--- /dev/null
+# Docker-ignore
+.dev
+.git
+.github
+tests
+
+# Shaarli runtime resources
+cache/*
+data/*
+pagecache/*
+tmp/*
+
+# Eclipse project files
+.settings
+.buildpath
+.project
+
+# Raintpl generated pages
+*.rtpl.php
+
+# 3rd-party dependencies
+vendor/
+
+# Release archives
+*.tar.gz
+*.zip
+inc/languages/*/LC_MESSAGES/shaarli.mo
+
+# Development and test resources
+coverage
+doxygen
+sandbox
+phpmd.html
+
+# User plugin configuration
+plugins/*/config.php
+
+# 3rd party themes
+tpl/*
+!tpl/default
+!tpl/vintage
+
+# Front end
+node_modules
+tpl/default/js
+tpl/default/css
+tpl/default/fonts
+tpl/default/img
+tpl/vintage/js
+tpl/vintage/css
+tpl/vintage/img
.travis.yml export-ignore
doc/**/*.json export-ignore
doc/**/*.md export-ignore
-docker/ export-ignore
+.docker/ export-ignore
+.dockerignore export-ignore
+Dockerfile* export-ignore
Doxyfile export-ignore
Makefile export-ignore
node_modules/ export-ignore
- 588 ArthurHoaro <arthur@hoa.ro>
- 283 VirtualTam <virtualtam@flibidi.net>
- 179 nodiscc <nodiscc@gmail.com>
+ 647 ArthurHoaro <arthur@hoa.ro>
+ 327 VirtualTam <virtualtam@flibidi.net>
+ 187 nodiscc <nodiscc@gmail.com>
56 Sébastien Sauvage <sebsauvage@sebsauvage.net>
15 Florian Eula <eula.florian@gmail.com>
13 Emilien Klein <emilien@klein.st>
8 Christophe HENRY <christophe.henry@sbgodin.fr>
6 B. van Berkum <dev@dotmpe.com>
5 Lucas Cimon <lucas.cimon@gmail.com>
+ 5 Mark Schmitz <kramred@gmail.com>
+ 5 kalvn <kalvnthereal@gmail.com>
4 Alexandre Alapetite <alexandre@alapetite.fr>
4 David Sferruzza <david.sferruzza@gmail.com>
4 Immánuel Fodor <immanuelfactor+github@gmail.com>
- 4 kalvn <kalvnthereal@gmail.com>
3 Teromene <teromene@teromene.fr>
2 Chris Kuethe <chris.kuethe@gmail.com>
2 Knah Tsaeb <Knah-Tsaeb@knah-tsaeb.org>
2 julienCXX <software@chmodplusx.eu>
2 philipp-r <philipp-r@users.noreply.github.com>
1 Adrien Oliva <adrien.oliva@yapbreak.fr>
+ 1 Alexandre G.-Raymond <alex@ndre.gr>
1 Alexis J <alexis@effingo.be>
+ 1 Angristan <angristan@users.noreply.github.com>
1 BoboTiG <bobotig@gmail.com>
1 Bronco <bronco@warriordudimanche.net>
+ 1 Buster One <37770318+buster-one@users.noreply.github.com>
1 D Low <daniellowtw@gmail.com>
1 Daniel Jakots <vigdis@chown.me>
+ 1 Dennis Verspuij <dennisverspuij@users.noreply.github.com>
1 Dimtion <zizou.xena@gmail.com>
1 Fanch <fanch-github@qth.fr>
1 Felix Bartels <felix@host-consultants.de>
1 Franck Kerbiriou <FranckKe@users.noreply.github.com>
1 Gary Marigliano <gmarigliano93@gmail.com>
1 Guillaume Virlet <github@virlet.org>
+ 1 Jonathan Amiez <jonathan.amiez@gmail.com>
1 Jonathan Druart <jonathan.druart@gmail.com>
1 Julien Pivotto <roidelapluie@inuits.eu>
1 Kevin Canévet <kevin@streamroot.io>
and this project adheres to [Semantic Versioning](http://semver.org/).
## [v0.10.0](https://github.com/shaarli/Shaarli/releases/tag/v0.10.0) - UNPUBLISHED
+**PHP 5.5 compatibility has been dropped.** Shaarli now requires at least PHP 5.6.
