]>
git.immae.eu Git - github/shaarli/Shaarli.git/log
ArthurHoaro [Thu, 7 Jun 2018 17:58:58 +0000 (19:58 +0200)]
Fixes an error during the install
was out of scope
ArthurHoaro [Thu, 7 Jun 2018 17:17:32 +0000 (19:17 +0200)]
Merge pull request #1151 from kramred/master
Add <meta> tag for referrer same-origin also to new default tpl
Mark Schmitz [Thu, 7 Jun 2018 17:11:04 +0000 (18:11 +0100)]
remove environment specific .gitignore entries
Mark Schmitz [Thu, 7 Jun 2018 13:23:53 +0000 (14:23 +0100)]
Merge remote-tracking branch 'upstream/master'
Mark Schmitz [Thu, 7 Jun 2018 13:23:41 +0000 (14:23 +0100)]
also for new default tpl add meta tag to block sending the referrer vintage -> #692
ArthurHoaro [Mon, 4 Jun 2018 16:34:50 +0000 (18:34 +0200)]
Merge pull request #1143 from ArthurHoaro/sort-equal-tags
Fix order of tags with the same number of occurrences
VirtualTam [Sun, 3 Jun 2018 16:26:32 +0000 (18:26 +0200)]
Merge pull request #1086 from virtualtam/refactor/login
Refactor user login and session management
VirtualTam [Wed, 30 May 2018 00:09:09 +0000 (02:09 +0200)]
SessionManager+LoginManager: fix checkLoginState logic
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Sun, 6 May 2018 15:12:48 +0000 (17:12 +0200)]
Add test coverage for LoginManager methods
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Thu, 10 May 2018 11:07:51 +0000 (13:07 +0200)]
SessionManager: remove unused UID token
There already are dedicated tokens for:
- CSRF protection
- user stay-signed-in feature, via cookie
This token was most likely intended as a randomly generated,
server-side, secret key to be used when generating hashes.
See http://sebsauvage.net/wiki/doku.php?id=php:session [FR]
Relevant section:
Une clé secrète unique aléatoire est générée côté serveur (et jamais
envoyée). Elle peut servir pour signer les formulaires (HMAC) ou
générer des token de formulaires (protection contre XSRF).
Voir $_SESSION['uid'].
Translation:
A unique, server-side secret key is randomly generated (and never
transmitted). It can be used to sign forms (HMAC) or generate form
tokens (protection against XSRF).
See $_SESSION['uid']
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Sun, 6 May 2018 15:06:36 +0000 (17:06 +0200)]
Refactor LoginManager stay-signed-in token management
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Fri, 27 Apr 2018 21:17:38 +0000 (23:17 +0200)]
Refactor session and cookie timeout control
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Fri, 27 Apr 2018 20:12:22 +0000 (22:12 +0200)]
Move LoginManager and SessionManager to the Security namespace
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Fri, 27 Apr 2018 20:00:35 +0000 (22:00 +0200)]
LoginManager: remove unused parameter
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Wed, 18 Apr 2018 21:45:05 +0000 (23:45 +0200)]
Login: update PageBuilder and default/vintage templates
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Wed, 18 Apr 2018 21:09:45 +0000 (23:09 +0200)]
Pass the client IP ID to LoginManager
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Tue, 3 Apr 2018 22:54:59 +0000 (00:54 +0200)]
Delegate session operations to SessionManager
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Tue, 3 Apr 2018 22:43:48 +0000 (00:43 +0200)]
Document LoginManager properties
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Sat, 17 Feb 2018 00:46:27 +0000 (01:46 +0100)]
