ArthurHoaro
7af9a41881
Minor code cleanup: PHPDoc, spelling, unused variables, etc.
2016-10-20 11:36:11 +02:00
ArthurHoaro
7fde6de121
New init function for plugins, supports errors reporting
...
All plugins can optionally add an init function named `pluginname_init()` which is called when the plugin is loaded.
This function is aware of the config, and can return initialization errors, which are displayed in the header template.
Note that the previous error system hack no longer work.
2016-10-14 13:22:58 +02:00
Arthur
0354257266
Merge pull request #622 from ArthurHoaro/update-date
...
Save link update dates and render it in templates and feeds
2016-10-12 14:51:37 +02:00
Arthur
adcdac1dec
Merge pull request #623 from ArthurHoaro/security/reverse-proxy-ban
...
Add trusted IPs in config and try to ban forwarded IP on failed login
2016-10-12 14:48:57 +02:00
ArthurHoaro
fdf88d1948
Bump version to v0.8.0
...
Signed-off-by: ArthurHoaro <arthur@hoa.ro>
2016-10-12 12:36:59 +02:00
VirtualTam
5283175367
composer: display an error message if the autoload script is missing
...
Closes https://github.com/shaarli/Shaarli/issues/645
Relates to https://github.com/shaarli/Shaarli/issues/607
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-09-05 00:04:57 +02:00
VirtualTam
a973afeac7
Refactor bookmark import using a generic Netscape parser
...
Relates to #607
Relates to #608
Relates to #493 (abandoned)
Additions:
- use Composer's autoload to load 3rd-party dependencies under vendor/
Modifications:
- [import] replace the current parser with a generic, stable parser
- move code to application/NetscapeBookmarkUtils
- improve status report after parsing
- [router] use the same endpoint for both bookmark upload and import dialog
- [template] update bookmark import options
- allow adding tags to all imported links
- allow selecting the visibility (privacy) of imported links
- [tests] ensure bookmarks are properly parsed and imported in the LinkDB
- reuse reference input from the parser's test data
See:
- https://github.com/shaarli/netscape-bookmark-parser
- https://getcomposer.org/doc/01-basic-usage.md#autoloading
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-08-10 01:42:44 +02:00
ArthurHoaro
cdbc818037
Bugfix: wrong key used to get default private links setting
2016-08-07 12:15:08 +02:00
ArthurHoaro
edf3ff5a53
Initialize a translation function
...
It matches the API of ngettext().
2016-08-07 11:54:39 +02:00
ArthurHoaro
fd5ac47ea2
Generate a token for every pages
2016-08-06 14:09:26 +02:00
ArthurHoaro
50d1791838
Add trusted IPs in config and try to ban forwarded IP on failed login
...
* Add a new settings (which needs to be manually set): `security.trusted_proxies`
* On login failure, if the `REMOTE_ADDR` is in the trusted proxies, try to retrieve the forwarded IP in headers.
* If found, the client address is added in ipbans, else we do nothing.
Fixes #409
2016-08-03 10:36:47 +02:00
ArthurHoaro
9646b7da22
Save the update date in LinkDB and pass it to linklist templates
...
It can be used as a timestamp by templates under the key 'updated_timestamp'.
2016-08-03 09:44:04 +02:00
Arthur
a4cd07eee2
Merge pull request #604 from ArthurHoaro/no-delicious
...
Remove Delicious in project description in comments
2016-07-23 14:16:59 +02:00
ArthurHoaro
2d97aa7781
Remove Delicious in project description in comments
2016-07-23 14:13:56 +02:00
Arthur
8562009682
Merge pull request #601 from ArthurHoaro/hotfix/title-missing
...
Fixes #600 - Shaarli's title is not set with the new config manager
2016-07-23 10:31:33 +02:00
ArthurHoaro
97ef33bb72
Fixes #600 - Shaarli's title is not set with the new config manager
...
- Fixed title config key
- Page title (in head tag) is no longer set through the config manager
2016-07-19 18:03:09 +02:00
ArthurHoaro
2e193ad387
Fix variable in configure.php
2016-07-10 10:42:21 +02:00
ArthurHoaro
894a3c4bf3
Rename configuration key for better sections
2016-06-11 09:30:56 +02:00
ArthurHoaro
278d9ee283
ConfigManager no longer uses singleton pattern
2016-06-11 09:30:56 +02:00
ArthurHoaro
7f179985b4
Remove remaining settings initialization in index.php
...
Except for those which require external data (timezone and $_SERVER).
2016-06-11 09:30:56 +02:00
ArthurHoaro
da10377b3c
Rename configuration keys and fix GLOBALS in templates
2016-06-11 09:30:56 +02:00
ArthurHoaro
d93d51b213
Set the default timezone in index.php
2016-06-11 09:30:56 +02:00
ArthurHoaro
684e662a58
Replace $GLOBALS configuration with the configuration manager in the whole code base
2016-06-11 09:30:56 +02:00
ArthurHoaro
c01bd08eaf
Version bump: v0.7.0
...
Signed-off-by: ArthurHoaro <arthur@hoa.ro>
2016-05-14 11:36:47 +02:00
Arthur
3fdcc7bd47
Merge pull request #560 from ArthurHoaro/nb-private-shaare
...
Private links counter in the header
2016-05-14 11:11:11 +02:00
Arthur
52ccf0d7ee
Merge pull request #556 from ArthurHoaro/login-refill
...
Prefill the login field when the authentication has failed
2016-05-14 11:09:39 +02:00
Arthur
765391cb37
Merge pull request #559 from ArthurHoaro/startsEndWithCase
...
Fix startsWith and endsWith case
2016-05-14 11:09:03 +02:00
ArthurHoaro
141a86c503
Add private link counter
2016-05-13 08:48:23 +02:00
ArthurHoaro
03eb19ac60
Extract PageBuilder class from index.php
2016-05-13 08:48:18 +02:00
ArthurHoaro
465266243f
Don't redirect to ?post if ?addlink is reached while logged out
2016-05-11 22:10:31 +02:00
ArthurHoaro
5046bcb6ab
Fix startsWith and endsWith case
2016-05-10 23:31:41 +02:00
ArthurHoaro
85c4bdc235
Prefill the login field when the authentication has failed
2016-05-06 20:03:10 +02:00
VirtualTam
bb4a23aa86
Export: allow prepending notes with the Shaarli instance's URL
...
Relates to #102
Additions:
- application:
- export: allow prepending note permalinks with the instance's URL
- test coverage
Modifications:
- export template: switch to an HTML form
- link selection (all/private/public)
- prepend note permalinks with the instance's URL
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-05-06 16:12:46 +02:00
Arthur
86deafe0ff
Merge pull request #551 from ArthurHoaro/hotfix/timezone
...
Use correct 'UTC' timezone
2016-05-05 13:21:36 +02:00
ArthurHoaro
12ff86c961
Use correct 'UTC' timezone
2016-05-03 20:09:24 +02:00
Arthur
47be060983
Merge pull request #532 from ArthurHoaro/hotfix/title-retrieve-the-return
...
Fixes #531 - Title retrieving is failing with multiple use case
2016-05-03 19:53:57 +02:00
ArthurHoaro
ce7b0b6480
Fixes #531 - Title retrieving is failing with multiple use case
...
see https://github.com/shaarli/Shaarli/issues/531 for details
2016-05-03 19:51:29 +02:00
VirtualTam
cd5327bee8
Refactor Netscape bookmark exporting
...
Relates to https://github.com/shaarli/netscape-bookmark-parser/issues/5
Fixes:
- respect the Netscape bookmark format "specification"
Modifications:
- [application] introduce the NetscapeBookmarkUtils class
- [template] export - improve formatting, rename export selection parameter
- [template] export.bookmarks - template for Netscape exports
- [tests] bookmark filtering, additional field generation
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-04-10 21:28:04 +02:00
ArthurHoaro
043eae70c4
Fixes #480 : add an option to urlencode redirector URL
...
* New config: `$GLOBALS['config']['REDIRECTOR_URLENCODE']` (default `true`).
* Parameter added to LinkDB constructor.
* Fixes a bug with urlencode and escaped url.