+
+### Added
+- Add a filter to display public links only
+- Add PHP 7.2 support
+- Add German translation
+- Resolve front-end dependencies from NPM
+- Build front-end bundles with Yarn and Webpack
+- Lint Javascript code with ESLint
+- Lint SASS code with SASSLint
+- Support redirection in cURL download callback
+- Introduce multi-stage builds for Docker images
+- Use Travis matrix and stages to run Javascript tests in a dedicated environment
+
+### Changed
+- Use a specific page title in all pages
+- Daily: run hooks before creating the columns
+- Load theme translations files automatically
+- Make max download size and timeout configurable
+- Make Nginx logs accessible as stdout/stderr for Docker images
+- Update buttons used to toggle link visibility filters
+- Rewrite Javascript code for ES6 compliance
+- Refactor IP ban management
+- Refactor user login management
+- Refactor server-side session management
+- Update Doxygen configuration
+- Update Parsedown
+
+### Removed
+- Drop support for PHP 5.5
+- Remove vendored front-end libraries
+- Remove environment specific .gitignore entries
+
+### Fixed
+- Ignore the case while checking DOCTYPE during the file import
+- Fix removal of on=... attributes from html generated from Markdown
+- httpd: always forward the 'Authorization' header
+- Ensure user-specific CSS file is loaded
+- Fix feed permalink rendering when Markdown escaping is enabled
+- Fix order of tags with the same number of occurrences
+
+### Security
+- Update `.htaccess` to prevent accessing Git metadata when using a Git-based installation
+
+
+## [v0.9.7](https://github.com/shaarli/Shaarli/releases/tag/v0.9.7) - 2018-06-20
+### Changed
+- Build the Docker images from the local Git sources
## [v0.9.6](https://github.com/shaarli/Shaarli/releases/tag/v0.9.6) - 2018-03-25
-## Changed
+### Changed
- htaccess: prevent accessing resources not managed by SCM
- htaccess: always forward the 'Authorization' HTTP header
- Markdown plugin: escape HTML entities by default
+## [v0.8.7](https://github.com/shaarli/Shaarli/releases/tag/v0.8.7) - 2018-06-20
+### Changed
+- Build the Docker image from the local Git sources
+
+### Removed
+- Disable PHP 5.3 Travis build (unsupported)
+
+
+## [v0.8.6](https://github.com/shaarli/Shaarli/releases/tag/v0.8.6) - 2018-02-19
+### Changed
+- Run version check tests against the 'stable' branch
+
+
## [v0.8.5](https://github.com/shaarli/Shaarli/releases/tag/v0.8.5) - 2018-01-04
**XSS vulnerability fixed. Please update.**
# Stage 1:
-# - Get Shaarli sources
+# - Copy Shaarli sources
+# - Build documentation
+FROM python:3-alpine as docs
+ADD . /usr/src/app/shaarli
+RUN cd /usr/src/app/shaarli \
+ && pip install --no-cache-dir mkdocs \
+ && mkdocs build
+
+# Stage 2:
# - Resolve PHP dependencies with Composer
FROM composer:latest as composer
-RUN curl -L https://github.com/shaarli/Shaarli/archive/master.tar.gz | tar xzf - \
- && mv Shaarli-master shaarli \
- && cd shaarli \
+COPY --from=docs /usr/src/app/shaarli /app/shaarli
+RUN cd shaarli \
&& composer --prefer-dist --no-dev install
-# Stage 2:
+# Stage 3:
# - Frontend dependencies
FROM node:9.9-alpine as node
COPY --from=composer /app/shaarli shaarli
&& yarn run build \
&& rm -rf node_modules
-# Stage 3:
+# Stage 4:
# - Shaarli image
FROM alpine:3.6
LABEL maintainer="Shaarli Community"
php7-zlib \
s6
-COPY nginx.conf /etc/nginx/nginx.conf
-COPY php-fpm.conf /etc/php7/php-fpm.conf
-COPY services.d /etc/services.d
+COPY .docker/nginx.conf /etc/nginx/nginx.conf
+COPY .docker/php-fpm.conf /etc/php7/php-fpm.conf
+COPY .docker/services.d /etc/services.d
RUN rm -rf /etc/php7/php-fpm.d/www.conf \
&& sed -i 's/post_max_size.*/post_max_size = 10M/' /etc/php7/php.ini \
FROM lsiobase/alpine.armhf:3.6
-MAINTAINER Shaarli Community
+LABEL maintainer="Shaarli Community"
RUN apk --update --no-cache add \
ca-certificates \
php7-zlib \
s6