Refactor user credential validation at login time
Changed:
- move login/password verification to LoginManager
- code cleanup
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Sat, 17 Feb 2018 00:14:58 +0000 (01:14 +0100)]
Refactor PHP session handling during login/logout
Changed:
- move $_SESSION handling to SessionManager
- code cleanup
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Fri, 16 Feb 2018 21:21:59 +0000 (22:21 +0100)]
Refactor SessionManager::$INACTIVITY_TIMEOUT
Changed:
- move INACTIVITY_TIMEOUT to SessionManager
- inject a dependency to a SessionManager instance in:
- fillSessionInfo()
- setup_login_state()
- check_auth()
- cleanup related code and comments
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Fri, 16 Feb 2018 20:51:44 +0000 (21:51 +0100)]
Refactor client session hijacking protection
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
ArthurHoaro [Tue, 29 May 2018 18:52:30 +0000 (20:52 +0200)]
Tag sort - UT + comment + fix filter and visibility
Before this, linksCountPerTag call without would have ignored visibility parameter
ArthurHoaro [Tue, 29 May 2018 18:20:02 +0000 (20:20 +0200)]
Merge pull request #1135 from ArthurHoaro/ci/csslint
Reformat SCSS to SASS format and run SASSLint in CI
ArthurHoaro [Tue, 29 May 2018 17:33:20 +0000 (19:33 +0200)]
Merge pull request #1140 from ArthurHoaro/hotfix/markdown-rss-permalink
Fix feed permalink rendering with markdown escape set to true
ArthurHoaro [Sat, 19 May 2018 13:47:55 +0000 (15:47 +0200)]
Fix order of tags with the same number of occurrences
Fixes #1142
ArthurHoaro [Sat, 19 May 2018 10:55:43 +0000 (12:55 +0200)]
Fix feed permalink rendering with markdown escape set to true
Fixes #1134
ArthurHoaro [Thu, 17 May 2018 07:19:12 +0000 (09:19 +0200)]
Merge pull request #1138 from ArthurHoaro/stakali
Adds Stakali Android app to 3rd party lists
ArthurHoaro [Sun, 13 May 2018 10:32:41 +0000 (12:32 +0200)]
Adds Stakali Android app to 3rd party lists
ArthurHoaro [Thu, 10 May 2018 11:29:47 +0000 (13:29 +0200)]
Add SASSLint makefile target, and run it in CI
Also move ESLint and SASSLint config files to a dedicated .dev folder
ArthurHoaro [Thu, 10 May 2018 11:26:11 +0000 (13:26 +0200)]
Add classes to default template to avoid using IDs in SCSS
ArthurHoaro [Thu, 10 May 2018 11:25:07 +0000 (13:25 +0200)]
Reformat default theme SCSS to match SASS rules
ArthurHoaro [Sun, 6 May 2018 10:43:33 +0000 (12:43 +0200)]
Merge pull request #1116 from ArthurHoaro/ci/eslint
Use Travis stages to run JS tests separately
ArthurHoaro [Sat, 31 Mar 2018 11:49:07 +0000 (13:49 +0200)]
Use Travis stages to run JS tests separately
ArthurHoaro [Wed, 2 May 2018 16:28:09 +0000 (18:28 +0200)]
Merge pull request #1133 from ArthurHoaro/hotfix/title-dl
Title retrieval fixes
ArthurHoaro [Tue, 1 May 2018 14:44:51 +0000 (16:44 +0200)]
Support redirection in cURL download callback
ArthurHoaro [Tue, 1 May 2018 14:40:08 +0000 (16:40 +0200)]
Fix parameter order which was preventing max_dl parameter to work properly
nodiscc [Wed, 18 Apr 2018 17:57:36 +0000 (19:57 +0200)]
Merge pull request #1081 from nodiscc/doc-merge-sharing
doc: merge all sharing methods under a single "Sharing content" page
Buster One [Sun, 15 Apr 2018 12:53:09 +0000 (14:53 +0200)]
German language created (#1114)
* Added german language selection
