aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
Commit message (Collapse)AuthorAgeFilesLines
* index.html: add warning message about hostname/cookie storage problemsnodiscc2014-11-031-1/+3
| | | | | * Fixes https://github.com/sebsauvage/Shaarli/issues/196 * Fixes https://github.com/sebsauvage/Shaarli/issues/97
* Merge pull request #36 from nodiscc/https-thumbnailsEmilien Klein2014-10-231-7/+7
|\ | | | | thumbnails: force HTTPS for youtube, imgur, vimeo
| * thumbnails: force HTTPS for youtube, imgur, vimeonodiscc2014-10-231-7/+7
| | | | | | | | * other services also provide thumbs over HTTPS, but the rewrite expression is more complex, so left out for now
* | Make ATOM toolbar button optionalnodiscc2014-10-231-0/+1
|/ | | | | * ATOM button display is now configurable using the SHOW_ATOM variable in index.php or data/options.php (defaults to false) * Fixes https://github.com/shaarli/Shaarli/issues/24
* update check: check against last version available on github.com/shaarli/Shaarlinodiscc2014-10-211-1/+1
| | | | * fixes https://github.com/shaarli/Shaarli/issues/5
* add link: in case of empty URL (self-post), prepend "Note: " to the titlenodiscc2014-10-211-1/+5
| | | | | * Thanks to qwertygc (https://github.com/shaarli/Shaarli/pull/23) * Fix small typo
* fix: add missing slash when defining RainTPL's temp dirVirtualTam2014-10-191-2/+2
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.org>
* Merge pull request #19 from nodiscc/masternodiscc2014-08-191-3/+3
|\ | | | | bookmarklet: use selected text as description when adding a new link
| * bookmarklet: use selected text as description when adding a new linknodiscc2014-08-111-3/+3
| | | | | | | | | | | | | | | | | | * Based on romnGit's work at https://github.com/sebsauvage/Shaarli/pull/104 * Fixes https://github.com/shaarli/Shaarli/issues/18 * Closes https://github.com/sebsauvage/Shaarli/pull/104 * Fixes https://github.com/sebsauvage/Shaarli/issues/53 * Fixes https://github.com/sebsauvage/Shaarli/issues/129 * Fixes https://github.com/sebsauvage/Shaarli/issues/33
* | Merge pull request #20 from nodiscc/fix-typosSbgodin2014-08-191-127/+127
|\ \ | | | | | | Fix grammar, punctuation, spelling, trailing whitepaces and newlines; Fix typo in css
| * | Fix grammar, punctuation, spelling, trailing whitepaces and newlines; Fix ↵nodiscc2014-08-191-127/+127
| |/ | | | | | | | | | | | | typo in css Based on respencer's work at https://github.com/respencer/Shaarli/ Closes https://github.com/sebsauvage/Shaarli/pull/103
* | Removes htaccess file creation and adds them in the repositoryChristophe HENRY2014-08-041-7/+0
| | | | | | | | I also removed the previously created placeholders, which after all, have no more utility.
* | Adds empty directories: cache, data, pagecache and tmp. Removes mkdirs.Christophe HENRY2014-08-041-4/+0
| | | | | | | | They are still in .gitignore because their future content will still be ignored.
* | Removed redundant check on RAINTPL_TMP directoryChristophe HENRY2014-07-311-1/+0
| | | | | | | | The same test is already on line 93
* | Adds configuration variables, TPL and TMP, for RainTPLChristophe HENRY2014-07-311-4/+6
|/ | | | | | The path for templates and temporary files are now part of the configuration. For a custom install, it's possible to put these writable directories elsewhere than in the read-only source code.
* Adds a configuration variable "titleLink" which allows to customize theChristophe HENRY2014-07-271-0/+4
| | | | link on the title.
* Release version 0.0.42 betav0.0.42betaEmilien Klein2014-07-271-2/+2
|
* A real "Stay signed in": keep the connectionChristophe HENRY2013-12-051-5/+21
| | | | | | | | | | Instead of trusting the php session, it uses a cookie. The php session sooner or later is distroyed if not used. It depends upon the server settings. Using a cookie ensures that one really stays signed in. Dev notes: I wanted to avoid merge conflicts, stay with the main developper standards and keep the "index.php" in one file. That's why the code may not be that nice. My own dev level my also explain.
* Merge pull request #145 from Alkarex/patch-1Sébastien SAUVAGE2013-11-291-5/+2
|\ | | | | smallHash: simplified and improved performance
| * smallHash: simplified and improved performanceAlexandre Alapetite2013-11-101-5/+2
| | | | | | Unchanged behaviour
* | XSS flaw correctionSebastien SAUVAGE2013-11-291-5/+5
|/ | | | Closes issue https://github.com/sebsauvage/Shaarli/issues/134
* Corrected field focus in bookmarkletSebastien SAUVAGE2013-09-271-1/+1
| | | | Focus was not properly given to description field when it's empty.
* Default example private link changedSébastien SAUVAGE2013-09-251-1/+1
| | | Default example private link changed from pastebin to ZeroBin.
