Commit graph

52 commits

Author SHA1 Message Date
e225d3ebbe Merge V0.14.0 2024-12-10 16:31:21 +01:00
ArthurHoaro
326870f216
Fix XSS vulnerability in tag search (#2039)
It affect the title tag of the bookmark list page.
Fixes shaarli/Shaarli#2038
2023-11-22 10:29:30 -05:00
ArthurHoaro
b59cdb3871 ArthurHoaro code review: use Shared Bookmark as default title instead of My links 2022-08-13 10:19:15 +02:00
YFdyh000
d5b218eed4 Simple and uniform localized website title 2022-08-13 10:19:15 +02:00
ArthurHoaro
8997ae6c8e
Merge pull request #1697 from ArthurHoaro/feature/pagination
Handle pagination through BookmarkService
2021-02-04 10:57:44 +01:00
ArthurHoaro
9b8c0a4560 Handle pagination through BookmarkService
Handle all search results through SearchResult object.
This is a required step toward implementing a BookmarkService based on SQL database.

Related to #953
2021-01-20 15:01:29 +01:00
ArthurHoaro
9ef8555ad2 Support search highlights when matching URL content
DefaultFormatter:
  - format 'a' tag content and not href attribute
  - format hashtags properly
Markdown(Extra)Formatter:
  - Extend Parsedown to format highlight properly: https://github.com/erusev/parsedown/wiki/Tutorial:-Create-Extensions

Fixes #1681
2021-01-19 17:49:19 +01:00
ArthurHoaro
ccd1862d5f Inject current template name in templates
Use either legacy key _PAGE_ or new 'template' one.

Related to https://github.com/kalvn/Shaarli-Material/issues/118
2021-01-19 10:34:11 +01:00
ArthurHoaro
f00600a283 Daily RSS Cache: invalidate cache base on the date
Currently the cache is only invalidated when the datastore changes, while it should rely on selected period of time.

Fixes #1659
2020-12-17 15:48:03 +01:00
ArthurHoaro
ab4c170672
Merge pull request #1644 from ArthurHoaro/fix/daily-rss
Daily RSS - Remove relative description (today, yesterday)
2020-12-16 16:04:53 +01:00
ArthurHoaro
8a6b7e96b7 Fix: soft fail if the mutex is not working
And display the error in server admin page

Fixes #1650
2020-11-24 13:39:35 +01:00
ArthurHoaro
2883c6d0a7 Daily RSS - Remove relative description (today, yesterday)
It is not useful for the RSS feed, as every new entry will be 'yesterday', and it requires an update the next day.
2020-11-15 12:05:08 +01:00
ArthurHoaro
53054b2bf6 Apply PHP Code Beautifier on source code for linter automatic fixes 2020-11-09 10:56:24 +01:00
ArthurHoaro
d9d71b10c3
Merge pull request #1621 from ArthurHoaro/feature/tag-separators 2020-11-08 14:07:33 +01:00
ArthurHoaro
cfdd209440 Display error details even with dev.debug set to false
It makes more sense to display the error even if it's unexpected.
Only for logged in users.

Fixes #1606
2020-11-05 19:55:17 +01:00
ArthurHoaro
b3bd8c3e8d Feature: support any tag separator
So it allows to have multiple words tags.

Breaking change: commas ',' are no longer a default separator.

Fixes #594
2020-11-05 17:54:42 +01:00
ArthurHoaro
36e6d88dbf Feature: add weekly and monthly view/RSS feed for daily page
- Heavy refactoring of DailyController
  - Add a banner like in tag cloud to display monthly and weekly links
  - Translations: t() now supports variables with optional first letter
uppercase

Fixes #160
2020-10-27 19:45:02 +01:00
ArthurHoaro
c2cd15dac2 Move utils classes to Shaarli\Helper namespace and folder 2020-10-27 19:41:38 +01:00
ArthurHoaro
9c04921a8c Feature: Share private bookmarks using a URL containing a private key
- Add a share link next to « Permalink » in linklist (using share icon
from fork awesome)
  - This link generates a private key associated to the bookmark
  - Accessing the bookmark while logged out with the proper key will
display it

Fixes #475
2020-10-27 19:32:57 +01:00
ArthurHoaro
e6215a2ad9
Merge pull request #1604 from ArthurHoaro/feature/server-admin-page
Feature: add a Server administration page
2020-10-27 19:29:43 +01:00
ArthurHoaro
820cae27cf
Merge pull request #1601 from ArthurHoaro/feature/psr3 2020-10-24 11:37:29 +02:00
ArthurHoaro
0cf76ccb47 Feature: add a Server administration page
It contains mostly read only information about the current Shaarli instance,
PHP version, extensions, file and folder permissions, etc.
Also action buttons to clear the cache or sync thumbnails.

Part of the content of this page is also displayed on the install page,
to check server requirement before installing Shaarli config file.