* In `index.php`, LinkDB is now instanciate once for `importFile()` and `showDaily()`.
* TU
2016-04-09 16:52:32 +02:00
ArthurHoaro
b0128609f4
Fixes #526 : bad font size separator in tagcloud with some locale
...
* Force the number format with number_format().
* Reduce the size deciment number to 2.
2016-03-31 18:01:05 +02:00
ArthurHoaro
5f143b72ea
Remove dev cache disabling
2016-03-26 16:59:22 +01:00
Arthur
f66a1990e5
Merge pull request #515 from ArthurHoaro/template-feeds
...
Refactor RSS feeds generation, and do it through templates
2016-03-25 19:20:55 +01:00
ArthurHoaro
528a6f8a23
Refactor filter in LinkDB
...
* search type now carried by LinkDB in order to factorize code between different search sources.
* LinkDB->filter split in 3 method: filterSearch, filterHash, filterDay (we know what type of filter is needed).
* filterHash now throw a LinkNotFoundException if it doesn't exist: internal implementation choice, still displays a 404.
* Smallhash regex has been rewritten.
* Unit tests update
2016-03-25 19:17:59 +01:00
ArthurHoaro
82e3680203
Create a FeedBuilder class which build data for both ATOM and RSS feed.
2016-03-25 19:17:55 +01:00
ArthurHoaro
e15f08d72a
Use generateLocation to set the redirection in login (and don't escape the url)
2016-03-21 19:06:46 +01:00
ArthurHoaro
bcd078bf0a
Plugin: add render_feed hook and call it while generating ATOM and RSS feed.
...
Create an example of the new hook in the demo plugin.
2016-03-18 19:13:48 +01:00
ArthurHoaro
e67712ba0f
Refactor showRSS, and make it use the RSS template
2016-03-18 19:13:48 +01:00
ArthurHoaro
69c474b966
Refactor showAtom, and make it use the ATOM template
...
Minor changes:
* Fix the date which was in a invalid format.
* Avoid empty categories (tags).
* Use the locale to set the language
2016-03-18 19:13:48 +01:00
ArthurHoaro
1c2fdb98b1
Add method assignAll() to pageBuilder to assign an array of data
2016-03-18 19:13:48 +01:00
ArthurHoaro
797a6f308f
Bump version to v0.6.5
...
Signed-off-by: ArthurHoaro <arthur@hoa.ro>
2016-03-02 19:59:58 +01:00
ArthurHoaro
408def1a07
Fixes #503 : check that HTTP_ACCEPT_LANGUAGE is set before calling autoLocale()
2016-02-28 15:53:28 +01:00
ArthurHoaro
09674d9359
Bump version to v0.6.4
...
Signed-off-by: ArthurHoaro <arthur@hoa.ro>
2016-02-28 14:33:05 +01:00
Arthur
c6744a9e89
Merge pull request #496 from ArthurHoaro/cross-search
...
Allow crossed search between terms and tags
2016-02-28 14:26:46 +01:00
ArthurHoaro
c51fae92dc
Allow crossed search between terms and tags
...
* Partial fix of #449
* Current use case: search term + click on tag.
* LinkFilter now returns all links if no filter is given.
* Unit tests.
2016-02-28 14:17:40 +01:00
Arthur
fa40b43f60
Merge pull request #492 from ArthurHoaro/locale-sort-fix
...
Fixes #481 : tag cloud fatal error
2016-02-24 19:26:57 +01:00
ArthurHoaro
7eb0a83201
Fixes #481 : tag cloud fatal error
...
Only send LC_COLLATE to Collator and check that no error occured.
2016-02-19 20:20:33 +01:00
ArthurHoaro
7b63e4ca09
Apply the locale to all categories and move autolocale to Utils.php
2016-02-19 20:14:06 +01:00
Arthur
64282b1499
Merge pull request #486 from virtualtam/refactor/datetime
...
cleanup: use DateTime to format dates
2016-02-18 19:53:39 +01:00
ArthurHoaro
ed853da7fd
Fixes #468 : don't trim description
...
Spaces at the start of shaares can be intended. Eg: markdown plugin.
#468
2016-02-18 19:34:33 +01:00
VirtualTam
205a42778d
cleanup: use DateTime to format dates
...
Closes #270
Modifications:
- replace custom date parsing by DateTime calls
- use proper date formatting for RSS feeds
Deletions:
- linkdate2timestamp()
- linkdate2rfc822
- linkdate2iso8601
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-02-17 22:46:50 +01:00
Arthur
07c2f73543
Merge pull request #461 from ArthurHoaro/tagcloud-sort
...
Fixes #456 : Tag cloud does not sort tags (fully) alphabetically
2016-02-15 21:26:33 +01:00
ArthurHoaro
ce354bf1a6
Remove first '-' char when saving tags
2016-02-15 21:06:17 +01:00
Arthur
6e607ca613
Merge pull request #479 from ArthurHoaro/pluginsadmin-error-url
...
Fixes typo in plugin admin redirection URL
2016-02-15 20:38:31 +01:00
Arthur
6cbff7e80f
Merge pull request #460 from ArthurHoaro/440-editlink-404
...
Fixes #440 - 404 error after editing a link
2016-02-15 20:38:10 +01:00
Arthur
854ea37255
Merge pull request #442 from ArthurHoaro/updater
...
Introduce the Updater class which
2016-02-15 20:36:42 +01:00
ArthurHoaro
59edea42bb
Fixes typo in plugin admin redirection URL
2016-02-15 20:34:44 +01:00
ArthurHoaro
510377d2cb
Introduce the Updater class which
...
* contains methods designed to be run once.
* is able to upgrade the datastore or the configuration.
* is based on methods names, stored in a text file with ';' separator (updates.txt).
* begins with existing function 'mergeDeprecatedConfigFile()' (options.php).
2016-02-15 20:30:24 +01:00
ArthurHoaro
fea5db7ab1
Common hooks: process includes before header/footer
2016-02-10 15:40:11 +01:00
ArthurHoaro
f1e96a06d8
Fixes #456 : Tag cloud does not sort tags (fully) alphabetically
...
* Use Collator class to sort tags using the locale (in PECL intl, included in most PHP installation).
* Use strcasecmp if Collator is not found.
Both sorts are case insensitive.
2016-02-05 16:10:34 +01:00
Arthur
5369f04521
Merge pull request #458 from ArthurHoaro/plugins-init-parameters
...
Initialize plugin parameters array to avoid unnecessary warning.
2016-02-04 20:29:02 +01:00
ArthurHoaro
fd50e14cba
Fixes #440 - 404 error after editing a link
...
Remove unnecessary escape().
2016-02-04 20:24:17 +01:00
ArthurHoaro
5a23950c95
Code cleanup: index.php - save_edit
2016-02-04 19:58:47 +01:00
ArthurHoaro
091e2d139d
Initialize plugin parameters array to avoid unnecessary warning.
2016-02-02 21:07:25 +01:00
ArthurHoaro
7c873f1cd0
Add a default value to ENABLE_UPDATECHECK to avoid unnecessary warning.
2016-02-02 20:10:49 +01:00
ArthurHoaro
729d267172
Bump version to v0.6.3
2016-01-31 19:32:22 +01:00
ArthurHoaro
dea0ba28f9
Fixes #378 - Plugin administration UI.
2016-01-31 18:54:48 +01:00
Dimtion
f4c84ad7fc
Create 404 template
...
Solve #430 for links
2016-01-20 22:52:28 +01:00
VirtualTam
1abe655597
Logging: move logm() from index.php to application/Utils.php
...
Relates to #436
Modifications:
- inject dependencies to global variables ($_SERVER, $GLOBALS)
- apply coding conventions
- add test coverage
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-01-16 16:07:16 +01:00
ArthurHoaro
1557cefbd7
Fixes #410 - Retrieve title fails in multiple cases
...
* `get_http_url()` renamed to `get_http_response()`.
* Use the same HTTP context to retrieve response headers and content.
* Follow HTTP 301 and 302 redirections to retrieve the title (default max 3 redirections).
* Add `LinkUtils` to extract titles and charset.
