Commit graph

1749 commits

Author SHA1 Message Date
VirtualTam
f5d6b19b73 Merge pull request #338 from virtualtam/fix/unique-uniqid
Session ID: extend the regex to match possible hash representations
2015-09-06 16:16:53 +02:00
VirtualTam
68bc21353a Session ID: extend the regex to match possible hash representations
Improves #306
Relates to #335 & #336
Duplicated by #339

Issues:
 - PHP regenerates the session ID if it is not compliant
 - the regex checking the session ID does not cover all cases
   - different algorithms: md5, sha1, sha256, etc.
   - bit representations: 4, 5, 6

Fix:
 - `index.php`:
   - remove `uniqid()` usage
   - call `session_regenerate_id()` if an invalid cookie is detected
 - regex: support all possible characters - '[a-zA-Z,-]{2,128}'
 - tests: add coverage for all algorithms & bit representations

See:
 - http://php.net/manual/en/session.configuration.php#ini.session.hash-function
 - https://secure.php.net/manual/en/session.configuration.php#ini.session.hash-bits-per-character
 - http://php.net/manual/en/function.session-id.php
 - http://php.net/manual/en/function.session-regenerate-id.php
 - http://php.net/manual/en/function.hash-algos.php

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-06 16:14:24 +02:00
VirtualTam
a02257b8ae Merge pull request #344 from virtualtam/copying
COPYING: update contributor list
2015-09-06 04:07:28 +02:00
VirtualTam
db5453e4b6 COPYING: update contributor list
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-06 03:07:25 +02:00
VirtualTam
cd5c102892 Update README.md 2015-09-06 02:22:52 +02:00
VirtualTam
6f2309aa08 Merge pull request #343 from virtualtam/readme
Rewrite README.md
2015-09-06 02:16:39 +02:00
VirtualTam
e9b80e7272 Rewrite README.md
Modifications:
 - group content in sections
 - homogenize formatting
 - replace installation instructions by links to the corresponding wiki pages
 - update badges
   - use http://shields.io/ to generate SVGs with custom labels
   - master branch: update Travis label
   - stable branch: add Travis status
   - GitHub release: display the latest released version

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-06 02:04:31 +02:00
VirtualTam
bb91a8c6e8 Merge pull request #340 from virtualtam/doc/update
Doc: sync from Wiki, generate HTML
2015-09-04 21:35:27 +02:00
VirtualTam
f8b936e7e7 Doc: sync from Wiki, generate HTML
Additions:
 - Installation/Download: how to get Shaarli
 - Community software: ShaarliOS app

Modifications:
 - Installation/Server requirements: PHP 5.4 EOL, PHP 7 announcements
 - Installation/Server configuration: improve Nginx security
 - Troubleshooting: PHP sessions on `free.fr`

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-04 21:32:25 +02:00
ArthurHoaro
ce8c4a84ba Bump version to v0.5.3
Fixes a bug that could prevent user to login.
2015-09-02 18:06:21 +02:00
Arthur
67ee1435f8 Merge pull request #336 from ArthurHoaro/login-hotfix
Allow uppercase letters in PHP sessionid format
2015-09-02 17:55:11 +02:00
ArthurHoaro
4d30975a06 Allow uppercase letters in PHP sessionid format
Fixes shaarli/Shaarli#335 - Wrong login/password since v0.5.2

Regression introduced in 06b6660a7e
2015-09-02 17:00:38 +02:00
VirtualTam
53cc2b93b8 Bump version to 0.5.2
Minor changes
 - fix Full Path Disclosure upon cookie forgery
 - fix regression preventing to load LinkDB info when adding an existing link
 - also extract HTTPS page metadata (title)
 - add PHP 7 to Travis platforms

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-31 20:39:27 +02:00
VirtualTam
6211c498f6 Merge pull request #326 from ArthurHoaro/bug-url
Fixes #325 - Shaarli does not recognize saved links
2015-08-31 20:31:41 +02:00
ArthurHoaro
26c503460c Add HTTPS support for title extracting feature 2015-08-31 12:30:59 +02:00
ArthurHoaro
9e1724f192 Fixes #325 - Shaarli does not recognize saved links
PHP doesn't seem to autoconvert objects to strings when they're use as array indexes.

