18 files changed, 129 insertions, 112 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4b018cb4..60262d56 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -61,7 +61,7 @@ The documentation has been migrated to ReadTheDocs:
 This release introduces the REST API, and requires updating HTTP server
 configuration to enable URL rewriting, see:
 - https://shaarli.github.io/api-documentation/
- https://github.com/shaarli/Shaarli/wiki/Server-configuration
+- https://shaarli.readthedocs.io/en/master/Server-configuration/
 **WARNING**: Shaarli now requires PHP 5.5+.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index bb82951d..03564fd2 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -54,7 +54,7 @@ Please report any problem you might find.
 * starting from branch ` master`, switch to a new branch (eg. `git checkout -b my-awesome-feature`)
 * edit the required files (from the Github web interface or your text editor)
 * add and commit your changes with a meaningful commit message (eg `Cool new feature, fixes issue #1001`)
- * run unit tests against your patched version, see [Running unit tests](https://github.com/shaarli/Shaarli/wiki/Running-unit-tests)
+ * run unit tests against your patched version, see [Running unit tests](https://shaarli.readthedocs.io/en/master/Unit-tests/#run-unit-tests)
 * Open your fork in the Github web interface and click the "Compare and Pull Request" button, enter required info and submit your Pull Request.
 All changes you will do on the `my-awesome-feature`  in the future will be added to your Pull Request. Don't work directly on the master branch, don't do unrelated work on your  `my-awesome-feature` branch.
diff --git a/Makefile b/Makefile
index 6483fca7..40badb1d 100644
--- a/Makefile
+++ b/Makefile
@@ -159,14 +159,14 @@ composer_dependencies: clean
        find vendor/ -name ".git" -type d -exec rm -rf {} +
 ### generate a release tarball and include 3rd-party dependencies
-release_tar: composer_dependencies doc_html
+release_tar: composer_dependencies htmldoc
        git archive --prefix=$(ARCHIVE_PREFIX) -o $(ARCHIVE_VERSION).tar HEAD
        tar rvf $(ARCHIVE_VERSION).tar --transform "s|^vendor|$(ARCHIVE_PREFIX)vendor|" vendor/
        tar rvf $(ARCHIVE_VERSION).tar --transform "s|^doc/html|$(ARCHIVE_PREFIX)doc/html|" doc/html/
        gzip $(ARCHIVE_VERSION).tar
 ### generate a release zip and include 3rd-party dependencies
-release_zip: composer_dependencies doc_html
+release_zip: composer_dependencies htmldoc
        git archive --prefix=$(ARCHIVE_PREFIX) -o $(ARCHIVE_VERSION).zip -9 HEAD
        mkdir -p $(ARCHIVE_PREFIX)/{doc,vendor}
        rsync -a doc/html/ $(ARCHIVE_PREFIX)doc/html/
@@ -195,17 +195,11 @@ doxygen: clean
        @rm -rf doxygen
        @( cat Doxyfile ; echo "PROJECT_NUMBER=`git describe`" ) | doxygen -
-### Convert local markdown documentation to HTML
+### generate HTML documentation from Markdown pages with MkDocs
-#
+htmldoc:
-# For all pages:
-#  - convert GitHub-flavoured relative links to standard Markdown
-#  - generate html documentation with mkdocs
-htmlpages:
        python3 -m venv venv/
        bash -c 'source venv/bin/activate; \
        pip install mkdocs; \
        mkdocs build'
        find doc/html/ -type f -exec chmod a-x '{}' \;
        rm -r venv
-doc_html: authors htmlpages
diff --git a/application/LinkDB.php b/application/LinkDB.php
index 9308164a..22c1f0ab 100644
--- a/application/LinkDB.php
+++ b/application/LinkDB.php
@@ -249,7 +249,7 @@ class LinkDB implements Iterator, Countable, ArrayAccess
        $link = array(
            'id' => 1,
            'title'=>' Shaarli: the personal, minimalist, super-fast, no-database delicious clone',
-            'url'=>'https://github.com/shaarli/Shaarli/wiki',
+            'url'=>'https://shaarli.readthedocs.io',
            'description'=>'Welcome to Shaarli! This is your first public bookmark. To edit or delete me, you must first login.
