From: ArthurHoaro <arthur@hoa.ro>
Date: Sun, 15 Jan 2017 13:01:47 +0000 (+0100)
Subject: Merge pull request #746 from ArthurHoaro/hotfix/delete-button
X-Git-Tag: v0.9.0~68
X-Git-Url: https://git.immae.eu/?a=commitdiff_plain;h=5fbab3edb300ad770d88f40ba1cc50d5b93a5bb8;hp=066333c03ca6f484b8e1505e7626d2d01f252bf5;p=github%2Fshaarli%2FShaarli.git

Merge pull request #746 from ArthurHoaro/hotfix/delete-button

Fix delete button in editlink
---

diff --git a/.gitattributes b/.gitattributes
index d753b1db..059fbb18 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -19,6 +19,7 @@ Dockerfile      text
 
 # Exclude from Git archives
 .gitattributes  export-ignore
+.github         export-ignore
 .gitignore      export-ignore
 .travis.yml     export-ignore
 doc/**/*.json   export-ignore
diff --git a/.github/mailmap b/.github/mailmap
new file mode 100644
index 00000000..41d91e47
--- /dev/null
+++ b/.github/mailmap
@@ -0,0 +1,13 @@
+ArthurHoaro <arthur@hoa.ro>
+Florian Eula <eula.florian@gmail.com> feula
+Florian Eula <eula.florian@gmail.com> <mr.pikzen@gmail.com>
+Nicolas Danelon <hi@nicolasmd.com.ar> nicolasm
+Nicolas Danelon <hi@nicolasmd.com.ar> <nda@3818.com.ar>
+Nicolas Danelon <hi@nicolasmd.com.ar> <nicolasdanelon@gmail.com>
+Nicolas Danelon <hi@nicolasmd.com.ar> <nicolasdanelon@users.noreply.github.com>
+Sébastien Sauvage <sebsauvage@sebsauvage.net>
+Timo Van Neerden <fire@lehollandaisvolant.net>
+Timo Van Neerden <fire@lehollandaisvolant.net> lehollandaisvolant <levoltigeurhollandais@gmail.com>
+VirtualTam <virtualtam@flibidi.net> <tamisier.aurelien@gmail.com>
+VirtualTam <virtualtam@flibidi.net> <virtualtam+github@flibidi.net>
+VirtualTam <virtualtam@flibidi.net> <virtualtam@flibidi.org>
diff --git a/AUTHORS b/AUTHORS
new file mode 100644
index 00000000..aa041ae9
--- /dev/null
+++ b/AUTHORS
@@ -0,0 +1,40 @@
+   327	ArthurHoaro <arthur@hoa.ro>
+   188	VirtualTam <virtualtam@flibidi.net>
+   132	nodiscc <nodiscc@gmail.com>
+    56	Sébastien Sauvage <sebsauvage@sebsauvage.net>
+    15	Florian Eula <eula.florian@gmail.com>
+    13	Emilien Klein <emilien@klein.st>
+    12	Nicolas Danelon <hi@nicolasmd.com.ar>
+     7	Christophe HENRY <christophe.henry@sbgodin.fr>
+     4	Alexandre Alapetite <alexandre@alapetite.fr>
+     4	David Sferruzza <david.sferruzza@gmail.com>
+     3	Teromene <teromene@teromene.fr>
+     2	Chris Kuethe <chris.kuethe@gmail.com>
+     2	Knah Tsaeb <Knah-Tsaeb@knah-tsaeb.org>
+     2	Mathieu Chabanon <git@matchab.fr>
+     2	Miloš Jovanović <mjovanovic@gmail.com>
+     2	Qwerty <champlywood@free.fr>
+     2	Timo Van Neerden <fire@lehollandaisvolant.net>
+     2	julienCXX <software@chmodplusx.eu>
+     2	kalvn <kalvnthereal@gmail.com>
+     1	Adrien Oliva <adrien.oliva@yapbreak.fr>