* Try to retrieve charset from HTTP headers first (new), then HTML content.
* Use mb_string to re-encode title if necessary.
2016-01-11 21:19:31 +01:00
Arthur
88c15abb2a
Merge pull request #424 from ArthurHoaro/search
...
Link filter refactoring
2016-01-06 19:57:42 +01:00
ArthurHoaro
2c75f8e780
Fixes #426 - Do not filter with blank tags.
2016-01-06 19:53:25 +01:00
ArthurHoaro
822bffced8
Link filter refactoring
...
* introduce class LinkFilter to handle link filter operation (and lighten LinkDB).
* handle 'private only' in filtering.
* update template to prefill search fields with current search terms.
* coding style.
* unit test (mostly move from LinkDB to LinkFilter).
PS: preparation for #358 #315 and 'AND' search.
2016-01-06 19:53:04 +01:00
ArthurHoaro
6a6aa2b96d
Fixes #428 : validate buttons presence instead of value
...
Also adds a validation where renaming with 'fromtag' specified and empty 'totag'.
It was causing a 404, now it just re-render the form.
2016-01-03 14:42:43 +01:00
VirtualTam
ba83317573
Bump version to v0.6.2
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-12-23 19:54:37 +01:00
VirtualTam
6ff636cdd4
Merge pull request #407 from ArthurHoaro/daily-router
...
Fixes #402 : build the daily page through renderPage()
2015-12-08 21:41:31 +01:00
ArthurHoaro
38603b2450
Fixes #403 : build the daily page through renderPage()
...
* new entry in the Router for daily page.
* add an always displayed button in demo_plugin
2015-12-08 15:51:49 +01:00
ArthurHoaro
aca447a713
Reset permissions on index.php (changed in 18cca483b0
).
2015-12-08 15:09:17 +01:00
ArthurHoaro
18cca483b0
Temporary fix for head titles
...
only set the title on permalink.
2015-12-07 10:29:24 +01:00
ArthurHoaro
2f5c136104
Fixes #399 - show single link title as page title
2015-12-05 11:05:08 +01:00
VirtualTam
4a7af9759a
fix: assign template variables to empty values so they can be evaluated
...
Regression introduced in #394
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-12-03 20:30:46 +01:00
VirtualTam
9ecdeb5452
Bump version to v0.6.1
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-12-01 21:25:50 +01:00
VirtualTam
4407b45fd3
application: default to the "stable" branch for update checks
...
Relates to #372
Relates to #390
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-27 00:10:43 +01:00
VirtualTam
4bf35ba56b
application: refactor version checks, move to ApplicationUtils
...
Relates to #372
Modifications:
- move checkUpdate() to ApplicationUtils
- reduce file I/O operations during version checks
- apply coding conventions
- add test coverage
Tools:
- create a sandbox directory for tests
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-26 23:19:37 +01:00
VirtualTam
61873e3ded
Merge pull request #355 from ArthurHoaro/redirector-url
...
URL encode links when a redirector is set
2015-11-26 23:05:58 +01:00
ArthurHoaro
657f0e25ba
Fixes incorrect call to
...
From 2e28269bae
2015-11-26 20:51:53 +01:00
ArthurHoaro
90e5bd65c9
URL encode links when a redirector is set.
...
Fixes #328 - URL encode links when a redirector is set
* WARNING - template edit - new variable available : "real_url"
Contains the final real url (redirected or any other change on original URL)
* Don't redirect shaares link in RSS/Atom.
* Affects links shaared in description.
* Move text2clickable and keepMultipleSpaces to Utils.php + unit test
UPDATE:
* keepMultipleSpaces renamed to space2nbsp
* space2nbsp improved to handle single space at line beginning
* links in text description aren't 'nofollow' anymore
2015-11-26 20:14:38 +01:00
Nicolas Danelon
1e57f90200
cleanup: remove json_encode() (built-in since PHP 5.2)
...
See http://php.net/manual/en/function.json-encode.php
Legacy since php 5.2.x . If php5.3 is required for the install script
2015-11-25 09:42:29 -03:00
VirtualTam
c9cf2715f0
application: move checkPHPVersion from Utils to ApplicationUtils
...
Relates to #372
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-24 01:40:44 +01:00
VirtualTam
2e28269bae
install: check file/directory permissions for Shaarli resources
...
Relates to #40
Relates to #372
Additions:
- FileUtils: IOException
- ApplicationUtils:
- check if Shaarli resources are accessible with sufficient permissions
- basic test coverage
- index.php:
- check access permissions and redirect to an error page if needed:
- before running the first installation
Modifications:
- LinkDB:
- factorize datastore write code
- check if the datastore
(exists AND is writeable) OR (doesn't exist AND its parent dir is writable)
- raise an IOException if needed
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-24 01:12:35 +01:00
VirtualTam
c580024cfb
Merge pull request #384 from roidelapluie/master
...
fill session info when shaarli is in open mode
2015-11-23 20:24:35 +01:00
Julien Pivotto
02ad8fb6ce
Fix authentification when Shaarli is in Open Mode.
2015-11-23 14:53:34 +01:00
VirtualTam
3d79d82326
Merge pull request #387 from ArthurHoaro/bookmarklet-quote
...
Fixes #382 : Bookmarklet can not retrieve title when there is a quotation mark in it
2015-11-22 18:10:50 +01:00
VirtualTam
c07e166aa2
Merge pull request #376 from ArthurHoaro/opensearch
...
Fixes #176 - Add opensearch functionality
2015-11-22 17:53:24 +01:00
ArthurHoaro
739dc24344
Fixes #382 : Bookmarklet can not retrieve title when there is a quotation mark in it
...
bookmarklet fields weren't correctly escaped
2015-11-22 15:47:41 +01:00
ArthurHoaro
e4b9a7633d
Bugfix: do not store plugin errors in data.php
...
Before this, calling writeConfig() would have write error messages in data.php, because it uses 'plugins' array which is used for plugin configuration.
Causing the message error appear everytime.
2015-11-22 14:45:09 +01:00
ArthurHoaro
98f54239aa
Bump version to v0.6.0
...
Signed-off-by: ArthurHoaro <arthur@hoa.ro>
2015-11-18 13:38:30 +01:00
ArthurHoaro
8f8113b94b
Fixes #176 - Add opensearch functionality
...
* add a new page in Router: do=opensearch which displays the opensearch plugin
* using base64 compressed image to avoid issue encountered with HTTPS
2015-11-17 20:19:44 +01:00
VirtualTam
a7921b2445
cleanup: remove the executable bit from source scripts
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-11 19:19:24 +01:00
VirtualTam
28bb2b74e3
index.php: group globals by theme, format comments
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-11-11 18:45:46 +01:00
Arthur
fd006c630b
Merge pull request #275 from shaarli/plugin-proposition
...
Plugin proposition
2015-11-08 13:29:32 +01:00
ArthurHoaro
056107ab4e
Handle errors raised by plugins in template. fixes #370
2015-11-08 13:22:44 +01:00
ArthurHoaro
6fc14d5303
Plugin system - CORE
...
see shaarli/Shaarli#275
2015-11-07 15:27:17 +01:00
ArthurHoaro
d01c234235
Fixes #356
...
* adding a link should return added link's hash
* allow redirection relative urls in generateLocation
2015-11-04 19:53:59 +01:00
VirtualTam
38bedfbbcd
Bump version to 0.5.4
...
Fixes:
- PHP session IDs: handle hash algorithms and bits per char representations
Minor changes:
- HTTPS: support being served behing an SSL-enabled proxy
- HTTP/Server utilities: refactor & add test coverage
Project & documentation:
- improve/rewrite `README.md`
- update contributor list
- update `index.php` header
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-14 21:02:52 +02:00
VirtualTam
49e2b35b4a
Update project information: contributors, index.php
header
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-14 20:54:13 +02:00
VirtualTam
482d67bd52
HTTP: move server URL functions to HttpUtils.php
...
Relates to #333
Modifications:
- refactor server URL utility functions
- do not access global `$_SERVER` variables
- add test coverage
- improve readability
- apply coding conventions
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-14 20:27:16 +02:00
Fanch
7b114771d3
SSL detection: add support for X-Forwarded-Proto
...
