Knah Tsaeb
b19dda6112
[add] snippet and via input in RSS and ATOM
2013-04-30 15:30:28 +02:00
Knah Tsaeb
5aafc4f292
[add] new style
2013-03-21 12:17:40 +01:00
Knah Tsaeb
9e8e978f3e
Merge remote-tracking branch 'origin/master'
2013-03-21 10:51:53 +01:00
Knah Tsaeb
53311376dc
[fix] syntax error on loading external javascript
2013-03-21 10:32:42 +01:00
Sébastien SAUVAGE
99954e1290
Merge pull request #43 from dsferruzza/highlight-search-results
...
Highlight search results
2013-03-11 02:11:47 -07:00
Knah Tsaeb
fef1279b23
Merge branch 'master' of git://github.com/sebsauvage/Shaarli
...
Conflicts:
.gitignore
2013-03-11 10:10:50 +01:00
Sébastien SAUVAGE
87e3d65023
Merge pull request #42 from matchab/master
...
Timezone par défaut
2013-03-11 01:59:48 -07:00
Sébastien SAUVAGE
2d21a179b0
Merge pull request #45 from dsferruzza/fix-picwall-bug
...
Fix picwall bugs
2013-03-11 01:49:50 -07:00
David Sferruzza
f2acdfd14e
Move lazyload init inside the body tag
2013-03-10 19:04:48 +01:00
David Sferruzza
a908244cc4
Fix bug producing invalid HTML
2013-03-10 19:03:34 +01:00
David Sferruzza
9da4953190
Avoid highlighting paging stuff
2013-03-10 18:26:16 +01:00
David Sferruzza
1b647ff409
Highlight search results (issue #4 )
...
Uses http://bartaz.github.com/sandbox.js/jquery.highlight.html
2013-03-10 18:24:05 +01:00
Mathieu Chabanon
6e330f2225
Ingore Eclipse project files
2013-03-10 14:16:29 +01:00
Mathieu Chabanon
cb49ab945f
Avoid a strict standard error when php.ini do not define the default
...
timezone.
2013-03-10 14:06:12 +01:00
Knah Tsaeb
29562e2d07
Merge branch 'master' of git://github.com/sebsauvage/Shaarli
2013-03-08 12:09:09 +01:00
Sébastien SAUVAGE
310f3ca007
Version 0.0.41 beta
2013-03-08 10:14:31 +01:00
Sébastien SAUVAGE
41a30d9b2d
Merge pull request #37 from sebsauvage/CookieDomain
...
Correction for login problem with webkit browsers on sub-domain hosted Shaarli.
2013-03-08 01:01:40 -08:00
Sebastien SAUVAGE
75e199d606
Correction for login problem with webkit browsers on sub-domain hosted Shaarli.
2013-03-06 23:31:18 +01:00
Knah Tsaeb
dc21529403
Merge remote-tracking branch 'origin/master'
...
Conflicts:
tpl/editlink.html
2013-03-05 08:59:04 +01:00
Sebastien SAUVAGE
979d6334e7
Added second check to write rights.
...
(Because on some hosts is_writable() is not reliable.)
2013-03-04 21:26:06 +01:00
Sebastien SAUVAGE
f2cb5f95a9
Check that Shaarli has the right to write in its own directory.
...
Because some user forget to check this at installation.
2013-03-04 21:14:07 +01:00
Sebastien SAUVAGE
8a80e4fe07
Got rid of small display bugs before installation.
2013-03-04 21:02:24 +01:00
Sébastien SAUVAGE
22701e2d0b
Merge pull request #30 from Knah-Tsaeb/master
...
Merged "Private by default" feature (when creating a new link).
2013-03-04 11:49:33 -08:00
Knah Tsaeb
9de40d272f
Merge branch 'master' of git://github.com/sebsauvage/Shaarli
...
Conflicts:
index.php
tpl/includes.html
tpl/linklist.html
tpl/page.footer.html
2013-03-04 14:03:46 +01:00
Knah Tsaeb
bb8f712db6
[add] https://github.com/sebsauvage/Shaarli/issues/20 New links created as private by default.
2013-03-04 10:18:39 +01:00
Sebastien SAUVAGE
dd064cc315
Added https to list of authorized protocols.
2013-03-03 22:49:10 +01:00
Sebastien SAUVAGE
feebc6d466
Corrected vulnerabilities (see report below)
...
Title : Shaarli Vulnerabilities
Author : @erwan_lr | @_WPScan_
Vendor : http://sebsauvage.net/wiki/doku.php?id=php:shaarli
Download : https://github.com/sebsauvage/Shaarli/archive/master.zip |
http://sebsauvage.net/files/shaarli_0.0.40beta.zip
Affected versions : master-705F835, 0.0.40-beta (versions below may also
be vulnerable)
Vulnerabilities : Persistent XSS & Unvalidated Redirects and Forwards
Persistent XSS :
- During the instalation or configuration modification, the title field
is vulnerable. e.g <script>alert(1)</script>
Quotes can not be used because of var_export(), but String.fromCharCode
works
- The url field of a link is vulnerable :
When there is no redirector : javascript:alert(1)
Then, the code is triggered when a user click the url of a link
Or with a classic XSS : "><script>alert(1)</script>
Unvalidated Redirects and Forwards :
A request with the param linksperpage or privateonly can be used to
redirect a user to an arbitrary referer
e.g
GET /Audit/Shaarli/master-705f835/?linksperpage=10 HTTP/1.1
Host: 127.0.0.1
Referer: https://duckduckgo.com
History :
March 2, 2013
- Vendor contacted
2013-03-03 22:15:38 +01:00
Sebastien SAUVAGE
705f8355a9
Proper redirect in popup when login fails.