+     1	Alexis J <alexis@effingo.be>
+     1	BoboTiG <bobotig@gmail.com>
+     1	Bronco <bronco@warriordudimanche.net>
+     1	D Low <daniellowtw@gmail.com>
+     1	Dimtion <zizou.xena@gmail.com>
+     1	Fanch <fanch-github@qth.fr>
+     1	Felix Bartels <felix@host-consultants.de>
+     1	Felix Kästner <github.com-fpunktk@fpunktk.de>
+     1	Florian Voigt <flvoigt@me.com>
+     1	Gary Marigliano <gmarigliano93@gmail.com>
+     1	Guillaume Virlet <github@virlet.org>
+     1	Jonathan Druart <jonathan.druart@gmail.com>
+     1	Julien Pivotto <roidelapluie@inuits.eu>
+     1	Kevin Canévet <kevin@streamroot.io>
+     1	Knah Tsaeb <knah-tsaeb@knah-tsaeb.org>
+     1	Lionel Martin <renarddesmers@gmail.com>
+     1	Marsup <marsup@gmail.com>
+     1	Sbgodin <Sbgodin@users.noreply.github.com>
+     1	TsT <tst2005@gmail.com>
+     1	dimtion <zizou.xena@gmail.com>
diff --git a/COPYING b/COPYING
index 547ea570..4bbdf2b3 100644
--- a/COPYING
+++ b/COPYING
@@ -1,33 +1,7 @@
 Files: *
 License: zlib/libpng
 Copyright: (c) 2011-2015 Sébastien SAUVAGE <sebsauvage@sebsauvage.net>
-           (c) 2011-2015 Alexandre Alapetite <alexandre@alapetite.fr>
-           (c) 2011-2015 David Sferruzza <david.sferruzza@gmail.com>
-           (c) 2011-2015 Christophe HENRY <christophe.henry@sbgodin.fr>
-           (c) 2011-2015 Mathieu Chabanon <git@matchab.fr>
-           (c) 2011-2015 BoboTiG <bobotig@gmail.com>
-           (c) 2011-2015 Bronco <bronco@warriordudimanche.net>
-           (c) 2011-2015 Emilien Klein <emilien@klein.st>
-           (c) 2011-2015 Knah Tsaeb <knah-tsaeb@knah-tsaeb.org>
-           (c) 2011-2015 Lionel Martin <renarddesmers@gmail.com>
-           (c) 2011-2015 lehollandaisvolant <levoltigeurhollandais@gmail.com>
-           (c) 2011-2015 timo van neerden <fire@lehollandaisvolant.net>
-           (c) 2011-2015 nodiscc <nodiscc@gmail.com>
-           (c) 2011-2015 Florian Eula <mr.pikzen@gmail.com>
-           (c) 2011-2015 Arthur Hoaro <arthur@hoa.ro>
-           (c) 2011-2015 Aurélien "VirtualTam" Tamisier <virtualtam@flibidi.net>
-           (c) 2011-2015 qwertygc <champlywood@free.fr>
-           (c) 2011-2015 idleman <idleman@idleman.fr>
-           (c) 2015 Alexis Ju <alexis@effingo.be>
-           (c) 2015 dimtion <zizou.xena@gmail.com>
-           (c) 2015 Fanch <fanch-github@qth.fr>
-           (c) 2015 Guillaume Virlet <github@virlet.org>
-           (c) 2015 Felix Bartels <felix@host-consultants.de>
-           (c) 2015 Marsup <marsup@gmail.com>
-           (c) 2015 Miloš Jovanović <mjovanovic@gmail.com>
-           (c) 2015 Nicolás Danelón <hola@nicolasdanelon.com.ar>
-           (c) 2015 TsT <tst2005@gmail.com>
-
+           (c) 2011-2017 The Shaarli Community, see AUTHORS
 
