- Plugins:
- Add an [Isso](https://posativ.org/isso/) plugin to enable user comments on permalinks
- Allow defining init functions, e.g. for performing checks and error processing
+ - Add a Piwik plugin for analytics.
+ - Markdown: add warning notice regarding HTML rendering
+- Meta tag to *not* send the referrer to external resources.
### Changed
- Cleanup `{loop}` declarations in templates
- Release archives now have the same structure as GitHub-generated archives:
- archives contain a `Shaarli` directory, itself containing sources + dependencies
- the tarball is now gzipped
+- Plugins:
+ - Markdown: Parsedown library is now imported through Composer
- Minor code cleanup: PHPDoc, spelling, unused variables, etc.
+- Docker: explicitly set the maximum file upload size to 10 MiB
+- Tools: hide Firefox Social button when not in HTTPS
+- Firefox Social: show Shaarli's title when shaaring using Firefox Social
### Fixed
- Fix the server `<self>` value in Atom/RSS feeds
- Plugins:
- Tools: only display parameter description when it exists
- archive.org: do not propose archival of private notes
+ - Markdown:
+ - render links properly in code blocks
+ - bug regarding the `nomarkdown` tag
+ - W3C compliance
- Use absolute URL for hashtags in RSS and ATOM feeds
+- Docker: specify the location of the favicon
### Security
- Allow whitelisting trusted IPs, else continue banning clients upon login failure
-Allow from none
-Deny from all
+<IfModule version_module>
+ <IfVersion >= 2.4>
+ Require all denied
+ </IfVersion>
+ <IfVersion < 2.4>
+ Allow from none
+ Deny from all
+ </IfVersion>
+</IfModule>
+
+<IfModule !version_module>
+ Require all denied
+</IfModule>
-Allow from none
-Deny from all
+<IfModule version_module>
+ <IfVersion >= 2.4>
+ Require all denied
+ </IfVersion>
+ <IfVersion < 2.4>
+ Allow from none
+ Deny from all
+ </IfVersion>
+</IfModule>
+
+<IfModule !version_module>
+ Require all denied
+</IfModule>
-Allow from none
-Deny from all
+<IfModule version_module>
+ <IfVersion >= 2.4>
+ Require all denied
+ </IfVersion>
+ <IfVersion < 2.4>
+ Allow from none
+ Deny from all
+ </IfVersion>
+</IfModule>
+
+<IfModule !version_module>
+ Require all denied
+</IfModule>
-Allow from none
-Deny from all
+<IfModule version_module>
+ <IfVersion >= 2.4>
+ Require all denied
+ </IfVersion>
+ <IfVersion < 2.4>
+ Allow from none
+ Deny from all
+ </IfVersion>
+</IfModule>
+
+<IfModule !version_module>
+ Require all denied
+</IfModule>
nano \
&& apt-get clean
+RUN sed -i 's/post_max_size.*/post_max_size = 10M/' /etc/php5/fpm/php.ini
+RUN sed -i 's/upload_max_filesize.*/upload_max_filesize = 10M/' /etc/php5/fpm/php.ini
COPY nginx.conf /etc/nginx/nginx.conf
COPY supervised.conf /etc/supervisor/conf.d/supervised.conf
default_type application/octet-stream;
keepalive_timeout 20;
+ client_max_body_size 10m;
+
index index.html index.php;
server {
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
+ location = /favicon.ico {
+ # serve the Shaarli favicon from its custom location
+ alias /var/www/shaarli/images/favicon.ico;
+ }
+
location ~ (index)\.php$ {
# filter and proxy PHP requests to PHP-FPM
fastcgi_pass unix:/var/run/php5-fpm.sock;
supervisor \
&& apt-get clean
+RUN sed -i 's/post_max_size.*/post_max_size = 10M/' /etc/php5/fpm/php.ini
+RUN sed -i 's/upload_max_filesize.*/upload_max_filesize = 10M/' /etc/php5/fpm/php.ini
