| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Improves #306
Relates to #335 & #336
Duplicated by #339
Issues:
- PHP regenerates the session ID if it is not compliant
- the regex checking the session ID does not cover all cases
- different algorithms: md5, sha1, sha256, etc.
- bit representations: 4, 5, 6
Fix:
- `index.php`:
- remove `uniqid()` usage
- call `session_regenerate_id()` if an invalid cookie is detected
- regex: support all possible characters - '[a-zA-Z,-]{2,128}'
- tests: add coverage for all algorithms & bit representations
See:
- http://php.net/manual/en/session.configuration.php#ini.session.hash-function
- https://secure.php.net/manual/en/session.configuration.php#ini.session.hash-bits-per-character
- http://php.net/manual/en/function.session-id.php
- http://php.net/manual/en/function.session-regenerate-id.php
- http://php.net/manual/en/function.hash-algos.php
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|
|
|
| |
Fixes a bug that could prevent user to login.
|
|
|
|
|
|
|
|
|
|
| |
Minor changes
- fix Full Path Disclosure upon cookie forgery
- fix regression preventing to load LinkDB info when adding an existing link
- also extract HTTPS page metadata (title)
- add PHP 7 to Travis platforms
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|\
| |
| | |
Fixes #325 - Shaarli does not recognize saved links
|
| | |
|
| |
| |
| |
| |
| |
| | |
PHP doesn't seem to autoconvert objects to strings when they're use as array indexes.
Fixes regression introduced in d9d776af19fd0a191f82525991dafbb56e1bcfcb
|
|/
|
|
|
| |
* Add a function to validate session ID.
* Generate a new session ID if an invalid token is passed.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Minor changes
- fix 404 after editing a link while being logged out
- update local documentation
- improve timezone detection at installation
- improve feed cache handling
- improve URL cleanup for new links
- add a link to the shaarli/shaarli DockerHub repository
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Relates to #141
Relates to #133
Modifications
- move URL cleanup to `application/Url.php`
- rework the cleanup function
- fragments: `#stuff`
- GET parameters: `?var1=val1&var2=val2`
- add documentation (APIs the params belong to)
- add test coverage
Reference
- http://php.net/parse_url
- http://php.net/manual/en/language.oop5.magic.php#language.oop5.magic.tostring
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modifications
- rename `pageCache` to `CachedPage`
- move utilities to `Cache`
- do not access globals
- apply coding rules
- update LinkDB and test code
- add test coverage
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|
|
|
|
| |
- add a use case for edit_link in logged out part.
- *really* prevent loops on login screen.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modifications
- attempt to use the server's timezone
- if none is set, use UTC
- TimeZone: apply coding conventions
- variable naming
- no closing PHP tag
Relates to #274
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Major changes
- fix locale handling
- fix note URLs
- fix page redirections
- fix daily RSS browsing
- fix title display
- fix links not being hidden when `HIDE_PUBLIC_LINKS` is set
- restore compatibility with PHP 5.3
- remove duplicate tags in links
- remove annoying URL patterns
- add Firefox Social API
- Search/Filter by tag fieds can now be accessed quickly with the `Tab` key
- update documentation
- start code refactoring
- move all settings to `data/config.php`
- refactor Config, LinkDB, TimeZone, Utils
- add unit test coverage
- add Travis integration
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Relates to #250
Modifications
- supported version
- bump required version from 5.1.0 to 5.3.x
- update README
- add PHP 5.3 to Travis environments
- rewrite array declarations: explicitely use array() instead of []
- move checkPHPVersion to application/Utils.php
- move timezone functions to application/TimeZone.php
- cleanup code
- improve test coverage
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|\
| |
| | |
Prevent redirection loop everytime we rely on HTTP_REFERER
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* search tag
* delete tag
* pagination
* display privates only
* delete link
* new/edit/cancel link return page
Move location generation to Utils.php + unit tests.
Fixes #256
ninja
|
| | |
|
| |
| |
| |
| | |
Happened if there were not any searchtags already present in the query.
|
|\ \
| | |
| | | |
Avoid tag duplicates
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Prevent duplicate client side with awesomplete
* Prevent duplicate server side (save_edit processing)
Fixes #261
|
|\ \ \
| | | |
| | | | |
Include the whole <item> in Daily RSS template
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Allow custom date format and title in templates.
Also a bit of code style review.
Fixes #182
|
|/ / /
| | |
| | |
| | |
| | |
| | | |
Relates to #255
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|\ \ \
| |_|/
|/| | |
All settings are now stored in config.php
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Isolate functions related to config in Config.php + add unit tests + code_sniffer.
options.php is not supported anymore, but its content will be automatically saved into config.php
Fixes #shaarli/Shaarli#41
*TODO*: update [documentation](https://github.com/shaarli/Shaarli/wiki#configuration).
|
| |
| |
| |
| | |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|/
|
|
| |
The bug was occuring only if we tried to access to the first day.
|
|
|
|
|
|
|
|
|
|
|
| |
Relates to #218
Removes "hidden" access to the following variables:
- $GLOBALS['config']['datastore']
- PHPPREFIX
- PHPSUFFIX
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|
|
|
| |
prevents 'PHP Fatal error: Call to undefined function sanitizeLink() in Shaarli/application/LinkDB.php on line 255' in tests
|
|\
| |
| |
| |
| | |
Conflicts:
index.php
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I reviewed character escaping everywhere with the following ideas:
* use a single common function to escape user data: `escape` using `htmlspecialchars`.
* sanitize fields in `index.php` after reading them from datastore and before sending them to templates.
It means no escaping function in Twig templates.
2 reasons:
* it reduces risks of security issue for future user made templates
* more readable templates
* sanitize user configuration fields after loading them.
|
| |
| |
| |
| |
| |
| |
| | |
Fixes #236
Relates to #237
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|/
|
|
| |
Fixes #232
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
It only concerns the date of the day in the main title.
Fixes #182
Note that daily RSS feed is not generated through templates. Date are still hard formatted in that case.
|
|\ \
| | |
| | |
| | |
| | | |
Conflicts:
index.php
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Relates to #71
LinkDB
- move to application/LinkDB.php
- code cleanup
- indentation
- whitespaces
- formatting
- comment cleanup
- add missing documentation
- unify formatting
Test coverage for LinkDB
- constructor
- public / private access
- link-related methods
Shaarli utilities (LinkDB dependencies)
- move startsWith() and endsWith() functions to application/Utils.php
- add test coverage
Dev utilities
- Composer: add PHPUnit to dev dependencies
- Makefile:
- update lint targets
- add test targets
- generate coverage reports
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|\ \ |
|
| |/ |
|
|/ |
|
|
|
|
|
|
|
|
| |
* utm_content=
* fb=
* xtor=
closes https://github.com/shaarli/Shaarli/issues/136
|
|\ |
|
| |
| |
| |
| | |
>searchtags
|
|\ \ |
|
| |/ |
|
|/
|
|
|
|
|
|
|
| |
On "The Daily Shaarli" page (index.php?do=daily), the date is "Tuesday
30, November 1999" if no articles have been published/shared.
This patch checks the parameter ($linkdate) before the mktime call to
prevent and generate the "day 0" string.
mktime(0,0,0,0,0,0) returns 943916400 (hum?)
|
| |
|
|\ |
|
| | |
|
|\ \ |
|