 Files: inc/reset.css
 License: BSD (http://opensource.org/licenses/BSD-3-Clause)
diff --git a/Makefile b/Makefile
index 60aec9a0..f3065b77 100644
--- a/Makefile
+++ b/Makefile
@@ -169,6 +169,12 @@ clean:
 	@git clean -df
 	@rm -rf sandbox
 
+### generate the AUTHORS file from Git commit information
+authors:
+	@cp .github/mailmap .mailmap
+	@git shortlog -sne > AUTHORS
+	@rm .mailmap
+
 ### generate Doxygen documentation
 doxygen: clean
 	@rm -rf doxygen
@@ -214,4 +220,4 @@ htmlpages:
 			-o doc/$$base.html $$file; \
 	done;
 
-htmldoc: doc htmlsidebar htmlpages
+htmldoc: authors doc htmlsidebar htmlpages
diff --git a/application/HttpUtils.php b/application/HttpUtils.php
index e8fc1f5d..a81f9056 100644
--- a/application/HttpUtils.php
+++ b/application/HttpUtils.php
@@ -122,7 +122,7 @@ function get_http_response($url, $timeout = 30, $maxBytes = 4194304)
     $content = substr($response, $headSize);
     $headers = array();
     foreach (preg_split('~[\r\n]+~', $rawHeadersLastRedir) as $line) {
-        if (empty($line) or ctype_space($line)) {
+        if (empty($line) || ctype_space($line)) {
             continue;
         }
         $splitLine = explode(': ', $line, 2);
diff --git a/application/LinkUtils.php b/application/LinkUtils.php
index cf58f808..976474de 100644
--- a/application/LinkUtils.php
+++ b/application/LinkUtils.php
@@ -89,7 +89,9 @@ function count_private($links)
 {
     $cpt = 0;
     foreach ($links as $link) {
-        $cpt = $link['private'] == true ? $cpt + 1 : $cpt;
+        if ($link['private']) {
+            $cpt += 1;
+        }
     }
 
     return $cpt;
diff --git a/application/Updater.php b/application/Updater.php
index 621c7238..eb03c6d3 100644
--- a/application/Updater.php
+++ b/application/Updater.php
@@ -69,7 +69,7 @@ class Updater
             return $updatesRan;
         }
 
-        if ($this->methods == null) {
+        if ($this->methods === null) {
             throw new UpdaterException('Couldn\'t retrieve Updater class methods.');
         }
 
@@ -308,6 +308,22 @@ class Updater
 
         return true;
     }
+
+    /**
+     * Move the file to inc/user.css to data/user.css.
+     *
+     * Note: Due to hardcoded paths, it's not unit testable. But one line of code should be fine.
+     *
+     * @return bool true if the update is successful, false otherwise.
+     */
+    public function updateMethodMoveUserCss()
+    {
+        if (! is_file('inc/user.css')) {
+            return true;
+        }
+
+        return rename('inc/user.css', 'data/user.css');
+    }
 }
 
 /**
diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php
index 162e88e0..522091ca 100644
--- a/application/api/ApiMiddleware.php
+++ b/application/api/ApiMiddleware.php
@@ -98,8 +98,7 @@ class ApiMiddleware
      * @throws ApiAuthorizationException The token couldn't be validated.
      */
     protected function checkToken($request) {
-        $jwt = $request->getHeaderLine('jwt');
-        if (empty($jwt)) {
+        if (! $request->hasHeader('Authorization')) {
             throw new ApiAuthorizationException('JWT token not provided');
         }
 
@@ -107,7 +106,13 @@ class ApiMiddleware
             throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration');
         }
 
-        ApiUtils::validateJwtToken($jwt, $this->conf->get('api.secret'));
+        $authorization = $request->getHeaderLine('Authorization');
+
+        if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) {
+            throw new ApiAuthorizationException('Invalid JWT header');
+        }
+
+        ApiUtils::validateJwtToken($matches[1], $this->conf->get('api.secret'));
     }
 
