aboutsummaryrefslogtreecommitdiffhomepage
path: root/application
Commit message (Collapse)AuthorAgeFilesLines
* SessionManager: remove unused UID tokenVirtualTam2018-06-021-6/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | There already are dedicated tokens for: - CSRF protection - user stay-signed-in feature, via cookie This token was most likely intended as a randomly generated, server-side, secret key to be used when generating hashes. See http://sebsauvage.net/wiki/doku.php?id=php:session [FR] Relevant section: Une clé secrète unique aléatoire est générée côté serveur (et jamais envoyée). Elle peut servir pour signer les formulaires (HMAC) ou générer des token de formulaires (protection contre XSRF). Voir $_SESSION['uid']. Translation: A unique, server-side secret key is randomly generated (and never transmitted). It can be used to sign forms (HMAC) or generate form tokens (protection against XSRF). See $_SESSION['uid'] Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Refactor LoginManager stay-signed-in token managementVirtualTam2018-06-022-7/+33
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Refactor session and cookie timeout controlVirtualTam2018-06-022-14/+39
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Move LoginManager and SessionManager to the Security namespaceVirtualTam2018-06-022-2/+2
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* LoginManager: remove unused parameterVirtualTam2018-06-021-2/+1
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Login: update PageBuilder and default/vintage templatesVirtualTam2018-06-021-2/+7
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Pass the client IP ID to LoginManagerVirtualTam2018-06-021-15/+13
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Delegate session operations to SessionManagerVirtualTam2018-06-022-24/+69
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Document LoginManager propertiesVirtualTam2018-05-291-0/+11
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Refactor user credential validation at login timeVirtualTam2018-05-291-3/+106
| | | | | | | | Changed: - move login/password verification to LoginManager - code cleanup Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Refactor PHP session handling during login/logoutVirtualTam2018-05-291-0/+40
| | | | | | | | Changed: - move $_SESSION handling to SessionManager - code cleanup Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Refactor SessionManager::$INACTIVITY_TIMEOUTVirtualTam2018-05-291-0/+4
| | | | | | | | | | | | Changed: - move INACTIVITY_TIMEOUT to SessionManager - inject a dependency to a SessionManager instance in: - fillSessionInfo() - setup_login_state() - check_auth() - cleanup related code and comments Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Refactor client session hijacking protectionVirtualTam2018-05-291-1/+32
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Support redirection in cURL download callbackArthurHoaro2018-05-011-4/+13
|
* German language created (#1114)Buster One2018-04-151-0/+1
| | | | | | | | | | | | * Added german language selection * German language file created * typo * extra space removed and typo corrected * lines 1314 through 1408 removed as suggested
* Merge pull request #1093 from ArthurHoaro/feature/theme-translationArthurHoaro2018-03-261-2/+18
|\ | | | | Load theme translations files automatically
| * Load theme translations files automaticallyArthurHoaro2018-03-261-2/+18
| | | | | | | | | | | | Fixes #1077 Take a look at the docs update to see how it works
* | Merge pull request #1096 from ArthurHoaro/feature/download-paramsArthurHoaro2018-03-131-0/+26
|\ \ | | | | | | Make max download size and timeout configurable
| * | Make max download size and timeout configurableArthurHoaro2018-03-071-0/+26
| |/ | | | | | | Fixes #1061
* / PSR: use elseif instead of else ifArthurHoaro2018-02-286-12/+12
|/ | | | See https://www.php-fig.org/psr/psr-2/\#51-if-elseif-else
* Merge pull request #1092 from ArthurHoaro/fix/scuttle-doctype-caseArthurHoaro2018-02-241-2/+2
|\ | | | | Ignore the case while checking DOCTYPE during the file import
| * Ignore the case while checking DOCTYPE during the file importArthurHoaro2018-02-231-2/+2
| | | | | | | | Fixes #1091
* | Use a specific page title in all pagesArthurHoaro2018-02-241-1/+1
|/ | | | | | Also fixed a few French translation issues Fixes #954 #955
* Refactor login / ban authentication stepsVirtualTam2018-02-051-0/+134
| | | | | | | | | | | | | | | | | Relates to https://github.com/shaarli/Shaarli/issues/324 Added: - Add the `LoginManager` class to manage logins and bans Changed: - Refactor IP ban management - Simplify logic - Avoid using globals, inject dependencies Fixed: - Use `ban_duration` instead of `ban_after` when setting a new ban Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Merge pull request #1038 from ArthurHoaro/feature/public-only-filterArthurHoaro2018-02-022-1/+14
|\ | | | | Add a filter to only display public links
| * Public/private filter: use two separate buttonsArthurHoaro2018-01-241-21/+0
| | | | | | | | #1038