 To learn how to use Shaarli, consult the link "Help/documentation" at the bottom of this page.
diff --git a/application/config/ConfigManager.php b/application/config/ConfigManager.php
index 8eab26f1..fdd5b3d7 100644
--- a/application/config/ConfigManager.php
+++ b/application/config/ConfigManager.php
@@ -9,8 +9,8 @@ use Shaarli\Config\Exception\UnauthorizedConfigException;
 *
 * Manages all Shaarli's settings.
 * See the documentation for more information on settings:
- *   - doc/Shaarli-configuration.html
+ *   - doc/md/Shaarli-configuration.md
- *   - https://github.com/shaarli/Shaarli/wiki/Shaarli-configuration
+ *   - https://shaarli.readthedocs.io/en/master/Shaarli-configuration/#configuration
 */
 class ConfigManager
 {
@@ -328,6 +328,8 @@ class ConfigManager
        $this->setEmpty('privacy.default_private_links', false);
        $this->setEmpty('privacy.hide_public_links', false);
        $this->setEmpty('privacy.hide_timestamps', false);
+        // default state of the 'remember me' checkbox of the login form
+        $this->setEmpty('privacy.remember_user_default', true);
        $this->setEmpty('thumbnail.enable_thumbnails', true);
        $this->setEmpty('thumbnail.enable_localcache', true);
diff --git a/composer.json b/composer.json
index 756ea588..afb8aca4 100644
--- a/composer.json
+++ b/composer.json
@@ -6,7 +6,7 @@
    "homepage": "https://github.com/shaarli/Shaarli",
    "support": {
        "issues": "https://github.com/shaarli/Shaarli/issues",
-        "wiki": "https://github.com/shaarli/Shaarli/wiki"
+        "wiki": "https://shaarli.readthedocs.io"
    },
    "keywords": ["bookmark", "link", "share", "web"],
    "config": {
diff --git a/doc/md/Plugin-System.md b/doc/md/Plugin-System.md
index 30f0ae74..cbec04c0 100644
--- a/doc/md/Plugin-System.md
+++ b/doc/md/Plugin-System.md
@@ -49,10 +49,10 @@ hook_<plugin_name>_<hook_name>($data, $conf)
 Parameters:
- data: see [$data section](https://github.com/shaarli/Shaarli/wiki/Plugin-System#plugins-data)
+- data: see [$data section](https://shaarli.readthedocs.io/en/master/Plugin-System/#plugins-data)
 - conf: the `ConfigManager` instance.
-For exemple, if my plugin want to add data to the header, this function is needed:
+For example, if my plugin want to add data to the header, this function is needed:
    hook_demo_plugin_render_header
diff --git a/doc/md/Plugins.md b/doc/md/Plugins.md
index 7d40637f..463dae17 100644
--- a/doc/md/Plugins.md
+++ b/doc/md/Plugins.md
@@ -72,4 +72,4 @@ Usage of each plugin is documented in it's README file:
 #### Third party plugins
-See [Community & related software](https://github.com/shaarli/Shaarli/wiki/Community-%26-Related-software#third-party-plugins)
+See [Community & related software](https://shaarli.readthedocs.io/en/master/Community-&-Related-software/)
diff --git a/doc/md/Release-Shaarli.md b/doc/md/Release-Shaarli.md
index 974a7438..e22eabc9 100644
--- a/doc/md/Release-Shaarli.md
+++ b/doc/md/Release-Shaarli.md
@@ -46,6 +46,12 @@ TBA
 ## Increment the version code, update docs, create and push a signed tag
+### Update the list of Git contributors
+```bash
+$ make authors
+$ git commit -s -m "Update AUTHORS"
+```
 ### Create and merge a Pull Request
 This one is pretty straightforward ;-)
diff --git a/doc/md/Security.md b/doc/md/Security.md
index 36f629af..65db4225 100644
--- a/doc/md/Security.md
+++ b/doc/md/Security.md
@@ -1,9 +1,6 @@
 ## Client browser
 - Shaarli relies on `HTTP_REFERER` for some functions (like redirects and clicking on tags). If you have disabled or masqueraded `HTTP_REFERER` in your browser, some features of Shaarli may not work
-## PHP
- `magic_quotes` is an horrible option of PHP which is often activated on servers. No serious developer should rely on this horror to secure their code against SQL injections. You should disable it (and Shaarli expects this option to be disabled). Nevertheless, I have added code to cope with `magic_quotes` on, so you should not be bothered even on crappy hosts.