Duplicates #332
See:
- RFC 7239 - Forwarded HTTP Extension
http://www.ietf.org/rfc/rfc7239.txt
- RFC 6238 - Deprecating the "X-" Prefix and Similar Constructs in Application Protocols
http://www.ietf.org/rfc/rfc6648.txt
- StackOverflow - Custom HTTP headers: naming conventions
http://stackoverflow.com/a/3561399
2015-09-13 21:17:01 +02:00
Guillaume Virlet
ef591e7ee2
Url: introduce global helper functions for cleanup and scheme detection
...
Relates to #314 & #326
Additions:
- add global `cleanup_url()` and `get_url_scheme()` functions
Modifications:
- replace `Url` usage in `index.php` by calls to global functions
- fix `Url` tests not being run: PHPUnit expects a single test class per file
- move classes to separate files
2015-09-08 22:00:37 +02:00
VirtualTam
451314eb48
HTTP: move utils to a proper file, add tests
...
Relates to #333
Modifications:
- move HTTP utils to 'application/HttpUtils.php'
- simplify logic
- replace 'http_parse_headers_shaarli' by built-in 'get_headers()'
- remove superfluous '$status' parameter (provided by the HTTP headers)
- apply coding conventions
- add test coverage (unitary only)
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-06 19:30:26 +02:00
VirtualTam
68bc21353a
Session ID: extend the regex to match possible hash representations
...
Improves #306
Relates to #335 & #336
Duplicated by #339
Issues:
- PHP regenerates the session ID if it is not compliant
- the regex checking the session ID does not cover all cases
- different algorithms: md5, sha1, sha256, etc.
- bit representations: 4, 5, 6
Fix:
- `index.php`:
- remove `uniqid()` usage
- call `session_regenerate_id()` if an invalid cookie is detected
- regex: support all possible characters - '[a-zA-Z,-]{2,128}'
- tests: add coverage for all algorithms & bit representations
See:
- http://php.net/manual/en/session.configuration.php#ini.session.hash-function
- https://secure.php.net/manual/en/session.configuration.php#ini.session.hash-bits-per-character
- http://php.net/manual/en/function.session-id.php
- http://php.net/manual/en/function.session-regenerate-id.php
- http://php.net/manual/en/function.hash-algos.php
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-06 16:14:24 +02:00
ArthurHoaro
ce8c4a84ba
Bump version to v0.5.3
...
Fixes a bug that could prevent user to login.
2015-09-02 18:06:21 +02:00
VirtualTam
53cc2b93b8
Bump version to 0.5.2
...
Minor changes
- fix Full Path Disclosure upon cookie forgery
- fix regression preventing to load LinkDB info when adding an existing link
- also extract HTTPS page metadata (title)
- add PHP 7 to Travis platforms
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-31 20:39:27 +02:00
VirtualTam
6211c498f6
Merge pull request #326 from ArthurHoaro/bug-url
...
Fixes #325 - Shaarli does not recognize saved links
2015-08-31 20:31:41 +02:00
ArthurHoaro
26c503460c
Add HTTPS support for title extracting feature
2015-08-31 12:30:59 +02:00
ArthurHoaro
9e1724f192
Fixes #325 - Shaarli does not recognize saved links
...
PHP doesn't seem to autoconvert objects to strings when they're use as array indexes.
Fixes regression introduced in d9d776af19
2015-08-31 12:26:38 +02:00
ArthurHoaro
06b6660a7e
Avoid Full Path Disclosure error on session error.
...
* Add a function to validate session ID.
* Generate a new session ID if an invalid token is passed.
2015-08-22 10:10:55 +02:00
VirtualTam
d7efade5d6
Bump version to 0.5.1
...
Minor changes
- fix 404 after editing a link while being logged out
- update local documentation
- improve timezone detection at installation
- improve feed cache handling
- improve URL cleanup for new links
- add a link to the shaarli/shaarli DockerHub repository
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-18 00:36:55 +02:00
VirtualTam
d9d776af19
Links: refactor & improve URL cleanup
...
Relates to #141
Relates to #133
Modifications
- move URL cleanup to `application/Url.php`
- rework the cleanup function
- fragments: `#stuff`
- GET parameters: `?var1=val1&var2=val2`
- add documentation (APIs the params belong to)
- add test coverage
Reference
- http://php.net/parse_url
- http://php.net/manual/en/language.oop5.magic.php#language.oop5.magic.tostring
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-15 15:58:38 +02:00
VirtualTam
01e48f269d
CachedPage: move to a proper file, add tests
...
Modifications
- rename `pageCache` to `CachedPage`
- move utilities to `Cache`
- do not access globals
- apply coding rules
- update LinkDB and test code
- add test coverage
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-13 23:48:06 +02:00
ArthurHoaro
5fbabbb9be
Fixes #299 : prevent 404 on '?edit_link' while logged out
...
- add a use case for edit_link in logged out part.
- *really* prevent loops on login screen.
2015-08-07 16:26:38 +02:00
VirtualTam
afd7b77b4c
Installation: default to the server's timezone
...
Modifications
- attempt to use the server's timezone
- if none is set, use UTC
- TimeZone: apply coding conventions
- variable naming
- no closing PHP tag
Relates to #274
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-08-04 23:54:03 +02:00
VirtualTam
7d4263e11a
Bump version to 0.5.0
...
Major changes
- fix locale handling
- fix note URLs
- fix page redirections
- fix daily RSS browsing
- fix title display
- fix links not being hidden when `HIDE_PUBLIC_LINKS` is set
- restore compatibility with PHP 5.3
- remove duplicate tags in links
- remove annoying URL patterns
- add Firefox Social API
- Search/Filter by tag fieds can now be accessed quickly with the `Tab` key
- update documentation
- start code refactoring
- move all settings to `data/config.php`
- refactor Config, LinkDB, TimeZone, Utils
- add unit test coverage
- add Travis integration
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-30 11:20:51 +02:00
VirtualTam
d1e2f8e52c
PHP: ensure 5.3 compatibility, refactor timezone utilities
...
Relates to #250
Modifications
- supported version
- bump required version from 5.1.0 to 5.3.x
- update README
- add PHP 5.3 to Travis environments
- rewrite array declarations: explicitely use array() instead of []
- move checkPHPVersion to application/Utils.php
- move timezone functions to application/TimeZone.php
- cleanup code
- improve test coverage
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-13 13:06:06 +02:00
VirtualTam
5b0ebbc5de
Merge pull request #257 from ArthurHoaro/tag-http-referer
...
Prevent redirection loop everytime we rely on HTTP_REFERER
2015-07-12 19:56:13 +02:00
ArthurHoaro
775803a05c
Prevent redirection loop everytime we rely on HTTP_REFERER:
...
* search tag
* delete tag
* pagination
* display privates only
* delete link
* new/edit/cancel link return page
Move location generation to Utils.php + unit tests.
Fixes #256
ninja
2015-07-12 17:43:13 +02:00
Arthur
1dcbe29611
English mistake cf sebsauvage/Shaarli#221
2015-07-12 15:16:37 +02:00
ArthurHoaro
6ac95d9cf1
Fixes warning 'Undefined index: searchtags' while filtering by tags.
...
Happened if there were not any searchtags already present in the query.
2015-07-12 11:36:42 +02:00
Arthur
7bd3542b1b
Merge pull request #262 from ArthurHoaro/dup-tags
...
Avoid tag duplicates
2015-07-12 11:01:24 +02:00
ArthurHoaro
781e8aadea
Avoid tag duplicates
...
* Prevent duplicate client side with awesomplete
* Prevent duplicate server side (save_edit processing)
Fixes #261
2015-07-12 10:34:29 +02:00
VirtualTam
bba021defc
Merge pull request #268 from ArthurHoaro/dailrss-template
...
Include the whole <item> in Daily RSS template
2015-07-11 19:09:52 +02:00
ArthurHoaro
f3b8f9f0f8
Include the whole <item> in dailyRSS
...
Allow custom date format and title in templates.
Also a bit of code style review.