| * Add a filter to only display public linksArthurHoaro2017-12-162-1/+35
| | | | | | | | | | | | When the key filter is clicked once, it only displays private link. When it is clicked on again, it becomes red and only public links are displayed. Another click and all links are displayed. The current visibility status is shown in the search banner Fixes #1030
* | INTL_IDNA_VARIANT_2003 is deprecatedArthurHoaro2018-02-021-1/+1
| | | | | | | | See https://wiki.php.net/rfc/deprecate-and-remove-intl_idna_variant_2003
* | Use LC_COLLATE instead of LC_MESSAGES if php-intl is not installedArthurHoaro2018-01-311-0/+2
| | | | | | | | | | | | | | | | As stated in the docs: > LC_MESSAGES for system responses (available if PHP was compiled with libintl) Fixes #1067
* | Fix warnings when upgrading from legacy SebSauvage versionArthurHoaro2018-01-251-3/+3
| | | | | | | | Fixes #1040
* | Merge pull request #977 from ArthurHoaro/feature/dl-filterArthurHoaro2018-01-232-38/+65
|\ \ | | | | | | Extract the title/charset during page download, and check content type
| * | Extract the title/charset during page download, and check content typeArthurHoaro2017-10-282-38/+65
| | | | | | | | | | | | | | | | | | | | | Use CURLOPT_WRITEFUNCTION to check the response code and content type (only allow HTML). Also extract the title and charset during downloading chunk of data, and stop it when everything has been extracted. Closes #579
* | | Merge pull request #1025 from ArthurHoaro/hotfix/proxy-443ArthurHoaro2017-12-031-0/+7
|\ \ \ | |_|/ |/| | Force HTTPS if the original port is 443 behind a reverse proxy
| * | Force HTTPS if the original port is 443 behind a reverse proxyArthurHoaro2017-12-021-0/+7
| | | | | | | | | | | | Fixes #1022
* | | Merge pull request #1020 from ArthurHoaro/feature/curl-chunkArthurHoaro2017-11-261-1/+1
|\ \ \ | | | | | | | | Increase buffer size for cURL download
| * | | Increase buffer size for cURL downloadArthurHoaro2017-11-111-1/+1
| | | | | | | | | | | | | | | | 1kB chunk size has caused me a lot of trouble with Travis which wasn't completing the download
* | | | Merge pull request #1016 from virtualtam/refactor/sessionVirtualTam2017-11-241-3/+3
|\ \ \ \ | |_|/ / |/| | | Improve SessionManager constructor and tests
| * | | Improve SessionManager constructor and testsVirtualTam2017-11-081-3/+3
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Relates to https://github.com/shaarli/Shaarli/pull/1005 Changed: - pass a copy of the ConfigManager instance instead of a reference - move FakeConfigManager to a dedicated file - update tests Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* / / Return true after update ReorderDatastore to complete itArthurHoaro2017-11-111-0/+1
|/ /
* | Don't URL encode description links if parameter 'redirector.encode_url' is ↵ArthurHoaro2017-11-072-7/+10
| | | | | | | | set to false
* | Merge pull request #962 from ArthurHoaro/feature/perfs2ArthurHoaro2017-10-282-9/+16
|\ \ | | | | | | Performances: reorder links when they're written instead of read
| * | Performances: reorder links when they're written instead of readArthurHoaro2017-09-022-9/+16
| | | | | | | | | | | | relates to #891
* | | Move session ID check to SessionManagerVirtualTam2017-10-222-30/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Relates to https://github.com/shaarli/Shaarli/issues/324 Changed: - `is_session_id_valid()` -> `SessionManager::checkId()` - update tests Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | | Refactor session token managementVirtualTam2017-10-222-2/+57
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Relates to https://github.com/shaarli/Shaarli/issues/324 Added: - `SessionManager` class to group session-related features - unit tests Changed: - `getToken()` -> `SessionManager->generateToken()` - `tokenOk()` -> `SessionManager->checkToken()` - inject a `$token` parameter to `PageBuilder`'s constructor Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | | Translations : Working demo example of translation extensionArthurHoaro2017-10-221-1/+1
| | |
* | | Add language selection in the configure page of the default themeArthurHoaro2017-10-222-2/+15
| | |
* | | Shaarli's translationArthurHoaro2017-10-2219-66/+232
| | | | | | | | | | | | | | | | | | | | | | | | | | | * translation system and unit tests * Translations everywhere Dont use translation merge It is not available with PHP builtin gettext, so it would have lead to inconsistency.
* | | Don't write History for link importArthurHoaro2017-10-072-5/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With large imports it has a large impact on performances and isn't really useful. Instead, write an IMPORT event, which let client using the history service resync its DB. -> 15k link import done in 6 seconds. Fixes #985
* | | Merge pull request #979 from ArthurHoaro/feature/assets-cache-versionVirtualTam2017-10-063-4/+24
|\ \ \ | | | | | | | | Add a version hash for asset loading to prevent browser's cache issue
| * | | Rename shaarli_version constant to uppercaseArthurHoaro2017-10-012-4/+4
| | | |