-COPY nginx.conf /etc/nginx/nginx.conf
-COPY php-fpm.conf /etc/php7/php-fpm.conf
-COPY services.d /etc/services.d
+COPY .docker/nginx.conf /etc/nginx/nginx.conf
+COPY .docker/php-fpm.conf /etc/php7/php-fpm.conf
+COPY .docker/services.d /etc/services.d
RUN curl -sS https://getcomposer.org/installer | php7 -- --install-dir=/usr/local/bin --filename=composer \
&& rm -rf /etc/php7/php-fpm.d/www.conf \
_Shaarli is a minimalist link sharing service that you can install on your own server._
_It is designed to be personal (single-user), fast and handy._
-[![](https://img.shields.io/badge/stable-v0.8.6-blue.svg)](https://github.com/shaarli/Shaarli/releases/tag/v0.8.6)
+[![](https://img.shields.io/badge/stable-v0.8.7-blue.svg)](https://github.com/shaarli/Shaarli/releases/tag/v0.8.7)
[![](https://img.shields.io/travis/shaarli/Shaarli/stable.svg?label=stable)](https://travis-ci.org/shaarli/Shaarli)
•
-[![](https://img.shields.io/badge/latest-v0.9.6-blue.svg)](https://github.com/shaarli/Shaarli/releases/tag/v0.9.6)
+[![](https://img.shields.io/badge/latest-v0.9.7-blue.svg)](https://github.com/shaarli/Shaarli/releases/tag/v0.9.7)
[![](https://img.shields.io/travis/shaarli/Shaarli/latest.svg?label=latest)](https://travis-ci.org/shaarli/Shaarli)
•
[![](https://img.shields.io/badge/master-v0.10.x-blue.svg)](https://github.com/shaarli/Shaarli)
In most cases, you should download the latest Shaarli release from the [releases](https://github.com/shaarli/Shaarli/releases) page. Download our **shaarli-full** archive to include dependencies.
-The current latest released version is `v0.9.6`
+The current latest released version is `v0.9.7`
```bash
-$ wget https://github.com/shaarli/Shaarli/releases/download/v0.9.6/shaarli-v0.9.6-full.zip
-$ unzip shaarli-v0.9.6-full.zip
+$ wget https://github.com/shaarli/Shaarli/releases/download/v0.9.7/shaarli-v0.9.7-full.zip
+$ unzip shaarli-v0.9.7-full.zip
$ mv Shaarli /path/to/shaarli/
```
_Use at your own risk!_
Install [Composer](Unit-tests.md#install_composer) to manage Shaarli PHP dependencies,
-and [yarn](https://yarnpkg.com/lang/en/docs/install/)
+and [yarn](https://yarnpkg.com/lang/en/docs/install/)
for front-end dependencies.
To get the latest changes from the `master` branch:
### Docker test images
-Test Dockerfiles are located under `docker/tests/<distribution>/Dockerfile`,
+Test Dockerfiles are located under `tests/docker/<distribution>/Dockerfile`,
and can be used to build Docker images to run Shaarli test suites under common
Linux environments.
- test PHP dependencies (OS packages)
- Composer
- the local workspace is mapped to the container's `/shaarli/` directory,
-- the files are rsync'd to so tests are run using a standard Linux user account
+- the files are rsync'd so tests are run using a standard Linux user account
(running tests as `root` would bypass permission checks and may hide issues)
- the tests are run inside the container.
```bash
# build the Debian 9 Docker image
$ cd /path/to/shaarli
-$ cd docker/test/debian9
+$ cd tests/docker/debian9
$ docker build -t shaarli-test:debian9 .
```
repository.
### Available image tags
-- `latest`: latest branch (tarball release)
-- `master`: master branch (tarball release)
-- `stable`: stable branch (tarball release)
+- `latest`: latest branch
+- `master`: master branch
+- `stable`: stable branch
The `latest` and `master` images rely on:
- [PHP5-FPM](http://php-fpm.org/)
- [Nginx](http://nginx.org/)
-Additional [Dockerfiles](https://github.com/shaarli/Shaarli/tree/master/docker) are provided for the `arm32v7` platform, relying on [Linuxserver.io Alpine armhf images](https://hub.docker.com/r/lsiobase/alpine.armhf/). These images must be built using [`docker build`](https://docs.docker.com/engine/reference/commandline/build/) on an `arm32v7` machine or using an emulator such as [qemu](https://resin.io/blog/building-arm-containers-on-any-x86-machine-even-dockerhub/).
