Commit graph

909 commits

Author SHA1 Message Date
ArthurHoaro
8bbf02e0db Prevent warning if HTTP_REFERER isn't set
Fixes #723
2017-01-15 17:58:19 +01:00
ArthurHoaro
053673cb71 Remove CSS call for addlink toolbar plugin
Fixes #724
2017-01-15 17:50:16 +01:00
ArthurHoaro
d6327389fc Prevent tag duplicate when renaming
Fixes #757
2017-01-15 17:46:24 +01:00
ArthurHoaro
9977c418d6 Merge pull request #727 from ArthurHoaro/api/getlinks
REST API: implement getLinks service
2017-01-15 16:49:50 +01:00
ArthurHoaro
5fbab3edb3 Merge pull request #746 from ArthurHoaro/hotfix/delete-button
Fix delete button in editlink
2017-01-15 14:01:47 +01:00
ArthurHoaro
c3b00963fe REST API: implement getLinks service
See http://shaarli.github.io/api-documentation/#links-links-collection-get
2017-01-15 13:55:22 +01:00
VirtualTam
63ef549749 API: expect JWT in the Authorization header
Relates to https://github.com/shaarli/Shaarli/pull/731

Added:
- require the presence of the 'Authorization' header

Changed:
- use the HTTP Bearer Token authorization schema

See:
- https://jwt.io/introduction/#how-do-json-web-tokens-work-
- https://tools.ietf.org/html/rfc6750
- http://security.stackexchange.com/q/108662

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-15 13:41:04 +01:00
ArthurHoaro
37ab940599 Merge pull request #753 from ArthurHoaro/usercss
Move user.css to data folder
2017-01-14 17:56:28 +01:00
ArthurHoaro
7282418baa Move user.css to data folder 2017-01-14 16:43:32 +01:00
VirtualTam
3ee5c69777 Add an AUTHORS file, simplify COPYING, bump year to 2017
Added:
- AUTHORS file listing Shaarli contributors
- mailmap information to group a Git author's different aliases
- Makefile target to list contributors from Git commit data

Changed:
- Simplify COPYING by using a single "Shaarli Community" entry
- Bump year to 2017

See:
- man git-shortlog
- https://www.kernel.org/pub/software/scm/git/docs/git-shortlog.html#_mapping_authors

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-07 14:49:39 +01:00
VirtualTam
ee6f4b64a9 Cleanup: use safe boolean comparisons
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-07 14:37:40 +01:00
ArthurHoaro
066333c03c Fix delete button in editlink
This one was forgotten in #682
2017-01-07 11:15:30 +01:00
Arthur
7418f7cb60 Merge pull request #732 from ArthurHoaro/feature/theme-manager
Theme manager: improvements
2017-01-06 11:40:54 +01:00
VirtualTam
93b1fe54fb Cleanup: explicit method visibility
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-05 19:52:04 +01:00
VirtualTam
724f1e3229 Cleanup: remove unused variables
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-05 19:51:50 +01:00
ArthurHoaro
01c6e32a02 Fix permalink image alignement in daily page 2017-01-05 16:16:27 +01:00
ArthurHoaro
04a0e8ea34 Updater: keep custom theme preference with the new theme setting 2017-01-05 16:16:27 +01:00
ArthurHoaro
a0df06517b Minor improvements regarding #705 (coding style, unit tests, etc.) 2017-01-05 16:16:23 +01:00
VirtualTam
69173356cd API+Docker: enable nginx URL rewriting
Closes https://github.com/shaarli/Shaarli/issues/668

Changed:
- let nginx rewrite API URLs

See:
- https://www.slimframework.com/docs/start/web-servers.html
- https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_split_path_info

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-05 13:24:00 +01:00
VirtualTam
383cbaf2c5 Merge pull request #739 from virtualtam/fix/api/jwt-signature
API: fix JWT signature verification
2017-01-05 12:39:17 +01:00
adc4aee80f Change templates set through administration UI 2017-01-05 12:04:02 +01:00
VirtualTam
7a9daac56d API: fix JWT signature verification
Fixes https://github.com/shaarli/Shaarli/issues/737

Added:
- Base64Url utilities

Fixed:
- use URL-safe Base64 encoding/decoding functions
- use byte representations for HMAC digests
- all JWT parts are Base64Url-encoded

See:
- https://en.wikipedia.org/wiki/JSON_Web_Token
- https://tools.ietf.org/html/rfc7519
- https://scotch.io/tutorials/the-anatomy-of-a-json-web-token
- https://jwt.io/introduction/
- https://en.wikipedia.org/wiki/Base64#URL_applications
- https://secure.php.net/manual/en/function.base64-encode.php#103849

