Merge pull request #944 from thewilli/configure-rememberme

new setting: default value for 'remember me' checkbox

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4b018cb48cfca3795cfbb83d057d5d8a264892da..60262d564d3983084a96f823a241e64f49d80a8c 100644 (file)
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -61,7 +61,7 @@ The documentation has been migrated to ReadTheDocs:
 This release introduces the REST API, and requires updating HTTP server
 configuration to enable URL rewriting, see:
 - https://shaarli.github.io/api-documentation/
-- https://github.com/shaarli/Shaarli/wiki/Server-configuration
+- https://shaarli.readthedocs.io/en/master/Server-configuration/
 
 **WARNING**: Shaarli now requires PHP 5.5+.
 

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index bb82951d61abc12b9bbbc4d1eaf28d55e597303b..03564fd2289fec6157b1bc6bda19a06be4acd27b 100644 (file)
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -54,7 +54,7 @@ Please report any problem you might find.
  * starting from branch ` master`, switch to a new branch (eg. `git checkout -b my-awesome-feature`)
  * edit the required files (from the Github web interface or your text editor)
  * add and commit your changes with a meaningful commit message (eg `Cool new feature, fixes issue #1001`)
- * run unit tests against your patched version, see [Running unit tests](https://github.com/shaarli/Shaarli/wiki/Running-unit-tests)
+ * run unit tests against your patched version, see [Running unit tests](https://shaarli.readthedocs.io/en/master/Unit-tests/#run-unit-tests)
  * Open your fork in the Github web interface and click the "Compare and Pull Request" button, enter required info and submit your Pull Request.
 
 All changes you will do on the `my-awesome-feature`  in the future will be added to your Pull Request. Don't work directly on the master branch, don't do unrelated work on your  `my-awesome-feature` branch.

diff --git a/application/LinkDB.php b/application/LinkDB.php
index 9308164af685bd8830b6c1a4a68621fddaa9f548..22c1f0ab5321b3ccb274931637ba642357ddecb6 100644 (file)
--- a/application/LinkDB.php
+++ b/application/LinkDB.php
@@ -249,7 +249,7 @@ class LinkDB implements Iterator, Countable, ArrayAccess
         $link = array(
             'id' => 1,
             'title'=>' Shaarli: the personal, minimalist, super-fast, no-database delicious clone',
-            'url'=>'https://github.com/shaarli/Shaarli/wiki',
+            'url'=>'https://shaarli.readthedocs.io',
             'description'=>'Welcome to Shaarli! This is your first public bookmark. To edit or delete me, you must first login.
 
 To learn how to use Shaarli, consult the link "Help/documentation" at the bottom of this page.

diff --git a/application/config/ConfigManager.php b/application/config/ConfigManager.php
index c94d92a8bf3ef4168eb9bf910a9cbd188874390b..fdd5b3d76a109b0e16b93f6020e448df2613dfdf 100644 (file)
--- a/application/config/ConfigManager.php
+++ b/application/config/ConfigManager.php
@@ -9,8 +9,8 @@ use Shaarli\Config\Exception\UnauthorizedConfigException;
  *
  * Manages all Shaarli's settings.
  * See the documentation for more information on settings:
- *   - doc/Shaarli-configuration.html
- *   - https://github.com/shaarli/Shaarli/wiki/Shaarli-configuration
+ *   - doc/md/Shaarli-configuration.md
+ *   - https://shaarli.readthedocs.io/en/master/Shaarli-configuration/#configuration
  */
 class ConfigManager
 {

diff --git a/composer.json b/composer.json
index 756ea58891bf02bba1a8a6157c9e5eaa8a80c2d1..afb8aca4c42209a7f8ddc685a1c7626e416a313c 100644 (file)
--- a/composer.json
+++ b/composer.json
@@ -6,7 +6,7 @@
     "homepage": "https://github.com/shaarli/Shaarli",
     "support": {
         "issues": "https://github.com/shaarli/Shaarli/issues",
-        "wiki": "https://github.com/shaarli/Shaarli/wiki"
+        "wiki": "https://shaarli.readthedocs.io"
     },
     "keywords": ["bookmark", "link", "share", "web"],
     "config": {