+Additional Dockerfiles are provided for the `arm32v7` platform, relying on
+[Linuxserver.io Alpine armhf
+images](https://hub.docker.com/r/lsiobase/alpine.armhf/). These images must be
+built using [`docker
+build`](https://docs.docker.com/engine/reference/commandline/build/) on an
+`arm32v7` machine or using an emulator such as
+[qemu](https://resin.io/blog/building-arm-containers-on-any-x86-machine-even-dockerhub/).
### Download from DockerHub
```bash
+++ /dev/null
-FROM lsiobase/alpine.armhf:3.6
-MAINTAINER Shaarli Community
-
-RUN apk --update --no-cache add \
- ca-certificates \
- curl \
- nginx \
- php7 \
- php7-ctype \
- php7-curl \
- php7-fpm \
- php7-gd \
- php7-iconv \
- php7-intl \
- php7-json \
- php7-mbstring \
- php7-openssl \
- php7-phar \
- php7-session \
- php7-xml \
- php7-zlib \
- s6
-
-COPY nginx.conf /etc/nginx/nginx.conf
-COPY php-fpm.conf /etc/php7/php-fpm.conf
-COPY services.d /etc/services.d
-
-RUN curl -sS https://getcomposer.org/installer | php7 -- --install-dir=/usr/local/bin --filename=composer \
- && rm -rf /etc/php7/php-fpm.d/www.conf \
- && sed -i 's/post_max_size.*/post_max_size = 10M/' /etc/php7/php.ini \
- && sed -i 's/upload_max_filesize.*/upload_max_filesize = 10M/' /etc/php7/php.ini
-
-
-WORKDIR /var/www
-RUN curl -L https://github.com/shaarli/Shaarli/archive/latest.tar.gz | tar xzf - \
- && mv Shaarli-latest shaarli \
- && cd shaarli \
- && composer --prefer-dist --no-dev install \
- && rm -rf ~/.composer \
- && chown -R nginx:nginx . \
- && ln -sf /dev/stdout /var/log/nginx/shaarli.access.log \
- && ln -sf /dev/stderr /var/log/nginx/shaarli.error.log
-
-VOLUME /var/www/shaarli/data
-
-EXPOSE 80
-
-ENTRYPOINT ["/bin/s6-svscan", "/etc/services.d"]
-CMD []
+++ /dev/null
-# Stage 1:
-# - Get Shaarli sources
-# - Resolve PHP dependencies with Composer
-FROM composer:latest as composer
-RUN curl -L https://github.com/shaarli/Shaarli/archive/latest.tar.gz | tar xzf - \
- && mv Shaarli-latest shaarli \
- && cd shaarli \
- && composer --prefer-dist --no-dev install
-
-# Stage 2:
-# - Shaarli image
-FROM alpine:3.6
-LABEL maintainer="Shaarli Community"
-
-RUN apk --update --no-cache add \
- ca-certificates \
- nginx \
- php7 \
- php7-ctype \
- php7-curl \
- php7-fpm \
- php7-gd \
- php7-iconv \
- php7-intl \
- php7-json \
- php7-mbstring \
- php7-openssl \
- php7-session \
- php7-xml \
- php7-zlib \
- s6
-
-COPY nginx.conf /etc/nginx/nginx.conf
-COPY php-fpm.conf /etc/php7/php-fpm.conf
-COPY services.d /etc/services.d
-
-RUN rm -rf /etc/php7/php-fpm.d/www.conf \
- && sed -i 's/post_max_size.*/post_max_size = 10M/' /etc/php7/php.ini \
- && sed -i 's/upload_max_filesize.*/upload_max_filesize = 10M/' /etc/php7/php.ini
-
-
-WORKDIR /var/www
-COPY --from=composer /app/shaarli shaarli
-
-RUN chown -R nginx:nginx . \
- && ln -sf /dev/stdout /var/log/nginx/shaarli.access.log \
- && ln -sf /dev/stderr /var/log/nginx/shaarli.error.log
-
-VOLUME /var/www/shaarli/data
-
-EXPOSE 80
-
-ENTRYPOINT ["/bin/s6-svscan", "/etc/services.d"]
-CMD []
+++ /dev/null
-## Alpine images
-- [Alpine Linux](https://www.alpinelinux.org/)
-- [PHP-FPM](http://php-fpm.org/)
-- [Nginx](http://nginx.org/)
-
-### `shaarli/shaarli:latest`
