94 files changed, 5669 insertions, 1118 deletions
diff --git a/application/History.php b/application/History.php
index 4fd2f294..bd5c1bf7 100644
--- a/application/History.php
+++ b/application/History.php
@@ -4,6 +4,7 @@ namespace Shaarli;
 use DateTime;
 use Exception;
 use Shaarli\Bookmark\Bookmark;
+use Shaarli\Helper\FileUtils;
 /**
 * Class History
diff --git a/application/Languages.php b/application/Languages.php
index 5cda802e..d83e0765 100644
--- a/application/Languages.php
+++ b/application/Languages.php
@@ -179,9 +179,10 @@ class Languages
    {
        return [
            'auto' => t('Automatic'),
+            'de' => t('German'),
            'en' => t('English'),
            'fr' => t('French'),
-            'de' => t('German'),
+            'jp' => t('Japanese'),
        ];
    }
 }
diff --git a/application/Router.php b/application/Router.php
deleted file mode 100644
index d7187487..00000000
--- a/application/Router.php
+++ /dev/null
@@ -1,184 +0,0 @@
-<?php
-namespace Shaarli;
-/**
- * Class Router
- *
- * (only displayable pages here)
- */
-class Router
-{
-    public static $AJAX_THUMB_UPDATE = 'ajax_thumb_update';
-    public static $PAGE_LOGIN = 'login';
-    public static $PAGE_PICWALL = 'picwall';
-    public static $PAGE_TAGCLOUD = 'tagcloud';
-    public static $PAGE_TAGLIST = 'taglist';
-    public static $PAGE_DAILY = 'daily';
-    public static $PAGE_FEED_ATOM = 'atom';
-    public static $PAGE_FEED_RSS = 'rss';
-    public static $PAGE_TOOLS = 'tools';
-    public static $PAGE_CHANGEPASSWORD = 'changepasswd';
-    public static $PAGE_CONFIGURE = 'configure';
-    public static $PAGE_CHANGETAG = 'changetag';
-    public static $PAGE_ADDLINK = 'addlink';
-    public static $PAGE_EDITLINK = 'edit_link';
-    public static $PAGE_DELETELINK = 'delete_link';
-    public static $PAGE_CHANGE_VISIBILITY = 'change_visibility';
-    public static $PAGE_PINLINK = 'pin';
-    public static $PAGE_EXPORT = 'export';
-    public static $PAGE_IMPORT = 'import';
-    public static $PAGE_OPENSEARCH = 'opensearch';
-    public static $PAGE_LINKLIST = 'linklist';
-    public static $PAGE_PLUGINSADMIN = 'pluginadmin';
-    public static $PAGE_SAVE_PLUGINSADMIN = 'save_pluginadmin';
-    public static $PAGE_THUMBS_UPDATE = 'thumbs_update';
-    public static $GET_TOKEN = 'token';
-    /**
-     * Reproducing renderPage() if hell, to avoid regression.
-     *
-     * This highlights how bad this needs to be rewrite,
-     * but let's focus on plugins for now.
-     *
-     * @param string $query    $_SERVER['QUERY_STRING'].
-     * @param array  $get      $_SERVER['GET'].
-     * @param bool   $loggedIn true if authenticated user.
-     *
-     * @return string page found.
-     */
-    public static function findPage($query, $get, $loggedIn)
-    {
-        $loggedIn = ($loggedIn === true) ? true : false;
-        if (empty($query) && !isset($get['edit_link']) && !isset($get['post'])) {
-            return self::$PAGE_LINKLIST;
-        }
-        if (startsWith($query, 'do=' . self::$PAGE_LOGIN) && $loggedIn === false) {
-            return self::$PAGE_LOGIN;
-        }
-        if (startsWith($query, 'do=' . self::$PAGE_PICWALL)) {
-            return self::$PAGE_PICWALL;
-        }
-        if (startsWith($query, 'do=' . self::$PAGE_TAGCLOUD)) {
-            return self::$PAGE_TAGCLOUD;
-        }
-        if (startsWith($query, 'do=' . self::$PAGE_TAGLIST)) {
-            return self::$PAGE_TAGLIST;
-        }
-        if (startsWith($query, 'do=' . self::$PAGE_OPENSEARCH)) {
-            return self::$PAGE_OPENSEARCH;
-        }
-        if (startsWith($query, 'do=' . self::$PAGE_DAILY)) {
-            return self::$PAGE_DAILY;
-        }
-        if (startsWith($query, 'do=' . self::$PAGE_FEED_ATOM)) {
-            return self::$PAGE_FEED_ATOM;
-        }
-        if (startsWith($query, 'do=' . self::$PAGE_FEED_RSS)) {
-            return self::$PAGE_FEED_RSS;
-        }
-        if (startsWith($query, 'do=' . self::$PAGE_THUMBS_UPDATE)) {
-            return self::$PAGE_THUMBS_UPDATE;
-        }
-        if (startsWith($query, 'do=' . self::$AJAX_THUMB_UPDATE)) {
-            return self::$AJAX_THUMB_UPDATE;
-        }
-        // At this point, only loggedin pages.
-        if (!$loggedIn) {
-            return self::$PAGE_LINKLIST;
-        }
-        if (startsWith($query, 'do=' . self::$PAGE_TOOLS)) {
-            return self::$PAGE_TOOLS;
-        }
-        if (startsWith($query, 'do=' . self::$PAGE_CHANGEPASSWORD)) {
-            return self::$PAGE_CHANGEPASSWORD;
-        }
-        if (startsWith($query, 'do=' . self::$PAGE_CONFIGURE)) {
-            return self::$PAGE_CONFIGURE;
-        }
-        if (startsWith($query, 'do=' . self::$PAGE_CHANGETAG)) {
-            return self::$PAGE_CHANGETAG;
-        }
-        if (startsWith($query, 'do=' . self::$PAGE_ADDLINK)) {
-            return self::$PAGE_ADDLINK;
-        }
-        if (isset($get['edit_link']) || isset($get['post'])) {
-            return self::$PAGE_EDITLINK;
-        }
-        if (isset($get['delete_link'])) {
-            return self::$PAGE_DELETELINK;
-        }
-        if (isset($get[self::$PAGE_CHANGE_VISIBILITY])) {
-            return self::$PAGE_CHANGE_VISIBILITY;
-        }
-        if (startsWith($query, 'do=' . self::$PAGE_PINLINK)) {
-            return self::$PAGE_PINLINK;
-        }
-        if (startsWith($query, 'do=' . self::$PAGE_EXPORT)) {
-            return self::$PAGE_EXPORT;
-        }
-        if (startsWith($query, 'do=' . self::$PAGE_IMPORT)) {
-            return self::$PAGE_IMPORT;
-        }
-        if (startsWith($query, 'do=' . self::$PAGE_PLUGINSADMIN)) {
-            return self::$PAGE_PLUGINSADMIN;
-        }
-        if (startsWith($query, 'do=' . self::$PAGE_SAVE_PLUGINSADMIN)) {
-            return self::$PAGE_SAVE_PLUGINSADMIN;
-        }
-        if (startsWith($query, 'do=' . self::$GET_TOKEN)) {
-            return self::$GET_TOKEN;
-        }
-        return self::$PAGE_LINKLIST;
-    }
-}
diff --git a/application/Thumbnailer.php b/application/Thumbnailer.php
index 314baf0d..5aec23c8 100644
--- a/application/Thumbnailer.php
+++ b/application/Thumbnailer.php
@@ -4,7 +4,6 @@ namespace Shaarli;
 use Shaarli\Config\ConfigManager;
 use WebThumbnailer\Application\ConfigManager as WTConfigManager;
-use WebThumbnailer\Exception\WebThumbnailerException;
 use WebThumbnailer\WebThumbnailer;
 /**
@@ -90,7 +89,7 @@ class Thumbnailer
        try {
            return $this->wt->thumbnail($url);
-        } catch (WebThumbnailerException $e) {
+        } catch (\Throwable $e) {
            // Exceptions are only thrown in debug mode.
            error_log(get_class($e) . ': ' . $e->getMessage());
        }
diff --git a/application/Utils.php b/application/Utils.php
index 4b7fc546..db046893 100644
--- a/application/Utils.php
+++ b/application/Utils.php
@@ -4,21 +4,23 @@
 */
 /**
- * Logs a message to a text file
+ * Format log using provided data.
 *
- * The log format is compatible with fail2ban.
+ * @param string      $message  the message to log
+ * @param string|null $clientIp the client's remote IPv4/IPv6 address
 *
- * @param string $logFile  where to write the logs
+ * @return string Formatted message to log
- * @param string $clientIp the client's remote IPv4/IPv6 address
- * @param string $message  the message to log
 */
-function logm($logFile, $clientIp, $message)
+function format_log(string $message, string $clientIp = null): string
 {
-    file_put_contents(
+    $out = $message;
-        $logFile,
-        date('Y/m/d H:i:s').' - '.$clientIp.' - '.strval($message).PHP_EOL,
+    if (!empty($clientIp)) {
-        FILE_APPEND
+        // Note: we keep the first dash to avoid breaking fail2ban configs
-    );
+        $out = '- ' . $clientIp . ' - ' . $out;
+    }
+    return $out;
 }
 /**
@@ -87,18 +89,22 @@ function endsWith($haystack, $needle, $case = true)
 *
 * @param mixed $input Data to escape: a single string or an array of strings.
 *
- * @return string escaped.
+ * @return string|array escaped.
 */
 function escape($input)
 {
-    if (is_bool($input)) {
+    if (null === $input) {
+        return null;
+    }
+    if (is_bool($input) || is_int($input) || is_float($input) || $input instanceof DateTimeInterface) {
        return $input;
    }
    if (is_array($input)) {
        $out = array();
        foreach ($input as $key => $value) {
-            $out[$key] = escape($value);
+            $out[escape($key)] = escape($value);
        }
        return $out;
    }
@@ -294,15 +300,15 @@ function normalize_spaces($string)
 * Requires php-intl to display international datetimes,
 * otherwise default format '%c' will be returned.
 *
- * @param DateTime $date to format.
+ * @param DateTimeInterface $date to format.
- * @param bool     $time Displays time if true.
+ * @param bool              $time Displays time if true.
- * @param bool     $intl Use international format if true.
+ * @param bool              $intl Use international format if true.
 *
 * @return bool|string Formatted date, or false if the input is invalid.
 */
 function format_date($date, $time = true, $intl = true)
 {
-    if (! $date instanceof DateTime) {
+    if (! $date instanceof DateTimeInterface) {
        return false;
    }
@@ -321,6 +327,23 @@ function format_date($date, $time = true, $intl = true)
 }
 /**
+ * Format the date month according to the locale.
+ *
+ * @param DateTimeInterface $date to format.
+ *
+ * @return bool|string Formatted date, or false if the input is invalid.
+ */
+function format_month(DateTimeInterface $date)
+{
+    if (! $date instanceof DateTimeInterface) {
+        return false;
+    }
+    return strftime('%B', $date->getTimestamp());
+}
+/**
 * Check if the input is an integer, no matter its real type.
 *
 * PHP is a bit messy regarding this:
@@ -448,14 +471,27 @@ function alphabetical_sort(&$data, $reverse = false, $byKeys = false)
 * Wrapper function for translation which match the API
 * of gettext()/_() and ngettext().
 *
- * @param string $text   Text to translate.
+ * @param string $text      Text to translate.
- * @param string $nText  The plural message ID.
+ * @param string $nText     The plural message ID.
- * @param int    $nb     The number of items for plural forms.
+ * @param int    $nb        The number of items for plural forms.
- * @param string $domain The domain where the translation is stored (default: shaarli).
+ * @param string $domain    The domain where the translation is stored (default: shaarli).
+ * @param array  $variables Associative array of variables to replace in translated text.
+ * @param bool   $fixCase   Apply `ucfirst` on the translated string, might be useful for strings with variables.
 *
 * @return string Text translated.
 */
-function t($text, $nText = '', $nb = 1, $domain = 'shaarli')
+function t($text, $nText = '', $nb = 1, $domain = 'shaarli', $variables = [], $fixCase = false)
+{
+    $postFunction = $fixCase ? 'ucfirst' : function ($input) { return $input; };
+    return $postFunction(dn__($domain, $text, $nText, $nb, $variables));
+}
+/**
+ * Converts an exception into a printable stack trace string.
+ */
+function exception2text(Throwable $e): string
 {
-    return dn__($domain, $text, $nText, $nb);
+    return $e->getMessage() . PHP_EOL . $e->getFile() . $e->getLine() . PHP_EOL . $e->getTraceAsString();
 }
diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php
index 4745ac94..adc8b266 100644
--- a/application/api/ApiMiddleware.php
+++ b/application/api/ApiMiddleware.php
@@ -1,6 +1,7 @@
 <?php
 namespace Shaarli\Api;
+use malkusch\lock\mutex\FlockMutex;
 use Shaarli\Api\Exceptions\ApiAuthorizationException;
 use Shaarli\Api\Exceptions\ApiException;
 use Shaarli\Bookmark\BookmarkFileService;
@@ -71,7 +72,14 @@ class ApiMiddleware
            $response = $e->getApiResponse();
        }
-        return $response;
+        return $response
+            ->withHeader('Access-Control-Allow-Origin', '*')
+            ->withHeader(
+                'Access-Control-Allow-Headers',
+                'X-Requested-With, Content-Type, Accept, Origin, Authorization'
+            )
+            ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
+        ;
    }
    /**
@@ -100,7 +108,9 @@ class ApiMiddleware
     */
    protected function checkToken($request)
    {
-        if (! $request->hasHeader('Authorization')) {
+        if (!$request->hasHeader('Authorization')
+            && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])
+        ) {
            throw new ApiAuthorizationException('JWT token not provided');
        }
@@ -108,7 +118,11 @@ class ApiMiddleware
            throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration');
        }
-        $authorization = $request->getHeaderLine('Authorization');
+        if (isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) {
+            $authorization = $this->container->environment['REDIRECT_HTTP_AUTHORIZATION'];
+        } else {
+            $authorization = $request->getHeaderLine('Authorization');
+        }
        if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) {
            throw new ApiAuthorizationException('Invalid JWT header');
@@ -130,6 +144,7 @@ class ApiMiddleware
        $linkDb = new BookmarkFileService(
            $conf,
            $this->container->get('history'),
+            new FlockMutex(fopen(SHAARLI_MUTEX_FILE, 'r'), 2),
            true
        );
        $this->container['db'] = $linkDb;
diff --git a/application/api/ApiUtils.php b/application/api/ApiUtils.php
index 5156a5f7..eb1ca9bc 100644
--- a/application/api/ApiUtils.php
+++ b/application/api/ApiUtils.php
@@ -67,7 +67,7 @@ class ApiUtils
        if (! $bookmark->isNote()) {
            $out['url'] = $bookmark->getUrl();
        } else {
-            $out['url'] = $indexUrl . $bookmark->getUrl();
+            $out['url'] = rtrim($indexUrl, '/') . '/' . ltrim($bookmark->getUrl(), '/');
        }
        $out['shorturl'] = $bookmark->getShortUrl();
        $out['title'] = $bookmark->getTitle();
@@ -89,12 +89,12 @@ class ApiUtils
     * If no URL is provided, it will generate a local note URL.
     * If no title is provided, it will use the URL as title.
     *
-     * @param array  $input          Request Link.
+     * @param array|null  $input          Request Link.
-     * @param bool   $defaultPrivate Request Link.
+     * @param bool        $defaultPrivate Setting defined if a bookmark is private by default.
     *
     * @return Bookmark instance.
     */
-    public static function buildLinkFromRequest($input, $defaultPrivate)
+    public static function buildBookmarkFromRequest(?array $input, bool $defaultPrivate): Bookmark
    {
        $bookmark = new Bookmark();
        $url = ! empty($input['url']) ? cleanup_url($input['url']) : '';
@@ -110,6 +110,15 @@ class ApiUtils
        $bookmark->setTags(! empty($input['tags']) ? $input['tags'] : []);
        $bookmark->setPrivate($private);
+        $created = \DateTime::createFromFormat(\DateTime::ATOM, $input['created'] ?? '');
+        if ($created instanceof \DateTimeInterface) {
+            $bookmark->setCreated($created);
+        }
+        $updated = \DateTime::createFromFormat(\DateTime::ATOM, $input['updated'] ?? '');
+        if ($updated instanceof \DateTimeInterface) {
+            $bookmark->setUpdated($updated);
+        }
        return $bookmark;
    }
diff --git a/application/api/controllers/ApiController.php b/application/api/controllers/ApiController.php
index c4b3d0c3..88a845eb 100644
--- a/application/api/controllers/ApiController.php
+++ b/application/api/controllers/ApiController.php
@@ -4,6 +4,7 @@ namespace Shaarli\Api\Controllers;
 use Shaarli\Bookmark\BookmarkServiceInterface;
 use Shaarli\Config\ConfigManager;
+use Shaarli\History;
 use Slim\Container;
 /**
@@ -31,7 +32,7 @@ abstract class ApiController
    protected $bookmarkService;
    /**
-     * @var HistoryController
+     * @var History
     */
    protected $history;
diff --git a/application/api/controllers/Links.php b/application/api/controllers/Links.php
index 16fc8688..6bf529e4 100644
--- a/application/api/controllers/Links.php
+++ b/application/api/controllers/Links.php
@@ -96,11 +96,12 @@ class Links extends ApiController
     */
    public function getLink($request, $response, $args)
    {
-        if (!$this->bookmarkService->exists($args['id'])) {
+        $id = is_integer_mixed($args['id']) ? (int) $args['id'] : null;
+        if ($id === null || ! $this->bookmarkService->exists($id)) {
            throw new ApiLinkNotFoundException();
        }
        $index = index_url($this->ci['environment']);
-        $out = ApiUtils::formatLink($this->bookmarkService->get($args['id']), $index);
+        $out = ApiUtils::formatLink($this->bookmarkService->get($id), $index);
        return $response->withJson($out, 200, $this->jsonStyle);
    }
@@ -115,8 +116,8 @@ class Links extends ApiController
     */
    public function postLink($request, $response)
    {
-        $data = $request->getParsedBody();
+        $data = (array) ($request->getParsedBody() ?? []);
-        $bookmark = ApiUtils::buildLinkFromRequest($data, $this->conf->get('privacy.default_private_links'));
+        $bookmark = ApiUtils::buildBookmarkFromRequest($data, $this->conf->get('privacy.default_private_links'));
        // duplicate by URL, return 409 Conflict
        if (! empty($bookmark->getUrl())
            && ! empty($dup = $this->bookmarkService->findByUrl($bookmark->getUrl()))
@@ -148,18 +149,19 @@ class Links extends ApiController
     */
    public function putLink($request, $response, $args)
    {
-        if (! $this->bookmarkService->exists($args['id'])) {
+        $id = is_integer_mixed($args['id']) ? (int) $args['id'] : null;
+        if ($id === null || !$this->bookmarkService->exists($id)) {
            throw new ApiLinkNotFoundException();
        }
        $index = index_url($this->ci['environment']);
        $data = $request->getParsedBody();
-        $requestBookmark = ApiUtils::buildLinkFromRequest($data, $this->conf->get('privacy.default_private_links'));
+        $requestBookmark = ApiUtils::buildBookmarkFromRequest($data, $this->conf->get('privacy.default_private_links'));
        // duplicate URL on a different link, return 409 Conflict
        if (! empty($requestBookmark->getUrl())
            && ! empty($dup = $this->bookmarkService->findByUrl($requestBookmark->getUrl()))
-            && $dup->getId() != $args['id']
+            && $dup->getId() != $id
        ) {
            return $response->withJson(
                ApiUtils::formatLink($dup, $index),
@@ -168,7 +170,7 @@ class Links extends ApiController
            );
        }
-        $responseBookmark = $this->bookmarkService->get($args['id']);
+        $responseBookmark = $this->bookmarkService->get($id);
        $responseBookmark = ApiUtils::updateLink($responseBookmark, $requestBookmark);
        $this->bookmarkService->set($responseBookmark);
@@ -189,10 +191,11 @@ class Links extends ApiController
     */
    public function deleteLink($request, $response, $args)
    {
-        if (! $this->bookmarkService->exists($args['id'])) {
+        $id = is_integer_mixed($args['id']) ? (int) $args['id'] : null;
+        if ($id === null || !$this->bookmarkService->exists($id)) {
            throw new ApiLinkNotFoundException();
        }
-        $bookmark = $this->bookmarkService->get($args['id']);
+        $bookmark = $this->bookmarkService->get($id);
        $this->bookmarkService->remove($bookmark);
        return $response->withStatus(204);
diff --git a/application/bookmark/Bookmark.php b/application/bookmark/Bookmark.php
index f9b21d3d..4810c5e6 100644
--- a/application/bookmark/Bookmark.php
+++ b/application/bookmark/Bookmark.php
@@ -1,8 +1,11 @@
 <?php
+declare(strict_types=1);
 namespace Shaarli\Bookmark;
 use DateTime;
+use DateTimeInterface;
 use Shaarli\Bookmark\Exception\InvalidBookmarkException;
 /**
@@ -36,21 +39,24 @@ class Bookmark
    /** @var array List of bookmark's tags */
    protected $tags;
-    /** @var string Thumbnail's URL - false if no thumbnail could be found */
+    /** @var string|bool|null Thumbnail's URL - initialized at null, false if no thumbnail could be found */
    protected $thumbnail;
    /** @var bool Set to true if the bookmark is set as sticky */
    protected $sticky;
-    /** @var DateTime Creation datetime */
+    /** @var DateTimeInterface Creation datetime */
    protected $created;
-    /** @var DateTime Update datetime */
+    /** @var DateTimeInterface datetime */
    protected $updated;
    /** @var bool True if the bookmark can only be seen while logged in */
    protected $private;
+    /** @var mixed[] Available to store any additional content for a bookmark. Currently used for search highlight. */
+    protected $additionalContent = [];
    /**
     * Initialize a link from array data. Especially useful to create a Bookmark from former link storage format.
     *
@@ -58,25 +64,25 @@ class Bookmark
     *
     * @return $this
     */
-    public function fromArray($data)
+    public function fromArray(array $data): Bookmark
    {
-        $this->id = $data['id'];
+        $this->id = $data['id'] ?? null;
-        $this->shortUrl = $data['shorturl'];
+        $this->shortUrl = $data['shorturl'] ?? null;
-        $this->url = $data['url'];
+        $this->url = $data['url'] ?? null;
-        $this->title = $data['title'];
+        $this->title = $data['title'] ?? null;
-        $this->description = $data['description'];
+        $this->description = $data['description'] ?? null;
-        $this->thumbnail = isset($data['thumbnail']) ? $data['thumbnail'] : null;
+        $this->thumbnail = $data['thumbnail'] ?? null;
-        $this->sticky = isset($data['sticky']) ? $data['sticky'] : false;
+        $this->sticky = $data['sticky'] ?? false;
-        $this->created = $data['created'];
+        $this->created = $data['created'] ?? null;
        if (is_array($data['tags'])) {
            $this->tags = $data['tags'];
        } else {
-            $this->tags = preg_split('/\s+/', $data['tags'], -1, PREG_SPLIT_NO_EMPTY);
+            $this->tags = preg_split('/\s+/', $data['tags'] ?? '', -1, PREG_SPLIT_NO_EMPTY);
        }
        if (! empty($data['updated'])) {
            $this->updated = $data['updated'];
        }
-        $this->private = $data['private'] ? true : false;
+        $this->private = ($data['private'] ?? false) ? true : false;
        return $this;
    }
@@ -92,24 +98,28 @@ class Bookmark
     *   - the URL with the permalink
     *   - the title with the URL
     *
+     * Also make sure that we do not save search highlights in the datastore.
+     *
     * @throws InvalidBookmarkException
     */
-    public function validate()
+    public function validate(): void
    {
        if ($this->id === null
            || ! is_int($this->id)
            || empty($this->shortUrl)
            || empty($this->created)
-            || ! $this->created instanceof DateTime
        ) {
            throw new InvalidBookmarkException($this);
        }
        if (empty($this->url)) {
-            $this->url = '?'. $this->shortUrl;
+            $this->url = '/shaare/'. $this->shortUrl;
        }
        if (empty($this->title)) {
            $this->title = $this->url;
        }
+        if (array_key_exists('search_highlight', $this->additionalContent)) {
+            unset($this->additionalContent['search_highlight']);
+        }
    }
    /**
@@ -118,11 +128,11 @@ class Bookmark
     *   - created: with the current datetime
     *   - shortUrl: with a generated small hash from the date and the given ID
     *
-     * @param int $id
+     * @param int|null $id
     *
     * @return Bookmark
     */
-    public function setId($id)
+    public function setId(?int $id): Bookmark
    {
        $this->id = $id;
        if (empty($this->created)) {
@@ -138,9 +148,9 @@ class Bookmark
    /**
     * Get the Id.
     *
-     * @return int
+     * @return int|null
     */
-    public function getId()
+    public function getId(): ?int
    {
        return $this->id;
    }
@@ -148,9 +158,9 @@ class Bookmark
    /**
     * Get the ShortUrl.
     *
-     * @return string
+     * @return string|null
     */
-    public function getShortUrl()
+    public function getShortUrl(): ?string
    {
        return $this->shortUrl;
    }
@@ -158,9 +168,9 @@ class Bookmark
    /**
     * Get the Url.
     *
-     * @return string
+     * @return string|null
     */
-    public function getUrl()
+    public function getUrl(): ?string
    {
        return $this->url;
    }
@@ -170,7 +180,7 @@ class Bookmark
     *
     * @return string
     */
-    public function getTitle()
+    public function getTitle(): ?string
    {
        return $this->title;
    }
@@ -180,7 +190,7 @@ class Bookmark
     *
     * @return string
     */
-    public function getDescription()
+    public function getDescription(): string
    {
        return ! empty($this->description) ? $this->description : '';
    }
@@ -188,9 +198,9 @@ class Bookmark
    /**
     * Get the Created.
     *
-     * @return DateTime
+     * @return DateTimeInterface
     */
-    public function getCreated()
+    public function getCreated(): ?DateTimeInterface
    {
        return $this->created;
    }
@@ -198,9 +208,9 @@ class Bookmark
    /**
     * Get the Updated.
     *
-     * @return DateTime
+     * @return DateTimeInterface
     */
-    public function getUpdated()
+    public function getUpdated(): ?DateTimeInterface
    {
        return $this->updated;
    }
@@ -208,11 +218,11 @@ class Bookmark
    /**
     * Set the ShortUrl.
     *
-     * @param string $shortUrl
+     * @param string|null $shortUrl
     *
     * @return Bookmark
     */
-    public function setShortUrl($shortUrl)
+    public function setShortUrl(?string $shortUrl): Bookmark
    {
        $this->shortUrl = $shortUrl;
@@ -222,14 +232,14 @@ class Bookmark
    /**
     * Set the Url.
     *
-     * @param string $url
+     * @param string|null $url
-     * @param array  $allowedProtocols
+     * @param string[]    $allowedProtocols
     *
     * @return Bookmark
     */
-    public function setUrl($url, $allowedProtocols = [])
+    public function setUrl(?string $url, array $allowedProtocols = []): Bookmark
    {
-        $url = trim($url);
+        $url = $url !== null ? trim($url) : '';
        if (! empty($url)) {
            $url = whitelist_protocols($url, $allowedProtocols);
        }
@@ -241,13 +251,13 @@ class Bookmark
    /**
     * Set the Title.
     *
-     * @param string $title
+     * @param string|null $title
     *
     * @return Bookmark
     */
-    public function setTitle($title)
+    public function setTitle(?string $title): Bookmark
    {
-        $this->title = trim($title);
+        $this->title = $title !== null ? trim($title) : '';
        return $this;
    }
@@ -255,11 +265,11 @@ class Bookmark
    /**
     * Set the Description.
     *
-     * @param string $description
+     * @param string|null $description
     *
     * @return Bookmark
     */
-    public function setDescription($description)
+    public function setDescription(?string $description): Bookmark
    {
        $this->description = $description;
@@ -270,11 +280,11 @@ class Bookmark
     * Set the Created.
     * Note: you shouldn't set this manually except for special cases (like bookmark import)
     *
-     * @param DateTime $created
+     * @param DateTimeInterface|null $created
     *
     * @return Bookmark
     */
-    public function setCreated($created)
+    public function setCreated(?DateTimeInterface $created): Bookmark
    {
        $this->created = $created;
@@ -284,11 +294,11 @@ class Bookmark
    /**
     * Set the Updated.
     *
-     * @param DateTime $updated
+     * @param DateTimeInterface|null $updated
     *
     * @return Bookmark
     */
-    public function setUpdated($updated)
+    public function setUpdated(?DateTimeInterface $updated): Bookmark
    {
        $this->updated = $updated;
@@ -300,7 +310,7 @@ class Bookmark
     *
     * @return bool
     */
-    public function isPrivate()
+    public function isPrivate(): bool
    {
        return $this->private ? true : false;
    }
@@ -308,11 +318,11 @@ class Bookmark
    /**
     * Set the Private.
     *
-     * @param bool $private
+     * @param bool|null $private
     *
     * @return Bookmark
     */
-    public function setPrivate($private)
+    public function setPrivate(?bool $private): Bookmark
    {
        $this->private = $private ? true : false;
@@ -322,9 +332,9 @@ class Bookmark
    /**
     * Get the Tags.
     *
-     * @return array
+     * @return string[]
     */
-    public function getTags()
+    public function getTags(): array
    {
        return is_array($this->tags) ? $this->tags : [];
    }
@@ -332,13 +342,13 @@ class Bookmark
    /**
     * Set the Tags.
     *
-     * @param array $tags
+     * @param string[]|null $tags
     *
     * @return Bookmark
     */
-    public function setTags($tags)
+    public function setTags(?array $tags): Bookmark
    {
-        $this->setTagsString(implode(' ', $tags));
+        $this->setTagsString(implode(' ', $tags ?? []));
        return $this;
    }
@@ -346,7 +356,7 @@ class Bookmark
    /**
     * Get the Thumbnail.
     *
-     * @return string|bool
+     * @return string|bool|null Thumbnail's URL - initialized at null, false if no thumbnail could be found
     */
    public function getThumbnail()
    {
@@ -356,11 +366,11 @@ class Bookmark
    /**
     * Set the Thumbnail.
     *
-     * @param string|bool $thumbnail
+     * @param string|bool|null $thumbnail Thumbnail's URL - false if no thumbnail could be found
     *
     * @return Bookmark
     */
-    public function setThumbnail($thumbnail)
+    public function setThumbnail($thumbnail): Bookmark
    {
        $this->thumbnail = $thumbnail;
@@ -368,11 +378,29 @@ class Bookmark
    }
    /**
+     * Return true if:
+     *   - the bookmark's thumbnail is not already set to false (= not found)
+     *   - it's not a note
+     *   - it's an HTTP(S) link
+     *   - the thumbnail has not yet be retrieved (null) or its associated cache file doesn't exist anymore
+     *
+     * @return bool True if the bookmark's thumbnail needs to be retrieved.
+     */
+    public function shouldUpdateThumbnail(): bool
+    {
+        return $this->thumbnail !== false
+            && !$this->isNote()
+            && startsWith(strtolower($this->url), 'http')
+            && (null === $this->thumbnail || !is_file($this->thumbnail))
+        ;
+    }
+    /**
     * Get the Sticky.
     *
     * @return bool
     */
-    public function isSticky()
+    public function isSticky(): bool
    {
        return $this->sticky ? true : false;
    }
@@ -380,11 +408,11 @@ class Bookmark
    /**
     * Set the Sticky.
     *
-     * @param bool $sticky
+     * @param bool|null $sticky
     *
     * @return Bookmark
     */
-    public function setSticky($sticky)
+    public function setSticky(?bool $sticky): Bookmark
    {
        $this->sticky = $sticky ? true : false;
@@ -394,7 +422,7 @@ class Bookmark
    /**
     * @return string Bookmark's tags as a string, separated by a space
     */
-    public function getTagsString()
+    public function getTagsString(): string
    {
        return implode(' ', $this->getTags());
    }
@@ -402,10 +430,10 @@ class Bookmark
    /**
     * @return bool
     */
-    public function isNote()
+    public function isNote(): bool
    {
        // We check empty value to get a valid result if the link has not been saved yet
-        return empty($this->url) || $this->url[0] === '?';
+        return empty($this->url) || startsWith($this->url, '/shaare/') || $this->url[0] === '?';
    }
    /**
@@ -415,14 +443,14 @@ class Bookmark
     *   - multiple spaces will be removed
     *   - trailing dash in tags will be removed
     *
-     * @param string $tags
+     * @param string|null $tags
     *
     * @return $this
     */
-    public function setTagsString($tags)
+    public function setTagsString(?string $tags): Bookmark
    {
        // Remove first '-' char in tags.
-        $tags = preg_replace('/(^| )\-/', '$1', $tags);
+        $tags = preg_replace('/(^| )\-/', '$1', $tags ?? '');
        // Explode all tags separted by spaces or commas
        $tags = preg_split('/[\s,]+/', $tags);
        // Remove eventual empty values
@@ -434,12 +462,50 @@ class Bookmark
    }
    /**
+     * Get entire additionalContent array.
+     *
+     * @return mixed[]
+     */
+    public function getAdditionalContent(): array
+    {
+        return $this->additionalContent;
+    }
+    /**
+     * Set a single entry in additionalContent, by key.
+     *
+     * @param string     $key
+     * @param mixed|null $value Any type of value can be set.
+     *
+     * @return $this
+     */
+    public function addAdditionalContentEntry(string $key, $value): self
+    {
+        $this->additionalContent[$key] = $value;
+        return $this;
+    }
+    /**
+     * Get a single entry in additionalContent, by key.
+     *
+     * @param string $key
+     * @param mixed|null $default
+     *
+     * @return mixed|null can be any type or even null.
+     */
+    public function getAdditionalContentEntry(string $key, $default = null)
+    {
+        return array_key_exists($key, $this->additionalContent) ? $this->additionalContent[$key] : $default;
+    }
+    /**
     * Rename a tag in tags list.
     *
     * @param string $fromTag
     * @param string $toTag
     */
-    public function renameTag($fromTag, $toTag)
+    public function renameTag(string $fromTag, string $toTag): void
    {
        if (($pos = array_search($fromTag, $this->tags)) !== false) {
            $this->tags[$pos] = trim($toTag);
@@ -451,7 +517,7 @@ class Bookmark
     *
     * @param string $tag
     */
-    public function deleteTag($tag)
+    public function deleteTag(string $tag): void
    {
        if (($pos = array_search($tag, $this->tags)) !== false) {
            unset($this->tags[$pos]);
diff --git a/application/bookmark/BookmarkArray.php b/application/bookmark/BookmarkArray.php
index d87d43b4..67bb3b73 100644
--- a/application/bookmark/BookmarkArray.php
+++ b/application/bookmark/BookmarkArray.php
@@ -1,5 +1,7 @@
 <?php
+declare(strict_types=1);
 namespace Shaarli\Bookmark;
 use Shaarli\Bookmark\Exception\InvalidBookmarkException;
@@ -187,13 +189,13 @@ class BookmarkArray implements \Iterator, \Countable, \ArrayAccess
    /**
     * Returns a bookmark offset in bookmarks array from its unique ID.
     *
-     * @param int $id Persistent ID of a bookmark.
+     * @param int|null $id Persistent ID of a bookmark.
     *
     * @return int Real offset in local array, or null if doesn't exist.
     */
-    protected function getBookmarkOffset($id)
+    protected function getBookmarkOffset(?int $id): ?int
    {
-        if (isset($this->ids[$id])) {
+        if ($id !== null && isset($this->ids[$id])) {
            return $this->ids[$id];
        }
        return null;
@@ -205,7 +207,7 @@ class BookmarkArray implements \Iterator, \Countable, \ArrayAccess
     *
     * @return int next ID.
     */
-    public function getNextId()
+    public function getNextId(): int
    {
        if (!empty($this->ids)) {
            return max(array_keys($this->ids)) + 1;
@@ -214,11 +216,11 @@ class BookmarkArray implements \Iterator, \Countable, \ArrayAccess
    }
    /**
-     * @param $url
+     * @param string $url
     *
     * @return Bookmark|null
     */
-    public function getByUrl($url)
+    public function getByUrl(string $url): ?Bookmark
    {
        if (! empty($url)
            && isset($this->urls[$url])
@@ -234,16 +236,17 @@ class BookmarkArray implements \Iterator, \Countable, \ArrayAccess
     *
     * Also update the urls and ids mapping arrays.
     *
-     * @param string $order ASC|DESC
+     * @param string $order        ASC|DESC
+     * @param bool   $ignoreSticky If set to true, sticky bookmarks won't be first
     */
-    public function reorder($order = 'DESC')
+    public function reorder(string $order = 'DESC', bool $ignoreSticky = false): void
    {
        $order = $order === 'ASC' ? -1 : 1;
        // Reorder array by dates.
-        usort($this->bookmarks, function ($a, $b) use ($order) {
+        usort($this->bookmarks, function ($a, $b) use ($order, $ignoreSticky) {
            /** @var $a Bookmark */
            /** @var $b Bookmark */
-            if ($a->isSticky() !== $b->isSticky()) {
+            if (false === $ignoreSticky && $a->isSticky() !== $b->isSticky()) {
                return $a->isSticky() ? -1 : 1;
            }
            return $a->getCreated() < $b->getCreated() ? 1 * $order : -1 * $order;
diff --git a/application/bookmark/BookmarkFileService.php b/application/bookmark/BookmarkFileService.php
index 9c59e139..3ea98a45 100644
--- a/application/bookmark/BookmarkFileService.php
+++ b/application/bookmark/BookmarkFileService.php
@@ -1,17 +1,21 @@
 <?php
+declare(strict_types=1);
 namespace Shaarli\Bookmark;
+use DateTime;
 use Exception;
+use malkusch\lock\mutex\Mutex;
 use Shaarli\Bookmark\Exception\BookmarkNotFoundException;
+use Shaarli\Bookmark\Exception\DatastoreNotInitializedException;
 use Shaarli\Bookmark\Exception\EmptyDataStoreException;
 use Shaarli\Config\ConfigManager;
 use Shaarli\Formatter\BookmarkMarkdownFormatter;
 use Shaarli\History;
 use Shaarli\Legacy\LegacyLinkDB;
 use Shaarli\Legacy\LegacyUpdater;
+use Shaarli\Render\PageCacheManager;
 use Shaarli\Updater\UpdaterUtils;
 /**
@@ -39,17 +43,25 @@ class BookmarkFileService implements BookmarkServiceInterface
    /** @var History instance */
    protected $history;
+    /** @var PageCacheManager instance */
+    protected $pageCacheManager;
    /** @var bool true for logged in users. Default value to retrieve private bookmarks. */
    protected $isLoggedIn;
+    /** @var Mutex */
+    protected $mutex;
    /**
     * @inheritDoc
     */
-    public function __construct(ConfigManager $conf, History $history, $isLoggedIn)
+    public function __construct(ConfigManager $conf, History $history, Mutex $mutex, bool $isLoggedIn)
    {
        $this->conf = $conf;
        $this->history = $history;
-        $this->bookmarksIO = new BookmarkIO($this->conf);
+        $this->mutex = $mutex;
+        $this->pageCacheManager = new PageCacheManager($this->conf->get('resource.page_cache'), $isLoggedIn);
+        $this->bookmarksIO = new BookmarkIO($this->conf, $this->mutex);
        $this->isLoggedIn = $isLoggedIn;
        if (!$this->isLoggedIn && $this->conf->get('privacy.hide_public_links', false)) {
@@ -57,10 +69,16 @@ class BookmarkFileService implements BookmarkServiceInterface
        } else {
            try {
                $this->bookmarks = $this->bookmarksIO->read();
-            } catch (EmptyDataStoreException $e) {
+            } catch (EmptyDataStoreException|DatastoreNotInitializedException $e) {
                $this->bookmarks = new BookmarkArray();
-                if ($isLoggedIn) {
-                    $this->save();
+                if ($this->isLoggedIn) {
+                    // Datastore file does not exists, we initialize it with default bookmarks.