COPY nginx.conf /etc/nginx/nginx.conf
COPY supervised.conf /etc/supervisor/conf.d/supervised.conf
default_type application/octet-stream;
keepalive_timeout 20;
+ client_max_body_size 10m;
+
index index.html index.php;
server {
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
+ location = /favicon.ico {
+ # serve the Shaarli favicon from its custom location
+ alias /var/www/shaarli/images/favicon.ico;
+ }
+
location ~ (index)\.php$ {
# filter and proxy PHP requests to PHP-FPM
fastcgi_pass unix:/var/run/php5-fpm.sock;
supervisor \
&& apt-get clean
+RUN sed -i 's/post_max_size.*/post_max_size = 10M/' /etc/php5/fpm/php.ini
+RUN sed -i 's/upload_max_filesize.*/upload_max_filesize = 10M/' /etc/php5/fpm/php.ini
COPY nginx.conf /etc/nginx/nginx.conf
COPY supervised.conf /etc/supervisor/conf.d/supervised.conf
default_type application/octet-stream;
keepalive_timeout 20;
+ client_max_body_size 10m;
+
index index.html index.php;
server {
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
+ location = /favicon.ico {
+ # serve the Shaarli favicon from its custom location
+ alias /var/www/shaarli/images/favicon.ico;
+ }
+
location ~ (index)\.php$ {
# filter and proxy PHP requests to PHP-FPM
fastcgi_pass unix:/var/run/php5-fpm.sock;
font-style: italic;
}
+strong {
+ font-weight: bold;
+}
+
/* Buttons */
.bigbutton {
background-color: #c0c0c0;
}
#pluginsadmin a {
+ color: #486D08;
+}
+
+#pluginsadmin a.arrow {
color: black;
}
+
/* 404 page */
.error-container {
{
$data = array(
'pageabsaddr' => index_url($_SERVER),
+ 'sslenabled' => !empty($_SERVER['HTTPS'])
);
$pluginManager->executeHooks('render_tools', $data);
-Allow from none
-Deny from all
+<IfModule version_module>
+ <IfVersion >= 2.4>
+ Require all denied
+ </IfVersion>
+ <IfVersion < 2.4>
+ Allow from none
+ Deny from all
+ </IfVersion>
+</IfModule>
+
+<IfModule !version_module>
+ Require all denied
+</IfModule>
-<span><a href="https://web.archive.org/web/%s"><img class="linklist-plugin-icon" src="plugins/archiveorg/internetarchive.png" title="View on archive.org" /></a></span>
+<span><a href="https://web.archive.org/web/%s"><img class="linklist-plugin-icon" src="plugins/archiveorg/internetarchive.png" title="View on archive.org" alt="archive.org" /></a></span>
|--- markdown.css
|--- markdown.meta
|--- markdown.php
- |--- Parsedown.php
|--- README.md
```
To enable the plugin, just check it in the plugin administration page.
-You can also add `markdown` to your list of enabled plugins in `data/config.php`
-(`ENABLED_PLUGINS` array).
+You can also add `markdown` to your list of enabled plugins in `data/config.json.php`
+(`general.enabled_plugins` list).
This should look like:
```
-$GLOBALS['config']['ENABLED_PLUGINS'] = array('qrcode', 'any_other_plugin', 'markdown')
+"general": {
+ "enabled_plugins": [
+ "markdown",
+ [...]
+ ],
+}
```
+Parsedown parsing library is imported using Composer. If you installed Shaarli using `git`,
+or the `master` branch, run
+
+ composer update --no-dev --prefer-dist
+
### No Markdown tag
-If the tag `.nomarkdown` is set for a shaare, it won't be converted to Markdown syntax.
+If the tag `nomarkdown` is set for a shaare, it won't be converted to Markdown syntax.
-> Note: it's a private tag (leading dot), so it won't be displayed to visitors.
+> Note: this is a special tag, so it won't be displayed in link list.
