aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
Commit message (Collapse)AuthorAgeFilesLines
* Adds a configuration variable "titleLink" which allows to customize theChristophe HENRY2014-07-271-0/+4
| | | | link on the title.
* Release version 0.0.42 betav0.0.42betaEmilien Klein2014-07-271-2/+2
|
* A real "Stay signed in": keep the connectionChristophe HENRY2013-12-051-5/+21
| | | | | | | | | | Instead of trusting the php session, it uses a cookie. The php session sooner or later is distroyed if not used. It depends upon the server settings. Using a cookie ensures that one really stays signed in. Dev notes: I wanted to avoid merge conflicts, stay with the main developper standards and keep the "index.php" in one file. That's why the code may not be that nice. My own dev level my also explain.
* Merge pull request #145 from Alkarex/patch-1Sébastien SAUVAGE2013-11-291-5/+2
|\ | | | | smallHash: simplified and improved performance
| * smallHash: simplified and improved performanceAlexandre Alapetite2013-11-101-5/+2
| | | | | | Unchanged behaviour
* | XSS flaw correctionSebastien SAUVAGE2013-11-291-5/+5
|/ | | | Closes issue https://github.com/sebsauvage/Shaarli/issues/134
* Corrected field focus in bookmarkletSebastien SAUVAGE2013-09-271-1/+1
| | | | Focus was not properly given to description field when it's empty.
* Default example private link changedSébastien SAUVAGE2013-09-251-1/+1
| | | Default example private link changed from pastebin to ZeroBin.
* Added nb=all to get all links in RSS/ATOM feed.Sebastien SAUVAGE2013-09-241-2/+10
|
* Merge pull request #87 from ↵Sébastien SAUVAGE2013-09-241-1/+36
|\ | | | | | | | | LionelMartin/3385af123f6b4dfc59aeaa69f180381307b64368 Added a json_encode implementation for PHP < 5.2 (free.fr)
| * Added json_encode implementation for php<5.2Lionel Martin2013-05-201-2/+37
| |
* | Added tags+private in shaarli URLSébastien SAUVAGE2013-09-241-2/+3
| | | | | | Manually merged pull request https://github.com/sebsauvage/Shaarli/pull/99
* | Merge pull request #112 from BoboTiG/masterSébastien SAUVAGE2013-09-241-4/+6
|\ \ | | | | | | RSS/Atom: add a parameter to print only the N last links
| * | RSS/Atom: add a parameter to print only the N last linksBoboTiG2013-07-261-5/+7
| |/
* | Merge pull request #118 from Alkarex/patch-1Sébastien SAUVAGE2013-09-241-1/+1
|\ \ | | | | | | Corrected error message for lack of write access in ./data
| * | Corrected error message for lack of write access in ./dataAlexandre Alapetite2013-08-231-2/+2
| | |
* | | Merge pull request #125 from broncowdd/masterSébastien SAUVAGE2013-09-241-1/+2
|\ \ \ | | | | | | | | Added the possibility to put a description in the bookmarklet's URL
| * | | Added the possibility to put a description in the bookmarklet's URLBronco2013-09-161-2/+3
| |/ /
* | | Merge pull request #126 from Alkarex/MillisecondsSébastien SAUVAGE2013-09-241-1/+5
|\ \ \ | | | | | | | | Import: add compatibility for milliseconds in NETSCAPE-Bookmark
| * | | Import NETSCAPE-Bookmark compatible millisecondsAlexandre Alapetite2013-09-211-1/+5
| |/ / | | | | | | | | | | | | | | | | | | | | | NETSCAPE-Bookmark sometimes contains dates as milliseconds instead of seconds. For instance, this is the case of the files gererated for Google +1s by Google Takeout. This patch make these files compatible.
* / / Ajout d’un UA lors de la récupération d’une page externe (certains ↵lehollandaisvolant2013-09-031-2/+2
|/ / | | | | | | site veulent un UA)
* | Better encoding handling in title parsingSebastien SAUVAGE2013-08-031-2/+23
| | | | | | | | Thanks to a patch from Le Hollandais Volant.
* | SERVER_NAME changed to HTTP_HOSTSebastien SAUVAGE2013-08-031-7/+7
|/ | | | | | | | SERVER_NAME changed to HTTP_HOST because SERVER_NAME can cause problems on some misconfigured hosts. HTTP_HOST is usually more reliable with those servers. (cf. http://stackoverflow.com/questions/2297403/http-host-vs-server-name). This should cause less problem on most hosts.
* Merge pull request #42 from matchab/masterSébastien SAUVAGE2013-03-111-0/+6
|\ | | | | Timezone par défaut
| * Avoid a strict standard error when php.ini do not define the defaultMathieu Chabanon2013-03-101-0/+6
| | | | | | timezone.
* | Fix bug producing invalid HTMLDavid Sferruzza2013-03-101-1/+0
|/
* Version 0.0.41 betav0.0.41betaSébastien SAUVAGE2013-03-081-2/+2
|
* Correction for login problem with webkit browsers on sub-domain hosted Shaarli.Sebastien SAUVAGE2013-03-061-3/+3
|
* Added second check to write rights.Sebastien SAUVAGE2013-03-041-0/+2
| | | | (Because on some hosts is_writable() is not reliable.)
* Check that Shaarli has the right to write in its own directory.Sebastien SAUVAGE2013-03-041-0/+1
| | | | Because some user forget to check this at installation.