+                    if ($e instanceof DatastoreNotInitializedException) {
+                        $this->initialize();
+                    } else {
+                        $this->save();
+                    }
                }
            }
@@ -79,22 +97,25 @@ class BookmarkFileService implements BookmarkServiceInterface
    /**
     * @inheritDoc
     */
-    public function findByHash($hash)
+    public function findByHash(string $hash, string $privateKey = null): Bookmark
    {
        $bookmark = $this->bookmarkFilter->filter(BookmarkFilter::$FILTER_HASH, $hash);
        // PHP 7.3 introduced array_key_first() to avoid this hack
        $first = reset($bookmark);
-        if (! $this->isLoggedIn && $first->isPrivate()) {
+        if (!$this->isLoggedIn
-            throw new Exception('Not authorized');
+            && $first->isPrivate()
+            && (empty($privateKey) || $privateKey !== $first->getAdditionalContentEntry('private_key'))
+        ) {
+            throw new BookmarkNotFoundException();
        }
-        return $bookmark;
+        return $first;
    }
    /**
     * @inheritDoc
     */
-    public function findByUrl($url)
+    public function findByUrl(string $url): ?Bookmark
    {
        return $this->bookmarks->getByUrl($url);
    }
@@ -102,19 +123,28 @@ class BookmarkFileService implements BookmarkServiceInterface
    /**
     * @inheritDoc
     */
-    public function search($request = [], $visibility = null, $caseSensitive = false, $untaggedOnly = false)
+    public function search(
-    {
+        array $request = [],
+        string $visibility = null,
+        bool $caseSensitive = false,
+        bool $untaggedOnly = false,
+        bool $ignoreSticky = false
+    ) {
        if ($visibility === null) {
            $visibility = $this->isLoggedIn ? BookmarkFilter::$ALL : BookmarkFilter::$PUBLIC;
        }
        // Filter bookmark database according to parameters.
-        $searchtags = isset($request['searchtags']) ? $request['searchtags'] : '';
+        $searchTags = isset($request['searchtags']) ? $request['searchtags'] : '';
-        $searchterm = isset($request['searchterm']) ? $request['searchterm'] : '';
+        $searchTerm = isset($request['searchterm']) ? $request['searchterm'] : '';
+        if ($ignoreSticky) {
+            $this->bookmarks->reorder('DESC', true);
+        }
        return $this->bookmarkFilter->filter(
            BookmarkFilter::$FILTER_TAG | BookmarkFilter::$FILTER_TEXT,
-            [$searchtags, $searchterm],
+            [$searchTags, $searchTerm],
            $caseSensitive,
            $visibility,
            $untaggedOnly
@@ -124,7 +154,7 @@ class BookmarkFileService implements BookmarkServiceInterface
    /**
     * @inheritDoc
     */
-    public function get($id, $visibility = null)
+    public function get(int $id, string $visibility = null): Bookmark
    {
        if (! isset($this->bookmarks[$id])) {
            throw new BookmarkNotFoundException();
@@ -147,20 +177,17 @@ class BookmarkFileService implements BookmarkServiceInterface
    /**
     * @inheritDoc
     */
-    public function set($bookmark, $save = true)
+    public function set(Bookmark $bookmark, bool $save = true): Bookmark
    {
-        if ($this->isLoggedIn !== true) {
+        if (true !== $this->isLoggedIn) {
            throw new Exception(t('You\'re not authorized to alter the datastore'));
        }
-        if (! $bookmark instanceof Bookmark) {
-            throw new Exception(t('Provided data is invalid'));
-        }
        if (! isset($this->bookmarks[$bookmark->getId()])) {
            throw new BookmarkNotFoundException();
        }
        $bookmark->validate();
-        $bookmark->setUpdated(new \DateTime());
+        $bookmark->setUpdated(new DateTime());
        $this->bookmarks[$bookmark->getId()] = $bookmark;
        if ($save === true) {
            $this->save();
@@ -172,15 +199,12 @@ class BookmarkFileService implements BookmarkServiceInterface
    /**
     * @inheritDoc
     */
-    public function add($bookmark, $save = true)
+    public function add(Bookmark $bookmark, bool $save = true): Bookmark
    {
-        if ($this->isLoggedIn !== true) {
+        if (true !== $this->isLoggedIn) {
            throw new Exception(t('You\'re not authorized to alter the datastore'));
        }
-        if (! $bookmark instanceof Bookmark) {
+        if (!empty($bookmark->getId())) {
-            throw new Exception(t('Provided data is invalid'));
-        }
-        if (! empty($bookmark->getId())) {
            throw new Exception(t('This bookmarks already exists'));
        }
        $bookmark->setId($this->bookmarks->getNextId());
@@ -197,14 +221,11 @@ class BookmarkFileService implements BookmarkServiceInterface
    /**
     * @inheritDoc
     */
-    public function addOrSet($bookmark, $save = true)
+    public function addOrSet(Bookmark $bookmark, bool $save = true): Bookmark
    {
-        if ($this->isLoggedIn !== true) {
+        if (true !== $this->isLoggedIn) {
            throw new Exception(t('You\'re not authorized to alter the datastore'));
        }
-        if (! $bookmark instanceof Bookmark) {
-            throw new Exception('Provided data is invalid');
-        }
        if ($bookmark->getId() === null) {
            return $this->add($bookmark, $save);
        }
@@ -214,14 +235,11 @@ class BookmarkFileService implements BookmarkServiceInterface
    /**
     * @inheritDoc
     */
-    public function remove($bookmark, $save = true)
+    public function remove(Bookmark $bookmark, bool $save = true): void
    {
-        if ($this->isLoggedIn !== true) {
+        if (true !== $this->isLoggedIn) {
            throw new Exception(t('You\'re not authorized to alter the datastore'));
        }
-        if (! $bookmark instanceof Bookmark) {
-            throw new Exception(t('Provided data is invalid'));
-        }
        if (! isset($this->bookmarks[$bookmark->getId()])) {
            throw new BookmarkNotFoundException();
        }
@@ -236,7 +254,7 @@ class BookmarkFileService implements BookmarkServiceInterface
    /**
     * @inheritDoc
     */
-    public function exists($id, $visibility = null)
+    public function exists(int $id, string $visibility = null): bool
    {
        if (! isset($this->bookmarks[$id])) {
            return false;
@@ -259,7 +277,7 @@ class BookmarkFileService implements BookmarkServiceInterface
    /**
     * @inheritDoc
     */
-    public function count($visibility = null)
+    public function count(string $visibility = null): int
    {
        return count($this->search([], $visibility));
    }
@@ -267,21 +285,22 @@ class BookmarkFileService implements BookmarkServiceInterface
    /**
     * @inheritDoc
     */
-    public function save()
+    public function save(): void
    {
-        if (!$this->isLoggedIn) {
+        if (true !== $this->isLoggedIn) {
            // TODO: raise an Exception instead
            die('You are not authorized to change the database.');
        }
        $this->bookmarks->reorder();
        $this->bookmarksIO->write($this->bookmarks);
-        invalidateCaches($this->conf->get('resource.page_cache'));
+        $this->pageCacheManager->invalidateCaches();
    }
    /**
     * @inheritDoc
     */
-    public function bookmarksCountPerTag($filteringTags = [], $visibility = null)
+    public function bookmarksCountPerTag(array $filteringTags = [], string $visibility = null): array
    {
        $bookmarks = $this->search(['searchtags' => $filteringTags], $visibility);
        $tags = [];
@@ -291,6 +310,7 @@ class BookmarkFileService implements BookmarkServiceInterface
                if (empty($tag)
                    || (! $this->isLoggedIn && startsWith($tag, '.'))
                    || $tag === BookmarkMarkdownFormatter::NO_MD_TAG
+                    || in_array($tag, $filteringTags, true)
                ) {
                    continue;
                }
@@ -316,45 +336,68 @@ class BookmarkFileService implements BookmarkServiceInterface
        $keys = array_keys($tags);
        $tmpTags = array_combine($keys, $keys);
        array_multisort($tags, SORT_DESC, $tmpTags, SORT_ASC, $tags);
        return $tags;
    }
    /**
     * @inheritDoc
     */
-    public function days()
+    public function findByDate(
-    {
+        \DateTimeInterface $from,
-        $bookmarkDays = [];
+        \DateTimeInterface $to,
-        foreach ($this->search() as $bookmark) {
+        ?\DateTimeInterface &$previous,
-            $bookmarkDays[$bookmark->getCreated()->format('Ymd')] = 0;
+        ?\DateTimeInterface &$next
+    ): array {
+        $out = [];
+        $previous = null;
+        $next = null;
+        foreach ($this->search([], null, false, false, true) as $bookmark) {
+            if ($to < $bookmark->getCreated()) {
+                $next = $bookmark->getCreated();
+            } else if ($from < $bookmark->getCreated() && $to > $bookmark->getCreated()) {
+                $out[] = $bookmark;
+            } else {
+                if ($previous !== null) {
+                    break;
+                }
+                $previous = $bookmark->getCreated();
+            }
        }
-        $bookmarkDays = array_keys($bookmarkDays);
-        sort($bookmarkDays);
-        return $bookmarkDays;
+        return $out;
    }
    /**
     * @inheritDoc
     */
-    public function filterDay($request)
+    public function getLatest(): ?Bookmark
    {
-        return $this->bookmarkFilter->filter(BookmarkFilter::$FILTER_DAY, $request);
+        foreach ($this->search([], null, false, false, true) as $bookmark) {
+            return $bookmark;
+        }
+        return null;
    }
    /**
     * @inheritDoc
     */
-    public function initialize()
+    public function initialize(): void
    {
        $initializer = new BookmarkInitializer($this);
        $initializer->initialize();
+        if (true === $this->isLoggedIn) {
+            $this->save();
+        }
    }
    /**
     * Handles migration to the new database format (BookmarksArray).
     */
-    protected function migrate()
+    protected function migrate(): void
    {
        $bookmarkDb = new LegacyLinkDB(
            $this->conf->get('resource.datastore'),
diff --git a/application/bookmark/BookmarkFilter.php b/application/bookmark/BookmarkFilter.php
index fd556679..c79386ea 100644
--- a/application/bookmark/BookmarkFilter.php
+++ b/application/bookmark/BookmarkFilter.php
@@ -1,5 +1,7 @@
 <?php
+declare(strict_types=1);
 namespace Shaarli\Bookmark;
 use Exception;
@@ -77,8 +79,13 @@ class BookmarkFilter
     *
     * @throws BookmarkNotFoundException
     */
-    public function filter($type, $request, $casesensitive = false, $visibility = 'all', $untaggedonly = false)
+    public function filter(
-    {
+        string $type,
+        $request,
+        bool $casesensitive = false,
+        string $visibility = 'all',
+        bool $untaggedonly = false
+    ) {
        if (!in_array($visibility, ['all', 'public', 'private'])) {
            $visibility = 'all';
        }
@@ -115,7 +122,7 @@ class BookmarkFilter
                    return $this->filterTags($request, $casesensitive, $visibility);
                }
            case self::$FILTER_DAY:
-                return $this->filterDay($request);
+                return $this->filterDay($request, $visibility);
            default:
                return $this->noFilter($visibility);
        }
@@ -128,7 +135,7 @@ class BookmarkFilter
     *
     * @return Bookmark[] filtered bookmarks.
     */
-    private function noFilter($visibility = 'all')
+    private function noFilter(string $visibility = 'all')
    {
        if ($visibility === 'all') {
            return $this->bookmarks;
@@ -151,11 +158,11 @@ class BookmarkFilter
     *
     * @param string $smallHash permalink hash.
     *
-     * @return array $filtered array containing permalink data.
+     * @return Bookmark[] $filtered array containing permalink data.
     *
-     * @throws \Shaarli\Bookmark\Exception\BookmarkNotFoundException if the smallhash doesn't match any link.
+     * @throws BookmarkNotFoundException if the smallhash doesn't match any link.
     */
-    private function filterSmallHash($smallHash)
+    private function filterSmallHash(string $smallHash)
    {
        foreach ($this->bookmarks as $key => $l) {
            if ($smallHash == $l->getShortUrl()) {
@@ -186,15 +193,15 @@ class BookmarkFilter
     * @param string $searchterms search query.
     * @param string $visibility  Optional: return only all/private/public bookmarks.
     *
-     * @return array search results.
+     * @return Bookmark[] search results.
     */
-    private function filterFulltext($searchterms, $visibility = 'all')
+    private function filterFulltext(string $searchterms, string $visibility = 'all')
    {
        if (empty($searchterms)) {
            return $this->noFilter($visibility);
        }
-        $filtered = array();
+        $filtered = [];
        $search = mb_convert_case(html_entity_decode($searchterms), MB_CASE_LOWER, 'UTF-8');
        $exactRegex = '/"([^"]+)"/';
        // Retrieve exact search terms.
@@ -206,8 +213,8 @@ class BookmarkFilter
        $explodedSearchAnd = array_values(array_filter($explodedSearchAnd));
        // Filter excluding terms and update andSearch.
-        $excludeSearch = array();
+        $excludeSearch = [];
-        $andSearch = array();
+        $andSearch = [];
        foreach ($explodedSearchAnd as $needle) {
            if ($needle[0] == '-' && strlen($needle) > 1) {
                $excludeSearch[] = substr($needle, 1);
@@ -227,33 +234,38 @@ class BookmarkFilter
                }
            }
-            // Concatenate link fields to search across fields.
+            $lengths = [];
-            // Adds a '\' separator for exact search terms.
+            $content = $this->buildFullTextSearchableLink($link, $lengths);
-            $content  = mb_convert_case($link->getTitle(), MB_CASE_LOWER, 'UTF-8') .'\\';
-            $content .= mb_convert_case($link->getDescription(), MB_CASE_LOWER, 'UTF-8') .'\\';
-            $content .= mb_convert_case($link->getUrl(), MB_CASE_LOWER, 'UTF-8') .'\\';
-            $content .= mb_convert_case($link->getTagsString(), MB_CASE_LOWER, 'UTF-8') .'\\';
            // Be optimistic
            $found = true;
+            $foundPositions = [];
            // First, we look for exact term search
-            for ($i = 0; $i < count($exactSearch) && $found; $i++) {
+            // Then iterate over keywords, if keyword is not found,
-                $found = strpos($content, $exactSearch[$i]) !== false;
-            }
-            // Iterate over keywords, if keyword is not found,
            // no need to check for the others. We want all or nothing.
-            for ($i = 0; $i < count($andSearch) && $found; $i++) {
+            foreach ([$exactSearch, $andSearch] as $search) {
-                $found = strpos($content, $andSearch[$i]) !== false;
+                for ($i = 0; $i < count($search) && $found !== false; $i++) {
+                    $found = mb_strpos($content, $search[$i]);
+                    if ($found === false) {
+                        break;
+                    }
+                    $foundPositions[] = ['start' => $found, 'end' => $found + mb_strlen($search[$i])];
+                }
            }
            // Exclude terms.
-            for ($i = 0; $i < count($excludeSearch) && $found; $i++) {
+            for ($i = 0; $i < count($excludeSearch) && $found !== false; $i++) {
                $found = strpos($content, $excludeSearch[$i]) === false;
            }
-            if ($found) {
+            if ($found !== false) {
+                $link->addAdditionalContentEntry(
+                    'search_highlight',
+                    $this->postProcessFoundPositions($lengths, $foundPositions)
+                );
                $filtered[$id] = $link;
            }
        }
@@ -268,7 +280,7 @@ class BookmarkFilter
     *
     * @return string generated regex fragment
     */
-    private static function tag2regex($tag)
+    private static function tag2regex(string $tag): string
    {
        $len = strlen($tag);
        if (!$len || $tag === "-" || $tag === "*") {
@@ -314,13 +326,13 @@ class BookmarkFilter
     * You can specify one or more tags, separated by space or a comma, e.g.
     *  print_r($mydb->filterTags('linux programming'));
     *
-     * @param string $tags          list of tags separated by commas or blank spaces.
+     * @param string|array $tags          list of tags, separated by commas or blank spaces if passed as string.
-     * @param bool   $casesensitive ignore case if false.
+     * @param bool         $casesensitive ignore case if false.
-     * @param string $visibility    Optional: return only all/private/public bookmarks.
+     * @param string       $visibility    Optional: return only all/private/public bookmarks.
     *
-     * @return array filtered bookmarks.
+     * @return Bookmark[] filtered bookmarks.
     */
-    public function filterTags($tags, $casesensitive = false, $visibility = 'all')
+    public function filterTags($tags, bool $casesensitive = false, string $visibility = 'all')
    {
        // get single tags (we may get passed an array, even though the docs say different)
        $inputTags = $tags;
@@ -396,9 +408,9 @@ class BookmarkFilter
     *
     * @param string $visibility return only all/private/public bookmarks.
     *
-     * @return array filtered bookmarks.
+     * @return Bookmark[] filtered bookmarks.
     */
-    public function filterUntagged($visibility)
+    public function filterUntagged(string $visibility)
    {
        $filtered = [];
        foreach ($this->bookmarks as $key => $link) {
@@ -425,21 +437,26 @@ class BookmarkFilter
     *  print_r($mydb->filterDay('20120125'));
     *
     * @param string $day day to filter.
-     *
+     * @param string $visibility return only all/private/public bookmarks.
-     * @return array all link matching given day.
+     * @return Bookmark[] all link matching given day.
     *
     * @throws Exception if date format is invalid.
     */
-    public function filterDay($day)
+    public function filterDay(string $day, string $visibility)
    {
        if (!checkDateFormat('Ymd', $day)) {
            throw new Exception('Invalid date format');
        }
-        $filtered = array();
+        $filtered = [];
-        foreach ($this->bookmarks as $key => $l) {
+        foreach ($this->bookmarks as $key => $bookmark) {
-            if ($l->getCreated()->format('Ymd') == $day) {
+            if ($visibility === static::$PUBLIC && $bookmark->isPrivate()) {
-                $filtered[$key] = $l;
+                continue;
+            }
+            if ($bookmark->getCreated()->format('Ymd') == $day) {
+                $filtered[$key] = $bookmark;
            }
        }
@@ -455,9 +472,9 @@ class BookmarkFilter
     * @param string $tags          string containing a list of tags.
     * @param bool   $casesensitive will convert everything to lowercase if false.
     *
-     * @return array filtered tags string.
+     * @return string[] filtered tags string.
     */
-    public static function tagsStrToArray($tags, $casesensitive)
+    public static function tagsStrToArray(string $tags, bool $casesensitive): array
    {
        // We use UTF-8 conversion to handle various graphemes (i.e. cyrillic, or greek)
        $tagsOut = $casesensitive ? $tags : mb_convert_case($tags, MB_CASE_LOWER, 'UTF-8');
@@ -465,4 +482,74 @@ class BookmarkFilter
        return preg_split('/\s+/', $tagsOut, -1, PREG_SPLIT_NO_EMPTY);
    }
+    /**
+     * This method finalize the content of the foundPositions array,
+     * by associated all search results to their associated bookmark field,
+     * making sure that there is no overlapping results, etc.
+     *
+     * @param array $fieldLengths   Start and end positions of every bookmark fields in the aggregated bookmark content.
+     * @param array $foundPositions Positions where the search results were found in the aggregated content.
+     *
+     * @return array Updated $foundPositions, by bookmark field.
+     */
+    protected function postProcessFoundPositions(array $fieldLengths, array $foundPositions): array
+    {
+        // Sort results by starting position ASC.
+        usort($foundPositions, function (array $entryA, array $entryB): int {
+            return $entryA['start'] > $entryB['start'] ? 1 : -1;
+        });
+        $out = [];
+        $currentMax = -1;
+        foreach ($foundPositions as $foundPosition) {
+            // we do not allow overlapping highlights
+            if ($foundPosition['start'] < $currentMax) {
+                continue;
+            }
+            $currentMax = $foundPosition['end'];
+            foreach ($fieldLengths as $part => $length) {
+                if ($foundPosition['start'] < $length['start'] || $foundPosition['start'] > $length['end']) {
+                    continue;
+                }
+                $out[$part][] = [
+                    'start' => $foundPosition['start'] - $length['start'],
+                    'end' => $foundPosition['end'] - $length['start'],
+                ];
+                break;
+            }
+        }
+        return $out;
+    }
+    /**
+     * Concatenate link fields to search across fields. Adds a '\' separator for exact search terms.
+     * Also populate $length array with starting and ending positions of every bookmark field
+     * inside concatenated content.
+     *
+     * @param Bookmark $link
+     * @param array    $lengths (by reference)
+     *
+     * @return string Lowercase concatenated fields content.
+     */
+    protected function buildFullTextSearchableLink(Bookmark $link, array &$lengths): string
+    {
+        $content  = mb_convert_case($link->getTitle(), MB_CASE_LOWER, 'UTF-8') .'\\';
+        $content .= mb_convert_case($link->getDescription(), MB_CASE_LOWER, 'UTF-8') .'\\';
+        $content .= mb_convert_case($link->getUrl(), MB_CASE_LOWER, 'UTF-8') .'\\';
+        $content .= mb_convert_case($link->getTagsString(), MB_CASE_LOWER, 'UTF-8') .'\\';
+        $lengths['title'] = ['start' => 0, 'end' => mb_strlen($link->getTitle())];
+        $nextField = $lengths['title']['end'] + 1;
+        $lengths['description'] = ['start' => $nextField, 'end' => $nextField + mb_strlen($link->getDescription())];
+        $nextField = $lengths['description']['end'] + 1;
+        $lengths['url'] = ['start' => $nextField, 'end' => $nextField + mb_strlen($link->getUrl())];
+        $nextField = $lengths['url']['end'] + 1;
+        $lengths['tags'] = ['start' => $nextField, 'end' => $nextField + mb_strlen($link->getTagsString())];
+        return $content;
+    }
 }
diff --git a/application/bookmark/BookmarkIO.php b/application/bookmark/BookmarkIO.php
index ae9ffcb4..f40fa476 100644
--- a/application/bookmark/BookmarkIO.php
+++ b/application/bookmark/BookmarkIO.php
@@ -1,7 +1,12 @@
 <?php
+declare(strict_types=1);
 namespace Shaarli\Bookmark;
+use malkusch\lock\mutex\Mutex;
+use malkusch\lock\mutex\NoMutex;
+use Shaarli\Bookmark\Exception\DatastoreNotInitializedException;
 use Shaarli\Bookmark\Exception\EmptyDataStoreException;
 use Shaarli\Bookmark\Exception\NotWritableDataStoreException;
 use Shaarli\Config\ConfigManager;
@@ -26,11 +31,14 @@ class BookmarkIO
     */
    protected $conf;
+    /** @var Mutex */
+    protected $mutex;
    /**
     * string Datastore PHP prefix
     */
    protected static $phpPrefix = '<?php /* ';
    /**
     * string Datastore PHP suffix
     */
@@ -41,35 +49,46 @@ class BookmarkIO
     *
     * @param ConfigManager $conf instance
     */
-    public function __construct($conf)
+    public function __construct(ConfigManager $conf, Mutex $mutex = null)
    {
+        if ($mutex === null) {
+            // This should only happen with legacy classes
+            $mutex = new NoMutex();
+        }
        $this->conf = $conf;
        $this->datastore = $conf->get('resource.datastore');
+        $this->mutex = $mutex;
    }
    /**
     * Reads database from disk to memory
     *
-     * @return BookmarkArray instance
+     * @return Bookmark[]
     *
-     * @throws NotWritableDataStoreException Data couldn't be loaded
+     * @throws NotWritableDataStoreException    Data couldn't be loaded
-     * @throws EmptyDataStoreException       Datastore doesn't exist
+     * @throws EmptyDataStoreException          Datastore file exists but does not contain any bookmark
+     * @throws DatastoreNotInitializedException File does not exists
     */
    public function read()
    {
        if (! file_exists($this->datastore)) {
-            throw new EmptyDataStoreException();
+            throw new DatastoreNotInitializedException();
        }
        if (!is_writable($this->datastore)) {
            throw new NotWritableDataStoreException($this->datastore);
        }
+        $content = null;
+        $this->mutex->synchronized(function () use (&$content) {
+            $content = file_get_contents($this->datastore);
+        });
        // Note that gzinflate is faster than gzuncompress.
        // See: http://www.php.net/manual/en/function.gzdeflate.php#96439
        $links = unserialize(gzinflate(base64_decode(
-            substr(file_get_contents($this->datastore),
+            substr($content, strlen(self::$phpPrefix), -strlen(self::$phpSuffix))
-                strlen(self::$phpPrefix), -strlen(self::$phpSuffix)))));
+        )));
        if (empty($links)) {
            if (filesize($this->datastore) > 100) {
@@ -84,7 +103,7 @@ class BookmarkIO
    /**
     * Saves the database from memory to disk
     *
-     * @param BookmarkArray $links instance.
+     * @param Bookmark[] $links
     *
     * @throws NotWritableDataStoreException the datastore is not writable
     */
@@ -98,11 +117,13 @@ class BookmarkIO
            throw new NotWritableDataStoreException(dirname($this->datastore));
        }
-        file_put_contents(
+        $data = self::$phpPrefix.base64_encode(gzdeflate(serialize($links))).self::$phpSuffix;
-            $this->datastore,
-            self::$phpPrefix.base64_encode(gzdeflate(serialize($links))).self::$phpSuffix
-        );
-        invalidateCaches($this->conf->get('resource.page_cache'));
+        $this->mutex->synchronized(function () use ($data) {
+            file_put_contents(
+                $this->datastore,
+                $data
+            );
+        });
    }
 }
diff --git a/application/bookmark/BookmarkInitializer.php b/application/bookmark/BookmarkInitializer.php
index 9eee9a35..04b996f3 100644
--- a/application/bookmark/BookmarkInitializer.php
+++ b/application/bookmark/BookmarkInitializer.php
@@ -1,13 +1,14 @@
 <?php
+declare(strict_types=1);
 namespace Shaarli\Bookmark;
 /**
 * Class BookmarkInitializer
 *
 * This class is used to initialized default bookmarks after a fresh install of Shaarli.
- * It is no longer call when the data store is empty,
+ * It should be only called if the datastore file does not exist(users might want to delete the default bookmarks).
- * because user might want to delete default bookmarks after the install.
 *
 * To prevent data corruption, it does not overwrite existing bookmarks,
 * even though there should not be any.
@@ -24,7 +25,7 @@ class BookmarkInitializer
     *
     * @param BookmarkServiceInterface $bookmarkService
     */
-    public function __construct($bookmarkService)
+    public function __construct(BookmarkServiceInterface $bookmarkService)
    {
        $this->bookmarkService = $bookmarkService;
    }
@@ -32,28 +33,80 @@ class BookmarkInitializer
    /**
     * Initialize the data store with default bookmarks
     */
-    public function initialize()
+    public function initialize(): void
    {
        $bookmark = new Bookmark();
-        $bookmark->setTitle(t('My secret stuff... - Pastebin.com'));
+        $bookmark->setTitle('quicksilver (loop) on Vimeo ' . t('(private bookmark with thumbnail demo)'));
-        $bookmark->setUrl('http://sebsauvage.net/paste/?8434b27936c09649#bR7XsXhoTiLcqCpQbmOpBi3rq2zzQUC5hBI7ZT1O3x8=', []);
+        $bookmark->setUrl('https://vimeo.com/153493904');
-        $bookmark->setDescription(t('Shhhh! I\'m a private link only YOU can see. You can delete me too.'));
+        $bookmark->setDescription(t(
-        $bookmark->setTagsString('secretstuff');
+'Shaarli will automatically pick up the thumbnail for links to a variety of websites.
+Explore your new Shaarli instance by trying out controls and menus.
+Visit the project on [Github](https://github.com/shaarli/Shaarli) or [the documentation](https://shaarli.readthedocs.io/en/master/) to learn more about Shaarli.
+Now you can edit or delete the default shaares.
+'
+        ));
+        $bookmark->setTagsString('shaarli help thumbnail');
+        $bookmark->setPrivate(true);
+        $this->bookmarkService->add($bookmark, false);
+        $bookmark = new Bookmark();
+        $bookmark->setTitle(t('Note: Shaare descriptions'));
+        $bookmark->setDescription(t(
+'Adding a shaare without entering a URL creates a text-only "note" post such as this one.
+This note is private, so you are the only one able to see it while logged in.
+You can use this to keep notes, post articles, code snippets, and much more.
+The Markdown formatting setting allows you to format your notes and bookmark description:
+### Title headings
+#### Multiple headings levels
+  * bullet lists
+  * _italic_ text
+  * **bold** text
+  * ~~strike through~~ text
+  * `code` blocks
+  * images
+  * [links](https://en.wikipedia.org/wiki/Markdown)
+Markdown also supports tables:
+| Name    | Type      | Color  | Qty   |
+| ------- | --------- | ------ | ----- |
+| Orange  | Fruit     | Orange | 126   |
+| Apple   | Fruit     | Any    | 62    |
+| Lemon   | Fruit     | Yellow | 30    |
+| Carrot  | Vegetable | Red    | 14    |
+'
+        ));
+        $bookmark->setTagsString('shaarli help');
        $bookmark->setPrivate(true);
-        $this->bookmarkService->add($bookmark);
+        $this->bookmarkService->add($bookmark, false);
        $bookmark = new Bookmark();
-        $bookmark->setTitle(t('The personal, minimalist, super-fast, database free, bookmarking service'));
+        $bookmark->setTitle(
-        $bookmark->setUrl('https://shaarli.readthedocs.io', []);
+            'Shaarli - ' . t('The personal, minimalist, super-fast, database free, bookmarking service')
+        );
        $bookmark->setDescription(t(
-            'Welcome to Shaarli! This is your first public bookmark. '
+'Welcome to Shaarli!
-            . 'To edit or delete me, you must first login.
+Shaarli allows you to bookmark your favorite pages, and share them with others or store them privately.
+You can add a description to your bookmarks, such as this one, and tag them.
+Create a new shaare by clicking the `+Shaare` button, or using any of the recommended tools (browser extension, mobile app, bookmarklet, REST API, etc.).
-To learn how to use Shaarli, consult the link "Documentation" at the bottom of this page.
+You can easily retrieve your links, even with thousands of them, using the internal search engine, or search through tags (e.g. this Shaare is tagged with `shaarli` and `help`).
+Hashtags such as #shaarli #help are also supported.
+You can also filter the available [RSS feed](/feed/atom) and picture wall by tag or plaintext search.
-You use the community supported version of the original Shaarli project, by Sebastien Sauvage.'
+We hope that you will enjoy using Shaarli, maintained with ❤️ by the community!
+Feel free to open [an issue](https://github.com/shaarli/Shaarli/issues) if you have a suggestion or encounter an issue.
+'
        ));
-        $bookmark->setTagsString('opensource software');
+        $bookmark->setTagsString('shaarli help');
-        $this->bookmarkService->add($bookmark);
+        $this->bookmarkService->add($bookmark, false);
    }
 }
diff --git a/application/bookmark/BookmarkServiceInterface.php b/application/bookmark/BookmarkServiceInterface.php
index 7b7a4f09..08cdbb4e 100644
--- a/application/bookmark/BookmarkServiceInterface.php
+++ b/application/bookmark/BookmarkServiceInterface.php
@@ -1,73 +1,73 @@
 <?php
-namespace Shaarli\Bookmark;
+declare(strict_types=1);
+namespace Shaarli\Bookmark;
 use Shaarli\Bookmark\Exception\BookmarkNotFoundException;
 use Shaarli\Bookmark\Exception\NotWritableDataStoreException;
-use Shaarli\Config\ConfigManager;
-use Shaarli\Exceptions\IOException;
-use Shaarli\History;
 /**
 * Class BookmarksService
 *
 * This is the entry point to manipulate the bookmark DB.
+ *
+ * Regarding return types of a list of bookmarks, it can either be an array or an ArrayAccess implementation,
+ * so until PHP 8.0 is the minimal supported version with union return types it cannot be explicitly added.
 */
 interface BookmarkServiceInterface
 {
    /**
-     * BookmarksService constructor.
-     *
-     * @param ConfigManager $conf       instance
-     * @param History       $history    instance
-     * @param bool          $isLoggedIn true if the current user is logged in
-     */
-    public function __construct(ConfigManager $conf, History $history, $isLoggedIn);
-    /**
     * Find a bookmark by hash
     *
-     * @param string $hash
+     * @param string      $hash       Bookmark's hash
+     * @param string|null $privateKey Optional key used to access private links while logged out
     *
-     * @return mixed
+     * @return Bookmark
     *
     * @throws \Exception
     */
-    public function findByHash($hash);
+    public function findByHash(string $hash, string $privateKey = null);
    /**
     * @param $url
     *
     * @return Bookmark|null
     */
-    public function findByUrl($url);
+    public function findByUrl(string $url): ?Bookmark;
    /**
     * Search bookmarks
     *
-     * @param mixed  $request
+     * @param array   $request
-     * @param string $visibility
+     * @param ?string $visibility
-     * @param bool   $caseSensitive
+     * @param bool    $caseSensitive
-     * @param bool   $untaggedOnly
+     * @param bool    $untaggedOnly
+     * @param bool    $ignoreSticky
     *
     * @return Bookmark[]
     */
-    public function search($request = [], $visibility = null, $caseSensitive = false, $untaggedOnly = false);
+    public function search(
+        array $request = [],
+        string $visibility = null,
+        bool $caseSensitive = false,
+        bool $untaggedOnly = false,
+        bool $ignoreSticky = false
+    );
    /**
     * Get a single bookmark by its ID.
     *
-     * @param int    $id         Bookmark ID
+     * @param int    $id          Bookmark ID
-     * @param string $visibility all|public|private e.g. with public, accessing a private bookmark will throw an
+     * @param ?string $visibility all|public|private e.g. with public, accessing a private bookmark will throw an
-     *                           exception
+     *                            exception
     *
     * @return Bookmark
     *
     * @throws BookmarkNotFoundException
     * @throws \Exception
     */
-    public function get($id, $visibility = null);
+    public function get(int $id, string $visibility = null);
    /**
     * Updates an existing bookmark (depending on its ID).
@@ -80,7 +80,7 @@ interface BookmarkServiceInterface
     * @throws BookmarkNotFoundException
     * @throws \Exception
     */
-    public function set($bookmark, $save = true);
+    public function set(Bookmark $bookmark, bool $save = true): Bookmark;
    /**
     * Adds a new bookmark (the ID must be empty).
@@ -92,7 +92,7 @@ interface BookmarkServiceInterface
     *
     * @throws \Exception
     */
-    public function add($bookmark, $save = true);
+    public function add(Bookmark $bookmark, bool $save = true): Bookmark;
    /**
     * Adds or updates a bookmark depending on its ID:
@@ -106,7 +106,7 @@ interface BookmarkServiceInterface
     *
     * @throws \Exception
     */
-    public function addOrSet($bookmark, $save = true);
+    public function addOrSet(Bookmark $bookmark, bool $save = true): Bookmark;
    /**
     * Deletes a bookmark.
@@ -116,65 +116,72 @@ interface BookmarkServiceInterface
     *
     * @throws \Exception
     */
-    public function remove($bookmark, $save = true);
+    public function remove(Bookmark $bookmark, bool $save = true): void;
    /**
     * Get a single bookmark by its ID.
     *
-     * @param int    $id         Bookmark ID
+     * @param int     $id         Bookmark ID
-     * @param string $visibility all|public|private e.g. with public, accessing a private bookmark will throw an
+     * @param ?string $visibility all|public|private e.g. with public, accessing a private bookmark will throw an
-     *                           exception
+     *                            exception
     *
     * @return bool
     */
-    public function exists($id, $visibility = null);
+    public function exists(int $id, string $visibility = null): bool;
    /**
     * Return the number of available bookmarks for given visibility.
     *
-     * @param string $visibility public|private|all
+     * @param ?string $visibility public|private|all
     *
     * @return int Number of bookmarks
     */
-    public function count($visibility = null);
+    public function count(string $visibility = null): int;
    /**
     * Write the datastore.
     *
     * @throws NotWritableDataStoreException
     */
-    public function save();
+    public function save(): void;
    /**
     * Returns the list tags appearing in the bookmarks with the given tags
     *
-     * @param array  $filteringTags tags selecting the bookmarks to consider
+     * @param array|null  $filteringTags tags selecting the bookmarks to consider
-     * @param string $visibility    process only all/private/public bookmarks
+     * @param string|null $visibility    process only all/private/public bookmarks
     *
     * @return array tag => bookmarksCount
     */
-    public function bookmarksCountPerTag($filteringTags = [], $visibility = 'all');
+    public function bookmarksCountPerTag(array $filteringTags = [], ?string $visibility = null): array;
    /**
-     * Returns the list of days containing articles (oldest first)
+     * Return a list of bookmark matching provided period of time.
+     * It also update directly previous and next date outside of given period found in the datastore.
+     *
+     * @param \DateTimeInterface      $from     Starting date.
+     * @param \DateTimeInterface      $to       Ending date.
+     * @param \DateTimeInterface|null $previous (by reference) updated with first created date found before $from.
+     * @param \DateTimeInterface|null $next     (by reference) updated with first created date found after $to.
     *
-     * @return array containing days (in format YYYYMMDD).
+     * @return array List of bookmarks matching provided period of time.
     */
-    public function days();
+    public function findByDate(
+        \DateTimeInterface $from,
+        \DateTimeInterface $to,
+        ?\DateTimeInterface &$previous,
+        ?\DateTimeInterface &$next
+    ): array;
    /**
-     * Returns the list of articles for a given day.
+     * Returns the latest bookmark by creation date.
     *
-     * @param string $request day to filter. Format: YYYYMMDD.
+     * @return Bookmark|null Found Bookmark or null if the datastore is empty.
-     *
-     * @return Bookmark[] list of shaare found.
-     *
-     * @throws BookmarkNotFoundException
     */
-    public function filterDay($request);
+    public function getLatest(): ?Bookmark;
    /**
     * Creates the default database after a fresh install.
     */
-    public function initialize();
+    public function initialize(): void;
 }
diff --git a/application/bookmark/LinkUtils.php b/application/bookmark/LinkUtils.php
index 88379430..faf5dbfd 100644
--- a/application/bookmark/LinkUtils.php
+++ b/application/bookmark/LinkUtils.php
@@ -3,112 +3,6 @@
 use Shaarli\Bookmark\Bookmark;
 /**
- * Get cURL callback function for CURLOPT_WRITEFUNCTION
- *
- * @param string $charset     to extract from the downloaded page (reference)
- * @param string $title       to extract from the downloaded page (reference)
- * @param string $description to extract from the downloaded page (reference)
- * @param string $keywords    to extract from the downloaded page (reference)
- * @param bool   $retrieveDescription Automatically tries to retrieve description and keywords from HTML content
- * @param string $curlGetInfo Optionally overrides curl_getinfo function
- *
- * @return Closure
- */
-function get_curl_download_callback(
-    &$charset,
-    &$title,
-    &$description,
-    &$keywords,
-    $retrieveDescription,
-    $curlGetInfo = 'curl_getinfo'
-) {
-    $isRedirected = false;
-    $currentChunk = 0;
-    $foundChunk = null;
-    /**
-     * cURL callback function for CURLOPT_WRITEFUNCTION (called during the download).
