Commit Graph

59 Commits

Author SHA1 Message Date
Knah Tsaeb e7dc320890 [add] link to contact page 2013-09-09 10:34:56 +02:00
Knah Tsaeb d6c68fb941 [add] link to contact page 2013-09-09 10:31:32 +02:00
Knah Tsaeb 210d9458eb [upd] link for home page project 2013-05-01 11:30:02 +02:00
Knah Tsaeb 0fc8242df4 [fix] background repeat in login page 2013-04-30 16:24:59 +02:00
Knah Tsaeb b19dda6112 [add] snippet and via input in RSS and ATOM 2013-04-30 15:30:28 +02:00
Knah Tsaeb 5aafc4f292 [add] new style 2013-03-21 12:17:40 +01:00
Knah Tsaeb 9e8e978f3e Merge remote-tracking branch 'origin/master' 2013-03-21 10:51:53 +01:00
Knah Tsaeb 53311376dc [fix] syntax error on loading external javascript 2013-03-21 10:32:42 +01:00
Sébastien SAUVAGE 99954e1290 Merge pull request #43 from dsferruzza/highlight-search-results
Highlight search results
2013-03-11 02:11:47 -07:00
Knah Tsaeb fef1279b23 Merge branch 'master' of git://github.com/sebsauvage/Shaarli
Conflicts:
	.gitignore
2013-03-11 10:10:50 +01:00
Sébastien SAUVAGE 87e3d65023 Merge pull request #42 from matchab/master
Timezone par défaut
2013-03-11 01:59:48 -07:00
Sébastien SAUVAGE 2d21a179b0 Merge pull request #45 from dsferruzza/fix-picwall-bug
Fix picwall bugs
2013-03-11 01:49:50 -07:00
David Sferruzza f2acdfd14e Move lazyload init inside the body tag 2013-03-10 19:04:48 +01:00
David Sferruzza a908244cc4 Fix bug producing invalid HTML 2013-03-10 19:03:34 +01:00
David Sferruzza 9da4953190 Avoid highlighting paging stuff 2013-03-10 18:26:16 +01:00
David Sferruzza 1b647ff409 Highlight search results (issue #4)
Uses http://bartaz.github.com/sandbox.js/jquery.highlight.html
2013-03-10 18:24:05 +01:00
Mathieu Chabanon 6e330f2225 Ingore Eclipse project files 2013-03-10 14:16:29 +01:00
Mathieu Chabanon cb49ab945f Avoid a strict standard error when php.ini do not define the default
timezone.
2013-03-10 14:06:12 +01:00
Knah Tsaeb 29562e2d07 Merge branch 'master' of git://github.com/sebsauvage/Shaarli 2013-03-08 12:09:09 +01:00
Sébastien SAUVAGE 310f3ca007 Version 0.0.41 beta 2013-03-08 10:14:31 +01:00
Sébastien SAUVAGE 41a30d9b2d Merge pull request #37 from sebsauvage/CookieDomain
Correction for login problem with webkit browsers on sub-domain hosted Shaarli.
2013-03-08 01:01:40 -08:00
Sebastien SAUVAGE 75e199d606 Correction for login problem with webkit browsers on sub-domain hosted Shaarli. 2013-03-06 23:31:18 +01:00
Knah Tsaeb dc21529403 Merge remote-tracking branch 'origin/master'
Conflicts:
	tpl/editlink.html
2013-03-05 08:59:04 +01:00
Sebastien SAUVAGE 979d6334e7 Added second check to write rights.
(Because on some hosts is_writable() is not reliable.)
2013-03-04 21:26:06 +01:00
Sebastien SAUVAGE f2cb5f95a9 Check that Shaarli has the right to write in its own directory.
Because some user forget to check this at installation.
2013-03-04 21:14:07 +01:00
Sebastien SAUVAGE 8a80e4fe07 Got rid of small display bugs before installation. 2013-03-04 21:02:24 +01:00
Sébastien SAUVAGE 22701e2d0b Merge pull request #30 from Knah-Tsaeb/master
Merged "Private by default" feature (when creating a new link).
2013-03-04 11:49:33 -08:00
Knah Tsaeb 9de40d272f Merge branch 'master' of git://github.com/sebsauvage/Shaarli
Conflicts:
	index.php
	tpl/includes.html
	tpl/linklist.html
	tpl/page.footer.html
2013-03-04 14:03:46 +01:00
Knah Tsaeb bb8f712db6 [add] https://github.com/sebsauvage/Shaarli/issues/20 New links created as private by default. 2013-03-04 10:18:39 +01:00
Sebastien SAUVAGE dd064cc315 Added https to list of authorized protocols. 2013-03-03 22:49:10 +01:00
Sebastien SAUVAGE feebc6d466 Corrected vulnerabilities (see report below)
Title : Shaarli Vulnerabilities
Author : @erwan_lr | @_WPScan_

Vendor : http://sebsauvage.net/wiki/doku.php?id=php:shaarli
Download : https://github.com/sebsauvage/Shaarli/archive/master.zip |
http://sebsauvage.net/files/shaarli_0.0.40beta.zip
Affected versions : master-705F835, 0.0.40-beta (versions below may also
be vulnerable)

