aboutsummaryrefslogtreecommitdiffhomepage
path: root/application
Commit message (Collapse)AuthorAgeFilesLines
* API: expect JWT in the Authorization headerVirtualTam2017-01-151-3/+8
| | | | | | | | | | | | | | | | | Relates to https://github.com/shaarli/Shaarli/pull/731 Added: - require the presence of the 'Authorization' header Changed: - use the HTTP Bearer Token authorization schema See: - https://jwt.io/introduction/#how-do-json-web-tokens-work- - https://tools.ietf.org/html/rfc6750 - http://security.stackexchange.com/q/108662 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Move user.css to data folderArthurHoaro2017-01-141-0/+16
|
* Cleanup: use safe boolean comparisonsVirtualTam2017-01-073-3/+5
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Merge pull request #732 from ArthurHoaro/feature/theme-managerArthur2017-01-065-1/+66
|\ | | | | Theme manager: improvements
| * Updater: keep custom theme preference with the new theme settingArthurHoaro2017-01-053-20/+62
| |
| * Minor improvements regarding #705 (coding style, unit tests, etc.)ArthurHoaro2017-01-053-11/+21
| |
| * Change templates set through administration UIKnah Tsaeb2017-01-055-2/+15
| |
* | Cleanup: explicit method visibilityVirtualTam2017-01-054-10/+10
| | | | | | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | Cleanup: remove unused variablesVirtualTam2017-01-051-4/+0
| | | | | | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | API: fix JWT signature verificationVirtualTam2017-01-042-7/+39
|/ | | | | | | | | | | | | | | | | | | | | | Fixes https://github.com/shaarli/Shaarli/issues/737 Added: - Base64Url utilities Fixed: - use URL-safe Base64 encoding/decoding functions - use byte representations for HMAC digests - all JWT parts are Base64Url-encoded See: - https://en.wikipedia.org/wiki/JSON_Web_Token - https://tools.ietf.org/html/rfc7519 - https://scotch.io/tutorials/the-anatomy-of-a-json-web-token - https://jwt.io/introduction/ - https://en.wikipedia.org/wiki/Base64#URL_applications - https://secure.php.net/manual/en/function.base64-encode.php#103849 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Merge pull request #682 from ArthurHoaro/delete-buttonArthur2017-01-041-0/+6
|\ | | | | Bugfixes on link deletion, and use a GET form
| * Bugfixes on link deletion, and use a GET formArthurHoaro2016-12-161-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | Use a GET form to delete links: harmonize with edit_link and preparation for #585 Bug fixes: * LinkDB element can't be passed as reference, fix error: PHP Notice: Indirect modification of overloaded element of LinkDB has no effect * Resource cache folder setting wasn't set correctly
* | Merge pull request #733 from ArthurHoaro/hotfix/reverse-proxy-portArthur2017-01-041-2/+10
|\ \ | | | | | | Hide default ports in local URL behind a reverse proxy
| * | Hide default port in local URL behind a reverse proxyArthurHoaro2017-01-031-2/+10
| | |
* | | URL cleanup: add 'campaign_' to the annoying parametersVirtualTam2017-01-041-1/+4
|/ / | | | | | | | | | | Closes https://github.com/shaarli/Shaarli/issues/735 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | Fixes presence of empty tags for private tags and in search resultsArthurHoaro2017-01-032-1/+14
| | | | | | | | | | | | | | * Private tags: make sure empty tags are properly filtered * Search results: * Use preg_split instead of function combination * Add normalize_spaces to remove extra whitespaces displaying empty tags search
* | Move PubSubHubbub code as a default pluginArthurHoaro2016-12-201-16/+0
| |
* | REST API structure using Slim frameworkArthurHoaro2016-12-159-1/+431
| | | | | | | | | | | | * REST API routes are handle by Slim. * Every API controller go through ApiMiddleware which handles security. * First service implemented `/info`, for tests purpose.
* | Prepare settings for the API in the admin page and during the installArthurHoaro2016-12-122-0/+49
|/ | | | | | | | API settings: - api.enabled - api.secret The API settings will be initialized (and the secret generated) with an update method.
