aboutsummaryrefslogtreecommitdiffhomepage
path: root/application
Commit message (Collapse)AuthorAgeFilesLines
...
* Url: introduce global helper functions for cleanup and scheme detectionGuillaume Virlet2015-09-082-2/+32
| | | | | | | | | | | | Relates to #314 & #326 Additions: - add global `cleanup_url()` and `get_url_scheme()` functions Modifications: - replace `Url` usage in `index.php` by calls to global functions - fix `Url` tests not being run: PHPUnit expects a single test class per file - move classes to separate files
* HTTP: move utils to a proper file, add testsVirtualTam2015-09-061-0/+52
| | | | | | | | | | | | | | Relates to #333 Modifications: - move HTTP utils to 'application/HttpUtils.php' - simplify logic - replace 'http_parse_headers_shaarli' by built-in 'get_headers()' - remove superfluous '$status' parameter (provided by the HTTP headers) - apply coding conventions - add test coverage (unitary only) Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Session ID: extend the regex to match possible hash representationsVirtualTam2015-09-061-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Improves #306 Relates to #335 & #336 Duplicated by #339 Issues: - PHP regenerates the session ID if it is not compliant - the regex checking the session ID does not cover all cases - different algorithms: md5, sha1, sha256, etc. - bit representations: 4, 5, 6 Fix: - `index.php`: - remove `uniqid()` usage - call `session_regenerate_id()` if an invalid cookie is detected - regex: support all possible characters - '[a-zA-Z,-]{2,128}' - tests: add coverage for all algorithms & bit representations See: - http://php.net/manual/en/session.configuration.php#ini.session.hash-function - https://secure.php.net/manual/en/session.configuration.php#ini.session.hash-bits-per-character - http://php.net/manual/en/function.session-id.php - http://php.net/manual/en/function.session-regenerate-id.php - http://php.net/manual/en/function.hash-algos.php Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Allow uppercase letters in PHP sessionid formatArthurHoaro2015-09-021-1/+1
| | | | | | Fixes shaarli/Shaarli#335 - Wrong login/password since v0.5.2 Regression introduced in 06b6660a7e8891c6e1c47815cf50ee5b2ef5f270
* Merge pull request #326 from ArthurHoaro/bug-urlVirtualTam2015-08-311-0/+16
|\ | | | | Fixes #325 - Shaarli does not recognize saved links
| * Fixes #325 - Shaarli does not recognize saved linksArthurHoaro2015-08-311-0/+16
| | | | | | | | | | | | PHP doesn't seem to autoconvert objects to strings when they're use as array indexes. Fixes regression introduced in d9d776af19fd0a191f82525991dafbb56e1bcfcb
* | Avoid Full Path Disclosure error on session error.ArthurHoaro2015-08-221-1/+25
|/ | | | | * Add a function to validate session ID. * Generate a new session ID if an invalid token is passed.
* Links: refactor & improve URL cleanupVirtualTam2015-08-151-0/+150
| | | | | | | | | | | | | | | | | | | Relates to #141 Relates to #133 Modifications - move URL cleanup to `application/Url.php` - rework the cleanup function - fragments: `#stuff` - GET parameters: `?var1=val1&var2=val2` - add documentation (APIs the params belong to) - add test coverage Reference - http://php.net/parse_url - http://php.net/manual/en/language.oop5.magic.php#language.oop5.magic.tostring Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Cache: simplify cached content cleanup, improve testsVirtualTam2015-08-131-14/+6
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* CachedPage: move to a proper file, add testsVirtualTam2015-08-133-3/+113
| | | | | | | | | | | | Modifications - rename `pageCache` to `CachedPage` - move utilities to `Cache` - do not access globals - apply coding rules - update LinkDB and test code - add test coverage Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Installation: default to the server's timezoneVirtualTam2015-08-041-30/+32
| | | | | | | | | | | | | Modifications - attempt to use the server's timezone - if none is set, use UTC - TimeZone: apply coding conventions - variable naming - no closing PHP tag Relates to #274 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* PHP: ensure 5.3 compatibility, refactor timezone utilitiesVirtualTam2015-07-133-4/+135