diff --git a/doc/md/Plugin-System.md b/doc/md/Plugin-System.md
index 30f0ae7448a033b5964b4032535674047b289ab9..cbec04c0fa0bf12ad87f2b33824c64f7c2700c0b 100644 (file)
--- a/doc/md/Plugin-System.md
+++ b/doc/md/Plugin-System.md
@@ -49,10 +49,10 @@ hook_<plugin_name>_<hook_name>($data, $conf)
 
 Parameters:
 
-- data: see [$data section](https://github.com/shaarli/Shaarli/wiki/Plugin-System#plugins-data)
+- data: see [$data section](https://shaarli.readthedocs.io/en/master/Plugin-System/#plugins-data)
 - conf: the `ConfigManager` instance.
 
-For exemple, if my plugin want to add data to the header, this function is needed:
+For example, if my plugin want to add data to the header, this function is needed:
 
     hook_demo_plugin_render_header
 

diff --git a/doc/md/Plugins.md b/doc/md/Plugins.md
index 7d40637fe6ca84637738bc6afdbd8086cec7228b..463dae170e37dc3791f1376e3b0f6668f8c0be5e 100644 (file)
--- a/doc/md/Plugins.md
+++ b/doc/md/Plugins.md
@@ -72,4 +72,4 @@ Usage of each plugin is documented in it's README file:
 
 #### Third party plugins
 
-See [Community & related software](https://github.com/shaarli/Shaarli/wiki/Community-%26-Related-software#third-party-plugins)
+See [Community & related software](https://shaarli.readthedocs.io/en/master/Community-&-Related-software/)

diff --git a/doc/md/Security.md b/doc/md/Security.md
index 36f629af0593c36b8d8bbac0e612989bff14f278..65db4225da89df3c1845feb3ae598155b1c8f25a 100644 (file)
--- a/doc/md/Security.md
+++ b/doc/md/Security.md
@@ -1,9 +1,6 @@
 ## Client browser
 - Shaarli relies on `HTTP_REFERER` for some functions (like redirects and clicking on tags). If you have disabled or masqueraded `HTTP_REFERER` in your browser, some features of Shaarli may not work
 
-## PHP
-- `magic_quotes` is an horrible option of PHP which is often activated on servers. No serious developer should rely on this horror to secure their code against SQL injections. You should disable it (and Shaarli expects this option to be disabled). Nevertheless, I have added code to cope with `magic_quotes` on, so you should not be bothered even on crappy hosts.
-
 ## Server and sessions
 - Directories are protected using `.htaccess` files
 - Forms are protected against XSRF (Cross-site requests forgery):

diff --git a/doc/md/index.md b/doc/md/index.md
index b10e3cf4caeaa8f1b473c0513e0ed7d669c8c985..24ada6c7cfafd5bcee221db47660ac6087d3a17b 100644 (file)
--- a/doc/md/index.md
+++ b/doc/md/index.md
@@ -37,7 +37,7 @@ Login: `demo`; Password: `demo`
     - daily RSS feed
 - permalinks for easy reference
 - links can be public or private
-- extensible through [plugins](https://github.com/shaarli/Shaarli/wiki/Plugins#plugin-usage)
+- extensible through [plugins](https://shaarli.readthedocs.io/en/master/Plugins/#plugin-usage)
 