* Add a persistent 'shorturl' key to all linksArthurHoaro2016-12-127-7/+32
| | | | | | | All existing link will keep their permalinks. New links will have smallhash generated with date+id. The purpose of this is to avoid collision between links due to their creation date.
* Apply the new ID system accros the whole codebaseArthurHoaro2016-12-124-43/+31
|
* Update method to use the new ID system, which replaces linkdate primary keys.ArthurHoaro2016-12-121-2/+44
| | | | | creation and update dates are now DateTime objects. Since this update is very sensitve (changing the whole database), the datastore will be automatically backed up into the file datastore.<datetime>.php.
* Link ID refactoringArthurHoaro2016-12-121-43/+135
| | | | | | | | | Links now use an incremental unique numeric identifier. This ID is persistent and must never change. ArrayAccess is used to match the link ID with the array keys (see the comment in LinkDB for more details) Key 'created' added, with creation date as a DateTime object. 'updated' is now also a DateTime.
* .htaccess files: support Apache 2.4+ syntaxArthurHoaro2016-11-081-2/+13
| | | | | | | | | | | | | | | If `mod_version` is enabled, the previous syntax will apply for Apache <2.4. If not, the new syntax is used by default. Fixes #676 `mod_version` identifier is `version_module` across all Apache versions. See: * https://httpd.apache.org/docs/current/mod/mod_version.html * https://httpd.apache.org/docs/2.2/mod/mod_version.html * https://serverfault.com/questions/733910/how-do-i-load-mod-version-only-if-it-isnt-built-in-to-apache Note that version_module comes built-in with Debian (and derivatives) Apache2 packages, see https://wiki.debian.org/Apache/PackagingFor24
* Merge pull request #673 from virtualtam/cleanup/linkdbVirtualTam2016-10-213-79/+79
|\ | | | | LinkDB: code cleanup
| * LinkDB: explicit method visibilityVirtualTam2016-10-201-6/+6
| | | | | | | | | | | | Relates to https://github.com/shaarli/Shaarli/issues/95 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| * LinkDB: update datastore method namesVirtualTam2016-10-203-10/+10
| | | | | | | | | | | | Relates to https://github.com/shaarli/Shaarli/issues/95 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| * LinkDB: do not prefix privates with an underscoreVirtualTam2016-10-201-67/+67
| | | | | | | | | | | | Relates to #95 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | Merge pull request #665 from ArthurHoaro/fix/feed-hashtagsVirtualTam2016-10-201-1/+2
|\ \ | |/ |/| Fix hashtag links in Feeds
| * Fix hashtags links in FeedsArthurHoaro2016-10-201-1/+2
| | | | | | | | Make the hashtag link absolute in feeds to work properly in RSS syndication tools.
* | Minor code cleanup: PHPDoc, spelling, unused variables, etc.ArthurHoaro2016-10-2010-29/+24
|/
* Merge pull request #662 from virtualtam/fix/feed/self-linkVirtualTam2016-10-171-1/+2
|\ | | | | Fix: return the proper value for the "self" feed attribute
| * Fix: return the proper value for the "self" feed attributeVirtualTam2016-10-161-1/+2
| | | | | | | | | | | | | | | | | | | | Fixes https://github.com/shaarli/Shaarli/issues/629 Closes https://github.com/shaarli/Shaarli/pull/630 Note: you might need to empty the "pagecache" directory for the fix to be taken into account Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | New init function for plugins, supports errors reportingArthurHoaro2016-10-142-3/+25
|/ | | | | | | | All plugins can optionally add an init function named `pluginname_init()` which is called when the plugin is loaded. This function is aware of the config, and can return initialization errors, which are displayed in the header template. Note that the previous error system hack no longer work.