 ## Server and sessions
 - Directories are protected using `.htaccess` files
 - Forms are protected against XSRF (Cross-site requests forgery):
diff --git a/doc/md/Shaarli-configuration.md b/doc/md/Shaarli-configuration.md
index 188a3c09..d90e95eb 100644
--- a/doc/md/Shaarli-configuration.md
+++ b/doc/md/Shaarli-configuration.md
@@ -91,6 +91,8 @@ _These settings should not be edited_
 - **default_private_links**: Check the private checkbox by default for every new link.  
 - **hide_public_links**: All links are hidden while logged out.  
 - **hide_timestamps**: Timestamps are hidden.
+- **remember_user_default**: Default state of the login page's *remember me* checkbox
+    - `true`: checked by default, `false`: unchecked by default
 ### Feed
@@ -192,7 +194,8 @@ _These settings should not be edited_
    "privacy": {
        "default_private_links": true,
        "hide_public_links": false,
-        "hide_timestamps": false
+        "hide_timestamps": false,
+        "remember_user_default": true
    },
    "thumbnail": {
        "enable_thumbnails": true,
diff --git a/doc/md/index.md b/doc/md/index.md
index b10e3cf4..24ada6c7 100644
--- a/doc/md/index.md
+++ b/doc/md/index.md
@@ -37,7 +37,7 @@ Login: `demo`; Password: `demo`
    - daily RSS feed
 - permalinks for easy reference
 - links can be public or private
- extensible through [plugins](https://github.com/shaarli/Shaarli/wiki/Plugins#plugin-usage)
+- extensible through [plugins](https://shaarli.readthedocs.io/en/master/Plugins/#plugin-usage)
 ### Tag, view and search your links!
 - add a custom title and description to archived links
diff --git a/index.php b/index.php
index de993f14..218d317d 100644
--- a/index.php
+++ b/index.php
@@ -48,8 +48,8 @@ if (! file_exists(__DIR__ . '/vendor/autoload.php')) {
        ."If you installed Shaarli through Git or using the development branch,\n"
        ."please refer to the installation documentation to install PHP"
        ." dependencies using Composer:\n"
-        ."- https://github.com/shaarli/Shaarli/wiki/Server-requirements\n"
+        ."- https://shaarli.readthedocs.io/en/master/Server-requirements/\n"
-        ."- https://github.com/shaarli/Shaarli/wiki/Download-and-Installation";
+        ."- https://shaarli.readthedocs.io/en/master/Download-and-Installation/";
    exit;
 }
 require_once 'inc/rain.tpl.class.php';
@@ -133,15 +133,6 @@ date_default_timezone_set($conf->get('general.timezone', 'UTC'));
 ob_start();  // Output buffering for the page cache.
-// In case stupid admin has left magic_quotes enabled in php.ini:
-if (get_magic_quotes_gpc())
-{
-    function stripslashes_deep($value) { $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); return $value; }
-    $_POST = array_map('stripslashes_deep', $_POST);
-    $_GET = array_map('stripslashes_deep', $_GET);
-    $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
-}
 // Prevent caching on client side or proxy: (yes, it's ugly)
 header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
 header("Cache-Control: no-store, no-cache, must-revalidate");
@@ -186,42 +177,42 @@ if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
 */
 function setup_login_state($conf)
 {
-        if ($conf->get('security.open_shaarli')) {
+    if ($conf->get('security.open_shaarli')) {
-            return true;
+        return true;
-        }
+    }
-        $userIsLoggedIn = false; // By default, we do not consider the user as logged in;
+    $userIsLoggedIn = false; // By default, we do not consider the user as logged in;
-        $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met.
+    $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met.
-        if (! $conf->exists('credentials.login')) {
+    if (! $conf->exists('credentials.login')) {
-            $userIsLoggedIn = false;  // Shaarli is not configured yet.
+        $userIsLoggedIn = false;  // Shaarli is not configured yet.
-            $loginFailure = true;
+        $loginFailure = true;
-        }
+    }
-        if (isset($_COOKIE['shaarli_staySignedIn']) &&
+    if (isset($_COOKIE['shaarli_staySignedIn']) &&
-            $_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN &&
+        $_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN &&
-            !$loginFailure)
+        !$loginFailure)
-        {
+    {
-            fillSessionInfo($conf);
+        fillSessionInfo($conf);
-            $userIsLoggedIn = true;
+        $userIsLoggedIn = true;
-        }
+    }
-        // If session does not exist on server side, or IP address has changed, or session has expired, logout.