-     *
-     * While downloading the remote page, we check that the HTTP code is 200 and content type is 'html/text'
-     * Then we extract the title and the charset and stop the download when it's done.
-     *
-     * @param resource $ch   cURL resource
-     * @param string   $data chunk of data being downloaded
-     *
-     * @return int|bool length of $data or false if we need to stop the download
-     */
-    return function (&$ch, $data) use (
-        $retrieveDescription,
-        $curlGetInfo,
-        &$charset,
-        &$title,
-        &$description,
-        &$keywords,
-        &$isRedirected,
-        &$currentChunk,
-        &$foundChunk
-    ) {
-        $currentChunk++;
-        $responseCode = $curlGetInfo($ch, CURLINFO_RESPONSE_CODE);
-        if (!empty($responseCode) && in_array($responseCode, [301, 302])) {
-            $isRedirected = true;
-            return strlen($data);
-        }
-        if (!empty($responseCode) && $responseCode !== 200) {
-            return false;
-        }
-        // After a redirection, the content type will keep the previous request value
-        // until it finds the next content-type header.
-        if (! $isRedirected || strpos(strtolower($data), 'content-type') !== false) {
-            $contentType = $curlGetInfo($ch, CURLINFO_CONTENT_TYPE);
-        }
-        if (!empty($contentType) && strpos($contentType, 'text/html') === false) {
-            return false;
-        }
-        if (!empty($contentType) && empty($charset)) {
-            $charset = header_extract_charset($contentType);
-        }
-        if (empty($charset)) {
-            $charset = html_extract_charset($data);
-        }
-        if (empty($title)) {
-            $title = html_extract_title($data);
-            $foundChunk = ! empty($title) ? $currentChunk : $foundChunk;
-        }
-        if ($retrieveDescription && empty($description)) {
-            $description = html_extract_tag('description', $data);
-            $foundChunk = ! empty($description) ? $currentChunk : $foundChunk;
-        }
-        if ($retrieveDescription && empty($keywords)) {
-            $keywords = html_extract_tag('keywords', $data);
-            if (! empty($keywords)) {
-                $foundChunk = $currentChunk;
-                // Keywords use the format tag1, tag2 multiple words, tag
-                // So we format them to match Shaarli's separator and glue multiple words with '-'
-                $keywords = implode(' ', array_map(function($keyword) {
-                    return implode('-', preg_split('/\s+/', trim($keyword)));
-                }, explode(',', $keywords)));
-            }
-        }
-        // We got everything we want, stop the download.
-        // If we already found either the title, description or keywords,
-        // it's highly unlikely that we'll found the other metas further than
-        // in the same chunk of data or the next one. So we also stop the download after that.
-        if ((!empty($responseCode) && !empty($contentType) && !empty($charset)) && $foundChunk !== null
-            && (! $retrieveDescription
-                || $foundChunk < $currentChunk
-                || (!empty($title) && !empty($description) && !empty($keywords))
-            )
-        ) {
-            return false;
-        }
-        return strlen($data);
-    };
-}
-/**
 * Extract title from an HTML document.
 *
 * @param string $html HTML content where to look for a title.
@@ -132,7 +26,7 @@ function html_extract_title($html)
 */
 function header_extract_charset($header)
 {
-    preg_match('/charset="?([^; ]+)/i', $header, $match);
+    preg_match('/charset=["\']?([^; "\']+)/i', $header, $match);
    if (! empty($match[1])) {
        return strtolower(trim($match[1]));
    }
@@ -172,11 +66,13 @@ function html_extract_tag($tag, $html)
 {
    $propertiesKey = ['property', 'name', 'itemprop'];
    $properties = implode('|', $propertiesKey);
+    // We need a OR here to accept either 'property=og:noquote' or 'property="og:unrelated og:my-tag"'
+    $orCondition  = '["\']?(?:og:)?'. $tag .'["\']?|["\'][^\'"]*?(?:og:)?' . $tag . '[^\'"]*?[\'"]';
    // Try to retrieve OpenGraph image.
-    $ogRegex = '#<meta[^>]+(?:'. $properties .')=["\']?(?:og:)?'. $tag .'["\'\s][^>]*content=["\']?(.*?)["\'/>]#';
+    $ogRegex = '#<meta[^>]+(?:'. $properties .')=(?:'. $orCondition .')[^>]*content=["\'](.*?)["\'].*?>#';
    // If the attributes are not in the order property => content (e.g. Github)
    // New regex to keep this readable... more or less.
-    $ogRegexReverse = '#<meta[^>]+content=["\']([^"\']+)[^>]+(?:'. $properties .')=["\']?(?:og)?:'. $tag .'["\'\s/>]#';
+    $ogRegexReverse = '#<meta[^>]+content=["\'](.*?)["\'][^>]+(?:'. $properties .')=(?:'. $orCondition .').*?>#';
    if (preg_match($ogRegex, $html, $matches) > 0
        || preg_match($ogRegexReverse, $html, $matches) > 0
@@ -220,7 +116,7 @@ function hashtag_autolink($description, $indexUrl = '')
     * \p{Mn} - any non marking space (accents, umlauts, etc)
     */
    $regex = '/(^|\s)#([\p{Pc}\p{N}\p{L}\p{Mn}]+)/mui';
-    $replacement = '$1<a href="'. $indexUrl .'?addtag=$2" title="Hashtag $2">#$2</a>';
+    $replacement = '$1<a href="'. $indexUrl .'./add-tag/$2" title="Hashtag $2">#$2</a>';
    return preg_replace($regex, $replacement, $description);
 }
diff --git a/application/bookmark/exception/DatastoreNotInitializedException.php b/application/bookmark/exception/DatastoreNotInitializedException.php
new file mode 100644
index 00000000..f495049d
--- /dev/null
+++ b/application/bookmark/exception/DatastoreNotInitializedException.php
@@ -0,0 +1,10 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Bookmark\Exception;
+class DatastoreNotInitializedException extends \Exception
+{
+}
diff --git a/application/config/ConfigJson.php b/application/config/ConfigJson.php
index 4509357c..23b22269 100644
--- a/application/config/ConfigJson.php
+++ b/application/config/ConfigJson.php
@@ -19,7 +19,7 @@ class ConfigJson implements ConfigIO
        $data = file_get_contents($filepath);
        $data = str_replace(self::getPhpHeaders(), '', $data);
        $data = str_replace(self::getPhpSuffix(), '', $data);
-        $data = json_decode($data, true);
+        $data = json_decode(trim($data), true);
        if ($data === null) {
            $errorCode = json_last_error();
            $error  = sprintf(
@@ -46,7 +46,7 @@ class ConfigJson implements ConfigIO
        // JSON_PRETTY_PRINT is available from PHP 5.4.
        $print = defined('JSON_PRETTY_PRINT') ? JSON_PRETTY_PRINT : 0;
        $data = self::getPhpHeaders() . json_encode($conf, $print) . self::getPhpSuffix();
-        if (!file_put_contents($filepath, $data)) {
+        if (empty($filepath) || !file_put_contents($filepath, $data)) {
            throw new \Shaarli\Exceptions\IOException(
                $filepath,
                t('Shaarli could not create the config file. '.
@@ -73,7 +73,7 @@ class ConfigJson implements ConfigIO
     */
    public static function getPhpHeaders()
    {
-        return '<?php /*'. PHP_EOL;
+        return '<?php /*';
    }
    /**
@@ -85,6 +85,6 @@ class ConfigJson implements ConfigIO
     */
    public static function getPhpSuffix()
    {
-        return PHP_EOL . '*/ ?>';
+        return '*/ ?>';
    }
 }
diff --git a/application/config/ConfigManager.php b/application/config/ConfigManager.php
index e45bb4c3..fb085023 100644
--- a/application/config/ConfigManager.php
+++ b/application/config/ConfigManager.php
@@ -3,6 +3,7 @@ namespace Shaarli\Config;
 use Shaarli\Config\Exception\MissingFieldConfigException;
 use Shaarli\Config\Exception\UnauthorizedConfigException;
+use Shaarli\Thumbnailer;
 /**
 * Class ConfigManager
@@ -361,11 +362,12 @@ class ConfigManager
        $this->setEmpty('security.open_shaarli', false);
        $this->setEmpty('security.allowed_protocols', ['ftp', 'ftps', 'magnet']);
-        $this->setEmpty('general.header_link', '?');
+        $this->setEmpty('general.header_link', '/');
        $this->setEmpty('general.links_per_page', 20);
        $this->setEmpty('general.enabled_plugins', self::$DEFAULT_PLUGINS);
        $this->setEmpty('general.default_note_title', 'Note: ');
-        $this->setEmpty('general.retrieve_description', false);
+        $this->setEmpty('general.retrieve_description', true);
+        $this->setEmpty('general.enable_async_metadata', true);
        $this->setEmpty('updates.check_updates', false);
        $this->setEmpty('updates.check_updates_branch', 'stable');
@@ -381,6 +383,7 @@ class ConfigManager
        // default state of the 'remember me' checkbox of the login form
        $this->setEmpty('privacy.remember_user_default', true);
+        $this->setEmpty('thumbnails.mode', Thumbnailer::MODE_ALL);
        $this->setEmpty('thumbnails.width', '125');
        $this->setEmpty('thumbnails.height', '90');
diff --git a/application/config/ConfigPlugin.php b/application/config/ConfigPlugin.php
index dbb24937..ea8dfbda 100644
--- a/application/config/ConfigPlugin.php
+++ b/application/config/ConfigPlugin.php
@@ -1,6 +1,7 @@
 <?php
 use Shaarli\Config\Exception\PluginConfigOrderException;
+use Shaarli\Plugin\PluginManager;
 /**
 * Plugin configuration helper functions.
@@ -19,6 +20,20 @@ use Shaarli\Config\Exception\PluginConfigOrderException;
 */
 function save_plugin_config($formData)
 {
+    // We can only save existing plugins
+    $directories = str_replace(
+        PluginManager::$PLUGINS_PATH . '/',
+        '',
+        glob(PluginManager::$PLUGINS_PATH . '/*')
+    );
+    $formData = array_filter(
+        $formData,
+        function ($value, string $key) use ($directories) {
+            return startsWith($key, 'order') || in_array($key, $directories);
+        },
+        ARRAY_FILTER_USE_BOTH
+    );
    // Make sure there are no duplicates in orders.
    if (!validate_plugin_order($formData)) {
        throw new PluginConfigOrderException();
@@ -69,7 +84,7 @@ function validate_plugin_order($formData)
    $orders = array();
    foreach ($formData as $key => $value) {
        // No duplicate order allowed.
-        if (in_array($value, $orders)) {
+        if (in_array($value, $orders, true)) {
            return false;
        }
diff --git a/application/container/ContainerBuilder.php b/application/container/ContainerBuilder.php
index e2c78ccc..d84418ad 100644
--- a/application/container/ContainerBuilder.php
+++ b/application/container/ContainerBuilder.php
@@ -4,14 +4,28 @@ declare(strict_types=1);
 namespace Shaarli\Container;
+use malkusch\lock\mutex\FlockMutex;
+use Psr\Log\LoggerInterface;
 use Shaarli\Bookmark\BookmarkFileService;
 use Shaarli\Bookmark\BookmarkServiceInterface;
 use Shaarli\Config\ConfigManager;
+use Shaarli\Feed\FeedBuilder;
+use Shaarli\Formatter\FormatterFactory;
+use Shaarli\Front\Controller\Visitor\ErrorController;
+use Shaarli\Front\Controller\Visitor\ErrorNotFoundController;
 use Shaarli\History;
+use Shaarli\Http\HttpAccess;
+use Shaarli\Http\MetadataRetriever;
+use Shaarli\Netscape\NetscapeBookmarkUtils;
 use Shaarli\Plugin\PluginManager;
 use Shaarli\Render\PageBuilder;
+use Shaarli\Render\PageCacheManager;
+use Shaarli\Security\CookieManager;
 use Shaarli\Security\LoginManager;
 use Shaarli\Security\SessionManager;
+use Shaarli\Thumbnailer;
+use Shaarli\Updater\Updater;
+use Shaarli\Updater\UpdaterUtils;
 /**
 * Class ContainerBuilder
@@ -30,22 +44,43 @@ class ContainerBuilder
    /** @var SessionManager */
    protected $session;
+    /** @var CookieManager */
+    protected $cookieManager;
    /** @var LoginManager */
    protected $login;
-    public function __construct(ConfigManager $conf, SessionManager $session, LoginManager $login)
+    /** @var LoggerInterface */
-    {
+    protected $logger;
+    /** @var string|null */
+    protected $basePath = null;
+    public function __construct(
+        ConfigManager $conf,
+        SessionManager $session,
+        CookieManager $cookieManager,
+        LoginManager $login,
+        LoggerInterface $logger
+    ) {
        $this->conf = $conf;
        $this->session = $session;
        $this->login = $login;
+        $this->cookieManager = $cookieManager;
+        $this->logger = $logger;
    }
    public function build(): ShaarliContainer
    {
        $container = new ShaarliContainer();
        $container['conf'] = $this->conf;
        $container['sessionManager'] = $this->session;
+        $container['cookieManager'] = $this->cookieManager;
        $container['loginManager'] = $this->login;
+        $container['logger'] = $this->logger;
+        $container['basePath'] = $this->basePath;
        $container['plugins'] = function (ShaarliContainer $container): PluginManager {
            return new PluginManager($container->conf);
        };
@@ -58,14 +93,20 @@ class ContainerBuilder
            return new BookmarkFileService(
                $container->conf,
                $container->history,
+                new FlockMutex(fopen(SHAARLI_MUTEX_FILE, 'r'), 2),
                $container->loginManager->isLoggedIn()
            );
        };
+        $container['metadataRetriever'] = function (ShaarliContainer $container): MetadataRetriever {
+            return new MetadataRetriever($container->conf, $container->httpAccess);
+        };
        $container['pageBuilder'] = function (ShaarliContainer $container): PageBuilder {
            return new PageBuilder(
                $container->conf,
                $container->sessionManager->getSession(),
+                $container->logger,
                $container->bookmarkService,
                $container->sessionManager->generateToken(),
                $container->loginManager->isLoggedIn()
@@ -73,7 +114,65 @@ class ContainerBuilder
        };
        $container['pluginManager'] = function (ShaarliContainer $container): PluginManager {
-            return new PluginManager($container->conf);
+            $pluginManager = new PluginManager($container->conf);
+            $pluginManager->load($container->conf->get('general.enabled_plugins'));
+            return $pluginManager;
+        };
+        $container['formatterFactory'] = function (ShaarliContainer $container): FormatterFactory {
+            return new FormatterFactory(
+                $container->conf,
+                $container->loginManager->isLoggedIn()
+            );
+        };
+        $container['pageCacheManager'] = function (ShaarliContainer $container): PageCacheManager {
+            return new PageCacheManager(
+                $container->conf->get('resource.page_cache'),
+                $container->loginManager->isLoggedIn()
+            );
+        };
+        $container['feedBuilder'] = function (ShaarliContainer $container): FeedBuilder {
+            return new FeedBuilder(
+                $container->bookmarkService,
+                $container->formatterFactory->getFormatter(),
+                $container->environment,
+                $container->loginManager->isLoggedIn()
+            );
+        };
+        $container['thumbnailer'] = function (ShaarliContainer $container): Thumbnailer {
+            return new Thumbnailer($container->conf);
+        };
+        $container['httpAccess'] = function (): HttpAccess {
+            return new HttpAccess();
+        };
+        $container['netscapeBookmarkUtils'] = function (ShaarliContainer $container): NetscapeBookmarkUtils {
+            return new NetscapeBookmarkUtils($container->bookmarkService, $container->conf, $container->history);
+        };
+        $container['updater'] = function (ShaarliContainer $container): Updater {
+            return new Updater(
+                UpdaterUtils::read_updates_file($container->conf->get('resource.updates')),
+                $container->bookmarkService,
+                $container->conf,
+                $container->loginManager->isLoggedIn()
+            );
+        };
+        $container['notFoundHandler'] = function (ShaarliContainer $container): ErrorNotFoundController {
+            return new ErrorNotFoundController($container);
+        };
+        $container['errorHandler'] = function (ShaarliContainer $container): ErrorController {
+            return new ErrorController($container);
+        };
+        $container['phpErrorHandler'] = function (ShaarliContainer $container): ErrorController {
+            return new ErrorController($container);
        };
        return $container;
diff --git a/application/container/ShaarliContainer.php b/application/container/ShaarliContainer.php
index 3fa9116e..3e5bd252 100644
--- a/application/container/ShaarliContainer.php
+++ b/application/container/ShaarliContainer.php
@@ -4,25 +4,50 @@ declare(strict_types=1);
 namespace Shaarli\Container;
+use Psr\Log\LoggerInterface;
 use Shaarli\Bookmark\BookmarkServiceInterface;
 use Shaarli\Config\ConfigManager;
+use Shaarli\Feed\FeedBuilder;
+use Shaarli\Formatter\FormatterFactory;
 use Shaarli\History;
+use Shaarli\Http\HttpAccess;
+use Shaarli\Http\MetadataRetriever;
+use Shaarli\Netscape\NetscapeBookmarkUtils;
 use Shaarli\Plugin\PluginManager;
 use Shaarli\Render\PageBuilder;
+use Shaarli\Render\PageCacheManager;
+use Shaarli\Security\CookieManager;
 use Shaarli\Security\LoginManager;
 use Shaarli\Security\SessionManager;
+use Shaarli\Thumbnailer;
+use Shaarli\Updater\Updater;
 use Slim\Container;
 /**
 * Extension of Slim container to document the injected objects.
 *
+ * @property string                   $basePath              Shaarli's instance base path (e.g. `/shaarli/`)
+ * @property BookmarkServiceInterface $bookmarkService
+ * @property CookieManager            $cookieManager
 * @property ConfigManager            $conf
- * @property SessionManager           $sessionManager
+ * @property mixed[]                  $environment           $_SERVER automatically injected by Slim
- * @property LoginManager             $loginManager
+ * @property callable                 $errorHandler          Overrides default Slim exception display
+ * @property FeedBuilder              $feedBuilder
+ * @property FormatterFactory         $formatterFactory
 * @property History                  $history
- * @property BookmarkServiceInterface $bookmarkService
+ * @property HttpAccess               $httpAccess
+ * @property LoginManager             $loginManager
+ * @property LoggerInterface          $logger
+ * @property MetadataRetriever        $metadataRetriever
+ * @property NetscapeBookmarkUtils    $netscapeBookmarkUtils
+ * @property callable                 $notFoundHandler       Overrides default Slim exception display
 * @property PageBuilder              $pageBuilder
+ * @property PageCacheManager         $pageCacheManager
+ * @property callable                 $phpErrorHandler       Overrides default Slim PHP error display
 * @property PluginManager            $pluginManager
+ * @property SessionManager           $sessionManager
+ * @property Thumbnailer              $thumbnailer
+ * @property Updater                  $updater
 */
 class ShaarliContainer extends Container
 {
diff --git a/application/feed/Cache.php b/application/feed/Cache.php
deleted file mode 100644
index e5d43e61..00000000
--- a/application/feed/Cache.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php
-/**
- * Cache utilities
- */
-/**
- * Purges all cached pages
- *
- * @param string $pageCacheDir page cache directory
- *
- * @return mixed an error string if the directory is missing
- */
-function purgeCachedPages($pageCacheDir)
-{
-    if (! is_dir($pageCacheDir)) {
-        $error = sprintf(t('Cannot purge %s: no directory'), $pageCacheDir);
-        error_log($error);
-        return $error;
-    }
-    array_map('unlink', glob($pageCacheDir.'/*.cache'));
-}
-/**
- * Invalidates caches when the database is changed or the user logs out.
- *
- * @param string $pageCacheDir page cache directory
- */
-function invalidateCaches($pageCacheDir)
-{
-    // Purge cache attached to session.
-    if (isset($_SESSION['tags'])) {
-        unset($_SESSION['tags']);
-    }
-    // Purge page cache shared by sessions.
-    purgeCachedPages($pageCacheDir);
-}
diff --git a/application/feed/FeedBuilder.php b/application/feed/FeedBuilder.php
index 40bd4f15..f70fce4f 100644
--- a/application/feed/FeedBuilder.php
+++ b/application/feed/FeedBuilder.php
@@ -43,22 +43,10 @@ class FeedBuilder
     */
    protected $formatter;
-    /**
+    /** @var mixed[] $_SERVER */
-     * @var string RSS or ATOM feed.
-     */
-    protected $feedType;
-    /**
-     * @var array $_SERVER
-     */
    protected $serverInfo;
    /**
-     * @var array $_GET
-     */
-    protected $userInput;
-    /**
     * @var boolean True if the user is currently logged in, false otherwise.
     */
    protected $isLoggedIn;
@@ -77,7 +65,6 @@ class FeedBuilder
     * @var string server locale.
     */
    protected $locale;
    /**
     * @var DateTime Latest item date.
     */
@@ -88,37 +75,36 @@ class FeedBuilder
     *
     * @param BookmarkServiceInterface $linkDB     LinkDB instance.
     * @param BookmarkFormatter        $formatter  instance.
-     * @param string                   $feedType   Type of feed.
     * @param array                    $serverInfo $_SERVER.
-     * @param array                    $userInput  $_GET.
     * @param boolean                  $isLoggedIn True if the user is currently logged in, false otherwise.
     */
-    public function __construct($linkDB, $formatter, $feedType, $serverInfo, $userInput, $isLoggedIn)
+    public function __construct($linkDB, $formatter, $serverInfo, $isLoggedIn)
    {
        $this->linkDB = $linkDB;
        $this->formatter = $formatter;
-        $this->feedType = $feedType;
        $this->serverInfo = $serverInfo;
-        $this->userInput = $userInput;
        $this->isLoggedIn = $isLoggedIn;
    }
    /**
     * Build data for feed templates.
     *
+     * @param string $feedType   Type of feed (RSS/ATOM).
+     * @param array  $userInput  $_GET.
+     *
     * @return array Formatted data for feeds templates.
     */
-    public function buildData()
+    public function buildData(string $feedType, ?array $userInput)
    {
        // Search for untagged bookmarks
-        if (isset($this->userInput['searchtags']) && empty($this->userInput['searchtags'])) {
+        if (isset($this->userInput['searchtags']) && empty($userInput['searchtags'])) {
-            $this->userInput['searchtags'] = false;
+            $userInput['searchtags'] = false;
        }
        // Optionally filter the results:
-        $linksToDisplay = $this->linkDB->search($this->userInput);
+        $linksToDisplay = $this->linkDB->search($userInput ?? [], null, false, false, true);
-        $nblinksToDisplay = $this->getNbLinks(count($linksToDisplay));
+        $nblinksToDisplay = $this->getNbLinks(count($linksToDisplay), $userInput);
        // Can't use array_keys() because $link is a LinkDB instance and not a real array.
        $keys = array();
@@ -130,15 +116,15 @@ class FeedBuilder
        $this->formatter->addContextData('index_url', $pageaddr);
        $linkDisplayed = array();
        for ($i = 0; $i < $nblinksToDisplay && $i < count($keys); $i++) {
-            $linkDisplayed[$keys[$i]] = $this->buildItem($linksToDisplay[$keys[$i]], $pageaddr);
+            $linkDisplayed[$keys[$i]] = $this->buildItem($feedType, $linksToDisplay[$keys[$i]], $pageaddr);
        }
-        $data['language'] = $this->getTypeLanguage();
+        $data['language'] = $this->getTypeLanguage($feedType);
-        $data['last_update'] = $this->getLatestDateFormatted();
+        $data['last_update'] = $this->getLatestDateFormatted($feedType);
        $data['show_dates'] = !$this->hideDates || $this->isLoggedIn;
-        // Remove leading slash from REQUEST_URI.
+        // Remove leading path from REQUEST_URI (already contained in $pageaddr).
-        $data['self_link'] = escape(server_url($this->serverInfo))
+        $requestUri = preg_replace('#(.*?/)(feed.*)#', '$2', escape($this->serverInfo['REQUEST_URI']));
-            . escape($this->serverInfo['REQUEST_URI']);
+        $data['self_link'] = $pageaddr . $requestUri;
        $data['index_url'] = $pageaddr;
        $data['usepermalinks'] = $this->usePermalinks === true;
        $data['links'] = $linkDisplayed;
@@ -147,17 +133,48 @@ class FeedBuilder
    }
    /**
+     * Set this to true to use permalinks instead of direct bookmarks.
+     *
+     * @param boolean $usePermalinks true to force permalinks.
+     */
+    public function setUsePermalinks($usePermalinks)
+    {
+        $this->usePermalinks = $usePermalinks;
+    }
+    /**
+     * Set this to true to hide timestamps in feeds.
+     *
+     * @param boolean $hideDates true to enable.
+     */
+    public function setHideDates($hideDates)
+    {
+        $this->hideDates = $hideDates;
+    }
+    /**
+     * Set the locale. Used to show feed language.
+     *
+     * @param string $locale The locale (eg. 'fr_FR.UTF8').
+     */
+    public function setLocale($locale)
+    {
+        $this->locale = strtolower($locale);
+    }
+    /**
     * Build a feed item (one per shaare).
     *
+     * @param string $feedType Type of feed (RSS/ATOM).
     * @param Bookmark $link     Single link array extracted from LinkDB.
     * @param string   $pageaddr Index URL.
     *
     * @return array Link array with feed attributes.
     */
-    protected function buildItem($link, $pageaddr)
+    protected function buildItem(string $feedType, $link, $pageaddr)
    {
        $data = $this->formatter->format($link);
-        $data['guid'] = $pageaddr . '?' . $data['shorturl'];
+        $data['guid'] = rtrim($pageaddr, '/') . '/shaare/' . $data['shorturl'];
        if ($this->usePermalinks === true) {
            $permalink = '<a href="'. $data['url'] .'" title="'. t('Direct link') .'">'. t('Direct link') .'</a>';
        } else {
@@ -165,13 +182,13 @@ class FeedBuilder
        }
        $data['description'] .= PHP_EOL . PHP_EOL . '<br>&#8212; ' . $permalink;
-        $data['pub_iso_date'] = $this->getIsoDate($data['created']);
+        $data['pub_iso_date'] = $this->getIsoDate($feedType, $data['created']);
        // atom:entry elements MUST contain exactly one atom:updated element.
        if (!empty($link->getUpdated())) {
-            $data['up_iso_date'] = $this->getIsoDate($data['updated'], DateTime::ATOM);
+            $data['up_iso_date'] = $this->getIsoDate($feedType, $data['updated'], DateTime::ATOM);
        } else {
-            $data['up_iso_date'] = $this->getIsoDate($data['created'], DateTime::ATOM);
+            $data['up_iso_date'] = $this->getIsoDate($feedType, $data['created'], DateTime::ATOM);
        }
        // Save the more recent item.
@@ -186,51 +203,23 @@ class FeedBuilder
    }
    /**
-     * Set this to true to use permalinks instead of direct bookmarks.
-     *
-     * @param boolean $usePermalinks true to force permalinks.
-     */
-    public function setUsePermalinks($usePermalinks)
-    {
-        $this->usePermalinks = $usePermalinks;
-    }
-    /**
-     * Set this to true to hide timestamps in feeds.
-     *
-     * @param boolean $hideDates true to enable.
-     */
-    public function setHideDates($hideDates)
-    {
-        $this->hideDates = $hideDates;
-    }
-    /**
-     * Set the locale. Used to show feed language.
-     *
-     * @param string $locale The locale (eg. 'fr_FR.UTF8').
-     */
-    public function setLocale($locale)
-    {
-        $this->locale = strtolower($locale);
-    }
-    /**
     * Get the language according to the feed type, based on the locale:
     *
     *   - RSS format: en-us (default: 'en-en').
     *   - ATOM format: fr (default: 'en').
     *
+     * @param string $feedType Type of feed (RSS/ATOM).
+     *
     * @return string The language.
     */
-    public function getTypeLanguage()
+    protected function getTypeLanguage(string $feedType)
    {
        // Use the locale do define the language, if available.
        if (!empty($this->locale) && preg_match('/^\w{2}[_\-]\w{2}/', $this->locale)) {
-            $length = ($this->feedType === self::$FEED_RSS) ? 5 : 2;
+            $length = ($feedType === self::$FEED_RSS) ? 5 : 2;
            return str_replace('_', '-', substr($this->locale, 0, $length));
        }
-        return ($this->feedType === self::$FEED_RSS) ? 'en-en' : 'en';
+        return ($feedType === self::$FEED_RSS) ? 'en-en' : 'en';
    }
    /**
@@ -238,32 +227,35 @@ class FeedBuilder
     *
     * Return an empty string if invalid DateTime is passed.
     *
+     * @param string $feedType Type of feed (RSS/ATOM).
+     *
     * @return string Formatted date.
     */
-    protected function getLatestDateFormatted()
+    protected function getLatestDateFormatted(string $feedType)
    {
        if (empty($this->latestDate) || !$this->latestDate instanceof DateTime) {
            return '';
        }
-        $type = ($this->feedType == self::$FEED_RSS) ? DateTime::RSS : DateTime::ATOM;
+        $type = ($feedType == self::$FEED_RSS) ? DateTime::RSS : DateTime::ATOM;
        return $this->latestDate->format($type);
    }
    /**
     * Get ISO date from DateTime according to feed type.
     *
+     * @param string      $feedType Type of feed (RSS/ATOM).
     * @param DateTime    $date   Date to format.
     * @param string|bool $format Force format.
     *
     * @return string Formatted date.
     */
-    protected function getIsoDate(DateTime $date, $format = false)
+    protected function getIsoDate(string $feedType, DateTime $date, $format = false)
    {
        if ($format !== false) {
            return $date->format($format);
        }
-        if ($this->feedType == self::$FEED_RSS) {
+        if ($feedType == self::$FEED_RSS) {
            return $date->format(DateTime::RSS);
        }
        return $date->format(DateTime::ATOM);
@@ -275,21 +267,22 @@ class FeedBuilder
     * If 'nb' not set or invalid, default value: $DEFAULT_NB_LINKS.
     * If 'nb' is set to 'all', display all filtered bookmarks (max parameter).
     *
-     * @param int $max maximum number of bookmarks to display.
+     * @param int   $max       maximum number of bookmarks to display.
+     * @param array $userInput $_GET.
     *
     * @return int number of bookmarks to display.
     */
-    public function getNbLinks($max)
+    protected function getNbLinks($max, ?array $userInput)
    {
-        if (empty($this->userInput['nb'])) {
+        if (empty($userInput['nb'])) {
            return self::$DEFAULT_NB_LINKS;
        }
-        if ($this->userInput['nb'] == 'all') {
+        if ($userInput['nb'] == 'all') {
            return $max;
        }
-        $intNb = intval($this->userInput['nb']);
+        $intNb = intval($userInput['nb']);
        if (!is_int($intNb) || $intNb == 0) {
            return self::$DEFAULT_NB_LINKS;
        }
diff --git a/application/formatter/BookmarkDefaultFormatter.php b/application/formatter/BookmarkDefaultFormatter.php
index c6c59064..d58a5e39 100644
--- a/application/formatter/BookmarkDefaultFormatter.php
+++ b/application/formatter/BookmarkDefaultFormatter.php
@@ -12,10 +12,13 @@ namespace Shaarli\Formatter;
 */
 class BookmarkDefaultFormatter extends BookmarkFormatter
 {
+    const SEARCH_HIGHLIGHT_OPEN = '|@@HIGHLIGHT';
+    const SEARCH_HIGHLIGHT_CLOSE = 'HIGHLIGHT@@|';
    /**
     * @inheritdoc
     */
-    public function formatTitle($bookmark)
+    protected function formatTitle($bookmark)
    {
        return escape($bookmark->getTitle());
    }
@@ -23,10 +26,28 @@ class BookmarkDefaultFormatter extends BookmarkFormatter
    /**
     * @inheritdoc
     */
-    public function formatDescription($bookmark)
+    protected function formatTitleHtml($bookmark)
+    {
+        $title = $this->tokenizeSearchHighlightField(
+            $bookmark->getTitle() ?? '',
+            $bookmark->getAdditionalContentEntry('search_highlight')['title'] ?? []
+        );
+        return $this->replaceTokens(escape($title));
+    }
+    /**
+     * @inheritdoc
+     */
+    protected function formatDescription($bookmark)
    {
        $indexUrl = ! empty($this->contextData['index_url']) ? $this->contextData['index_url'] : '';
-        return format_description(escape($bookmark->getDescription()), $indexUrl);
+        $description = $this->tokenizeSearchHighlightField(
+            $bookmark->getDescription() ?? '',
+            $bookmark->getAdditionalContentEntry('search_highlight')['description'] ?? []
+        );
+        return $this->replaceTokens(format_description(escape($description), $indexUrl));
    }
    /**
@@ -40,7 +61,27 @@ class BookmarkDefaultFormatter extends BookmarkFormatter
    /**
     * @inheritdoc
     */
-    public function formatTagString($bookmark)
+    protected function formatTagListHtml($bookmark)
+    {
+        if (empty($bookmark->getAdditionalContentEntry('search_highlight')['tags'])) {
+            return $this->formatTagList($bookmark);
+        }
+        $tags = $this->tokenizeSearchHighlightField(
+            $bookmark->getTagsString(),
+            $bookmark->getAdditionalContentEntry('search_highlight')['tags']
+        );
+        $tags = $this->filterTagList(explode(' ', $tags));
+        $tags = escape($tags);
+        $tags = $this->replaceTokensArray($tags);
+        return $tags;
+    }
+    /**
+     * @inheritdoc
+     */
+    protected function formatTagString($bookmark)
    {
        return implode(' ', $this->formatTagList($bookmark));
    }
@@ -48,13 +89,12 @@ class BookmarkDefaultFormatter extends BookmarkFormatter
    /**
     * @inheritdoc
     */
-    public function formatUrl($bookmark)
+    protected function formatUrl($bookmark)
    {
-        if (! empty($this->contextData['index_url']) && (
+        if ($bookmark->isNote() && isset($this->contextData['index_url'])) {
-            startsWith($bookmark->getUrl(), '?') || startsWith($bookmark->getUrl(), '/')
+            return rtrim($this->contextData['index_url'], '/') . '/' . escape(ltrim($bookmark->getUrl(), '/'));
-        )) {
-            return $this->contextData['index_url'] . escape($bookmark->getUrl());
        }
        return escape($bookmark->getUrl());
    }
@@ -63,19 +103,107 @@ class BookmarkDefaultFormatter extends BookmarkFormatter
     */
    protected function formatRealUrl($bookmark)
    {
-        if (! empty($this->contextData['index_url']) && (
+        if ($bookmark->isNote()) {
-                startsWith($bookmark->getUrl(), '?') || startsWith($bookmark->getUrl(), '/')
+            if (isset($this->contextData['index_url'])) {
-            )) {
+                $prefix = rtrim($this->contextData['index_url'], '/') . '/';
-            return $this->contextData['index_url'] . escape($bookmark->getUrl());
+            }
+            if (isset($this->contextData['base_path'])) {
+                $prefix = rtrim($this->contextData['base_path'], '/') . '/';
+            }
+            return escape($prefix ?? '') . escape(ltrim($bookmark->getUrl(), '/'));
        }
        return escape($bookmark->getUrl());
    }
    /**
     * @inheritdoc
     */
+    protected function formatUrlHtml($bookmark)
+    {
+        $url = $this->tokenizeSearchHighlightField(
+            $bookmark->getUrl() ?? '',
+            $bookmark->getAdditionalContentEntry('search_highlight')['url'] ?? []
+        );
+        return $this->replaceTokens(escape($url));
+    }
+    /**
+     * @inheritdoc
+     */
    protected function formatThumbnail($bookmark)
    {
        return escape($bookmark->getThumbnail());
    }
+    /**
+     * Insert search highlight token in provided field content based on a list of search result positions
+     *
+     * @param string     $fieldContent
+     * @param array|null $positions    List of of search results with 'start' and 'end' positions.
+     *
+     * @return string Updated $fieldContent.
+     */
+    protected function tokenizeSearchHighlightField(string $fieldContent, ?array $positions): string
+    {
+        if (empty($positions)) {
+            return $fieldContent;
+        }
+        $insertedTokens = 0;
+        $tokenLength = strlen(static::SEARCH_HIGHLIGHT_OPEN);
+        foreach ($positions as $position) {
+            $position = [
+                'start' => $position['start'] + ($insertedTokens * $tokenLength),
+                'end' => $position['end'] + ($insertedTokens * $tokenLength),
+            ];
+            $content = mb_substr($fieldContent, 0, $position['start']);
+            $content .= static::SEARCH_HIGHLIGHT_OPEN;
+            $content .= mb_substr($fieldContent, $position['start'], $position['end'] - $position['start']);
+            $content .= static::SEARCH_HIGHLIGHT_CLOSE;
+            $content .= mb_substr($fieldContent, $position['end']);
+            $fieldContent = $content;
+            $insertedTokens += 2;
+        }
+        return $fieldContent;
+    }
+    /**
+     * Replace search highlight tokens with HTML highlighted span.
+     *
+     * @param string $fieldContent
+     *
+     * @return string updated content.
+     */
+    protected function replaceTokens(string $fieldContent): string
+    {
+        return str_replace(
+            [static::SEARCH_HIGHLIGHT_OPEN, static::SEARCH_HIGHLIGHT_CLOSE],
+            ['<span class="search-highlight">', '</span>'],
+            $fieldContent
+        );
+    }
+    /**
+     * Apply replaceTokens to an array of content strings.
+     *
+     * @param string[] $fieldContents
+     *
+     * @return array
+     */
+    protected function replaceTokensArray(array $fieldContents): array
+    {
+        foreach ($fieldContents as &$entry) {
+            $entry = $this->replaceTokens($entry);
+        }
+        return $fieldContents;
+    }
 }
diff --git a/application/formatter/BookmarkFormatter.php b/application/formatter/BookmarkFormatter.php
index a80d83fc..e1b7f705 100644
--- a/application/formatter/BookmarkFormatter.php
+++ b/application/formatter/BookmarkFormatter.php
@@ -2,15 +2,38 @@
 namespace Shaarli\Formatter;
-use DateTime;
+use DateTimeInterface;
-use Shaarli\Config\ConfigManager;
 use Shaarli\Bookmark\Bookmark;
+use Shaarli\Config\ConfigManager;
 /**
 * Class BookmarkFormatter
 *
 * Abstract class processing all bookmark attributes through methods designed to be overridden.