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-04 16:59:47 +01:00
Arthur
fc11ab2f29 Merge pull request #682 from ArthurHoaro/delete-button
Bugfixes on link deletion, and use a GET form
2017-01-04 16:35:29 +01:00
Arthur
061f04fba0 Merge pull request #733 from ArthurHoaro/hotfix/reverse-proxy-port
Hide default ports in local URL behind a reverse proxy
2017-01-04 16:34:06 +01:00
VirtualTam
2d3a9be73d Merge pull request #736 from virtualtam/url/annoying/campaign
URL cleanup: add 'campaign_' to the annoying parameters
2017-01-04 11:48:22 +01:00
VirtualTam
eaf2524887 URL cleanup: add 'campaign_' to the annoying parameters
Closes https://github.com/shaarli/Shaarli/issues/735

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-04 11:42:05 +01:00
VirtualTam
67a1d5d823 Merge pull request #731 from virtualtam/fix/api/namespaces
API: fix Slim namespaces
2017-01-03 16:21:18 +01:00
Arthur
f3ca027d3a Merge pull request #734 from ArthurHoaro/hotfix/api-install-error
Fix fatal error during the install
2017-01-03 14:45:10 +01:00
ArthurHoaro
e3a430babb Fix fatal error during the install 2017-01-03 14:25:04 +01:00
ArthurHoaro
8e4be77368 Hide default port in local URL behind a reverse proxy 2017-01-03 14:17:05 +01:00
Arthur
436479c58f Merge pull request #719 from ArthurHoaro/feed-opensearch
Add opensearch to RSS and ATOM feeds
2017-01-03 10:07:08 +01:00
Arthur
64497fb302 Merge pull request #725 from ArthurHoaro/hotfix/privatetags-split
Fixes presence of empty tags for private tags and in search results
2017-01-03 09:57:52 +01:00
ArthurHoaro
af815f771c Add opensearch to RSS and ATOM feeds
Fixes #709
2017-01-03 09:57:19 +01:00
ArthurHoaro
b3051a6aae Fixes presence of empty tags for private tags and in search results
* Private tags: make sure empty tags are properly filtered
  * Search results:
    * Use preg_split instead of function combination
    * Add normalize_spaces to remove extra whitespaces displaying empty tags search
2017-01-03 09:47:15 +01:00
VirtualTam
465b1c4090 API: fix Slim namespaces
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-02 18:37:08 +01:00
Arthur
e0177549c7 Merge pull request #620 from ArthurHoaro/pubsubhub
Move Pubsubhub to a default plugin
2016-12-20 11:44:19 +01:00
ArthurHoaro
db90dfcbbc Move PubSubHubbub code as a default plugin 2016-12-20 11:41:24 +01:00
ArthurHoaro
085efc33cc Add plugin placeholders in RSS and ATOM feeds templates 2016-12-20 11:32:15 +01:00
Arthur
80677a23e2 Merge pull request #666 from ArthurHoaro/slim-api
REST API structure using Slim framework
2016-12-20 11:30:05 +01:00
ArthurHoaro
e350aa750f Fix typo in markdown plugin meta description 2016-12-18 14:27:32 +01:00
ArthurHoaro
f4ebd5fed2 Bugfixes on link deletion, and use a GET form
Use a GET form to delete links: harmonize with edit_link and preparation for #585

Bug fixes:

  * LinkDB element can't be passed as reference, fix error:

    PHP Notice:  Indirect modification of overloaded element of LinkDB has no effect

  * Resource cache folder setting wasn't set correctly
2016-12-16 12:42:13 +01:00
Arthur
e3ffc8fdee Merge pull request #714 from ArthurHoaro/hotfix/banlogin
Fixes can login function call in loginform.html
2016-12-16 12:23:47 +01:00
Arthur
c0d96ce590 Merge pull request #716 from ArthurHoaro/hotfix/editoldlinks
Fix a regression: permalinks change when old links are edited
2016-12-15 11:41:22 +01:00
ArthurHoaro
826c6af7c0 Fix a regression: permalinks change when old links are edited
fixes #713
2016-12-15 11:18:56 +01:00
ArthurHoaro
4cfe8d3303 Fixes can login function call in loginform.html
Fixes #711
2016-12-15 10:57:11 +01:00
ArthurHoaro
18e6796726 REST API structure using Slim framework
* REST API routes are handle by Slim.
  * Every API controller go through ApiMiddleware which handles security.
  * First service implemented `/info`, for tests purpose.
2016-12-15 10:36:00 +01:00
ArthurHoaro
423ab02846 PHP requirement increased to PHP 5.5 - See #599 2016-12-15 10:04:05 +01:00
ArthurHoaro
cbfdcff261 Prepare settings for the API in the admin page and during the install
API settings:
   - api.enabled
   - api.secret

The API settings will be initialized (and the secret generated) with an update method.
2016-12-12 03:54:10 +01:00
ArthurHoaro
624f999fb7 Ignore compressed tar archive 2016-12-12 03:51:48 +01:00
Arthur
ab18fe06d6 Merge pull request #708 from ArthurHoaro/v0.8.1
Bump version to v0.8.1
2016-12-12 03:40:09 +01:00