+
+### HTML rendering
+
+Markdown support HTML tags. For example:
+
+ > <strong>strong</strong><strike>strike</strike>
+
+Will render as:
+
+> <strong>strong</strong><strike>strike</strike>
+
+If you want to shaare HTML code, it is necessary to use inline code or code blocks.
+
+**If your shaared descriptions containing HTML tags before enabling the markdown plugin,
+enabling it might break your page.**
+
+> Note: HTML tags such as script, iframe, etc. are disabled for security reasons.
### Known issue
-description="Render shaare description with Markdown syntax."
+description="Render shaare description with Markdown syntax.<br><strong>Warning</strong>:
+If your shaared descriptions containing HTML tags before enabling the markdown plugin,
+enabling it might break your page.
+See the <a href=\"https://github.com/shaarli/Shaarli/tree/master/plugins/markdown#html-rendering\">README</a>."
{
foreach ($data['links'] as &$value) {
if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
- $value['taglist'] = stripNoMarkdownTag($value['taglist']);
+ $value = stripNoMarkdownTag($value);
continue;
}
$value['description'] = process_markdown($value['description']);
{
foreach ($data['links'] as &$value) {
if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
- $value['tags'] = stripNoMarkdownTag($value['tags']);
+ $value = stripNoMarkdownTag($value);
continue;
}
$value['description'] = process_markdown($value['description']);
foreach ($data['cols'] as &$value) {
foreach ($value as &$value2) {
if (!empty($value2['tags']) && noMarkdownTag($value2['tags'])) {
+ $value2 = stripNoMarkdownTag($value2);
continue;
}
$value2['formatedDescription'] = process_markdown($value2['formatedDescription']);
*/
function noMarkdownTag($tags)
{
- return strpos($tags, NO_MD_TAG) !== false;
+ return preg_match('/(^|\s)'. NO_MD_TAG .'(\s|$)/', $tags);
}
/**
* Remove the no-markdown meta tag so it won't be displayed.
*
- * @param string $tags Tag list.
+ * @param array $link Link data.
*
- * @return string tag list without no markdown tag.
+ * @return array Updated link without no markdown tag.
*/
-function stripNoMarkdownTag($tags)
+function stripNoMarkdownTag($link)
{
- unset($tags[array_search(NO_MD_TAG, $tags)]);
- return array_values($tags);
+ if (! empty($link['taglist'])) {
+ $offset = array_search(NO_MD_TAG, $link['taglist']);
+ if ($offset !== false) {
+ unset($link['taglist'][$offset]);
+ }
+ }
+
+ if (!empty($link['tags'])) {
+ str_replace(NO_MD_TAG, '', $link['tags']);
+ }
+
+ return $link;
}
/**
<div class="linkqrcode">
<a href="http://qrfree.kaywa.com/?l=1&s=8&d=%s" onclick="showQrCode(this); return false;" class="qrcode" data-permalink="%s">
- <img src="%s/qrcode/qrcode.png" class="linklist-plugin-icon" title="QR-Code">
+ <img src="%s/qrcode/qrcode.png" class="linklist-plugin-icon" title="QR-Code" alt="QRCode">
</a>
</div>
-<span><a href="%s?url=%s"><img class="linklist-plugin-icon" src="%s/readityourself/book-open.png" title="Read with Readityourself" /></a></span>
+<span><a href="%s?url=%s"><img class="linklist-plugin-icon" src="%s/readityourself/book-open.png" title="Read with Readityourself" alt="readityourself" /></a></span>
-<span><a href="%s%s" target="_blank"><img class="linklist-plugin-icon" src="%s/wallabag/wallabag.png" title="Save to wallabag" /></a></span>
+<span><a href="%s%s" target="_blank"><img class="linklist-plugin-icon" src="%s/wallabag/wallabag.png" title="Save to wallabag" alt="wallabag" /></a></span>
-Allow from none
-Deny from all
+<IfModule version_module>
+ <IfVersion >= 2.4>
+ Require all denied
+ </IfVersion>
+ <IfVersion < 2.4>
+ Allow from none
+ Deny from all
+ </IfVersion>
+</IfModule>
+
+<IfModule !version_module>
+ Require all denied
+</IfModule>
require_once 'plugins/markdown/markdown.php';
/**
- * Class PlugQrcodeTest
- * Unit test for the QR-Code plugin
+ * Class PluginMarkdownTest
+ * Unit test for the Markdown plugin
*/
class PluginMarkdownTest extends PHPUnit_Framework_TestCase
{
))
);
- $data = hook_markdown_render_linklist($data);
- $this->assertEquals($str, $data['links'][0]['description']);
+ $processed = hook_markdown_render_linklist($data);
+ $this->assertEquals($str, $processed['links'][0]['description']);
+
+ $processed = hook_markdown_render_feed($data);
+ $this->assertEquals($str, $processed['links'][0]['description']);
$data = array(
// Columns data
$this->assertEquals($str, $data['cols'][0][0]['formatedDescription']);
}
+ /**
+ * Test that a close value to nomarkdown is not understand as nomarkdown (previous value `.nomarkdown`).
