Commit graph

39 commits

Author SHA1 Message Date
ArthurHoaro
329e076879 shaarli/Shaarli#34: Make update check optional
* Add a check box at installation (checked by default)
  * Add a check box in configuration page
2015-02-20 22:49:41 +01:00
nodiscc
225eff62a1 fix broken reset.css URL introduced in a6e0134 2015-02-17 20:58:11 +01:00
nodiscc
a6e0134d07 Fix missing authors and licenses in COPYING
* add idleman for original CSS
 * add yahoo inc. for CSS reset
 * split the main css code and the yahoo reset CSS in 2 files
 * add copyright information for RainTPL, add LGPL license
2015-02-14 13:49:00 +01:00
nodiscc
e6ea0f9653 Update README and Shaarli's footer
* remove version number display from main page
 * update project URL in footer, fixes https://github.com/shaarli/Shaarli/issues/89
 * update copyright notice in the footer
 * mention origins of the fork in README, fixes https://github.com/shaarli/Shaarli/issues/105
 * update License section in the README
 * remove screenshots as mediacru.sh is down
2015-02-14 13:48:39 +01:00
Florian Eula
ed5b38ddd2 Feature: enable/disable permalinks for RSS
The option to see the shortlinks or permalinks has been added to the configuration panel. It is a simple checkbox
This option is disabled by default (meaning that shortlinks are the default)
Updated writeConfig() to save this option
Also fixed a slight typo in config.html.

Removed useless CSS & fixed a comment

Enabled permalinks for the ATOM feed and fixed the isPermaLink attribute for the <guid> tag

Reverted to default behavior and clarified its meaning
EnableRssPermalinks is an oddly behaving option: when enabled, it shows a
permalink in the description and a full link in the element title, and
swaps it around when disabled. This clarifies the option for end-users
Also, moved enable_rss_permalinks to $GLOBALS['config'] because it is a
config option.

fix indent
2015-02-07 03:21:30 +01:00
nodiscc
4e7b1bf698 Merge pull request #99 from pikzen/license-version
Versioned JS files & centralized licenses
2015-01-26 13:41:06 +01:00
nodiscc
852613dece Merge pull request #100 from virtualtam/daily-timestamp
daily: display link timestamps
2015-01-26 13:40:37 +01:00
feula
8e0ad1d920 Versioned JS files & centralized licenses
Updated libraries
Updated copyright dates and the list of contributors.

Added unminified sources for GPL compliance
2015-01-21 11:46:50 +01:00
VirtualTam
04751e0441 w3c: fix HTML syntax errors
Fixes #64

All pages:
- add `urlencode` when passing the version to a custom stylesheet;
- set meaningful values of `alt` and `title` for QR-Code images.

Install page:
- the form's `action` attribute must be non-empty;
- the `valign` attribute is deprecated.

Signed-off-by: VirtualTam <virtualtam@flibidi.org>
2015-01-20 02:53:53 +01:00
VirtualTam
38a2d03e34 daily: display link timestamps
Fixes #26

Signed-off-by: VirtualTam <virtualtam@flibidi.org>
2015-01-15 00:05:26 +01:00
ArthurHoaro
fe16b01edb * removed the language attribute on the script element since it is obsolete and we can safely omit it.
* make QRCode JS works with IE :
  * behave as a normal link if canvas aren't supported (<=IE8)
  * default parameter values in JS aren't widely supported (see: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions/Default_parameters ), use this method instead: http://stackoverflow.com/a/148918/1484919
  * dataset isn't supported in IE9 use getAttribute instead
  * addEventListener works with IE9+ and other browsers
2015-01-09 09:47:48 +01:00
ArthurHoaro
8079dfd1cd W3C compliance (work on issue #64 - https://github.com/shaarli/Shaarli/issues/64):
* fix duplicate IDs - #paging_older, #paging_newer become classes as the paging is displayed twice (top, bottom) in the linklist
  * fix duplicate IDs - #paging_privatelinks and #paging_linksperpage become classes
  * daily links are now valid (use &amp)
  * name attribute is not used anymore on a tag in link list
  * center tag is replaced by CSS in picwall and tag cloud
  * action in form tag can't be empty, use # instead
  * fixed configure table with CSS instead of cellpadding, border, and valign
  * export links are now valid
  * remove "size" in input tag
  * Fix missing alt attributes for img elements
  * tpl/daily: Use HTML entities instead of char escape codes
  * tpl/export: fix missing </span> closing tag
  * Remove obsolete language attribute on <script> elements
2015-01-08 10:15:05 +01:00
Florian Eula
cae64e52e4 Refactored the daily column generation (only one loop) 2014-12-25 01:10:58 +01:00
nodiscc
e0a9e14704 bookmarklet: add ✚ sign to make it more recognizable in toolbars 2014-12-05 20:26:51 +01:00
VirtualTam
c133612f32 CSS: remove hardcoded style from templates
Fixes shaarli/Shaarli#29

