aboutsummaryrefslogtreecommitdiffhomepage
path: root/application
Commit message (Collapse)AuthorAgeFilesLines
* tests: add a make target to check file permissionsVirtualTam2016-01-173-0/+0
| | | | | | | | Additions: - [makefile] check versioned files are not executable - [travis] call the new make target Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Logging: improve formatting to enable fail2ban parsingVirtualTam2016-01-161-2/+7
| | | | | | | | | | Fixes #436 Modifications: - remove calls to strval() on safe data - update the date format: 'Y/m/d_H:i:s' => 'Y/m/d H:i:s' Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Logging: move logm() from index.php to application/Utils.phpVirtualTam2016-01-161-0/+13
| | | | | | | | | | | Relates to #436 Modifications: - inject dependencies to global variables ($_SERVER, $GLOBALS) - apply coding conventions - add test coverage Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Fixes #410 - Retrieve title fails in multiple casesArthurHoaro2016-01-114-9/+132
| | | | | | | | | * `get_http_url()` renamed to `get_http_response()`. * Use the same HTTP context to retrieve response headers and content. * Follow HTTP 301 and 302 redirections to retrieve the title (default max 3 redirections). * Add `LinkUtils` to extract titles and charset. * Try to retrieve charset from HTTP headers first (new), then HTML content. * Use mb_string to re-encode title if necessary.
* Merge pull request #424 from ArthurHoaro/searchArthur2016-01-063-110/+281
|\ | | | | Link filter refactoring
| * Fixes #426 - Do not filter with blank tags.ArthurHoaro2016-01-061-1/+1
| |
| * Link filter refactoringArthurHoaro2016-01-063-110/+281
| | | | | | | | | | | | | | | | | | | | * introduce class LinkFilter to handle link filter operation (and lighten LinkDB). * handle 'private only' in filtering. * update template to prefill search fields with current search terms. * coding style. * unit test (mostly move from LinkDB to LinkFilter). PS: preparation for #358 #315 and 'AND' search.
* | Merge pull request #417 from ArthurHoaro/wallabag-improveVirtualTam2016-01-021-0/+12
|\ \ | |/ |/| Wallabag plugin improvement
| * Wallabag plugin improvementArthurHoaro2015-12-271-0/+12
| | | | | | | | | | | | | | | | * Fixes a bug where URL weren't properly encoded. * Adds Wallabag V2 support. * Adds a URL function to handle trailing slash. * UT. * README updated.
* | QRCode plugin: use url instead of real_urlArthurHoaro2015-12-221-1/+3
|/ | | | | | Fixes #414 and avoid usage of redirector in QRCode. Also fixed a bug with URL encoding.
* Fixes #403: build the daily page through renderPage()ArthurHoaro2015-12-081-0/+6
| | | | | * new entry in the Router for daily page. * add an always displayed button in demo_plugin
* fix: assign template variables to empty values so they can be evaluatedVirtualTam2015-12-031-0/+2
| | | | | | Regression introduced in #394 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* application: default to the "stable" branch for update checksVirtualTam2015-11-271-4/+14
| | | | | | | Relates to #372 Relates to #390 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* application: refactor version checks, move to ApplicationUtilsVirtualTam2015-11-261-0/+92
| | | | | | | | | | | | | | | Relates to #372 Modifications: - move checkUpdate() to ApplicationUtils - reduce file I/O operations during version checks - apply coding conventions - add test coverage Tools: - create a sandbox directory for tests Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* URL encode links when a redirector is set.ArthurHoaro2015-11-262-3/+70
| | | | | | | | | | | | | | | | | Fixes #328 - URL encode links when a redirector is set * WARNING - template edit - new variable available : "real_url" Contains the final real url (redirected or any other change on original URL) * Don't redirect shaares link in RSS/Atom. * Affects links shaared in description. * Move text2clickable and keepMultipleSpaces to Utils.php + unit test UPDATE: * keepMultipleSpaces renamed to space2nbsp * space2nbsp improved to handle single space at line beginning * links in text description aren't 'nofollow' anymore
* application: move checkPHPVersion from Utils to ApplicationUtilsVirtualTam2015-11-242-20/+20
| | | | | | Relates to #372 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* install: check file/directory permissions for Shaarli resourcesVirtualTam2015-11-243-9/+114