* Got rid of small display bugs before installation.Sebastien SAUVAGE2013-03-041-5/+7
|
* [add] https://github.com/sebsauvage/Shaarli/issues/20 New links created as ↵Knah Tsaeb2013-03-041-57/+60
| | | | private by default.
* Added https to list of authorized protocols.Sebastien SAUVAGE2013-03-031-1/+1
|
* Corrected vulnerabilities (see report below)Sebastien SAUVAGE2013-03-031-3/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Title : Shaarli Vulnerabilities Author : @erwan_lr | @_WPScan_ Vendor : http://sebsauvage.net/wiki/doku.php?id=php:shaarli Download : https://github.com/sebsauvage/Shaarli/archive/master.zip | http://sebsauvage.net/files/shaarli_0.0.40beta.zip Affected versions : master-705F835, 0.0.40-beta (versions below may also be vulnerable) Vulnerabilities : Persistent XSS & Unvalidated Redirects and Forwards Persistent XSS : - During the instalation or configuration modification, the title field is vulnerable. e.g <script>alert(1)</script> Quotes can not be used because of var_export(), but String.fromCharCode works - The url field of a link is vulnerable : When there is no redirector : javascript:alert(1) Then, the code is triggered when a user click the url of a link Or with a classic XSS : "><script>alert(1)</script> Unvalidated Redirects and Forwards : A request with the param linksperpage or privateonly can be used to redirect a user to an arbitrary referer e.g GET /Audit/Shaarli/master-705f835/?linksperpage=10 HTTP/1.1 Host: 127.0.0.1 Referer: https://duckduckgo.com History : March 2, 2013 - Vendor contacted
* Proper redirect in popup when login fails.Sebastien SAUVAGE2013-03-021-1/+3
| | | | This corrects issue https://github.com/sebsauvage/Shaarli/issues/10
* Added option to disable jQuery and heavy javascriptSebastien SAUVAGE2013-03-011-5/+12
| | | | | | | | | | | | | Shaarli uses light Javascript in its normal operation, and some jQuery for some features (autocomplete in tags, QR-Code popup...). jQuery can be slow on small computers. An option has been added in configuration screen to disable javascript features which are hard on CPU. (Note that the Picture Wall is awfully heavy *without* jQuery.) (Side note: A *LOT* of users want Shaarli to work without javasript at all, if possible. That's why I try to use as few javascript as possible: It keeps Shaarli pages fast.)
* URL source in cached RSS feeds.Sebastien SAUVAGE2013-03-011-3/+3
|
* Sort tagsSebastien SAUVAGE2013-03-011-2/+6
|
* Corrected: "Nothing found" when logging out when only private links were ↵Sebastien SAUVAGE2013-03-011-1/+1
| | | | | | displayed. This closes the issues https://github.com/sebsauvage/Shaarli/issues/25
* RSS patch for Thunderbird (and some RSS clients).Sébastien SAUVAGE2013-02-281-2/+2
| | | | | | | | | | | In the RSS specifications, the "link" tags contains the URL to follow, and the "guid" contains a unique identifier (which may or may not be an URL). RSS clients should always use "link" to follow the link (and most do), but Thunderbird uses the "guid" if it find a valid URL inside (and only falls back to "link" if "guid" is not an URL). I have patched the RSS feed so that Thunderbird ignores the URL in guid.
* Check that sessions work before installation.Sébastien SAUVAGE2013-02-281-7/+32
| | | | | | This is necessary because some hosts do not have a properly set session.save_path parameter in php config, or do not have write access to the directory.
* Improved token securitySébastien SAUVAGE2013-02-281-1/+1
| | | | | | ...by adding salt. These token are used in form which act on data to prevent CSRF attacks. This closes issue https://github.com/sebsauvage/Shaarli/issues/24
* Corrected thumbnail creation.Sebastien SAUVAGE2013-02-271-0/+1
| | | | | Because some systems do not allow file overwriting when doing a rename().
* After clicking save/cancel on a link, scroll to the link itself.Sébastien SAUVAGE2013-02-271-0/+2
|
* Remove script name from URL if it's index.phpSébastien SAUVAGE2013-02-271-1/+5
| | | | | (for better looking URLs, eg. http://mysite.com/shaarli/?abcde instead of http://mysite.com/shaarli/index.php?abcde)
* Link in description & option to invert link/permalink.Sébastien SAUVAGE2013-02-271-4/+32
| | | | | | | | | | | | | | | | | | | Patch for issue https://github.com/sebsauvage/Shaarli/issues/19 Now: * The (perma)link is added at the bottom of description. * If "permalinks" is added in URL parameters, link/permalinks will be swapped. eg. * Normal link in title + permalink in description: http://mysite.com/shaarli/?do=rss * Permalink in title + normal link in description : http://mysite.com/shaarli/?do=rss&permalinks It works for the ATOM feed too. (Happy ? :-D )
* Support for magnet links in description.Sébastien SAUVAGE2013-02-271-1/+1
|
* Corrected bug in cache purge.Sébastien SAUVAGE2013-02-261-1/+1
|
* Typo correction.Sébastien SAUVAGE2013-02-261-1/+1
|
* Login problem correctionSébastien SAUVAGE2013-02-261-3/+7
| | | | | | This corrects the session problem with some browsers when Shaarli is hosted on a sub-domain. Please tell me if this corrects login problems if you had one.