aboutsummaryrefslogtreecommitdiffhomepage
Commit message (Collapse)AuthorAgeFilesLines
* Added tags+private in shaarli URLSébastien SAUVAGE2013-09-241-2/+3
| | | Manually merged pull request https://github.com/sebsauvage/Shaarli/pull/99
* Merge pull request #112 from BoboTiG/masterSébastien SAUVAGE2013-09-241-4/+6
|\ | | | | RSS/Atom: add a parameter to print only the N last links
| * RSS/Atom: add a parameter to print only the N last linksBoboTiG2013-07-261-5/+7
| |
* | Merge pull request #118 from Alkarex/patch-1Sébastien SAUVAGE2013-09-241-1/+1
|\ \ | | | | | | Corrected error message for lack of write access in ./data
| * | Corrected error message for lack of write access in ./dataAlexandre Alapetite2013-08-231-2/+2
| | |
* | | Merge pull request #119 from Alkarex/masterSébastien SAUVAGE2013-09-241-0/+0
|\ \ \ | | | | | | | | Smaller logo file
| * | | Smaller logo fileAlexandre Alapetite2013-08-231-0/+0
| |/ / | | | | | | | | | Better PNG compression of logo file, as produced by Page Speed.
* | | Merge pull request #125 from broncowdd/masterSébastien SAUVAGE2013-09-241-1/+2
|\ \ \ | | | | | | | | Added the possibility to put a description in the bookmarklet's URL
| * | | Added the possibility to put a description in the bookmarklet's URLBronco2013-09-161-2/+3
| |/ /
* | | Merge pull request #126 from Alkarex/MillisecondsSébastien SAUVAGE2013-09-241-1/+5
|\ \ \ | | | | | | | | Import: add compatibility for milliseconds in NETSCAPE-Bookmark
| * | | Import NETSCAPE-Bookmark compatible millisecondsAlexandre Alapetite2013-09-211-1/+5
| |/ / | | | | | | | | | | | | | | | | | | | | | NETSCAPE-Bookmark sometimes contains dates as milliseconds instead of seconds. For instance, this is the case of the files gererated for Google +1s by Google Takeout. This patch make these files compatible.
* | | Merge pull request #122 from lehollandaisvolant/masterSébastien SAUVAGE2013-09-241-2/+2
|\ \ \ | |/ / |/| | Ajout d’un UA lors de la récupération d’une page externe
| * | Ajout d’un UA lors de la récupération d’une page externe (certains ↵lehollandaisvolant2013-09-031-2/+2
|/ / | | | | | | site veulent un UA)
* | Better encoding handling in title parsingSebastien SAUVAGE2013-08-031-2/+23
| | | | | | | | Thanks to a patch from Le Hollandais Volant.
* | SERVER_NAME changed to HTTP_HOSTSebastien SAUVAGE2013-08-031-7/+7
|/ | | | | | | | SERVER_NAME changed to HTTP_HOST because SERVER_NAME can cause problems on some misconfigured hosts. HTTP_HOST is usually more reliable with those servers. (cf. http://stackoverflow.com/questions/2297403/http-host-vs-server-name). This should cause less problem on most hosts.
* Merge pull request #43 from dsferruzza/highlight-search-resultsSébastien SAUVAGE2013-03-113-0/+120
|\ | | | | Highlight search results
| * Avoid highlighting paging stuffDavid Sferruzza2013-03-101-1/+1
| |
| * Highlight search results (issue #4)David Sferruzza2013-03-103-0/+120
| | | | | | | | Uses http://bartaz.github.com/sandbox.js/jquery.highlight.html
* | Merge pull request #42 from matchab/masterSébastien SAUVAGE2013-03-112-4/+15
|\ \ | | | | | | Timezone par défaut
| * | Ingore Eclipse project filesMathieu Chabanon2013-03-101-4/+9
| | |
| * | Avoid a strict standard error when php.ini do not define the defaultMathieu Chabanon2013-03-101-0/+6
| |/ | | | | timezone.
* | Merge pull request #45 from dsferruzza/fix-picwall-bugSébastien SAUVAGE2013-03-112-2/+2
|\ \ | |/ |/| Fix picwall bugs
| * Move lazyload init inside the body tagDavid Sferruzza2013-03-101-1/+2
| |
| * Fix bug producing invalid HTMLDavid Sferruzza2013-03-101-1/+0
|/
* Version 0.0.41 betav0.0.41betaSébastien SAUVAGE2013-03-082-3/+3
|
* Merge pull request #37 from sebsauvage/CookieDomainSébastien SAUVAGE2013-03-081-3/+3
|\ | | | | Correction for login problem with webkit browsers on sub-domain hosted Shaarli.
| * Correction for login problem with webkit browsers on sub-domain hosted Shaarli.Sebastien SAUVAGE2013-03-061-3/+3
|/
* Added second check to write rights.Sebastien SAUVAGE2013-03-041-0/+2
| | | | (Because on some hosts is_writable() is not reliable.)
* Check that Shaarli has the right to write in its own directory.Sebastien SAUVAGE2013-03-041-0/+1
| | | | Because some user forget to check this at installation.