| | | | | | | | | | | | | | | | | | | | | | | Relates to #40 Relates to #372 Additions: - FileUtils: IOException - ApplicationUtils: - check if Shaarli resources are accessible with sufficient permissions - basic test coverage - index.php: - check access permissions and redirect to an error page if needed: - before running the first installation Modifications: - LinkDB: - factorize datastore write code - check if the datastore (exists AND is writeable) OR (doesn't exist AND its parent dir is writable) - raise an IOException if needed Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Fixes #176 - Add opensearch functionalityArthurHoaro2015-11-171-0/+6
| | | | | * add a new page in Router: do=opensearch which displays the opensearch plugin * using base64 compressed image to avoid issue encountered with HTTPS
* cleanup: remove the executable bit from source scriptsVirtualTam2015-11-112-0/+0
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Merge pull request #275 from shaarli/plugin-propositionArthur2015-11-083-129/+423
|\ | | | | Plugin proposition
| * Template upgrade to handle plugin zonesArthurHoaro2015-11-071-1/+1
| | | | | | | | Add a bunch of plugin placeholders in templates
| * Plugin system - COREArthurHoaro2015-11-073-129/+423
| | | | | | | | see shaarli/Shaarli#275
* | Fixes #356ArthurHoaro2015-11-041-5/+6
|/ | | | | * adding a link should return added link's hash * allow redirection relative urls in generateLocation
* HTTP: move server URL functions to `HttpUtils.php`VirtualTam2015-09-141-0/+80
| | | | | | | | | | | | | Relates to #333 Modifications: - refactor server URL utility functions - do not access global `$_SERVER` variables - add test coverage - improve readability - apply coding conventions Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Url: introduce global helper functions for cleanup and scheme detectionGuillaume Virlet2015-09-082-2/+32
| | | | | | | | | | | | Relates to #314 & #326 Additions: - add global `cleanup_url()` and `get_url_scheme()` functions Modifications: - replace `Url` usage in `index.php` by calls to global functions - fix `Url` tests not being run: PHPUnit expects a single test class per file - move classes to separate files
* HTTP: move utils to a proper file, add testsVirtualTam2015-09-061-0/+52
| | | | | | | | | | | | | | Relates to #333 Modifications: - move HTTP utils to 'application/HttpUtils.php' - simplify logic - replace 'http_parse_headers_shaarli' by built-in 'get_headers()' - remove superfluous '$status' parameter (provided by the HTTP headers) - apply coding conventions - add test coverage (unitary only) Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Session ID: extend the regex to match possible hash representationsVirtualTam2015-09-061-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Improves #306 Relates to #335 & #336 Duplicated by #339 Issues: - PHP regenerates the session ID if it is not compliant - the regex checking the session ID does not cover all cases - different algorithms: md5, sha1, sha256, etc. - bit representations: 4, 5, 6 Fix: - `index.php`: - remove `uniqid()` usage - call `session_regenerate_id()` if an invalid cookie is detected - regex: support all possible characters - '[a-zA-Z,-]{2,128}' - tests: add coverage for all algorithms & bit representations See: - http://php.net/manual/en/session.configuration.php#ini.session.hash-function - https://secure.php.net/manual/en/session.configuration.php#ini.session.hash-bits-per-character - http://php.net/manual/en/function.session-id.php - http://php.net/manual/en/function.session-regenerate-id.php - http://php.net/manual/en/function.hash-algos.php Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Allow uppercase letters in PHP sessionid formatArthurHoaro2015-09-021-1/+1
| | | | | | Fixes shaarli/Shaarli#335 - Wrong login/password since v0.5.2 Regression introduced in 06b6660a7e8891c6e1c47815cf50ee5b2ef5f270
* Merge pull request #326 from ArthurHoaro/bug-urlVirtualTam2015-08-311-0/+16
|\ | | | | Fixes #325 - Shaarli does not recognize saved links
| * Fixes #325 - Shaarli does not recognize saved linksArthurHoaro2015-08-311-0/+16
| | | | | | | | | | | | PHP doesn't seem to autoconvert objects to strings when they're use as array indexes. Fixes regression introduced in d9d776af19fd0a191f82525991dafbb56e1bcfcb
* | Avoid Full Path Disclosure error on session error.ArthurHoaro2015-08-221-1/+25
|/ | | | | * Add a function to validate session ID. * Generate a new session ID if an invalid token is passed.
