aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
Commit message (Collapse)AuthorAgeFilesLines
* Session ID: extend the regex to match possible hash representationsVirtualTam2015-09-061-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Improves #306 Relates to #335 & #336 Duplicated by #339 Issues: - PHP regenerates the session ID if it is not compliant - the regex checking the session ID does not cover all cases - different algorithms: md5, sha1, sha256, etc. - bit representations: 4, 5, 6 Fix: - `index.php`: - remove `uniqid()` usage - call `session_regenerate_id()` if an invalid cookie is detected - regex: support all possible characters - '[a-zA-Z,-]{2,128}' - tests: add coverage for all algorithms & bit representations See: - http://php.net/manual/en/session.configuration.php#ini.session.hash-function - https://secure.php.net/manual/en/session.configuration.php#ini.session.hash-bits-per-character - http://php.net/manual/en/function.session-id.php - http://php.net/manual/en/function.session-regenerate-id.php - http://php.net/manual/en/function.hash-algos.php Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Bump version to v0.5.3v0.5.3ArthurHoaro2015-09-021-2/+2
| | | | Fixes a bug that could prevent user to login.
* Bump version to 0.5.2v0.5.2VirtualTam2015-08-311-2/+2
| | | | | | | | | | Minor changes - fix Full Path Disclosure upon cookie forgery - fix regression preventing to load LinkDB info when adding an existing link - also extract HTTPS page metadata (title) - add PHP 7 to Travis platforms Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Merge pull request #326 from ArthurHoaro/bug-urlVirtualTam2015-08-311-38/+44
|\ | | | | Fixes #325 - Shaarli does not recognize saved links
| * Add HTTPS support for title extracting featureArthurHoaro2015-08-311-2/+2
| |
| * Fixes #325 - Shaarli does not recognize saved linksArthurHoaro2015-08-311-37/+43
| | | | | | | | | | | | PHP doesn't seem to autoconvert objects to strings when they're use as array indexes. Fixes regression introduced in d9d776af19fd0a191f82525991dafbb56e1bcfcb
* | Avoid Full Path Disclosure error on session error.ArthurHoaro2015-08-221-13/+28
|/ | | | | * Add a function to validate session ID. * Generate a new session ID if an invalid token is passed.
* Bump version to 0.5.1v0.5.1VirtualTam2015-08-181-2/+2
| | | | | | | | | | | | Minor changes - fix 404 after editing a link while being logged out - update local documentation - improve timezone detection at installation - improve feed cache handling - improve URL cleanup for new links - add a link to the shaarli/shaarli DockerHub repository Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Links: refactor & improve URL cleanupVirtualTam2015-08-151-23/+4
| | | | | | | | | | | | | | | | | | | Relates to #141 Relates to #133 Modifications - move URL cleanup to `application/Url.php` - rework the cleanup function - fragments: `#stuff` - GET parameters: `?var1=val1&var2=val2` - add documentation (APIs the params belong to) - add test coverage Reference - http://php.net/parse_url - http://php.net/manual/en/language.oop5.magic.php#language.oop5.magic.tostring Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* CachedPage: move to a proper file, add testsVirtualTam2015-08-131-78/+35
| | | | | | | | | | | | Modifications - rename `pageCache` to `CachedPage` - move utilities to `Cache` - do not access globals - apply coding rules - update LinkDB and test code - add test coverage Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Fixes #299: prevent 404 on '?edit_link' while logged outArthurHoaro2015-08-071-7/+36
| | | | | - add a use case for edit_link in logged out part. - *really* prevent loops on login screen.
