| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
| |
| |
| | |
Fixes #1142
|
| |
| |
| |
| | |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
| |
| |
| | |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There already are dedicated tokens for:
- CSRF protection
- user stay-signed-in feature, via cookie
This token was most likely intended as a randomly generated,
server-side, secret key to be used when generating hashes.
See http://sebsauvage.net/wiki/doku.php?id=php:session [FR]
Relevant section:
Une clé secrète unique aléatoire est générée côté serveur (et jamais
envoyée). Elle peut servir pour signer les formulaires (HMAC) ou
générer des token de formulaires (protection contre XSRF).
Voir $_SESSION['uid'].
Translation:
A unique, server-side secret key is randomly generated (and never
transmitted). It can be used to sign forms (HMAC) or generate form
tokens (protection against XSRF).
See $_SESSION['uid']
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
| |
| |
| | |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
| |
| |
| | |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
| |
| |
| | |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
| |
| |
| | |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
| |
| |
| | |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
| |
| |
| | |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
| |
| |
| | |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
| |
| |
| | |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Changed:
- move login/password verification to LoginManager
- code cleanup
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Changed:
- move $_SESSION handling to SessionManager
- code cleanup
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Changed:
- move INACTIVITY_TIMEOUT to SessionManager
- inject a dependency to a SessionManager instance in:
- fillSessionInfo()
- setup_login_state()
- check_auth()
- cleanup related code and comments
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|/
|
|
| |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Added german language selection
* German language file created
* typo
* extra space removed and typo corrected
* lines 1314 through 1408 removed as suggested
|
|\
| |
| | |
Load theme translations files automatically
|
| |
| |
| |
| |
| |
| | |
Fixes #1077
Take a look at the docs update to see how it works
|
|\ \
| | |
| | | |
Make max download size and timeout configurable
|
| |/
| |
| |
| | |
Fixes #1061
|
|/
|
|
| |
See https://www.php-fig.org/psr/psr-2/\#51-if-elseif-else
|
|\
| |
| | |
Ignore the case while checking DOCTYPE during the file import
|
| |
| |
| |
| | |
Fixes #1091
|
|/
|
|
|
|
| |
Also fixed a few French translation issues
Fixes #954 #955
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Relates to https://github.com/shaarli/Shaarli/issues/324
Added:
- Add the `LoginManager` class to manage logins and bans
Changed:
- Refactor IP ban management
- Simplify logic
- Avoid using globals, inject dependencies
Fixed:
- Use `ban_duration` instead of `ban_after` when setting a new ban
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|\
| |
| | |
Add a filter to only display public links
|
| |
| |
| |
| | |
#1038
|
| |
| |
| |
| |
| |
| | |
When the key filter is clicked once, it only displays private link. When it is clicked on again, it becomes red and only public links are displayed. Another click and all links are displayed. The current visibility status is shown in the search banner
Fixes #1030
|
| |
| |
| |
| | |
See https://wiki.php.net/rfc/deprecate-and-remove-intl_idna_variant_2003
|
| |
| |
| |
| |
| |
| |
| |
| | |
As stated in the docs:
> LC_MESSAGES for system responses (available if PHP was compiled with libintl)
Fixes #1067
|
| |
| |
| |
| | |
Fixes #1040
|
|\ \
| | |
| | | |
Extract the title/charset during page download, and check content type
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use CURLOPT_WRITEFUNCTION to check the response code and content type (only allow HTML).
Also extract the title and charset during downloading chunk of data, and stop it when everything has been extracted.
Closes #579
|
|\ \ \
| |_|/
|/| | |
Force HTTPS if the original port is 443 behind a reverse proxy
|
| | |
| | |
| | |
| | | |
Fixes #1022
|
|\ \ \
| | | |
| | | | |
Increase buffer size for cURL download
|
| | | |
| | | |
| | | |
| | | | |
1kB chunk size has caused me a lot of trouble with Travis which wasn't completing the download
|
|\ \ \ \
| |_|/ /
|/| | | |
Improve SessionManager constructor and tests
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Relates to https://github.com/shaarli/Shaarli/pull/1005
Changed:
- pass a copy of the ConfigManager instance instead of a reference
- move FakeConfigManager to a dedicated file
- update tests
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|/ / |
|
| |
| |
| |
| | |
set to false
|
|\ \
| | |
| | | |
Performances: reorder links when they're written instead of read
|
| | |
| | |
| | |
| | | |
relates to #891
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Relates to https://github.com/shaarli/Shaarli/issues/324
Changed:
- `is_session_id_valid()` -> `SessionManager::checkId()`
- update tests
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Relates to https://github.com/shaarli/Shaarli/issues/324
Added:
- `SessionManager` class to group session-related features
- unit tests
Changed:
- `getToken()` -> `SessionManager->generateToken()`
- `tokenOk()` -> `SessionManager->checkToken()`
- inject a `$token` parameter to `PageBuilder`'s constructor
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* translation system and unit tests
* Translations everywhere
Dont use translation merge
It is not available with PHP builtin gettext, so it would have lead to inconsistency.
|