* Got rid of small display bugs before installation.Sebastien SAUVAGE2013-03-041-5/+7
|
* Merge pull request #30 from Knah-Tsaeb/masterSébastien SAUVAGE2013-03-043-60/+71
|\ | | | | Merged "Private by default" feature (when creating a new link).
| * [add] https://github.com/sebsauvage/Shaarli/issues/20 New links created as ↵Knah Tsaeb2013-03-043-60/+71
|/ | | | private by default.
* Added https to list of authorized protocols.Sebastien SAUVAGE2013-03-031-1/+1
|
* Corrected vulnerabilities (see report below)Sebastien SAUVAGE2013-03-033-5/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Title : Shaarli Vulnerabilities Author : @erwan_lr | @_WPScan_ Vendor : http://sebsauvage.net/wiki/doku.php?id=php:shaarli Download : https://github.com/sebsauvage/Shaarli/archive/master.zip | http://sebsauvage.net/files/shaarli_0.0.40beta.zip Affected versions : master-705F835, 0.0.40-beta (versions below may also be vulnerable) Vulnerabilities : Persistent XSS & Unvalidated Redirects and Forwards Persistent XSS : - During the instalation or configuration modification, the title field is vulnerable. e.g <script>alert(1)</script> Quotes can not be used because of var_export(), but String.fromCharCode works - The url field of a link is vulnerable : When there is no redirector : javascript:alert(1) Then, the code is triggered when a user click the url of a link Or with a classic XSS : "><script>alert(1)</script> Unvalidated Redirects and Forwards : A request with the param linksperpage or privateonly can be used to redirect a user to an arbitrary referer e.g GET /Audit/Shaarli/master-705f835/?linksperpage=10 HTTP/1.1 Host: 127.0.0.1 Referer: https://duckduckgo.com History : March 2, 2013 - Vendor contacted
* Proper redirect in popup when login fails.Sebastien SAUVAGE2013-03-021-1/+3
| | | | This corrects issue https://github.com/sebsauvage/Shaarli/issues/10
* Added option to disable jQuery and heavy javascriptSebastien SAUVAGE2013-03-016-13/+36
| | | | | | | | | | | | | Shaarli uses light Javascript in its normal operation, and some jQuery for some features (autocomplete in tags, QR-Code popup...). jQuery can be slow on small computers. An option has been added in configuration screen to disable javascript features which are hard on CPU. (Note that the Picture Wall is awfully heavy *without* jQuery.) (Side note: A *LOT* of users want Shaarli to work without javasript at all, if possible. That's why I try to use as few javascript as possible: It keeps Shaarli pages fast.)
* URL source in cached RSS feeds.Sebastien SAUVAGE2013-03-011-3/+3
|
* Sort tagsSebastien SAUVAGE2013-03-011-2/+6
|
* Corrected: "Nothing found" when logging out when only private links were ↵Sebastien SAUVAGE2013-03-011-1/+1
| | | | | | displayed. This closes the issues https://github.com/sebsauvage/Shaarli/issues/25
* RSS patch for Thunderbird (and some RSS clients).Sébastien SAUVAGE2013-02-281-2/+2
| | | | | | | | | | | In the RSS specifications, the "link" tags contains the URL to follow, and the "guid" contains a unique identifier (which may or may not be an URL). RSS clients should always use "link" to follow the link (and most do), but Thunderbird uses the "guid" if it find a valid URL inside (and only falls back to "link" if "guid" is not an URL). I have patched the RSS feed so that Thunderbird ignores the URL in guid.
* Check that sessions work before installation.Sébastien SAUVAGE2013-02-281-7/+32
| | | | | | This is necessary because some hosts do not have a properly set session.save_path parameter in php config, or do not have write access to the directory.
* Improved token securitySébastien SAUVAGE2013-02-281-1/+1
| | | | | | ...by adding salt. These token are used in form which act on data to prevent CSRF attacks. This closes issue https://github.com/sebsauvage/Shaarli/issues/24
* Corrected thumbnail creation.Sebastien SAUVAGE2013-02-271-0/+1
| | | | | Because some systems do not allow file overwriting when doing a rename().
* Pueril addition of the logo in Readme for GitHub master page.Sébastien SAUVAGE2013-02-271-0/+2
|
* After clicking save/cancel on a link, scroll to the link itself.Sébastien SAUVAGE2013-02-272-0/+3
|
* Edit/delete button on the left-side of links.Sébastien SAUVAGE2013-02-272-7/+26
| | | | https://github.com/sebsauvage/Shaarli/issues/5
* Remove script name from URL if it's index.phpSébastien SAUVAGE2013-02-271-1/+5
| | | | | (for better looking URLs, eg. http://mysite.com/shaarli/?abcde instead of http://mysite.com/shaarli/index.php?abcde)
* Link in description & option to invert link/permalink.Sébastien SAUVAGE2013-02-271-4/+32
| | | | | | | | | | | | | | | | | | | Patch for issue https://github.com/sebsauvage/Shaarli/issues/19 Now: * The (perma)link is added at the bottom of description. * If "permalinks" is added in URL parameters, link/permalinks will be swapped. eg. * Normal link in title + permalink in description: http://mysite.com/shaarli/?do=rss * Permalink in title + normal link in description : http://mysite.com/shaarli/?do=rss&permalinks It works for the ATOM feed too. (Happy ? :-D )
* Support for magnet links in description.Sébastien SAUVAGE2013-02-271-1/+1
|
* Corrected bug in cache purge.Sébastien SAUVAGE2013-02-261-1/+1
|