VirtualTam
9d9f6d75b9
lint: fix line-length warnings
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-12-02 22:39:16 +01:00
VirtualTam
f211e417bf
lint: apply phpcbf to application/
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-12-02 22:39:16 +01:00
VirtualTam
88110550b8
Refactor client session hijacking protection
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-05-29 22:53:54 +02:00
ArthurHoaro
d449f79a0d
Merge pull request #977 from ArthurHoaro/feature/dl-filter
...
Extract the title/charset during page download, and check content type
2018-01-23 18:41:38 +01:00
ArthurHoaro
101b935de4
Merge pull request #1025 from ArthurHoaro/hotfix/proxy-443
...
Force HTTPS if the original port is 443 behind a reverse proxy
2017-12-03 12:46:43 +01:00
ArthurHoaro
8e9fc6f6e6
Force HTTPS if the original port is 443 behind a reverse proxy
...
Fixes #1022
2017-12-02 15:24:35 +01:00
ArthurHoaro
91c807d275
Increase buffer size for cURL download
...
1kB chunk size has caused me a lot of trouble with Travis which wasn't completing the download
2017-11-11 16:49:57 +01:00
ArthurHoaro
d65342e304
Extract the title/charset during page download, and check content type
...
Use CURLOPT_WRITEFUNCTION to check the response code and content type (only allow HTML).
Also extract the title and charset during downloading chunk of data, and stop it when everything has been extracted.
Closes #579
2017-10-28 14:35:49 +02:00
ArthurHoaro
a3130d2c2f
Make work behind a reverse proxy
...
Without HTTP_X_FORWARDED_PORT check, might be set to false even though the user is using HTTPS, thus disabling Firefox Social block display
2017-09-02 13:50:49 +02:00
Stephen Muth
b80315e238
Respect HTTP_X_FORWARDED_HOST
...
alongside _PORT and _PROTO
Fixes #879
2017-07-08 00:01:03 +00:00
VirtualTam
ee6f4b64a9
Cleanup: use safe boolean comparisons
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-07 14:37:40 +01:00
ArthurHoaro
8e4be77368
Hide default port in local URL behind a reverse proxy
2017-01-03 14:17:05 +01:00
Arthur
adcdac1dec
Merge pull request #623 from ArthurHoaro/security/reverse-proxy-ban
...
Add trusted IPs in config and try to ban forwarded IP on failed login
2016-10-12 14:48:57 +02:00
julienCXX
634783f916
Set cURL as default in HTTP fetching, a fallback method and consistency fixup between both methods
2016-08-08 20:45:50 +02:00
ArthurHoaro
50d1791838
Add trusted IPs in config and try to ban forwarded IP on failed login
...
* Add a new settings (which needs to be manually set): `security.trusted_proxies`
* On login failure, if the `REMOTE_ADDR` is in the trusted proxies, try to retrieve the forwarded IP in headers.
* If found, the client address is added in ipbans, else we do nothing.
Fixes #409
2016-08-03 10:36:47 +02:00
ArthurHoaro
5046bcb6ab
Fix startsWith and endsWith case
2016-05-10 23:31:41 +02:00
ArthurHoaro
caa69b5853
typo
2016-05-05 13:28:43 +02:00
ArthurHoaro
ce7b0b6480
Fixes #531 - Title retrieving is failing with multiple use case
...
see https://github.com/shaarli/Shaarli/issues/531 for details
2016-05-03 19:51:29 +02:00
ArthurHoaro
85244fa0d0
Fixes #477 : support multi reverse proxy with comma syntax
...
Going through multiple reverse proxy will store multiple scheme and port in HTTP header separated by a comma. Shaarli will use the first one to generate server_url.
2016-02-28 16:24:18 +01:00
VirtualTam
fc17813bd1
tests: add a make target to check file permissions
...
Additions:
- [makefile] check versioned files are not executable
- [travis] call the new make target
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-01-17 21:02:24 +01:00
ArthurHoaro
1557cefbd7
Fixes #410 - Retrieve title fails in multiple cases
...
* `get_http_url()` renamed to `get_http_response()`.
* Use the same HTTP context to retrieve response headers and content.
* Follow HTTP 301 and 302 redirections to retrieve the title (default max 3 redirections).
* Add `LinkUtils` to extract titles and charset.
* Try to retrieve charset from HTTP headers first (new), then HTML content.
* Use mb_string to re-encode title if necessary.
2016-01-11 21:19:31 +01:00
VirtualTam
482d67bd52
HTTP: move server URL functions to HttpUtils.php
...
Relates to #333
Modifications:
- refactor server URL utility functions
- do not access global `$_SERVER` variables
- add test coverage
- improve readability
- apply coding conventions
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-14 20:27:16 +02:00
VirtualTam
451314eb48
HTTP: move utils to a proper file, add tests
...
Relates to #333
Modifications:
- move HTTP utils to 'application/HttpUtils.php'
- simplify logic
- replace 'http_parse_headers_shaarli' by built-in 'get_headers()'
- remove superfluous '$status' parameter (provided by the HTTP headers)
- apply coding conventions
- add test coverage (unitary only)
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-06 19:30:26 +02:00