From: ArthurHoaro Date: Mon, 26 Mar 2018 18:26:10 +0000 (+0200) Subject: Merge pull request #1093 from ArthurHoaro/feature/theme-translation X-Git-Tag: v0.10.0~37 X-Git-Url: https://git.immae.eu/?a=commitdiff_plain;h=9b2bd66fb60ffd5a833480bf329062c7d57bc8c4;hp=68c6afc56f3758154cfb96cba6fd48a6b5535590;p=github%2Fshaarli%2FShaarli.git Merge pull request #1093 from ArthurHoaro/feature/theme-translation Load theme translations files automatically --- diff --git a/.htaccess b/.htaccess index 19dd72a8..7ba4744b 100644 --- a/.htaccess +++ b/.htaccess @@ -6,6 +6,10 @@ RewriteEngine On # Prevent accessing subdirectories not managed by SCM RewriteRule ^(.git|doxygen|vendor) - [F] +# Forward the "Authorization" HTTP header +RewriteCond %{HTTP:Authorization} ^(.*) +RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] + # REST API RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d diff --git a/CHANGELOG.md b/CHANGELOG.md index 0e737d8c..3218f4d8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [v0.10.0](https://github.com/shaarli/Shaarli/releases/tag/v0.10.0) - UNPUBLISHED + +## [v0.9.6](https://github.com/shaarli/Shaarli/releases/tag/v0.9.6) - 2018-03-25 +## Changed +- htaccess: prevent accessing resources not managed by SCM +- htaccess: always forward the 'Authorization' HTTP header + + ## [v0.9.5](https://github.com/shaarli/Shaarli/releases/tag/v0.9.5) - 2018-02-02 ### Fixed - Fix a warning happening when `php-intl` is not installed on the system diff --git a/Doxyfile b/Doxyfile index 9a596b53..30f95564 100644 --- a/Doxyfile +++ b/Doxyfile @@ -804,6 +804,7 @@ RECURSIVE = YES # run. EXCLUDE = vendor \ + data \ tpl \ inc \ doc \ diff --git a/Makefile b/Makefile index d659d908..5e3ae26d 100644 --- a/Makefile +++ b/Makefile @@ -192,7 +192,7 @@ authors: ### generate Doxygen documentation doxygen: clean @rm -rf doxygen - @( cat Doxyfile ; echo "PROJECT_NUMBER=`git describe`" ) | doxygen - + @doxygen Doxyfile ### generate HTML documentation from Markdown pages with MkDocs htmldoc: @@ -206,4 +206,4 @@ htmldoc: ### Generate Shaarli's translation compiled file (.mo) translate: - @find inc/languages/ -name shaarli.po -execdir msgfmt shaarli.po -o shaarli.mo \; \ No newline at end of file + @find inc/languages/ -name shaarli.po -execdir msgfmt shaarli.po -o shaarli.mo \; diff --git a/README.md b/README.md index 106384d8..df9018b6 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ _It is designed to be personal (single-user), fast and handy._ [![](https://img.shields.io/badge/stable-v0.8.6-blue.svg)](https://github.com/shaarli/Shaarli/releases/tag/v0.8.6) [![](https://img.shields.io/travis/shaarli/Shaarli/stable.svg?label=stable)](https://travis-ci.org/shaarli/Shaarli) • -[![](https://img.shields.io/badge/latest-v0.9.5-blue.svg)](https://github.com/shaarli/Shaarli/releases/tag/v0.9.5) +[![](https://img.shields.io/badge/latest-v0.9.6-blue.svg)](https://github.com/shaarli/Shaarli/releases/tag/v0.9.6) [![](https://img.shields.io/travis/shaarli/Shaarli/latest.svg?label=latest)](https://travis-ci.org/shaarli/Shaarli) • [![](https://img.shields.io/badge/master-v0.10.x-blue.svg)](https://github.com/shaarli/Shaarli) diff --git a/application/FileUtils.php b/application/FileUtils.php index 918cb83b..b89ea12b 100644 --- a/application/FileUtils.php +++ b/application/FileUtils.php @@ -37,7 +37,7 @@ class FileUtils if (is_file($file) && !is_writeable($file)) { // The datastore exists but is not writeable throw new IOException($file); - } else if (!is_file($file) && !is_writeable(dirname($file))) { + } elseif (!is_file($file) && !is_writeable(dirname($file))) { // The datastore does not exist and its parent directory is not writeable throw new IOException(dirname($file)); } diff --git a/application/LinkFilter.php b/application/LinkFilter.php index 12376e27..e52239b8 100644 --- a/application/LinkFilter.php +++ b/application/LinkFilter.php @@ -117,7 +117,7 @@ class LinkFilter foreach ($this->links as $key => $value) { if ($value['private'] && $visibility === 'private') { $out[$key] = $value; - } else if (! $value['private'] && $visibility === 'public') { + } elseif (! $value['private'] && $visibility === 'public') { $out[$key] = $value; } } @@ -210,7 +210,7 @@ class LinkFilter if ($visibility !