Commit graph

143 commits

Author SHA1 Message Date
ArthurHoaro
9ff17ae20e Add markdown_escape setting
This setting allows to escape HTML in markdown rendering or not.
The goal behind it is to avoid XSS issue in shared instances.

More info:

  * the setting is set to true by default
  * it is set to false for anyone who already have the plugin enabled
  (avoid breaking existing entries)
  * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof
  * mention the setting in the plugin README
2017-03-04 09:38:12 +01:00
ArthurHoaro
d592daea83 Add a persistent 'shorturl' key to all links
All existing link will keep their permalinks.
New links will have smallhash generated with date+id.

The purpose of this is to avoid collision between links due to their creation date.
2016-12-12 03:03:12 +01:00
ArthurHoaro
c3dfd89959 Unit Test for the new ID system 2016-12-12 03:03:12 +01:00
Arthur
6781465fda Merge pull request #691 from ArthurHoaro/plugins/no-md-feed
Markdown: fixes feed rendering with nomarkdown tag
2016-12-01 11:13:04 +01:00
ArthurHoaro
266e3fe5c8 Markdown: fixes feed rendering with nomarkdown tag
* make sure we match exactly `nomarkdown` tag
 * pass the whole link data to stripNoMarkdownTag() to:
   * strip the noMD tag in taglist (array)
   * strip the tag in tags (string)

Fixes #689

tmp
2016-11-22 10:26:03 +01:00
ArthurHoaro
5ebc1d504b .htaccess files: support Apache 2.4+ syntax
If `mod_version` is enabled, the previous syntax will apply for Apache <2.4.
If not, the new syntax is used by default.

Fixes #676

`mod_version` identifier is `version_module` across all Apache versions. See:

  * https://httpd.apache.org/docs/current/mod/mod_version.html
  * https://httpd.apache.org/docs/2.2/mod/mod_version.html
  * https://serverfault.com/questions/733910/how-do-i-load-mod-version-only-if-it-isnt-built-in-to-apache

Note that version_module comes built-in with Debian (and derivatives) Apache2 packages, see https://wiki.debian.org/Apache/PackagingFor24
2016-11-08 11:38:14 +01:00
ArthurHoaro
c5941f316a Fix an issue with links not being reversed in code blocks
Fixes #672

+ Markdown to HTML unit test
2016-10-22 11:13:48 +02:00
VirtualTam
3d5e0aede3 Merge pull request #673 from virtualtam/cleanup/linkdb
LinkDB: code cleanup
2016-10-21 11:04:52 +02:00
VirtualTam
954dc2446c Merge pull request #665 from ArthurHoaro/fix/feed-hashtags
Fix hashtag links in Feeds
2016-10-20 21:37:28 +02:00
VirtualTam
735ed4a94e LinkDB: explicit method visibility
Relates to https://github.com/shaarli/Shaarli/issues/95

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-10-20 21:33:42 +02:00
VirtualTam
f21abf3292 LinkDB: update datastore method names
Relates to https://github.com/shaarli/Shaarli/issues/95

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-10-20 21:33:40 +02:00
VirtualTam
628b97cbdf LinkDB: do not prefix privates with an underscore
Relates to #95

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-10-20 21:10:56 +02:00
ArthurHoaro
fbc28ff1c8 Fix hashtags links in Feeds
Make the hashtag link absolute in feeds to work properly in RSS syndication tools.
2016-10-20 11:42:01 +02:00
ArthurHoaro
7af9a41881 Minor code cleanup: PHPDoc, spelling, unused variables, etc. 2016-10-20 11:36:11 +02:00
Arthur
c1c2102850 Merge pull request #651 from ArthurHoaro/plugin-isso2
Isso comments plugin
2016-10-18 08:14:09 +02:00
VirtualTam
8406a4b670 Merge pull request #662 from virtualtam/fix/feed/self-link
Fix: return the proper value for the "self" feed attribute
2016-10-17 17:58:39 +02:00
ArthurHoaro
bf26e7ebcb Isso comments plugin
Use Isso client to let visitors comments on permalinks
2016-10-17 09:23:14 +02:00
VirtualTam
44a718090d Fix: return the proper value for the "self" feed attribute
Fixes https://github.com/shaarli/Shaarli/issues/629
Closes https://github.com/shaarli/Shaarli/pull/630

Note: you might need to empty the "pagecache" directory for the
fix to be taken into account

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-10-16 20:58:15 +02:00
ArthurHoaro
7fde6de121 New init function for plugins, supports errors reporting
All plugins can optionally add an init function named `pluginname_init()` which is called when the plugin is loaded.

This function is aware of the config, and can return initialization errors, which are displayed in the header template.

Note that the previous error system hack no longer work.
2016-10-14 13:22:58 +02:00
VirtualTam
f63632a6fb Merge pull request #654 from teromene/archive-org-no-internal
Archive.org plugin: do not propose archival of private notes

Fixes #637
2016-10-13 18:12:55 +02:00
Teromene
5e148f8a52 Archive.org plugin: do not propose archival of private notes
Fixes #637
2016-10-13 16:37:43 +01:00
Arthur
0354257266 Merge pull request #622 from ArthurHoaro/update-date
Save link update dates and render it in templates and feeds
2016-10-12 14:51:37 +02:00
Arthur
adcdac1dec Merge pull request #623 from ArthurHoaro/security/reverse-proxy-ban
Add trusted IPs in config and try to ban forwarded IP on failed login
2016-10-12 14:48:57 +02:00
VirtualTam
8758bb0ac8 Merge pull request #619 from ArthurHoaro/plugins/param-desc
Add a description to plugin parameters
2016-08-13 14:48:51 +02:00
VirtualTam
db6dec0de1 Fix: add missing final newlines, untabify text
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-08-13 14:22:22 +02:00
VirtualTam
f4ad7bde56 Fix: ensure Internet Explorer bookmark dumps can be imported
Relates to https://github.com/shaarli/Shaarli/issues/607

