d923d1db2f
Merge remote-tracking branch 'github/latest' into myShaarli_commu
2018-02-09 16:10:09 +01:00
ba04c60849
Fix markdown editor with myShaarli plugin
2018-02-09 15:56:22 +01:00
ArthurHoaro
b7c412d4d0
Use LC_COLLATE instead of LC_MESSAGES if php-intl is not installed
...
As stated in the docs:
> LC_MESSAGES for system responses (available if PHP was compiled with libintl)
Fixes #1067
2018-01-31 12:39:17 +01:00
ArthurHoaro
d449f79a0d
Merge pull request #977 from ArthurHoaro/feature/dl-filter
...
Extract the title/charset during page download, and check content type
2018-01-23 18:41:38 +01:00
VirtualTam
65c002ca18
Fix XSS vulnerability
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-01-04 15:53:48 +01:00
ArthurHoaro
fd08b50a80
Don't URL encode description links if parameter 'redirector.encode_url' is set to false
2017-11-07 20:23:58 +01:00
ArthurHoaro
d65342e304
Extract the title/charset during page download, and check content type
...
Use CURLOPT_WRITEFUNCTION to check the response code and content type (only allow HTML).
Also extract the title and charset during downloading chunk of data, and stop it when everything has been extracted.
Closes #579
2017-10-28 14:35:49 +02:00
VirtualTam
fd7d84616d
Move session ID check to SessionManager
...
Relates to https://github.com/shaarli/Shaarli/issues/324
Changed:
- `is_session_id_valid()` -> `SessionManager::checkId()`
- update tests
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-10-22 19:54:44 +02:00
VirtualTam
ebd650c06c
Refactor session token management
...
Relates to https://github.com/shaarli/Shaarli/issues/324
Added:
- `SessionManager` class to group session-related features
- unit tests
Changed:
- `getToken()` -> `SessionManager->generateToken()`
- `tokenOk()` -> `SessionManager->checkToken()`
- inject a `$token` parameter to `PageBuilder`'s constructor
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-10-22 19:19:46 +02:00
ArthurHoaro
f39580c6fd
Add language selection in the configure page of the default theme
2017-10-22 13:16:53 +02:00
ArthurHoaro
12266213d0
Shaarli's translation
...
* translation system and unit tests
* Translations everywhere
Dont use translation merge
It is not available with PHP builtin gettext, so it would have lead to inconsistency.
2017-10-22 12:55:03 +02:00
ArthurHoaro
be9ddff2fb
Merge pull request #987 from ArthurHoaro/hotfix/security-issue
...
Fix security issue reported by @chb9
2017-10-07 11:33:20 +02:00
ArthurHoaro
d14555a3df
Fix security issue reported by @chbi
...
Vulnerability introduced by 6ccd0b218f
- release with Shaarli v0.9.1.
2017-10-07 11:27:44 +02:00
VirtualTam
c8d96b4729
Merge pull request #979 from ArthurHoaro/feature/assets-cache-version
...
Add a version hash for asset loading to prevent browser's cache issue
2017-10-06 14:32:07 +02:00
Mark Gerarts
722caa2090
Allow setting of a default note title, see #963
2017-10-01 14:19:57 +02:00
ArthurHoaro
b3e1f92e9c
Rename shaarli_version constant to uppercase
2017-10-01 11:11:16 +02:00
Willi Eggeling
27e21231e1
added option to redirect all anonymous users to login page
...
- new setting *force_login* added and documented
- if both, *force_login* and *hide_public_links* are set to true, all requests
(except for the feeds) are redirected to the login page
2017-09-03 11:46:49 +02:00
ArthurHoaro
96a1c79456
Merge pull request #939 from ArthurHoaro/hotfix/firefox-social-title
...
Firefox Social title: Use document.title instead of RainTPL variable
2017-09-02 13:54:38 +02:00
ArthurHoaro
a3130d2c2f
Make work behind a reverse proxy
...
Without HTTP_X_FORWARDED_PORT check, might be set to false even though the user is using HTTPS, thus disabling Firefox Social block display
2017-09-02 13:50:49 +02:00
ArthurHoaro
87d019986e
Merge pull request #950 from thewilli/delete-fix
...
fixed link deletion
2017-09-01 18:25:44 +02:00
ArthurHoaro
c5f5365ae6
Merge pull request #951 from thewilli/fix-daily
...
fixed daily links if there are no links
2017-09-01 18:25:09 +02:00
Willi Eggeling
a74f52a8d2
fixed link deletion
...
When deleting links, the js of the default theme separated ids by an escaped space ('+').
There was a trailing '+' after the ids which led to the php code detecting multiple values
even for single values. In combination with the id '0' this could led to no id found at all
and a resulting php error.
this commit fixes the behavior and adds an additional error handling and trimming to the php code.
2017-08-30 12:54:58 +02:00
Willi Eggeling
5a0045be79
fixed daily links if there are no links
...