* German language file created
* typo
* extra space removed and typo corrected
* lines 1314 through 1408 removed as suggested
nodiscc [Sat, 14 Apr 2018 12:22:02 +0000 (14:22 +0200)]
remove duplicate translation
nodiscc [Fri, 9 Feb 2018 18:03:42 +0000 (19:03 +0100)]
doc: sharing: add link to REST API documentation
nodiscc [Fri, 9 Feb 2018 17:46:28 +0000 (18:46 +0100)]
doc: optimize PNGs with pngcrush
164k -> 156k
nodiscc [Fri, 9 Feb 2018 17:44:06 +0000 (18:44 +0100)]
doc: add edit_icon.png to git repository
optimize icon with optipng/pngcrush (3.30%)
nodiscc [Fri, 9 Feb 2018 17:39:39 +0000 (18:39 +0100)]
update PO strings for Edit/New Shaare
update french translation
nodiscc [Fri, 9 Feb 2018 17:21:53 +0000 (18:21 +0100)]
default/editlink.tpl: title: Shaare -> New Shaare
nodiscc [Wed, 7 Feb 2018 19:10:05 +0000 (20:10 +0100)]
doc: merge all sharing methods under a single "Sharing content" page
* formatting, wording, reordering, general improvements
* move blog/pastebin/notepad item from index.md to this page
* add TODOs
* add the new page to mkdocs TOC
Part of https://github.com/shaarli/Shaarli/issues/598
ArthurHoaro [Sat, 14 Apr 2018 11:32:34 +0000 (13:32 +0200)]
Merge pull request #1126 from kramred/master
load user css at last, after plugin css to enable changing plugin styles
Mark Schmitz [Fri, 13 Apr 2018 13:06:27 +0000 (14:06 +0100)]
add loading user css at last to vintage tpl
Mark Schmitz [Fri, 13 Apr 2018 12:21:58 +0000 (13:21 +0100)]
load user css at last, after plugin css to enable changing plugin styles
VirtualTam [Sun, 8 Apr 2018 16:22:47 +0000 (18:22 +0200)]
Merge pull request #1121 from virtualtam/node/packaging-metadata
Update frontend metadata and COPYING
VirtualTam [Thu, 5 Apr 2018 18:54:55 +0000 (20:54 +0200)]
Cleanup unused asset resources
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Thu, 5 Apr 2018 18:54:23 +0000 (20:54 +0200)]
Update documentation and Doxygen icon location
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Wed, 4 Apr 2018 21:39:15 +0000 (23:39 +0200)]
Update COPYING
Relates to https://github.com/shaarli/Shaarli/pull/1072
Changed:
- update paths to resource files (assets, images)
Removed:
- references to resources now resolved through NPM
- licenses corresponding to the aforementioned resources
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Tue, 3 Apr 2018 21:36:15 +0000 (23:36 +0200)]
Update NPM frontend metadata
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Tue, 3 Apr 2018 21:33:20 +0000 (23:33 +0200)]
Update EditorConfig for frontend resources
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
ArthurHoaro [Sat, 31 Mar 2018 11:55:08 +0000 (13:55 +0200)]
Merge pull request #1115 from ArthurHoaro/parsedown-version
Update parsedown to its latest version instead of fixed 1.6
ArthurHoaro [Sat, 31 Mar 2018 10:50:03 +0000 (12:50 +0200)]
Update parsedown to its latest version instead of fixed 1.6
ArthurHoaro [Sat, 31 Mar 2018 10:02:13 +0000 (12:02 +0200)]
Remove minified JS libs
ArthurHoaro [Wed, 28 Mar 2018 17:08:32 +0000 (19:08 +0200)]
Merge pull request #1113 from ArthurHoaro/docker/node-yarn-webpack
Docker: build frontend dependencies with node and yarn
ArthurHoaro [Wed, 28 Mar 2018 17:08:06 +0000 (19:08 +0200)]
Merge pull request #1072 from ArthurHoaro/feature/modern-front-end
Manage frontend dependencies with npm/yarn and webpack