* Links: refactor & improve URL cleanupVirtualTam2015-08-151-0/+150
| | | | | | | | | | | | | | | | | | | Relates to #141 Relates to #133 Modifications - move URL cleanup to `application/Url.php` - rework the cleanup function - fragments: `#stuff` - GET parameters: `?var1=val1&var2=val2` - add documentation (APIs the params belong to) - add test coverage Reference - http://php.net/parse_url - http://php.net/manual/en/language.oop5.magic.php#language.oop5.magic.tostring Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Cache: simplify cached content cleanup, improve testsVirtualTam2015-08-131-14/+6
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* CachedPage: move to a proper file, add testsVirtualTam2015-08-133-3/+113
| | | | | | | | | | | | Modifications - rename `pageCache` to `CachedPage` - move utilities to `Cache` - do not access globals - apply coding rules - update LinkDB and test code - add test coverage Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Installation: default to the server's timezoneVirtualTam2015-08-041-30/+32
| | | | | | | | | | | | | Modifications - attempt to use the server's timezone - if none is set, use UTC - TimeZone: apply coding conventions - variable naming - no closing PHP tag Relates to #274 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* PHP: ensure 5.3 compatibility, refactor timezone utilitiesVirtualTam2015-07-133-4/+135
| | | | | | | | | | | | | | | | | Relates to #250 Modifications - supported version - bump required version from 5.1.0 to 5.3.x - update README - add PHP 5.3 to Travis environments - rewrite array declarations: explicitely use array() instead of [] - move checkPHPVersion to application/Utils.php - move timezone functions to application/TimeZone.php - cleanup code - improve test coverage Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Merge pull request #257 from ArthurHoaro/tag-http-refererVirtualTam2015-07-121-1/+33
|\ | | | | Prevent redirection loop everytime we rely on HTTP_REFERER
| * Prevent redirection loop everytime we rely on HTTP_REFERER:ArthurHoaro2015-07-121-1/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * search tag * delete tag * pagination * display privates only * delete link * new/edit/cancel link return page Move location generation to Utils.php + unit tests. Fixes #256 ninja
* | LinkDB: prefix private members with an underscoreVirtualTam2015-07-091-62/+62
| | | | | | | | | | | | Relates to #95, #218 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | Merge pull request #255 from ArthurHoaro/configVirtualTam2015-07-091-0/+129
|\ \ | |/ |/| All settings are now stored in config.php
| * All settings are now stored in config.phpArthurHoaro2015-07-091-0/+129
| | | | | | | | | | | | | | | | | | | | Isolate functions related to config in Config.php + add unit tests + code_sniffer. options.php is not supported anymore, but its content will be automatically saved into config.php Fixes #shaarli/Shaarli#41 *TODO*: update [documentation](https://github.com/shaarli/Shaarli/wiki#configuration).
* | LinkDB::filterDay(): check input date formatVirtualTam2015-07-092-1/+19
|/ | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Merge remote-tracking branch 'ArthurHoaro/default-links'nodiscc2015-06-261-6/+10
|\
| * Change fresh install default linkArthurHoaro2015-06-241-6/+10
| | | | | | | | | | | | Fixes #200 Let me know if you want to change anything in the description.
* | Merge remote-tracking branch 'virtualtam/linkdb/remove-globals'nodiscc2015-06-261-12/+19
|\ \
| * | LinkDB: do not access global variablesVirtualTam2015-06-241-12/+19
| |/ | | | | | | | | | | | | | | | | | | | | Relates to #218 Removes "hidden" access to the following variables: - $GLOBALS['config']['datastore'] - PHPPREFIX - PHPSUFFIX Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* / Restore compatability with php 5.3Felix Bartels2015-06-261-1/+1
|/
* move escape() and sanitizeLink() to application/Utils.phpnodiscc2015-06-241-0/+27
| | | | prevents 'PHP Fatal error: Call to undefined function sanitizeLink() in Shaarli/application/LinkDB.php on line 255' in tests
* Merge remote-tracking branch 'ArthurHoaro/input-escape' into nextnodiscc2015-06-241-0/+5
|\ | | | | | | | | Conflicts: index.php
| * Working on shaarli/Shaarli#224ArthurHoaro2015-06-231-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | I reviewed character escaping everywhere with the following ideas: * use a single common function to escape user data: `escape` using `htmlspecialchars`. * sanitize fields in `index.php` after reading them from datastore and before sending them to templates. It means no escaping function in Twig templates. 2 reasons: * it reduces risks of security issue for future user made templates * more readable templates * sanitize user configuration fields after loading them.