Fixes #40
Fixes #185
2020-10-21 15:06:47 +02:00
ArthurHoaro
5c06c0870f Dislay an error if an exception occurs in the error handler
Related to #1598
2020-10-20 18:32:46 +02:00
ArthurHoaro
b38a1b0209 Use PSR-3 logger for login attempts
Fixes #1122
2020-10-20 11:47:07 +02:00
ArthurHoaro
21e72da9ee Asynchronous retrieval of bookmark's thumbnails
This feature is based general.enable_async_metadata setting and works with existing metadata.js file.
The script is compatible with any template:
   - the thumbnail div bloc must have  attribute
   - the bookmark bloc must have  attribute with the bookmark ID as value

Fixes #1564
2020-10-20 10:15:18 +02:00
ArthurHoaro
3adbdc2a83 Inject ROOT_PATH in plugin instead of regenerating it everywhere 2020-10-16 13:06:06 +02:00
ArthurHoaro
72fbbcd679 Security: fix multiple XSS vulnerabilities + fix search tags with special chars
XSS vulnerabilities fixed in editlink, linklist, tag.cloud and tag.list.

Also fixed tag search with special characters: urlencode function needs to be applied on raw data, before espaping, otherwise the rendered URL is wrong.
2020-10-06 17:30:18 +02:00
ArthurHoaro
abe033be85 Fix invalid redirection using the path of an external domain
Fixes #1554
2020-09-22 15:37:26 +02:00
ArthurHoaro
98e7a59ca2
Merge pull request #1539 from ArthurHoaro/feature/manual-root-url 2020-09-22 14:08:54 +02:00
ArthurHoaro
b93cfeba7b Fix subfolder configuration in unit tests 2020-09-12 21:39:01 +02:00
ArthurHoaro
d52ab0b1e9 Properly handle 404 errors
Use 404 template instead of default Slim error page if the route is not found.

Fixes #827
2020-09-12 12:42:19 +02:00
ArthurHoaro
949a095310
Merge pull request #1538 from ArthurHoaro/feature/plugins-bookmark-service
Inject BookmarkServiceInterface in plugins data
2020-09-06 14:13:16 +02:00
ArthurHoaro
80b708a878 Inject BookmarkServiceInterface in plugins data
Related discussion: ilesinge/shaarli-related#7
2020-09-03 15:08:08 +02:00
ArthurHoaro
ce7918386a Improve backward compatibility for LegacyRouter
LegacyRouter is no longer used for routing, only in existing plugins to match the _PAGE_ parameter.
So we change a few of its values there, to match the new ones defined in TemplatePage.

@see discussion in shaarli/Shaarli#1537
2020-09-03 10:09:36 +02:00
ArthurHoaro
7e3dc0ba98 Better handling of plugin incompatibility
If a PHP is raised while executing plugin hook, Shaarli will display an error instead of rendering the error page (or just ending in fatal error for default hooks).
Also added phpErrorHandler which is handled differently that regular errorHandler by Slim.:
2020-08-27 12:04:36 +02:00
ArthurHoaro
0c6fdbe12b Move error handling to dedicated controller instead of middleware 2020-08-21 10:50:44 +02:00
ArthurHoaro
bedbb845ee Move all admin controller into a dedicated group
Also handle authentication check in a new middleware for the admin group.
2020-08-13 11:08:13 +02:00
ArthurHoaro
d6e5f04d39 Remove anonymous permission and initialize bookmarks on login 2020-08-01 11:10:57 +02:00
ArthurHoaro
301c7ab1a0 Better support for notes permalink 2020-07-28 20:46:11 +02:00
ArthurHoaro
a285668ec4 Fix redirection after post install login 2020-07-27 12:34:17 +02:00
ArthurHoaro
9fbc42294e New basePath: fix officiel plugin paths and vintage template 2020-07-26 14:43:10 +02:00
ArthurHoaro
204035bd3c Fix: visitor are allowed to chose nb of links per page 2020-07-24 12:48:53 +02:00
ArthurHoaro
87ae3c4f08 Fix default link and redirection in install controller 2020-07-24 10:30:47 +02:00
ArthurHoaro
3ee8351e43 Multiple small fixes 2020-07-23 21:19:21 +02:00
ArthurHoaro
a8c11451e8 Process login through Slim controller 2020-07-23 21:19:21 +02:00
ArthurHoaro
c4ad3d4f06 Process Shaarli install through Slim controller 2020-07-23 21:19:21 +02:00
ArthurHoaro
1a8ac737e5 Process main page (linklist) through Slim controller
Including a bunch of improvements on the container,
and helper used across new controllers.
2020-07-23 21:19:21 +02:00
ArthurHoaro
9c75f87793 Use multi-level routes for existing controllers instead of 1 level everywhere
Also prefix most admin routes with /admin/
2020-07-23 21:19:21 +02:00
ArthurHoaro
818b3193ff Explicitly define base and asset path in templates
With the new routes, all pages are not all at the same folder level anymore
(e.g. /shaare and /shaare/123), so we can't just use './' everywhere.
The most consistent way to handle this is to prefix all path with the proper variable,
and handle the actual path in controllers.
2020-07-23 21:19:21 +02:00
ArthurHoaro
c22fa57a55 Handle shaare creation/edition/deletion through Slim controllers 2020-07-23 21:19:21 +02:00