Style elements refactored as follows:
- use existing ids and classes if possible,
- else, define new ones and stick with the existing naming convention,
- remove hardcoded style attributes from RainTPL templates.

Exception:
In tpl/tagcloud.html, the display size of each tag is computed at page
generation.

Signed-off-by: VirtualTam <virtualtam@flibidi.org>
2014-12-03 19:28:43 +01:00
Florian Eula
d741c9fc16 Added a link to the visible URL in the link list
Corrected CSS to prevent a line from showing underneath
Fixes https://github.com/shaarli/Shaarli/issues/53
2014-11-21 19:43:53 +01:00
nodiscc
9362352e12 Merge pull request #59 from tst2005/master
uniform if syntax
2014-11-13 01:48:52 +01:00
nodiscc
0845fb1ab8 use urlencode in tagcloud links
* prevents unproper escaping of characters like '&'
 * fixes https://github.com/sebsauvage/Shaarli/issues/85
 * fixes https://github.com/shaarli/Shaarli/issues/48
2014-11-09 21:09:43 +01:00
nodiscc
d2f517638c make archive.org integration optional (ARCHIVE_ORG option, defaults to false) 2014-11-08 18:21:19 +01:00
Qwerty
b113dc8e6b Add Archive.org integration
* adds an "archive" link next to permalinks, linking to the last version of the page on archive.org
2014-11-05 14:35:52 +01:00
nodiscc
1099d8fcad Make ATOM toolbar button optional
* ATOM button display is now configurable using the SHOW_ATOM variable in index.php or data/options.php (defaults to false)
 * Fixes https://github.com/shaarli/Shaarli/issues/24
2014-10-23 17:47:30 +02:00
nodiscc
e0cbb07872 Merge pull request #19 from nodiscc/master
bookmarklet: use selected text as description when adding a new link
2014-08-19 21:52:36 +02:00
nodiscc
ad6c27b7b8 Fix grammar, punctuation, spelling, trailing whitepaces and newlines; Fix typo in css
Based on respencer's work at https://github.com/respencer/Shaarli/
Closes https://github.com/sebsauvage/Shaarli/pull/103
2014-08-19 18:01:15 +02:00
nodiscc
a1795ddcf3 bookmarklet: use selected text as description when adding a new link
* Based on romnGit's work at https://github.com/sebsauvage/Shaarli/pull/104
 * Fixes https://github.com/shaarli/Shaarli/issues/18
 * Closes https://github.com/sebsauvage/Shaarli/pull/104
 * Fixes https://github.com/sebsauvage/Shaarli/issues/53
 * Fixes https://github.com/sebsauvage/Shaarli/issues/129
 * Fixes https://github.com/sebsauvage/Shaarli/issues/33
2014-08-11 00:13:29 +02:00
Christophe HENRY
e411f7f9d7 Adds the tip for the title link in the configuration page 2014-07-27 23:32:41 +02:00
Christophe HENRY
ebb2880dfc Adds a configuration variable "titleLink" which allows to customize the
link on the title.
2014-07-27 23:32:41 +02:00
TsT
ae22a12b8a uniform if syntax 2013-10-23 23:21:36 +02:00
Sebastien SAUVAGE
246e9b4e37 Removed jQuery from almost all pages
jQuery has been removed from all pages, except those who really require
it (like autocomplete in link edition).
Immediate gain: All pages weight 286 kb LESS !   \o/
Highlighting in search results has also been temporarly removed (and
will be re-implemented).
2013-09-25 21:27:50 +02:00
Sébastien SAUVAGE
af77b2fd9a New QR-Code generation code
* QR-Code generation now uses a client-side javascript library instead of an external service. This is better for user privacy.
* Library used is http://neocotic.com/qr.js/ (11 kb).
* jQuery is no longer used to display QR-Code (this is a first step in removing jQuery entirely).
* This library is loaded *only* if the QR-Code icon is clicked.
* If javascript is disabled, it will fallback to the external service.
* External service was changed from "invx.com" to "qrfree.kaywa.com" because invx has become bloated.