== 'all') { if (! $link['private'] && $visibility === 'private') { continue; - } else if ($link['private'] && $visibility === 'public') { + } elseif ($link['private'] && $visibility === 'public') { continue; } } @@ -337,7 +337,7 @@ class LinkFilter if ($visibility !== 'all') { if (! $link['private'] && $visibility === 'private') { continue; - } else if ($link['private'] && $visibility === 'public') { + } elseif ($link['private'] && $visibility === 'public') { continue; } } @@ -380,7 +380,7 @@ class LinkFilter if ($visibility !== 'all') { if (! $link['private'] && $visibility === 'private') { continue; - } else if ($link['private'] && $visibility === 'public') { + } elseif ($link['private'] && $visibility === 'public') { continue; } } diff --git a/application/NetscapeBookmarkUtils.php b/application/NetscapeBookmarkUtils.php index 2aa2da3b..b4d16d00 100644 --- a/application/NetscapeBookmarkUtils.php +++ b/application/NetscapeBookmarkUtils.php @@ -154,10 +154,10 @@ class NetscapeBookmarkUtils if (empty($post['privacy']) || $post['privacy'] == 'default') { // use value from the imported file $private = $bkm['pub'] == '1' ? 0 : 1; - } else if ($post['privacy'] == 'private') { + } elseif ($post['privacy'] == 'private') { // all imported links are private $private = 1; - } else if ($post['privacy'] == 'public') { + } elseif ($post['privacy'] == 'public') { // all imported links are public $private = 0; } diff --git a/application/Updater.php b/application/Updater.php index f07e7697..dece2c02 100644 --- a/application/Updater.php +++ b/application/Updater.php @@ -457,6 +457,32 @@ class Updater } return true; } + + /** + * Add download size and timeout to the configuration file + * + * @return bool true if the update is successful, false otherwise. + */ + public function updateMethodDownloadSizeAndTimeoutConf() + { + if ($this->conf->exists('general.download_max_size') + && $this->conf->exists('general.download_timeout') + ) { + return true; + } + + if (! $this->conf->exists('general.download_max_size')) { + $this->conf->set('general.download_max_size', 1024*1024*4); + } + + if (! $this->conf->exists('general.download_timeout')) { + $this->conf->set('general.download_timeout', 30); + } + + $this->conf->write($this->isLoggedIn); + + return true; + } } /** diff --git a/application/Url.php b/application/Url.php index 21c17ecc..6b9870f0 100644 --- a/application/Url.php +++ b/application/Url.php @@ -81,7 +81,7 @@ function whitelist_protocols($url, $protocols) // Protocol not allowed: we remove it and replace it with http if ($protocol === 1 && ! in_array($match[1], $protocols)) { $url = str_replace($match[0], 'http://', $url); - } else if ($protocol !== 1) { + } elseif ($protocol !== 1) { $url = 'http://' . $url; } return $url; diff --git a/application/api/controllers/History.php b/application/api/controllers/History.php index 2ff9deaf..5cc453bf 100644 --- a/application/api/controllers/History.php +++ b/application/api/controllers/History.php @@ -36,7 +36,7 @@ class History extends ApiController if (empty($offset)) { $offset = 0; } - else if (ctype_digit($offset)) { + elseif (ctype_digit($offset)) { $offset = (int) $offset; } else { throw new ApiBadParametersException('Invalid offset'); @@ -46,7 +46,7 @@ class History extends ApiController $limit = $request->getParam('limit'); if (empty($limit)) { $limit = count($history); - } else if (ctype_digit($limit)) { + } elseif (ctype_digit($limit)) { $limit = (int) $limit; } else { throw new ApiBadParametersException('Invalid limit'); diff --git a/application/api/controllers/Links.php b/application/api/controllers/Links.php index eb78dd26..3a9c0355 100644 --- a/application/api/controllers/Links.php +++ b/application/api/controllers/Links.php @@ -59,9 +59,9 @@ class Links extends ApiController $limit = $request->getParam('limit'); if (empty($limit)) { $limit = self::$DEFAULT_LIMIT; - } else if (ctype_digit($limit)) { + } elseif (ctype_digit($limit)) { $limit = intval($limit); - } else if ($limit === 'all') { + } elseif ($limit === 'all') { $limit = count($links); } else { throw new ApiBadParametersException('Invalid limit'); diff --git a/doc/md/Download-and-Installation.md b/doc/md/Download-and-Installation.md index 0fdbd27d..05f0c8f2 100644 --- a/doc/md/Download-and-Installation.md +++ b/doc/md/Download-and-Installation.md @@ -25,11 +25,11 @@ Using one of the following methods: In most cases, you should download the latest Shaarli release from the [releases](https://github.com/shaarli/Shaarli/releases) page. **Download our *shaarli-full* archive** to include dependencies. -The current latest released version is `v0.9.3` +The current latest released version is `v0.9.6` ```bash -$ wget https://github.com/shaarli/Shaarli/releases/download/v0.9.3/shaarli-v0.9.3-full.zip -$ unzip shaarli-v0.9.3-full.zip +$ wget https://github.com/shaarli/Shaarli/releases/download/v0.9.6/shaarli-v0.9.6-full.zip +$ unzip shaarli-v0.9.6-full.zip $ mv Shaarli /path/to/shaarli/ ``` diff --git a/doc/md/Upgrade-and-migration.md b/doc/md/Upgrade-and-migration.md index f666be75..ac24ff34 100644 --- a/doc/md/Upgrade-and-migration.md +++ b/doc/md/Upgrade-and-migration.md @@ -3,7 +3,7 @@ ### Note your current version If anything goes wrong, it's important for us to know which version you're upgrading from. -The current version is present in the `version.php` file. +The current version is present in the `shaarli_version.php` file. ### Backup your data diff --git a/docker/alpine/Dockerfile.armhf.latest b/docker/alpine/Dockerfile.armhf.latest index c923834a..824a1926 100644 --- a/docker/alpine/Dockerfile.armhf.latest +++ b/docker/alpine/Dockerfile.armhf.latest @@ -37,7 +37,9 @@ RUN curl -L https://github.com/shaarli/Shaarli/archive/latest.tar.gz | tar xzf - && cd shaarli \ && composer --prefer-dist --no-dev install \ && rm -rf ~/.composer \ - && chown -R nginx:nginx . + && chown -R nginx:nginx . \ + && ln -sf /dev/stdout /var/log/nginx/shaarli.access.log \ + && ln -sf /dev/stderr /var/log/nginx/shaarli.error.log VOLUME /var/www/shaarli/data diff --git a/docker/alpine/Dockerfile.armhf.master b/docker/alpine/Dockerfile.armhf.master index 7f1bdf85..6c89adc3 100644 --- a/docker/alpine/Dockerfile.armhf.master +++ b/docker/alpine/Dockerfile.armhf.master @@ -37,7 +37,9 @@ RUN curl -L https://github.com/shaarli/Shaarli/archive/master.tar.gz | tar xzf - && cd shaarli \ && composer --prefer-dist --no-dev install \ && rm -rf ~/.composer \ - && chown -R nginx:nginx . + && chown -R nginx:nginx . \ + && ln -sf /dev/stdout /var/log/nginx/shaarli.access.log \ + && ln -sf /dev/stderr /var/log/nginx/shaarli.error.log VOLUME /var/www/shaarli/data diff --git a/docker/alpine/Dockerfile.latest b/docker/alpine/Dockerfile.latest index e9015c13..755d8751 100644 --- a/docker/alpine/Dockerfile.latest +++ b/docker/alpine/Dockerfile.latest @@ -42,7 +42,12 @@ RUN rm -rf /etc/php7/php-fpm.d/www.conf \ WORKDIR /var/www COPY --from=composer /app/shaarli shaarli +RUN chown -R nginx:nginx . \ + && ln -sf /dev/stdout /var/log/nginx/shaarli.access.log \ + && ln -sf /dev/stderr /var/log/nginx/shaarli.error.log + VOLUME /var/www/shaarli/data + EXPOSE 80 ENTRYPOINT ["/bin/s6-svscan", "/etc/services.d"] diff --git a/docker/alpine/Dockerfile.master b/docker/alpine/Dockerfile.master index 9cb4dec4..0472947f 100644 --- a/docker/alpine/Dockerfile.master +++ b/docker/alpine/Dockerfile.master @@ -42,7 +42,10 @@ RUN rm -rf /etc/php7/php-fpm.d/www.conf \ WORKDIR /var/www COPY --from=composer /app/shaarli shaarli -RUN chown -R nginx:nginx . +RUN chown -R nginx:nginx . \ + && ln -sf /dev/stdout /var/log/nginx/shaarli.access.log \ + && ln -sf /dev/stderr /var/log/nginx/shaarli.error.log + VOLUME /var/www/shaarli/data EXPOSE 80 diff --git a/index.php b/index.php index bd34c0cd..dbc2bb3b 100644 --- a/index.php +++ b/index.php @@ -887,7 +887,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, if (empty($params['searchtags'])) { $params['searchtags'] = trim($_GET['addtag']); } - else if ($addtag) { + elseif ($addtag) { $params['searchtags'] = trim($params['searchtags']).' '.trim($_GET['addtag']); } @@ -953,7 +953,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } else { unset($_SESSION['visibility']); } - } else if ($_GET['visibility'] === 'public') { + } elseif ($_GET['visibility'] === 'public') { if (empty($_SESSION['visibility']) || $_SESSION['visibility'] !== 'public') { // See only public links $_SESSION['visibility'] = 'public'; @@ -1093,7 +1093,6 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $conf->set('general.title', escape($_POST['title'])); $conf->set('general.header_link', escape($_POST['titleLink'])); $conf->set('resource.theme', escape($_POST['theme'])); - $conf->set('redirector.url', escape($_POST['redirector'])); $conf->set('security.session_protection_disabled', !empty($_POST['disablesessionprotection'])); $conf->set('privacy.default_private_links', !empty($_POST['privateLinkByDefault'])); $conf->set('feed.rss_permalinks', !empty($_POST['enableRssPermalinks'])); @@ -1126,7 +1125,6 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $PAGE->assign('title', $conf->get('general.title')); $PAGE->assign('theme', $conf->get('resource.theme')); $PAGE->assign('theme_available', ThemeUtils::getThemes($conf->get('resource.raintpl_tpl'))); - $PAGE->assign('redirector', $conf->get('redirector.url')); list($continents, $cities) = generateTimeZoneData( timezone_identifiers_list(), $conf->get('general.timezone') @@ -1376,7 +1374,12 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, if (empty($title) && strpos(get_url_scheme($url), 'http') !== false) { // Short timeout to keep the application responsive // The callback will fill $charset and $title with data from the downloaded page. - get_http_response($url, 25, 4194304, get_curl_download_callback($charset, $title)); + get_http_response( + $url, + $conf->get('general.download_max_size', 4194304), + $conf->get('general.download_timeout', 30), + get_curl_download_callback($charset, $title) + ); if (! empty($title) && strtolower($charset) != 'utf-8') { $title = mb_convert_encoding($title, 'utf-8', $charset); } diff --git a/plugins/markdown/markdown.php b/plugins/markdown/markdown.php index 6b4aabf3..2f24e417 100644 --- a/plugins/markdown/markdown.php +++ b/plugins/markdown/markdown.php @@ -288,7 +288,7 @@ function sanitize_html($description) $description); } $description = preg_replace( - '#(<[^>]+)on[a-z]*="?[^ "]*"?#is', + '#(<[^>]+\s)on[a-z]*="?[^ "]*"?