...
This corrects issue https://github.com/sebsauvage/Shaarli/issues/10
2013-03-02 14:07:00 +01:00
Sebastien SAUVAGE
858c5c2b43
Added option to disable jQuery and heavy javascript
...
Shaarli uses light Javascript in its normal operation, and some jQuery
for some features (autocomplete in tags, QR-Code popup...).
jQuery can be slow on small computers. An option has been added in
configuration screen to disable javascript features which are hard on
CPU.
(Note that the Picture Wall is awfully heavy *without* jQuery.)
(Side note: A *LOT* of users want Shaarli to work without javasript at
all, if possible. That's why I try to use as few javascript as possible:
It keeps Shaarli pages fast.)
2013-03-01 22:21:10 +01:00
Sebastien SAUVAGE
58046a19ae
URL source in cached RSS feeds.
2013-03-01 17:43:20 +01:00
Sebastien SAUVAGE
dd62b9ba2a
Sort tags
2013-03-01 17:09:52 +01:00
Sebastien SAUVAGE
925f6108ba
Corrected: "Nothing found" when logging out when only private links were displayed.
...
This closes the issues https://github.com/sebsauvage/Shaarli/issues/25
2013-03-01 16:57:34 +01:00
Knah Tsaeb
edfa09c1f5
Who have add index.php in tpl dir ....... Oups it's me sorry
2013-02-28 17:03:56 +01:00
Knah Tsaeb
eb0ada01e6
Merge remote-tracking branch 'origin/master'
2013-02-28 15:07:09 +01:00
Knah Tsaeb
e074ff6499
Add link the homepage
2013-02-28 15:01:26 +01:00
Sébastien SAUVAGE
3e0ef647a3
RSS patch for Thunderbird (and some RSS clients).
...
In the RSS specifications, the "link" tags contains the URL to follow,
and the "guid" contains a unique identifier (which may or may not be an
URL).
RSS clients should always use "link" to follow the link (and most do),
but Thunderbird uses the "guid" if it find a valid URL inside (and only
falls back to "link" if "guid" is not an URL).
I have patched the RSS feed so that Thunderbird ignores the URL in guid.
2013-02-28 14:48:11 +01:00
Knah Tsaeb
1eacb94c3e
Merge remote-tracking branch 'origin/master'
...
Conflicts:
tpl/linklist.html
2013-02-28 14:45:11 +01:00
Knah Tsaeb
7d65e5207f
Add .settings (Apatana) dir to .gitignore
2013-02-28 11:15:39 +01:00
Sébastien SAUVAGE
f37664a2b8
Check that sessions work before installation.
...
This is necessary because some hosts do not have a properly set
session.save_path parameter in php config, or do not have write access
to the directory.
2013-02-28 10:37:43 +01:00
Sébastien SAUVAGE
a1f5a6ec17
Improved token security
...
...by adding salt. These token are used in form which act on data to
prevent CSRF attacks.
This closes issue https://github.com/sebsauvage/Shaarli/issues/24
2013-02-28 09:19:00 +01:00
Sebastien SAUVAGE
9e8209064d
Corrected thumbnail creation.
...
Because some systems do not allow file overwriting when doing a
rename().
2013-02-27 21:24:41 +01:00
Sébastien SAUVAGE
ab7ac1870e
Pueril addition of the logo in Readme for GitHub master page.
2013-02-27 18:58:26 +01:00
Sébastien SAUVAGE
b342b2a4c7
After clicking save/cancel on a link, scroll to the link itself.
2013-02-27 18:24:07 +01:00
Sébastien SAUVAGE
b2877611c3
Edit/delete button on the left-side of links.
...
https://github.com/sebsauvage/Shaarli/issues/5
2013-02-27 17:46:45 +01:00
Sébastien SAUVAGE
9e975d86e4
Remove script name from URL if it's index.php
...
(for better looking URLs, eg. http://mysite.com/shaarli/?abcde instead
of http://mysite.com/shaarli/index.php?abcde )
2013-02-27 16:52:32 +01:00
Sébastien SAUVAGE
2abd39052d
Link in description & option to invert link/permalink.
...
Patch for issue https://github.com/sebsauvage/Shaarli/issues/19
Now:
* The (perma)link is added at the bottom of description.
* If "permalinks" is added in URL parameters, link/permalinks will be
swapped.
eg.
* Normal link in title + permalink in description:
http://mysite.com/shaarli/?do=rss
* Permalink in title + normal link in description :
http://mysite.com/shaarli/?do=rss&permalinks
It works for the ATOM feed too.
(Happy ? :-D )
2013-02-27 16:39:16 +01:00
Sébastien SAUVAGE
30b0672d04
Support for magnet links in description.
2013-02-27 15:49:32 +01:00
Knah Tsaeb
24391820a1
[add] Print domain name for @via link
2013-02-27 12:24:51 +01:00
Knah Tsaeb
3732e83db9
Première version de MyOnSni
2013-02-27 12:00:16 +01:00
Sébastien SAUVAGE
64bf914aea
Corrected bug in cache purge.
2013-02-26 16:03:47 +01:00