015-06-23 14:38:43 +02:00
nodiscc
0fe36414c8
Merge remote-tracking branch 'ArthurHoaro/search-tag-awesomplete' into next
2015-06-23 14:18:31 +02:00
ArthurHoaro
4de71445d3
Daily page: date format in template
...
It only concerns the date of the day in the main title.
Fixes #182
Note that daily RSS feed is not generated through templates. Date are still hard formatted in that case.
2015-06-19 20:23:58 +02:00