| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Relates to https://github.com/shaarli/Shaarli/pull/731
Added:
- require the presence of the 'Authorization' header
Changed:
- use the HTTP Bearer Token authorization schema
See:
- https://jwt.io/introduction/#how-do-json-web-tokens-work-
- https://tools.ietf.org/html/rfc6750
- http://security.stackexchange.com/q/108662
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|\
| |
| | |
Theme manager: improvements
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes https://github.com/shaarli/Shaarli/issues/737
Added:
- Base64Url utilities
Fixed:
- use URL-safe Base64 encoding/decoding functions
- use byte representations for HMAC digests
- all JWT parts are Base64Url-encoded
See:
- https://en.wikipedia.org/wiki/JSON_Web_Token
- https://tools.ietf.org/html/rfc7519
- https://scotch.io/tutorials/the-anatomy-of-a-json-web-token
- https://jwt.io/introduction/
- https://en.wikipedia.org/wiki/Base64#URL_applications
- https://secure.php.net/manual/en/function.base64-encode.php#103849
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|\
| |
| | |
Hide default ports in local URL behind a reverse proxy
|
| | |
|
|/
|
|
|
|
| |
Closes https://github.com/shaarli/Shaarli/issues/735
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|
|
|
|
|
|
| |
* Private tags: make sure empty tags are properly filtered
* Search results:
* Use preg_split instead of function combination
* Add normalize_spaces to remove extra whitespaces displaying empty tags search
|
| |
|
|
|
|
|
|
| |
* REST API routes are handle by Slim.
* Every API controller go through ApiMiddleware which handles security.
* First service implemented `/info`, for tests purpose.
|
|
|
|
|
|
|
|
| |
API settings:
- api.enabled
- api.secret
The API settings will be initialized (and the secret generated) with an update method.
|
|
|
|
|
|
|
| |
All existing link will keep their permalinks.
New links will have smallhash generated with date+id.
The purpose of this is to avoid collision between links due to their creation date.
|
| |
|
|\
| |
| | |
Markdown: fixes feed rendering with nomarkdown tag
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* make sure we match exactly `nomarkdown` tag
* pass the whole link data to stripNoMarkdownTag() to:
* strip the noMD tag in taglist (array)
* strip the tag in tags (string)
Fixes #689
tmp
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If `mod_version` is enabled, the previous syntax will apply for Apache <2.4.
If not, the new syntax is used by default.
Fixes #676
`mod_version` identifier is `version_module` across all Apache versions. See:
* https://httpd.apache.org/docs/current/mod/mod_version.html
* https://httpd.apache.org/docs/2.2/mod/mod_version.html
* https://serverfault.com/questions/733910/how-do-i-load-mod-version-only-if-it-isnt-built-in-to-apache
Note that version_module comes built-in with Debian (and derivatives) Apache2 packages, see https://wiki.debian.org/Apache/PackagingFor24
|
|
|
|
|
|
| |
Fixes #672
+ Markdown to HTML unit test
|
|\
| |
| | |
LinkDB: code cleanup
|
| |
| |
| |
| |
| |
| | |
Relates to https://github.com/shaarli/Shaarli/issues/95
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
| |
| |
| |
| |
| | |
Relates to https://github.com/shaarli/Shaarli/issues/95
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |
| |
| |
| |
| |
| | |
Relates to #95
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|\ \
| |/
|/| |
Fix hashtag links in Feeds
|
| |
| |
| |
| | |
Make the hashtag link absolute in feeds to work properly in RSS syndication tools.
|
|/ |
|
|\
| |
| | |
Isso comments plugin
|
| |
| |
| |
| | |
Use Isso client to let visitors comments on permalinks
|
|\ \
| |/
|/| |
Fix: return the proper value for the "self" feed attribute
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes https://github.com/shaarli/Shaarli/issues/629
Closes https://github.com/shaarli/Shaarli/pull/630
Note: you might need to empty the "pagecache" directory for the
fix to be taken into account
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
|/
|
|
|
|
|
|
| |
All plugins can optionally add an init function named `pluginname_init()` which is called when the plugin is loaded.
This function is aware of the config, and can return initialization errors, which are displayed in the header template.
Note that the previous error system hack no longer work.
|
|\
| |
| |
| |
| | |
Archive.org plugin: do not propose archival of private notes
Fixes #637
|
| |
| |
| |
| | |
Fixes #637
|
|\ \
| | |
| | | |
Save link update dates and render it in templates and feeds
|
| | |
| | |
| | |
| | |
| | | |
RSS doesn't support updated date for items, so we use the ATOM extension.
Updated dates also bump the global update
|
|\ \ \
| |_|/
|/| | |
Add trusted IPs in config and try to ban forwarded IP on failed login
|
| |/
| |
| |
| |
| |
| |
| |
| | |
* Add a new settings (which needs to be manually set): `security.trusted_proxies`
* On login failure, if the `REMOTE_ADDR` is in the trusted proxies, try to retrieve the forwarded IP in headers.
* If found, the client address is added in ipbans, else we do nothing.
Fixes #409
|
|\ \
| | |
| | | |
Add a description to plugin parameters
|
| | |
| | |
| | |
| | |
| | |
| | | |
Plugin parameter can contain a description in their meta file under the key:
parameter.<param_name>="<description>"
|
| | |
| | |
| | |
| | | |
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Relates to https://github.com/shaarli/Shaarli/issues/607
Modifications:
- [application][tests] NetscapeBookmarkUtils: more permissive doctype detection
The IE bookmark exports contain extra escape sequences, which can be observed
by binary comparison of the reference input data used in tests:
$ cmp -b -l -n 8 netscape_basic.htm internet_explorer_encoding.htm
1 74 < 357 M-o
2 41 ! 273 M-;
3 104 D 277 M-?
4 117 O 74 <
5 103 C 41 !
6 124 T 104 D
7 131 Y 117 O
8 120 P 103 C
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Relates to #607
Relates to #608
Relates to #493 (abandoned)
Additions:
- use Composer's autoload to load 3rd-party dependencies under vendor/
Modifications:
- [import] replace the current parser with a generic, stable parser
- move code to application/NetscapeBookmarkUtils
- improve status report after parsing
- [router] use the same endpoint for both bookmark upload and import dialog
- [template] update bookmark import options
- allow adding tags to all imported links
- allow selecting the visibility (privacy) of imported links
- [tests] ensure bookmarks are properly parsed and imported in the LinkDB
- reuse reference input from the parser's test data
See:
- https://github.com/shaarli/netscape-bookmark-parser
- https://getcomposer.org/doc/01-basic-usage.md#autoloading
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
|
| |/
|/|
| |
| | |
It matches the API of ngettext().
|
|\ \
| | |
| | | |
Fix update method escapeUnescapedConfig
|
| |/
| |
| |
| |
| |
| |
| | |
* Actually run it
* unit tests
Fixes #611
|
| |
| |
| |
| |
| |
| | |
Correct PR #573 to work properly with hidden tags, and add ReferenceLinkDB UT.
Fixes #571 - Closes #573
|
|/ |
|
|\
| |
| | |
Hide expected 'error_log' while running TU (clean PHPUnit log)
|
| | |
|