| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Relates to #218
Removes "hidden" access to the following variables:
- $GLOBALS['config']['datastore']
- PHPPREFIX
- PHPSUFFIX
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|/ |
|
|
|
|
| |
prevents 'PHP Fatal error: Call to undefined function sanitizeLink() in Shaarli/application/LinkDB.php on line 255' in tests
|
|\
| |
| |
| |
| | |
Conflicts:
index.php
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I reviewed character escaping everywhere with the following ideas:
* use a single common function to escape user data: `escape` using `htmlspecialchars`.
* sanitize fields in `index.php` after reading them from datastore and before sending them to templates.
It means no escaping function in Twig templates.
2 reasons:
* it reduces risks of security issue for future user made templates
* more readable templates
* sanitize user configuration fields after loading them.
|
|/
|
|
|
|
|
| |
Fixes #236
Relates to #237
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
|
|
Relates to #71
LinkDB
- move to application/LinkDB.php
- code cleanup
- indentation
- whitespaces
- formatting
- comment cleanup
- add missing documentation
- unify formatting
Test coverage for LinkDB
- constructor
- public / private access
- link-related methods
Shaarli utilities (LinkDB dependencies)
- move startsWith() and endsWith() functions to application/Utils.php
- add test coverage
Dev utilities
- Composer: add PHPUnit to dev dependencies
- Makefile:
- update lint targets
- add test targets
- generate coverage reports
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|