Fixes regression introduced in d9d776af19
2015-08-31 12:26:38 +02:00
VirtualTam
ce8e248ab0 Merge pull request #306 from ArthurHoaro/fpd
Avoid Full Path Disclosure error on session error.
2015-08-24 21:25:33 +02:00
VirtualTam
b5d96e9b1f Merge pull request #327 from virtualtam/travis/php7
travis: add PHP 7 to the tested environments
2015-08-24 00:30:05 +02:00
ArthurHoaro
06b6660a7e Avoid Full Path Disclosure error on session error.
* Add a function to validate session ID.
  * Generate a new session ID if an invalid token is passed.
2015-08-22 10:10:55 +02:00
VirtualTam
bdf4f78519 travis: add PHP 7 to the tested environments
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-22 00:09:46 +02:00
VirtualTam
d7efade5d6 Bump version to 0.5.1
Minor changes
 - fix 404 after editing a link while being logged out
 - update local documentation
 - improve timezone detection at installation
 - improve feed cache handling
 - improve URL cleanup for new links
 - add a link to the shaarli/shaarli DockerHub repository

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-18 00:36:55 +02:00
VirtualTam
6335a0fc0c Doc: sync from Wiki, generate HTML
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-18 00:33:25 +02:00
VirtualTam
f8bf8d8e59 Merge pull request #314 from shaarli/clean-utm_term
clean utm_term url parameter
2015-08-16 23:01:54 +02:00
VirtualTam
c622d32820 README: add DockerHub badge
See [docker-shaarli](https://github.com/shaarli/docker-shaarli) for Dockerfiles and documentation
2015-08-16 14:50:16 +02:00
VirtualTam
d9d776af19 Links: refactor & improve URL cleanup
Relates to #141
Relates to #133

Modifications
 - move URL cleanup to `application/Url.php`
 - rework the cleanup function
   - fragments: `#stuff`
   - GET parameters: `?var1=val1&var2=val2`
 - add documentation (APIs the params belong to)
 - add test coverage

Reference
 - http://php.net/parse_url
 - http://php.net/manual/en/language.oop5.magic.php#language.oop5.magic.tostring

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-15 15:58:38 +02:00
VirtualTam
a3b1b4ae70 Merge pull request #309 from virtualtam/refactor/PageCache
CachedPage: move to a proper file, add tests
2015-08-13 23:54:26 +02:00
VirtualTam
aedd62e2b8 Cache: simplify cached content cleanup, improve tests
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-13 23:51:31 +02:00
VirtualTam
01e48f269d CachedPage: move to a proper file, add tests
Modifications
 - rename `pageCache` to `CachedPage`
 - move utilities to `Cache`
 - do not access globals
 - apply coding rules
 - update LinkDB and test code
 - add test coverage

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-13 23:48:06 +02:00
VirtualTam
5ac5349ac0 Merge pull request #301 from ArthurHoaro/edit-link-redirect
Fixes #299: prevent 404 on '?edit_link' while logged out
2015-08-13 23:47:05 +02:00
ArthurHoaro
5fbabbb9be Fixes #299: prevent 404 on '?edit_link' while logged out
- add a use case for edit_link in logged out part.
 - *really* prevent loops on login screen.
2015-08-07 16:26:38 +02:00
VirtualTam
b282fffa23 Merge pull request #313 from virtualtam/install/timezone
Installation: default to the server's timezone
2015-08-05 16:34:40 +02:00
VirtualTam
afd7b77b4c Installation: default to the server's timezone
Modifications
 - attempt to use the server's timezone
 - if none is set, use UTC
 - TimeZone: apply coding conventions
   - variable naming
   - no closing PHP tag

Relates to #274

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-04 23:54:03 +02:00
VirtualTam
27cf2e671d Merge pull request #294 from virtualtam/doc/update
Doc: sync from Wiki, generate HTML
2015-08-04 16:07:13 +02:00
VirtualTam
992af0b9d7 Doc: sync from Wiki, generate HTML
Closes #291
Fixes #227

Modifications
 - HTML content: match the new Wiki structure
 - Makefile
   - generate a custom HTML sidebar
   - include the sidebar on all pages
   - infer and prepend page titles
   - handle relative links
   - add title metadata, e.g. Shaarli - <Page Name>