 *
+ * List of available formatted fields:
+ *   - id                 ID
+ *   - shorturl           Unique identifier, used in permalinks
+ *   - url                URL, can be altered in some way, e.g. passing through an HTTP reverse proxy
+ *   - real_url           (legacy) same as `url`
+ *   - url_html           URL to be displayed in HTML content (it can contain HTML tags)
+ *   - title              Title
+ *   - title_html         Title to be displayed in HTML content (it can contain HTML tags)
+ *   - description        Description content. It most likely contains HTML tags
+ *   - thumbnail          Thumbnail: path to local cache file, false if there is none, null if hasn't been retrieved
+ *   - taglist            List of tags (array)
+ *   - taglist_urlencoded List of tags (array) URL encoded: it must be used to create a link to a URL containing a tag
+ *   - taglist_html       List of tags (array) to be displayed in HTML content (it can contain HTML tags)
+ *   - tags               Tags separated by a single whitespace
+ *   - tags_urlencoded    Tags separated by a single whitespace, URL encoded: must be used to create a link
+ *   - sticky             Is sticky (bool)
+ *   - private            Is private (bool)
+ *   - class              Additional CSS class
+ *   - created            Creation DateTime
+ *   - updated            Last edit DateTime
+ *   - timestamp          Creation timestamp
+ *   - updated_timestamp  Last edit timestamp
+ *
 * @package Shaarli\Formatter
 */
 abstract class BookmarkFormatter
@@ -55,11 +78,16 @@ abstract class BookmarkFormatter
        $out['shorturl'] = $this->formatShortUrl($bookmark);
        $out['url'] = $this->formatUrl($bookmark);
        $out['real_url'] = $this->formatRealUrl($bookmark);
+        $out['url_html'] = $this->formatUrlHtml($bookmark);
        $out['title'] = $this->formatTitle($bookmark);
+        $out['title_html'] = $this->formatTitleHtml($bookmark);
        $out['description'] = $this->formatDescription($bookmark);
        $out['thumbnail'] = $this->formatThumbnail($bookmark);
        $out['taglist'] = $this->formatTagList($bookmark);
+        $out['taglist_urlencoded'] = $this->formatTagListUrlEncoded($bookmark);
+        $out['taglist_html'] = $this->formatTagListHtml($bookmark);
        $out['tags'] = $this->formatTagString($bookmark);
+        $out['tags_urlencoded'] = $this->formatTagStringUrlEncoded($bookmark);
        $out['sticky'] = $bookmark->isSticky();
        $out['private'] = $bookmark->isPrivate();
        $out['class'] = $this->formatClass($bookmark);
@@ -67,6 +95,7 @@ abstract class BookmarkFormatter
        $out['updated'] = $this->formatUpdated($bookmark);
        $out['timestamp'] = $this->formatCreatedTimestamp($bookmark);
        $out['updated_timestamp'] = $this->formatUpdatedTimestamp($bookmark);
        return $out;
    }
@@ -80,6 +109,8 @@ abstract class BookmarkFormatter
    public function addContextData($key, $value)
    {
        $this->contextData[$key] = $value;
+        return $this;
    }
    /**
@@ -128,7 +159,19 @@ abstract class BookmarkFormatter
     */
    protected function formatRealUrl($bookmark)
    {
-        return $bookmark->getUrl();
+        return $this->formatUrl($bookmark);
+    }
+    /**
+     * Format Url Html: to be displayed in HTML content, it can contains HTML tags.
+     *
+     * @param Bookmark $bookmark instance
+     *
+     * @return string formatted Url HTML
+     */
+    protected function formatUrlHtml($bookmark)
+    {
+        return $this->formatUrl($bookmark);
    }
    /**
@@ -144,6 +187,18 @@ abstract class BookmarkFormatter
    }
    /**
+     * Format Title HTML: to be displayed in HTML content, it can contains HTML tags.
+     *
+     * @param Bookmark $bookmark instance
+     *
+     * @return string formatted Title
+     */
+    protected function formatTitleHtml($bookmark)
+    {
+        return $bookmark->getTitle();
+    }
+    /**
     * Format Description
     *
     * @param Bookmark $bookmark instance
@@ -180,6 +235,30 @@ abstract class BookmarkFormatter
    }
    /**
+     * Format Url Encoded Tags
+     *
+     * @param Bookmark $bookmark instance
+     *
+     * @return array formatted Tags
+     */
+    protected function formatTagListUrlEncoded($bookmark)
+    {
+        return array_map('urlencode', $this->filterTagList($bookmark->getTags()));
+    }
+    /**
+     * Format Tags HTML: to be displayed in HTML content, it can contains HTML tags.
+     *
+     * @param Bookmark $bookmark instance
+     *
+     * @return array formatted Tags
+     */
+    protected function formatTagListHtml($bookmark)
+    {
+        return $this->formatTagList($bookmark);
+    }
+    /**
     * Format TagString
     *
     * @param Bookmark $bookmark instance
@@ -192,6 +271,18 @@ abstract class BookmarkFormatter
    }
    /**
+     * Format TagString
+     *
+     * @param Bookmark $bookmark instance
+     *
+     * @return string formatted TagString
+     */
+    protected function formatTagStringUrlEncoded($bookmark)
+    {
+        return implode(' ', $this->formatTagListUrlEncoded($bookmark));
+    }
+    /**
     * Format Class
     * Used to add specific CSS class for a link
     *
@@ -209,7 +300,7 @@ abstract class BookmarkFormatter
     *
     * @param Bookmark $bookmark instance
     *
-     * @return DateTime instance
+     * @return DateTimeInterface instance
     */
    protected function formatCreated(Bookmark $bookmark)
    {
@@ -221,7 +312,7 @@ abstract class BookmarkFormatter
     *
     * @param Bookmark $bookmark instance
     *
-     * @return DateTime instance
+     * @return DateTimeInterface instance
     */
    protected function formatUpdated(Bookmark $bookmark)
    {
diff --git a/application/formatter/BookmarkMarkdownExtraFormatter.php b/application/formatter/BookmarkMarkdownExtraFormatter.php
new file mode 100644
index 00000000..0694b23f
--- /dev/null
+++ b/application/formatter/BookmarkMarkdownExtraFormatter.php
@@ -0,0 +1,24 @@
+<?php
+namespace Shaarli\Formatter;
+use Shaarli\Config\ConfigManager;
+/**
+ * Class BookmarkMarkdownExtraFormatter
+ *
+ * Format bookmark description into MarkdownExtra format.
+ *
+ * @see https://michelf.ca/projects/php-markdown/extra/
+ *
+ * @package Shaarli\Formatter
+ */
+class BookmarkMarkdownExtraFormatter extends BookmarkMarkdownFormatter
+{
+    public function __construct(ConfigManager $conf, bool $isLoggedIn)
+    {
+        parent::__construct($conf, $isLoggedIn);
+        $this->parsedown = new \ParsedownExtra();
+    }
+}
diff --git a/application/formatter/BookmarkMarkdownFormatter.php b/application/formatter/BookmarkMarkdownFormatter.php
index 077e5312..f7714be9 100644
--- a/application/formatter/BookmarkMarkdownFormatter.php
+++ b/application/formatter/BookmarkMarkdownFormatter.php
@@ -56,7 +56,10 @@ class BookmarkMarkdownFormatter extends BookmarkDefaultFormatter
            return parent::formatDescription($bookmark);
        }
-        $processedDescription = $bookmark->getDescription();
+        $processedDescription = $this->tokenizeSearchHighlightField(
+            $bookmark->getDescription() ?? '',
+            $bookmark->getAdditionalContentEntry('search_highlight')['description'] ?? []
+        );
        $processedDescription = $this->filterProtocols($processedDescription);
        $processedDescription = $this->formatHashTags($processedDescription);
        $processedDescription = $this->reverseEscapedHtml($processedDescription);
@@ -65,6 +68,7 @@ class BookmarkMarkdownFormatter extends BookmarkDefaultFormatter
            ->setBreaksEnabled(true)
            ->text($processedDescription);
        $processedDescription = $this->sanitizeHtml($processedDescription);
+        $processedDescription = $this->replaceTokens($processedDescription);
        if (!empty($processedDescription)) {
            $processedDescription = '<div class="markdown">'. $processedDescription . '</div>';
@@ -114,7 +118,7 @@ class BookmarkMarkdownFormatter extends BookmarkDefaultFormatter
    /**
     * Replace hashtag in Markdown links format
-     * E.g. `#hashtag` becomes `[#hashtag](?addtag=hashtag)`
+     * E.g. `#hashtag` becomes `[#hashtag](./add-tag/hashtag)`
     * It includes the index URL if specified.
     *
     * @param string $description
@@ -133,7 +137,7 @@ class BookmarkMarkdownFormatter extends BookmarkDefaultFormatter
         * \p{Mn} - any non marking space (accents, umlauts, etc)
         */
        $regex = '/(^|\s)#([\p{Pc}\p{N}\p{L}\p{Mn}]+)/mui';
-        $replacement = '$1[#$2]('. $indexUrl .'?addtag=$2)';
+        $replacement = '$1[#$2]('. $indexUrl .'./add-tag/$2)';
        $descriptionLines = explode(PHP_EOL, $description);
        $descriptionOut = '';
diff --git a/application/formatter/FormatterFactory.php b/application/formatter/FormatterFactory.php
index 5f282f68..a029579f 100644
--- a/application/formatter/FormatterFactory.php
+++ b/application/formatter/FormatterFactory.php
@@ -38,7 +38,7 @@ class FormatterFactory
     *
     * @return BookmarkFormatter instance.
     */
-    public function getFormatter(string $type = null)
+    public function getFormatter(string $type = null): BookmarkFormatter
    {
        $type = $type ? $type : $this->conf->get('formatter', 'default');
        $className = '\\Shaarli\\Formatter\\Bookmark'. ucfirst($type) .'Formatter';
diff --git a/application/front/ShaarliAdminMiddleware.php b/application/front/ShaarliAdminMiddleware.php
new file mode 100644
index 00000000..35ce4a3b
--- /dev/null
+++ b/application/front/ShaarliAdminMiddleware.php
@@ -0,0 +1,27 @@
+<?php
+namespace Shaarli\Front;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Middleware used for controller requiring to be authenticated.
+ * It extends ShaarliMiddleware, and just make sure that the user is authenticated.
+ * Otherwise, it redirects to the login page.
+ */
+class ShaarliAdminMiddleware extends ShaarliMiddleware
+{
+    public function __invoke(Request $request, Response $response, callable $next): Response
+    {
+        $this->initBasePath($request);
+        if (true !== $this->container->loginManager->isLoggedIn()) {
+            $returnUrl = urlencode($this->container->environment['REQUEST_URI']);
+            return $response->withRedirect($this->container->basePath . '/login?returnurl=' . $returnUrl);
+        }
+        return parent::__invoke($request, $response, $next);
+    }
+}
diff --git a/application/front/ShaarliMiddleware.php b/application/front/ShaarliMiddleware.php
index fa6c6467..d1aa1399 100644
--- a/application/front/ShaarliMiddleware.php
+++ b/application/front/ShaarliMiddleware.php
@@ -3,7 +3,7 @@
 namespace Shaarli\Front;
 use Shaarli\Container\ShaarliContainer;
-use Shaarli\Front\Exception\ShaarliException;
+use Shaarli\Front\Exception\UnauthorizedException;
 use Slim\Http\Request;
 use Slim\Http\Response;
@@ -24,6 +24,8 @@ class ShaarliMiddleware
    /**
     * Middleware execution:
+     *   - run updates
+     *   - if not logged in open shaarli, redirect to login
     *   - execute the controller
     *   - return the response
     *
@@ -35,23 +37,78 @@ class ShaarliMiddleware
     *
     * @return Response response.
     */
-    public function __invoke(Request $request, Response $response, callable $next)
+    public function __invoke(Request $request, Response $response, callable $next): Response
    {
+        $this->initBasePath($request);
        try {
-            $response = $next($request, $response);
+            if (!is_file($this->container->conf->getConfigFileExt())
-        } catch (ShaarliException $e) {
+                && !in_array($next->getName(), ['displayInstall', 'saveInstall'], true)
-            $this->container->pageBuilder->assign('message', $e->getMessage());
+            ) {
-            if ($this->container->conf->get('dev.debug', false)) {
+                return $response->withRedirect($this->container->basePath . '/install');
-                $this->container->pageBuilder->assign(
-                    'stacktrace',
-                    nl2br(get_class($this) .': '. $e->getTraceAsString())
-                );
            }
-            $response = $response->withStatus($e->getCode());
+            $this->runUpdates();
-            $response = $response->write($this->container->pageBuilder->render('error'));
+            $this->checkOpenShaarli($request, $response, $next);
+            return $next($request, $response);
+        } catch (UnauthorizedException $e) {
+            $returnUrl = urlencode($this->container->environment['REQUEST_URI']);
+            return $response->withRedirect($this->container->basePath . '/login?returnurl=' . $returnUrl);
+        }
+        // Other exceptions are handled by ErrorController
+    }
+    /**
+     * Run the updater for every requests processed while logged in.
+     */
+    protected function runUpdates(): void
+    {
+        if ($this->container->loginManager->isLoggedIn() !== true) {
+            return;
+        }
+        $this->container->updater->setBasePath($this->container->basePath);
+        $newUpdates = $this->container->updater->update();
+        if (!empty($newUpdates)) {
+            $this->container->updater->writeUpdates(
+                $this->container->conf->get('resource.updates'),
+                $this->container->updater->getDoneUpdates()
+            );
+            $this->container->pageCacheManager->invalidateCaches();
+        }
+    }
+    /**
+     * Access is denied to most pages with `hide_public_links` + `force_login` settings.
+     */
+    protected function checkOpenShaarli(Request $request, Response $response, callable $next): bool
+    {
+        if (// if the user isn't logged in
+            !$this->container->loginManager->isLoggedIn()
+            // and Shaarli doesn't have public content...
+            && $this->container->conf->get('privacy.hide_public_links')
+            // and is configured to enforce the login
+            && $this->container->conf->get('privacy.force_login')
+            // and the current page isn't already the login page
+            // and the user is not requesting a feed (which would lead to a different content-type as expected)
+            && !in_array($next->getName(), ['login', 'processLogin', 'atom', 'rss'], true)
+        ) {
+            throw new UnauthorizedException();
        }
-        return $response;
+        return true;
+    }
+    /**
+     * Initialize the URL base path if it hasn't been defined yet.
+     */
+    protected function initBasePath(Request $request): void
+    {
+        if (null === $this->container->basePath) {
+            $this->container->basePath = rtrim($request->getUri()->getBasePath(), '/');
+        }
    }
 }
diff --git a/application/front/controller/admin/ConfigureController.php b/application/front/controller/admin/ConfigureController.php
new file mode 100644
index 00000000..0ed7ad81
--- /dev/null
+++ b/application/front/controller/admin/ConfigureController.php
@@ -0,0 +1,126 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Admin;
+use Shaarli\Languages;
+use Shaarli\Render\TemplatePage;
+use Shaarli\Render\ThemeUtils;
+use Shaarli\Thumbnailer;
+use Slim\Http\Request;
+use Slim\Http\Response;
+use Throwable;
+/**
+ * Class ConfigureController
+ *
+ * Slim controller used to handle Shaarli configuration page (display + save new config).
+ */
+class ConfigureController extends ShaarliAdminController
+{
+    /**
+     * GET /admin/configure - Displays the configuration page
+     */
+    public function index(Request $request, Response $response): Response
+    {
+        $this->assignView('title', $this->container->conf->get('general.title', 'Shaarli'));
+        $this->assignView('theme', $this->container->conf->get('resource.theme'));
+        $this->assignView(
+            'theme_available',
+            ThemeUtils::getThemes($this->container->conf->get('resource.raintpl_tpl'))
+        );
+        $this->assignView('formatter_available', ['default', 'markdown', 'markdownExtra']);
+        list($continents, $cities) = generateTimeZoneData(
+            timezone_identifiers_list(),
+            $this->container->conf->get('general.timezone')
+        );
+        $this->assignView('continents', $continents);
+        $this->assignView('cities', $cities);
+        $this->assignView('retrieve_description', $this->container->conf->get('general.retrieve_description', false));
+        $this->assignView('private_links_default', $this->container->conf->get('privacy.default_private_links', false));
+        $this->assignView(
+            'session_protection_disabled',
+            $this->container->conf->get('security.session_protection_disabled', false)
+        );
+        $this->assignView('enable_rss_permalinks', $this->container->conf->get('feed.rss_permalinks', false));
+        $this->assignView('enable_update_check', $this->container->conf->get('updates.check_updates', true));
+        $this->assignView('hide_public_links', $this->container->conf->get('privacy.hide_public_links', false));
+        $this->assignView('api_enabled', $this->container->conf->get('api.enabled', true));
+        $this->assignView('api_secret', $this->container->conf->get('api.secret'));
+        $this->assignView('languages', Languages::getAvailableLanguages());
+        $this->assignView('gd_enabled', extension_loaded('gd'));
+        $this->assignView('thumbnails_mode', $this->container->conf->get('thumbnails.mode', Thumbnailer::MODE_NONE));
+        $this->assignView('pagetitle', t('Configure') .' - '. $this->container->conf->get('general.title', 'Shaarli'));
+        return $response->write($this->render(TemplatePage::CONFIGURE));
+    }
+    /**
+     * POST /admin/configure - Update Shaarli's configuration
+     */
+    public function save(Request $request, Response $response): Response
+    {
+        $this->checkToken($request);
+        $continent = $request->getParam('continent');
+        $city = $request->getParam('city');
+        $tz = 'UTC';
+        if (null !== $continent && null !== $city && isTimeZoneValid($continent, $city)) {
+            $tz = $continent . '/' . $city;
+        }
+        $this->container->conf->set('general.timezone', $tz);
+        $this->container->conf->set('general.title', escape($request->getParam('title')));
+        $this->container->conf->set('general.header_link', escape($request->getParam('titleLink')));
+        $this->container->conf->set('general.retrieve_description', !empty($request->getParam('retrieveDescription')));
+        $this->container->conf->set('resource.theme', escape($request->getParam('theme')));
+        $this->container->conf->set(
+            'security.session_protection_disabled',
+            !empty($request->getParam('disablesessionprotection'))
+        );
+        $this->container->conf->set(
+            'privacy.default_private_links',
+            !empty($request->getParam('privateLinkByDefault'))
+        );
+        $this->container->conf->set('feed.rss_permalinks', !empty($request->getParam('enableRssPermalinks')));
+        $this->container->conf->set('updates.check_updates', !empty($request->getParam('updateCheck')));
+        $this->container->conf->set('privacy.hide_public_links', !empty($request->getParam('hidePublicLinks')));
+        $this->container->conf->set('api.enabled', !empty($request->getParam('enableApi')));
+        $this->container->conf->set('api.secret', escape($request->getParam('apiSecret')));
+        $this->container->conf->set('formatter', escape($request->getParam('formatter')));
+        if (!empty($request->getParam('language'))) {
+            $this->container->conf->set('translation.language', escape($request->getParam('language')));
+        }
+        $thumbnailsMode = extension_loaded('gd') ? $request->getParam('enableThumbnails') : Thumbnailer::MODE_NONE;
+        if ($thumbnailsMode !== Thumbnailer::MODE_NONE
+            && $thumbnailsMode !== $this->container->conf->get('thumbnails.mode', Thumbnailer::MODE_NONE)
+        ) {
+            $this->saveWarningMessage(
+                t('You have enabled or changed thumbnails mode.') .
+                '<a href="'. $this->container->basePath .'/admin/thumbnails">' . t('Please synchronize them.') .'</a>'
+            );
+        }
+        $this->container->conf->set('thumbnails.mode', $thumbnailsMode);
+        try {
+            $this->container->conf->write($this->container->loginManager->isLoggedIn());
+            $this->container->history->updateSettings();
+            $this->container->pageCacheManager->invalidateCaches();
+        } catch (Throwable $e) {
+            $this->assignView('message', t('Error while writing config file after configuration update.'));
+            if ($this->container->conf->get('dev.debug', false)) {
+                $this->assignView('stacktrace', $e->getMessage() . PHP_EOL . $e->getTraceAsString());
+            }
+            return $response->write($this->render('error'));
+        }
+        $this->saveSuccessMessage(t('Configuration was saved.'));
+        return $this->redirect($response, '/admin/configure');
+    }
+}
diff --git a/application/front/controller/admin/ExportController.php b/application/front/controller/admin/ExportController.php
new file mode 100644
index 00000000..2be957fa
--- /dev/null
+++ b/application/front/controller/admin/ExportController.php
@@ -0,0 +1,80 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Admin;
+use DateTime;
+use Shaarli\Bookmark\Bookmark;
+use Shaarli\Render\TemplatePage;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Class ExportController
+ *
+ * Slim controller used to display Shaarli data export page,
+ * and process the bookmarks export as a Netscape Bookmarks file.
+ */
+class ExportController extends ShaarliAdminController
+{
+    /**
+     * GET /admin/export - Display export page
+     */
+    public function index(Request $request, Response $response): Response
+    {
+        $this->assignView('pagetitle', t('Export') .' - '. $this->container->conf->get('general.title', 'Shaarli'));
+        return $response->write($this->render(TemplatePage::EXPORT));
+    }
+    /**
+     * POST /admin/export - Process export, and serve download file named
+     *                      bookmarks_(all|private|public)_datetime.html
+     */
+    public function export(Request $request, Response $response): Response
+    {
+        $this->checkToken($request);
+        $selection = $request->getParam('selection');
+        if (empty($selection)) {
+            $this->saveErrorMessage(t('Please select an export mode.'));
+            return $this->redirect($response, '/admin/export');
+        }
+        $prependNoteUrl = filter_var($request->getParam('prepend_note_url') ?? false, FILTER_VALIDATE_BOOLEAN);
+        try {
+            $formatter = $this->container->formatterFactory->getFormatter('raw');
+            $this->assignView(
+                'links',
+                $this->container->netscapeBookmarkUtils->filterAndFormat(
+                    $formatter,
+                    $selection,
+                    $prependNoteUrl,
+                    index_url($this->container->environment)
+                )
+            );
+        } catch (\Exception $exc) {
+            $this->saveErrorMessage($exc->getMessage());
+            return $this->redirect($response, '/admin/export');
+        }
+        $now = new DateTime();
+        $response = $response->withHeader('Content-Type', 'text/html; charset=utf-8');
+        $response = $response->withHeader(
+            'Content-disposition',
+            'attachment; filename=bookmarks_'.$selection.'_'.$now->format(Bookmark::LINK_DATE_FORMAT).'.html'
+        );
+        $this->assignView('date', $now->format(DateTime::RFC822));
+        $this->assignView('eol', PHP_EOL);
+        $this->assignView('selection', $selection);
+        return $response->write($this->render(TemplatePage::NETSCAPE_EXPORT_BOOKMARKS));
+    }
+}
diff --git a/application/front/controller/admin/ImportController.php b/application/front/controller/admin/ImportController.php
new file mode 100644
index 00000000..758d5ef9
--- /dev/null
+++ b/application/front/controller/admin/ImportController.php
@@ -0,0 +1,82 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Admin;
+use Psr\Http\Message\UploadedFileInterface;
+use Shaarli\Render\TemplatePage;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Class ImportController
+ *
+ * Slim controller used to display Shaarli data import page,
+ * and import bookmarks from Netscape Bookmarks file.
+ */
+class ImportController extends ShaarliAdminController
+{
+    /**
+     * GET /admin/import - Display import page
+     */
+    public function index(Request $request, Response $response): Response
+    {
+        $this->assignView(
+            'maxfilesize',
+            get_max_upload_size(
+                ini_get('post_max_size'),
+                ini_get('upload_max_filesize'),
+                false
+            )
+        );
+        $this->assignView(
+            'maxfilesizeHuman',
+            get_max_upload_size(
+                ini_get('post_max_size'),
+                ini_get('upload_max_filesize'),
+                true
+            )
+        );
+        $this->assignView('pagetitle', t('Import') .' - '. $this->container->conf->get('general.title', 'Shaarli'));
+        return $response->write($this->render(TemplatePage::IMPORT));
+    }
+    /**
+     * POST /admin/import - Process import file provided and create bookmarks
+     */
+    public function import(Request $request, Response $response): Response
+    {
+        $this->checkToken($request);
+        $file = ($request->getUploadedFiles() ?? [])['filetoupload'] ?? null;
+        if (!$file instanceof UploadedFileInterface) {
+            $this->saveErrorMessage(t('No import file provided.'));
+            return $this->redirect($response, '/admin/import');
+        }
+        // Import bookmarks from an uploaded file
+        if (0 === $file->getSize()) {
+            // The file is too big or some form field may be missing.
+            $msg = sprintf(
+                t(
+                    'The file you are trying to upload is probably bigger than what this webserver can accept'
+                    .' (%s). Please upload in smaller chunks.'
+                ),
+                get_max_upload_size(ini_get('post_max_size'), ini_get('upload_max_filesize'))
+            );
+            $this->saveErrorMessage($msg);
+            return $this->redirect($response, '/admin/import');
+        }
+        $status = $this->container->netscapeBookmarkUtils->import($request->getParams(), $file);
+        $this->saveSuccessMessage($status);
+        return $this->redirect($response, '/admin/import');
+    }
+}
diff --git a/application/front/controller/admin/LogoutController.php b/application/front/controller/admin/LogoutController.php
new file mode 100644
index 00000000..28165129
--- /dev/null
+++ b/application/front/controller/admin/LogoutController.php
@@ -0,0 +1,33 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Admin;
+use Shaarli\Security\CookieManager;
+use Shaarli\Security\LoginManager;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Class LogoutController
+ *
+ * Slim controller used to logout the user.
+ * It invalidates page cache and terminate the user session. Then it redirects to the homepage.
+ */
+class LogoutController extends ShaarliAdminController
+{
+    public function index(Request $request, Response $response): Response
+    {
+        $this->container->pageCacheManager->invalidateCaches();
+        $this->container->sessionManager->logout();
+        $this->container->cookieManager->setCookieParameter(
+            CookieManager::STAY_SIGNED_IN,
+            'false',
+            0,
+            $this->container->basePath . '/'
+        );
+        return $this->redirect($response, '/');
+    }
+}
diff --git a/application/front/controller/admin/ManageTagController.php b/application/front/controller/admin/ManageTagController.php
new file mode 100644
index 00000000..2065c3e2
--- /dev/null
+++ b/application/front/controller/admin/ManageTagController.php
@@ -0,0 +1,88 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Admin;
+use Shaarli\Bookmark\BookmarkFilter;
+use Shaarli\Render\TemplatePage;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Class ManageTagController
+ *
+ * Slim controller used to handle Shaarli manage tags page (rename and delete tags).
+ */
+class ManageTagController extends ShaarliAdminController
+{
+    /**
+     * GET /admin/tags - Displays the manage tags page
+     */
+    public function index(Request $request, Response $response): Response
+    {
+        $fromTag = $request->getParam('fromtag') ?? '';
+        $this->assignView('fromtag', escape($fromTag));
+        $this->assignView(
+            'pagetitle',
+            t('Manage tags') .' - '. $this->container->conf->get('general.title', 'Shaarli')
+        );
+        return $response->write($this->render(TemplatePage::CHANGE_TAG));
+    }
+    /**
+     * POST /admin/tags - Update or delete provided tag
+     */
+    public function save(Request $request, Response $response): Response
+    {
+        $this->checkToken($request);
+        $isDelete = null !== $request->getParam('deletetag') && null === $request->getParam('renametag');
+        $fromTag = trim($request->getParam('fromtag') ?? '');
+        $toTag = trim($request->getParam('totag') ?? '');
+        if (0 === strlen($fromTag) || false === $isDelete && 0 === strlen($toTag)) {
+            $this->saveWarningMessage(t('Invalid tags provided.'));
+            return $this->redirect($response, '/admin/tags');
+        }
+        // TODO: move this to bookmark service
+        $count = 0;
+        $bookmarks = $this->container->bookmarkService->search(['searchtags' => $fromTag], BookmarkFilter::$ALL, true);
+        foreach ($bookmarks as $bookmark) {
+            if (false === $isDelete) {
+                $bookmark->renameTag($fromTag, $toTag);
+            } else {
+                $bookmark->deleteTag($fromTag);
+            }
+            $this->container->bookmarkService->set($bookmark, false);
+            $this->container->history->updateLink($bookmark);
+            $count++;
+        }
+        $this->container->bookmarkService->save();
+        if (true === $isDelete) {
+            $alert = sprintf(
+                t('The tag was removed from %d bookmark.', 'The tag was removed from %d bookmarks.', $count),
+                $count
+            );
+        } else {
+            $alert = sprintf(
+                t('The tag was renamed in %d bookmark.', 'The tag was renamed in %d bookmarks.', $count),
+                $count
+            );
+        }
+        $this->saveSuccessMessage($alert);
+        $redirect = true === $isDelete ? '/admin/tags' : '/?searchtags='. urlencode($toTag);
+        return $this->redirect($response, $redirect);
+    }
+}
diff --git a/application/front/controller/admin/MetadataController.php b/application/front/controller/admin/MetadataController.php
new file mode 100644
index 00000000..ff845944
--- /dev/null
+++ b/application/front/controller/admin/MetadataController.php
@@ -0,0 +1,29 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Admin;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Controller used to retrieve/update bookmark's metadata.
+ */
+class MetadataController extends ShaarliAdminController
+{
+    /**
+     * GET /admin/metadata/{url} - Attempt to retrieve the bookmark title from provided URL.
+     */
+    public function ajaxRetrieveTitle(Request $request, Response $response): Response
+    {
+        $url = $request->getParam('url');
+        // Only try to extract metadata from URL with HTTP(s) scheme
+        if (!empty($url) && strpos(get_url_scheme($url) ?: '', 'http') !== false) {
+            return $response->withJson($this->container->metadataRetriever->retrieve($url));
+        }
+        return $response->withJson([]);
+    }
+}
diff --git a/application/front/controller/admin/PasswordController.php b/application/front/controller/admin/PasswordController.php
new file mode 100644
index 00000000..5ec0d24b
--- /dev/null
+++ b/application/front/controller/admin/PasswordController.php
@@ -0,0 +1,101 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Admin;
+use Shaarli\Container\ShaarliContainer;
+use Shaarli\Front\Exception\OpenShaarliPasswordException;
+use Shaarli\Front\Exception\ShaarliFrontException;
+use Shaarli\Render\TemplatePage;
+use Slim\Http\Request;
+use Slim\Http\Response;
+use Throwable;
+/**
+ * Class PasswordController
+ *
+ * Slim controller used to handle passwords update.
+ */
+class PasswordController extends ShaarliAdminController
+{
+    public function __construct(ShaarliContainer $container)
+    {
+        parent::__construct($container);
+        $this->assignView(
+            'pagetitle',
+            t('Change password') .' - '. $this->container->conf->get('general.title', 'Shaarli')
+        );
+    }
+    /**
+     * GET /admin/password - Displays the change password template
+     */
+    public function index(Request $request, Response $response): Response
+    {
+        return $response->write($this->render(TemplatePage::CHANGE_PASSWORD));
+    }
+    /**
+     * POST /admin/password - Change admin password - existing and new passwords need to be provided.
+     */
+    public function change(Request $request, Response $response): Response
+    {
+        $this->checkToken($request);
+        if ($this->container->conf->get('security.open_shaarli', false)) {
+            throw new OpenShaarliPasswordException();
+        }
+        $oldPassword = $request->getParam('oldpassword');
+        $newPassword = $request->getParam('setpassword');
+        if (empty($newPassword) || empty($oldPassword)) {
+            $this->saveErrorMessage(t('You must provide the current and new password to change it.'));
+            return $response
+                ->withStatus(400)
+                ->write($this->render(TemplatePage::CHANGE_PASSWORD))
+            ;
+        }
+        // Make sure old password is correct.
+        $oldHash = sha1(
+            $oldPassword .
+            $this->container->conf->get('credentials.login') .
+            $this->container->conf->get('credentials.salt')
+        );
+        if ($oldHash !== $this->container->conf->get('credentials.hash')) {
+            $this->saveErrorMessage(t('The old password is not correct.'));
+            return $response
+                ->withStatus(400)
+                ->write($this->render(TemplatePage::CHANGE_PASSWORD))
+            ;
+        }
+        // Save new password
+        // Salt renders rainbow-tables attacks useless.
+        $this->container->conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand()));
+        $this->container->conf->set(
+            'credentials.hash',
+            sha1(
+                $newPassword
+                . $this->container->conf->get('credentials.login')
+                . $this->container->conf->get('credentials.salt')
+            )
+        );
+        try {
+            $this->container->conf->write($this->container->loginManager->isLoggedIn());
+        } catch (Throwable $e) {
+            throw new ShaarliFrontException($e->getMessage(), 500, $e);
+        }
+        $this->saveSuccessMessage(t('Your password has been changed'));
+        return $response->write($this->render(TemplatePage::CHANGE_PASSWORD));
+    }
+}
diff --git a/application/front/controller/admin/PluginsController.php b/application/front/controller/admin/PluginsController.php
new file mode 100644
index 00000000..8e059681
--- /dev/null
+++ b/application/front/controller/admin/PluginsController.php
@@ -0,0 +1,85 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Admin;
+use Exception;
+use Shaarli\Render\TemplatePage;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Class PluginsController
+ *
+ * Slim controller used to handle Shaarli plugins configuration page (display + save new config).
+ */
+class PluginsController extends ShaarliAdminController
+{
+    /**
+     * GET /admin/plugins - Displays the configuration page
+     */
+    public function index(Request $request, Response $response): Response
+    {
+        $pluginMeta = $this->container->pluginManager->getPluginsMeta();
+        // Split plugins into 2 arrays: ordered enabled plugins and disabled.
+        $enabledPlugins = array_filter($pluginMeta, function ($v) {
+            return ($v['order'] ?? false) !== false;
+        });
+        $enabledPlugins = load_plugin_parameter_values($enabledPlugins, $this->container->conf->get('plugins', []));
+        uasort(
+            $enabledPlugins,
+            function ($a, $b) {
+                return $a['order'] - $b['order'];
+            }
+        );
+        $disabledPlugins = array_filter($pluginMeta, function ($v) {
+            return ($v['order'] ?? false) === false;
+        });
+        $this->assignView('enabledPlugins', $enabledPlugins);
+        $this->assignView('disabledPlugins', $disabledPlugins);
+        $this->assignView(
+            'pagetitle',
+            t('Plugin Administration') .' - '. $this->container->conf->get('general.title', 'Shaarli')
+        );
+        return $response->write($this->render(TemplatePage::PLUGINS_ADMIN));
+    }
+    /**
+     * POST /admin/plugins - Update Shaarli's configuration
+     */
+    public function save(Request $request, Response $response): Response
+    {
+        $this->checkToken($request);
+        try {
+            $parameters = $request->getParams() ?? [];
+            $this->executePageHooks('save_plugin_parameters', $parameters);
+            if (isset($parameters['parameters_form'])) {
+                unset($parameters['parameters_form']);
+                unset($parameters['token']);
+                foreach ($parameters as $param => $value) {
+                    $this->container->conf->set('plugins.'. $param, escape($value));
+                }
+            } else {
+                $this->container->conf->set('general.enabled_plugins', save_plugin_config($parameters));
+            }
+            $this->container->conf->write($this->container->loginManager->isLoggedIn());
+            $this->container->history->updateSettings();
+            $this->saveSuccessMessage(t('Setting successfully saved.'));
+        } catch (Exception $e) {
+            $this->saveErrorMessage(
+                t('Error while saving plugin configuration: ') . PHP_EOL . $e->getMessage()
+            );
+        }
+        return $this->redirect($response, '/admin/plugins');
+    }
+}
diff --git a/application/front/controller/admin/ServerController.php b/application/front/controller/admin/ServerController.php
new file mode 100644
index 00000000..bfc99422
--- /dev/null
+++ b/application/front/controller/admin/ServerController.php
@@ -0,0 +1,87 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Admin;
+use Shaarli\Helper\ApplicationUtils;
+use Shaarli\Helper\FileUtils;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Slim controller used to handle Server administration page, and actions.
+ */
+class ServerController extends ShaarliAdminController
+{
+    /** @var string Cache type - main - by default pagecache/ and tmp/ */
+    protected const CACHE_MAIN = 'main';
+    /** @var string Cache type - thumbnails - by default cache/ */
+    protected const CACHE_THUMB = 'thumbnails';
+    /**
+     * GET /admin/server - Display page Server administration
+     */
+    public function index(Request $request, Response $response): Response
+    {
+        $latestVersion = 'v' . ApplicationUtils::getVersion(
+            ApplicationUtils::$GIT_RAW_URL . '/latest/' . ApplicationUtils::$VERSION_FILE
+        );
+        $currentVersion = ApplicationUtils::getVersion('./shaarli_version.php');
+        $currentVersion = $currentVersion === 'dev' ? $currentVersion : 'v' . $currentVersion;
+        $phpEol = new \DateTimeImmutable(ApplicationUtils::getPhpEol(PHP_VERSION));
+        $this->assignView('php_version', PHP_VERSION);
+        $this->assignView('php_eol', format_date($phpEol, false));
+        $this->assignView('php_has_reached_eol', $phpEol < new \DateTimeImmutable());
+        $this->assignView('php_extensions', ApplicationUtils::getPhpExtensionsRequirement());
+        $this->assignView('permissions', ApplicationUtils::checkResourcePermissions($this->container->conf));
+        $this->assignView('release_url', ApplicationUtils::$GITHUB_URL . '/releases/tag/' . $latestVersion);
+        $this->assignView('latest_version', $latestVersion);
+        $this->assignView('current_version', $currentVersion);
+        $this->assignView('thumbnails_mode', $this->container->conf->get('thumbnails.mode'));
+        $this->assignView('index_url', index_url($this->container->environment));
+        $this->assignView('client_ip', client_ip_id($this->container->environment));
+        $this->assignView('trusted_proxies', $this->container->conf->get('security.trusted_proxies', []));
+        $this->assignView(
+            'pagetitle',
+            t('Server administration') . ' - ' . $this->container->conf->get('general.title', 'Shaarli')
+        );
+        return $response->write($this->render('server'));
+    }
+    /**
+     * GET /admin/clear-cache?type={$type} - Action to trigger cache folder clearing (either main or thumbnails).
+     */
+    public function clearCache(Request $request, Response $response): Response
+    {
+        $exclude = ['.htaccess'];
+        if ($request->getQueryParam('type') === static::CACHE_THUMB) {
+            $folders = [$this->container->conf->get('resource.thumbnails_cache')];
+            $this->saveWarningMessage(
+                t('Thumbnails cache has been cleared.') . ' ' .
+                '<a href="'. $this->container->basePath .'/admin/thumbnails">' . t('Please synchronize them.') .'</a>'
+            );
+        } else {
+            $folders = [
+                $this->container->conf->get('resource.page_cache'),
+                $this->container->conf->get('resource.raintpl_tmp'),
+            ];
+            $this->saveSuccessMessage(t('Shaarli\'s cache folder has been cleared!'));
+        }
+        // Make sure that we don't delete root cache folder
+        $folders = array_map('realpath', array_values(array_filter(array_map('trim', $folders))));
+        foreach ($folders as $folder) {
+            FileUtils::clearFolder($folder, false, $exclude);
+        }
+        return $this->redirect($response, '/admin/server');
+    }
+}
diff --git a/application/front/controller/admin/SessionFilterController.php b/application/front/controller/admin/SessionFilterController.php
new file mode 100644
index 00000000..d9a7a2e0
--- /dev/null
+++ b/application/front/controller/admin/SessionFilterController.php
@@ -0,0 +1,50 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Admin;
+use Shaarli\Bookmark\BookmarkFilter;
+use Shaarli\Security\SessionManager;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Class SessionFilterController
+ *
+ * Slim controller used to handle filters stored in the user session, such as visibility, etc.