- the previous code tried to use links from a previous day if there are no one for the current one
- the new code skips this part if there are no entries (i.e. days) at all
- modified showDaily() to fit PSR-1 and PSR-2
2017-08-30 12:42:58 +02:00
VirtualTam
e4ed3a46b7
Merge pull request #944 from thewilli/configure-rememberme
...
new setting: default value for 'remember me' checkbox
2017-08-27 16:36:53 +02:00
Willi Eggeling
2e07e77573
new setting: default value for 'remember me' checkbox
...
- the default state for the login page's 'remember me' checkbox can now be configured
- adapted the default and vintage theme to consider the new setting
- added documentation for the new setting
2017-08-27 16:03:37 +02:00
VirtualTam
fc27141cf6
Merge pull request #940 from ArthurHoaro/hotfix/empty-urls
...
Generates a permalink URL if the URL is set to blank
2017-08-27 13:15:43 +02:00
VirtualTam
e8cef3ac43
Merge pull request #942 from thewilli/fix-wiki-links
...
migrated Github wiki links to readthedocs
2017-08-27 13:12:58 +02:00
Willi Eggeling
a544b113f2
code clean: cookie expiration
...
- unified code style (spaces around operators)
- prevented expiration time to be calculated twice
- replaced tabs with spaces
2017-08-26 23:51:38 +02:00
Willi Eggeling
94c035ff71
removed doc and code references to magic quotes
...
- removed all references to magic quotes
- magic quotes are not supported on PHP >= 5.4 (https://secure.php.net/manual/en/security.magicquotes.php )
- Shaarli does not support PHP < 5.5
2017-08-26 11:27:18 +02:00
Willi Eggeling
cc8f572bc0
migrated Github wiki links to readthedocs
2017-08-26 09:40:57 +02:00
ArthurHoaro
c27f2f36f2
Generates a permalinks URL if the URL is set to blank
...
Fixes #926
2017-08-25 20:08:07 +02:00
ArthurHoaro
f32ec5fb3c
Sort tag cloud in alphabetical order
...
Fixes #932
2017-08-25 19:25:09 +02:00
ArthurHoaro
c4925c1f66
Fix untagged only button
2017-08-19 17:41:56 +02:00
Lucas Cimon
d1b69e6af1
Adding missing empty() as spotted in #889 code review
2017-08-06 21:26:37 +02:00
ArthurHoaro
1fdb40fc16
Merge pull request #887 from ArthurHoaro/hotfix/dash-tag-rename
...
Make sure that the tag exists before altering/removing it
2017-08-05 09:59:03 +02:00
ArthurHoaro
3b67b22225
Move tag renaming code to LinkDB and unit test it
2017-08-05 09:55:20 +02:00
Lucas Cimon
f210d94f71
Using only one form in linklist.html + adding untaggedonly filter - fix #885
2017-07-30 16:19:34 +02:00
Lucas Cimon
49cc8e5d74
Tagcloud/list improvments
2017-06-09 10:58:12 +02:00
ArthurHoaro
d99aef535f
Refactoring of CHANGETAG part to avoid duplicated code
2017-05-31 18:36:35 +02:00
ArthurHoaro
4c970f099f
Make sure that the tag exists before altering/removing it
...
Fixes #886
2017-05-31 18:24:21 +02:00
ArthurHoaro
5c6fac0bfc
Merge pull request #882 from ArthurHoaro/feature/edit-timestamp
...
Add creation date when editing a link
2017-05-31 17:54:46 +02:00
ArthurHoaro
ac94db1e36
Merge pull request #880 from ArthurHoaro/hotfix/allowed-protocols
...
Add a whitelist of protocols for URLs
2017-05-31 17:52:19 +02:00
ArthurHoaro
807cade64c
Add creation date when editing a link
...
Also, alter the title on edition
Fixes #431
2017-05-31 17:50:11 +02:00
ArthurHoaro
3e395a6bc6
Merge pull request #841 from ArthurHoaro/feature/search-no-tag
...
Empty tag search will look for not tagged links
2017-05-25 15:54:20 +02:00
ArthurHoaro
7d86f40bdb
Empty tag search will look for not tagged links
...
Fixes #784
From now, searching for tags with an empty value will return only not tagged links,
with the search bar showing `x results [not tagged]`.
Note that using the api, the searchtags request parameter must be set to `false` to get the same result.
- [ ] Update API doc
2017-05-25 15:51:12 +02:00
ArthurHoaro
aa4797ba36
Adds a taglist view with edit/delete buttons
...
* The tag list can be sort alphabetically or by most used tag
* Edit/Delete are perform using AJAX, or fallback to 'do=changetag' page
* New features aren't backported to vintage theme
2017-05-25 15:25:04 +02:00
ArthurHoaro
5893529cf4
Move tagcloud template file to tag.cloud
2017-05-25 15:05:24 +02:00
ArthurHoaro
986a521067
Add an endpoint to refresh the token
...
Useful for AJAX requests which burns the token
2017-05-25 15:05:23 +02:00
ArthurHoaro
8b27824338
Merge pull request #819 from ArthurHoaro/feature/multi-delete
...
Bulk deletion
2017-05-25 15:03:32 +02:00
ArthurHoaro
86ceea054f
Add a whitelist of protocols for URLs
...
- for Shaare
- for markdown description links and images
Not whitelisted protocols will be replaced by `http://`
2017-05-25 14:58:34 +02:00