Fixes #182
2015-07-11 10:25:25 +02:00
VirtualTam
50c9a12ee6
Fix: data/config.php was not imported
...
Relates to #255
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-11 00:12:13 +02:00
VirtualTam
e92f1ba59e
Merge pull request #255 from ArthurHoaro/config
...
All settings are now stored in config.php
2015-07-09 21:34:46 +02:00
ArthurHoaro
dd484b90b1
All settings are now stored in config.php
...
Isolate functions related to config in Config.php + add unit tests + code_sniffer.
options.php is not supported anymore, but its content will be automatically saved into config.php
Fixes #shaarli/Shaarli#41
*TODO*: update [documentation](https://github.com/shaarli/Shaarli/wiki#configuration ).
2015-07-09 20:46:03 +02:00
VirtualTam
9186ab9594
LinkDB::filterDay(): check input date format
...
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-07-09 00:44:19 +02:00
ArthurHoaro
f3db3774f9
Fixes #260 : previous/next day links in daily
...
The bug was occuring only if we tried to access to the first day.
2015-07-08 17:12:06 +02:00
VirtualTam
9c8752a206
LinkDB: do not access global variables
...
Relates to #218
Removes "hidden" access to the following variables:
- $GLOBALS['config']['datastore']
- PHPPREFIX
- PHPSUFFIX
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-06-24 23:26:52 +02:00
nodiscc
64bc92e3ac
move escape() and sanitizeLink() to application/Utils.php
...
prevents 'PHP Fatal error: Call to undefined function sanitizeLink() in Shaarli/application/LinkDB.php on line 255' in tests
2015-06-24 01:08:30 +02:00
nodiscc
eaefcba724
Merge remote-tracking branch 'ArthurHoaro/input-escape' into next
...
Conflicts:
index.php
2015-06-24 00:51:38 +02:00
VirtualTam
9f15ca9ee7
LinkDB: add 'hidePublicLinks' parameter to the constructor
...
Fixes #236
Relates to #237
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-06-24 00:26:59 +02:00
ArthurHoaro
c68da3ffbf
Page title if there is a single link
...
Fixes #232
2015-06-23 20:22:02 +02:00
ArthurHoaro
5f85fcd863
Working on shaarli/Shaarli#224
...
I reviewed character escaping everywhere with the following ideas:
* use a single common function to escape user data: `escape` using `htmlspecialchars`.
* sanitize fields in `index.php` after reading them from datastore and before sending them to templates.
It means no escaping function in Twig templates.
2 reasons:
* it reduces risks of security issue for future user made templates
* more readable templates
* sanitize user configuration fields after loading them.
2015-06-23 16:35:36 +02:00
nodiscc
4a5827ff5a
Merge remote-tracking branch 'ArthurHoaro/daily-date' into next
2015-06-23 15:07:03 +02:00
nodiscc
38a0c256d2
Merge remote-tracking branch 'virtualtam/test/link-db' into next
...
Conflicts:
index.php
2015-06-23 14:38:43 +02:00
nodiscc
0fe36414c8
Merge remote-tracking branch 'ArthurHoaro/search-tag-awesomplete' into next
2015-06-23 14:18:31 +02:00
ArthurHoaro
4de71445d3
Daily page: date format in template
...
It only concerns the date of the day in the main title.
Fixes #182
Note that daily RSS feed is not generated through templates. Date are still hard formatted in that case.
2015-06-19 20:23:58 +02:00
VirtualTam
ca74886f30
LinkDB: move to a proper file, add test coverage
...
Relates to #71
LinkDB
- move to application/LinkDB.php
- code cleanup
- indentation
- whitespaces
- formatting
- comment cleanup
- add missing documentation
- unify formatting
Test coverage for LinkDB
- constructor
- public / private access
- link-related methods
Shaarli utilities (LinkDB dependencies)
- move startsWith() and endsWith() functions to application/Utils.php
- add test coverage
Dev utilities
- Composer: add PHPUnit to dev dependencies
- Makefile:
- update lint targets
- add test targets
- generate coverage reports
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-06-11 00:45:45 +02:00
ArthurHoaro
a037ac6963
Do not load links if they're hidden (also fix shaarli/Shaarli#202 )
2015-06-09 14:58:54 +02:00
ArthurHoaro
65d6251744
Add awesomplete to tag search shaarli/Shaarli#49
2015-06-09 14:23:28 +02:00
nodiscc
cbecab7735
split annoyingpatterns list on multpile lines, add new patterns for removal:
...
* utm_content=
* fb=
* xtor=
closes https://github.com/shaarli/Shaarli/issues/136
2015-06-03 15:58:58 +02:00
nodiscc
f95d0428f6
Merge branch 'really-hide' of https://github.com/pikzen/Shaarli into next
2015-05-22 21:07:00 +02:00
nodiscc
8b3c67fccb
Merge remote-tracking branch 'Marsup/firefox-social' into next
2015-05-22 21:04:36 +02:00
Marsup
d33c5d4c3b
Add Firefox Social API to the tools. Fixes #101 .
2015-05-15 16:18:54 +00:00
feula
59c90f5808
Properly hide all links
...
>searchtags
2015-05-11 20:08:38 +02:00
Jonathan Druart
f5b059254f
Display date as today if no articles published
...
On "The Daily Shaarli" page (index.php?do=daily), the date is "Tuesday
30, November 1999" if no articles have been published/shared.
This patch checks the parameter ($linkdate) before the mktime call to
prevent and generate the "day 0" string.
mktime(0,0,0,0,0,0) returns 943916400 (hum?)
2015-05-11 11:16:19 +01:00
nodiscc
caee7ff9cc
change wording and variable names for "Hide public links" feature
2015-04-10 20:52:12 +02:00
nodiscc
0c45b01cc2
Merge remote-tracking branch 'pikzen/disable-public' into next
2015-04-10 20:30:33 +02:00
nodiscc
507849290c
Merge remote-tracking branch 'ArthurHoaro/localecharset' into next
2015-04-10 20:30:15 +02:00
nodiscc
1caf200551
Merge commit '326ae54' into next
2015-04-10 20:28:24 +02:00
feula
8fa1ebd605
Allow disabling all public links, fixes #188
2015-04-09 18:13:11 +02:00
ArthurHoaro
da49603b86
#193 add UTF8 by default to autoLocale
2015-04-08 06:53:34 +02:00
ArthurHoaro
8438a2e5d0
Fixes autoLocale function by trying several way to find a correct one.
...
Fix https://github.com/shaarli/Shaarli/issues/184
2015-04-05 22:01:43 +02:00
dimtion
326ae54d08
Fix missing permalink title when logged in
2015-04-05 18:18:15 +02:00
Florian Eula
b47f515ad3
Display notes as absolute URLs
2015-04-01 11:47:04 +02:00
ArthurHoaro
a5752e776c
Fix bad merge commit
...
Define date format in templates instead of index.php.
Conflicts:
index.php
tpl/dailyrss.html
2015-04-01 00:32:47 +02:00
pikzen
d3b2b456e1
Display notes as absolute urls
...
Fixes https://github.com/shaarli/Shaarli/issues/177
Merge commit '3ea318dad05954e2043d5bb2f8572b103d7c3930' into notes-absolute-url
Conflicts:
index.php
2015-03-31 20:16:06 +02:00
ArthurHoaro
880cbf92ca
Fixes autoLocale function by trying several way to find a correct one.
2015-03-31 13:22:20 +02:00
ArthurHoaro
bec1870180
Define date format in templates instead of index.php.
2015-03-31 13:19:07 +02:00
feula
3ea318dad0
Display notes as absolute urls.
...
The deletion is related to Windows not handling quotes in filenames, see
#179 . It shouldn't delete the real file. Probably. Check it out.
2015-03-29 17:31:38 +02:00
nodiscc
129ff3c2e5
bump version to 0.0.45beta
2015-03-16 16:17:31 +01:00
nodiscc
b4b7d3343a
Merge branch 'picwall-direct-link' into next
2015-03-15 14:24:51 +01:00
nodiscc
aa22244027
bump version to 0.0.44beta
2015-03-15 14:23:55 +01:00
nodiscc
9a631bab7f
Merge remote-tracking branch 'ArthurHoaro/autocomplete' into next
2015-03-15 14:21:59 +01:00
ArthurHoaro
bdd1715b24
Use awesomplete as autocomplete lib and remove jQuery - shaarli/Shaarli#148
...