ArthurHoaro [Sat, 24 Feb 2018 17:46:11 +0000 (18:46 +0100)]
Webpack / Documentation update
ArthurHoaro [Sat, 24 Feb 2018 17:37:57 +0000 (18:37 +0100)]
Webpack / Configure webpack, ESLint, Travis, Makefile, npm/yarn and git
ArthurHoaro [Sat, 24 Feb 2018 17:34:50 +0000 (18:34 +0100)]
Webpack / Update front paths in template files
ArthurHoaro [Sat, 24 Feb 2018 17:30:30 +0000 (18:30 +0100)]
Webpack / Rewrite all JS to ES6 Syntax
ArthurHoaro [Sat, 24 Feb 2018 17:18:33 +0000 (18:18 +0100)]
Webpack / Remove frontend dependencies from tpl/ & inc/ and move them to assets/
ArthurHoaro [Mon, 26 Mar 2018 18:24:01 +0000 (20:24 +0200)]
Docker: build frontend dependencies with node and yarn
ArthurHoaro [Mon, 26 Mar 2018 18:26:10 +0000 (20:26 +0200)]
Merge pull request #1093 from ArthurHoaro/feature/theme-translation
Load theme translations files automatically
ArthurHoaro [Sat, 24 Feb 2018 17:46:11 +0000 (18:46 +0100)]
Webpack / Documentation update
ArthurHoaro [Sat, 24 Feb 2018 17:37:57 +0000 (18:37 +0100)]
Webpack / Configure webpack, ESLint, Travis, Makefile, npm/yarn and git
ArthurHoaro [Sat, 24 Feb 2018 17:34:50 +0000 (18:34 +0100)]
Webpack / Update front paths in template files
ArthurHoaro [Sat, 24 Feb 2018 17:30:30 +0000 (18:30 +0100)]
Webpack / Rewrite all JS to ES6 Syntax
ArthurHoaro [Sat, 24 Feb 2018 17:18:33 +0000 (18:18 +0100)]
Webpack / Remove frontend dependencies from tpl/ & inc/ and move them to assets/
ArthurHoaro [Mon, 26 Feb 2018 21:53:00 +0000 (22:53 +0100)]
Load theme translations files automatically
Fixes #1077
Take a look at the docs update to see how it works
ArthurHoaro [Mon, 26 Mar 2018 16:55:41 +0000 (18:55 +0200)]
Merge pull request #1103 from dennisverspuij/fix-on-in-markdown
Fix removal of on=... attributes from html (generated from markdown)
VirtualTam [Sun, 25 Mar 2018 18:43:53 +0000 (20:43 +0200)]
Merge pull request #1110 from virtualtam/doc/v0.9.6
Documentation: release v0.9.6
VirtualTam [Sun, 25 Mar 2018 18:09:26 +0000 (20:09 +0200)]
Documentation: release v0.9.6
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Sun, 25 Mar 2018 17:04:05 +0000 (19:04 +0200)]
Merge pull request #1107 from virtualtam/apache/htaccess/jwt-header
httpd: always forward the 'Authorization' header
VirtualTam [Sun, 25 Mar 2018 12:40:39 +0000 (14:40 +0200)]
Merge pull request #1109 from ilesinge/patch-1
Documentation : Fix current version file name
VirtualTam [Sun, 25 Mar 2018 12:39:09 +0000 (14:39 +0200)]
Merge pull request #1108 from virtualtam/fix/template/vintage/check-login-ban
fix: IP ban check for the Vintage theme
Alexandre G.-Raymond [Sun, 25 Mar 2018 12:08:07 +0000 (14:08 +0200)]
Fix current version file name in docs
VirtualTam [Sat, 24 Mar 2018 20:55:03 +0000 (21:55 +0100)]
fix: IP ban check for the Vintage theme
Introduced by https://github.com/shaarli/Shaarli/pull/1008
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Thu, 22 Mar 2018 21:23:41 +0000 (22:23 +0100)]
httpd: always forward the 'Authorization' header
On some Apache HTTPD setups where the CGI/FastCGI mode is used, the HTTP header
containing the JWT token is not forwarded, which results in the following error
when attempting to use the REST API:
"401 Not authorized: JWT token not provided"
This patch allows forwarding the 'Authorization' header. An alternative would
be to use the `CGIPassAuth` directive to allow all authorization headers to be
forwarded.