+ */
+class SessionFilterController extends ShaarliAdminController
+{
+    /**
+     * GET /admin/visibility: allows to display only public or only private bookmarks in linklist
+     */
+    public function visibility(Request $request, Response $response, array $args): Response
+    {
+        if (false === $this->container->loginManager->isLoggedIn()) {
+            return $this->redirectFromReferer($request, $response, ['visibility']);
+        }
+        $newVisibility = $args['visibility'] ?? null;
+        if (false === in_array($newVisibility, [BookmarkFilter::$PRIVATE, BookmarkFilter::$PUBLIC], true)) {
+            $newVisibility = null;
+        }
+        $currentVisibility = $this->container->sessionManager->getSessionParameter(SessionManager::KEY_VISIBILITY);
+        // Visibility not set or not already expected value, set expected value, otherwise reset it
+        if ($newVisibility !== null && (null === $currentVisibility || $currentVisibility !== $newVisibility)) {
+            // See only public bookmarks
+            $this->container->sessionManager->setSessionParameter(
+                SessionManager::KEY_VISIBILITY,
+                $newVisibility
+            );
+        } else {
+            $this->container->sessionManager->deleteSessionParameter(SessionManager::KEY_VISIBILITY);
+        }
+        return $this->redirectFromReferer($request, $response, ['visibility']);
+    }
+}
diff --git a/application/front/controller/admin/ShaareAddController.php b/application/front/controller/admin/ShaareAddController.php
new file mode 100644
index 00000000..8dc386b2
--- /dev/null
+++ b/application/front/controller/admin/ShaareAddController.php
@@ -0,0 +1,34 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Admin;
+use Shaarli\Formatter\BookmarkMarkdownFormatter;
+use Shaarli\Render\TemplatePage;
+use Slim\Http\Request;
+use Slim\Http\Response;
+class ShaareAddController extends ShaarliAdminController
+{
+    /**
+     * GET /admin/add-shaare - Displays the form used to create a new bookmark from an URL
+     */
+    public function addShaare(Request $request, Response $response): Response
+    {
+        $tags = $this->container->bookmarkService->bookmarksCountPerTag();
+        if ($this->container->conf->get('formatter') === 'markdown') {
+            $tags[BookmarkMarkdownFormatter::NO_MD_TAG] = 1;
+        }
+        $this->assignView(
+            'pagetitle',
+            t('Shaare a new link') .' - '. $this->container->conf->get('general.title', 'Shaarli')
+        );
+        $this->assignView('tags', $tags);
+        $this->assignView('default_private_links', $this->container->conf->get('privacy.default_private_links', false));
+        $this->assignView('async_metadata', $this->container->conf->get('general.enable_async_metadata', true));
+        return $response->write($this->render(TemplatePage::ADDLINK));
+    }
+}
diff --git a/application/front/controller/admin/ShaareManageController.php b/application/front/controller/admin/ShaareManageController.php
new file mode 100644
index 00000000..7ceb8d8a
--- /dev/null
+++ b/application/front/controller/admin/ShaareManageController.php
@@ -0,0 +1,202 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Admin;
+use Shaarli\Bookmark\Exception\BookmarkNotFoundException;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Class PostBookmarkController
+ *
+ * Slim controller used to handle Shaarli create or edit bookmarks.
+ */
+class ShaareManageController extends ShaarliAdminController
+{
+    /**
+     * GET /admin/shaare/delete - Delete one or multiple bookmarks (depending on `id` query parameter).
+     */
+    public function deleteBookmark(Request $request, Response $response): Response
+    {
+        $this->checkToken($request);
+        $ids = escape(trim($request->getParam('id') ?? ''));
+        if (empty($ids) || strpos($ids, ' ') !== false) {
+            // multiple, space-separated ids provided
+            $ids = array_values(array_filter(preg_split('/\s+/', $ids), 'ctype_digit'));
+        } else {
+            $ids = [$ids];
+        }
+        // assert at least one id is given
+        if (0 === count($ids)) {
+            $this->saveErrorMessage(t('Invalid bookmark ID provided.'));
+            return $this->redirectFromReferer($request, $response, [], ['delete-shaare']);
+        }
+        $formatter = $this->container->formatterFactory->getFormatter('raw');
+        $count = 0;
+        foreach ($ids as $id) {
+            try {
+                $bookmark = $this->container->bookmarkService->get((int) $id);
+            } catch (BookmarkNotFoundException $e) {
+                $this->saveErrorMessage(sprintf(
+                    t('Bookmark with identifier %s could not be found.'),
+                    $id
+                ));
+                continue;
+            }
+            $data = $formatter->format($bookmark);
+            $this->executePageHooks('delete_link', $data);
+            $this->container->bookmarkService->remove($bookmark, false);
+            ++ $count;
+        }
+        if ($count > 0) {
+            $this->container->bookmarkService->save();
+        }
+        // If we are called from the bookmarklet, we must close the popup:
+        if ($request->getParam('source') === 'bookmarklet') {
+            return $response->write('<script>self.close();</script>');
+        }
+        // Don't redirect to where we were previously because the datastore has changed.
+        return $this->redirect($response, '/');
+    }
+    /**
+     * GET /admin/shaare/visibility
+     *
+     * Change visibility (public/private) of one or multiple bookmarks (depending on `id` query parameter).
+     */
+    public function changeVisibility(Request $request, Response $response): Response
+    {
+        $this->checkToken($request);
+        $ids = trim(escape($request->getParam('id') ?? ''));
+        if (empty($ids) || strpos($ids, ' ') !== false) {
+            // multiple, space-separated ids provided
+            $ids = array_values(array_filter(preg_split('/\s+/', $ids), 'ctype_digit'));
+        } else {
+            // only a single id provided
+            $ids = [$ids];
+        }
+        // assert at least one id is given
+        if (0 === count($ids)) {
+            $this->saveErrorMessage(t('Invalid bookmark ID provided.'));
+            return $this->redirectFromReferer($request, $response, [], ['change_visibility']);
+        }
+        // assert that the visibility is valid
+        $visibility = $request->getParam('newVisibility');
+        if (null === $visibility || false === in_array($visibility, ['public', 'private'], true)) {
+            $this->saveErrorMessage(t('Invalid visibility provided.'));
+            return $this->redirectFromReferer($request, $response, [], ['change_visibility']);
+        } else {
+            $isPrivate = $visibility === 'private';
+        }
+        $formatter = $this->container->formatterFactory->getFormatter('raw');
+        $count = 0;
+        foreach ($ids as $id) {
+            try {
+                $bookmark = $this->container->bookmarkService->get((int) $id);
+            } catch (BookmarkNotFoundException $e) {
+                $this->saveErrorMessage(sprintf(
+                    t('Bookmark with identifier %s could not be found.'),
+                    $id
+                ));
+                continue;
+            }
+            $bookmark->setPrivate($isPrivate);
+            // To preserve backward compatibility with 3rd parties, plugins still use arrays
+            $data = $formatter->format($bookmark);
+            $this->executePageHooks('save_link', $data);
+            $bookmark->fromArray($data);
+            $this->container->bookmarkService->set($bookmark, false);
+            ++$count;
+        }
+        if ($count > 0) {
+            $this->container->bookmarkService->save();
+        }
+        return $this->redirectFromReferer($request, $response, ['/visibility'], ['change_visibility']);
+    }
+    /**
+     * GET /admin/shaare/{id}/pin - Pin or unpin a bookmark.
+     */
+    public function pinBookmark(Request $request, Response $response, array $args): Response
+    {
+        $this->checkToken($request);
+        $id = $args['id'] ?? '';
+        try {
+            if (false === ctype_digit($id)) {
+                throw new BookmarkNotFoundException();
+            }
+            $bookmark = $this->container->bookmarkService->get((int) $id);  // Read database
+        } catch (BookmarkNotFoundException $e) {
+            $this->saveErrorMessage(sprintf(
+                t('Bookmark with identifier %s could not be found.'),
+                $id
+            ));
+            return $this->redirectFromReferer($request, $response, ['/pin'], ['pin']);
+        }
+        $formatter = $this->container->formatterFactory->getFormatter('raw');
+        $bookmark->setSticky(!$bookmark->isSticky());
+        // To preserve backward compatibility with 3rd parties, plugins still use arrays
+        $data = $formatter->format($bookmark);
+        $this->executePageHooks('save_link', $data);
+        $bookmark->fromArray($data);
+        $this->container->bookmarkService->set($bookmark);
+        return $this->redirectFromReferer($request, $response, ['/pin'], ['pin']);
+    }
+    /**
+     * GET /admin/shaare/private/{hash} - Attach a private key to given bookmark, then redirect to the sharing URL.
+     */
+    public function sharePrivate(Request $request, Response $response, array $args): Response
+    {
+        $this->checkToken($request);
+        $hash = $args['hash'] ?? '';
+        $bookmark = $this->container->bookmarkService->findByHash($hash);
+        if ($bookmark->isPrivate() !== true) {
+            return $this->redirect($response, '/shaare/' . $hash);
+        }
+        if (empty($bookmark->getAdditionalContentEntry('private_key'))) {
+            $privateKey = bin2hex(random_bytes(16));
+            $bookmark->addAdditionalContentEntry('private_key', $privateKey);
+            $this->container->bookmarkService->set($bookmark);
+        }
+        return $this->redirect(
+            $response,
+            '/shaare/' . $hash . '?key=' . $bookmark->getAdditionalContentEntry('private_key')
+        );
+    }
+}
diff --git a/application/front/controller/admin/ShaarePublishController.php b/application/front/controller/admin/ShaarePublishController.php
new file mode 100644
index 00000000..18afc2d1
--- /dev/null
+++ b/application/front/controller/admin/ShaarePublishController.php
@@ -0,0 +1,263 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Admin;
+use Shaarli\Bookmark\Bookmark;
+use Shaarli\Bookmark\Exception\BookmarkNotFoundException;
+use Shaarli\Formatter\BookmarkFormatter;
+use Shaarli\Formatter\BookmarkMarkdownFormatter;
+use Shaarli\Render\TemplatePage;
+use Shaarli\Thumbnailer;
+use Slim\Http\Request;
+use Slim\Http\Response;
+class ShaarePublishController extends ShaarliAdminController
+{
+    /**
+     * @var BookmarkFormatter[] Statically cached instances of formatters
+     */
+    protected $formatters = [];
+    /**
+     * @var array Statically cached bookmark's tags counts
+     */
+    protected $tags;
+    /**
+     * GET /admin/shaare - Displays the bookmark form for creation.
+     *                     Note that if the URL is found in existing bookmarks, then it will be in edit mode.
+     */
+    public function displayCreateForm(Request $request, Response $response): Response
+    {
+        $url = cleanup_url($request->getParam('post'));
+        $link = $this->buildLinkDataFromUrl($request, $url);
+        return $this->displayForm($link, $link['linkIsNew'], $request, $response);
+    }
+    /**
+     * POST /admin/shaare-batch - Displays multiple creation/edit forms from bulk add in add-link page.
+     */
+    public function displayCreateBatchForms(Request $request, Response $response): Response
+    {
+        $urls = array_map('cleanup_url', explode(PHP_EOL, $request->getParam('urls')));
+        $links = [];
+        foreach ($urls as $url) {
+            if (empty($url)) {
+                continue;
+            }
+            $link = $this->buildLinkDataFromUrl($request, $url);
+            $data = $this->buildFormData($link, $link['linkIsNew'], $request);
+            $data['token'] = $this->container->sessionManager->generateToken();
+            $data['source'] = 'batch';
+            $this->executePageHooks('render_editlink', $data, TemplatePage::EDIT_LINK);
+            $links[] = $data;
+        }
+        $this->assignView('links', $links);
+        $this->assignView('batch_mode', true);
+        $this->assignView('async_metadata', $this->container->conf->get('general.enable_async_metadata', true));
+        return $response->write($this->render(TemplatePage::EDIT_LINK_BATCH));
+    }
+    /**
+     * GET /admin/shaare/{id} - Displays the bookmark form in edition mode.
+     */
+    public function displayEditForm(Request $request, Response $response, array $args): Response
+    {
+        $id = $args['id'] ?? '';
+        try {
+            if (false === ctype_digit($id)) {
+                throw new BookmarkNotFoundException();
+            }
+            $bookmark = $this->container->bookmarkService->get((int) $id);  // Read database
+        } catch (BookmarkNotFoundException $e) {
+            $this->saveErrorMessage(sprintf(
+                t('Bookmark with identifier %s could not be found.'),
+                $id
+            ));
+            return $this->redirect($response, '/');
+        }
+        $formatter = $this->getFormatter('raw');
+        $link = $formatter->format($bookmark);
+        return $this->displayForm($link, false, $request, $response);
+    }
+    /**
+     * POST /admin/shaare
+     */
+    public function save(Request $request, Response $response): Response
+    {
+        $this->checkToken($request);
+        // lf_id should only be present if the link exists.
+        $id = $request->getParam('lf_id') !== null ? intval(escape($request->getParam('lf_id'))) : null;
+        if (null !== $id && true === $this->container->bookmarkService->exists($id)) {
+            // Edit
+            $bookmark = $this->container->bookmarkService->get($id);
+        } else {
+            // New link
+            $bookmark = new Bookmark();
+        }
+        $bookmark->setTitle($request->getParam('lf_title'));
+        $bookmark->setDescription($request->getParam('lf_description'));
+        $bookmark->setUrl($request->getParam('lf_url'), $this->container->conf->get('security.allowed_protocols', []));
+        $bookmark->setPrivate(filter_var($request->getParam('lf_private'), FILTER_VALIDATE_BOOLEAN));
+        $bookmark->setTagsString($request->getParam('lf_tags'));
+        if ($this->container->conf->get('thumbnails.mode', Thumbnailer::MODE_NONE) !== Thumbnailer::MODE_NONE
+            && true !== $this->container->conf->get('general.enable_async_metadata', true)
+            && $bookmark->shouldUpdateThumbnail()
+        ) {
+            $bookmark->setThumbnail($this->container->thumbnailer->get($bookmark->getUrl()));
+        }
+        $this->container->bookmarkService->addOrSet($bookmark, false);
+        // To preserve backward compatibility with 3rd parties, plugins still use arrays
+        $formatter = $this->getFormatter('raw');
+        $data = $formatter->format($bookmark);
+        $this->executePageHooks('save_link', $data);
+        $bookmark->fromArray($data);
+        $this->container->bookmarkService->set($bookmark);
+        // If we are called from the bookmarklet, we must close the popup:
+        if ($request->getParam('source') === 'bookmarklet') {
+            return $response->write('<script>self.close();</script>');
+        } elseif ($request->getParam('source') === 'batch') {
+            return $response;
+        }
+        if (!empty($request->getParam('returnurl'))) {
+            $this->container->environment['HTTP_REFERER'] = $request->getParam('returnurl');
+        }
+        return $this->redirectFromReferer(
+            $request,
+            $response,
+            ['/admin/add-shaare', '/admin/shaare'], ['addlink', 'post', 'edit_link'],
+            $bookmark->getShortUrl()
+        );
+    }
+    /**
+     * Helper function used to display the shaare form whether it's a new or existing bookmark.
+     *
+     * @param array $link data used in template, either from parameters or from the data store
+     */
+    protected function displayForm(array $link, bool $isNew, Request $request, Response $response): Response
+    {
+        $data = $this->buildFormData($link, $isNew, $request);
+        $this->executePageHooks('render_editlink', $data, TemplatePage::EDIT_LINK);
+        foreach ($data as $key => $value) {
+            $this->assignView($key, $value);
+        }
+        $editLabel = false === $isNew ? t('Edit') .' ' : '';
+        $this->assignView(
+            'pagetitle',
+            $editLabel . t('Shaare') .' - '. $this->container->conf->get('general.title', 'Shaarli')
+        );
+        return $response->write($this->render(TemplatePage::EDIT_LINK));
+    }
+    protected function buildLinkDataFromUrl(Request $request, string $url): array
+    {
+        // Check if URL is not already in database (in this case, we will edit the existing link)
+        $bookmark = $this->container->bookmarkService->findByUrl($url);
+        if (null === $bookmark) {
+            // Get shaare data if it was provided in URL (e.g.: by the bookmarklet).
+            $title = $request->getParam('title');
+            $description = $request->getParam('description');
+            $tags = $request->getParam('tags');
+            if ($request->getParam('private') !== null) {
+                $private = filter_var($request->getParam('private'), FILTER_VALIDATE_BOOLEAN);
+            } else {
+                $private = $this->container->conf->get('privacy.default_private_links', false);
+            }
+            // If this is an HTTP(S) link, we try go get the page to extract
+            // the title (otherwise we will to straight to the edit form.)
+            if (true !== $this->container->conf->get('general.enable_async_metadata', true)
+                && empty($title)
+                && strpos(get_url_scheme($url) ?: '', 'http') !== false
+            ) {
+                $metadata = $this->container->metadataRetriever->retrieve($url);
+            }
+            if (empty($url)) {
+                $metadata['title'] = $this->container->conf->get('general.default_note_title', t('Note: '));
+            }
+            return [
+                'title' => $title ?? $metadata['title'] ?? '',
+                'url' => $url ?? '',
+                'description' => $description ?? $metadata['description'] ?? '',
+                'tags' => $tags ?? $metadata['tags'] ?? '',
+                'private' => $private,
+                'linkIsNew' => true,
+            ];
+        }
+        $formatter = $this->getFormatter('raw');
+        $link = $formatter->format($bookmark);
+        $link['linkIsNew'] = false;
+        return $link;
+    }
+    protected function buildFormData(array $link, bool $isNew, Request $request): array
+    {
+        return escape([
+            'link' => $link,
+            'link_is_new' => $isNew,
+            'http_referer' => $this->container->environment['HTTP_REFERER'] ?? '',
+            'source' => $request->getParam('source') ?? '',
+            'tags' => $this->getTags(),
+            'default_private_links' => $this->container->conf->get('privacy.default_private_links', false),
+            'async_metadata' => $this->container->conf->get('general.enable_async_metadata', true),
+            'retrieve_description' => $this->container->conf->get('general.retrieve_description', false),
+        ]);
+    }
+    /**
+     * Memoize formatterFactory->getFormatter() calls.
+     */
+    protected function getFormatter(string $type): BookmarkFormatter
+    {
+        if (!array_key_exists($type, $this->formatters) || $this->formatters[$type] === null) {
+            $this->formatters[$type] = $this->container->formatterFactory->getFormatter($type);
+        }
+        return $this->formatters[$type];
+    }
+    /**
+     * Memoize bookmarkService->bookmarksCountPerTag() calls.
+     */
+    protected function getTags(): array
+    {
+        if ($this->tags === null) {
+            $this->tags = $this->container->bookmarkService->bookmarksCountPerTag();
+            if ($this->container->conf->get('formatter') === 'markdown') {
+                $this->tags[BookmarkMarkdownFormatter::NO_MD_TAG] = 1;
+            }
+        }
+        return $this->tags;
+    }
+}
diff --git a/application/front/controller/admin/ShaarliAdminController.php b/application/front/controller/admin/ShaarliAdminController.php
new file mode 100644
index 00000000..c26c9cbe
--- /dev/null
+++ b/application/front/controller/admin/ShaarliAdminController.php
@@ -0,0 +1,71 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Admin;
+use Shaarli\Front\Controller\Visitor\ShaarliVisitorController;
+use Shaarli\Front\Exception\WrongTokenException;
+use Shaarli\Security\SessionManager;
+use Slim\Http\Request;
+/**
+ * Class ShaarliAdminController
+ *
+ * All admin controllers (for logged in users) MUST extend this abstract class.
+ * It makes sure that the user is properly logged in, and otherwise throw an exception
+ * which will redirect to the login page.
+ *
+ * @package Shaarli\Front\Controller\Admin
+ */
+abstract class ShaarliAdminController extends ShaarliVisitorController
+{
+    /**
+     * Any persistent action to the config or data store must check the XSRF token validity.
+     */
+    protected function checkToken(Request $request): bool
+    {
+        if (!$this->container->sessionManager->checkToken($request->getParam('token'))) {
+            throw new WrongTokenException();
+        }
+        return true;
+    }
+    /**
+     * Save a SUCCESS message in user session, which will be displayed on any template page.
+     */
+    protected function saveSuccessMessage(string $message): void
+    {
+        $this->saveMessage(SessionManager::KEY_SUCCESS_MESSAGES, $message);
+    }
+    /**
+     * Save a WARNING message in user session, which will be displayed on any template page.
+     */
+    protected function saveWarningMessage(string $message): void
+    {
+        $this->saveMessage(SessionManager::KEY_WARNING_MESSAGES, $message);
+    }
+    /**
+     * Save an ERROR message in user session, which will be displayed on any template page.
+     */
+    protected function saveErrorMessage(string $message): void
+    {
+        $this->saveMessage(SessionManager::KEY_ERROR_MESSAGES, $message);
+    }
+    /**
+     * Use the sessionManager to save the provided message using the proper type.
+     *
+     * @param string $type successed/warnings/errors
+     */
+    protected function saveMessage(string $type, string $message): void
+    {
+        $messages = $this->container->sessionManager->getSessionParameter($type) ?? [];
+        $messages[] = $message;
+        $this->container->sessionManager->setSessionParameter($type, $messages);
+    }
+}
diff --git a/application/front/controller/admin/ThumbnailsController.php b/application/front/controller/admin/ThumbnailsController.php
new file mode 100644
index 00000000..4dc09d38
--- /dev/null
+++ b/application/front/controller/admin/ThumbnailsController.php
@@ -0,0 +1,65 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Admin;
+use Shaarli\Bookmark\Exception\BookmarkNotFoundException;
+use Shaarli\Render\TemplatePage;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Class ToolsController
+ *
+ * Slim controller used to handle thumbnails update.
+ */
+class ThumbnailsController extends ShaarliAdminController
+{
+    /**
+     * GET /admin/thumbnails - Display thumbnails update page
+     */
+    public function index(Request $request, Response $response): Response
+    {
+        $ids = [];
+        foreach ($this->container->bookmarkService->search() as $bookmark) {
+            // A note or not HTTP(S)
+            if ($bookmark->isNote() || !startsWith(strtolower($bookmark->getUrl()), 'http')) {
+                continue;
+            }
+            $ids[] = $bookmark->getId();
+        }
+        $this->assignView('ids', $ids);
+        $this->assignView(
+            'pagetitle',
+            t('Thumbnails update') .' - '. $this->container->conf->get('general.title', 'Shaarli')
+        );
+        return $response->write($this->render(TemplatePage::THUMBNAILS));
+    }
+    /**
+     * PATCH /admin/shaare/{id}/thumbnail-update - Route for AJAX calls
+     */
+    public function ajaxUpdate(Request $request, Response $response, array $args): Response
+    {
+        $id = $args['id'] ?? null;
+        if (false === ctype_digit($id)) {
+            return $response->withStatus(400);
+        }
+        try {
+            $bookmark = $this->container->bookmarkService->get((int) $id);
+        } catch (BookmarkNotFoundException $e) {
+            return $response->withStatus(404);
+        }
+        $bookmark->setThumbnail($this->container->thumbnailer->get($bookmark->getUrl()));
+        $this->container->bookmarkService->set($bookmark);
+        return $response->withJson($this->container->formatterFactory->getFormatter('raw')->format($bookmark));
+    }
+}
diff --git a/application/front/controller/admin/TokenController.php b/application/front/controller/admin/TokenController.php
new file mode 100644
index 00000000..08d68d0a
--- /dev/null
+++ b/application/front/controller/admin/TokenController.php
@@ -0,0 +1,26 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Admin;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Class TokenController
+ *
+ * Endpoint used to retrieve a XSRF token. Useful for AJAX requests.
+ */
+class TokenController extends ShaarliAdminController
+{
+    /**
+     * GET /admin/token
+     */
+    public function getToken(Request $request, Response $response): Response
+    {
+        $response = $response->withHeader('Content-Type', 'text/plain');
+        return $response->write($this->container->sessionManager->generateToken());
+    }
+}
diff --git a/application/front/controller/admin/ToolsController.php b/application/front/controller/admin/ToolsController.php
new file mode 100644
index 00000000..a87f20d2
--- /dev/null
+++ b/application/front/controller/admin/ToolsController.php
@@ -0,0 +1,35 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Admin;
+use Shaarli\Render\TemplatePage;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Class ToolsController
+ *
+ * Slim controller used to display the tools page.
+ */
+class ToolsController extends ShaarliAdminController
+{
+    public function index(Request $request, Response $response): Response
+    {
+        $data = [
+            'pageabsaddr' => index_url($this->container->environment),
+            'sslenabled' => is_https($this->container->environment),
+        ];
+        $this->executePageHooks('render_tools', $data, TemplatePage::TOOLS);
+        foreach ($data as $key => $value) {
+            $this->assignView($key, $value);
+        }
+        $this->assignView('pagetitle', t('Tools') .' - '. $this->container->conf->get('general.title', 'Shaarli'));
+        return $response->write($this->render(TemplatePage::TOOLS));
+    }
+}
diff --git a/application/front/controller/visitor/BookmarkListController.php b/application/front/controller/visitor/BookmarkListController.php
new file mode 100644
index 00000000..78c474c9
--- /dev/null
+++ b/application/front/controller/visitor/BookmarkListController.php
@@ -0,0 +1,249 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Visitor;
+use Shaarli\Bookmark\Bookmark;
+use Shaarli\Bookmark\Exception\BookmarkNotFoundException;
+use Shaarli\Legacy\LegacyController;
+use Shaarli\Legacy\UnknowLegacyRouteException;
+use Shaarli\Render\TemplatePage;
+use Shaarli\Thumbnailer;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Class BookmarkListController
+ *
+ * Slim controller used to render the bookmark list, the home page of Shaarli.
+ * It also displays permalinks, and process legacy routes based on GET parameters.
+ */
+class BookmarkListController extends ShaarliVisitorController
+{
+    /**
+     * GET / - Displays the bookmark list, with optional filter parameters.
+     */
+    public function index(Request $request, Response $response): Response
+    {
+        $legacyResponse = $this->processLegacyController($request, $response);
+        if (null !== $legacyResponse) {
+            return $legacyResponse;
+        }
+        $formatter = $this->container->formatterFactory->getFormatter();
+        $formatter->addContextData('base_path', $this->container->basePath);
+        $searchTags = normalize_spaces($request->getParam('searchtags') ?? '');
+        $searchTerm = escape(normalize_spaces($request->getParam('searchterm') ?? ''));;
+        // Filter bookmarks according search parameters.
+        $visibility = $this->container->sessionManager->getSessionParameter('visibility');
+        $search = [
+            'searchtags' => $searchTags,
+            'searchterm' => $searchTerm,
+        ];
+        $linksToDisplay = $this->container->bookmarkService->search(
+            $search,
+            $visibility,
+            false,
+            !!$this->container->sessionManager->getSessionParameter('untaggedonly')
+        ) ?? [];
+        // ---- Handle paging.
+        $keys = [];
+        foreach ($linksToDisplay as $key => $value) {
+            $keys[] = $key;
+        }
+        $linksPerPage = $this->container->sessionManager->getSessionParameter('LINKS_PER_PAGE', 20) ?: 20;
+        // Select articles according to paging.
+        $pageCount = (int) ceil(count($keys) / $linksPerPage) ?: 1;
+        $page = (int) $request->getParam('page') ?? 1;
+        $page = $page < 1 ? 1 : $page;
+        $page = $page > $pageCount ? $pageCount : $page;
+        // Start index.
+        $i = ($page - 1) * $linksPerPage;
+        $end = $i + $linksPerPage;
+        $linkDisp = [];
+        $save = false;
+        while ($i < $end && $i < count($keys)) {
+            $save = $this->updateThumbnail($linksToDisplay[$keys[$i]], false) || $save;
+            $link = $formatter->format($linksToDisplay[$keys[$i]]);
+            $linkDisp[$keys[$i]] = $link;
+            $i++;
+        }
+        if ($save) {
+            $this->container->bookmarkService->save();
+        }
+        // Compute paging navigation
+        $searchtagsUrl = $searchTags === '' ? '' : '&searchtags=' . urlencode($searchTags);
+        $searchtermUrl = $searchTerm === '' ? '' : '&searchterm=' . urlencode($searchTerm);
+        $previous_page_url = '';
+        if ($i !== count($keys)) {
+            $previous_page_url = '?page=' . ($page + 1) . $searchtermUrl . $searchtagsUrl;
+        }
+        $next_page_url = '';
+        if ($page > 1) {
+            $next_page_url = '?page=' . ($page - 1) . $searchtermUrl . $searchtagsUrl;
+        }
+        // Fill all template fields.
+        $data = array_merge(
+            $this->initializeTemplateVars(),
+            [
+                'previous_page_url' => $previous_page_url,
+                'next_page_url' => $next_page_url,
+                'page_current' => $page,
+                'page_max' => $pageCount,
+                'result_count' => count($linksToDisplay),
+                'search_term' => escape($searchTerm),
+                'search_tags' => escape($searchTags),
+                'search_tags_url' => array_map('urlencode', explode(' ', $searchTags)),
+                'visibility' => $visibility,
+                'links' => $linkDisp,
+            ]
+        );
+        if (!empty($searchTerm) || !empty($searchTags)) {
+            $data['pagetitle'] = t('Search: ');
+            $data['pagetitle'] .= ! empty($searchTerm) ? $searchTerm . ' ' : '';
+            $bracketWrap = function ($tag) {
+                return '[' . $tag . ']';
+            };
+            $data['pagetitle'] .= ! empty($searchTags)
+                ? implode(' ', array_map($bracketWrap, preg_split('/\s+/', $searchTags))) . ' '
+                : '';
+            $data['pagetitle'] .= '- ';
+        }
+        $data['pagetitle'] = ($data['pagetitle'] ?? '') . $this->container->conf->get('general.title', 'Shaarli');
+        $this->executePageHooks('render_linklist', $data, TemplatePage::LINKLIST);
+        $this->assignAllView($data);
+        return $response->write($this->render(TemplatePage::LINKLIST));
+    }
+    /**
+     * GET /shaare/{hash} - Display a single shaare
+     */
+    public function permalink(Request $request, Response $response, array $args): Response
+    {
+        $privateKey = $request->getParam('key');
+        try {
+            $bookmark = $this->container->bookmarkService->findByHash($args['hash'], $privateKey);
+        } catch (BookmarkNotFoundException $e) {
+            $this->assignView('error_message', $e->getMessage());
+            return $response->write($this->render(TemplatePage::ERROR_404));
+        }
+        $this->updateThumbnail($bookmark);
+        $formatter = $this->container->formatterFactory->getFormatter();
+        $formatter->addContextData('base_path', $this->container->basePath);
+        $data = array_merge(
+            $this->initializeTemplateVars(),
+            [
+                'pagetitle' => $bookmark->getTitle() .' - '. $this->container->conf->get('general.title', 'Shaarli'),
+                'links' => [$formatter->format($bookmark)],
+            ]
+        );
+        $this->executePageHooks('render_linklist', $data, TemplatePage::LINKLIST);
+        $this->assignAllView($data);
+        return $response->write($this->render(TemplatePage::LINKLIST));
+    }
+    /**
+     * Update the thumbnail of a single bookmark if necessary.
+     */
+    protected function updateThumbnail(Bookmark $bookmark, bool $writeDatastore = true): bool
+    {
+        if (false === $this->container->loginManager->isLoggedIn()) {
+            return false;
+        }
+        // If thumbnail should be updated, we reset it to null
+        if ($bookmark->shouldUpdateThumbnail()) {
+            $bookmark->setThumbnail(null);
+            // Requires an update, not async retrieval, thumbnails enabled
+            if ($bookmark->shouldUpdateThumbnail()
+                && true !== $this->container->conf->get('general.enable_async_metadata', true)
+                && $this->container->conf->get('thumbnails.mode', Thumbnailer::MODE_NONE) !== Thumbnailer::MODE_NONE
+            ) {
+                $bookmark->setThumbnail($this->container->thumbnailer->get($bookmark->getUrl()));
+                $this->container->bookmarkService->set($bookmark, $writeDatastore);
+                return true;
+            }
+        }
+        return false;
+    }
+    /**
+     * @return string[] Default template variables without values.
+     */
+    protected function initializeTemplateVars(): array
+    {
+        return [
+            'previous_page_url' => '',
+            'next_page_url' => '',
+            'page_max' => '',
+            'search_tags' => '',
+            'result_count' => '',
+            'async_metadata' => $this->container->conf->get('general.enable_async_metadata', true)
+        ];
+    }
+    /**
+     * Process legacy routes if necessary. They used query parameters.
+     * If no legacy routes is passed, return null.
+     */
+    protected function processLegacyController(Request $request, Response $response): ?Response
+    {
+        // Legacy smallhash filter
+        $queryString = $this->container->environment['QUERY_STRING'] ?? null;
+        if (null !== $queryString && 1 === preg_match('/^([a-zA-Z0-9-_@]{6})($|&|#)/', $queryString, $match)) {
+            return $this->redirect($response, '/shaare/' . $match[1]);
+        }
+        // Legacy controllers (mostly used for redirections)
+        if (null !== $request->getQueryParam('do')) {
+            $legacyController = new LegacyController($this->container);
+            try {
+                return $legacyController->process($request, $response, $request->getQueryParam('do'));
+            } catch (UnknowLegacyRouteException $e) {
+                // We ignore legacy 404
+                return null;
+            }
+        }
+        // Legacy GET admin routes
+        $legacyGetRoutes = array_intersect(
+            LegacyController::LEGACY_GET_ROUTES,
+            array_keys($request->getQueryParams() ?? [])
+        );
+        if (1 === count($legacyGetRoutes)) {
+            $legacyController = new LegacyController($this->container);
+            return $legacyController->process($request, $response, $legacyGetRoutes[0]);
+        }
+        return null;
+    }
+}
diff --git a/application/front/controller/visitor/DailyController.php b/application/front/controller/visitor/DailyController.php
new file mode 100644
index 00000000..728bc2d8
--- /dev/null
+++ b/application/front/controller/visitor/DailyController.php
@@ -0,0 +1,205 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Visitor;
+use DateTime;
+use Shaarli\Bookmark\Bookmark;
+use Shaarli\Helper\DailyPageHelper;
+use Shaarli\Render\TemplatePage;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Class DailyController
+ *
+ * Slim controller used to render the daily page.
+ */
+class DailyController extends ShaarliVisitorController
+{
+    public static $DAILY_RSS_NB_DAYS = 8;
+    /**
+     * Controller displaying all bookmarks published in a single day.
+     * It take a `day` date query parameter (format YYYYMMDD).
+     */
+    public function index(Request $request, Response $response): Response
+    {
+        $type = DailyPageHelper::extractRequestedType($request);
+        $format = DailyPageHelper::getFormatByType($type);
+        $latestBookmark = $this->container->bookmarkService->getLatest();
+        $dateTime = DailyPageHelper::extractRequestedDateTime($type, $request->getQueryParam($type), $latestBookmark);
+        $start = DailyPageHelper::getStartDateTimeByType($type, $dateTime);
+        $end = DailyPageHelper::getEndDateTimeByType($type, $dateTime);
+        $dailyDesc = DailyPageHelper::getDescriptionByType($type, $dateTime);
+        $linksToDisplay = $this->container->bookmarkService->findByDate(
+            $start,
+            $end,
+            $previousDay,
+            $nextDay
+        );
+        $formatter = $this->container->formatterFactory->getFormatter();
+        $formatter->addContextData('base_path', $this->container->basePath);
+        // We pre-format some fields for proper output.
+        foreach ($linksToDisplay as $key => $bookmark) {
+            $linksToDisplay[$key] = $formatter->format($bookmark);
+            // This page is a bit specific, we need raw description to calculate the length
+            $linksToDisplay[$key]['formatedDescription'] = $linksToDisplay[$key]['description'];
+            $linksToDisplay[$key]['description'] = $bookmark->getDescription();
+        }
+        $data = [
+            'linksToDisplay' => $linksToDisplay,
+            'dayDate' => $start,
+            'day' => $start->getTimestamp(),
+            'previousday' => $previousDay ? $previousDay->format($format) : '',
+            'nextday' => $nextDay ? $nextDay->format($format) : '',
+            'dayDesc' => $dailyDesc,
+            'type' => $type,
+            'localizedType' => $this->translateType($type),
+        ];
+        // Hooks are called before column construction so that plugins don't have to deal with columns.
+        $this->executePageHooks('render_daily', $data, TemplatePage::DAILY);
+        $data['cols'] = $this->calculateColumns($data['linksToDisplay']);
+        $this->assignAllView($data);
+        $mainTitle = $this->container->conf->get('general.title', 'Shaarli');
+        $this->assignView(
+            'pagetitle',
+            $data['localizedType'] . ' - ' . $data['dayDesc'] . ' - ' . $mainTitle
+        );
+        return $response->write($this->render(TemplatePage::DAILY));
+    }
+    /**
+     * Daily RSS feed: 1 RSS entry per day giving all the bookmarks on that day.
+     * Gives the last 7 days (which have bookmarks).
+     * This RSS feed cannot be filtered and does not trigger plugins yet.
+     */
+    public function rss(Request $request, Response $response): Response
+    {
+        $response = $response->withHeader('Content-Type', 'application/rss+xml; charset=utf-8');
+        $pageUrl = page_url($this->container->environment);
+        $cache = $this->container->pageCacheManager->getCachePage($pageUrl);
+        $cached = $cache->cachedVersion();
+        if (!empty($cached)) {
+            return $response->write($cached);
+        }
+        $days = [];
+        $type = DailyPageHelper::extractRequestedType($request);
+        $format = DailyPageHelper::getFormatByType($type);
+        $length = DailyPageHelper::getRssLengthByType($type);
+        foreach ($this->container->bookmarkService->search() as $bookmark) {
+            $day = $bookmark->getCreated()->format($format);
+            // Stop iterating after DAILY_RSS_NB_DAYS entries
+            if (count($days) === $length && !isset($days[$day])) {
+                break;
+            }
+            $days[$day][] = $bookmark;
+        }
+        // Build the RSS feed.
+        $indexUrl = escape(index_url($this->container->environment));
+        $formatter = $this->container->formatterFactory->getFormatter();
+        $formatter->addContextData('index_url', $indexUrl);
+        $dataPerDay = [];
+        /** @var Bookmark[] $bookmarks */
+        foreach ($days as $day => $bookmarks) {
+            $dayDateTime = DailyPageHelper::extractRequestedDateTime($type, (string) $day);
+            $endDateTime = DailyPageHelper::getEndDateTimeByType($type, $dayDateTime);
+            // We only want the RSS entry to be published when the period is over.
+            if (new DateTime() < $endDateTime) {
+                continue;
+            }
+            $dataPerDay[$day] = [
+                'date' => $endDateTime,
+                'date_rss' => $endDateTime->format(DateTime::RSS),
+                'date_human' => DailyPageHelper::getDescriptionByType($type, $dayDateTime),
+                'absolute_url' => $indexUrl . 'daily?'. $type .'=' . $day,
+                'links' => [],
+            ];
+            foreach ($bookmarks as $key => $bookmark) {
+                $dataPerDay[$day]['links'][$key] = $formatter->format($bookmark);
+                // Make permalink URL absolute
+                if ($bookmark->isNote()) {
+                    $dataPerDay[$day]['links'][$key]['url'] = rtrim($indexUrl, '/') . $bookmark->getUrl();
+                }
+            }
+        }
+        $this->assignAllView([
+            'title' => $this->container->conf->get('general.title', 'Shaarli'),
+            'index_url' => $indexUrl,
+            'page_url' => $pageUrl,
+            'hide_timestamps' => $this->container->conf->get('privacy.hide_timestamps', false),
+            'days' => $dataPerDay,
+            'type' => $type,
+            'localizedType' => $this->translateType($type),
+        ]);
+        $rssContent = $this->render(TemplatePage::DAILY_RSS);
+        $cache->cache($rssContent);
+        return $response->write($rssContent);
+    }
+    /**
+     * We need to spread the articles on 3 columns.