 ### Tag, view and search your links!
 - add a custom title and description to archived links

diff --git a/index.php b/index.php
index f2f3b93e83ed1a17a7e7c56c8bf6add3f0c21ae6..e0a7b416f26d8c887cb80518c112afb3e8ca13e7 100644 (file)
--- a/index.php
+++ b/index.php
@@ -48,8 +48,8 @@ if (! file_exists(__DIR__ . '/vendor/autoload.php')) {
         ."If you installed Shaarli through Git or using the development branch,\n"
         ."please refer to the installation documentation to install PHP"
         ." dependencies using Composer:\n"
-        ."- https://github.com/shaarli/Shaarli/wiki/Server-requirements\n"
-        ."- https://github.com/shaarli/Shaarli/wiki/Download-and-Installation";
+        ."- https://shaarli.readthedocs.io/en/master/Server-requirements/\n"
+        ."- https://shaarli.readthedocs.io/en/master/Download-and-Installation/";
     exit;
 }
 require_once 'inc/rain.tpl.class.php';
@@ -133,15 +133,6 @@ date_default_timezone_set($conf->get('general.timezone', 'UTC'));
 
 ob_start();  // Output buffering for the page cache.
 
-// In case stupid admin has left magic_quotes enabled in php.ini:
-if (get_magic_quotes_gpc())
-{
-    function stripslashes_deep($value) { $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); return $value; }
-    $_POST = array_map('stripslashes_deep', $_POST);
-    $_GET = array_map('stripslashes_deep', $_GET);
-    $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
-}
-
 // Prevent caching on client side or proxy: (yes, it's ugly)
 header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
 header("Cache-Control: no-store, no-cache, must-revalidate");
@@ -186,42 +177,42 @@ if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
  */
 function setup_login_state($conf)
 {
-       if ($conf->get('security.open_shaarli')) {
-           return true;
-       }
-       $userIsLoggedIn = false; // By default, we do not consider the user as logged in;
-       $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met.
-       if (! $conf->exists('credentials.login')) {
-           $userIsLoggedIn = false;  // Shaarli is not configured yet.
-           $loginFailure = true;
-       }
-       if (isset($_COOKIE['shaarli_staySignedIn']) &&
-           $_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN &&
-           !$loginFailure)
-       {
-           fillSessionInfo($conf);
-           $userIsLoggedIn = true;
-       }
-       // If session does not exist on server side, or IP address has changed, or session has expired, logout.
-       if (empty($_SESSION['uid'])
+    if ($conf->get('security.open_shaarli')) {
+        return true;
+    }
+    $userIsLoggedIn = false; // By default, we do not consider the user as logged in;
+    $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met.
+    if (! $conf->exists('credentials.login')) {
+        $userIsLoggedIn = false;  // Shaarli is not configured yet.
+        $loginFailure = true;
+    }
+    if (isset($_COOKIE['shaarli_staySignedIn']) &&
+        $_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN &&
+        !$loginFailure)
+    {
+        fillSessionInfo($conf);
+        $userIsLoggedIn = true;
+    }
+    // If session does not exist on server side, or IP address has changed, or session has expired, logout.
+    if (empty($_SESSION['uid'])
         || ($conf->get('security.session_protection_disabled') === false && $_SESSION['ip'] != allIPs())
         || time() >= $_SESSION['expires_on'])
-       {
-           logout();
-           $userIsLoggedIn = false;
-           $loginFailure = true;
-       }
-       if (!empty($_SESSION['longlastingsession'])) {
-           $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked.
-       }
-       else {
-           $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date.
-       }
-       if (!$loginFailure) {
-           $userIsLoggedIn = true;
-       }
-
-       return $userIsLoggedIn;
+    {
+        logout();
+        $userIsLoggedIn = false;
+        $loginFailure = true;
+    }
+    if (!empty($_SESSION['longlastingsession'])) {
+        $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked.
+    }
+    else {
+        $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date.
+    }
+    if (!$loginFailure) {
+        $userIsLoggedIn = true;
+    }
+
+    return $userIsLoggedIn;
 }
 $userIsLoggedIn = setup_login_state($conf);
 