See:
- https://secure.php.net/manual/en/features.http-auth.php#114877
- https://stackoverflow.com/questions/
26475885 /authorization-header-missing-in-php-post-request
- https://stackoverflow.com/questions/
13387516 /authorization-header-missing-in-django-rest-framework-is-apache-to-blame
- https://stackoverflow.com/questions/
17018586 /apache-2-4-php-fpm-and-authorization-headers
- https://httpd.apache.org/docs/2.4/en/mod/core.html#cgipassauth
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
VirtualTam [Mon, 19 Mar 2018 21:22:12 +0000 (22:22 +0100)]
Merge pull request #1100 from Angristan/docker-logs
Nginx logs to stdout for Docker images
Dennis Verspuij [Mon, 19 Mar 2018 10:01:20 +0000 (10:01 +0000)]
Fix removal of on=... attributes from html generated from markdown
ArthurHoaro [Wed, 14 Mar 2018 17:25:22 +0000 (18:25 +0100)]
Merge pull request #1102 from ArthurHoaro/fix/settings-warning
Fix warning when trying to save redictor setting from the configure page
ArthurHoaro [Tue, 13 Mar 2018 17:11:58 +0000 (18:11 +0100)]
Fix warning when trying to save redictor setting from the configure page
It has been removed from the web page.
Fixes #1099
ArthurHoaro [Tue, 13 Mar 2018 17:02:49 +0000 (18:02 +0100)]
Merge pull request #1096 from ArthurHoaro/feature/download-params
Make max download size and timeout configurable
Angristan [Sun, 11 Mar 2018 20:06:14 +0000 (21:06 +0100)]
Nginx logs to stdout for Docker Alpine images
ArthurHoaro [Wed, 28 Feb 2018 21:29:43 +0000 (22:29 +0100)]
Make max download size and timeout configurable
Fixes #1061
ArthurHoaro [Wed, 7 Mar 2018 20:53:53 +0000 (21:53 +0100)]
Merge pull request #1097 from ArthurHoaro/fix/psr-elseif
PSR: use elseif instead of else if
VirtualTam [Fri, 2 Mar 2018 15:45:16 +0000 (16:45 +0100)]
Merge pull request #1098 from josqu4red/perms-docker-alpine-latest
Fix permission issue introduced with multi-stage build
Jonathan Amiez [Fri, 2 Mar 2018 14:05:48 +0000 (15:05 +0100)]
Fix permission issue introduced with multi-stage build
ArthurHoaro [Wed, 28 Feb 2018 21:34:40 +0000 (22:34 +0100)]
PSR: use elseif instead of else if
See https://www.php-fig.org/psr/psr-2/\#51-if-elseif-else
VirtualTam [Mon, 26 Feb 2018 22:20:05 +0000 (23:20 +0100)]
Merge pull request #1090 from virtualtam/fix/doxygen
Doxygen: ignore data/, simplify Make target
VirtualTam [Sat, 24 Feb 2018 12:36:55 +0000 (13:36 +0100)]
Merge pull request #1085 from virtualtam/docker/multi-stage
docker: introduce multi-stage image build (master, latest)
ArthurHoaro [Sat, 24 Feb 2018 12:29:11 +0000 (13:29 +0100)]
Merge pull request #1092 from ArthurHoaro/fix/scuttle-doctype-case
Ignore the case while checking DOCTYPE during the file import
ArthurHoaro [Sat, 24 Feb 2018 12:28:30 +0000 (13:28 +0100)]
Merge pull request #1062 from ArthurHoaro/feature/pages-title
Use a specific page title in all pages
ArthurHoaro [Wed, 24 Jan 2018 18:38:03 +0000 (19:38 +0100)]
Use a specific page title in all pages
Also fixed a few French translation issues
Fixes #954 #955
ArthurHoaro [Fri, 23 Feb 2018 19:34:06 +0000 (20:34 +0100)]
Ignore the case while checking DOCTYPE during the file import
Fixes #1091
VirtualTam [Thu, 22 Feb 2018 23:37:03 +0000 (00:37 +0100)]
Doxygen: ignore data/, simplify Make target
Signed-off-by: VirtualTam <virtualtam@flibidi.net>