+     * did not want to use a JavaScript lib like http://masonry.desandro.com/
+     * so I manually spread entries with a simple method: I roughly evaluate the
+     * height of a div according to title and description length.
+     */
+    protected function calculateColumns(array $links): array
+    {
+        // Entries to display, for each column.
+        $columns = [[], [], []];
+        // Rough estimate of columns fill.
+        $fill = [0, 0, 0];
+        foreach ($links as $link) {
+            // Roughly estimate length of entry (by counting characters)
+            // Title: 30 chars = 1 line. 1 line is 30 pixels height.
+            // Description: 836 characters gives roughly 342 pixel height.
+            // This is not perfect, but it's usually OK.
+            $length = strlen($link['title'] ?? '') + (342 * strlen($link['description'] ?? '')) / 836;
+            if (! empty($link['thumbnail'])) {
+                $length += 100; // 1 thumbnails roughly takes 100 pixels height.
+            }
+            // Then put in column which is the less filled:
+            $smallest = min($fill); // find smallest value in array.
+            $index = array_search($smallest, $fill); // find index of this smallest value.
+            array_push($columns[$index], $link); // Put entry in this column.
+            $fill[$index] += $length;
+        }
+        return $columns;
+    }
+    protected function translateType($type): string
+    {
+        return [
+            t('day') => t('Daily'),
+            t('week') => t('Weekly'),
+            t('month') => t('Monthly'),
+        ][t($type)] ?? t('Daily');
+    }
+}
diff --git a/application/front/controller/visitor/ErrorController.php b/application/front/controller/visitor/ErrorController.php
new file mode 100644
index 00000000..8da11172
--- /dev/null
+++ b/application/front/controller/visitor/ErrorController.php
@@ -0,0 +1,42 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Visitor;
+use Shaarli\Front\Exception\ShaarliFrontException;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Controller used to render the error page, with a provided exception.
+ * It is actually used as a Slim error handler.
+ */
+class ErrorController extends ShaarliVisitorController
+{
+    public function __invoke(Request $request, Response $response, \Throwable $throwable): Response
+    {
+        // Unknown error encountered
+        $this->container->pageBuilder->reset();
+        if ($throwable instanceof ShaarliFrontException) {
+            // Functional error
+            $this->assignView('message', nl2br($throwable->getMessage()));
+            $response = $response->withStatus($throwable->getCode());
+        } else {
+            // Internal error (any other Throwable)
+            if ($this->container->conf->get('dev.debug', false)) {
+                $this->assignView('message', $throwable->getMessage());
+                $this->assignView('stacktrace', exception2text($throwable));
+            } else {
+                $this->assignView('message', t('An unexpected error occurred.'));
+            }
+            $response = $response->withStatus(500);
+        }
+        return $response->write($this->render('error'));
+    }
+}
diff --git a/application/front/controller/visitor/ErrorNotFoundController.php b/application/front/controller/visitor/ErrorNotFoundController.php
new file mode 100644
index 00000000..758dd83b
--- /dev/null
+++ b/application/front/controller/visitor/ErrorNotFoundController.php
@@ -0,0 +1,29 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Visitor;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Controller used to render the 404 error page.
+ */
+class ErrorNotFoundController extends ShaarliVisitorController
+{
+    public function __invoke(Request $request, Response $response): Response
+    {
+        // Request from the API
+        if (false !== strpos($request->getRequestTarget(), '/api/v1')) {
+            return $response->withStatus(404);
+        }
+        // This is required because the middleware is ignored if the route is not found.
+        $this->container->basePath = rtrim($request->getUri()->getBasePath(), '/');
+        $this->assignView('error_message', t('Requested page could not be found.'));
+        return $response->withStatus(404)->write($this->render('404'));
+    }
+}
diff --git a/application/front/controller/visitor/FeedController.php b/application/front/controller/visitor/FeedController.php
new file mode 100644
index 00000000..8d8b546a
--- /dev/null
+++ b/application/front/controller/visitor/FeedController.php
@@ -0,0 +1,58 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Visitor;
+use Shaarli\Feed\FeedBuilder;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Class FeedController
+ *
+ * Slim controller handling ATOM and RSS feed.
+ */
+class FeedController extends ShaarliVisitorController
+{
+    public function atom(Request $request, Response $response): Response
+    {
+        return $this->processRequest(FeedBuilder::$FEED_ATOM, $request, $response);
+    }
+    public function rss(Request $request, Response $response): Response
+    {
+        return $this->processRequest(FeedBuilder::$FEED_RSS, $request, $response);
+    }
+    protected function processRequest(string $feedType, Request $request, Response $response): Response
+    {
+        $response = $response->withHeader('Content-Type', 'application/'. $feedType .'+xml; charset=utf-8');
+        $pageUrl = page_url($this->container->environment);
+        $cache = $this->container->pageCacheManager->getCachePage($pageUrl);
+        $cached = $cache->cachedVersion();
+        if (!empty($cached)) {
+            return $response->write($cached);
+        }
+        // Generate data.
+        $this->container->feedBuilder->setLocale(strtolower(setlocale(LC_COLLATE, 0)));
+        $this->container->feedBuilder->setHideDates($this->container->conf->get('privacy.hide_timestamps', false));
+        $this->container->feedBuilder->setUsePermalinks(
+            null !== $request->getParam('permalinks') || !$this->container->conf->get('feed.rss_permalinks')
+        );
+        $data = $this->container->feedBuilder->buildData($feedType, $request->getParams());
+        $this->executePageHooks('render_feed', $data, 'feed.' . $feedType);
+        $this->assignAllView($data);
+        $content = $this->render('feed.' . $feedType);
+        $cache->cache($content);
+        return $response->write($content);
+    }
+}
diff --git a/application/front/controller/visitor/InstallController.php b/application/front/controller/visitor/InstallController.php
new file mode 100644
index 00000000..22329294
--- /dev/null
+++ b/application/front/controller/visitor/InstallController.php
@@ -0,0 +1,175 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Visitor;
+use Shaarli\Container\ShaarliContainer;
+use Shaarli\Front\Exception\AlreadyInstalledException;
+use Shaarli\Front\Exception\ResourcePermissionException;
+use Shaarli\Helper\ApplicationUtils;
+use Shaarli\Languages;
+use Shaarli\Security\SessionManager;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Slim controller used to render install page, and create initial configuration file.
+ */
+class InstallController extends ShaarliVisitorController
+{
+    public const SESSION_TEST_KEY = 'session_tested';
+    public const SESSION_TEST_VALUE = 'Working';
+    public function __construct(ShaarliContainer $container)
+    {
+        parent::__construct($container);
+        if (is_file($this->container->conf->getConfigFileExt())) {
+            throw new AlreadyInstalledException();
+        }
+    }
+    /**
+     * Display the install template page.
+     * Also test file permissions and sessions beforehand.
+     */
+    public function index(Request $request, Response $response): Response
+    {
+        // Before installation, we'll make sure that permissions are set properly, and sessions are working.
+        $this->checkPermissions();
+        if (static::SESSION_TEST_VALUE
+            !== $this->container->sessionManager->getSessionParameter(static::SESSION_TEST_KEY)
+        ) {
+            $this->container->sessionManager->setSessionParameter(static::SESSION_TEST_KEY, static::SESSION_TEST_VALUE);
+            return $this->redirect($response, '/install/session-test');
+        }
+        [$continents, $cities] = generateTimeZoneData(timezone_identifiers_list(), date_default_timezone_get());
+        $this->assignView('continents', $continents);
+        $this->assignView('cities', $cities);
+        $this->assignView('languages', Languages::getAvailableLanguages());
+        $phpEol = new \DateTimeImmutable(ApplicationUtils::getPhpEol(PHP_VERSION));
+        $this->assignView('php_version', PHP_VERSION);
+        $this->assignView('php_eol', format_date($phpEol, false));
+        $this->assignView('php_has_reached_eol', $phpEol < new \DateTimeImmutable());
+        $this->assignView('php_extensions', ApplicationUtils::getPhpExtensionsRequirement());
+        $this->assignView('permissions', ApplicationUtils::checkResourcePermissions($this->container->conf));
+        $this->assignView('pagetitle', t('Install Shaarli'));
+        return $response->write($this->render('install'));
+    }
+    /**
+     * Route checking that the session parameter has been properly saved between two distinct requests.
+     * If the session parameter is preserved, redirect to install template page, otherwise displays error.
+     */
+    public function sessionTest(Request $request, Response $response): Response
+    {
+        // This part makes sure sessions works correctly.
+        // (Because on some hosts, session.save_path may not be set correctly,
+        // or we may not have write access to it.)
+        if (static::SESSION_TEST_VALUE
+            !== $this->container->sessionManager->getSessionParameter(static::SESSION_TEST_KEY)
+        ) {
+            // Step 2: Check if data in session is correct.
+            $msg = t(
+                '<pre>Sessions do not seem to work correctly on your server.<br>'.
+                'Make sure the variable "session.save_path" is set correctly in your PHP config, '.
+                'and that you have write access to it.<br>'.
+                'It currently points to %s.<br>'.
+                'On some browsers, accessing your server via a hostname like \'localhost\' '.
+                'or any custom hostname without a dot causes cookie storage to fail. '.
+                'We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.<br>'
+            );
+            $msg = sprintf($msg, $this->container->sessionManager->getSavePath());
+            $this->assignView('message', $msg);
+            return $response->write($this->render('error'));
+        }
+        return $this->redirect($response, '/install');
+    }
+    /**
+     * Save installation form and initialize config file and datastore if necessary.
+     */
+    public function save(Request $request, Response $response): Response
+    {
+        $timezone = 'UTC';
+        if (!empty($request->getParam('continent'))
+            && !empty($request->getParam('city'))
+            && isTimeZoneValid($request->getParam('continent'), $request->getParam('city'))
+        ) {
+            $timezone = $request->getParam('continent') . '/' . $request->getParam('city');
+        }
+        $this->container->conf->set('general.timezone', $timezone);
+        $login = $request->getParam('setlogin');
+        $this->container->conf->set('credentials.login', $login);
+        $salt = sha1(uniqid('', true) .'_'. mt_rand());
+        $this->container->conf->set('credentials.salt', $salt);
+        $this->container->conf->set('credentials.hash', sha1($request->getParam('setpassword') . $login . $salt));
+        if (!empty($request->getParam('title'))) {
+            $this->container->conf->set('general.title', escape($request->getParam('title')));
+        } else {
+            $this->container->conf->set(
+                'general.title',
+                'Shared bookmarks on '.escape(index_url($this->container->environment))
+            );
+        }
+        $this->container->conf->set('translation.language', escape($request->getParam('language')));
+        $this->container->conf->set('updates.check_updates', !empty($request->getParam('updateCheck')));
+        $this->container->conf->set('api.enabled', !empty($request->getParam('enableApi')));
+        $this->container->conf->set(
+            'api.secret',
+            generate_api_secret(
+                $this->container->conf->get('credentials.login'),
+                $this->container->conf->get('credentials.salt')
+            )
+        );
+        $this->container->conf->set('general.header_link', $this->container->basePath . '/');
+        try {
+            // Everything is ok, let's create config file.
+            $this->container->conf->write($this->container->loginManager->isLoggedIn());
+        } catch (\Exception $e) {
+            $this->assignView('message', t('Error while writing config file after configuration update.'));
+            $this->assignView('stacktrace', $e->getMessage() . PHP_EOL . $e->getTraceAsString());
+            return $response->write($this->render('error'));
+        }
+        $this->container->sessionManager->setSessionParameter(
+            SessionManager::KEY_SUCCESS_MESSAGES,
+            [t('Shaarli is now configured. Please login and start shaaring your bookmarks!')]
+        );
+        return $this->redirect($response, '/login');
+    }
+    protected function checkPermissions(): bool
+    {
+        // Ensure Shaarli has proper access to its resources
+        $errors = ApplicationUtils::checkResourcePermissions($this->container->conf, true);
+        if (empty($errors)) {
+            return true;
+        }
+        $message = t('Insufficient permissions:') . PHP_EOL;
+        foreach ($errors as $error) {
+            $message .= PHP_EOL . $error;
+        }
+        throw new ResourcePermissionException($message);
+    }
+}
diff --git a/application/front/controller/visitor/LoginController.php b/application/front/controller/visitor/LoginController.php
new file mode 100644
index 00000000..f5038fe3
--- /dev/null
+++ b/application/front/controller/visitor/LoginController.php
@@ -0,0 +1,153 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Visitor;
+use Shaarli\Front\Exception\CantLoginException;
+use Shaarli\Front\Exception\LoginBannedException;
+use Shaarli\Front\Exception\WrongTokenException;
+use Shaarli\Render\TemplatePage;
+use Shaarli\Security\CookieManager;
+use Shaarli\Security\SessionManager;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Class LoginController
+ *
+ * Slim controller used to render the login page.
+ *
+ * The login page is not available if the user is banned
+ * or if open shaarli setting is enabled.
+ */
+class LoginController extends ShaarliVisitorController
+{
+    /**
+     * GET /login - Display the login page.
+     */
+    public function index(Request $request, Response $response): Response
+    {
+        try {
+            $this->checkLoginState();
+        } catch (CantLoginException $e) {
+            return $this->redirect($response, '/');
+        }
+        if ($request->getParam('login') !== null) {
+            $this->assignView('username', escape($request->getParam('login')));
+        }
+        $returnUrl = $request->getParam('returnurl') ?? $this->container->environment['HTTP_REFERER'] ?? null;
+        $this
+            ->assignView('returnurl', escape($returnUrl))
+            ->assignView('remember_user_default', $this->container->conf->get('privacy.remember_user_default', true))
+            ->assignView('pagetitle', t('Login') .' - '. $this->container->conf->get('general.title', 'Shaarli'))
+        ;
+        return $response->write($this->render(TemplatePage::LOGIN));
+    }
+    /**
+     * POST /login - Process login
+     */
+    public function login(Request $request, Response $response): Response
+    {
+        if (!$this->container->sessionManager->checkToken($request->getParam('token'))) {
+            throw new WrongTokenException();
+        }
+        try {
+            $this->checkLoginState();
+        } catch (CantLoginException $e) {
+            return $this->redirect($response, '/');
+        }
+        if (!$this->container->loginManager->checkCredentials(
+                client_ip_id($this->container->environment),
+                $request->getParam('login'),
+                $request->getParam('password')
+            )
+        ) {
+            $this->container->loginManager->handleFailedLogin($this->container->environment);
+            $this->container->sessionManager->setSessionParameter(
+                SessionManager::KEY_ERROR_MESSAGES,
+                [t('Wrong login/password.')]
+            );
+            // Call controller directly instead of unnecessary redirection
+            return $this->index($request, $response);
+        }
+        $this->container->loginManager->handleSuccessfulLogin($this->container->environment);
+        $cookiePath = $this->container->basePath . '/';
+        $expirationTime = $this->saveLongLastingSession($request, $cookiePath);
+        $this->renewUserSession($cookiePath, $expirationTime);
+        // Force referer from given return URL
+        $this->container->environment['HTTP_REFERER'] = $request->getParam('returnurl');
+        return $this->redirectFromReferer($request, $response, ['login', 'install']);
+    }
+    /**
+     * Make sure that the user is allowed to login and/or displaying the login page:
+     *   - not already logged in
+     *   - not open shaarli
+     *   - not banned
+     */
+    protected function checkLoginState(): bool
+    {
+        if ($this->container->loginManager->isLoggedIn()
+            || $this->container->conf->get('security.open_shaarli', false)
+        ) {
+            throw new CantLoginException();
+        }
+        if (true !== $this->container->loginManager->canLogin($this->container->environment)) {
+            throw new LoginBannedException();
+        }
+        return true;
+    }
+    /**
+     * @return int Session duration in seconds
+     */
+    protected function saveLongLastingSession(Request $request, string $cookiePath): int
+    {
+        if (empty($request->getParam('longlastingsession'))) {
+            // Standard session expiration (=when browser closes)
+            $expirationTime = 0;
+        } else {
+            // Keep the session cookie even after the browser closes
+            $this->container->sessionManager->setStaySignedIn(true);
+            $expirationTime = $this->container->sessionManager->extendSession();
+        }
+        $this->container->cookieManager->setCookieParameter(
+            CookieManager::STAY_SIGNED_IN,
+            $this->container->loginManager->getStaySignedInToken(),
+            $expirationTime,
+            $cookiePath
+        );
+        return $expirationTime;
+    }
+    protected function renewUserSession(string $cookiePath, int $expirationTime): void
+    {
+        // Send cookie with the new expiration date to the browser
+        $this->container->sessionManager->destroy();
+        $this->container->sessionManager->cookieParameters(
+            $expirationTime,
+            $cookiePath,
+            $this->container->environment['SERVER_NAME']
+        );
+        $this->container->sessionManager->start();
+        $this->container->sessionManager->regenerateId(true);
+    }
+}
diff --git a/application/front/controller/visitor/OpenSearchController.php b/application/front/controller/visitor/OpenSearchController.php
new file mode 100644
index 00000000..36d60acf
--- /dev/null
+++ b/application/front/controller/visitor/OpenSearchController.php
@@ -0,0 +1,27 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Visitor;
+use Shaarli\Render\TemplatePage;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Class OpenSearchController
+ *
+ * Slim controller used to render open search template.
+ * This allows to add Shaarli as a search engine within the browser.
+ */
+class OpenSearchController extends ShaarliVisitorController
+{
+    public function index(Request $request, Response $response): Response
+    {
+        $response = $response->withHeader('Content-Type', 'application/opensearchdescription+xml; charset=utf-8');
+        $this->assignView('serverurl', index_url($this->container->environment));
+        return $response->write($this->render(TemplatePage::OPEN_SEARCH));
+    }
+}
diff --git a/application/front/controller/visitor/PictureWallController.php b/application/front/controller/visitor/PictureWallController.php
new file mode 100644
index 00000000..3c57f8dd
--- /dev/null
+++ b/application/front/controller/visitor/PictureWallController.php
@@ -0,0 +1,54 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Visitor;
+use Shaarli\Front\Exception\ThumbnailsDisabledException;
+use Shaarli\Render\TemplatePage;
+use Shaarli\Thumbnailer;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Class PicturesWallController
+ *
+ * Slim controller used to render the pictures wall page.
+ * If thumbnails mode is set to NONE, we just render the template without any image.
+ */
+class PictureWallController extends ShaarliVisitorController
+{
+    public function index(Request $request, Response $response): Response
+    {
+        if ($this->container->conf->get('thumbnails.mode', Thumbnailer::MODE_NONE) === Thumbnailer::MODE_NONE) {
+            throw new ThumbnailsDisabledException();
+        }
+        $this->assignView(
+            'pagetitle',
+            t('Picture wall') .' - '. $this->container->conf->get('general.title', 'Shaarli')
+        );
+        // Optionally filter the results:
+        $links = $this->container->bookmarkService->search($request->getQueryParams());
+        $linksToDisplay = [];
+        // Get only bookmarks which have a thumbnail.
+        // Note: we do not retrieve thumbnails here, the request is too heavy.
+        $formatter = $this->container->formatterFactory->getFormatter('raw');
+        foreach ($links as $key => $link) {
+            if (!empty($link->getThumbnail())) {
+                $linksToDisplay[] = $formatter->format($link);
+            }
+        }
+        $data = ['linksToDisplay' => $linksToDisplay];
+        $this->executePageHooks('render_picwall', $data, TemplatePage::PICTURE_WALL);
+        foreach ($data as $key => $value) {
+            $this->assignView($key, $value);
+        }
+        return $response->write($this->render(TemplatePage::PICTURE_WALL));
+    }
+}
diff --git a/application/front/controller/visitor/PublicSessionFilterController.php b/application/front/controller/visitor/PublicSessionFilterController.php
new file mode 100644
index 00000000..1a66362d
--- /dev/null
+++ b/application/front/controller/visitor/PublicSessionFilterController.php
@@ -0,0 +1,46 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Visitor;
+use Shaarli\Security\SessionManager;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Slim controller used to handle filters stored in the visitor session, links per page, etc.
+ */
+class PublicSessionFilterController extends ShaarliVisitorController
+{
+    /**
+     * GET /links-per-page: set the number of bookmarks to display per page in homepage
+     */
+    public function linksPerPage(Request $request, Response $response): Response
+    {
+        $linksPerPage = $request->getParam('nb') ?? null;
+        if (null === $linksPerPage || false === is_numeric($linksPerPage)) {
+            $linksPerPage = $this->container->conf->get('general.links_per_page', 20);
+        }
+        $this->container->sessionManager->setSessionParameter(
+            SessionManager::KEY_LINKS_PER_PAGE,
+            abs(intval($linksPerPage))
+        );
+        return $this->redirectFromReferer($request, $response, ['linksperpage'], ['nb']);
+    }
+    /**
+     * GET /untagged-only: allows to display only bookmarks without any tag
+     */
+    public function untaggedOnly(Request $request, Response $response): Response
+    {
+        $this->container->sessionManager->setSessionParameter(
+            SessionManager::KEY_UNTAGGED_ONLY,
+            empty($this->container->sessionManager->getSessionParameter(SessionManager::KEY_UNTAGGED_ONLY))
+        );
+        return $this->redirectFromReferer($request, $response, ['untaggedonly', 'untagged-only']);
+    }
+}
diff --git a/application/front/controller/visitor/ShaarliVisitorController.php b/application/front/controller/visitor/ShaarliVisitorController.php
new file mode 100644
index 00000000..54f9fe03
--- /dev/null
+++ b/application/front/controller/visitor/ShaarliVisitorController.php
@@ -0,0 +1,181 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Visitor;
+use Shaarli\Bookmark\BookmarkFilter;
+use Shaarli\Container\ShaarliContainer;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Class ShaarliVisitorController
+ *
+ * All controllers accessible by visitors (non logged in users) should extend this abstract class.
+ * Contains a few helper function for template rendering, plugins, etc.
+ *
+ * @package Shaarli\Front\Controller\Visitor
+ */
+abstract class ShaarliVisitorController
+{
+    /** @var ShaarliContainer */
+    protected $container;
+    /** @param ShaarliContainer $container Slim container (extended for attribute completion). */
+    public function __construct(ShaarliContainer $container)
+    {
+        $this->container = $container;
+    }
+    /**
+     * Assign variables to RainTPL template through the PageBuilder.
+     *
+     * @param mixed $value Value to assign to the template
+     */
+    protected function assignView(string $name, $value): self
+    {
+        $this->container->pageBuilder->assign($name, $value);
+        return $this;
+    }
+    /**
+     * Assign variables to RainTPL template through the PageBuilder.
+     *
+     * @param mixed $data Values to assign to the template and their keys
+     */
+    protected function assignAllView(array $data): self
+    {
+        foreach ($data as $key => $value) {
+            $this->assignView($key, $value);
+        }
+        return $this;
+    }
+    protected function render(string $template): string
+    {
+        $this->assignView('linkcount', $this->container->bookmarkService->count(BookmarkFilter::$ALL));
+        $this->assignView('privateLinkcount', $this->container->bookmarkService->count(BookmarkFilter::$PRIVATE));
+        $this->executeDefaultHooks($template);
+        $this->assignView('plugin_errors', $this->container->pluginManager->getErrors());
+        return $this->container->pageBuilder->render($template, $this->container->basePath);
+    }
+    /**
+     * Call plugin hooks for header, footer and includes, specifying which page will be rendered.
+     * Then assign generated data to RainTPL.
+     */
+    protected function executeDefaultHooks(string $template): void
+    {
+        $common_hooks = [
+            'includes',
+            'header',
+            'footer',
+        ];
+        $parameters = $this->buildPluginParameters($template);
+        foreach ($common_hooks as $name) {
+            $pluginData = [];
+            $this->container->pluginManager->executeHooks(
+                'render_' . $name,
+                $pluginData,
+                $parameters
+            );
+            $this->assignView('plugins_' . $name, $pluginData);
+        }
+    }
+    protected function executePageHooks(string $hook, array &$data, string $template = null): void
+    {
+        $this->container->pluginManager->executeHooks(
+            $hook,
+            $data,
+            $this->buildPluginParameters($template)
+        );
+    }
+    protected function buildPluginParameters(?string $template): array
+    {
+        return [
+            'target' => $template,
+            'loggedin' => $this->container->loginManager->isLoggedIn(),
+            'basePath' => $this->container->basePath,
+            'rootPath' => preg_replace('#/index\.php$#', '', $this->container->basePath),
+            'bookmarkService' => $this->container->bookmarkService
+        ];
+    }
+    /**
+     * Simple helper which prepend the base path to redirect path.
+     *
+     * @param Response $response
+     * @param string $path Absolute path, e.g.: `/`, or `/admin/shaare/123` regardless of install directory
+     *
+     * @return Response updated
+     */
+    protected function redirect(Response $response, string $path): Response
+    {
+        return $response->withRedirect($this->container->basePath . $path);
+    }
+    /**
+     * Generates a redirection to the previous page, based on the HTTP_REFERER.
+     * It fails back to the home page.
+     *
+     * @param array $loopTerms   Terms to remove from path and query string to prevent direction loop.
+     * @param array $clearParams List of parameter to remove from the query string of the referrer.
+     */
+    protected function redirectFromReferer(
+        Request $request,
+        Response $response,
+        array $loopTerms = [],
+        array $clearParams = [],
+        string $anchor = null
+    ): Response {
+        $defaultPath = $this->container->basePath . '/';
+        $referer = $this->container->environment['HTTP_REFERER'] ?? null;
+        if (null !== $referer) {
+            $currentUrl = parse_url($referer);
+            // If the referer is not related to Shaarli instance, redirect to default
+            if (isset($currentUrl['host'])
+                && strpos(index_url($this->container->environment), $currentUrl['host']) === false
+            ) {
+                return $response->withRedirect($defaultPath);
+            }
+            parse_str($currentUrl['query'] ?? '', $params);
+            $path = $currentUrl['path'] ?? $defaultPath;
+        } else {
+            $params = [];
+            $path = $defaultPath;
+        }
+        // Prevent redirection loop
+        if (isset($currentUrl)) {
+            foreach ($clearParams as $value) {
+                unset($params[$value]);
+            }
+            $checkQuery = implode('', array_keys($params));
+            foreach ($loopTerms as $value) {
+                if (strpos($path . $checkQuery, $value) !== false) {
+                    $params = [];
+                    $path = $defaultPath;
+                    break;
+                }
+            }
+        }
+        $queryString = count($params) > 0 ? '?'. http_build_query($params) : '';
+        $anchor = $anchor ? '#' . $anchor : '';
+        return $response->withRedirect($path . $queryString . $anchor);
+    }
+}
diff --git a/application/front/controller/visitor/TagCloudController.php b/application/front/controller/visitor/TagCloudController.php
new file mode 100644
index 00000000..76ed7690
--- /dev/null
+++ b/application/front/controller/visitor/TagCloudController.php
@@ -0,0 +1,121 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Visitor;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Class TagCloud
+ *
+ * Slim controller used to render the tag cloud and tag list pages.
+ */
+class TagCloudController extends ShaarliVisitorController
+{
+    protected const TYPE_CLOUD = 'cloud';
+    protected const TYPE_LIST = 'list';
+    /**
+     * Display the tag cloud through the template engine.
+     * This controller a few filters:
+     *   - Visibility stored in the session for logged in users
+     *   - `searchtags` query parameter: will return tags associated with filter in at least one bookmark
+     */
+    public function cloud(Request $request, Response $response): Response
+    {
+        return $this->processRequest(static::TYPE_CLOUD, $request, $response);
+    }
+    /**
+     * Display the tag list through the template engine.
+     * This controller a few filters:
+     *   - Visibility stored in the session for logged in users
+     *   - `searchtags` query parameter: will return tags associated with filter in at least one bookmark
+     *   - `sort` query parameters:
+     *       + `usage` (default): most used tags first
+     *       + `alpha`: alphabetical order
+     */
+    public function list(Request $request, Response $response): Response
+    {
+        return $this->processRequest(static::TYPE_LIST, $request, $response);
+    }
+    /**
+     * Process the request for both tag cloud and tag list endpoints.
+     */
+    protected function processRequest(string $type, Request $request, Response $response): Response
+    {
+        if ($this->container->loginManager->isLoggedIn() === true) {
+            $visibility = $this->container->sessionManager->getSessionParameter('visibility');
+        }
+        $sort = $request->getQueryParam('sort');
+        $searchTags = $request->getQueryParam('searchtags');
+        $filteringTags = $searchTags !== null ? explode(' ', $searchTags) : [];
+        $tags = $this->container->bookmarkService->bookmarksCountPerTag($filteringTags, $visibility ?? null);
+        if (static::TYPE_CLOUD === $type || 'alpha' === $sort) {
+            // TODO: the sorting should be handled by bookmarkService instead of the controller
+            alphabetical_sort($tags, false, true);
+        }
+        if (static::TYPE_CLOUD === $type) {
+            $tags = $this->formatTagsForCloud($tags);
+        }
+        $tagsUrl = [];
+        foreach ($tags as $tag => $value) {
+            $tagsUrl[escape($tag)] = urlencode((string) $tag);
+        }
+        $searchTags = implode(' ', escape($filteringTags));
+        $searchTagsUrl = urlencode(implode(' ', $filteringTags));
+        $data = [
+            'search_tags' => escape($searchTags),
+            'search_tags_url' => $searchTagsUrl,
+            'tags' => escape($tags),
+            'tags_url' => $tagsUrl,
+        ];
+        $this->executePageHooks('render_tag' . $type, $data, 'tag.' . $type);
+        $this->assignAllView($data);
+        $searchTags = !empty($searchTags) ? $searchTags .' - ' : '';
+        $this->assignView(
+            'pagetitle',
+            $searchTags . t('Tag '. $type) .' - '. $this->container->conf->get('general.title', 'Shaarli')
+        );
+        return $response->write($this->render('tag.' . $type));
+    }
+    /**
+     * Format the tags array for the tag cloud template.
+     *
+     * @param array<string, int> $tags List of tags as key with count as value
+     *
+     * @return mixed[] List of tags as key, with count and expected font size in a subarray
+     */
+    protected function formatTagsForCloud(array $tags): array
+    {
+        // We sort tags alphabetically, then choose a font size according to count.
+        // First, find max value.
+        $maxCount = count($tags) > 0 ? max($tags) : 0;
+        $logMaxCount = $maxCount > 1 ? log($maxCount, 30) : 1;
+        $tagList = [];
+        foreach ($tags as $key => $value) {
+            // Tag font size scaling:
+            //   default 15 and 30 logarithm bases affect scaling,
+            //   2.2 and 0.8 are arbitrary font sizes in em.
+            $size = log($value, 15) / $logMaxCount * 2.2 + 0.8;
+            $tagList[$key] = [
+                'count' => $value,
+                'size' => number_format($size, 2, '.', ''),
+            ];
+        }
+        return $tagList;
+    }
+}
diff --git a/application/front/controller/visitor/TagController.php b/application/front/controller/visitor/TagController.php
new file mode 100644
index 00000000..de4e7ea2
--- /dev/null
+++ b/application/front/controller/visitor/TagController.php
@@ -0,0 +1,118 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Controller\Visitor;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * Class TagController
+ *
+ * Slim controller handle tags.
+ */
+class TagController extends ShaarliVisitorController
+{
+    /**
+     * Add another tag in the current search through an HTTP redirection.
+     *
+     * @param array $args Should contain `newTag` key as tag to add to current search
+     */
+    public function addTag(Request $request, Response $response, array $args): Response
+    {
+        $newTag = $args['newTag'] ?? null;
+        $referer = $this->container->environment['HTTP_REFERER'] ?? null;
+        // In case browser does not send HTTP_REFERER, we search a single tag
+        if (null === $referer) {
+            if (null !== $newTag) {
+                return $this->redirect($response, '/?searchtags='. urlencode($newTag));
+            }
+            return $this->redirect($response, '/');
+        }
+        $currentUrl = parse_url($referer);
+        parse_str($currentUrl['query'] ?? '', $params);
+        if (null === $newTag) {
+            return $response->withRedirect(($currentUrl['path'] ?? './') .'?'. http_build_query($params));
+        }
+        // Prevent redirection loop
+        if (isset($params['addtag'])) {
+            unset($params['addtag']);
+        }
+        // Check if this tag is already in the search query and ignore it if it is.
+        // Each tag is always separated by a space
+        $currentTags = isset($params['searchtags']) ? explode(' ', $params['searchtags']) : [];
+        $addtag = true;
+        foreach ($currentTags as $value) {
+            if ($value === $newTag) {
+                $addtag = false;
+                break;
+            }
+        }
+        // Append the tag if necessary
+        if (true === $addtag) {
+            $currentTags[] = trim($newTag);
+        }
+        $params['searchtags'] = trim(implode(' ', $currentTags));
+        // We also remove page (keeping the same page has no sense, since the results are different)
+        unset($params['page']);
+        return $response->withRedirect(($currentUrl['path'] ?? './') .'?'. http_build_query($params));
+    }
+    /**
+     * Remove a tag from the current search through an HTTP redirection.
+     *
+     * @param array $args Should contain `tag` key as tag to remove from current search
+     */
+    public function removeTag(Request $request, Response $response, array $args): Response
+    {
+        $referer = $this->container->environment['HTTP_REFERER'] ?? null;
+        // If the referrer is not provided, we can update the search, so we failback on the bookmark list
+        if (empty($referer)) {
+            return $this->redirect($response, '/');
+        }
+        $tagToRemove = $args['tag'] ?? null;
+        $currentUrl = parse_url($referer);
+        parse_str($currentUrl['query'] ?? '', $params);
+        if (null === $tagToRemove) {
+            return $response->withRedirect(($currentUrl['path'] ?? './') .'?'. http_build_query($params));
+        }
+        // Prevent redirection loop
+        if (isset($params['removetag'])) {
+            unset($params['removetag']);
+        }
+        if (isset($params['searchtags'])) {
+            $tags = explode(' ', $params['searchtags']);
+            // Remove value from array $tags.
+            $tags = array_diff($tags, [$tagToRemove]);
+            $params['searchtags'] = implode(' ', $tags);
+            if (empty($params['searchtags'])) {
+                unset($params['searchtags']);
+            }
+            // We also remove page (keeping the same page has no sense, since the results are different)
+            unset($params['page']);
+        }
+        $queryParams = count($params) > 0 ? '?' . http_build_query($params) : '';
+        return $response->withRedirect(($currentUrl['path'] ?? './') . $queryParams);
+    }
+}
diff --git a/application/front/controllers/LoginController.php b/application/front/controllers/LoginController.php
deleted file mode 100644
index ae3599e0..00000000
--- a/application/front/controllers/LoginController.php
+++ /dev/null
@@ -1,48 +0,0 @@
-<?php
-declare(strict_types=1);
-namespace Shaarli\Front\Controller;
-use Shaarli\Front\Exception\LoginBannedException;
-use Slim\Http\Request;
-use Slim\Http\Response;
-/**
- * Class LoginController
- *
- * Slim controller used to render the login page.
- *
- * The login page is not available if the user is banned
- * or if open shaarli setting is enabled.
- *
- * @package Front\Controller
- */
-class LoginController extends ShaarliController
-{
-    public function index(Request $request, Response $response): Response
-    {
-        if ($this->container->loginManager->isLoggedIn()
-            || $this->container->conf->get('security.open_shaarli', false)
-        ) {
-            return $response->withRedirect('./');
-        }
-        $userCanLogin = $this->container->loginManager->canLogin($request->getServerParams());
-        if ($userCanLogin !== true) {
-            throw new LoginBannedException();
-        }
-        if ($request->getParam('username') !== null) {
-            $this->assignView('username', escape($request->getParam('username')));
-        }
-        $this
-            ->assignView('returnurl', escape($request->getServerParam('HTTP_REFERER')))
-            ->assignView('remember_user_default', $this->container->conf->get('privacy.remember_user_default', true))
-            ->assignView('pagetitle', t('Login') .' - '. $this->container->conf->get('general.title', 'Shaarli'))
-        ;
-        return $response->write($this->render('loginform'));
-    }
-}
diff --git a/application/front/controllers/ShaarliController.php b/application/front/controllers/ShaarliController.php
deleted file mode 100644
index 2b828588..00000000
--- a/application/front/controllers/ShaarliController.php
+++ /dev/null
@@ -1,69 +0,0 @@
-<?php
-declare(strict_types=1);
-namespace Shaarli\Front\Controller;
-use Shaarli\Bookmark\BookmarkFilter;
-use Shaarli\Container\ShaarliContainer;
-abstract class ShaarliController
-{
-    /** @var ShaarliContainer */
-    protected $container;
-    /** @param ShaarliContainer $container Slim container (extended for attribute completion). */
-    public function __construct(ShaarliContainer $container)
-    {
-        $this->container = $container;
-    }
-    /**
-     * Assign variables to RainTPL template through the PageBuilder.
-     *
-     * @param mixed $value Value to assign to the template
-     */
-    protected function assignView(string $name, $value): self
-    {
-        $this->container->pageBuilder->assign($name, $value);
-        return $this;
-    }
-    protected function render(string $template): string
-    {
-        $this->assignView('linkcount', $this->container->bookmarkService->count(BookmarkFilter::$ALL));
-        $this->assignView('privateLinkcount', $this->container->bookmarkService->count(BookmarkFilter::$PRIVATE));
-        $this->assignView('plugin_errors', $this->container->pluginManager->getErrors());
-        $this->executeDefaultHooks($template);
-        return $this->container->pageBuilder->render($template);
-    }
-    /**
-     * Call plugin hooks for header, footer and includes, specifying which page will be rendered.
-     * Then assign generated data to RainTPL.
-     */
-    protected function executeDefaultHooks(string $template): void
-    {
-        $common_hooks = [
-            'includes',
-            'header',
-            'footer',
-        ];
-        foreach ($common_hooks as $name) {
-            $plugin_data = [];
-            $this->container->pluginManager->executeHooks(
-                'render_' . $name,
-                $plugin_data,
-                [
-                    'target' => $template,
-                    'loggedin' => $this->container->loginManager->isLoggedIn()
-                ]
-            );
-            $this->assignView('plugins_' . $name, $plugin_data);
-        }
-    }
-}
diff --git a/application/front/exceptions/AlreadyInstalledException.php b/application/front/exceptions/AlreadyInstalledException.php
new file mode 100644
index 00000000..4add86cf
--- /dev/null
+++ b/application/front/exceptions/AlreadyInstalledException.php
@@ -0,0 +1,15 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Exception;
+class AlreadyInstalledException extends ShaarliFrontException
+{
+    public function __construct()
+    {
+        $message = t('Shaarli has already been installed. Login to edit the configuration.');
+        parent::__construct($message, 401);
+    }
+}
diff --git a/application/front/exceptions/CantLoginException.php b/application/front/exceptions/CantLoginException.php
new file mode 100644
index 00000000..cd16635d
--- /dev/null
+++ b/application/front/exceptions/CantLoginException.php
@@ -0,0 +1,10 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Exception;
+class CantLoginException extends \Exception
+{
+}
diff --git a/application/front/exceptions/LoginBannedException.php b/application/front/exceptions/LoginBannedException.php
index b31a4a14..79d0ea15 100644
--- a/application/front/exceptions/LoginBannedException.php
+++ b/application/front/exceptions/LoginBannedException.php
@@ -4,7 +4,7 @@ declare(strict_types=1);
 namespace Shaarli\Front\Exception;
-class LoginBannedException extends ShaarliException
+class LoginBannedException extends ShaarliFrontException
 {
    public function __construct()
    {
diff --git a/application/front/exceptions/OpenShaarliPasswordException.php b/application/front/exceptions/OpenShaarliPasswordException.php
new file mode 100644
index 00000000..a6f0b3ae
--- /dev/null
+++ b/application/front/exceptions/OpenShaarliPasswordException.php
@@ -0,0 +1,18 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Exception;
+/**
+ * Class OpenShaarliPasswordException
+ *
+ * Raised if the user tries to change the admin password on an open shaarli instance.
