Knah-Tsaeb
/
MyShaarli
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,356 Commits 8 Branches 1 Tag 9.7 MiB
Commit Graph

1356 Commits

Author SHA1 Message Date
Mark Schmitz ee93a09387 remove environment specific .gitignore entries 2018-06-07 18:11:04 +01:00
Mark Schmitz 0deaedeeae Merge remote-tracking branch 'upstream/master' 2018-06-07 14:23:53 +01:00
Mark Schmitz f6b3295d28 also for new default tpl add meta tag to block sending the referrer vintage -> #692 2018-06-07 14:23:41 +01:00
ArthurHoaro 17e45b2e9c
Merge pull request #1143 from ArthurHoaro/sort-equal-tags 
Fix order of tags with the same number of occurrences
 2018-06-04 18:34:50 +02:00
VirtualTam d9cd27322a
Merge pull request #1086 from virtualtam/refactor/login 
Refactor user login and session management
 2018-06-03 18:26:32 +02:00
VirtualTam 8edd7f1588 SessionManager+LoginManager: fix checkLoginState logic 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-06-02 16:46:06 +02:00
VirtualTam 704637bfeb Add test coverage for LoginManager methods 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-06-02 16:46:26 +02:00
VirtualTam ebf6151738 SessionManager: remove unused UID token 
There already are dedicated tokens for:
- CSRF protection
- user stay-signed-in feature, via cookie

This token was most likely intended as a randomly generated,
server-side, secret key to be used when generating hashes.

See http://sebsauvage.net/wiki/doku.php?id=php:session [FR]

Relevant section:

  Une clé secrète unique aléatoire est générée côté serveur (et jamais
  envoyée). Elle peut servir pour signer les formulaires (HMAC) ou
  générer des token de formulaires (protection contre XSRF).
  Voir $_SESSION['uid'].

Translation:

  A unique, server-side secret key is randomly generated (and never
  transmitted). It can be used to sign forms (HMAC) or generate form
  tokens (protection against XSRF).
  See $_SESSION['uid']

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-06-02 16:46:06 +02:00
VirtualTam c689e10863 Refactor LoginManager stay-signed-in token management 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-06-02 16:46:06 +02:00
VirtualTam 51f0128cdb Refactor session and cookie timeout control 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-06-02 16:46:06 +02:00
VirtualTam fab87c2696 Move LoginManager and SessionManager to the Security namespace 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-06-02 16:46:06 +02:00
VirtualTam 68dcaccfa4 LoginManager: remove unused parameter 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-06-02 16:46:06 +02:00
VirtualTam 89ccc83ba4 Login: update PageBuilder and default/vintage templates 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-06-02 16:46:06 +02:00
VirtualTam 8474208474 Pass the client IP ID to LoginManager 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-06-02 16:46:06 +02:00
VirtualTam c7721487b2 Delegate session operations to SessionManager 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-06-02 16:45:54 +02:00
VirtualTam 1b28c66cc7 Document LoginManager properties 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-05-29 22:53:54 +02:00
VirtualTam 63ea23c2a6 Refactor user credential validation at login time 
Changed:
- move login/password verification to LoginManager
- code cleanup

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-05-29 22:53:54 +02:00
VirtualTam 49f1832316 Refactor PHP session handling during login/logout 
Changed:
- move $_SESSION handling to SessionManager
- code cleanup

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-05-29 22:53:54 +02:00
VirtualTam db45a36a53 Refactor SessionManager::$INACTIVITY_TIMEOUT 
Changed:
- move INACTIVITY_TIMEOUT to SessionManager
- inject a dependency to a SessionManager instance in:
  - fillSessionInfo()
  - setup_login_state()
  - check_auth()
- cleanup related code and comments

