aboutsummaryrefslogtreecommitdiffhomepage
path: root/tpl
Commit message (Collapse)AuthorAgeFilesLines
* bookmarklet: use selected text as description when adding a new linknodiscc2014-08-111-1/+1
| | | | | | | | | * Based on romnGit's work at https://github.com/sebsauvage/Shaarli/pull/104 * Fixes https://github.com/shaarli/Shaarli/issues/18 * Closes https://github.com/sebsauvage/Shaarli/pull/104 * Fixes https://github.com/sebsauvage/Shaarli/issues/53 * Fixes https://github.com/sebsauvage/Shaarli/issues/129 * Fixes https://github.com/sebsauvage/Shaarli/issues/33
* Adds the tip for the title link in the configuration pageChristophe HENRY2014-07-271-1/+1
|
* Adds a configuration variable "titleLink" which allows to customize theChristophe HENRY2014-07-272-2/+3
| | | | link on the title.
* Removed jQuery from almost all pagesSebastien SAUVAGE2013-09-256-26/+25
| | | | | | | | jQuery has been removed from all pages, except those who really require it (like autocomplete in link edition). Immediate gain: All pages weight 286 kb LESS ! \o/ Highlighting in search results has also been temporarly removed (and will be re-implemented).
* New QR-Code generation codeSébastien SAUVAGE2013-09-251-20/+60
| | | | | | | | | | * QR-Code generation now uses a client-side javascript library instead of an external service. This is better for user privacy. * Library used is http://neocotic.com/qr.js/ (11 kb). * jQuery is no longer used to display QR-Code (this is a first step in removing jQuery entirely). * This library is loaded *only* if the QR-Code icon is clicked. * If javascript is disabled, it will fallback to the external service. * External service was changed from "invx.com" to "qrfree.kaywa.com" because invx has become bloated. By loading the javascript library *only* if the icon is clicked, it will prevent the 11 kb lib to be loaded in every page.
* Merge pull request #43 from dsferruzza/highlight-search-resultsSébastien SAUVAGE2013-03-111-0/+10
|\ | | | | Highlight search results
| * Avoid highlighting paging stuffDavid Sferruzza2013-03-101-1/+1
| |
| * Highlight search results (issue #4)David Sferruzza2013-03-101-0/+10
| | | | | | | | Uses http://bartaz.github.com/sandbox.js/jquery.highlight.html
* | Move lazyload init inside the body tagDavid Sferruzza2013-03-101-1/+2
|/
* [add] https://github.com/sebsauvage/Shaarli/issues/20 New links created as ↵Knah Tsaeb2013-03-042-3/+11
| | | | private by default.
* Corrected vulnerabilities (see report below)Sebastien SAUVAGE2013-03-032-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Title : Shaarli Vulnerabilities Author : @erwan_lr | @_WPScan_ Vendor : http://sebsauvage.net/wiki/doku.php?id=php:shaarli Download : https://github.com/sebsauvage/Shaarli/archive/master.zip | http://sebsauvage.net/files/shaarli_0.0.40beta.zip Affected versions : master-705F835, 0.0.40-beta (versions below may also be vulnerable) Vulnerabilities : Persistent XSS & Unvalidated Redirects and Forwards Persistent XSS : - During the instalation or configuration modification, the title field is vulnerable. e.g <script>alert(1)</script> Quotes can not be used because of var_export(), but String.fromCharCode works - The url field of a link is vulnerable : When there is no redirector : javascript:alert(1) Then, the code is triggered when a user click the url of a link Or with a classic XSS : "><script>alert(1)</script> Unvalidated Redirects and Forwards : A request with the param linksperpage or privateonly can be used to redirect a user to an arbitrary referer e.g GET /Audit/Shaarli/master-705f835/?linksperpage=10 HTTP/1.1 Host: 127.0.0.1 Referer: https://duckduckgo.com History : March 2, 2013 - Vendor contacted
* Added option to disable jQuery and heavy javascriptSebastien SAUVAGE2013-03-015-8/+24
| | | | | | | | | | | | | Shaarli uses light Javascript in its normal operation, and some jQuery for some features (autocomplete in tags, QR-Code popup...). jQuery can be slow on small computers. An option has been added in configuration screen to disable javascript features which are hard on CPU. (Note that the Picture Wall is awfully heavy *without* jQuery.) (Side note: A *LOT* of users want Shaarli to work without javasript at all, if possible. That's why I try to use as few javascript as possible: It keeps Shaarli pages fast.)
* After clicking save/cancel on a link, scroll to the link itself.Sébastien SAUVAGE2013-02-271-0/+1
|
* Edit/delete button on the left-side of links.Sébastien SAUVAGE2013-02-271-4/+6
| | | | https://github.com/sebsauvage/Shaarli/issues/5
* Initial commit (version 0.0.40 beta)v0.0.40betaSébastien SAUVAGE2013-02-2622-0/+530