+ */
+class OpenShaarliPasswordException extends ShaarliFrontException
+{
+    public function __construct()
+    {
+        parent::__construct(t('You are not supposed to change a password on an Open Shaarli.'), 403);
+    }
+}
diff --git a/application/front/exceptions/ResourcePermissionException.php b/application/front/exceptions/ResourcePermissionException.php
new file mode 100644
index 00000000..8fbf03b9
--- /dev/null
+++ b/application/front/exceptions/ResourcePermissionException.php
@@ -0,0 +1,13 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Exception;
+class ResourcePermissionException extends ShaarliFrontException
+{
+    public function __construct(string $message)
+    {
+        parent::__construct($message, 500);
+    }
+}
diff --git a/application/front/exceptions/ShaarliException.php b/application/front/exceptions/ShaarliFrontException.php
index 800bfbec..73847e6d 100644
--- a/application/front/exceptions/ShaarliException.php
+++ b/application/front/exceptions/ShaarliFrontException.php
@@ -9,11 +9,11 @@ use Throwable;
 /**
 * Class ShaarliException
 *
- * Abstract exception class used to defined any custom exception thrown during front rendering.
+ * Exception class used to defined any custom exception thrown during front rendering.
 *
 * @package Front\Exception
 */
-abstract class ShaarliException extends \Exception
+class ShaarliFrontException extends \Exception
 {
    /** Override parent constructor to force $message and $httpCode parameters to be set. */
    public function __construct(string $message, int $httpCode, Throwable $previous = null)
diff --git a/application/front/exceptions/ThumbnailsDisabledException.php b/application/front/exceptions/ThumbnailsDisabledException.php
new file mode 100644
index 00000000..0ed337f5
--- /dev/null
+++ b/application/front/exceptions/ThumbnailsDisabledException.php
@@ -0,0 +1,15 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Exception;
+class ThumbnailsDisabledException extends ShaarliFrontException
+{
+    public function __construct()
+    {
+        $message = t('Picture wall unavailable (thumbnails are disabled).');
+        parent::__construct($message, 400);
+    }
+}
diff --git a/application/front/exceptions/UnauthorizedException.php b/application/front/exceptions/UnauthorizedException.php
new file mode 100644
index 00000000..4231094a
--- /dev/null
+++ b/application/front/exceptions/UnauthorizedException.php
@@ -0,0 +1,15 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Exception;
+/**
+ * Class UnauthorizedException
+ *
+ * Exception raised if the user tries to access a ShaarliAdminController while logged out.
+ */
+class UnauthorizedException extends \Exception
+{
+}
diff --git a/application/front/exceptions/WrongTokenException.php b/application/front/exceptions/WrongTokenException.php
new file mode 100644
index 00000000..42002720
--- /dev/null
+++ b/application/front/exceptions/WrongTokenException.php
@@ -0,0 +1,18 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Front\Exception;
+/**
+ * Class OpenShaarliPasswordException
+ *
+ * Raised if the user tries to perform an action with an invalid XSRF token.
+ */
+class WrongTokenException extends ShaarliFrontException
+{
+    public function __construct()
+    {
+        parent::__construct(t('Wrong token.'), 403);
+    }
+}
diff --git a/application/ApplicationUtils.php b/application/helper/ApplicationUtils.php
index 3aa21829..4b34e114 100644
--- a/application/ApplicationUtils.php
+++ b/application/helper/ApplicationUtils.php
@@ -1,5 +1,5 @@
 <?php
-namespace Shaarli;
+namespace Shaarli\Helper;
 use Exception;
 use Shaarli\Config\ConfigManager;
@@ -14,8 +14,9 @@ class ApplicationUtils
     */
    public static $VERSION_FILE = 'shaarli_version.php';
-    private static $GIT_URL = 'https://raw.githubusercontent.com/shaarli/Shaarli';
+    public static $GITHUB_URL = 'https://github.com/shaarli/Shaarli';
-    private static $GIT_BRANCHES = array('latest', 'stable');
+    public static $GIT_RAW_URL = 'https://raw.githubusercontent.com/shaarli/Shaarli';
+    public static $GIT_BRANCHES = array('latest', 'stable');
    private static $VERSION_START_TAG = '<?php /* ';
    private static $VERSION_END_TAG = ' */ ?>';
@@ -125,7 +126,7 @@ class ApplicationUtils
        // Late Static Binding allows overriding within tests
        // See http://php.net/manual/en/language.oop5.late-static-bindings.php
        $latestVersion = static::getVersion(
-            self::$GIT_URL . '/' . $branch . '/' . self::$VERSION_FILE
+            self::$GIT_RAW_URL . '/' . $branch . '/' . self::$VERSION_FILE
        );
        if (!$latestVersion) {
@@ -171,35 +172,45 @@ class ApplicationUtils
    /**
     * Checks Shaarli has the proper access permissions to its resources
     *
-     * @param ConfigManager $conf Configuration Manager instance.
+     * @param ConfigManager $conf        Configuration Manager instance.
+     * @param bool          $minimalMode In minimal mode we only check permissions to be able to display a template.
+     *                                   Currently we only need to be able to read the theme and write in raintpl cache.
     *
     * @return array A list of the detected configuration issues
     */
-    public static function checkResourcePermissions($conf)
+    public static function checkResourcePermissions(ConfigManager $conf, bool $minimalMode = false): array
    {
-        $errors = array();
+        $errors = [];
        $rainTplDir = rtrim($conf->get('resource.raintpl_tpl'), '/');
        // Check script and template directories are readable
-        foreach (array(
+        foreach ([
                     'application',
                     'inc',
                     'plugins',
                     $rainTplDir,
                     $rainTplDir . '/' . $conf->get('resource.theme'),
-                 ) as $path) {
+                 ] as $path) {
            if (!is_readable(realpath($path))) {
                $errors[] = '"' . $path . '" ' . t('directory is not readable');
            }
        }
        // Check cache and data directories are readable and writable
-        foreach (array(
+        if ($minimalMode) {
-                     $conf->get('resource.thumbnails_cache'),
+            $folders = [
-                     $conf->get('resource.data_dir'),
+                $conf->get('resource.raintpl_tmp'),
-                     $conf->get('resource.page_cache'),
+            ];
-                     $conf->get('resource.raintpl_tmp'),
+        } else {
-                 ) as $path) {
+            $folders = [
+                $conf->get('resource.thumbnails_cache'),
+                $conf->get('resource.data_dir'),
+                $conf->get('resource.page_cache'),
+                $conf->get('resource.raintpl_tmp'),
+            ];
+        }
+        foreach ($folders as $path) {
            if (!is_readable(realpath($path))) {
                $errors[] = '"' . $path . '" ' . t('directory is not readable');
            }
@@ -208,6 +219,10 @@ class ApplicationUtils
            }
        }
+        if ($minimalMode) {
+            return $errors;
+        }
        // Check configuration files are readable and writable
        foreach (array(
                     $conf->getConfigFileExt(),
@@ -246,4 +261,54 @@ class ApplicationUtils
    {
        return hash_hmac('sha256', $currentVersion, $salt);
    }
+    /**
+     * Get a list of PHP extensions used by Shaarli.
+     *
+     * @return array[] List of extension with following keys:
+     *                   - name: extension name
+     *                   - required: whether the extension is required to use Shaarli
+     *                   - desc: short description of extension usage in Shaarli
+     *                   - loaded: whether the extension is properly loaded or not
+     */
+    public static function getPhpExtensionsRequirement(): array
+    {
+        $extensions = [
+            ['name' => 'json', 'required' => true, 'desc' => t('Configuration parsing')],
+            ['name' => 'simplexml', 'required' => true, 'desc' => t('Slim Framework (routing, etc.)')],
+            ['name' => 'mbstring', 'required' => true, 'desc' => t('Multibyte (Unicode) string support')],
+            ['name' => 'gd', 'required' => false, 'desc' => t('Required to use thumbnails')],
+            ['name' => 'intl', 'required' => false, 'desc' => t('Localized text sorting (e.g. e->è->f)')],
+            ['name' => 'curl', 'required' => false, 'desc' => t('Better retrieval of bookmark metadata and thumbnail')],
+            ['name' => 'gettext', 'required' => false, 'desc' => t('Use the translation system in gettext mode')],
+            ['name' => 'ldap', 'required' => false, 'desc' => t('Login using LDAP server')],
+        ];
+        foreach ($extensions as &$extension) {
+            $extension['loaded'] = extension_loaded($extension['name']);
+        }
+        return $extensions;
+    }
+    /**
+     * Return the EOL date of given PHP version. If the version is unknown,
+     * we return today + 2 years.
+     *
+     * @param string $fullVersion PHP version, e.g. 7.4.7
+     *
+     * @return string Date format: YYYY-MM-DD
+     */
+    public static function getPhpEol(string $fullVersion): string
+    {
+        preg_match('/(\d+\.\d+)\.\d+/', $fullVersion, $matches);
+        return [
+            '7.1' => '2019-12-01',
+            '7.2' => '2020-11-30',
+            '7.3' => '2021-12-06',
+            '7.4' => '2022-11-28',
+            '8.0' => '2023-12-01',
+        ][$matches[1]] ?? (new \DateTime('+2 year'))->format('Y-m-d');
+    }
 }
diff --git a/application/helper/DailyPageHelper.php b/application/helper/DailyPageHelper.php
new file mode 100644
index 00000000..5fabc907
--- /dev/null
+++ b/application/helper/DailyPageHelper.php
@@ -0,0 +1,208 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Helper;
+use Shaarli\Bookmark\Bookmark;
+use Slim\Http\Request;
+class DailyPageHelper
+{
+    public const MONTH = 'month';
+    public const WEEK = 'week';
+    public const DAY = 'day';
+    /**
+     * Extracts the type of the daily to display from the HTTP request parameters
+     *
+     * @param Request $request HTTP request
+     *
+     * @return string month/week/day
+     */
+    public static function extractRequestedType(Request $request): string
+    {
+        if ($request->getQueryParam(static::MONTH) !== null) {
+            return static::MONTH;
+        } elseif ($request->getQueryParam(static::WEEK) !== null) {
+            return static::WEEK;
+        }
+        return static::DAY;
+    }
+    /**
+     * Extracts a DateTimeImmutable from provided HTTP request.
+     * If no parameter is provided, we rely on the creation date of the latest provided created bookmark.
+     * If the datastore is empty or no bookmark is provided, we use the current date.
+     *
+     * @param string        $type           month/week/day
+     * @param string|null   $requestedDate  Input string extracted from the request
+     * @param Bookmark|null $latestBookmark Latest bookmark found in the datastore (by date)
+     *
+     * @return \DateTimeImmutable from input or latest bookmark.
+     *
+     * @throws \Exception Type not supported.
+     */
+    public static function extractRequestedDateTime(
+        string $type,
+        ?string $requestedDate,
+        Bookmark $latestBookmark = null
+    ): \DateTimeImmutable {
+        $format = static::getFormatByType($type);
+        if (empty($requestedDate)) {
+            return $latestBookmark instanceof Bookmark
+                ? new \DateTimeImmutable($latestBookmark->getCreated()->format(\DateTime::ATOM))
+                : new \DateTimeImmutable()
+            ;
+        }
+        // W is not supported by createFromFormat...
+        if ($type === static::WEEK) {
+            return (new \DateTimeImmutable())
+                ->setISODate((int) substr($requestedDate, 0, 4), (int) substr($requestedDate, 4, 2))
+            ;
+        }
+        return \DateTimeImmutable::createFromFormat($format, $requestedDate);
+    }
+    /**
+     * Get the DateTime format used by provided type
+     * Examples:
+     *   - day: 20201016 (<year><month><day>)
+     *   - week: 202041 (<year><week number>)
+     *   - month: 202010 (<year><month>)
+     *
+     * @param string $type month/week/day
+     *
+     * @return string DateTime compatible format
+     *
+     * @see https://www.php.net/manual/en/datetime.format.php
+     *
+     * @throws \Exception Type not supported.
+     */
+    public static function getFormatByType(string $type): string
+    {
+        switch ($type) {
+            case static::MONTH:
+                return 'Ym';
+            case static::WEEK:
+                return 'YW';
+            case static::DAY:
+                return 'Ymd';
+            default:
+                throw new \Exception('Unsupported daily format type');
+        }
+    }
+    /**
+     * Get the first DateTime of the time period depending on given datetime and type.
+     * Note: DateTimeImmutable is required because we rely heavily on DateTime->modify() syntax
+     *       and we don't want to alter original datetime.
+     *
+     * @param string             $type      month/week/day
+     * @param \DateTimeImmutable $requested DateTime extracted from request input
+     *                                      (should come from extractRequestedDateTime)
+     *
+     * @return \DateTimeInterface First DateTime of the time period
+     *
+     * @throws \Exception Type not supported.
+     */
+    public static function getStartDateTimeByType(string $type, \DateTimeImmutable $requested): \DateTimeInterface
+    {
+        switch ($type) {
+            case static::MONTH:
+                return $requested->modify('first day of this month midnight');
+            case static::WEEK:
+                return $requested->modify('Monday this week midnight');
+            case static::DAY:
+                return $requested->modify('Today midnight');
+            default:
+                throw new \Exception('Unsupported daily format type');
+        }
+    }
+    /**
+     * Get the last DateTime of the time period depending on given datetime and type.
+     * Note: DateTimeImmutable is required because we rely heavily on DateTime->modify() syntax
+     *       and we don't want to alter original datetime.
+     *
+     * @param string             $type      month/week/day
+     * @param \DateTimeImmutable $requested DateTime extracted from request input
+     *                                      (should come from extractRequestedDateTime)
+     *
+     * @return \DateTimeInterface Last DateTime of the time period
+     *
+     * @throws \Exception Type not supported.
+     */
+    public static function getEndDateTimeByType(string $type, \DateTimeImmutable $requested): \DateTimeInterface
+    {
+        switch ($type) {
+            case static::MONTH:
+                return $requested->modify('last day of this month 23:59:59');
+            case static::WEEK:
+                return $requested->modify('Sunday this week 23:59:59');
+            case static::DAY:
+                return $requested->modify('Today 23:59:59');
+            default:
+                throw new \Exception('Unsupported daily format type');
+        }
+    }
+    /**
+     * Get localized description of the time period depending on given datetime and type.
+     * Example: for a month period, it returns `October, 2020`.
+     *
+     * @param string             $type      month/week/day
+     * @param \DateTimeImmutable $requested DateTime extracted from request input
+     *                                      (should come from extractRequestedDateTime)
+     *
+     * @return string Localized time period description
+     *
+     * @throws \Exception Type not supported.
+     */
+    public static function getDescriptionByType(string $type, \DateTimeImmutable $requested): string
+    {
+        switch ($type) {
+            case static::MONTH:
+                return $requested->format('F') . ', ' . $requested->format('Y');
+            case static::WEEK:
+                $requested = $requested->modify('Monday this week');
+                return t('Week') . ' ' . $requested->format('W') . ' (' . format_date($requested, false) . ')';
+            case static::DAY:
+                $out = '';
+                if ($requested->format('Ymd') === date('Ymd')) {
+                    $out = t('Today') . ' - ';
+                } elseif ($requested->format('Ymd') === date('Ymd', strtotime('-1 days'))) {
+                    $out = t('Yesterday') . ' - ';
+                }
+                return $out . format_date($requested, false);
+            default:
+                throw new \Exception('Unsupported daily format type');
+        }
+    }
+    /**
+     * Get the number of items to display in the RSS feed depending on the given type.
+     *
+     * @param string $type month/week/day
+     *
+     * @return int number of elements
+     *
+     * @throws \Exception Type not supported.
+     */
+    public static function getRssLengthByType(string $type): int
+    {
+        switch ($type) {
+            case static::MONTH:
+                return 12; // 1 year
+            case static::WEEK:
+                return 26; // ~6 months
+            case static::DAY:
+                return 30; // ~1 month
+            default:
+                throw new \Exception('Unsupported daily format type');
+        }
+    }
+}
diff --git a/application/FileUtils.php b/application/helper/FileUtils.php
index 30560bfc..2eac0793 100644
--- a/application/FileUtils.php
+++ b/application/helper/FileUtils.php
@@ -1,6 +1,6 @@
 <?php
-namespace Shaarli;
+namespace Shaarli\Helper;
 use Shaarli\Exceptions\IOException;
@@ -81,4 +81,60 @@ class FileUtils
            )
        );
    }
+    /**
+     * Recursively deletes a folder content, and deletes itself optionally.
+     * If an excluded file is found, folders won't be deleted.
+     *
+     * Additional security: raise an exception if it tries to delete a folder outside of Shaarli directory.
+     *
+     * @param string $path
+     * @param bool $selfDelete Delete the provided folder if true, only its content if false.
+     * @param array $exclude
+     */
+    public static function clearFolder(string $path, bool $selfDelete, array $exclude = []): bool
+    {
+        $skipped = false;
+        if (!is_dir($path)) {
+            throw new IOException(t('Provided path is not a directory.'));
+        }
+        if (!static::isPathInShaarliFolder($path)) {
+            throw new IOException(t('Trying to delete a folder outside of Shaarli path.'));
+        }
+        foreach (new \DirectoryIterator($path) as $file) {
+            if($file->isDot()) {
+                continue;
+            }
+            if (in_array($file->getBasename(), $exclude, true)) {
+                $skipped = true;
+                continue;
+            }
+            if ($file->isFile()) {
+                unlink($file->getPathname());
+            } elseif($file->isDir()) {
+                $skipped = static::clearFolder($file->getRealPath(), true, $exclude) || $skipped;
+            }
+        }
+        if ($selfDelete && !$skipped) {
+            rmdir($path);
+        }
+        return $skipped;
+    }
+    /**
+     * Checks that the given path is inside Shaarli directory.
+     */
+    public static function isPathInShaarliFolder(string $path): bool
+    {
+        $rootDirectory = dirname(dirname(dirname(__FILE__)));
+        return strpos(realpath($path), $rootDirectory) !== false;
+    }
 }
diff --git a/application/http/HttpAccess.php b/application/http/HttpAccess.php
new file mode 100644
index 00000000..646a5264
--- /dev/null
+++ b/application/http/HttpAccess.php
@@ -0,0 +1,47 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Http;
+/**
+ * Class HttpAccess
+ *
+ * This is mostly an OOP wrapper for HTTP functions defined in `HttpUtils`.
+ * It is used as dependency injection in Shaarli's container.
+ *
+ * @package Shaarli\Http
+ */
+class HttpAccess
+{
+    public function getHttpResponse(
+        $url,
+        $timeout = 30,
+        $maxBytes = 4194304,
+        $curlHeaderFunction = null,
+        $curlWriteFunction = null
+    ) {
+        return get_http_response($url, $timeout, $maxBytes, $curlHeaderFunction, $curlWriteFunction);
+    }
+    public function getCurlDownloadCallback(
+        &$charset,
+        &$title,
+        &$description,
+        &$keywords,
+        $retrieveDescription
+    ) {
+        return get_curl_download_callback(
+            $charset,
+            $title,
+            $description,
+            $keywords,
+            $retrieveDescription
+        );
+    }
+    public function getCurlHeaderCallback(&$charset, $curlGetInfo = 'curl_getinfo')
+    {
+        return get_curl_header_callback($charset, $curlGetInfo);
+    }
+}
diff --git a/application/http/HttpUtils.php b/application/http/HttpUtils.php
index 2ea9195d..28c12969 100644
--- a/application/http/HttpUtils.php
+++ b/application/http/HttpUtils.php
@@ -6,12 +6,14 @@ use Shaarli\Http\Url;
 * GET an HTTP URL to retrieve its content
 * Uses the cURL library or a fallback method
 *
- * @param string          $url               URL to get (http://...)
+ * @param string          $url                URL to get (http://...)
- * @param int             $timeout           network timeout (in seconds)
+ * @param int             $timeout            network timeout (in seconds)
- * @param int             $maxBytes          maximum downloaded bytes (default: 4 MiB)
+ * @param int             $maxBytes           maximum downloaded bytes (default: 4 MiB)
- * @param callable|string $curlWriteFunction Optional callback called during the download (cURL CURLOPT_WRITEFUNCTION).
+ * @param callable|string $curlHeaderFunction Optional callback called during the download of headers
- *                                           Can be used to add download conditions on the
+ *                                            (CURLOPT_HEADERFUNCTION)
- *                                           headers (response code, content type, etc.).
+ * @param callable|string $curlWriteFunction  Optional callback called during the download (cURL CURLOPT_WRITEFUNCTION).
+ *                                            Can be used to add download conditions on the
+ *                                            headers (response code, content type, etc.).
 *
 * @return array HTTP response headers, downloaded content
 *
@@ -35,8 +37,13 @@ use Shaarli\Http\Url;
 * @see http://stackoverflow.com/q/9183178
 * @see http://stackoverflow.com/q/1462720
 */
-function get_http_response($url, $timeout = 30, $maxBytes = 4194304, $curlWriteFunction = null)
+function get_http_response(
-{
+    $url,
+    $timeout = 30,
+    $maxBytes = 4194304,
+    $curlHeaderFunction = null,
+    $curlWriteFunction = null
+) {
    $urlObj = new Url($url);
    $cleanUrl = $urlObj->idnToAscii();
@@ -70,7 +77,8 @@ function get_http_response($url, $timeout = 30, $maxBytes = 4194304, $curlWriteF
    // General cURL settings
    curl_setopt($ch, CURLOPT_AUTOREFERER, true);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
-    curl_setopt($ch, CURLOPT_HEADER, true);
+    // Default header download if the $curlHeaderFunction is not defined
+    curl_setopt($ch, CURLOPT_HEADER, !is_callable($curlHeaderFunction));
    curl_setopt(
        $ch,
        CURLOPT_HTTPHEADER,
@@ -81,25 +89,21 @@ function get_http_response($url, $timeout = 30, $maxBytes = 4194304, $curlWriteF
    curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
    curl_setopt($ch, CURLOPT_USERAGENT, $userAgent);
-    if (is_callable($curlWriteFunction)) {
-        curl_setopt($ch, CURLOPT_WRITEFUNCTION, $curlWriteFunction);
-    }
    // Max download size management
    curl_setopt($ch, CURLOPT_BUFFERSIZE, 1024*16);
    curl_setopt($ch, CURLOPT_NOPROGRESS, false);
+    if (is_callable($curlHeaderFunction)) {
+        curl_setopt($ch, CURLOPT_HEADERFUNCTION, $curlHeaderFunction);
+    }
+    if (is_callable($curlWriteFunction)) {
+        curl_setopt($ch, CURLOPT_WRITEFUNCTION, $curlWriteFunction);
+    }
    curl_setopt(
        $ch,
        CURLOPT_PROGRESSFUNCTION,
-        function ($arg0, $arg1, $arg2, $arg3, $arg4 = 0) use ($maxBytes) {
+        function ($arg0, $arg1, $arg2, $arg3, $arg4) use ($maxBytes) {
-            if (version_compare(phpversion(), '5.5', '<')) {
+            $downloaded = $arg2;
-                // PHP version lower than 5.5
-                // Callback has 4 arguments
-                $downloaded = $arg1;
-            } else {
-                // Callback has 5 arguments
-                $downloaded = $arg2;
-            }
            // Non-zero return stops downloading
            return ($downloaded > $maxBytes) ? 1 : 0;
        }
@@ -369,7 +373,11 @@ function server_url($server)
 */
 function index_url($server)
 {
-    $scriptname = $server['SCRIPT_NAME'];
+    if (defined('SHAARLI_ROOT_URL') && null !== SHAARLI_ROOT_URL) {
+        return rtrim(SHAARLI_ROOT_URL, '/') . '/';
+    }
+    $scriptname = !empty($server['SCRIPT_NAME']) ? $server['SCRIPT_NAME'] : '/';
    if (endsWith($scriptname, 'index.php')) {
        $scriptname = substr($scriptname, 0, -9);
    }
@@ -377,7 +385,7 @@ function index_url($server)
 }
 /**
- * Returns the absolute URL of the current script, with the query
+ * Returns the absolute URL of the current script, with current route and query
 *
 * If the resource is "index.php", then it is removed (for better-looking URLs)
 *
@@ -387,10 +395,17 @@ function index_url($server)
 */
 function page_url($server)
 {
+    $scriptname = $server['SCRIPT_NAME'] ?? '';
+    if (endsWith($scriptname, 'index.php')) {
+        $scriptname = substr($scriptname, 0, -9);
+    }
+    $route = preg_replace('@^' . $scriptname . '@', '', $server['REQUEST_URI'] ?? '');
    if (! empty($server['QUERY_STRING'])) {
-        return index_url($server).'?'.$server['QUERY_STRING'];
+        return index_url($server) . $route . '?' . $server['QUERY_STRING'];
    }
-    return index_url($server);
+    return index_url($server) . $route;
 }
 /**
@@ -477,3 +492,132 @@ function is_https($server)
    return ! empty($server['HTTPS']);
 }
+/**
+ * Get cURL callback function for CURLOPT_WRITEFUNCTION
+ *
+ * @param string $charset     to extract from the downloaded page (reference)
+ * @param string $curlGetInfo Optionally overrides curl_getinfo function
+ *
+ * @return Closure
+ */
+function get_curl_header_callback(
+    &$charset,
+    $curlGetInfo = 'curl_getinfo'
+) {
+    $isRedirected = false;
+    return function ($ch, $data) use ($curlGetInfo, &$charset, &$isRedirected) {
+        $responseCode = $curlGetInfo($ch, CURLINFO_RESPONSE_CODE);
+        $chunkLength = strlen($data);
+        if (!empty($responseCode) && in_array($responseCode, [301, 302])) {
+            $isRedirected = true;
+            return $chunkLength;
+        }
+        if (!empty($responseCode) && $responseCode !== 200) {
+            return false;
+        }
+        // After a redirection, the content type will keep the previous request value
+        // until it finds the next content-type header.
+        if (! $isRedirected || strpos(strtolower($data), 'content-type') !== false) {
+            $contentType = $curlGetInfo($ch, CURLINFO_CONTENT_TYPE);
+        }
+        if (!empty($contentType) && strpos($contentType, 'text/html') === false) {
+            return false;
+        }
+        if (!empty($contentType) && empty($charset)) {
+            $charset = header_extract_charset($contentType);
+        }
+        return $chunkLength;
+    };
+}
+/**
+ * Get cURL callback function for CURLOPT_WRITEFUNCTION
+ *
+ * @param string $charset     to extract from the downloaded page (reference)
+ * @param string $title       to extract from the downloaded page (reference)
+ * @param string $description to extract from the downloaded page (reference)
+ * @param string $keywords    to extract from the downloaded page (reference)
+ * @param bool   $retrieveDescription Automatically tries to retrieve description and keywords from HTML content
+ * @param string $curlGetInfo Optionally overrides curl_getinfo function
+ *
+ * @return Closure
+ */
+function get_curl_download_callback(
+    &$charset,
+    &$title,
+    &$description,
+    &$keywords,
+    $retrieveDescription
+) {
+    $currentChunk = 0;
+    $foundChunk = null;
+    /**
+     * cURL callback function for CURLOPT_WRITEFUNCTION (called during the download).
+     *
+     * While downloading the remote page, we check that the HTTP code is 200 and content type is 'html/text'
+     * Then we extract the title and the charset and stop the download when it's done.
+     *
+     * @param resource $ch   cURL resource
+     * @param string   $data chunk of data being downloaded
+     *
+     * @return int|bool length of $data or false if we need to stop the download
+     */
+    return function ($ch, $data) use (
+        $retrieveDescription,
+        &$charset,
+        &$title,
+        &$description,
+        &$keywords,
+        &$currentChunk,
+        &$foundChunk
+    ) {
+        $chunkLength = strlen($data);
+        $currentChunk++;
+        if (empty($charset)) {
+            $charset = html_extract_charset($data);
+        }
+        if (empty($title)) {
+            $title = html_extract_title($data);
+            $foundChunk = ! empty($title) ? $currentChunk : $foundChunk;
+        }
+        if (empty($title)) {
+            $title = html_extract_tag('title', $data);
+            $foundChunk = ! empty($title) ? $currentChunk : $foundChunk;
+        }
+        if ($retrieveDescription && empty($description)) {
+            $description = html_extract_tag('description', $data);
+            $foundChunk = ! empty($description) ? $currentChunk : $foundChunk;
+        }
+        if ($retrieveDescription && empty($keywords)) {
+            $keywords = html_extract_tag('keywords', $data);
+            if (! empty($keywords)) {
+                $foundChunk = $currentChunk;
+                // Keywords use the format tag1, tag2 multiple words, tag
+                // So we format them to match Shaarli's separator and glue multiple words with '-'
+                $keywords = implode(' ', array_map(function($keyword) {
+                    return implode('-', preg_split('/\s+/', trim($keyword)));
+                }, explode(',', $keywords)));
+            }
+        }
+        // We got everything we want, stop the download.
+        // If we already found either the title, description or keywords,
+        // it's highly unlikely that we'll found the other metas further than
+        // in the same chunk of data or the next one. So we also stop the download after that.
+        if ((!empty($responseCode) && !empty($contentType) && !empty($charset)) && $foundChunk !== null
+            && (! $retrieveDescription
+                || $foundChunk < $currentChunk
+                || (!empty($title) && !empty($description) && !empty($keywords))
+            )
+        ) {
+            return false;
+        }
+        return $chunkLength;
+    };
+}
diff --git a/application/http/MetadataRetriever.php b/application/http/MetadataRetriever.php
new file mode 100644
index 00000000..ba9bd40c
--- /dev/null
+++ b/application/http/MetadataRetriever.php
@@ -0,0 +1,69 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Http;
+use Shaarli\Config\ConfigManager;
+/**
+ * HTTP Tool used to extract metadata from external URL (title, description, etc.).
+ */
+class MetadataRetriever
+{
+    /** @var ConfigManager */
+    protected $conf;
+    /** @var HttpAccess */
+    protected $httpAccess;
+    public function __construct(ConfigManager $conf, HttpAccess $httpAccess)
+    {
+        $this->conf = $conf;
+        $this->httpAccess = $httpAccess;
+    }
+    /**
+     * Retrieve metadata for given URL.
+     *
+     * @return array [
+     *                  'title' => <remote title>,
+     *                  'description' => <remote description>,
+     *                  'tags' => <remote keywords>,
+     *               ]
+     */
+    public function retrieve(string $url): array
+    {
+        $charset = null;
+        $title = null;
+        $description = null;
+        $tags = null;
+        $retrieveDescription = $this->conf->get('general.retrieve_description');
+        // Short timeout to keep the application responsive
+        // The callback will fill $charset and $title with data from the downloaded page.
+        $this->httpAccess->getHttpResponse(
+            $url,
+            $this->conf->get('general.download_timeout', 30),
+            $this->conf->get('general.download_max_size', 4194304),
+            $this->httpAccess->getCurlHeaderCallback($charset),
+            $this->httpAccess->getCurlDownloadCallback(
+                $charset,
+                $title,
+                $description,
+                $tags,
+                $retrieveDescription
+            )
+        );
+        if (!empty($title) && strtolower($charset) !== 'utf-8') {
+            $title = mb_convert_encoding($title, 'utf-8', $charset);
+        }
+        return [
+            'title' => $title,
+            'description' => $description,
+            'tags' => $tags,
+        ];
+    }
+}
diff --git a/application/legacy/LegacyController.php b/application/legacy/LegacyController.php
new file mode 100644
index 00000000..826604e7
--- /dev/null
+++ b/application/legacy/LegacyController.php
@@ -0,0 +1,162 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Legacy;
+use Shaarli\Feed\FeedBuilder;
+use Shaarli\Front\Controller\Visitor\ShaarliVisitorController;
+use Slim\Http\Request;
+use Slim\Http\Response;
+/**
+ * We use this to maintain legacy routes, and redirect requests to the corresponding Slim route.
+ * Only public routes, and both `?addlink` and `?post` were kept here.
+ * Other routes will just display the linklist.
+ *
+ * @deprecated
+ */
+class LegacyController extends ShaarliVisitorController
+{
+    /** @var string[] Both `?post` and `?addlink` do not use `?do=` format. */
+    public const LEGACY_GET_ROUTES = [
+        'post',
+        'addlink',
+    ];
+    /**
+     * This method will call `$action` method, which will redirect to corresponding Slim route.
+     */
+    public function process(Request $request, Response $response, string $action): Response
+    {
+        if (!method_exists($this, $action)) {
+            throw new UnknowLegacyRouteException();
+        }
+        return $this->{$action}($request, $response);
+    }
+    /** Legacy route: ?post= */
+    public function post(Request $request, Response $response): Response
+    {
+        $route = '/admin/shaare';
+        $buildParameters = function (?array $parameters, bool $encode) {
+            if ($encode) {
+                $parameters = array_map('urlencode', $parameters);
+            }
+            return count($parameters) > 0 ? '?' . http_build_query($parameters) : '';
+        };
+        if (!$this->container->loginManager->isLoggedIn()) {
+            $parameters = $buildParameters($request->getQueryParams(), true);
+            return $this->redirect($response, '/login?returnurl='. $this->getBasePath() . $route . $parameters);
+        }
+        $parameters = $buildParameters($request->getQueryParams(), false);
+        return $this->redirect($response, $route . $parameters);
+    }
+    /** Legacy route: ?addlink= */
+    protected function addlink(Request $request, Response $response): Response
+    {
+        $route = '/admin/add-shaare';
+        if (!$this->container->loginManager->isLoggedIn()) {
+            return $this->redirect($response, '/login?returnurl=' . $this->getBasePath() . $route);
+        }
+        return $this->redirect($response, $route);
+    }
+    /** Legacy route: ?do=login */
+    protected function login(Request $request, Response $response): Response
+    {
+        $returnUrl = $request->getQueryParam('returnurl');
+        return $this->redirect($response, '/login' . ($returnUrl ? '?returnurl=' . $returnUrl : ''));
+    }
+    /** Legacy route: ?do=logout */
+    protected function logout(Request $request, Response $response): Response
+    {
+        return $this->redirect($response, '/admin/logout');
+    }
+    /** Legacy route: ?do=picwall */
+    protected function picwall(Request $request, Response $response): Response
+    {
+        return $this->redirect($response, '/picture-wall');
+    }
+    /** Legacy route: ?do=tagcloud */
+    protected function tagcloud(Request $request, Response $response): Response
+    {
+        return $this->redirect($response, '/tags/cloud');
+    }
+    /** Legacy route: ?do=taglist */
+    protected function taglist(Request $request, Response $response): Response
+    {
+        return $this->redirect($response, '/tags/list');
+    }
+    /** Legacy route: ?do=daily */
+    protected function daily(Request $request, Response $response): Response
+    {
+        $dayParam = !empty($request->getParam('day')) ? '?day=' . escape($request->getParam('day')) : '';
+        return $this->redirect($response, '/daily' . $dayParam);
+    }
+    /** Legacy route: ?do=rss */
+    protected function rss(Request $request, Response $response): Response
+    {
+        return $this->feed($request, $response, FeedBuilder::$FEED_RSS);
+    }
+    /** Legacy route: ?do=atom */
+    protected function atom(Request $request, Response $response): Response
+    {
+        return $this->feed($request, $response, FeedBuilder::$FEED_ATOM);
+    }
+    /** Legacy route: ?do=opensearch */
+    protected function opensearch(Request $request, Response $response): Response
+    {
+        return $this->redirect($response, '/open-search');
+    }
+    /** Legacy route: ?do=dailyrss */
+    protected function dailyrss(Request $request, Response $response): Response
+    {
+        return $this->redirect($response, '/daily-rss');
+    }
+    /** Legacy route: ?do=feed */
+    protected function feed(Request $request, Response $response, string $feedType): Response
+    {
+        $parameters = count($request->getQueryParams()) > 0 ? '?' . http_build_query($request->getQueryParams()) : '';
+        return $this->redirect($response, '/feed/' . $feedType . $parameters);
+    }
+    /** Legacy route: ?do=configure */
+    protected function configure(Request $request, Response $response): Response
+    {
+        $route = '/admin/configure';
+        if (!$this->container->loginManager->isLoggedIn()) {
+            return $this->redirect($response, '/login?returnurl=' . $this->getBasePath() . $route);
+        }
+        return $this->redirect($response, $route);
+    }
+    protected function getBasePath(): string
+    {
+        return $this->container->basePath ?: '';
+    }
+}
diff --git a/application/legacy/LegacyLinkDB.php b/application/legacy/LegacyLinkDB.php
index 7ccf5e54..5c02a21b 100644
--- a/application/legacy/LegacyLinkDB.php
+++ b/application/legacy/LegacyLinkDB.php
@@ -8,7 +8,8 @@ use DateTime;
 use Iterator;
 use Shaarli\Bookmark\Exception\BookmarkNotFoundException;
 use Shaarli\Exceptions\IOException;
-use Shaarli\FileUtils;
+use Shaarli\Helper\FileUtils;
+use Shaarli\Render\PageCacheManager;
 /**
 * Data storage for bookmarks.