+ */
+ function testNoMarkdownNotExcactlyMatching()
+ {
+ $str = 'All _work_ and `no play` makes Jack a *dull* boy.';
+ $data = array(
+ 'links' => array(array(
+ 'description' => $str,
+ 'tags' => '.' . NO_MD_TAG,
+ 'taglist' => array('.'. NO_MD_TAG),
+ ))
+ );
+
+ $data = hook_markdown_render_feed($data);
+ $this->assertContains('<em>', $data['links'][0]['description']);
+ }
+
/**
* Test hashtag links processed with markdown.
*/
-Allow from none
-Deny from all
+<IfModule version_module>
+ <IfVersion >= 2.4>
+ Require all denied
+ </IfVersion>
+ <IfVersion < 2.4>
+ Allow from none
+ Deny from all
+ </IfVersion>
+</IfModule>
+
+<IfModule !version_module>
+ Require all denied
+</IfModule>
{elseif="$link.description==''"}onload="document.linkform.lf_description.focus();"
{else}onload="document.linkform.lf_tags.focus();"{/if} >
<div id="pageheader">
- {if="$source !== 'firefoxsocialapi'"}
- {include="page.header"}
- {/if}
- <div id="editlinkform">
- <form method="post" name="linkform">
- <input type="hidden" name="lf_linkdate" value="{$link.linkdate}">
- <label for="lf_url"><i>URL</i></label><br><input type="text" name="lf_url" id="lf_url" value="{$link.url}" class="lf_input"><br>
+ {if="$source !== 'firefoxsocialapi'"}
+ {include="page.header"}
+ {else}
+ <div id="shaarli_title"><a href="{$titleLink}">{$shaarlititle}</a></div>
+ {/if}
+ <div id="editlinkform">
+ <form method="post" name="linkform">
+ <input type="hidden" name="lf_linkdate" value="{$link.linkdate}">
+ <label for="lf_url"><i>URL</i></label><br><input type="text" name="lf_url" id="lf_url" value="{$link.url}" class="lf_input"><br>
<label for="lf_title"><i>Title</i></label><br><input type="text" name="lf_title" id="lf_title" value="{$link.title}" class="lf_input"><br>
<label for="lf_description"><i>Description</i></label><br><textarea name="lf_description" id="lf_description" rows="4" cols="25">{$link.description}</textarea><br>
<label for="lf_tags"><i>Tags</i></label><br>
{$value}
{/loop}
- {if="($link_is_new && $default_private_links) || $link.private == true"}
+ {if="($link_is_new && $default_private_links) || $link.private == true"}
<input type="checkbox" checked="checked" name="lf_private" id="lf_private">
<label for="lf_private"><i>Private</i></label><br>
{else}
<input type="checkbox" name="lf_private" id="lf_private">
<label for="lf_private"><i>Private</i></label><br>
{/if}
- <input type="submit" value="Save" name="save_edit" class="bigbutton">
- <input type="submit" value="Cancel" name="cancel_edit" class="bigbutton">
- {if="!$link_is_new"}<input type="submit" value="Delete" name="delete_link" class="bigbutton delete" onClick="return confirmDeleteLink();">{/if}
- <input type="hidden" name="token" value="{$token}">
- {if="$http_referer"}<input type="hidden" name="returnurl" value="{$http_referer}">{/if}
- </form>
- </div>
+ <input type="submit" value="Save" name="save_edit" class="bigbutton">
+ <input type="submit" value="Cancel" name="cancel_edit" class="bigbutton">
