aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #977 from ArthurHoaro/feature/dl-filterArthurHoaro2018-01-231-10/+4
|\ | | | | Extract the title/charset during page download, and check content type
| * Extract the title/charset during page download, and check content typeArthurHoaro2017-10-281-10/+4
| | | | | | | | | | | | | | Use CURLOPT_WRITEFUNCTION to check the response code and content type (only allow HTML). Also extract the title and charset during downloading chunk of data, and stop it when everything has been extracted. Closes #579
* | Fix XSS vulnerabilityVirtualTam2018-01-041-1/+1
| | | | | | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | Don't URL encode description links if parameter 'redirector.encode_url' is ↵ArthurHoaro2017-11-071-3/+15
| | | | | | | | set to false
* | Move session ID check to SessionManagerVirtualTam2017-10-221-1/+1
| | | | | | | | | | | | | | | | | | | | Relates to https://github.com/shaarli/Shaarli/issues/324 Changed: - `is_session_id_valid()` -> `SessionManager::checkId()` - update tests Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | Refactor session token managementVirtualTam2017-10-221-47/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Relates to https://github.com/shaarli/Shaarli/issues/324 Added: - `SessionManager` class to group session-related features - unit tests Changed: - `getToken()` -> `SessionManager->generateToken()` - `tokenOk()` -> `SessionManager->checkToken()` - inject a `$token` parameter to `PageBuilder`'s constructor Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* | Add language selection in the configure page of the default themeArthurHoaro2017-10-221-3/+10
| |
* | Shaarli's translationArthurHoaro2017-10-221-30/+48
| | | | | | | | | | | | | | | | | | * translation system and unit tests * Translations everywhere Dont use translation merge It is not available with PHP builtin gettext, so it would have lead to inconsistency.
* | Merge pull request #987 from ArthurHoaro/hotfix/security-issueArthurHoaro2017-10-071-2/+2
|\ \ | | | | | | Fix security issue reported by @chb9
| * | Fix security issue reported by @chbiArthurHoaro2017-10-071-2/+2
| |/ | | | | | | Vulnerability introduced by 6ccd0b218fbd34de750f55b78f3dc43bb3d9fa8e - release with Shaarli v0.9.1.
* | Merge pull request #979 from ArthurHoaro/feature/assets-cache-versionVirtualTam2017-10-061-1/+1
|\ \ | | | | | | Add a version hash for asset loading to prevent browser's cache issue
| * | Rename shaarli_version constant to uppercaseArthurHoaro2017-10-011-1/+1
| |/
* / Allow setting of a default note title, see #963Mark Gerarts2017-10-011-1/+1
|/
* added option to redirect all anonymous users to login pageWilli Eggeling2017-09-031-0/+17
| | | | | | - new setting *force_login* added and documented - if both, *force_login* and *hide_public_links* are set to true, all requests (except for the feeds) are redirected to the login page
* Merge pull request #939 from ArthurHoaro/hotfix/firefox-social-titleArthurHoaro2017-09-021-3/+3
|\ | | | | Firefox Social title: Use document.title instead of RainTPL variable
| * Make work behind a reverse proxyArthurHoaro2017-09-021-3/+3
| | | | | | | | Without HTTP_X_FORWARDED_PORT check, might be set to false even though the user is using HTTPS, thus disabling Firefox Social block display
* | Merge pull request #950 from thewilli/delete-fixArthurHoaro2017-09-011-3/+10
|\ \ | | | | | | fixed link deletion
| * | fixed link deletionWilli Eggeling2017-08-301-3/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | When deleting links, the js of the default theme separated ids by an escaped space ('+'). There was a trailing '+' after the ids which led to the php code detecting multiple values even for single values. In combination with the id '0' this could led to no id found at all and a resulting php error. this commit fixes the behavior and adds an additional error handling and trimming to the php code.