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-04 16:02:21 +02:00
VirtualTam
96db105e4c Merge pull request #276 from virtualtam/tools/phpcs
Add a generic rule to run PHPCS against different coding standards
2015-07-31 16:08:32 +02:00
VirtualTam
a421aeea66 Merge pull request #303 from virtualtam/v0.5.0
Bump version to 0.5.0
2015-07-30 11:43:43 +02:00
VirtualTam
7d4263e11a Bump version to 0.5.0
Major changes
 - fix locale handling
 - fix note URLs
 - fix page redirections
 - fix daily RSS browsing
 - fix title display
 - fix links not being hidden when `HIDE_PUBLIC_LINKS` is set
 - restore compatibility with PHP 5.3
 - remove duplicate tags in links
 - remove annoying URL patterns
 - add Firefox Social API
 - Search/Filter by tag fieds can now be accessed quickly with the `Tab` key
 - update documentation
 - start code refactoring
   - move all settings to `data/config.php`
   - refactor Config, LinkDB, TimeZone, Utils
   - add unit test coverage
   - add Travis integration

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-30 11:20:51 +02:00
ArthurHoaro
462bfb1312 Add Requirements section in README (link to wiki).
Fixes #297
2015-07-24 11:13:04 +02:00
Arthur
f22a494a1e Merge pull request #295 from Knah-Tsaeb/patch-1
[fix]  #293 - Black thumbnails on picture wall after upgrade
2015-07-23 15:45:59 +02:00
VirtualTam
caaae9b32b Merge pull request #289 from virtualtam/make-clean
Makefile: do not call `clean` before `test`
2015-07-23 00:34:52 +02:00
bb2948c52a [fix] #293
Black thumbnails on picture wall after upgrade #293
2015-07-22 10:39:23 +02:00
VirtualTam
d0ce99e59e Makefile: do not call clean before test
Fixes #288

Modifications:
 - call `make clean` explicitely to clean the workspace
 - add `make clean` to Travis instructions

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-18 13:43:19 +02:00
VirtualTam
2ac5938b67 Merge pull request #290 from virtualtam/travis-container
Travis: use the container-based infrastructure
2015-07-18 13:42:15 +02:00
VirtualTam
39d06fa545 Travis: use the container-based infrastructure
See http://docs.travis-ci.com/user/migrating-from-legacy/

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-18 13:23:00 +02:00
Arthur
874f858b8f Merge pull request #271 from virtualtam/php53
PHP: ensure 5.3 compatibility
2015-07-15 11:05:07 +02:00
VirtualTam
d1e2f8e52c PHP: ensure 5.3 compatibility, refactor timezone utilities
Relates to #250

Modifications
 - supported version
   - bump required version from 5.1.0 to 5.3.x
   - update README
   - add PHP 5.3 to Travis environments
 - rewrite array declarations: explicitely use array() instead of []
 - move checkPHPVersion to application/Utils.php
 - move timezone functions to application/TimeZone.php
   - cleanup code
   - improve test coverage

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-13 13:06:06 +02:00
VirtualTam
3e25f245f9 Makefile: add a generic rule to run PHPCS against different coding standards
Relates to #95

Usage
 - list available standards
   $ ./vendor/bin/phpcs -i
 - run PHPCS against a given standard
   $ make PHPCS_<standard>

Examples
 $ make PHPCS_PSR1
 $ make PHPCS_Zend

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-12 23:04:43 +02:00
VirtualTam
5b0ebbc5de Merge pull request #257 from ArthurHoaro/tag-http-referer
Prevent redirection loop everytime we rely on HTTP_REFERER
2015-07-12 19:56:13 +02:00
ArthurHoaro
775803a05c Prevent redirection loop everytime we rely on HTTP_REFERER:
* search tag
  * delete tag
  * pagination
  * display privates only
  * delete link
  * new/edit/cancel link return page

Move location generation to Utils.php + unit tests.

Fixes #256

ninja
2015-07-12 17:43:13 +02:00
Arthur
1dcbe29611 English mistake cf sebsauvage/Shaarli#221 2015-07-12 15:16:37 +02:00