+ {if="!$link_is_new"}<input type="submit" value="Delete" name="delete_link" class="bigbutton delete" onClick="return confirmDeleteLink();">{/if}
+ <input type="hidden" name="token" value="{$token}">
+ {if="$http_referer"}<input type="hidden" name="returnurl" value="{$http_referer}">{/if}
+ </form>
+ </div>
</div>
{if="$source !== 'firefoxsocialapi'"}
{include="page.footer"}
<published>{$value.pub_iso_date}</published>
<updated>{$value.up_iso_date}</updated>
{/if}
- <content type="html" xml:lang="{$language}">
- <![CDATA[{$value.description}]]>
- </content>
+ <content type="html" xml:lang="{$language}"><![CDATA[{$value.description}]]></content>
{loop="$value.taglist"}
<category scheme="{$index_url}?searchtags=" term="{$value|strtolower}" label="{$value}" />
{/loop}
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="format-detection" content="telephone=no" />
<meta name="viewport" content="width=device-width,initial-scale=1.0" />
+<meta name="referrer" content="same-origin">
<link rel="alternate" type="application/rss+xml" href="{$feedurl}?do=rss{$searchcrits}#" title="RSS Feed" />
<link rel="alternate" type="application/atom+xml" href="{$feedurl}?do=atom{$searchcrits}#" title="ATOM Feed" />
<link href="images/favicon.ico#" rel="shortcut icon" type="image/x-icon" />
{loop="$plugins_includes.css_files"}
<link type="text/css" rel="stylesheet" href="{$value}#"/>
{/loop}
-<link rel="search" type="application/opensearchdescription+xml" href="?do=opensearch#" title="Shaarli search - {$shaarlititle|htmlspecialchars}"/>
\ No newline at end of file
+<link rel="search" type="application/opensearchdescription+xml" href="?do=opensearch#" title="Shaarli search - {$shaarlititle|htmlspecialchars}"/>
<tr data-line="{$key}" data-order="{$counter}">
<td class="center"><input type="checkbox" name="{$key}" id="{$key}" checked="checked"></td>
<td class="center">
- <a href="#"
+ <a href="#" class="arrow"
onclick="return orderUp(this.parentNode.parentNode.getAttribute('data-order'));">
▲
</a>
- <a href="#"
+ <a href="#" class="arrow"
onclick="return orderDown(this.parentNode.parentNode.getAttribute('data-order'));">
▼
</a>
Then click "✚Add Note" button anytime to start composing a private Note (text post) to your Shaarli.
</span>
</a><br><br>
+
+ {if="$sslenabled"}
<a class="smallbutton" onclick="activateFirefoxSocial(this)">
<b>✚Add to Firefox social</b>
</a>
<a href="#">
<span>⇐ Click on this button to add Shaarli to the "Share this page" button in Firefox.</span>
</a><br><br>
+ {/if}
{loop="$tools_plugin"}
{$value}
<div class="clear"></div>
<script>
+ {if="$sslenabled"}
function activateFirefoxSocial(node) {
var loc = location.href;
var baseURL = loc.substring(0, loc.lastIndexOf("/"));
var activate = new CustomEvent("ActivateSocialFeature");
node.dispatchEvent(activate);
}
-
+ {/if}
function alertBookmarklet() {
alert('Drag this link to your bookmarks toolbar, or right-click it and choose Bookmark This Link...');
return false;