Minor changes
- fix Full Path Disclosure upon cookie forgery
- fix regression preventing to load LinkDB info when adding an existing link
- also extract HTTPS page metadata (title)
- add PHP 7 to Travis platforms
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Minor changes
- fix 404 after editing a link while being logged out
- update local documentation
- improve timezone detection at installation
- improve feed cache handling
- improve URL cleanup for new links
- add a link to the shaarli/shaarli DockerHub repository
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Modifications
- rename `pageCache` to `CachedPage`
- move utilities to `Cache`
- do not access globals
- apply coding rules
- update LinkDB and test code
- add test coverage
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Modifications
- attempt to use the server's timezone
- if none is set, use UTC
- TimeZone: apply coding conventions
- variable naming
- no closing PHP tag
Relates to #274
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Major changes
- fix locale handling
- fix note URLs
- fix page redirections
- fix daily RSS browsing
- fix title display
- fix links not being hidden when `HIDE_PUBLIC_LINKS` is set
- restore compatibility with PHP 5.3
- remove duplicate tags in links
- remove annoying URL patterns
- add Firefox Social API
- Search/Filter by tag fieds can now be accessed quickly with the `Tab` key
- update documentation
- start code refactoring
- move all settings to `data/config.php`
- refactor Config, LinkDB, TimeZone, Utils
- add unit test coverage
- add Travis integration
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* search tag
* delete tag
* pagination
* display privates only
* delete link
* new/edit/cancel link return page
Move location generation to Utils.php + unit tests.
Fixes#256
ninja
Isolate functions related to config in Config.php + add unit tests + code_sniffer.
options.php is not supported anymore, but its content will be automatically saved into config.php
Fixes #shaarli/Shaarli#41
*TODO*: update [documentation](https://github.com/shaarli/Shaarli/wiki#configuration).
Relates to #218
Removes "hidden" access to the following variables:
- $GLOBALS['config']['datastore']
- PHPPREFIX
- PHPSUFFIX
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
I reviewed character escaping everywhere with the following ideas:
* use a single common function to escape user data: `escape` using `htmlspecialchars`.
* sanitize fields in `index.php` after reading them from datastore and before sending them to templates.
It means no escaping function in Twig templates.
2 reasons:
* it reduces risks of security issue for future user made templates
* more readable templates
* sanitize user configuration fields after loading them.
It only concerns the date of the day in the main title.
Fixes#182
Note that daily RSS feed is not generated through templates. Date are still hard formatted in that case.
On "The Daily Shaarli" page (index.php?do=daily), the date is "Tuesday
30, November 1999" if no articles have been published/shared.
This patch checks the parameter ($linkdate) before the mktime call to
prevent and generate the "day 0" string.
mktime(0,0,0,0,0,0) returns 943916400 (hum?)
* Add awesomplete dependancy (source + min + CSS)
* Remove jQuery and jQuery-UI dependancy
* Few CSS ajustements
* Use tags complete list as RainTPL var (and display it as HTML)
* Remove "disable jQuery" feature
* Remove tag list web service
* Use regular expressions to avoid suplicating params depending on their position in the URL (¶m=,?param=)
* Only remove the relevant URL pattern and don't remove following params, fixes https://github.com/shaarli/Shaarli/issues/136
* Credits to Marcus Rohrmoser (https://github.com/mro)
* fixes https://github.com/shaarli/Shaarli/issues/122
* the shaarli version is now in a php comment block, which prevents
visitors from reading it when it is place on a PHP-enabled server, but
still allows the update mechanism to read it from the source on github.
The option to see the shortlinks or permalinks has been added to the configuration panel. It is a simple checkbox
This option is disabled by default (meaning that shortlinks are the default)
Updated writeConfig() to save this option
Also fixed a slight typo in config.html.
Removed useless CSS & fixed a comment
Enabled permalinks for the ATOM feed and fixed the isPermaLink attribute for the <guid> tag
Reverted to default behavior and clarified its meaning
EnableRssPermalinks is an oddly behaving option: when enabled, it shows a
permalink in the description and a full link in the element title, and
swaps it around when disabled. This clarifies the option for end-users
Also, moved enable_rss_permalinks to $GLOBALS['config'] because it is a
config option.
fix indent
Fixes#64
All pages:
- add `urlencode` when passing the version to a custom stylesheet;
- set meaningful values of `alt` and `title` for QR-Code images.
Install page:
- the form's `action` attribute must be non-empty;
- the `valign` attribute is deprecated.
Signed-off-by: VirtualTam <virtualtam@flibidi.org>
