aboutsummaryrefslogtreecommitdiffhomepage
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #1086 from virtualtam/refactor/loginVirtualTam2018-06-0323-563/+1116
|\ | | | | Refactor user login and session management
| * SessionManager+LoginManager: fix checkLoginState logicVirtualTam2018-06-023-7/+15
| | | | | | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| * Add test coverage for LoginManager methodsVirtualTam2018-06-024-11/+161
| | | | | | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| * SessionManager: remove unused UID tokenVirtualTam2018-06-022-19/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There already are dedicated tokens for: - CSRF protection - user stay-signed-in feature, via cookie This token was most likely intended as a randomly generated, server-side, secret key to be used when generating hashes. See http://sebsauvage.net/wiki/doku.php?id=php:session [FR] Relevant section: Une clé secrète unique aléatoire est générée côté serveur (et jamais envoyée). Elle peut servir pour signer les formulaires (HMAC) ou générer des token de formulaires (protection contre XSRF). Voir $_SESSION['uid']. Translation: A unique, server-side secret key is randomly generated (and never transmitted). It can be used to sign forms (HMAC) or generate form tokens (protection against XSRF). See $_SESSION['uid'] Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| * Refactor LoginManager stay-signed-in token managementVirtualTam2018-06-024-14/+69
| | | | | | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| * Refactor session and cookie timeout controlVirtualTam2018-06-024-57/+224
| | | | | | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| * Move LoginManager and SessionManager to the Security namespaceVirtualTam2018-06-026-7/+8
| | | | | | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| * LoginManager: remove unused parameterVirtualTam2018-06-022-3/+2
| | | | | | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| * Login: update PageBuilder and default/vintage templatesVirtualTam2018-06-0212-30/+38
| | | | | | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| * Pass the client IP ID to LoginManagerVirtualTam2018-06-022-17/+16
| | | | | | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| * Delegate session operations to SessionManagerVirtualTam2018-06-022-24/+69
| | | | | | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| * Document LoginManager propertiesVirtualTam2018-05-291-0/+11
| | | | | | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| * Refactor user credential validation at login timeVirtualTam2018-05-293-111/+146
| | | | | | | | | | | | | | | | Changed: - move login/password verification to LoginManager - code cleanup Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| * Refactor PHP session handling during login/logoutVirtualTam2018-05-292-36/+53
| | | | | | | | | | | | | | | | Changed: - move $_SESSION handling to SessionManager - code cleanup Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| * Refactor SessionManager::$INACTIVITY_TIMEOUTVirtualTam2018-05-292-24/+28
| | | | | | | | | | | | | | | | | | | | | | | | Changed: - move INACTIVITY_TIMEOUT to SessionManager - inject a dependency to a SessionManager instance in: - fillSessionInfo() - setup_login_state() - check_auth() - cleanup related code and comments Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| * Refactor client session hijacking protectionVirtualTam2018-05-293-13/+86
|/ | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Merge pull request #1135 from ArthurHoaro/ci/csslintArthurHoaro2018-05-2920-958/+1444
|\ | | | | Reformat SCSS to SASS format and run SASSLint in CI
| * Add SASSLint makefile target, and run it in CIArthurHoaro2018-05-108-14/+312
| | | | | | | | Also move ESLint and SASSLint config files to a dedicated .dev folder
| * Add classes to default template to avoid using IDs in SCSSArthurHoaro2018-05-1011-15/+15
| |
| * Reformat default theme SCSS to match SASS rulesArthurHoaro2018-05-101-929/+1117
| |