-- [Shaarli](https://github.com/shaarli/Shaarli), `latest` branch
-
-### `shaarli/shaarli:master`
-- [Shaarli](https://github.com/shaarli/Shaarli), `master` branch
+++ /dev/null
-FROM debian:jessie
-MAINTAINER Shaarli Community
-
-ENV TERM dumb
-RUN apt-get update \
- && apt-get install --no-install-recommends -y \
- ca-certificates \
- curl \
- nginx-light \
- php5-curl \
- php5-fpm \
- php5-gd \
- php5-intl \
- supervisor \
- && apt-get clean
-
-RUN sed -i 's/post_max_size.*/post_max_size = 10M/' /etc/php5/fpm/php.ini
-RUN sed -i 's/upload_max_filesize.*/upload_max_filesize = 10M/' /etc/php5/fpm/php.ini
-COPY nginx.conf /etc/nginx/nginx.conf
-COPY supervised.conf /etc/supervisor/conf.d/supervised.conf
-
-ADD https://getcomposer.org/composer.phar /usr/local/bin/composer
-RUN chmod 755 /usr/local/bin/composer
-
-WORKDIR /var/www
-RUN curl -L https://github.com/shaarli/Shaarli/archive/stable.tar.gz | tar xzf - \
- && mv Shaarli-stable shaarli \
- && cd shaarli \
- && composer --prefer-dist --no-dev install
-RUN rm -rf html \
- && chown -R www-data:www-data .
-
-VOLUME /var/www/shaarli/data
-
-EXPOSE 80
-
-CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisor/supervisord.conf"]
+++ /dev/null
-## shaarli:stable
-- [Debian 8 Jessie](https://hub.docker.com/_/debian/)
-- [PHP5-FPM](http://php-fpm.org/)
-- [Nginx](http://nginx.org/)
-- [Shaarli (stable)](https://github.com/shaarli/Shaarli/tree/stable)
+++ /dev/null
-user www-data www-data;
-daemon off;
-worker_processes 4;
-
-events {
- worker_connections 768;
-}
-
-http {
- include mime.types;
- default_type application/octet-stream;
- keepalive_timeout 20;
-
- client_max_body_size 10m;
-
- index index.html index.php;
-
- server {
- listen 80;
- root /var/www/shaarli;
-
- access_log /var/log/nginx/shaarli.access.log;
- error_log /var/log/nginx/shaarli.error.log;
-
- location ~ /\. {
- # deny access to dotfiles
- access_log off;
- log_not_found off;
- deny all;
- }
-
- location ~ ~$ {
- # deny access to temp editor files, e.g. "script.php~"
- access_log off;
- log_not_found off;
- deny all;
- }
-
- location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
- # cache static assets
- expires max;
- add_header Pragma public;
- add_header Cache-Control "public, must-revalidate, proxy-revalidate";
- }
-
- location = /favicon.ico {
- # serve the Shaarli favicon from its custom location
- alias /var/www/shaarli/images/favicon.ico;
- }
-
- location / {
- # Slim - rewrite URLs
- try_files $uri /index.php$is_args$args;
- }
-
- location ~ (index)\.php$ {
- # Slim - split URL path into (script_filename, path_info)
- try_files $uri =404;
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
-
- # filter and proxy PHP requests to PHP-FPM
- fastcgi_pass unix:/var/run/php5-fpm.sock;
- fastcgi_index index.php;
- include fastcgi.conf;
- }
-
- location ~ \.php$ {
- # deny access to all other PHP scripts
- deny all;
- }
- }
-}
+++ /dev/null
-[program:php5-fpm]
-command=/usr/sbin/php5-fpm -F
-priority=5
-autostart=true
-autorestart=true
-
-[program:nginx]
-command=/usr/sbin/nginx
-priority=10
-autostart=true
-autorestart=true
-stdout_events_enabled=true
-stderr_events_enabled=true