| | | | | | | | | | | | | | | | | Relates to #250 Modifications - supported version - bump required version from 5.1.0 to 5.3.x - update README - add PHP 5.3 to Travis environments - rewrite array declarations: explicitely use array() instead of [] - move checkPHPVersion to application/Utils.php - move timezone functions to application/TimeZone.php - cleanup code - improve test coverage Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Merge pull request #257 from ArthurHoaro/tag-http-refererVirtualTam2015-07-121-1/+33
|\ | | | | Prevent redirection loop everytime we rely on HTTP_REFERER
| * Prevent redirection loop everytime we rely on HTTP_REFERER:ArthurHoaro2015-07-121-1/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * search tag * delete tag * pagination * display privates only * delete link * new/edit/cancel link return page Move location generation to Utils.php + unit tests. Fixes #256 ninja
* | LinkDB: prefix private members with an underscoreVirtualTam2015-07-091-62/+62
| | | | | | | | | | | | Relates to #95, #218 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | Merge pull request #255 from ArthurHoaro/configVirtualTam2015-07-091-0/+129
|\ \ | |/ |/| All settings are now stored in config.php
| * All settings are now stored in config.phpArthurHoaro2015-07-091-0/+129
| | | | | | | | | | | | | | | | | | | | Isolate functions related to config in Config.php + add unit tests + code_sniffer. options.php is not supported anymore, but its content will be automatically saved into config.php Fixes #shaarli/Shaarli#41 *TODO*: update [documentation](https://github.com/shaarli/Shaarli/wiki#configuration).
* | LinkDB::filterDay(): check input date formatVirtualTam2015-07-092-1/+19
|/ | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Merge remote-tracking branch 'ArthurHoaro/default-links'nodiscc2015-06-261-6/+10
|\
| * Change fresh install default linkArthurHoaro2015-06-241-6/+10
| | | | | | | | | | | | Fixes #200 Let me know if you want to change anything in the description.
* | Merge remote-tracking branch 'virtualtam/linkdb/remove-globals'nodiscc2015-06-261-12/+19
|\ \
| * | LinkDB: do not access global variablesVirtualTam2015-06-241-12/+19
| |/ | | | | | | | | | | | | | | | | | | | | Relates to #218 Removes "hidden" access to the following variables: - $GLOBALS['config']['datastore'] - PHPPREFIX - PHPSUFFIX Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* / Restore compatability with php 5.3Felix Bartels2015-06-261-1/+1
|/
* move escape() and sanitizeLink() to application/Utils.phpnodiscc2015-06-241-0/+27
| | | | prevents 'PHP Fatal error: Call to undefined function sanitizeLink() in Shaarli/application/LinkDB.php on line 255' in tests
* Merge remote-tracking branch 'ArthurHoaro/input-escape' into nextnodiscc2015-06-241-0/+5
|\ | | | | | | | | Conflicts: index.php
| * Working on shaarli/Shaarli#224ArthurHoaro2015-06-231-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | I reviewed character escaping everywhere with the following ideas: * use a single common function to escape user data: `escape` using `htmlspecialchars`. * sanitize fields in `index.php` after reading them from datastore and before sending them to templates. It means no escaping function in Twig templates. 2 reasons: * it reduces risks of security issue for future user made templates * more readable templates * sanitize user configuration fields after loading them.
* | LinkDB: add 'hidePublicLinks' parameter to the constructorVirtualTam2015-06-241-2/+6
|/ | | | | | | Fixes #236 Relates to #237 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* re-add readDb() missing from previous mergenodiscc2015-06-231-0/+7
|
* LinkDB: move to a proper file, add test coverageVirtualTam2015-06-113-0/+459
Relates to #71 LinkDB - move to application/LinkDB.php - code cleanup - indentation - whitespaces - formatting - comment cleanup - add missing documentation - unify formatting Test coverage for LinkDB - constructor - public / private access - link-related methods Shaarli utilities (LinkDB dependencies) - move startsWith() and endsWith() functions to application/Utils.php - add test coverage Dev utilities - Composer: add PHPUnit to dev dependencies - Makefile: - update lint targets - add test targets - generate coverage reports Signed-off-by: VirtualTam <virtualtam@flibidi.net>