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-05-29 22:53:54 +02:00
VirtualTam 88110550b8 Refactor client session hijacking protection 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-05-29 22:53:54 +02:00
ArthurHoaro f8c5660df8 Tag sort - UT + comment + fix filter and visibility 
Before this, linksCountPerTag call without would have ignored visibility parameter
 2018-05-29 20:52:30 +02:00
ArthurHoaro 8f816d8ddf
Merge pull request #1135 from ArthurHoaro/ci/csslint 
Reformat SCSS to SASS format and run SASSLint in CI
 2018-05-29 20:20:02 +02:00
ArthurHoaro cdebf7f9b4
Merge pull request #1140 from ArthurHoaro/hotfix/markdown-rss-permalink 
Fix feed permalink rendering with markdown escape set to true
 2018-05-29 19:33:20 +02:00
ArthurHoaro f28396a2f8 Fix order of tags with the same number of occurrences 
Fixes #1142
 2018-05-19 15:47:55 +02:00
ArthurHoaro dd6794cff8 Fix feed permalink rendering with markdown escape set to true 
Fixes #1134
 2018-05-19 12:55:43 +02:00
ArthurHoaro 73da3a269b
Merge pull request #1138 from ArthurHoaro/stakali 
Adds Stakali Android app to 3rd party lists
 2018-05-17 09:19:12 +02:00
ArthurHoaro 4de024d7c3 Adds Stakali Android app to 3rd party lists 2018-05-13 12:35:30 +02:00
ArthurHoaro 03b483aa45 Add SASSLint makefile target, and run it in CI 
Also move ESLint and SASSLint config files to a dedicated .dev folder
 2018-05-10 13:29:47 +02:00
ArthurHoaro 9d0fc86250 Add classes to default template to avoid using IDs in SCSS 2018-05-10 13:26:11 +02:00
ArthurHoaro c69585f303 Reformat default theme SCSS to match SASS rules 2018-05-10 13:25:07 +02:00
ArthurHoaro 73c5af594c
Merge pull request #1116 from ArthurHoaro/ci/eslint 
Use Travis stages to run JS tests separately
 2018-05-06 12:43:33 +02:00
ArthurHoaro 16d35cf77e Use Travis stages to run JS tests separately 2018-05-05 14:12:46 +02:00
ArthurHoaro 3e35fc10e5
Merge pull request #1133 from ArthurHoaro/hotfix/title-dl 
Title retrieval fixes
 2018-05-02 18:28:09 +02:00
ArthurHoaro a1b727efb7 Support redirection in cURL download callback 2018-05-01 16:44:51 +02:00
ArthurHoaro 8d2cac1be6 Fix parameter order which was preventing max_dl parameter to work properly 2018-05-01 16:40:08 +02:00
nodiscc 3c0e27eec7
Merge pull request #1081 from nodiscc/doc-merge-sharing 
doc: merge all sharing methods under a single "Sharing content" page
 2018-04-18 19:57:36 +02:00
Buster One 7ca124079e German language created (#1114) 
* Added german language selection

* German language file created

* typo

* extra space removed and typo corrected

* lines 1314 through 1408 removed as suggested
 2018-04-15 14:53:09 +02:00
nodiscc 67a5c6d6f3 remove duplicate translation 2018-04-14 14:22:02 +02:00
nodiscc 2e47af897e doc: sharing: add link to REST API documentation 2018-04-14 14:15:00 +02:00
nodiscc 630790a1aa doc: optimize PNGs with pngcrush 
164k -> 156k
 2018-04-14 14:15:00 +02:00
nodiscc bf7993dceb doc: add edit_icon.png to git repository 
optimize icon with optipng/pngcrush (3.30%)
 2018-04-14 14:15:00 +02:00
nodiscc 6af9363aa5 update PO strings for Edit/New Shaare 
update french translation
 2018-04-14 14:15:00 +02:00
nodiscc 5991f7a993 default/editlink.tpl: title: Shaare -> New Shaare 2018-04-14 14:15:00 +02:00
nodiscc 80786e150d doc: merge all sharing methods under a single "Sharing content" page 
* formatting, wording, reordering, general improvements
 * move blog/pastebin/notepad item from index.md to this page
 * add TODOs
 * add the new page to mkdocs TOC

Part of https://github.com/shaarli/Shaarli/issues/598
 2018-04-14 14:14:59 +02:00
ArthurHoaro 14dd77ad7e
Merge pull request #1126 from kramred/master 
load user css at last, after plugin css to enable changing plugin styles
 2018-04-14 13:32:34 +02:00
Mark Schmitz 66d37a4fb4 add loading user css at last to vintage tpl 2018-04-13 14:06:27 +01:00
Mark Schmitz d811e4fda6 load user css at last, after plugin css to enable changing plugin styles 2018-04-13 13:21:58 +01:00
VirtualTam 237e7836c0
Merge pull request #1121 from virtualtam/node/packaging-metadata 
Update frontend metadata and COPYING
 2018-04-08 18:22:47 +02:00
VirtualTam aec5a76b67 Cleanup unused asset resources 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-04-05 20:54:55 +02:00
VirtualTam d66b5acb24 Update documentation and Doxygen icon location 
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
 2018-04-05 20:54:23 +02:00