#is', '$1', $description); return $description; diff --git a/tests/Updater/UpdaterTest.php b/tests/Updater/UpdaterTest.php index fed175df..94e3c7d3 100644 --- a/tests/Updater/UpdaterTest.php +++ b/tests/Updater/UpdaterTest.php @@ -620,4 +620,68 @@ $GLOBALS[\'privateLinkByDefault\'] = true;'; $this->assertTrue($updater->updateMethodAtomDefault()); $this->assertTrue($this->conf->get('feed.show_atom')); } + + /** + * Test updateMethodDownloadSizeAndTimeoutConf, it should be set if none is already defined. + */ + public function testUpdateMethodDownloadSizeAndTimeoutConf() + { + $sandboxConf = 'sandbox/config'; + copy(self::$configFile . '.json.php', $sandboxConf . '.json.php'); + $this->conf = new ConfigManager($sandboxConf); + $updater = new Updater([], [], $this->conf, true); + $this->assertTrue($updater->updateMethodDownloadSizeAndTimeoutConf()); + $this->assertEquals(4194304, $this->conf->get('general.download_max_size')); + $this->assertEquals(30, $this->conf->get('general.download_timeout')); + + $this->conf = new ConfigManager($sandboxConf); + $this->assertEquals(4194304, $this->conf->get('general.download_max_size')); + $this->assertEquals(30, $this->conf->get('general.download_timeout')); + } + + /** + * Test updateMethodDownloadSizeAndTimeoutConf, it shouldn't be set if it is already defined. + */ + public function testUpdateMethodDownloadSizeAndTimeoutConfIgnore() + { + $sandboxConf = 'sandbox/config'; + copy(self::$configFile . '.json.php', $sandboxConf . '.json.php'); + $this->conf = new ConfigManager($sandboxConf); + $this->conf->set('general.download_max_size', 38); + $this->conf->set('general.download_timeout', 70); + $updater = new Updater([], [], $this->conf, true); + $this->assertTrue($updater->updateMethodDownloadSizeAndTimeoutConf()); + $this->assertEquals(38, $this->conf->get('general.download_max_size')); + $this->assertEquals(70, $this->conf->get('general.download_timeout')); + } + + /** + * Test updateMethodDownloadSizeAndTimeoutConf, only the maz size should be set here. + */ + public function testUpdateMethodDownloadSizeAndTimeoutConfOnlySize() + { + $sandboxConf = 'sandbox/config'; + copy(self::$configFile . '.json.php', $sandboxConf . '.json.php'); + $this->conf = new ConfigManager($sandboxConf); + $this->conf->set('general.download_max_size', 38); + $updater = new Updater([], [], $this->conf, true); + $this->assertTrue($updater->updateMethodDownloadSizeAndTimeoutConf()); + $this->assertEquals(38, $this->conf->get('general.download_max_size')); + $this->assertEquals(30, $this->conf->get('general.download_timeout')); + } + + /** + * Test updateMethodDownloadSizeAndTimeoutConf, only the time out should be set here. + */ + public function testUpdateMethodDownloadSizeAndTimeoutConfOnlyTimeout() + { + $sandboxConf = 'sandbox/config'; + copy(self::$configFile . '.json.php', $sandboxConf . '.json.php'); + $this->conf = new ConfigManager($sandboxConf); + $this->conf->set('general.download_timeout', 3); + $updater = new Updater([], [], $this->conf, true); + $this->assertTrue($updater->updateMethodDownloadSizeAndTimeoutConf()); + $this->assertEquals(4194304, $this->conf->get('general.download_max_size')); + $this->assertEquals(3, $this->conf->get('general.download_timeout')); + } } diff --git a/tests/plugins/test/test.php b/tests/plugins/test/test.php index 3d750c90..2aaf5122 100644 --- a/tests/plugins/test/test.php +++ b/tests/plugins/test/test.php @@ -11,7 +11,7 @@ function hook_test_random($data) { if (isset($data['_PAGE_']) && $data['_PAGE_'] == 'test') { $data[1] = 'page test'; - } else if (isset($data['_LOGGEDIN_']) && $data['_LOGGEDIN_'] === true) { + } elseif (isset($data['_LOGGEDIN_']) && $data['_LOGGEDIN_'] === true) { $data[1] = 'loggedin'; } else { $data[1] = $data[0]; diff --git a/tpl/vintage/loginform.html b/tpl/vintage/loginform.html index 2c9b710e..0f7d6387 100644 --- a/tpl/vintage/loginform.html +++ b/tpl/vintage/loginform.html @@ -13,7 +13,7 @@ {include="page.header"}
- {if="!ban_canLogin($conf)"} + {if="!$user_can_login"} You have been banned from login after too many failed attempts. Try later. {else}