+    // If session does not exist on server side, or IP address has changed, or session has expired, logout.
-        if (empty($_SESSION['uid'])
+    if (empty($_SESSION['uid'])
        || ($conf->get('security.session_protection_disabled') === false && $_SESSION['ip'] != allIPs())
        || time() >= $_SESSION['expires_on'])
-        {
+    {
-            logout();
+        logout();
-            $userIsLoggedIn = false;
+        $userIsLoggedIn = false;
-            $loginFailure = true;
+        $loginFailure = true;
-        }
+    }
-        if (!empty($_SESSION['longlastingsession'])) {
+    if (!empty($_SESSION['longlastingsession'])) {
-            $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked.
+        $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked.
-        }
+    }
-        else {
+    else {
-            $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date.
+        $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date.
-        }
+    }
-        if (!$loginFailure) {
+    if (!$loginFailure) {
-            $userIsLoggedIn = true;
+        $userIsLoggedIn = true;
-        }
+    }
-        return $userIsLoggedIn;
+    return $userIsLoggedIn;
 }
 $userIsLoggedIn = setup_login_state($conf);
@@ -245,10 +236,10 @@ function allIPs()
 */
 function fillSessionInfo($conf)
 {
-        $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // Generate unique random number (different than phpsessionid)
+    $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // Generate unique random number (different than phpsessionid)
-        $_SESSION['ip']=allIPs();                // We store IP address(es) of the client to make sure session is not hijacked.
+    $_SESSION['ip']=allIPs();                // We store IP address(es) of the client to make sure session is not hijacked.
-        $_SESSION['username']= $conf->get('credentials.login');
+    $_SESSION['username']= $conf->get('credentials.login');
-        $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT;  // Set session expiration.
+    $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT;  // Set session expiration.
 }
 /**
@@ -265,7 +256,7 @@ function check_auth($login, $password, $conf)
    $hash = sha1($password . $login . $conf->get('credentials.salt'));
    if ($login == $conf->get('credentials.login') && $hash == $conf->get('credentials.hash'))
    {   // Login/password is correct.
-                fillSessionInfo($conf);
+        fillSessionInfo($conf);
        logm($conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], 'Login successful');
        return true;
    }
@@ -394,9 +385,10 @@ if (isset($_POST['login']))
        // If user wants to keep the session cookie even after the browser closes:
        if (!empty($_POST['longlastingsession']))
        {
-                        setcookie('shaarli_staySignedIn', STAY_SIGNED_IN_TOKEN, time()+31536000, WEB_PATH);
+            $_SESSION['longlastingsession'] = 31536000; // (31536000 seconds = 1 year)
-            $_SESSION['longlastingsession']=31536000;  // (31536000 seconds = 1 year)
+            $expiration = time() + $_SESSION['longlastingsession']; // calculate relative cookie expiration (1 year from now)
-            $_SESSION['expires_on']=time()+$_SESSION['longlastingsession'];  // Set session expiration on server-side.
+            setcookie('shaarli_staySignedIn', STAY_SIGNED_IN_TOKEN, $expiration, WEB_PATH);
+            $_SESSION['expires_on'] = $expiration;  // Set session expiration on server-side.
            $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
            session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['SERVER_NAME']); // Set session cookie expiration on client side
@@ -591,20 +583,29 @@ function showDailyRSS($conf) {
 */
 function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager)
 {
-    $day=date('Ymd',strtotime('-1 day')); // Yesterday, in format YYYYMMDD.
+    $day = date('Ymd', strtotime('-1 day')); // Yesterday, in format YYYYMMDD.
