aboutsummaryrefslogtreecommitdiffhomepage
path: root/application/Utils.php
Commit message (Collapse)AuthorAgeFilesLines
* Session ID: extend the regex to match possible hash representationsVirtualTam2015-09-061-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Improves #306 Relates to #335 & #336 Duplicated by #339 Issues: - PHP regenerates the session ID if it is not compliant - the regex checking the session ID does not cover all cases - different algorithms: md5, sha1, sha256, etc. - bit representations: 4, 5, 6 Fix: - `index.php`: - remove `uniqid()` usage - call `session_regenerate_id()` if an invalid cookie is detected - regex: support all possible characters - '[a-zA-Z,-]{2,128}' - tests: add coverage for all algorithms & bit representations See: - http://php.net/manual/en/session.configuration.php#ini.session.hash-function - https://secure.php.net/manual/en/session.configuration.php#ini.session.hash-bits-per-character - http://php.net/manual/en/function.session-id.php - http://php.net/manual/en/function.session-regenerate-id.php - http://php.net/manual/en/function.hash-algos.php Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Allow uppercase letters in PHP sessionid formatArthurHoaro2015-09-021-1/+1
| | | | | | Fixes shaarli/Shaarli#335 - Wrong login/password since v0.5.2 Regression introduced in 06b6660a7e8891c6e1c47815cf50ee5b2ef5f270
* Avoid Full Path Disclosure error on session error.ArthurHoaro2015-08-221-1/+25
| | | | | * Add a function to validate session ID. * Generate a new session ID if an invalid token is passed.
* PHP: ensure 5.3 compatibility, refactor timezone utilitiesVirtualTam2015-07-131-1/+22
| | | | | | | | | | | | | | | | | Relates to #250 Modifications - supported version - bump required version from 5.1.0 to 5.3.x - update README - add PHP 5.3 to Travis environments - rewrite array declarations: explicitely use array() instead of [] - move checkPHPVersion to application/Utils.php - move timezone functions to application/TimeZone.php - cleanup code - improve test coverage Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Prevent redirection loop everytime we rely on HTTP_REFERER:ArthurHoaro2015-07-121-1/+33
| | | | | | | | | | | | | | | * search tag * delete tag * pagination * display privates only * delete link * new/edit/cancel link return page Move location generation to Utils.php + unit tests. Fixes #256 ninja
* LinkDB::filterDay(): check input date formatVirtualTam2015-07-091-0/+15
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* move escape() and sanitizeLink() to application/Utils.phpnodiscc2015-06-241-0/+27
| | | | prevents 'PHP Fatal error: Call to undefined function sanitizeLink() in Shaarli/application/LinkDB.php on line 255' in tests
* LinkDB: move to a proper file, add test coverageVirtualTam2015-06-111-0/+45
Relates to #71 LinkDB - move to application/LinkDB.php - code cleanup - indentation - whitespaces - formatting - comment cleanup - add missing documentation - unify formatting Test coverage for LinkDB - constructor - public / private access - link-related methods Shaarli utilities (LinkDB dependencies) - move startsWith() and endsWith() functions to application/Utils.php - add test coverage Dev utilities - Composer: add PHPUnit to dev dependencies - Makefile: - update lint targets - add test targets - generate coverage reports Signed-off-by: VirtualTam <virtualtam@flibidi.net>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 20:17:57 +0000