By loading the javascript library *only* if the icon is clicked, it will prevent the 11 kb lib to be loaded in every page.
2013-09-25 15:17:09 +02:00
Sébastien SAUVAGE
99954e1290 Merge pull request #43 from dsferruzza/highlight-search-results
Highlight search results
2013-03-11 02:11:47 -07:00
David Sferruzza
f2acdfd14e Move lazyload init inside the body tag 2013-03-10 19:04:48 +01:00
David Sferruzza
9da4953190 Avoid highlighting paging stuff 2013-03-10 18:26:16 +01:00
David Sferruzza
1b647ff409 Highlight search results (issue #4)
Uses http://bartaz.github.com/sandbox.js/jquery.highlight.html
2013-03-10 18:24:05 +01:00
bb8f712db6 [add] https://github.com/sebsauvage/Shaarli/issues/20 New links created as private by default. 2013-03-04 10:18:39 +01:00
Sebastien SAUVAGE
feebc6d466 Corrected vulnerabilities (see report below)
Title : Shaarli Vulnerabilities
Author : @erwan_lr | @_WPScan_

Vendor : http://sebsauvage.net/wiki/doku.php?id=php:shaarli
Download : https://github.com/sebsauvage/Shaarli/archive/master.zip |
http://sebsauvage.net/files/shaarli_0.0.40beta.zip
Affected versions : master-705F835, 0.0.40-beta (versions below may also
be vulnerable)

Vulnerabilities : Persistent XSS & Unvalidated Redirects and Forwards

Persistent XSS :
- During the instalation or configuration modification, the title field
is vulnerable. e.g <script>alert(1)</script>
Quotes can not be used because of var_export(), but String.fromCharCode
works

- The url field of a link is vulnerable :

When there is no redirector : javascript:alert(1)
Then, the code is triggered when a user click the url of a link

Or with a classic XSS : "><script>alert(1)</script>

Unvalidated Redirects and Forwards :
A request with the param linksperpage or privateonly can be used to
redirect a user to an arbitrary referer

e.g
GET /Audit/Shaarli/master-705f835/?linksperpage=10 HTTP/1.1
Host: 127.0.0.1
Referer: https://duckduckgo.com

History :
March 2, 2013
- Vendor contacted
2013-03-03 22:15:38 +01:00
Sebastien SAUVAGE
858c5c2b43 Added option to disable jQuery and heavy javascript
Shaarli uses light Javascript in its normal operation, and some jQuery
for some features (autocomplete in tags, QR-Code popup...).
jQuery can be slow on small computers. An option has been added in
configuration screen to disable javascript features which are hard on
CPU.
(Note that the Picture Wall is awfully heavy *without* jQuery.)

(Side note: A *LOT* of users want Shaarli to work without javasript at
all, if possible. That's why I try to use as few javascript as possible:
It keeps Shaarli pages fast.)
2013-03-01 22:21:10 +01:00
Sébastien SAUVAGE
b342b2a4c7 After clicking save/cancel on a link, scroll to the link itself. 2013-02-27 18:24:07 +01:00
Sébastien SAUVAGE
b2877611c3 Edit/delete button on the left-side of links.
https://github.com/sebsauvage/Shaarli/issues/5
2013-02-27 17:46:45 +01:00
Sébastien SAUVAGE
450342737c Initial commit (version 0.0.40 beta) 2013-02-26 10:09:41 +01:00