aboutsummaryrefslogtreecommitdiffhomepage
path: root/tpl
Commit message (Collapse)AuthorAgeFilesLines
* New QR-Code generation codeSébastien SAUVAGE2013-09-251-20/+60
| | | | | | | | | | * QR-Code generation now uses a client-side javascript library instead of an external service. This is better for user privacy. * Library used is http://neocotic.com/qr.js/ (11 kb). * jQuery is no longer used to display QR-Code (this is a first step in removing jQuery entirely). * This library is loaded *only* if the QR-Code icon is clicked. * If javascript is disabled, it will fallback to the external service. * External service was changed from "invx.com" to "qrfree.kaywa.com" because invx has become bloated. By loading the javascript library *only* if the icon is clicked, it will prevent the 11 kb lib to be loaded in every page.
* Merge pull request #43 from dsferruzza/highlight-search-resultsSébastien SAUVAGE2013-03-111-0/+10
|\ | | | | Highlight search results
| * Avoid highlighting paging stuffDavid Sferruzza2013-03-101-1/+1
| |
| * Highlight search results (issue #4)David Sferruzza2013-03-101-0/+10
| | | | | | | | Uses http://bartaz.github.com/sandbox.js/jquery.highlight.html
* | Move lazyload init inside the body tagDavid Sferruzza2013-03-101-1/+2
|/
* [add] https://github.com/sebsauvage/Shaarli/issues/20 New links created as ↵Knah Tsaeb2013-03-042-3/+11
| | | | private by default.
* Corrected vulnerabilities (see report below)Sebastien SAUVAGE2013-03-032-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Title : Shaarli Vulnerabilities Author : @erwan_lr | @_WPScan_ Vendor : http://sebsauvage.net/wiki/doku.php?id=php:shaarli Download : https://github.com/sebsauvage/Shaarli/archive/master.zip | http://sebsauvage.net/files/shaarli_0.0.40beta.zip Affected versions : master-705F835, 0.0.40-beta (versions below may also be vulnerable) Vulnerabilities : Persistent XSS & Unvalidated Redirects and Forwards Persistent XSS : - During the instalation or configuration modification, the title field is vulnerable. e.g <script>alert(1)</script> Quotes can not be used because of var_export(), but String.fromCharCode works - The url field of a link is vulnerable : When there is no redirector : javascript:alert(1) Then, the code is triggered when a user click the url of a link Or with a classic XSS : "><script>alert(1)</script> Unvalidated Redirects and Forwards : A request with the param linksperpage or privateonly can be used to redirect a user to an arbitrary referer e.g GET /Audit/Shaarli/master-705f835/?linksperpage=10 HTTP/1.1 Host: 127.0.0.1 Referer: https://duckduckgo.com History : March 2, 2013 - Vendor contacted
* Added option to disable jQuery and heavy javascriptSebastien SAUVAGE2013-03-015-8/+24
| | | | | | | | | | | | | Shaarli uses light Javascript in its normal operation, and some jQuery for some features (autocomplete in tags, QR-Code popup...). jQuery can be slow on small computers. An option has been added in configuration screen to disable javascript features which are hard on CPU. (Note that the Picture Wall is awfully heavy *without* jQuery.) (Side note: A *LOT* of users want Shaarli to work without javasript at all, if possible. That's why I try to use as few javascript as possible: It keeps Shaarli pages fast.)
* After clicking save/cancel on a link, scroll to the link itself.Sébastien SAUVAGE2013-02-271-0/+1
|
* Edit/delete button on the left-side of links.Sébastien SAUVAGE2013-02-271-4/+6
| | | | https://github.com/sebsauvage/Shaarli/issues/5
* Initial commit (version 0.0.40 beta)v0.0.40betaSébastien SAUVAGE2013-02-2622-0/+530