-    if (isset($_GET['day'])) $day=$_GET['day'];
+    if (isset($_GET['day'])) {
+      $day = $_GET['day'];
+    }
    $days = $LINKSDB->days();
-    $i = array_search($day,$days);
+    $i = array_search($day, $days);
-    if ($i===false) { $i=count($days)-1; $day=$days[$i]; }
+    if ($i === false && count($days)) {
-    $previousday='';
+        // no links for day, but at least one day with links
-    $nextday='';
+        $i = count($days) - 1;
-    if ($i!==false)
+        $day = $days[$i];
-    {
-        if ($i>=1) $previousday=$days[$i-1];
-        if ($i<count($days)-1) $nextday=$days[$i+1];
    }
+    $previousday = '';
+    $nextday = '';
+    if ($i !== false) {
+        if ($i >= 1) {
+             $previousday=$days[$i - 1];
+        }
+        if ($i < count($days) - 1) {
+          $nextday = $days[$i + 1];
+        }
+    }
    try {
        $linksToDisplay = $LINKSDB->filterDay($day);
    } catch (Exception $exc) {
@@ -613,9 +614,7 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager)
    }
    // We pre-format some fields for proper output.
-    foreach($linksToDisplay as $key=>$link)
+    foreach($linksToDisplay as $key => $link) {
-    {
        $taglist = explode(' ',$link['tags']);
        uasort($taglist, 'strcasecmp');
        $linksToDisplay[$key]['taglist']=$taglist;
@@ -629,21 +628,22 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager)
       so I manually spread entries with a simple method: I roughly evaluate the
       height of a div according to title and description length.
    */
-    $columns=array(array(),array(),array()); // Entries to display, for each column.
+    $columns = array(array(), array(), array()); // Entries to display, for each column.
-    $fill=array(0,0,0);  // Rough estimate of columns fill.
+    $fill = array(0, 0, 0);  // Rough estimate of columns fill.
-    foreach($linksToDisplay as $key=>$link)
+    foreach($linksToDisplay as $key => $link) {
-    {
        // Roughly estimate length of entry (by counting characters)
        // Title: 30 chars = 1 line. 1 line is 30 pixels height.
        // Description: 836 characters gives roughly 342 pixel height.
        // This is not perfect, but it's usually OK.
-        $length=strlen($link['title'])+(342*strlen($link['description']))/836;
+        $length = strlen($link['title']) + (342 * strlen($link['description'])) / 836;
-        if ($link['thumbnail']) $length +=100; // 1 thumbnails roughly takes 100 pixels height.
+        if ($link['thumbnail']) {
+          $length += 100; // 1 thumbnails roughly takes 100 pixels height.
+        }
        // Then put in column which is the less filled:
-        $smallest=min($fill); // find smallest value in array.
+        $smallest = min($fill); // find smallest value in array.
-        $index=array_search($smallest,$fill); // find index of this smallest value.
+        $index = array_search($smallest, $fill); // find index of this smallest value.
-        array_push($columns[$index],$link); // Put entry in this column.
+        array_push($columns[$index], $link); // Put entry in this column.
-        $fill[$index]+=$length;
+        $fill[$index] += $length;
    }
    $dayDate = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $day.'_000000');
@@ -745,6 +745,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
            $PAGE->assign('username', escape($_GET['username']));
        }
        $PAGE->assign('returnurl',(isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']):''));
+        // add default state of the 'remember me' checkbox
+        $PAGE->assign('remember_user_default', $conf->get('privacy.remember_user_default'));
        $PAGE->renderPage('loginform');
        exit;
    }
@@ -803,7 +805,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
            $maxcount = max($maxcount, $value);
        }
-        alphabetical_sort($tags, true, true);
+        alphabetical_sort($tags, false, true);
        $tagList = array();
        foreach($tags as $key => $value) {
@@ -1233,7 +1235,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
        // Linkdate is kept here to:
        //   - use the same permalink for notes as they're displayed when creating them
        //   - let users hack creation date of their posts
-        //     See: https://github.com/shaarli/Shaarli/wiki/Datastore-hacks#changing-the-timestamp-for-a-link
+        //     See: https://shaarli.readthedocs.io/en/master/Various-hacks/#changing-the-timestamp-for-a-shaare
        $linkdate = escape($_POST['lf_linkdate']);
        if (isset($LINKSDB[$id])) {
            // Edit
@@ -1256,6 +1258,9 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
        // Remove duplicates.