@@ -245,10 +236,10 @@ function allIPs()
  */
 function fillSessionInfo($conf)
 {
-       $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // Generate unique random number (different than phpsessionid)
-       $_SESSION['ip']=allIPs();                // We store IP address(es) of the client to make sure session is not hijacked.
-       $_SESSION['username']= $conf->get('credentials.login');
-       $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT;  // Set session expiration.
+    $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // Generate unique random number (different than phpsessionid)
+    $_SESSION['ip']=allIPs();                // We store IP address(es) of the client to make sure session is not hijacked.
+    $_SESSION['username']= $conf->get('credentials.login');
+    $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT;  // Set session expiration.
 }
 
 /**
@@ -265,7 +256,7 @@ function check_auth($login, $password, $conf)
     $hash = sha1($password . $login . $conf->get('credentials.salt'));
     if ($login == $conf->get('credentials.login') && $hash == $conf->get('credentials.hash'))
     {   // Login/password is correct.
-               fillSessionInfo($conf);
+        fillSessionInfo($conf);
         logm($conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], 'Login successful');
         return true;
     }
@@ -394,9 +385,10 @@ if (isset($_POST['login']))
         // If user wants to keep the session cookie even after the browser closes:
         if (!empty($_POST['longlastingsession']))
         {
-                       setcookie('shaarli_staySignedIn', STAY_SIGNED_IN_TOKEN, time()+31536000, WEB_PATH);
-            $_SESSION['longlastingsession']=31536000;  // (31536000 seconds = 1 year)
-            $_SESSION['expires_on']=time()+$_SESSION['longlastingsession'];  // Set session expiration on server-side.
+            $_SESSION['longlastingsession'] = 31536000; // (31536000 seconds = 1 year)
+            $expiration = time() + $_SESSION['longlastingsession']; // calculate relative cookie expiration (1 year from now)
+            setcookie('shaarli_staySignedIn', STAY_SIGNED_IN_TOKEN, $expiration, WEB_PATH);
+            $_SESSION['expires_on'] = $expiration;  // Set session expiration on server-side.
 
             $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
             session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['SERVER_NAME']); // Set session cookie expiration on client side
@@ -1235,7 +1227,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
         // Linkdate is kept here to:
         //   - use the same permalink for notes as they're displayed when creating them
         //   - let users hack creation date of their posts
-        //     See: https://github.com/shaarli/Shaarli/wiki/Datastore-hacks#changing-the-timestamp-for-a-link
+        //     See: https://shaarli.readthedocs.io/en/master/Various-hacks/#changing-the-timestamp-for-a-shaare
         $linkdate = escape($_POST['lf_linkdate']);
         if (isset($LINKSDB[$id])) {
             // Edit
@@ -1258,6 +1250,9 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
         // Remove duplicates.
         $tags = implode(' ', array_unique(explode(' ', $tags)));
 
+        if (empty(trim($_POST['lf_url']))) {
+            $_POST['lf_url'] = '?' . smallHash($linkdate . $id);
+        }
         $url = whitelist_protocols(trim($_POST['lf_url']), $conf->get('security.allowed_protocols'));
 
         $link = array(

diff --git a/plugins/playvideos/README.md b/plugins/playvideos/README.md
index b1698470755d1d7adff2e91528f57518d14afbda..ab4be22a46b5ad2a222fb84e1bae5ca4af40e745 100644 (file)
--- a/plugins/playvideos/README.md
+++ b/plugins/playvideos/README.md
@@ -8,7 +8,7 @@ This uses code from https://zaius.github.io/youtube_playlist/ and is currently o
 
 #### Installation and setup
 
-This is a default Shaarli plugin, you just have to enable it. See https://github.com/shaarli/Shaarli/wiki/Shaarli-configuration/
+This is a default Shaarli plugin, you just have to enable it. See https://shaarli.readthedocs.io/en/master/Shaarli-configuration/
 
 
 #### Troubleshooting