* | | Merge pull request #951 from thewilli/fix-dailyArthurHoaro2017-09-011-23/+31
|\ \ \ | | | | | | | | fixed daily links if there are no links
| * | | fixed daily links if there are no linksWilli Eggeling2017-08-301-23/+31
| |/ / | | | | | | | | | | | | | | | - the previous code tried to use links from a previous day if there are no one for the current one - the new code skips this part if there are no entries (i.e. days) at all - modified showDaily() to fit PSR-1 and PSR-2
* | | Merge pull request #944 from thewilli/configure-remembermeVirtualTam2017-08-271-0/+2
|\ \ \ | |/ / |/| | new setting: default value for 'remember me' checkbox
| * | new setting: default value for 'remember me' checkboxWilli Eggeling2017-08-271-0/+2
| | | | | | | | | | | | | | | | | | - the default state for the login page's 'remember me' checkbox can now be configured - adapted the default and vintage theme to consider the new setting - added documentation for the new setting
* | | Merge pull request #940 from ArthurHoaro/hotfix/empty-urlsVirtualTam2017-08-271-0/+3
|\ \ \ | | | | | | | | Generates a permalink URL if the URL is set to blank
| * | | Generates a permalinks URL if the URL is set to blankArthurHoaro2017-08-251-0/+3
| | |/ | |/| | | | | | | Fixes #926
* | | Merge pull request #942 from thewilli/fix-wiki-linksVirtualTam2017-08-271-3/+3
|\ \ \ | | | | | | | | migrated Github wiki links to readthedocs
| * | | migrated Github wiki links to readthedocsWilli Eggeling2017-08-261-3/+3
| | |/ | |/|
* | | code clean: cookie expirationWilli Eggeling2017-08-261-42/+43
| | | | | | | | | | | | | | | | | | - unified code style (spaces around operators) - prevented expiration time to be calculated twice - replaced tabs with spaces
* | | removed doc and code references to magic quotesWilli Eggeling2017-08-261-9/+0
|/ / | | | | | | | | | | - removed all references to magic quotes - magic quotes are not supported on PHP >= 5.4 (https://secure.php.net/manual/en/security.magicquotes.php) - Shaarli does not support PHP < 5.5
* / Sort tag cloud in alphabetical orderArthurHoaro2017-08-251-1/+1
|/ | | | Fixes #932
* Fix untagged only buttonArthurHoaro2017-08-191-1/+1
|
* Adding missing empty() as spotted in #889 code reviewLucas Cimon2017-08-061-1/+1
|
* Merge pull request #887 from ArthurHoaro/hotfix/dash-tag-renameArthurHoaro2017-08-051-40/+18
|\ | | | | Make sure that the tag exists before altering/removing it
| * Move tag renaming code to LinkDB and unit test itArthurHoaro2017-08-051-36/+14
| |
| * Refactoring of CHANGETAG part to avoid duplicated codeArthurHoaro2017-05-311-34/+27
| |
| * Make sure that the tag exists before altering/removing itArthurHoaro2017-05-311-10/+17
| | | | | | | | Fixes #886
* | Using only one form in linklist.html + adding untaggedonly filter - fix #885Lucas Cimon2017-07-301-1/+15
| |
* | Tagcloud/list improvmentsLucas Cimon2017-06-091-1/+9
|/
* Merge pull request #882 from ArthurHoaro/feature/edit-timestampArthurHoaro2017-05-311-1/+1
|\ | | | | Add creation date when editing a link
| * Add creation date when editing a linkArthurHoaro2017-05-311-1/+1
| | | | | | | | | | | | Also, alter the title on edition Fixes #431
* | Merge pull request #880 from ArthurHoaro/hotfix/allowed-protocolsArthurHoaro2017-05-311-7/+1
|\ \ | |/ |/| Add a whitelist of protocols for URLs
| * Add a whitelist of protocols for URLsArthurHoaro2017-05-251-7/+1
| | | | | | | | | | | | | | - for Shaare - for markdown description links and images Not whitelisted protocols will be replaced by `http://`
* | Merge pull request #841 from ArthurHoaro/feature/search-no-tagArthurHoaro2017-05-251-3/+15
|\ \ | | | | | | Empty tag search will look for not tagged links
| * | Empty tag search will look for not tagged linksArthurHoaro2017-05-251-3/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #784 From now, searching for tags with an empty value will return only not tagged links, with the search bar showing `x results [not tagged]`. Note that using the api, the searchtags request parameter must be set to `false` to get the same result. - [ ] Update API doc
* | | Adds a taglist view with edit/delete buttonsArthurHoaro2017-05-251-12/+28
| | | | | | | | | | | | | | | | | | * The tag list can be sort alphabetically or by most used tag * Edit/Delete are perform using AJAX, or fallback to 'do=changetag' page * New features aren't backported to vintage theme
* | | Move tagcloud template file to tag.cloudArthurHoaro2017-05-251-1/+1
| | |
* | | Add an endpoint to refresh the tokenArthurHoaro2017-05-251-0/+7
| | | | | | | | | | | | Useful for AJAX requests which burns the token
* | | Merge pull request #819 from ArthurHoaro/feature/multi-deleteArthurHoaro2017-05-251-8/+11
|\ \ \ | | | | | | | | Bulk deletion
| * | | Bulk deletionArthurHoaro2017-05-081-8/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add a checkboxes in linklist which display a sub-header containing action buttons * Strongly rely on JS * Requires a modern browser (ES6 syntax support) * Checkboxes are hidden if the browser is old or JS disabled
* | | | Adding ability to display subtags in tagcloudLucas Cimon2017-05-241-3/+6
| |_|/ |/| |
* | | PubSubHub: remove dead codeArthurHoaro2017-05-091-21/+0
|/ /