        $tags = implode(' ', array_unique(explode(' ', $tags)));
+        if (empty(trim($_POST['lf_url']))) {
+            $_POST['lf_url'] = '?' . smallHash($linkdate . $id);
+        }
        $url = whitelist_protocols(trim($_POST['lf_url']), $conf->get('security.allowed_protocols'));
        $link = array(
@@ -1325,10 +1330,17 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
            die('Wrong token.');
        }
-        if (strpos($_GET['lf_linkdate'], ' ') !== false) {
+        $ids = trim($_GET['lf_linkdate']);
-            $ids = array_values(array_filter(preg_split('/\s+/', escape($_GET['lf_linkdate']))));
+        if (strpos($ids, ' ') !== false) {
+            // multiple, space-separated ids provided
+            $ids = array_values(array_filter(preg_split('/\s+/', escape($ids))));
        } else {
-            $ids = [$_GET['lf_linkdate']];
+            // only a single id provided
+            $ids = [$ids];
+        }
+        // assert at least one id is given
+        if(!count($ids)){
+            die('no id provided');
        }
        foreach ($ids as $id) {
            $id = (int) escape($id);
diff --git a/plugins/playvideos/README.md b/plugins/playvideos/README.md
index b1698470..ab4be22a 100644
--- a/plugins/playvideos/README.md
+++ b/plugins/playvideos/README.md
@@ -8,7 +8,7 @@ This uses code from https://zaius.github.io/youtube_playlist/ and is currently o
 #### Installation and setup
-This is a default Shaarli plugin, you just have to enable it. See https://github.com/shaarli/Shaarli/wiki/Shaarli-configuration/
+This is a default Shaarli plugin, you just have to enable it. See https://shaarli.readthedocs.io/en/master/Shaarli-configuration/
 #### Troubleshooting
diff --git a/tpl/default/js/shaarli.js b/tpl/default/js/shaarli.js
index e0b4c752..1c66ebbd 100644
--- a/tpl/default/js/shaarli.js
+++ b/tpl/default/js/shaarli.js
@@ -401,14 +401,14 @@ window.onload = function () {
            var message = 'Are you sure you want to delete '+ links.length +' links?\n';
            message += 'This action is IRREVERSIBLE!\n\nTitles:\n';
-            var ids = '';
+            var ids = [];
            links.forEach(function(item) {
                message += '  - '+ item['title'] +'\n';
-                ids += item['id'] +'+';
+                ids.push(item['id']);
            });
            if (window.confirm(message)) {
-                window.location = '?delete_link&lf_linkdate='+ ids +'&token='+ token.value;
+                window.location = '?delete_link&lf_linkdate='+ ids.join('+') +'&token='+ token.value;
            }
        });
    }
diff --git a/tpl/default/loginform.html b/tpl/default/loginform.html
index eb6d8378..5777a218 100644
--- a/tpl/default/loginform.html
+++ b/tpl/default/loginform.html
@@ -30,7 +30,8 @@
        </div>
        <div class="remember-me">
          <input type="checkbox" name="longlastingsession" id="longlastingsessionform"
-             checked="checked" tabindex="22">
+             {if="$remember_user_default"}checked="checked"{/if}
+             tabindex="22">
          <label for="longlastingsessionform">{'Remember me'|t}</label>
        </div>
        <div>
diff --git a/tpl/default/tools.html b/tpl/default/tools.html
index 35173d17..72fd58af 100644
--- a/tpl/default/tools.html
+++ b/tpl/default/tools.html
@@ -97,7 +97,7 @@
            var%20desc=document.getSelection().toString();
            if(desc.length>4000){
              desc=desc.substr(0,4000)+'...';
-              alert("{function="str_replace(' ', '%20', t('The selected text is too long, it will be truncated.'))"}");
+              alert('{function="str_replace(' ', '%20', t('The selected text is too long, it will be truncated.'))"}');
            }
            window.open(
              '{$pageabsaddr}?private=1&amp;post='+
diff --git a/tpl/vintage/loginform.html b/tpl/vintage/loginform.html
index 84176385..1becd44f 100644
--- a/tpl/vintage/loginform.html
+++ b/tpl/vintage/loginform.html
@@ -24,7 +24,9 @@
        </label>
        <input type="submit" value="Login" class="bigbutton" tabindex="4">
        <label for="longlastingsession">
-          <input type="checkbox" name="longlastingsession" id="longlastingsession" tabindex="3">
+          <input type="checkbox" name="longlastingsession"
+                 id="longlastingsession" tabindex="3"
+                 {if="$remember_user_default"}checked="checked"{/if}>
          Stay signed in (Do not check on public computers)</label>
        <input type="hidden" name="token" value="{$token}">
        {if="$returnurl"}<input type="hidden" name="returnurl" value="{$returnurl}">{/if}