Commit graph

42 commits

Author SHA1 Message Date
9047fb2fd5 [chg] remove javascript autofocus prefer html5 2015-06-26 15:33:17 +02:00
1f28497fff [add] option for define contact link 2015-06-26 15:23:10 +02:00
cd635a0857 [add] Firefox social API by Marsup d33c5d4c3b 2015-06-26 14:41:36 +02:00
5bc8d56ae8 [fix] small fix 2015-06-26 12:23:23 +02:00
75d92a11f6 [fix] duplicate id paging_current in paging 2015-05-20 12:30:54 +02:00
b69f64e3fa [add] option for post original article to wallabag (nodiscc plugin) 2015-05-20 12:23:02 +02:00
3737a64ff3 [chg] change rename/delete tag form 2015-05-20 10:40:51 +02:00
2e05b32a32 [add] markdown documentation
[upd] better css and semantic for edit/add form
2015-05-13 12:07:03 +02:00
Qwerty
83a86d2d39 Add Archive.org integration
* adds an "archive" link next to permalinks, linking to the last version of the page on archive.org
2015-05-05 15:56:17 +02:00
ArthurHoaro
1687756741 shaarli/Shaarli#34: Make update check optional
* Add a check box at installation (checked by default)
  * Add a check box in configuration page
2015-05-05 15:36:46 +02:00
27c05d1885 [upd] fix all div width 2015-05-05 15:10:32 +02:00
a90f15a5c2 [upd] css search form 2015-05-05 14:34:29 +02:00
nodiscc
e76cb042fa tools dialog: add a 'Add Note' bookmarklet to immediatly open a note (text post) compose window
* Fixes https://github.com/shaarli/Shaarli/issues/142
 * Fixes https://github.com/sebsauvage/Shaarli/issues/59
2015-05-05 12:02:03 +02:00
f0bec991d0 Merge branch 'favicon' into myShaarli
Conflicts:
	index.php
2015-01-30 09:37:52 +01:00
268682859a [add] show favicon of site
[add] fetch and cache favicon
2015-01-29 16:59:59 +01:00
7a8068a787 [upd] update input label via 2013-11-21 17:10:47 +01:00
06d803e78e [upd] change via message (@via to Origine =>)
[fix] via field for atom
2013-11-21 16:50:48 +01:00
55ade1a969 Fix bad merge 2013-09-27 10:02:20 +02:00
6cb22b63c5 Merge branch 'master' into myShaarli
Conflicts:
	tpl/page.header.html
	tpl/picwall.html
	tpl/tagcloud.html
2013-09-27 09:53:07 +02:00
6f5933d23f Sync with SebSauvage repo 2013-09-27 09:38:01 +02:00
7e929771eb [upd] link to homepage 2013-09-09 10:44:42 +02:00
ba36c44c5c [add] link to contact page 2013-09-09 10:42:27 +02:00
12e74779c4 [fix] small bug (bad empty test) 2013-05-03 10:44:24 +02:00
c2d24b7827 [add] via input 2013-04-30 16:20:54 +02:00
Christophe HENRY
1db7867707 typo 2013-03-29 17:04:15 +01:00
Christophe HENRY
6888cc6f90 Adds a configuration variable "titleLink" which allows to customize the
link on the title.

Conflicts:
	tpl/page.header.html
2013-03-29 16:56:24 +01:00
01f59ddf63 Change the tagcloud generation for better variaous size. 2013-03-29 15:51:56 +01:00
4c02d06d57 Merge remote-tracking branch 'master/master' into myShaarli 2013-03-29 15:48:58 +01:00
9550bfe181 Move inline CSS style to shaarli.css 2013-03-29 15:37:44 +01:00
dc420191df Move inline CSS style to shaarli.css 2013-03-29 15:21:32 +01:00
e4501035c3 Merge remote-tracking branch 'origin/master' into myShaarli 2013-03-21 10:57:51 +01:00
c98a5f2205 Create a personal themes for Shaarli. 2013-03-20 12:31:27 +01:00
Sébastien SAUVAGE
99954e1290 Merge pull request #43 from dsferruzza/highlight-search-results
Highlight search results
2013-03-11 02:11:47 -07:00
David Sferruzza
f2acdfd14e Move lazyload init inside the body tag 2013-03-10 19:04:48 +01:00
David Sferruzza
9da4953190 Avoid highlighting paging stuff 2013-03-10 18:26:16 +01:00
David Sferruzza
1b647ff409 Highlight search results (issue #4)
Uses http://bartaz.github.com/sandbox.js/jquery.highlight.html
2013-03-10 18:24:05 +01:00
bb8f712db6 [add] https://github.com/sebsauvage/Shaarli/issues/20 New links created as private by default. 2013-03-04 10:18:39 +01:00
Sebastien SAUVAGE
feebc6d466 Corrected vulnerabilities (see report below)
Title : Shaarli Vulnerabilities
Author : @erwan_lr | @_WPScan_

Vendor : http://sebsauvage.net/wiki/doku.php?id=php:shaarli
Download : https://github.com/sebsauvage/Shaarli/archive/master.zip |
http://sebsauvage.net/files/shaarli_0.0.40beta.zip
Affected versions : master-705F835, 0.0.40-beta (versions below may also
be vulnerable)

Vulnerabilities : Persistent XSS & Unvalidated Redirects and Forwards

Persistent XSS :
- During the instalation or configuration modification, the title field
is vulnerable. e.g <script>alert(1)</script>
Quotes can not be used because of var_export(), but String.fromCharCode
works

- The url field of a link is vulnerable :

When there is no redirector : javascript:alert(1)
Then, the code is triggered when a user click the url of a link

Or with a classic XSS : "><script>alert(1)</script>

Unvalidated Redirects and Forwards :
A request with the param linksperpage or privateonly can be used to
redirect a user to an arbitrary referer

e.g
GET /Audit/Shaarli/master-705f835/?linksperpage=10 HTTP/1.1
Host: 127.0.0.1
Referer: https://duckduckgo.com

History :
March 2, 2013
- Vendor contacted
2013-03-03 22:15:38 +01:00
Sebastien SAUVAGE
858c5c2b43 Added option to disable jQuery and heavy javascript
Shaarli uses light Javascript in its normal operation, and some jQuery
for some features (autocomplete in tags, QR-Code popup...).
jQuery can be slow on small computers. An option has been added in
configuration screen to disable javascript features which are hard on
CPU.
(Note that the Picture Wall is awfully heavy *without* jQuery.)

(Side note: A *LOT* of users want Shaarli to work without javasript at
all, if possible. That's why I try to use as few javascript as possible:
It keeps Shaarli pages fast.)
2013-03-01 22:21:10 +01:00
Sébastien SAUVAGE
b342b2a4c7 After clicking save/cancel on a link, scroll to the link itself. 2013-02-27 18:24:07 +01:00
Sébastien SAUVAGE
b2877611c3 Edit/delete button on the left-side of links.
https://github.com/sebsauvage/Shaarli/issues/5
2013-02-27 17:46:45 +01:00
Sébastien SAUVAGE
450342737c Initial commit (version 0.0.40 beta) 2013-02-26 10:09:41 +01:00