Modifications:
- [application][tests] NetscapeBookmarkUtils: more permissive doctype detection

The IE bookmark exports contain extra escape sequences, which can be observed
by binary comparison of the reference input data used in tests:

   $ cmp -b -l -n 8 netscape_basic.htm internet_explorer_encoding.htm

   1  74 <    357 M-o
   2  41 !    273 M-;
   3 104 D    277 M-?
   4 117 O     74 <
   5 103 C     41 !
   6 124 T    104 D
   7 131 Y    117 O
   8 120 P    103 C

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-08-12 23:22:15 +02:00
VirtualTam
a973afeac7 Refactor bookmark import using a generic Netscape parser
Relates to #607
Relates to #608
Relates to #493 (abandoned)

Additions:
- use Composer's autoload to load 3rd-party dependencies under vendor/

Modifications:
- [import] replace the current parser with a generic, stable parser
  - move code to application/NetscapeBookmarkUtils
  - improve status report after parsing
- [router] use the same endpoint for both bookmark upload and import dialog
- [template] update bookmark import options
  - allow adding tags to all imported links
  - allow selecting the visibility (privacy) of imported links
- [tests] ensure bookmarks are properly parsed and imported in the LinkDB
  - reuse reference input from the parser's test data

See:
- https://github.com/shaarli/netscape-bookmark-parser
- https://getcomposer.org/doc/01-basic-usage.md#autoloading

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-08-10 01:42:44 +02:00
ArthurHoaro
edf3ff5a53 Initialize a translation function
It matches the API of ngettext().
2016-08-07 11:54:39 +02:00
ArthurHoaro
50d1791838 Add trusted IPs in config and try to ban forwarded IP on failed login
* Add a new settings (which needs to be manually set): `security.trusted_proxies`
  * On login failure, if the `REMOTE_ADDR` is in the trusted proxies, try to retrieve the forwarded IP in headers.
  * If found, the client address is added in ipbans, else we do nothing.

Fixes #409
2016-08-03 10:36:47 +02:00
ArthurHoaro
c6d876bb2a Set updated date for items in feeds
RSS doesn't support updated date for items, so we use the ATOM extension.
Updated dates also bump the global update
2016-08-03 09:54:57 +02:00
VirtualTam
c7a42ab1d9 Merge pull request #621 from ArthurHoaro/hotfix/update-escape-config
Fix update method escapeUnescapedConfig
2016-08-02 19:46:47 +02:00
ArthurHoaro
b9f8b83790 Fix update method escapeUnescapedConfig
* Actually run it
  * unit tests

Fixes #611
2016-08-02 12:54:55 +02:00
ArthurHoaro
15170b5164 Parse plugin parameters description with the PluginManager
Plugin parameter can contain a description in their meta file under the key:

    parameter.<param_name>="<description>"
2016-08-02 11:12:01 +02:00
ArthurHoaro
9866b40814 Better whitespace handling in tags
Correct PR #573 to work properly with hidden tags, and add ReferenceLinkDB UT.

Fixes #571 - Closes #573
2016-08-02 10:34:21 +02:00
Chris Kuethe
32d51093e3 add unit test 2016-08-02 10:22:18 +02:00
Arthur
2795cf5e1c Merge pull request #605 from ArthurHoaro/clean-phpunit
Hide expected 'error_log' while running TU (clean PHPUnit log)
2016-07-23 14:20:23 +02:00
ArthurHoaro
87f9f4f9b7 Hide expected 'error_log' while running TU (clean PHPUnit log) 2016-07-23 14:16:07 +02:00
julienCXX
1336a7326b Fix typo in test method name 2016-07-21 19:42:26 +02:00
Arthur
0c4c7ae818 Merge pull request #558 from ArthurHoaro/hashtag4
Hashtag system
2016-07-09 07:36:23 +02:00
Arthur
649af5b501 Merge pull request #570 from ArthurHoaro/config-manager
Introduce a configuration manager
2016-07-09 07:19:48 +02:00
ArthurHoaro
5ff23f02b8 Add closing PHP tags to JSON config files 2016-06-20 18:30:37 +02:00
ArthurHoaro
894a3c4bf3 Rename configuration key for better sections 2016-06-11 09:30:56 +02:00
ArthurHoaro
51def0d849 PluginManager no longer uses singleton pattern 2016-06-11 09:30:56 +02:00
ArthurHoaro
278d9ee283 ConfigManager no longer uses singleton pattern 2016-06-11 09:30:56 +02:00
ArthurHoaro
da10377b3c Rename configuration keys and fix GLOBALS in templates 2016-06-11 09:30:56 +02:00
ArthurHoaro
eeea1c3daa Use the configuration manager for wallabag and readityourself plugin 2016-06-11 09:30:56 +02:00
ArthurHoaro
b74b96bfbd Adds ConfigJson which handle the configuration in JSON format.
Also use the Updater to make the transition
2016-06-11 09:30:56 +02:00
ArthurHoaro
684e662a58 Replace $GLOBALS configuration with the configuration manager in the whole code base 2016-06-11 09:30:56 +02:00
ArthurHoaro
59404d7909 Introduce a configuration manager (not plugged yet) 2016-06-11 09:30:56 +02:00
ArthurHoaro
9ccca40189 Hashtag system
* Hashtag are auto-linked with a filter search
  * Supports unicode
  * Compatible with markdown (excluded in code blocks)
2016-06-06 21:04:43 +02:00