     /**
diff --git a/index.php b/index.php
index e553d1dd..a54dfb1d 100644
--- a/index.php
+++ b/index.php
@@ -204,7 +204,7 @@ function setup_login_state($conf)
 	}
 	// If session does not exist on server side, or IP address has changed, or session has expired, logout.
 	if (empty($_SESSION['uid'])
-        || ($conf->get('security.session_protection_disabled') == false && $_SESSION['ip'] != allIPs())
+        || ($conf->get('security.session_protection_disabled') === false && $_SESSION['ip'] != allIPs())
         || time() >= $_SESSION['expires_on'])
 	{
 	    logout();
diff --git a/tests/api/ApiMiddlewareTest.php b/tests/api/ApiMiddlewareTest.php
index 4d4dd9b9..d9753b1d 100644
--- a/tests/api/ApiMiddlewareTest.php
+++ b/tests/api/ApiMiddlewareTest.php
@@ -143,7 +143,7 @@ class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase
         $env = Environment::mock([
             'REQUEST_METHOD' => 'GET',
             'REQUEST_URI' => '/echo',
-            'HTTP_JWT'=> 'jwt',
+            'HTTP_AUTHORIZATION'=> 'Bearer jwt',
         ]);
         $request = Request::createFromEnvironment($env);
         $response = new Response();
@@ -157,7 +157,30 @@ class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase
     }
 
     /**
-     * Invoke the middleware without an invalid JWT token (debug):
+     * Invoke the middleware with an invalid JWT token header
+     */
+    public function testInvalidJwtAuthHeaderDebug()
+    {
+        $this->conf->set('dev.debug', true);
+        $mw = new ApiMiddleware($this->container);
+        $env = Environment::mock([
+            'REQUEST_METHOD' => 'GET',
+            'REQUEST_URI' => '/echo',
+            'HTTP_AUTHORIZATION'=> 'PolarBearer jwt',
+        ]);
+        $request = Request::createFromEnvironment($env);
+        $response = new Response();
+        /** @var Response $response */
+        $response = $mw($request, $response, null);
+
+        $this->assertEquals(401, $response->getStatusCode());
+        $body = json_decode((string) $response->getBody());
+        $this->assertEquals('Not authorized: Invalid JWT header', $body->message);
+        $this->assertContains('ApiAuthorizationException', $body->stacktrace);
+    }
+
+    /**
+     * Invoke the middleware with an invalid JWT token (debug):
      * should return a 401 error Unauthorized - with a specific message and a stacktrace.
      *
      * Note: specific JWT errors tests are handled in ApiUtilsTest.
@@ -169,7 +192,7 @@ class ApiMiddlewareTest extends \PHPUnit_Framework_TestCase
         $env = Environment::mock([
             'REQUEST_METHOD' => 'GET',
             'REQUEST_URI' => '/echo',
-            'HTTP_JWT'=> 'bad jwt',
+            'HTTP_AUTHORIZATION'=> 'Bearer jwt',
         ]);
         $request = Request::createFromEnvironment($env);
         $response = new Response();
diff --git a/tpl/default/includes.html b/tpl/default/includes.html
index c3b837f5..17b78b17 100644
--- a/tpl/default/includes.html
+++ b/tpl/default/includes.html
@@ -8,7 +8,7 @@
 <link href="images/favicon.ico#" rel="shortcut icon" type="image/x-icon" />
 <link type="text/css" rel="stylesheet" href="css/reset.css" />
 <link type="text/css" rel="stylesheet" href="css/shaarli.css" />
-{if="is_file('inc/user.css')"}<link type="text/css" rel="stylesheet" href="inc/user.css#" />{/if}
+{if="is_file('data/user.css')"}<link type="text/css" rel="stylesheet" href="data/user.css#" />{/if}
 {loop="$plugins_includes.css_files"}
 <link type="text/css" rel="stylesheet" href="{$value}#"/>
 {/loop}