* Merge pull request #622 from ArthurHoaro/update-dateArthur2016-10-122-7/+34
|\ | | | | Save link update dates and render it in templates and feeds
| * Set updated date for items in feedsArthurHoaro2016-08-031-6/+32
| | | | | | | | | | RSS doesn't support updated date for items, so we use the ATOM extension. Updated dates also bump the global update
| * Save the update date in LinkDB and pass it to linklist templatesArthurHoaro2016-08-031-1/+2
| | | | | | | | It can be used as a timestamp by templates under the key 'updated_timestamp'.
* | Merge pull request #623 from ArthurHoaro/security/reverse-proxy-banArthur2016-10-121-0/+26
|\ \ | | | | | | Add trusted IPs in config and try to ban forwarded IP on failed login
| * | Add trusted IPs in config and try to ban forwarded IP on failed loginArthurHoaro2016-08-031-0/+26
| |/ | | | | | | | | | | | | | | * Add a new settings (which needs to be manually set): `security.trusted_proxies` * On login failure, if the `REMOTE_ADDR` is in the trusted proxies, try to retrieve the forwarded IP in headers. * If found, the client address is added in ipbans, else we do nothing. Fixes #409
* | Merge pull request #619 from ArthurHoaro/plugins/param-descVirtualTam2016-08-132-4/+12
|\ \ | | | | | | Add a description to plugin parameters
| * | Parse plugin parameters description with the PluginManagerArthurHoaro2016-08-022-4/+12
| | | | | | | | | | | | | | | | | | Plugin parameter can contain a description in their meta file under the key: parameter.<param_name>="<description>"
* | | Fix: add missing final newlines, untabify textVirtualTam2016-08-132-2/+2
| | | | | | | | | | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | | Fix: ensure Internet Explorer bookmark dumps can be importedVirtualTam2016-08-121-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Relates to https://github.com/shaarli/Shaarli/issues/607 Modifications: - [application][tests] NetscapeBookmarkUtils: more permissive doctype detection The IE bookmark exports contain extra escape sequences, which can be observed by binary comparison of the reference input data used in tests: $ cmp -b -l -n 8 netscape_basic.htm internet_explorer_encoding.htm 1 74 < 357 M-o 2 41 ! 273 M-; 3 104 D 277 M-? 4 117 O 74 < 5 103 C 41 ! 6 124 T 104 D 7 131 Y 117 O 8 120 P 103 C Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | | Refactor bookmark import using a generic Netscape parserVirtualTam2016-08-101-0/+142
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Relates to #607 Relates to #608 Relates to #493 (abandoned) Additions: - use Composer's autoload to load 3rd-party dependencies under vendor/ Modifications: - [import] replace the current parser with a generic, stable parser - move code to application/NetscapeBookmarkUtils - improve status report after parsing - [router] use the same endpoint for both bookmark upload and import dialog - [template] update bookmark import options - allow adding tags to all imported links - allow selecting the visibility (privacy) of imported links - [tests] ensure bookmarks are properly parsed and imported in the LinkDB - reuse reference input from the parser's test data See: - https://github.com/shaarli/netscape-bookmark-parser - https://getcomposer.org/doc/01-basic-usage.md#autoloading Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | | Merge pull request #624 from julienCXX/pr-curl-http-fetchArthur2016-08-091-10/+150
|\ \ \ | | | | | | | | Added (and set as default) a cURL-based method for fetching HTTP content
| * | | Set cURL as default in HTTP fetching, a fallback method and consistency ↵julienCXX2016-08-081-10/+150
| | |/ | |/| | | | | | | fixup between both methods
* | | Initialize a translation functionArthurHoaro2016-08-071-0/+21
| | | | | | | | | | | | It matches the API of ngettext().
* | | Generate a token for every pagesArthurHoaro2016-08-061-0/+1
|/ /
* | Merge pull request #621 from ArthurHoaro/hotfix/update-escape-configVirtualTam2016-08-021-2/+2
|\ \ | | | | | | Fix update method escapeUnescapedConfig
| * | Fix update method escapeUnescapedConfigArthurHoaro2016-08-021-2/+2
| |/ | | | | | | | | | | | | * Actually run it * unit tests Fixes #611