* | Merge pull request #1140 from ArthurHoaro/hotfix/markdown-rss-permalinkArthurHoaro2018-05-292-0/+63
|\ \ | | | | | | Fix feed permalink rendering with markdown escape set to true
| * | Fix feed permalink rendering with markdown escape set to trueArthurHoaro2018-05-192-0/+63
|/ / | | | | | | Fixes #1134
* | Merge pull request #1138 from ArthurHoaro/stakaliArthurHoaro2018-05-172-3/+11
|\ \ | |/ |/| Adds Stakali Android app to 3rd party lists
| * Adds Stakali Android app to 3rd party listsArthurHoaro2018-05-132-3/+11
|/
* Merge pull request #1116 from ArthurHoaro/ci/eslintArthurHoaro2018-05-062-11/+32
|\ | | | | Use Travis stages to run JS tests separately
| * Use Travis stages to run JS tests separatelyArthurHoaro2018-05-052-11/+32
|/
* Merge pull request #1133 from ArthurHoaro/hotfix/title-dlArthurHoaro2018-05-022-5/+14
|\ | | | | Title retrieval fixes
| * Support redirection in cURL download callbackArthurHoaro2018-05-011-4/+13
| |
| * Fix parameter order which was preventing max_dl parameter to work properlyArthurHoaro2018-05-011-1/+1
|/
* Merge pull request #1081 from nodiscc/doc-merge-sharingnodiscc2018-04-1812-63/+98
|\ | | | | doc: merge all sharing methods under a single "Sharing content" page
| * remove duplicate translationnodiscc2018-04-141-6/+0
| |
| * doc: sharing: add link to REST API documentationnodiscc2018-04-141-1/+1
| |
| * doc: optimize PNGs with pngcrushnodiscc2018-04-146-0/+0
| | | | | | | | 164k -> 156k
| * doc: add edit_icon.png to git repositorynodiscc2018-04-142-1/+1
| | | | | | | | optimize icon with optipng/pngcrush (3.30%)
| * update PO strings for Edit/New Shaarenodiscc2018-04-141-3/+14
| | | | | | | | update french translation
| * default/editlink.tpl: title: Shaare -> New Shaarenodiscc2018-04-141-2/+1
| |
| * doc: merge all sharing methods under a single "Sharing content" pagenodiscc2018-04-145-58/+89
| | | | | | | | | | | | | | | | | | * formatting, wording, reordering, general improvements * move blog/pastebin/notepad item from index.md to this page * add TODOs * add the new page to mkdocs TOC Part of https://github.com/shaarli/Shaarli/issues/598
* | German language created (#1114)Buster One2018-04-152-0/+1314
|/ | | | | | | | | | | | * Added german language selection * German language file created * typo * extra space removed and typo corrected * lines 1314 through 1408 removed as suggested
* Merge pull request #1126 from kramred/masterArthurHoaro2018-04-142-4/+4
|\ | | | | load user css at last, after plugin css to enable changing plugin styles
| * add loading user css at last to vintage tplMark Schmitz2018-04-131-1/+1
| |
| * load user css at last, after plugin css to enable changing plugin stylesMark Schmitz2018-04-131-3/+3
|/
* Merge pull request #1121 from virtualtam/node/packaging-metadataVirtualTam2018-04-0812-22/+28
|\ | | | | Update frontend metadata and COPYING
| * Cleanup unused asset resourcesVirtualTam2018-04-055-0/+0
| | | | | | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| * Update documentation and Doxygen icon locationVirtualTam2018-04-054-3/+3
| | | | | | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| * Update COPYINGVirtualTam2018-04-052-19/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | Relates to https://github.com/shaarli/Shaarli/pull/1072 Changed: - update paths to resource files (assets, images) Removed: - references to resources now resolved through NPM - licenses corresponding to the aforementioned resources Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| * Update NPM frontend metadataVirtualTam2018-04-041-0/+4
| | | | | | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| * Update EditorConfig for frontend resourcesVirtualTam2018-04-031-1/+1
|/ | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Merge pull request #1115 from ArthurHoaro/parsedown-versionArthurHoaro2018-03-313-60/+71
|\ | | | | Update parsedown to its latest version instead of fixed 1.6
| * Update parsedown to its latest version instead of fixed 1.6ArthurHoaro2018-03-313-60/+71
|/
* Remove minified JS libsArthurHoaro2018-03-312-9/+0
|