* Add awesomplete dependancy (source + min + CSS)
* Remove jQuery and jQuery-UI dependancy
* Few CSS ajustements
* Use tags complete list as RainTPL var (and display it as HTML)
* Remove "disable jQuery" feature
* Remove tag list web service
2015-03-12 20:27:16 +01:00
nodiscc
4a1a1190a6
picwall: link directly to the target URL (not the permalink)
2015-03-11 19:19:18 +01:00
nodiscc
3ef1da28e8
Merge pull request #119 from ArthurHoaro/js-link
...
allow 'javascript:' links sharing (bookmarklets)
2015-03-11 19:17:13 +01:00
nodiscc
35c2c4db5b
Redirect to homepage after adding a link via "Add Link" dialog
...
* Fixes https://github.com/shaarli/Shaarli/issues/115
2015-03-05 13:43:53 +01:00
nodiscc
01b8f52718
Merge pull request #141 from nodiscc/cleanurl-filters
...
Add URL cleaning filters + refactoring
2015-03-05 13:42:38 +01:00
nodiscc
baf5cbf27d
Improve URL cleaning:
...
* also remove action_type_map, action_ref_map and action_object maps params used by facebook
2015-03-05 13:40:43 +01:00
nodiscc
403a199409
Improve annoying URL parameters cleaning:
...
* Use regular expressions to avoid suplicating params depending on their position in the URL (¶m=,?param=)
* Only remove the relevant URL pattern and don't remove following params, fixes https://github.com/shaarli/Shaarli/issues/136
* Credits to Marcus Rohrmoser (https://github.com/mro )
2015-03-05 13:33:30 +01:00
nodiscc
ad2a397c66
cleanup: refactor annoying URL patterns in a single loop
...
* fixes https://github.com/shaarli/Shaarli/issues/133
2015-03-04 20:11:39 +01:00
Alexis J
bc1ef5b94a
Add some filters to clean URLs
2015-03-04 20:02:04 +01:00
ArthurHoaro
34047d23fb
Lazy load images with the light lib bLazy.js instead of jQuery:
...
* Remove jquery.lazyload lib
* Add blazy lib
* Add a bit of CSS animation
* Delete unused picwall2 template
2015-03-01 11:23:03 +01:00
nodiscc
dbcad7406e
Prevent visitors from reading shaarli version
...
* fixes https://github.com/shaarli/Shaarli/issues/122
* the shaarli version is now in a php comment block, which prevents
visitors from reading it when it is place on a PHP-enabled server, but
still allows the update mechanism to read it from the source on github.
2015-02-25 13:25:45 +01:00
ArthurHoaro
329e076879
shaarli/Shaarli#34 : Make update check optional
...
* Add a check box at installation (checked by default)
* Add a check box in configuration page
2015-02-20 22:49:41 +01:00
ArthurHoaro
f81139c9b2
Fixes shaarli/Shaarli#46 : allow 'javascript:' links sharing
2015-02-20 21:46:21 +01:00
nodiscc
be3f0b4ec3
bump version to 0.0.43beta
2015-02-20 19:41:53 +01:00
Florian Eula
ff69d87ed9
Only verify login state at the beginning of the request.
...
Moved login check into a function
2015-02-18 21:51:32 +01:00
feula
d528433d73
redirect to previous search (if any) when deleting a link
...
* Fixes https://github.com/shaarli/Shaarli/issues/110
2015-02-17 21:03:22 +01:00
Florian Eula
ed5b38ddd2
Feature: enable/disable permalinks for RSS
...
The option to see the shortlinks or permalinks has been added to the configuration panel. It is a simple checkbox
This option is disabled by default (meaning that shortlinks are the default)
Updated writeConfig() to save this option
Also fixed a slight typo in config.html.
Removed useless CSS & fixed a comment
Enabled permalinks for the ATOM feed and fixed the isPermaLink attribute for the <guid> tag
Reverted to default behavior and clarified its meaning
EnableRssPermalinks is an oddly behaving option: when enabled, it shows a
permalink in the description and a full link in the element title, and
swaps it around when disabled. This clarifies the option for end-users
Also, moved enable_rss_permalinks to $GLOBALS['config'] because it is a
config option.
fix indent
2015-02-07 03:21:30 +01:00
nodiscc
09850e6a20
Merge pull request #98 from ArthurHoaro/port
...
Fix port/server config problems by using php SERVER_NAME instead of HTTP_HOST
2015-01-26 14:49:56 +01:00
nodiscc
852613dece
Merge pull request #100 from virtualtam/daily-timestamp
...
daily: display link timestamps
2015-01-26 13:40:37 +01:00
VirtualTam
04751e0441
w3c: fix HTML syntax errors
...
Fixes #64
All pages:
- add `urlencode` when passing the version to a custom stylesheet;
- set meaningful values of `alt` and `title` for QR-Code images.
Install page:
- the form's `action` attribute must be non-empty;
- the `valign` attribute is deprecated.
Signed-off-by: VirtualTam <virtualtam@flibidi.org>
2015-01-20 02:53:53 +01:00
VirtualTam
38a2d03e34
daily: display link timestamps
...
Fixes #26
Signed-off-by: VirtualTam <virtualtam@flibidi.org>
2015-01-15 00:05:26 +01:00
ArthurHoaro
2f32d0746b
Fixes Port/server config problems - see: https://github.com/shaarli/Shaarli/issues/17
...
* Use SERVER_NAME instead of HTTP_HOST to define current URL (in serverUrl()
* Use SERVER_NAME instead of HTTP_HOST while setting up cookies
2015-01-09 11:46:25 +01:00
ArthurHoaro
fe16b01edb
* removed the language attribute on the script element since it is obsolete and we can safely omit it.
...
* make QRCode JS works with IE :
* behave as a normal link if canvas aren't supported (<=IE8)
* default parameter values in JS aren't widely supported (see: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions/Default_parameters ), use this method instead: http://stackoverflow.com/a/148918/1484919
* dataset isn't supported in IE9 use getAttribute instead
* addEventListener works with IE9+ and other browsers
2015-01-09 09:47:48 +01:00
Emilien Klein
657837af11
Redirect to home page after deleting a link
...
Fixes issue 87
2015-01-04 15:19:14 -05:00
nodiscc
f8d83b35b6
Merge pull request #85 from nodiscc/tagcloud-scaling
...
improve tag cloud font size scaling
2014-12-29 03:00:25 +01:00
nodiscc
1e3b2740e5
improve tag cloud font size scaling
...
* use logarithmic scales
* remove bold style
2014-12-29 02:59:35 +01:00
nodiscc
3259f1a814
Merge pull request #82 from pikzen/fix-search
...
Made tag/title search unicode aware, fixes #75
2014-12-25 01:21:39 +01:00
Florian Eula
cae64e52e4
Refactored the daily column generation (only one loop)
2014-12-25 01:10:58 +01:00
Florian Eula
2e45fdd8ff
Made tag/title search unicode aware, fixes #75
2014-12-22 16:43:37 +01:00
nodiscc
60b83e7cf7
fix quoting error introduced in 712501812b
2014-12-16 19:52:06 +01:00
nodiscc
509762236b
prevent disclosing PHP version on PHP version check error
...
* fixes https://github.com/shaarli/Shaarli/issues/78
* fixes https://github.com/sebsauvage/Shaarli/issues/214
2014-12-16 19:24:37 +01:00
nodiscc
569be2e8d5
prevent disclosing full path when raising "Shaarli directory not writeable" error
...
* work on https://github.com/shaarli/Shaarli/issues/78
2014-12-16 19:23:36 +01:00
Emilien Klein
e5aab50ac4
Fix issue #66 by adding space before "selected"
2014-12-02 23:42:23 +01:00
Florian Eula
aedc912d36
Prevents ?do=addlink from generating a 404 if the user is not logged in
...