Vulnerabilities : Persistent XSS & Unvalidated Redirects and Forwards

Persistent XSS :
- During the instalation or configuration modification, the title field
is vulnerable. e.g <script>alert(1)</script>
Quotes can not be used because of var_export(), but String.fromCharCode
works

- The url field of a link is vulnerable :

When there is no redirector : javascript:alert(1)
Then, the code is triggered when a user click the url of a link

Or with a classic XSS : "><script>alert(1)</script>

Unvalidated Redirects and Forwards :
A request with the param linksperpage or privateonly can be used to
redirect a user to an arbitrary referer

e.g
GET /Audit/Shaarli/master-705f835/?linksperpage=10 HTTP/1.1
Host: 127.0.0.1
Referer: https://duckduckgo.com

History :
March 2, 2013
- Vendor contacted
2013-03-03 22:15:38 +01:00
Sebastien SAUVAGE 705f8355a9 Proper redirect in popup when login fails.
This corrects issue https://github.com/sebsauvage/Shaarli/issues/10
2013-03-02 14:07:00 +01:00
Sebastien SAUVAGE 858c5c2b43 Added option to disable jQuery and heavy javascript
Shaarli uses light Javascript in its normal operation, and some jQuery
for some features (autocomplete in tags, QR-Code popup...).
jQuery can be slow on small computers. An option has been added in
configuration screen to disable javascript features which are hard on
CPU.
(Note that the Picture Wall is awfully heavy *without* jQuery.)

(Side note: A *LOT* of users want Shaarli to work without javasript at
all, if possible. That's why I try to use as few javascript as possible:
It keeps Shaarli pages fast.)
2013-03-01 22:21:10 +01:00
Sebastien SAUVAGE 58046a19ae URL source in cached RSS feeds. 2013-03-01 17:43:20 +01:00
Sebastien SAUVAGE dd62b9ba2a Sort tags 2013-03-01 17:09:52 +01:00
Sebastien SAUVAGE 925f6108ba Corrected: "Nothing found" when logging out when only private links were displayed.
This closes the issues https://github.com/sebsauvage/Shaarli/issues/25
2013-03-01 16:57:34 +01:00
Knah Tsaeb edfa09c1f5 Who have add index.php in tpl dir ....... Oups it's me sorry 2013-02-28 17:03:56 +01:00
Knah Tsaeb eb0ada01e6 Merge remote-tracking branch 'origin/master' 2013-02-28 15:07:09 +01:00
Knah Tsaeb e074ff6499 Add link the homepage 2013-02-28 15:01:26 +01:00
Sébastien SAUVAGE 3e0ef647a3 RSS patch for Thunderbird (and some RSS clients).
In the RSS specifications, the "link" tags contains the URL to follow,
and the "guid" contains a unique identifier (which may or may not be an
URL).
RSS clients should always use "link" to follow the link (and most do),
but Thunderbird uses the "guid" if it find a valid URL inside (and only
falls back to "link" if "guid" is not an URL).

I have patched the RSS feed so that Thunderbird ignores the URL in guid.
2013-02-28 14:48:11 +01:00
Knah Tsaeb 1eacb94c3e Merge remote-tracking branch 'origin/master'
Conflicts:
	tpl/linklist.html
2013-02-28 14:45:11 +01:00
Knah Tsaeb 7d65e5207f Add .settings (Apatana) dir to .gitignore 2013-02-28 11:15:39 +01:00
Sébastien SAUVAGE f37664a2b8 Check that sessions work before installation.
This is necessary because some hosts do not have a properly set
session.save_path parameter in php config, or do not have write access
to the directory.
2013-02-28 10:37:43 +01:00
Sébastien SAUVAGE a1f5a6ec17 Improved token security
...by adding salt. These token are used in form which act on data to
prevent CSRF attacks.
This closes issue https://github.com/sebsauvage/Shaarli/issues/24
2013-02-28 09:19:00 +01:00
Sebastien SAUVAGE 9e8209064d Corrected thumbnail creation.
Because some systems do not allow file overwriting when doing a
rename().
2013-02-27 21:24:41 +01:00
Sébastien SAUVAGE ab7ac1870e Pueril addition of the logo in Readme for GitHub master page. 2013-02-27 18:58:26 +01:00
Sébastien SAUVAGE b342b2a4c7 After clicking save/cancel on a link, scroll to the link itself. 2013-02-27 18:24:07 +01:00
Sébastien SAUVAGE b2877611c3 Edit/delete button on the left-side of links.
https://github.com/sebsauvage/Shaarli/issues/5
2013-02-27 17:46:45 +01:00
Sébastien SAUVAGE 9e975d86e4 Remove script name from URL if it's index.php
(for better looking URLs, eg. http://mysite.com/shaarli/?abcde instead
of http://mysite.com/shaarli/index.php?abcde)
2013-02-27 16:52:32 +01:00
Sébastien SAUVAGE 2abd39052d Link in description & option to invert link/permalink.
Patch for issue https://github.com/sebsauvage/Shaarli/issues/19

Now:
* The (perma)link is added at the bottom of description.
* If "permalinks" is added in URL parameters, link/permalinks will be
swapped.

eg.
* Normal link in title + permalink in description:
http://mysite.com/shaarli/?do=rss
* Permalink in title + normal link in description :
http://mysite.com/shaarli/?do=rss&permalinks

It works for the ATOM feed too.

(Happy ?   :-D  )
2013-02-27 16:39:16 +01:00