| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This setting allows to escape HTML in markdown rendering or not.
The goal behind it is to avoid XSS issue in shared instances.
More info:
* the setting is set to true by default
* it is set to false for anyone who already have the plugin enabled
(avoid breaking existing entries)
* improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof
* mention the setting in the plugin README
|
|
|
|
|
|
|
| |
All existing link will keep their permalinks.
New links will have smallhash generated with date+id.
The purpose of this is to avoid collision between links due to their creation date.
|
| |
|
|
|
|
|
| |
creation and update dates are now DateTime objects.
Since this update is very sensitve (changing the whole database), the datastore will be automatically backed up into the file datastore.<datetime>.php.
|
|
|
|
|
|
|
|
|
| |
Links now use an incremental unique numeric identifier.
This ID is persistent and must never change.
ArrayAccess is used to match the link ID with the array keys (see the comment in LinkDB for more details)
Key 'created' added, with creation date as a DateTime object. 'updated' is now also a DateTime.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If `mod_version` is enabled, the previous syntax will apply for Apache <2.4.
If not, the new syntax is used by default.
Fixes #676
`mod_version` identifier is `version_module` across all Apache versions. See:
* https://httpd.apache.org/docs/current/mod/mod_version.html
* https://httpd.apache.org/docs/2.2/mod/mod_version.html
* https://serverfault.com/questions/733910/how-do-i-load-mod-version-only-if-it-isnt-built-in-to-apache
Note that version_module comes built-in with Debian (and derivatives) Apache2 packages, see https://wiki.debian.org/Apache/PackagingFor24
|
|\
| |
| | |
LinkDB: code cleanup
|
| |
| |
| |
| |
| |
| | |
Relates to https://github.com/shaarli/Shaarli/issues/95
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
| |
| |
| |
| |
| | |
Relates to https://github.com/shaarli/Shaarli/issues/95
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
| |
| |
| |
| |
| | |
Relates to #95
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|\ \
| |/
|/| |
Fix hashtag links in Feeds
|
| |
| |
| |
| | |
Make the hashtag link absolute in feeds to work properly in RSS syndication tools.
|
|/ |
|
|\
| |
| | |
Fix: return the proper value for the "self" feed attribute
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes https://github.com/shaarli/Shaarli/issues/629
Closes https://github.com/shaarli/Shaarli/pull/630
Note: you might need to empty the "pagecache" directory for the
fix to be taken into account
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|/
|
|
|
|
|
|
| |
All plugins can optionally add an init function named `pluginname_init()` which is called when the plugin is loaded.
This function is aware of the config, and can return initialization errors, which are displayed in the header template.
Note that the previous error system hack no longer work.
|
|\
| |
| | |
Save link update dates and render it in templates and feeds
|
| |
| |
| |
| |
| | |
RSS doesn't support updated date for items, so we use the ATOM extension.
Updated dates also bump the global update
|
| |
| |
| |
| | |
It can be used as a timestamp by templates under the key 'updated_timestamp'.
|
|\ \
| | |
| | | |
Add trusted IPs in config and try to ban forwarded IP on failed login
|
| |/
| |
| |
| |
| |
| |
| |
| | |
* Add a new settings (which needs to be manually set): `security.trusted_proxies`
* On login failure, if the `REMOTE_ADDR` is in the trusted proxies, try to retrieve the forwarded IP in headers.
* If found, the client address is added in ipbans, else we do nothing.
Fixes #409
|
|\ \
| | |
| | | |
Add a description to plugin parameters
|
| | |
| | |
| | |
| | |
| | |
| | | |
Plugin parameter can contain a description in their meta file under the key:
parameter.<param_name>="<description>"
|
| | |
| | |
| | |
| | | |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Relates to https://github.com/shaarli/Shaarli/issues/607
Modifications:
- [application][tests] NetscapeBookmarkUtils: more permissive doctype detection
The IE bookmark exports contain extra escape sequences, which can be observed
by binary comparison of the reference input data used in tests:
$ cmp -b -l -n 8 netscape_basic.htm internet_explorer_encoding.htm
1 74 < 357 M-o
2 41 ! 273 M-;
3 104 D 277 M-?
4 117 O 74 <
5 103 C 41 !
6 124 T 104 D
7 131 Y 117 O
8 120 P 103 C
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Relates to #607
Relates to #608
Relates to #493 (abandoned)
Additions:
- use Composer's autoload to load 3rd-party dependencies under vendor/
Modifications:
- [import] replace the current parser with a generic, stable parser
- move code to application/NetscapeBookmarkUtils
- improve status report after parsing
- [router] use the same endpoint for both bookmark upload and import dialog
- [template] update bookmark import options
- allow adding tags to all imported links
- allow selecting the visibility (privacy) of imported links
- [tests] ensure bookmarks are properly parsed and imported in the LinkDB
- reuse reference input from the parser's test data
See:
- https://github.com/shaarli/netscape-bookmark-parser
- https://getcomposer.org/doc/01-basic-usage.md#autoloading
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|\ \ \
| | | |
| | | | |
Added (and set as default) a cURL-based method for fetching HTTP content
|
| | |/
| |/|
| | |
| | | |
fixup between both methods
|
| | |
| | |
| | |
| | | |
It matches the API of ngettext().
|
|/ / |
|
|\ \
| | |
| | | |
Fix update method escapeUnescapedConfig
|
| |/
| |
| |
| |
| |
| |
| | |
* Actually run it
* unit tests
Fixes #611
|
| |
| |
| |
| |
| |
| | |
Correct PR #573 to work properly with hidden tags, and add ReferenceLinkDB UT.
Fixes #571 - Closes #573
|
|/ |
|
|
|
|
|
| |
- Fixed title config key
- Page title (in head tag) is no longer set through the config manager
|
|\
| |
| | |
Hashtag system
|
| |
| |
| |
| |
| |
| | |
* Hashtag are auto-linked with a filter search
* Supports unicode
* Compatible with markdown (excluded in code blocks)
|
|\ \
| |/
|/| |
Introduce a configuration manager
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
Except for those which require external data (timezone and $_SERVER).
|
| | |
|
| | |
|
| |
| |
| |
| | |
Also use the Updater to make the transition
|
| |
| |
| |
| | |
code base
|
| | |
|
|\ \
| | |
| | | |
Fixes #497: ignore case difference between tags
|