@@ -352,7 +353,8 @@ You use the community supported version of the original Shaarli project, by Seba
        $this->write();
-        invalidateCaches($pageCacheDir);
+        $pageCacheManager = new PageCacheManager($pageCacheDir, $this->loggedIn);
+        $pageCacheManager->invalidateCaches();
    }
    /**
diff --git a/application/legacy/LegacyRouter.php b/application/legacy/LegacyRouter.php
new file mode 100644
index 00000000..0449c7e1
--- /dev/null
+++ b/application/legacy/LegacyRouter.php
@@ -0,0 +1,63 @@
+<?php
+namespace Shaarli\Legacy;
+/**
+ * Class Router
+ *
+ * (only displayable pages here)
+ *
+ * @deprecated
+ */
+class LegacyRouter
+{
+    public static $AJAX_THUMB_UPDATE = 'ajax_thumb_update';
+    public static $PAGE_LOGIN = 'login';
+    public static $PAGE_PICWALL = 'picwall';
+    public static $PAGE_TAGCLOUD = 'tag.cloud';
+    public static $PAGE_TAGLIST = 'tag.list';
+    public static $PAGE_DAILY = 'daily';
+    public static $PAGE_FEED_ATOM = 'feed.atom';
+    public static $PAGE_FEED_RSS = 'feed.rss';
+    public static $PAGE_TOOLS = 'tools';
+    public static $PAGE_CHANGEPASSWORD = 'changepasswd';
+    public static $PAGE_CONFIGURE = 'configure';
+    public static $PAGE_CHANGETAG = 'changetag';
+    public static $PAGE_ADDLINK = 'addlink';
+    public static $PAGE_EDITLINK = 'editlink';
+    public static $PAGE_DELETELINK = 'delete_link';
+    public static $PAGE_CHANGE_VISIBILITY = 'change_visibility';
+    public static $PAGE_PINLINK = 'pin';
+    public static $PAGE_EXPORT = 'export';
+    public static $PAGE_IMPORT = 'import';
+    public static $PAGE_OPENSEARCH = 'opensearch';
+    public static $PAGE_LINKLIST = 'linklist';
+    public static $PAGE_PLUGINSADMIN = 'pluginadmin';
+    public static $PAGE_SAVE_PLUGINSADMIN = 'save_pluginadmin';
+    public static $PAGE_THUMBS_UPDATE = 'thumbs_update';
+    public static $GET_TOKEN = 'token';
+}
diff --git a/application/legacy/LegacyUpdater.php b/application/legacy/LegacyUpdater.php
index 3a5de79f..fe1a286f 100644
--- a/application/legacy/LegacyUpdater.php
+++ b/application/legacy/LegacyUpdater.php
@@ -7,16 +7,16 @@ use RainTPL;
 use ReflectionClass;
 use ReflectionException;
 use ReflectionMethod;
-use Shaarli\ApplicationUtils;
 use Shaarli\Bookmark\Bookmark;
 use Shaarli\Bookmark\BookmarkArray;
-use Shaarli\Bookmark\LinkDB;
 use Shaarli\Bookmark\BookmarkFilter;
 use Shaarli\Bookmark\BookmarkIO;
+use Shaarli\Bookmark\LinkDB;
 use Shaarli\Config\ConfigJson;
 use Shaarli\Config\ConfigManager;
 use Shaarli\Config\ConfigPhp;
 use Shaarli\Exceptions\IOException;
+use Shaarli\Helper\ApplicationUtils;
 use Shaarli\Thumbnailer;
 use Shaarli\Updater\Exception\UpdaterException;
@@ -534,7 +534,8 @@ class LegacyUpdater
        if ($thumbnailsEnabled) {
            $this->session['warnings'][] = t(
-                'You have enabled or changed thumbnails mode. <a href="?do=thumbs_update">Please synchronize them</a>.'
+                t('You have enabled or changed thumbnails mode.') .
+                '<a href="./admin/thumbnails">' . t('Please synchronize them.') . '</a>'
            );
        }
diff --git a/application/legacy/UnknowLegacyRouteException.php b/application/legacy/UnknowLegacyRouteException.php
new file mode 100644
index 00000000..ae1518ad
--- /dev/null
+++ b/application/legacy/UnknowLegacyRouteException.php
@@ -0,0 +1,9 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Legacy;
+class UnknowLegacyRouteException extends \Exception
+{
+}
diff --git a/application/netscape/NetscapeBookmarkUtils.php b/application/netscape/NetscapeBookmarkUtils.php
index d64eef7f..b83f16f8 100644
--- a/application/netscape/NetscapeBookmarkUtils.php
+++ b/application/netscape/NetscapeBookmarkUtils.php
@@ -6,6 +6,7 @@ use DateTime;
 use DateTimeZone;
 use Exception;
 use Katzgrau\KLogger\Logger;
+use Psr\Http\Message\UploadedFileInterface;
 use Psr\Log\LogLevel;
 use Shaarli\Bookmark\Bookmark;
 use Shaarli\Bookmark\BookmarkServiceInterface;
@@ -16,10 +17,24 @@ use Shaarli\NetscapeBookmarkParser\NetscapeBookmarkParser;
 /**
 * Utilities to import and export bookmarks using the Netscape format
- * TODO: Not static, use a container.
 */
 class NetscapeBookmarkUtils
 {
+    /** @var BookmarkServiceInterface */
+    protected $bookmarkService;
+    /** @var ConfigManager */
+    protected $conf;
+    /** @var History */
+    protected $history;
+    public function __construct(BookmarkServiceInterface $bookmarkService, ConfigManager $conf, History $history)
+    {
+        $this->bookmarkService = $bookmarkService;
+        $this->conf = $conf;
+        $this->history = $history;
+    }
    /**
     * Filters bookmarks and adds Netscape-formatted fields
@@ -28,18 +43,16 @@ class NetscapeBookmarkUtils
     * - timestamp  link addition date, using the Unix epoch format
     * - taglist    comma-separated tag list
     *
-     * @param BookmarkServiceInterface $bookmarkService Link datastore
     * @param BookmarkFormatter        $formatter       instance
     * @param string                   $selection       Which bookmarks to export: (all|private|public)
     * @param bool                     $prependNoteUrl  Prepend note permalinks with the server's URL
     * @param string                   $indexUrl        Absolute URL of the Shaarli index page
     *
     * @return array The bookmarks to be exported, with additional fields
-     *@throws Exception Invalid export selection
     *
+     * @throws Exception Invalid export selection
     */
-    public static function filterAndFormat(
+    public function filterAndFormat(
-        $bookmarkService,
        $formatter,
        $selection,
        $prependNoteUrl,
@@ -51,11 +64,11 @@ class NetscapeBookmarkUtils
        }
        $bookmarkLinks = array();
-        foreach ($bookmarkService->search([], $selection) as $bookmark) {
+        foreach ($this->bookmarkService->search([], $selection) as $bookmark) {
            $link = $formatter->format($bookmark);
            $link['taglist'] = implode(',', $bookmark->getTags());
            if ($bookmark->isNote() && $prependNoteUrl) {
-                $link['url'] = $indexUrl . $link['url'];
+                $link['url'] = rtrim($indexUrl, '/') . '/' . ltrim($link['url'], '/');
            }
            $bookmarkLinks[] = $link;
@@ -65,60 +78,22 @@ class NetscapeBookmarkUtils
    }
    /**
-     * Generates an import status summary
-     *
-     * @param string $filename       name of the file to import
-     * @param int    $filesize       size of the file to import
-     * @param int    $importCount    how many bookmarks were imported
-     * @param int    $overwriteCount how many bookmarks were overwritten
-     * @param int    $skipCount      how many bookmarks were skipped
-     * @param int    $duration       how many seconds did the import take
-     *
-     * @return string Summary of the bookmark import status
-     */
-    private static function importStatus(
-        $filename,
-        $filesize,
-        $importCount = 0,
-        $overwriteCount = 0,
-        $skipCount = 0,
-        $duration = 0
-    ) {
-        $status = sprintf(t('File %s (%d bytes) '), $filename, $filesize);
-        if ($importCount == 0 && $overwriteCount == 0 && $skipCount == 0) {
-            $status .= t('has an unknown file format. Nothing was imported.');
-        } else {
-            $status .= vsprintf(
-                t(
-                    'was successfully processed in %d seconds: '
-                    . '%d bookmarks imported, %d bookmarks overwritten, %d bookmarks skipped.'
-                ),
-                [$duration, $importCount, $overwriteCount, $skipCount]
-            );
-        }
-        return $status;
-    }
-    /**
     * Imports Web bookmarks from an uploaded Netscape bookmark dump
     *
-     * @param array                    $post            Server $_POST parameters
+     * @param array                 $post Server $_POST parameters
-     * @param array                    $files           Server $_FILES parameters
+     * @param UploadedFileInterface $file File in PSR-7 object format
-     * @param BookmarkServiceInterface $bookmarkService Loaded LinkDB instance
-     * @param ConfigManager            $conf            instance
-     * @param History                  $history         History instance
     *
     * @return string Summary of the bookmark import status
     */
-    public static function import($post, $files, $bookmarkService, $conf, $history)
+    public function import($post, UploadedFileInterface $file)
    {
        $start = time();
-        $filename = $files['filetoupload']['name'];
+        $filename = $file->getClientFilename();
-        $filesize = $files['filetoupload']['size'];
+        $filesize = $file->getSize();
-        $data = file_get_contents($files['filetoupload']['tmp_name']);
+        $data = (string) $file->getStream();
        if (preg_match('/<!DOCTYPE NETSCAPE-Bookmark-file-1>/i', $data) === 0) {
-            return self::importStatus($filename, $filesize);
+            return $this->importStatus($filename, $filesize);
        }
        // Overwrite existing bookmarks?
@@ -141,11 +116,11 @@ class NetscapeBookmarkUtils
            true,                           // nested tag support
            $defaultTags,                   // additional user-specified tags
            strval(1 - $defaultPrivacy),    // defaultPub = 1 - defaultPrivacy
-            $conf->get('resource.data_dir') // log path, will be overridden
+            $this->conf->get('resource.data_dir') // log path, will be overridden
        );
        $logger = new Logger(
-            $conf->get('resource.data_dir'),
+            $this->conf->get('resource.data_dir'),
-            !$conf->get('dev.debug') ? LogLevel::INFO : LogLevel::DEBUG,
+            !$this->conf->get('dev.debug') ? LogLevel::INFO : LogLevel::DEBUG,
            [
                'prefix' => 'import.',
                'extension' => 'log',
@@ -171,7 +146,7 @@ class NetscapeBookmarkUtils
                $private = 0;
            }
-            $link = $bookmarkService->findByUrl($bkm['uri']);
+            $link = $this->bookmarkService->findByUrl($bkm['uri']);
            $existingLink = $link !== null;
            if (! $existingLink) {
                $link = new Bookmark();
@@ -193,20 +168,21 @@ class NetscapeBookmarkUtils
            }
            $link->setTitle($bkm['title']);
-            $link->setUrl($bkm['uri'], $conf->get('security.allowed_protocols'));
+            $link->setUrl($bkm['uri'], $this->conf->get('security.allowed_protocols'));
            $link->setDescription($bkm['note']);
            $link->setPrivate($private);
            $link->setTagsString($bkm['tags']);
-            $bookmarkService->addOrSet($link, false);
+            $this->bookmarkService->addOrSet($link, false);
            $importCount++;
        }
-        $bookmarkService->save();
+        $this->bookmarkService->save();
-        $history->importLinks();
+        $this->history->importLinks();
        $duration = time() - $start;
-        return self::importStatus(
+        return $this->importStatus(
            $filename,
            $filesize,
            $importCount,
@@ -215,4 +191,39 @@ class NetscapeBookmarkUtils
            $duration
        );
    }
+    /**
+     * Generates an import status summary
+     *
+     * @param string $filename       name of the file to import
+     * @param int    $filesize       size of the file to import
+     * @param int    $importCount    how many bookmarks were imported
+     * @param int    $overwriteCount how many bookmarks were overwritten
+     * @param int    $skipCount      how many bookmarks were skipped
+     * @param int    $duration       how many seconds did the import take
+     *
+     * @return string Summary of the bookmark import status
+     */
+    protected function importStatus(
+        $filename,
+        $filesize,
+        $importCount = 0,
+        $overwriteCount = 0,
+        $skipCount = 0,
+        $duration = 0
+    ) {
+        $status = sprintf(t('File %s (%d bytes) '), $filename, $filesize);
+        if ($importCount == 0 && $overwriteCount == 0 && $skipCount == 0) {
+            $status .= t('has an unknown file format. Nothing was imported.');
+        } else {
+            $status .= vsprintf(
+                t(
+                    'was successfully processed in %d seconds: '
+                    . '%d bookmarks imported, %d bookmarks overwritten, %d bookmarks skipped.'
+                ),
+                [$duration, $importCount, $overwriteCount, $skipCount]
+            );
+        }
+        return $status;
+    }
 }
diff --git a/application/plugin/PluginManager.php b/application/plugin/PluginManager.php
index f7b24a8e..da66dea3 100644
--- a/application/plugin/PluginManager.php
+++ b/application/plugin/PluginManager.php
@@ -16,7 +16,7 @@ class PluginManager
     *
     * @var array $authorizedPlugins
     */
-    private $authorizedPlugins;
+    private $authorizedPlugins = [];
    /**
     * List of loaded plugins.
@@ -100,21 +100,36 @@ class PluginManager
     */
    public function executeHooks($hook, &$data, $params = array())
    {
-        if (!empty($params['target'])) {
+        $metadataParameters = [
-            $data['_PAGE_'] = $params['target'];
+            'target' => '_PAGE_',
-        }
+            'loggedin' => '_LOGGEDIN_',
+            'basePath' => '_BASE_PATH_',
-        if (isset($params['loggedin'])) {
+            'rootPath' => '_ROOT_PATH_',
-            $data['_LOGGEDIN_'] = $params['loggedin'];
+            'bookmarkService' => '_BOOKMARK_SERVICE_',
+        ];
+        foreach ($metadataParameters as $parameter => $metaKey) {
+            if (array_key_exists($parameter, $params)) {
+                $data[$metaKey] = $params[$parameter];
+            }
        }
        foreach ($this->loadedPlugins as $plugin) {
            $hookFunction = $this->buildHookName($hook, $plugin);
            if (function_exists($hookFunction)) {
-                $data = call_user_func($hookFunction, $data, $this->conf);
+                try {
+                    $data = call_user_func($hookFunction, $data, $this->conf);
+                } catch (\Throwable $e) {
+                    $error = $plugin . t(' [plugin incompatibility]: ') . $e->getMessage();
+                    $this->errors = array_unique(array_merge($this->errors, [$error]));
+                }
            }
        }
+        foreach ($metadataParameters as $metaKey) {
+            unset($data[$metaKey]);
+        }
    }
    /**
diff --git a/application/render/PageBuilder.php b/application/render/PageBuilder.php
index f4fefda8..c2fae705 100644
--- a/application/render/PageBuilder.php
+++ b/application/render/PageBuilder.php
@@ -3,10 +3,12 @@
 namespace Shaarli\Render;
 use Exception;
+use Psr\Log\LoggerInterface;
 use RainTPL;
-use Shaarli\ApplicationUtils;
 use Shaarli\Bookmark\BookmarkServiceInterface;
 use Shaarli\Config\ConfigManager;
+use Shaarli\Helper\ApplicationUtils;
+use Shaarli\Security\SessionManager;
 use Shaarli\Thumbnailer;
 /**
@@ -33,6 +35,9 @@ class PageBuilder
     */
    protected $session;
+    /** @var LoggerInterface */
+    protected $logger;
    /**
     * @var BookmarkServiceInterface $bookmarkService instance.
     */
@@ -52,23 +57,40 @@ class PageBuilder
     * PageBuilder constructor.
     * $tpl is initialized at false for lazy loading.
     *
-     * @param ConfigManager            $conf    Configuration Manager instance (reference).
+     * @param ConfigManager $conf Configuration Manager instance (reference).
-     * @param array                    $session $_SESSION array
+     * @param array $session $_SESSION array
-     * @param BookmarkServiceInterface $linkDB  instance.
+     * @param LoggerInterface $logger
-     * @param string                   $token   Session token
+     * @param null $linkDB instance.
-     * @param bool                     $isLoggedIn
+     * @param null $token Session token
+     * @param bool $isLoggedIn
     */
-    public function __construct(&$conf, $session, $linkDB = null, $token = null, $isLoggedIn = false)
+    public function __construct(
-    {
+        ConfigManager &$conf,
+        array $session,
+        LoggerInterface $logger,
+        $linkDB = null,
+        $token = null,
+        $isLoggedIn = false
+    ) {
        $this->tpl = false;
        $this->conf = $conf;
        $this->session = $session;
+        $this->logger = $logger;
        $this->bookmarkService = $linkDB;
        $this->token = $token;
        $this->isLoggedIn = $isLoggedIn;
    }
    /**
+     * Reset current state of template rendering.
+     * Mostly useful for error handling. We remove everything, and display the error template.
+     */
+    public function reset(): void
+    {
+        $this->tpl = false;
+    }
+    /**
     * Initialize all default tpl tags.
     */
    private function initialize()
@@ -87,7 +109,7 @@ class PageBuilder
            $this->tpl->assign('newVersion', escape($version));
            $this->tpl->assign('versionError', '');
        } catch (Exception $exc) {
-            logm($this->conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], $exc->getMessage());
+            $this->logger->error(format_log('Error: ' . $exc->getMessage(), client_ip_id($_SERVER)));
            $this->tpl->assign('newVersion', '');
            $this->tpl->assign('versionError', escape($exc->getMessage()));
        }
@@ -126,7 +148,7 @@ class PageBuilder
        $this->tpl->assign('language', $this->conf->get('translation.language'));
        if ($this->bookmarkService !== null) {
-            $this->tpl->assign('tags', $this->bookmarkService->bookmarksCountPerTag());
+            $this->tpl->assign('tags', escape($this->bookmarkService->bookmarksCountPerTag()));
        }
        $this->tpl->assign(
@@ -136,18 +158,45 @@ class PageBuilder
        $this->tpl->assign('thumbnails_width', $this->conf->get('thumbnails.width'));
        $this->tpl->assign('thumbnails_height', $this->conf->get('thumbnails.height'));
-        if (!empty($_SESSION['warnings'])) {
-            $this->tpl->assign('global_warnings', $_SESSION['warnings']);
-            unset($_SESSION['warnings']);
-        }
        $this->tpl->assign('formatter', $this->conf->get('formatter', 'default'));
+        $this->tpl->assign('links_per_page', $this->session['LINKS_PER_PAGE'] ?? 20);
        // To be removed with a proper theme configuration.
        $this->tpl->assign('conf', $this->conf);
    }
    /**
+     * Affect variable after controller processing.
+     * Used for alert messages.
+     */
+    protected function finalize(string $basePath): void
+    {
+        // TODO: use the SessionManager
+        $messageKeys = [
+            SessionManager::KEY_SUCCESS_MESSAGES,
+            SessionManager::KEY_WARNING_MESSAGES,
+            SessionManager::KEY_ERROR_MESSAGES
+        ];
+        foreach ($messageKeys as $messageKey) {
+            if (!empty($_SESSION[$messageKey])) {
+                $this->tpl->assign('global_' . $messageKey, $_SESSION[$messageKey]);
+                unset($_SESSION[$messageKey]);
+            }
+        }
+        $rootPath = preg_replace('#/index\.php$#', '', $basePath);
+        $this->assign('base_path', $basePath);
+        $this->assign('root_path', $rootPath);
+        $this->assign(
+            'asset_path',
+            $rootPath . '/' .
+            rtrim($this->conf->get('resource.raintpl_tpl', 'tpl'), '/') . '/' .
+            $this->conf->get('resource.theme', 'default')
+        );
+    }
+    /**
     * The following assign() method is basically the same as RainTPL (except lazy loading)
     *
     * @param string $placeholder Template placeholder.
@@ -185,21 +234,6 @@ class PageBuilder
    }
    /**
-     * Render a specific page (using a template file).
-     * e.g. $pb->renderPage('picwall');
-     *
-     * @param string $page Template filename (without extension).
-     */
-    public function renderPage($page)
-    {
-        if ($this->tpl === false) {
-            $this->initialize();
-        }
-        $this->tpl->draw($page);
-    }
-    /**
     * Render a specific page as string (using a template file).
     * e.g. $pb->render('picwall');
     *
@@ -207,28 +241,14 @@ class PageBuilder
     *
     * @return string Processed template content
     */
-    public function render(string $page): string
+    public function render(string $page, string $basePath): string
    {
        if ($this->tpl === false) {
            $this->initialize();
        }
-        return $this->tpl->draw($page, true);
+        $this->finalize($basePath);
-    }
-    /**
+        return $this->tpl->draw($page, true);
-     * Render a 404 page (uses the template : tpl/404.tpl)
-     * usage: $PAGE->render404('The link was deleted')
-     *
-     * @param string $message A message to display what is not found
-     */
-    public function render404($message = '')
-    {
-        if (empty($message)) {
-            $message = t('The page you are trying to reach does not exist or has been deleted.');
-        }
-        header($_SERVER['SERVER_PROTOCOL'] . ' ' . t('404 Not Found'));
-        $this->tpl->assign('error_message', $message);
-        $this->renderPage('404');
    }
 }
diff --git a/application/render/PageCacheManager.php b/application/render/PageCacheManager.php
new file mode 100644
index 00000000..97805c35
--- /dev/null
+++ b/application/render/PageCacheManager.php
@@ -0,0 +1,60 @@
+<?php
+namespace Shaarli\Render;
+use Shaarli\Feed\CachedPage;
+/**
+ * Cache utilities
+ */
+class PageCacheManager
+{
+    /** @var string Cache directory */
+    protected $pageCacheDir;
+    /** @var bool */
+    protected $isLoggedIn;
+    public function __construct(string $pageCacheDir, bool $isLoggedIn)
+    {
+        $this->pageCacheDir = $pageCacheDir;
+        $this->isLoggedIn = $isLoggedIn;
+    }
+    /**
+     * Purges all cached pages
+     *
+     * @return string|null an error string if the directory is missing
+     */
+    public function purgeCachedPages(): ?string
+    {
+        if (!is_dir($this->pageCacheDir)) {
+            $error = sprintf(t('Cannot purge %s: no directory'), $this->pageCacheDir);
+            error_log($error);
+            return $error;
+        }
+        array_map('unlink', glob($this->pageCacheDir . '/*.cache'));
+        return null;
+    }
+    /**
+     * Invalidates caches when the database is changed or the user logs out.
+     */
+    public function invalidateCaches(): void
+    {
+        // Purge page cache shared by sessions.
+        $this->purgeCachedPages();
+    }
+    public function getCachePage(string $pageUrl): CachedPage
+    {
+        return new CachedPage(
+            $this->pageCacheDir,
+            $pageUrl,
+            false === $this->isLoggedIn
+        );
+    }
+}
diff --git a/application/render/TemplatePage.php b/application/render/TemplatePage.php
new file mode 100644
index 00000000..03b424f3
--- /dev/null
+++ b/application/render/TemplatePage.php
@@ -0,0 +1,34 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Render;
+interface TemplatePage
+{
+    public const ERROR_404 = '404';
+    public const ADDLINK = 'addlink';
+    public const CHANGE_PASSWORD = 'changepassword';
+    public const CHANGE_TAG = 'changetag';
+    public const CONFIGURE = 'configure';
+    public const DAILY = 'daily';
+    public const DAILY_RSS = 'dailyrss';
+    public const EDIT_LINK = 'editlink';
+    public const EDIT_LINK_BATCH = 'editlink.batch';
+    public const ERROR = 'error';
+    public const EXPORT = 'export';
+    public const NETSCAPE_EXPORT_BOOKMARKS = 'export.bookmarks';
+    public const FEED_ATOM = 'feed.atom';
+    public const FEED_RSS = 'feed.rss';
+    public const IMPORT = 'import';
+    public const INSTALL = 'install';
+    public const LINKLIST = 'linklist';
+    public const LOGIN = 'loginform';
+    public const OPEN_SEARCH = 'opensearch';
+    public const PICTURE_WALL = 'picwall';
+    public const PLUGINS_ADMIN = 'pluginsadmin';
+    public const TAG_CLOUD = 'tag.cloud';
+    public const TAG_LIST = 'tag.list';
+    public const THUMBNAILS = 'thumbnails';
+    public const TOOLS = 'tools';
+}
diff --git a/application/security/BanManager.php b/application/security/BanManager.php
index 68190c54..288cbde0 100644
--- a/application/security/BanManager.php
+++ b/application/security/BanManager.php
@@ -3,7 +3,8 @@
 namespace Shaarli\Security;
-use Shaarli\FileUtils;
+use Psr\Log\LoggerInterface;
+use Shaarli\Helper\FileUtils;
 /**
 * Class BanManager
@@ -28,8 +29,8 @@ class BanManager
    /** @var string Path to the file containing IP bans and failures */
    protected $banFile;
-    /** @var string Path to the log file, used to log bans */
+    /** @var LoggerInterface Path to the log file, used to log bans */
-    protected $logFile;
+    protected $logger;
    /** @var array List of IP with their associated number of failed attempts */
    protected $failures = [];
@@ -40,18 +41,19 @@ class BanManager
    /**
     * BanManager constructor.
     *
-     * @param array  $trustedProxies List of allowed proxies IP
+     * @param array           $trustedProxies List of allowed proxies IP
-     * @param int    $nbAttempts     Number of allowed failed attempt before the ban
+     * @param int             $nbAttempts     Number of allowed failed attempt before the ban
-     * @param int    $banDuration    Ban duration in seconds
+     * @param int             $banDuration    Ban duration in seconds
-     * @param string $banFile        Path to the file containing IP bans and failures
+     * @param string          $banFile        Path to the file containing IP bans and failures
-     * @param string $logFile        Path to the log file, used to log bans
+     * @param LoggerInterface $logger         PSR-3 logger to save login attempts in log directory
     */
-    public function __construct($trustedProxies, $nbAttempts, $banDuration, $banFile, $logFile) {
+    public function __construct($trustedProxies, $nbAttempts, $banDuration, $banFile, LoggerInterface $logger) {
        $this->trustedProxies = $trustedProxies;
        $this->nbAttempts = $nbAttempts;
        $this->banDuration = $banDuration;
        $this->banFile = $banFile;
-        $this->logFile = $logFile;
+        $this->logger = $logger;
        $this->readBanFile();
    }
@@ -78,11 +80,7 @@ class BanManager
        if ($this->failures[$ip] >= $this->nbAttempts) {
            $this->bans[$ip] = time() + $this->banDuration;
-            logm(
+            $this->logger->info(format_log('IP address banned from login: '. $ip, $ip));
-                $this->logFile,
-                $server['REMOTE_ADDR'],
-                'IP address banned from login: '. $ip
-            );
        }
        $this->writeBanFile();
    }
@@ -138,7 +136,7 @@ class BanManager
            unset($this->failures[$ip]);
        }
        unset($this->bans[$ip]);
-        logm($this->logFile, $server['REMOTE_ADDR'], 'Ban lifted for: '. $ip);
+        $this->logger->info(format_log('Ban lifted for: '. $ip, $ip));
        $this->writeBanFile();
        return false;
diff --git a/application/security/CookieManager.php b/application/security/CookieManager.php
new file mode 100644
index 00000000..cde4746e
--- /dev/null
+++ b/application/security/CookieManager.php
@@ -0,0 +1,33 @@
+<?php
+declare(strict_types=1);
+namespace Shaarli\Security;
+class CookieManager
+{
+    /** @var string Name of the cookie set after logging in **/
+    public const STAY_SIGNED_IN = 'shaarli_staySignedIn';
+    /** @var mixed $_COOKIE set by reference */
+    protected $cookies;
+    public function __construct(array &$cookies)
+    {
+        $this->cookies = $cookies;
+    }
+    public function setCookieParameter(string $key, string $value, int $expires, string $path): self
+    {
+        $this->cookies[$key] = $value;
+        setcookie($key, $value, $expires, $path);
+        return $this;
+    }
+    public function getCookieParameter(string $key, string $default = null): ?string
+    {
+        return $this->cookies[$key] ?? $default;
+    }
+}
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php
index 39ec9b2e..426e785e 100644
--- a/application/security/LoginManager.php
+++ b/application/security/LoginManager.php
@@ -2,6 +2,7 @@
 namespace Shaarli\Security;
 use Exception;
+use Psr\Log\LoggerInterface;
 use Shaarli\Config\ConfigManager;
 /**
@@ -9,9 +10,6 @@ use Shaarli\Config\ConfigManager;
 */
 class LoginManager
 {
-    /** @var string Name of the cookie set after logging in **/
-    public static $STAY_SIGNED_IN_COOKIE = 'shaarli_staySignedIn';
    /** @var array A reference to the $_GLOBALS array */
    protected $globals = [];
@@ -32,24 +30,32 @@ class LoginManager
    /** @var string User sign-in token depending on remote IP and credentials */
    protected $staySignedInToken = '';
+    /** @var CookieManager */
+    protected $cookieManager;
+    /** @var LoggerInterface */
+    protected $logger;
    /**
     * Constructor
     *
-     * @param ConfigManager  $configManager  Configuration Manager instance
+     * @param ConfigManager $configManager Configuration Manager instance
     * @param SessionManager $sessionManager SessionManager instance
+     * @param CookieManager $cookieManager CookieManager instance
+     * @param BanManager $banManager
+     * @param LoggerInterface $logger Used to log login attempts
     */
-    public function __construct($configManager, $sessionManager)
+    public function __construct(
-    {
+        ConfigManager $configManager,
+        SessionManager $sessionManager,
+        CookieManager $cookieManager,
+        BanManager $banManager,
+        LoggerInterface $logger
+    ) {
        $this->configManager = $configManager;
        $this->sessionManager = $sessionManager;
-        $this->banManager = new BanManager(
+        $this->cookieManager = $cookieManager;
-            $this->configManager->get('security.trusted_proxies', []),
+        $this->banManager = $banManager;
-            $this->configManager->get('security.ban_after'),
+        $this->logger = $logger;
-            $this->configManager->get('security.ban_duration'),
-            $this->configManager->get('resource.ban_file', 'data/ipbans.php'),
-            $this->configManager->get('resource.log')
-        );
        if ($this->configManager->get('security.open_shaarli') === true) {
            $this->openShaarli = true;
@@ -86,10 +92,9 @@ class LoginManager
    /**
     * Check user session state and validity (expiration)
     *
-     * @param array  $cookie     The $_COOKIE array
     * @param string $clientIpId Client IP address identifier
     */
-    public function checkLoginState($cookie, $clientIpId)
+    public function checkLoginState($clientIpId)
    {
        if (! $this->configManager->exists('credentials.login')) {
            // Shaarli is not configured yet
@@ -97,9 +102,7 @@ class LoginManager
            return;
        }
-        if (isset($cookie[self::$STAY_SIGNED_IN_COOKIE])
+        if ($this->staySignedInToken === $this->cookieManager->getCookieParameter(CookieManager::STAY_SIGNED_IN)) {
-            && $cookie[self::$STAY_SIGNED_IN_COOKIE] === $this->staySignedInToken
-        ) {
            // The user client has a valid stay-signed-in cookie
            // Session information is updated with the current client information
            $this->sessionManager->storeLoginInfo($clientIpId);
@@ -120,7 +123,7 @@ class LoginManager
     *
     * @return true when the user is logged in, false otherwise
     */
-    public function isLoggedIn()
+    public function isLoggedIn(): bool
    {
        if ($this->openShaarli) {
            return true;
@@ -131,48 +134,34 @@ class LoginManager
    /**
     * Check user credentials are valid
     *
-     * @param string $remoteIp   Remote client IP address
     * @param string $clientIpId Client IP address identifier
     * @param string $login      Username
     * @param string $password   Password
     *
     * @return bool true if the provided credentials are valid, false otherwise
     */
-    public function checkCredentials($remoteIp, $clientIpId, $login, $password)
+    public function checkCredentials($clientIpId, $login, $password)
    {
-        // Check login matches config
-        if ($login !== $this->configManager->get('credentials.login')) {
-            return false;
-        }
        // Check credentials
        try {
            $useLdapLogin = !empty($this->configManager->get('ldap.host'));
-            if ((false === $useLdapLogin && $this->checkCredentialsFromLocalConfig($login, $password))
+            if ($login === $this->configManager->get('credentials.login')
-                || (true === $useLdapLogin && $this->checkCredentialsFromLdap($login, $password))
+                && (
+                    (false === $useLdapLogin && $this->checkCredentialsFromLocalConfig($login, $password))
+                    || (true === $useLdapLogin && $this->checkCredentialsFromLdap($login, $password))
+                )
            ) {
-                    $this->sessionManager->storeLoginInfo($clientIpId);
+                $this->sessionManager->storeLoginInfo($clientIpId);
-                    logm(
+                $this->logger->info(format_log('Login successful', $clientIpId));
-                        $this->configManager->get('resource.log'),
-                        $remoteIp,
+                return true;
-                        'Login successful'
-                    );
-                    return true;
            }
-        }
+        } catch(Exception $exception) {
-        catch(Exception $exception) {
+            $this->logger->info(format_log('Exception while checking credentials: ' . $exception, $clientIpId));
-            logm(
-                $this->configManager->get('resource.log'),
-                $remoteIp,
-                'Exception while checking credentials: ' . $exception
-            );
        }
-        logm(
+        $this->logger->info(format_log('Login failed for user ' . $login, $clientIpId));
-            $this->configManager->get('resource.log'),
-            $remoteIp,
-            'Login failed for user ' . $login
-        );
        return false;
    }
diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php
index 994fcbe5..96bf193c 100644
--- a/application/security/SessionManager.php
+++ b/application/security/SessionManager.php
@@ -8,6 +8,14 @@ use Shaarli\Config\ConfigManager;
 */
 class SessionManager
 {
+    public const KEY_LINKS_PER_PAGE = 'LINKS_PER_PAGE';
+    public const KEY_VISIBILITY = 'visibility';
+    public const KEY_UNTAGGED_ONLY = 'untaggedonly';
+    public const KEY_SUCCESS_MESSAGES = 'successes';
+    public const KEY_WARNING_MESSAGES = 'warnings';
+    public const KEY_ERROR_MESSAGES = 'errors';
    /** @var int Session expiration timeout, in seconds */
    public static $SHORT_TIMEOUT = 3600;    // 1 hour
@@ -23,16 +31,35 @@ class SessionManager
    /** @var bool Whether the user should stay signed in (LONG_TIMEOUT) */
    protected $staySignedIn = false;
+    /** @var string */
+    protected $savePath;
    /**
     * Constructor
     *
-     * @param array         $session The $_SESSION array (reference)
+     * @param array         $session  The $_SESSION array (reference)
-     * @param ConfigManager $conf    ConfigManager instance
+     * @param ConfigManager $conf     ConfigManager instance
+     * @param string        $savePath Session save path returned by builtin function session_save_path()
     */
-    public function __construct(& $session, $conf)
+    public function __construct(&$session, $conf, string $savePath)
    {
        $this->session = &$session;
        $this->conf = $conf;
+        $this->savePath = $savePath;
+    }
+    /**
+     * Initialize XSRF token and links per page session variables.
+     */
+    public function initialize(): void
+    {
+        if (!isset($this->session['tokens'])) {
+            $this->session['tokens'] = [];
+        }
+        if (!isset($this->session['LINKS_PER_PAGE'])) {
+            $this->session['LINKS_PER_PAGE'] = $this->conf->get('general.links_per_page', 20);
+        }
    }
    /**
@@ -156,7 +183,6 @@ class SessionManager
            unset($this->session['expires_on']);
            unset($this->session['username']);
            unset($this->session['visibility']);
-            unset($this->session['untaggedonly']);
        }
    }
@@ -202,4 +228,81 @@ class SessionManager
    {
        return $this->session;
    }
+    /**
+     * @param mixed $default value which will be returned if the $key is undefined
+     *
+     * @return mixed Content stored in session
+     */
+    public function getSessionParameter(string $key, $default = null)
+    {
+        return $this->session[$key] ?? $default;
+    }
+    /**
+     * Store a variable in user session.
+     *
+     * @param string $key   Session key
+     * @param mixed  $value Session value to store
+     *
+     * @return $this
+     */
+    public function setSessionParameter(string $key, $value): self
+    {
+        $this->session[$key] = $value;
+        return $this;
+    }
+    /**
+     * Store a variable in user session.
+     *
+     * @param string $key   Session key
+     *
+     * @return $this
+     */
+    public function deleteSessionParameter(string $key): self
+    {
+        unset($this->session[$key]);
+        return $this;
+    }
+    public function getSavePath(): string
+    {
+        return $this->savePath;
+    }
+    /*
+     * Next public functions wrapping native PHP session API.
+     */
+    public function destroy(): bool
+    {
+        $this->session = [];
+        return session_destroy();
+    }
+    public function start(): bool
+    {
+        if (session_status() === PHP_SESSION_ACTIVE) {
+            $this->destroy();
+        }
+        return session_start();
+    }
+    /**
+     * Be careful, return type of session_set_cookie_params() changed between PHP 7.1 and 7.2.
+     */
+    public function cookieParameters(int $lifeTime, string $path, string $domain): void
+    {
+        session_set_cookie_params($lifeTime, $path, $domain);
+    }
+    public function regenerateId(bool $deleteOldSession = false): bool
+    {
+        return session_regenerate_id($deleteOldSession);
+    }
 }
diff --git a/application/updater/Updater.php b/application/updater/Updater.php
index 95654d81..88a7bc7b 100644
--- a/application/updater/Updater.php
+++ b/application/updater/Updater.php
@@ -2,8 +2,8 @@
 namespace Shaarli\Updater;
-use Shaarli\Config\ConfigManager;
 use Shaarli\Bookmark\BookmarkServiceInterface;
+use Shaarli\Config\ConfigManager;
 use Shaarli\Updater\Exception\UpdaterException;
 /**
@@ -21,7 +21,7 @@ class Updater
    /**
     * @var BookmarkServiceInterface instance.
     */
-    protected $linkServices;
+    protected $bookmarkService;
    /**
     * @var ConfigManager $conf Configuration Manager instance.
@@ -39,6 +39,11 @@ class Updater
    protected $methods;
    /**
+     * @var string $basePath Shaarli root directory (from HTTP Request)
+     */
+    protected $basePath = null;
+    /**
     * Object constructor.
     *
     * @param array                    $doneUpdates Updates which are already done.
@@ -49,7 +54,7 @@ class Updater
    public function __construct($doneUpdates, $linkDB, $conf, $isLoggedIn)
    {
        $this->doneUpdates = $doneUpdates;
-        $this->linkServices = $linkDB;
+        $this->bookmarkService = $linkDB;
        $this->conf = $conf;
        $this->isLoggedIn = $isLoggedIn;
@@ -62,13 +67,15 @@ class Updater
     * Run all new updates.
     * Update methods have to start with 'updateMethod' and return true (on success).
     *
+     * @param string $basePath Shaarli root directory (from HTTP Request)
+     *
     * @return array An array containing ran updates.
     *
     * @throws UpdaterException If something went wrong.
     */
-    public function update()
+    public function update(string $basePath = null)
    {
-        $updatesRan = array();
+        $updatesRan = [];
        // If the user isn't logged in, exit without updating.
        if ($this->isLoggedIn !== true) {
@@ -111,4 +118,62 @@ class Updater
    {
        return $this->doneUpdates;
    }
+    public function readUpdates(string $updatesFilepath): array
+    {
+        return UpdaterUtils::read_updates_file($updatesFilepath);
+    }
+    public function writeUpdates(string $updatesFilepath, array $updates): void
+    {
+        UpdaterUtils::write_updates_file($updatesFilepath, $updates);
+    }
+    /**
+     * With the Slim routing system, default header link should be `/subfolder/` instead of `?`.
+     * Otherwise you can not go back to the home page.
+     * Example: `/subfolder/picture-wall` -> `/subfolder/picture-wall?` instead of `/subfolder/`.
+     */
+    public function updateMethodRelativeHomeLink(): bool
+    {
+        if ('?' === trim($this->conf->get('general.header_link'))) {
+            $this->conf->set('general.header_link', $this->basePath . '/', true, true);
+        }
+        return true;
+    }
+    /**
+     * With the Slim routing system, note bookmarks URL formatted `?abcdef`
+     * should be replaced with `/shaare/abcdef`
+     */
+    public function updateMethodMigrateExistingNotesUrl(): bool
+    {
+        $updated = false;
+        foreach ($this->bookmarkService->search() as $bookmark) {
+            if ($bookmark->isNote()
+                && startsWith($bookmark->getUrl(), '?')
+                && 1 === preg_match('/^\?([a-zA-Z0-9-_@]{6})($|&|#)/', $bookmark->getUrl(), $match)
+            ) {
+                $updated = true;
+                $bookmark = $bookmark->setUrl('/shaare/' . $match[1]);
+                $this->bookmarkService->set($bookmark, false);
+            }
+        }
+        if ($updated) {
+            $this->bookmarkService->save();
+        }
+        return true;
+    }
+    public function setBasePath(string $basePath): self
+    {
+        $this->basePath = $basePath;
+        return $this;
+    }
 }