* Added nb=all to get all links in RSS/ATOM feed.Sebastien SAUVAGE2013-09-241-2/+10
|
* Merge pull request #87 from ↵Sébastien SAUVAGE2013-09-241-1/+36
|\ | | | | | | | | LionelMartin/3385af123f6b4dfc59aeaa69f180381307b64368 Added a json_encode implementation for PHP < 5.2 (free.fr)
| * Added json_encode implementation for php<5.2Lionel Martin2013-05-201-2/+37
| |
* | Added tags+private in shaarli URLSébastien SAUVAGE2013-09-241-2/+3
| | | | | | Manually merged pull request https://github.com/sebsauvage/Shaarli/pull/99
* | Merge pull request #112 from BoboTiG/masterSébastien SAUVAGE2013-09-241-4/+6
|\ \ | | | | | | RSS/Atom: add a parameter to print only the N last links
| * | RSS/Atom: add a parameter to print only the N last linksBoboTiG2013-07-261-5/+7
| |/
* | Merge pull request #118 from Alkarex/patch-1Sébastien SAUVAGE2013-09-241-1/+1
|\ \ | | | | | | Corrected error message for lack of write access in ./data
| * | Corrected error message for lack of write access in ./dataAlexandre Alapetite2013-08-231-2/+2
| | |
* | | Merge pull request #125 from broncowdd/masterSébastien SAUVAGE2013-09-241-1/+2
|\ \ \ | | | | | | | | Added the possibility to put a description in the bookmarklet's URL
| * | | Added the possibility to put a description in the bookmarklet's URLBronco2013-09-161-2/+3
| |/ /
* | | Merge pull request #126 from Alkarex/MillisecondsSébastien SAUVAGE2013-09-241-1/+5
|\ \ \ | | | | | | | | Import: add compatibility for milliseconds in NETSCAPE-Bookmark
| * | | Import NETSCAPE-Bookmark compatible millisecondsAlexandre Alapetite2013-09-211-1/+5
| |/ / | | | | | | | | | | | | | | | | | | | | | NETSCAPE-Bookmark sometimes contains dates as milliseconds instead of seconds. For instance, this is the case of the files gererated for Google +1s by Google Takeout. This patch make these files compatible.
* / / Ajout d’un UA lors de la récupération d’une page externe (certains ↵lehollandaisvolant2013-09-031-2/+2
|/ / | | | | | | site veulent un UA)
* | Better encoding handling in title parsingSebastien SAUVAGE2013-08-031-2/+23
| | | | | | | | Thanks to a patch from Le Hollandais Volant.
* | SERVER_NAME changed to HTTP_HOSTSebastien SAUVAGE2013-08-031-7/+7
|/ | | | | | | | SERVER_NAME changed to HTTP_HOST because SERVER_NAME can cause problems on some misconfigured hosts. HTTP_HOST is usually more reliable with those servers. (cf. http://stackoverflow.com/questions/2297403/http-host-vs-server-name). This should cause less problem on most hosts.
* Merge pull request #42 from matchab/masterSébastien SAUVAGE2013-03-111-0/+6
|\ | | | | Timezone par défaut
| * Avoid a strict standard error when php.ini do not define the defaultMathieu Chabanon2013-03-101-0/+6
| | | | | | timezone.
* | Fix bug producing invalid HTMLDavid Sferruzza2013-03-101-1/+0
|/
* Version 0.0.41 betav0.0.41betaSébastien SAUVAGE2013-03-081-2/+2
|
* Correction for login problem with webkit browsers on sub-domain hosted Shaarli.Sebastien SAUVAGE2013-03-061-3/+3
|
* Added second check to write rights.Sebastien SAUVAGE2013-03-041-0/+2
| | | | (Because on some hosts is_writable() is not reliable.)
* Check that Shaarli has the right to write in its own directory.Sebastien SAUVAGE2013-03-041-0/+1
| | | | Because some user forget to check this at installation.
* Got rid of small display bugs before installation.Sebastien SAUVAGE2013-03-041-5/+7
|
* [add] https://github.com/sebsauvage/Shaarli/issues/20 New links created as ↵Knah Tsaeb2013-03-041-57/+60
| | | | private by default.
* Added https to list of authorized protocols.Sebastien SAUVAGE2013-03-031-1/+1
|
* Corrected vulnerabilities (see report below)Sebastien SAUVAGE2013-03-031-3/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Title : Shaarli Vulnerabilities Author : @erwan_lr | @_WPScan_ Vendor : http://sebsauvage.net/wiki/doku.php?id=php:shaarli Download : https://github.com/sebsauvage/Shaarli/archive/master.zip | http://sebsauvage.net/files/shaarli_0.0.40beta.zip Affected versions : master-705F835, 0.0.40-beta (versions below may also be vulnerable) Vulnerabilities : Persistent XSS & Unvalidated Redirects and Forwards Persistent XSS : - During the instalation or configuration modification, the title field is vulnerable. e.g <script>alert(1)</script> Quotes can not be used because of var_export(), but String.fromCharCode works - The url field of a link is vulnerable : When there is no redirector : javascript:alert(1) Then, the code is triggered when a user click the url of a link Or with a classic XSS : "><script>alert(1)</script> Unvalidated Redirects and Forwards : A request with the param linksperpage or privateonly can be used to redirect a user to an arbitrary referer e.g GET /Audit/Shaarli/master-705f835/?linksperpage=10 HTTP/1.1 Host: 127.0.0.1 Referer: https://duckduckgo.com History : March 2, 2013 - Vendor contacted
* Proper redirect in popup when login fails.Sebastien SAUVAGE2013-03-021-1/+3
| | | | This corrects issue https://github.com/sebsauvage/Shaarli/issues/10