* Installation: default to the server's timezoneVirtualTam2015-08-041-4/+6
| | | | | | | | | | | | | Modifications - attempt to use the server's timezone - if none is set, use UTC - TimeZone: apply coding conventions - variable naming - no closing PHP tag Relates to #274 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Bump version to 0.5.0VirtualTam2015-07-301-2/+2
| | | | | | | | | | | | | | | | | | | | | | | Major changes - fix locale handling - fix note URLs - fix page redirections - fix daily RSS browsing - fix title display - fix links not being hidden when `HIDE_PUBLIC_LINKS` is set - restore compatibility with PHP 5.3 - remove duplicate tags in links - remove annoying URL patterns - add Firefox Social API - Search/Filter by tag fieds can now be accessed quickly with the `Tab` key - update documentation - start code refactoring - move all settings to `data/config.php` - refactor Config, LinkDB, TimeZone, Utils - add unit test coverage - add Travis integration Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* PHP: ensure 5.3 compatibility, refactor timezone utilitiesVirtualTam2015-07-131-85/+24
| | | | | | | | | | | | | | | | | Relates to #250 Modifications - supported version - bump required version from 5.1.0 to 5.3.x - update README - add PHP 5.3 to Travis environments - rewrite array declarations: explicitely use array() instead of [] - move checkPHPVersion to application/Utils.php - move timezone functions to application/TimeZone.php - cleanup code - improve test coverage Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Merge pull request #257 from ArthurHoaro/tag-http-refererVirtualTam2015-07-121-42/+49
|\ | | | | Prevent redirection loop everytime we rely on HTTP_REFERER
| * Prevent redirection loop everytime we rely on HTTP_REFERER:ArthurHoaro2015-07-121-42/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * search tag * delete tag * pagination * display privates only * delete link * new/edit/cancel link return page Move location generation to Utils.php + unit tests. Fixes #256 ninja
* | English mistake cf sebsauvage/Shaarli#221Arthur2015-07-121-1/+1
| |
* | Fixes warning 'Undefined index: searchtags' while filtering by tags.ArthurHoaro2015-07-121-1/+5
| | | | | | | | Happened if there were not any searchtags already present in the query.
* | Merge pull request #262 from ArthurHoaro/dup-tagsArthur2015-07-121-0/+1
|\ \ | | | | | | Avoid tag duplicates
| * | Avoid tag duplicatesArthurHoaro2015-07-121-4/+5
| | | | | | | | | | | | | | | | | | | | | * Prevent duplicate client side with awesomplete * Prevent duplicate server side (save_edit processing) Fixes #261
* | | Merge pull request #268 from ArthurHoaro/dailrss-templateVirtualTam2015-07-111-41/+59
|\ \ \ | | | | | | | | Include the whole <item> in Daily RSS template
| * | | Include the whole <item> in dailyRSSArthurHoaro2015-07-111-41/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow custom date format and title in templates. Also a bit of code style review. Fixes #182
* | | | Fix: data/config.php was not importedVirtualTam2015-07-111-2/+8
|/ / / | | | | | | | | | | | | | | | Relates to #255 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | | Merge pull request #255 from ArthurHoaro/configVirtualTam2015-07-091-34/+52
|\ \ \ | |_|/ |/| | All settings are now stored in config.php
| * | All settings are now stored in config.phpArthurHoaro2015-07-091-38/+56
| |/ | | | | | | | | | | | | | | | | | | Isolate functions related to config in Config.php + add unit tests + code_sniffer. options.php is not supported anymore, but its content will be automatically saved into config.php Fixes #shaarli/Shaarli#41 *TODO*: update [documentation](https://github.com/shaarli/Shaarli/wiki#configuration).
* | LinkDB::filterDay(): check input date formatVirtualTam2015-07-091-1/+7
| | | | | | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | Fixes #260: previous/next day links in dailyArthurHoaro2015-07-081-6/+6
|/ | | | The bug was occuring only if we tried to access to the first day.