Fixes https://github.com/shaarli/Shaarli/issue/47
2014-11-21 18:31:49 +01:00
Florian Eula
732e683bda
Do not add a tag to the search if it's already being searched for
2014-11-21 18:19:37 +01:00
nodiscc
d2f517638c
make archive.org integration optional (ARCHIVE_ORG option, defaults to false)
2014-11-08 18:21:19 +01:00
nodiscc
01ec179148
index.html: add warning message about hostname/cookie storage problems
...
* Fixes https://github.com/sebsauvage/Shaarli/issues/196
* Fixes https://github.com/sebsauvage/Shaarli/issues/97
2014-11-03 13:21:14 +01:00
Emilien Klein
39e41053ad
Merge pull request #36 from nodiscc/https-thumbnails
...
thumbnails: force HTTPS for youtube, imgur, vimeo
2014-10-23 20:06:29 +02:00
nodiscc
1a663a0f2c
thumbnails: force HTTPS for youtube, imgur, vimeo
...
* other services also provide thumbs over HTTPS, but the rewrite expression is more complex, so left out for now
2014-10-23 18:00:21 +02:00
nodiscc
1099d8fcad
Make ATOM toolbar button optional
...
* ATOM button display is now configurable using the SHOW_ATOM variable in index.php or data/options.php (defaults to false)
* Fixes https://github.com/shaarli/Shaarli/issues/24
2014-10-23 17:47:30 +02:00
nodiscc
b11bc5b6f9
update check: check against last version available on github.com/shaarli/Shaarli
...
* fixes https://github.com/shaarli/Shaarli/issues/5
2014-10-21 18:11:16 +02:00
nodiscc
27646ca5b4
add link: in case of empty URL (self-post), prepend "Note: " to the title
...
* Thanks to qwertygc (https://github.com/shaarli/Shaarli/pull/23 )
* Fix small typo
2014-10-21 16:18:25 +02:00
VirtualTam
2f2aa06b95
fix: add missing slash when defining RainTPL's temp dir
...
Signed-off-by: VirtualTam <virtualtam@flibidi.org>
2014-10-19 00:57:41 +02:00
nodiscc
e0cbb07872
Merge pull request #19 from nodiscc/master
...
bookmarklet: use selected text as description when adding a new link
2014-08-19 21:52:36 +02:00
Sbgodin
abc98ab39d
Merge pull request #20 from nodiscc/fix-typos
...
Fix grammar, punctuation, spelling, trailing whitepaces and newlines; Fix typo in css
2014-08-19 21:33:53 +02:00
nodiscc
ad6c27b7b8
Fix grammar, punctuation, spelling, trailing whitepaces and newlines; Fix typo in css
...
Based on respencer's work at https://github.com/respencer/Shaarli/
Closes https://github.com/sebsauvage/Shaarli/pull/103
2014-08-19 18:01:15 +02:00
nodiscc
a1795ddcf3
bookmarklet: use selected text as description when adding a new link
...
* Based on romnGit's work at https://github.com/sebsauvage/Shaarli/pull/104
* Fixes https://github.com/shaarli/Shaarli/issues/18
* Closes https://github.com/sebsauvage/Shaarli/pull/104
* Fixes https://github.com/sebsauvage/Shaarli/issues/53
* Fixes https://github.com/sebsauvage/Shaarli/issues/129
* Fixes https://github.com/sebsauvage/Shaarli/issues/33
2014-08-11 00:13:29 +02:00
Christophe HENRY
3bb684f59f
Removes htaccess file creation and adds them in the repository
...
I also removed the previously created placeholders, which after all, have no more utility.
2014-08-04 00:42:49 +02:00
Christophe HENRY
e7416aba2c
Adds empty directories: cache, data, pagecache and tmp. Removes mkdirs.
...
They are still in .gitignore because their future content will still be ignored.
2014-08-04 00:41:55 +02:00
Christophe HENRY
c614a35db8
Removed redundant check on RAINTPL_TMP directory
...
The same test is already on line 93
2014-07-31 23:31:58 +02:00
Christophe HENRY
25f5c59db6
Adds configuration variables, TPL and TMP, for RainTPL
...
The path for templates and temporary files are now part of the configuration.
For a custom install, it's possible to put these writable directories elsewhere than in the read-only source code.
2014-07-31 23:31:58 +02:00
Christophe HENRY
ebb2880dfc
Adds a configuration variable "titleLink" which allows to customize the
...
link on the title.
2014-07-27 23:32:41 +02:00
Emilien Klein
4ade7393a3
Release version 0.0.42 beta
2014-07-27 22:57:30 +02:00
Christophe HENRY
ae00595b1c
A real "Stay signed in": keep the connection
...
Instead of trusting the php session, it uses a cookie. The php session
sooner or later is distroyed if not used. It depends upon the server
settings. Using a cookie ensures that one really stays signed in.
Dev notes: I wanted to avoid merge conflicts, stay with the main
developper standards and keep the "index.php" in one file. That's why
the code may not be that nice. My own dev level my also explain.
2013-12-05 22:26:04 +01:00
Sébastien SAUVAGE
ab0638edb0
Merge pull request #145 from Alkarex/patch-1
...
smallHash: simplified and improved performance
2013-11-29 13:01:08 -08:00
Sebastien SAUVAGE
53da201749
XSS flaw correction
...
Closes issue https://github.com/sebsauvage/Shaarli/issues/134
2013-11-29 21:53:20 +01:00
Alexandre Alapetite
c002ca9c6b
smallHash: simplified and improved performance
...
Unchanged behaviour
2013-11-10 22:50:34 +01:00
Sebastien SAUVAGE
7b2186a63e
Corrected field focus in bookmarklet
...
Focus was not properly given to description field when it's empty.
2013-09-27 17:08:31 +02:00
Sébastien SAUVAGE
58a8f4cab4
Default example private link changed
...
Default example private link changed from pastebin to ZeroBin.
2013-09-25 10:41:31 +02:00
Sebastien SAUVAGE
c677013b93
Added nb=all to get all links in RSS/ATOM feed.
2013-09-24 22:39:40 +02:00
Sébastien SAUVAGE
eea58b3d5a
Merge pull request #87 from LionelMartin/3385af123f6b4dfc59aeaa69f180381307b64368
...
Added a json_encode implementation for PHP < 5.2 (free.fr)
2013-09-24 02:20:06 -07:00
Sébastien SAUVAGE
3fac0a5257
Added tags+private in shaarli URL
...
Manually merged pull request https://github.com/sebsauvage/Shaarli/pull/99
2013-09-24 11:17:22 +02:00
Sébastien SAUVAGE
85c0205876
Merge pull request #112 from BoboTiG/master
...
RSS/Atom: add a parameter to print only the N last links
2013-09-24 02:10:18 -07:00
Sébastien SAUVAGE
0b88c6022d
Merge pull request #118 from Alkarex/patch-1
...
Corrected error message for lack of write access in ./data
2013-09-24 02:07:21 -07:00
Sébastien SAUVAGE
c4bbb01064
Merge pull request #125 from broncowdd/master
...
Added the possibility to put a description in the bookmarklet's URL
2013-09-24 02:03:26 -07:00
Sébastien SAUVAGE
fdc3c114d1
Merge pull request #126 from Alkarex/Milliseconds
...
Import: add compatibility for milliseconds in NETSCAPE-Bookmark
2013-09-24 02:02:33 -07:00
Alexandre Alapetite
fc93ae1d1a
Import NETSCAPE-Bookmark compatible milliseconds
...
NETSCAPE-Bookmark sometimes contains dates as milliseconds instead of
seconds.
For instance, this is the case of the files gererated for Google +1s by
Google Takeout.
This patch make these files compatible.
2013-09-21 18:15:41 +02:00
Bronco
3057373a25
Added the possibility to put a description in the bookmarklet's URL
2013-09-16 10:32:02 +02:00
lehollandaisvolant
03545ef691
Ajout d’un UA lors de la récupération d’une page externe (certains site veulent un UA)
2013-09-03 15:55:13 +02:00
Alexandre Alapetite
ff63b7d111
Corrected error message for lack of write access in ./data
2013-08-23 17:02:15 +02:00
Sebastien SAUVAGE
002ef0e5c8
Better encoding handling in title parsing
...
