| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Allow custom date format and title in templates.
Also a bit of code style review.
Fixes #182
|
| |
|
|
|
|
|
|
|
|
|
|
| |
I reviewed character escaping everywhere with the following ideas:
* use a single common function to escape user data: `escape` using `htmlspecialchars`.
* sanitize fields in `index.php` after reading them from datastore and before sending them to templates.
It means no escaping function in Twig templates.
2 reasons:
* it reduces risks of security issue for future user made templates
* more readable templates
* sanitize user configuration fields after loading them.
|
| |
|
|
|
| |
Use of undefined constant htmlspecialchars - assumed 'htmlspecialchars' in /var/www/links/tmp/dailyrss.*
Thanks @alexisju in https://github.com/shaarli/Shaarli/commit/bec18701801cc140d760c261dd115fda1507a0dd
|
| | |
|
| |
|