* LinkDB: do not access global variablesVirtualTam2015-06-241-2/+6
| | | | | | | | | | | Relates to #218 Removes "hidden" access to the following variables: - $GLOBALS['config']['datastore'] - PHPPREFIX - PHPSUFFIX Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* move escape() and sanitizeLink() to application/Utils.phpnodiscc2015-06-241-17/+0
| | | | prevents 'PHP Fatal error: Call to undefined function sanitizeLink() in Shaarli/application/LinkDB.php on line 255' in tests
* Merge remote-tracking branch 'ArthurHoaro/input-escape' into nextnodiscc2015-06-241-75/+90
|\ | | | | | | | | Conflicts: index.php
| * Working on shaarli/Shaarli#224ArthurHoaro2015-06-231-73/+86
| | | | | | | | | | | | | | | | | | | | | | | | I reviewed character escaping everywhere with the following ideas: * use a single common function to escape user data: `escape` using `htmlspecialchars`. * sanitize fields in `index.php` after reading them from datastore and before sending them to templates. It means no escaping function in Twig templates. 2 reasons: * it reduces risks of security issue for future user made templates * more readable templates * sanitize user configuration fields after loading them.
* | LinkDB: add 'hidePublicLinks' parameter to the constructorVirtualTam2015-06-241-8/+26
| | | | | | | | | | | | | | Fixes #236 Relates to #237 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | Page title if there is a single linkArthurHoaro2015-06-231-2/+4
|/ | | | Fixes #232
* Merge remote-tracking branch 'ArthurHoaro/daily-date' into nextnodiscc2015-06-231-1/+1
|\
| * Daily page: date format in templateArthurHoaro2015-06-191-1/+1
| | | | | | | | | | | | | | | | It only concerns the date of the day in the main title. Fixes #182 Note that daily RSS feed is not generated through templates. Date are still hard formatted in that case.
* | Merge remote-tracking branch 'virtualtam/test/link-db' into nextnodiscc2015-06-231-256/+10
|\ \ | | | | | | | | | | | | Conflicts: index.php
| * | LinkDB: move to a proper file, add test coverageVirtualTam2015-06-111-249/+10
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Relates to #71 LinkDB - move to application/LinkDB.php - code cleanup - indentation - whitespaces - formatting - comment cleanup - add missing documentation - unify formatting Test coverage for LinkDB - constructor - public / private access - link-related methods Shaarli utilities (LinkDB dependencies) - move startsWith() and endsWith() functions to application/Utils.php - add test coverage Dev utilities - Composer: add PHPUnit to dev dependencies - Makefile: - update lint targets - add test targets - generate coverage reports Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | Merge remote-tracking branch 'ArthurHoaro/search-tag-awesomplete' into nextnodiscc2015-06-231-0/+1
|\ \
| * | Add awesomplete to tag search shaarli/Shaarli#49ArthurHoaro2015-06-091-0/+1
| |/
* / Do not load links if they're hidden (also fix shaarli/Shaarli#202)ArthurHoaro2015-06-091-20/+8
|/
* split annoyingpatterns list on multpile lines, add new patterns for removal:nodiscc2015-06-031-1/+14
| | | | | | | | * utm_content= * fb= * xtor= closes https://github.com/shaarli/Shaarli/issues/136
* Merge branch 'really-hide' of https://github.com/pikzen/Shaarli into nextnodiscc2015-05-221-2/+23
|\
| * Properly hide all linksfeula2015-05-111-2/+23
| | | | | | | | >searchtags
* | Merge remote-tracking branch 'Marsup/firefox-social' into nextnodiscc2015-05-221-7/+8
|\ \
| * | Add Firefox Social API to the tools. Fixes #101.Marsup2015-05-151-7/+8
| |/
* / Display date as today if no articles publishedJonathan Druart2015-05-111-3/+6
|/ | | | | | | | | On "The Daily Shaarli" page (index.php?do=daily), the date is "Tuesday 30, November 1999" if no articles have been published/shared. This patch checks the parameter ($linkdate) before the mktime call to prevent and generate the "day 0" string. mktime(0,0,0,0,0,0) returns 943916400 (hum?)
* change wording and variable names for "Hide public links" featurenodiscc2015-04-101-4/+4
|
* Merge remote-tracking branch 'pikzen/disable-public' into nextnodiscc2015-04-101-0/+7
|\
| * Allow disabling all public links, fixes #188feula2015-04-091-0/+7
| |
* | Merge remote-tracking branch 'ArthurHoaro/localecharset' into nextnodiscc2015-04-101-3/+4
|\ \