Thanks to a patch from Le Hollandais Volant.
2013-08-03 22:10:04 +02:00
Sebastien SAUVAGE
f6a6ca0aec
SERVER_NAME changed to HTTP_HOST
...
SERVER_NAME changed to HTTP_HOST because SERVER_NAME can cause problems
on some misconfigured hosts. HTTP_HOST is usually more reliable with
those servers. (cf.
http://stackoverflow.com/questions/2297403/http-host-vs-server-name ).
This should cause less problem on most hosts.
2013-08-03 22:00:09 +02:00
BoboTiG
fbd9e52716
RSS/Atom: add a parameter to print only the N last links
2013-07-26 08:57:19 +02:00
Lionel Martin
3385af123f
Added json_encode implementation for php<5.2
2013-05-20 19:00:28 +02:00
Sébastien SAUVAGE
87e3d65023
Merge pull request #42 from matchab/master
...
Timezone par défaut
2013-03-11 01:59:48 -07:00
David Sferruzza
a908244cc4
Fix bug producing invalid HTML
2013-03-10 19:03:34 +01:00
Mathieu Chabanon
cb49ab945f
Avoid a strict standard error when php.ini do not define the default
...
timezone.
2013-03-10 14:06:12 +01:00
Sébastien SAUVAGE
310f3ca007
Version 0.0.41 beta
2013-03-08 10:14:31 +01:00
Sebastien SAUVAGE
75e199d606
Correction for login problem with webkit browsers on sub-domain hosted Shaarli.
2013-03-06 23:31:18 +01:00
Sebastien SAUVAGE
979d6334e7
Added second check to write rights.
...
(Because on some hosts is_writable() is not reliable.)
2013-03-04 21:26:06 +01:00
Sebastien SAUVAGE
f2cb5f95a9
Check that Shaarli has the right to write in its own directory.
...
Because some user forget to check this at installation.
2013-03-04 21:14:07 +01:00
Sebastien SAUVAGE
8a80e4fe07
Got rid of small display bugs before installation.
2013-03-04 21:02:24 +01:00
bb8f712db6
[add] https://github.com/sebsauvage/Shaarli/issues/20 New links created as private by default.
2013-03-04 10:18:39 +01:00
Sebastien SAUVAGE
dd064cc315
Added https to list of authorized protocols.
2013-03-03 22:49:10 +01:00
Sebastien SAUVAGE
feebc6d466
Corrected vulnerabilities (see report below)
...
Title : Shaarli Vulnerabilities
Author : @erwan_lr | @_WPScan_
Vendor : http://sebsauvage.net/wiki/doku.php?id=php:shaarli
Download : https://github.com/sebsauvage/Shaarli/archive/master.zip |
http://sebsauvage.net/files/shaarli_0.0.40beta.zip
Affected versions : master-705F835, 0.0.40-beta (versions below may also
be vulnerable)
Vulnerabilities : Persistent XSS & Unvalidated Redirects and Forwards
Persistent XSS :
- During the instalation or configuration modification, the title field
is vulnerable. e.g <script>alert(1)</script>
Quotes can not be used because of var_export(), but String.fromCharCode
works
- The url field of a link is vulnerable :
When there is no redirector : javascript:alert(1)
Then, the code is triggered when a user click the url of a link
Or with a classic XSS : "><script>alert(1)</script>
Unvalidated Redirects and Forwards :
A request with the param linksperpage or privateonly can be used to
redirect a user to an arbitrary referer
e.g
GET /Audit/Shaarli/master-705f835/?linksperpage=10 HTTP/1.1
Host: 127.0.0.1
Referer: https://duckduckgo.com
History :
March 2, 2013
- Vendor contacted
2013-03-03 22:15:38 +01:00
Sebastien SAUVAGE
705f8355a9
Proper redirect in popup when login fails.
...
This corrects issue https://github.com/sebsauvage/Shaarli/issues/10
2013-03-02 14:07:00 +01:00
Sebastien SAUVAGE
858c5c2b43
Added option to disable jQuery and heavy javascript
...
Shaarli uses light Javascript in its normal operation, and some jQuery
for some features (autocomplete in tags, QR-Code popup...).
jQuery can be slow on small computers. An option has been added in
configuration screen to disable javascript features which are hard on
CPU.
(Note that the Picture Wall is awfully heavy *without* jQuery.)
(Side note: A *LOT* of users want Shaarli to work without javasript at
all, if possible. That's why I try to use as few javascript as possible:
It keeps Shaarli pages fast.)
2013-03-01 22:21:10 +01:00
Sebastien SAUVAGE
58046a19ae
URL source in cached RSS feeds.
2013-03-01 17:43:20 +01:00
Sebastien SAUVAGE
dd62b9ba2a
Sort tags
2013-03-01 17:09:52 +01:00
Sebastien SAUVAGE
925f6108ba
Corrected: "Nothing found" when logging out when only private links were displayed.
...
This closes the issues https://github.com/sebsauvage/Shaarli/issues/25
2013-03-01 16:57:34 +01:00
Sébastien SAUVAGE
3e0ef647a3
RSS patch for Thunderbird (and some RSS clients).
...
In the RSS specifications, the "link" tags contains the URL to follow,
and the "guid" contains a unique identifier (which may or may not be an
URL).
RSS clients should always use "link" to follow the link (and most do),
but Thunderbird uses the "guid" if it find a valid URL inside (and only
falls back to "link" if "guid" is not an URL).
I have patched the RSS feed so that Thunderbird ignores the URL in guid.
2013-02-28 14:48:11 +01:00
Sébastien SAUVAGE
f37664a2b8
Check that sessions work before installation.
...
This is necessary because some hosts do not have a properly set
session.save_path parameter in php config, or do not have write access
to the directory.
2013-02-28 10:37:43 +01:00
Sébastien SAUVAGE
a1f5a6ec17
Improved token security
...
...by adding salt. These token are used in form which act on data to
prevent CSRF attacks.
This closes issue https://github.com/sebsauvage/Shaarli/issues/24
2013-02-28 09:19:00 +01:00
Sebastien SAUVAGE
9e8209064d
Corrected thumbnail creation.
...
Because some systems do not allow file overwriting when doing a
rename().
2013-02-27 21:24:41 +01:00
Sébastien SAUVAGE
b342b2a4c7
After clicking save/cancel on a link, scroll to the link itself.
2013-02-27 18:24:07 +01:00
Sébastien SAUVAGE
9e975d86e4
Remove script name from URL if it's index.php
...
(for better looking URLs, eg. http://mysite.com/shaarli/?abcde instead
of http://mysite.com/shaarli/index.php?abcde )
2013-02-27 16:52:32 +01:00
Sébastien SAUVAGE
2abd39052d
Link in description & option to invert link/permalink.
...
Patch for issue https://github.com/sebsauvage/Shaarli/issues/19
Now:
* The (perma)link is added at the bottom of description.
* If "permalinks" is added in URL parameters, link/permalinks will be
swapped.
eg.
* Normal link in title + permalink in description:
http://mysite.com/shaarli/?do=rss
* Permalink in title + normal link in description :
http://mysite.com/shaarli/?do=rss&permalinks
It works for the ATOM feed too.
(Happy ? :-D )
2013-02-27 16:39:16 +01:00
Sébastien SAUVAGE
30b0672d04
Support for magnet links in description.
2013-02-27 15:49:32 +01:00
Sébastien SAUVAGE
64bf914aea
Corrected bug in cache purge.
2013-02-26 16:03:47 +01:00
Sébastien SAUVAGE
543e0c7b56
Typo correction.
2013-02-26 15:01:15 +01:00
Sébastien SAUVAGE
2d9fab88be
Login problem correction
...
This corrects the session problem with some browsers when Shaarli is
hosted on a sub-domain. Please tell me if this corrects login problems
if you had one.
2013-02-26 14:47:47 +01:00
Sébastien SAUVAGE
450342737c
Initial commit (version 0.0.40 beta)
2013-02-26 10:09:41 +01:00