1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
|
# Change Log
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/)
and this project adheres to [Semantic Versioning](http://semver.org/).
## [v0.9.4](https://github.com/shaarli/Shaarli/releases/tag/v0.9.4) - UNPUBLISHED
### Added
- Enable translations: Shaarli is now also available in French. Other language translations are welcome!
- Add EditorConfig configuration
- Add favicons for mobile devices
- Add Alpine Linux arm32v7 Dockerfiles (master, latest)
### Changed
- Do not write bookmark edition history during file imports (performance)
- Migrate Docker images (master, latest) to Alpine Linux
- Improve unitary tests and code coverage
- Improve thumbnail display
- Improve theme ergonomics
- Improve messages if there is no plugin or parameter available in the admin page
- Increase buffer size for cURL download
- Force HTTPS if the original port is 443 behind a reverse proxy (workaround)
### Removed
- Remove redirector setting from Configure page
### Fixed
- Fix broken links in the documentation
- Enable access to `data/user.css` (Apache 2.2 & 2.4)
- Don't URL encode description links if parameter `redirector.encode_url` is set to false
- Fix an issue preventing the Save button to appear for plugin parameters
## [v0.9.3](https://github.com/shaarli/Shaarli/releases/tag/v0.9.3) - 2018-01-04
**XSS vulnerability fixed. Please update.**
## Security
- Fix an XSS (cross-site-scripting) vulnerability in `index.php` -
[CVE-2018-5249](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5249)
## [v0.9.2](https://github.com/shaarli/Shaarli/releases/tag/v0.9.2) - 2017-10-07
**Major security issue fixed. Please update.**
### Added
- Tag search now supports wildcards `*`
- New setting `privacy.force_login` which can be used with `privacy.hide_public_links` to redirect anonymous users to the login page.
- New setting `general.default_note_title` used to override default `Note:` title prefix for notes.
- Add a version hash for asset loading to prevent browser's cache issue
### Changed
- The "Remember me" checkbox is unchecked by default
- The default value of the "Remember me" checkbox can be configured under `data/config.json.php`
### Removed
- Remove obsolete PHP magic quote support
### Fixed
- Generates a permalink URL if the URL is set to blank
- Replace links to the old GitHub wiki with ReadTheDocs URIs
- Use single quotes in the note bookmarklet
- Daily page if there is no link
- Bulk link deletion with a single link
- HTTPS detection behind a reverse proxy
- Travis tests environment and localization
- Improve template paths robustness (trailing slash)
- Robustness: safer gzinflate/zlib usage
- Description links parsing with parenthesis (without Markdown)
- Templates:
- Sort the tag cloud alphabetically
- Firefox social title
- Improved visited link color
- Fix jumpy textarea with long content in post edit
### Security
- Fixed reflected XSS vulnerability introduced in v0.9.1, discovered by @chb9 ([CVE-2017-15215](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15215)).
## [v0.9.1](https://github.com/shaarli/Shaarli/releases/tag/v0.9.1) - 2017-08-23
The documentation has been migrated to ReadTheDocs:
- https://shaarli.readthedocs.io/
- edits are submitted as pull requests
### Added
- Allow bulk link deletion
- Display subtags in the tag cloud
- Add an endpoint to refresh the token
- Add a token on every page
- Add a tag list view for management
- Add Note bookmarklet
- Add creation date when editing a link
### Changed
- Documentation:
- Generate static HTML documentation with [mkdocs](http://www.mkdocs.org/)
- Host documentation on [ReadTheDocs](http://www.mkdocs.org/)
- Update documentation structure
- Update Makefile targets to:
- Build the docs locally
- Include the generated docs in the release archives
- Theme:
- Use the new theme as the default
- Rename the tag cloud template to `tag.cloud.html`
- Display visited links in grey
- Use only one search form in `linklist.html`
- Hide the "search links with these tags" option when an empty `searchtags` is passed to `tag.list.html`
- Improve HTTP header handling when hosting Shaarli with Docker behind a reverse proxy
- Searching for tags with an empty value returns untagged links only
- Set Travis environment to `precise` until the new `trusty` environment is ready
### Removed
- Remove dead Pubsubhubbub code
- Disable the GitHub wiki (see changed/documentation)
- Remove Docker `dev` image and resources
- Theme:
- Remove the bottom "Sort by" menu in `tag.list.html`
### Fixed
- Fix file existence check for `user.css`
- Limit selection to 2k characters when using the bookmarklet
- Fix JS error `uncaught type error`
- Fix Firefox Social button
- Use pinned PHP dependencies when generating release archives
- Make sure that the tag exists before altering/removing it
### Security
- Add a whitelist for protocols for URLs
## [v0.9.0](https://github.com/shaarli/Shaarli/releases/tag/v0.9.0) - 2017-05-07
This release introduces the REST API, and requires updating HTTP server
configuration to enable URL rewriting, see:
- https://shaarli.github.io/api-documentation/
- https://shaarli.readthedocs.io/en/master/Server-configuration/
**WARNING**: Shaarli now requires PHP 5.5+.
### Added
- REST API v1
- [Slim](https://www.slimframework.com/) framework
- [JSON Web Token](https://jwt.io/introduction/) (JWT) authentication
- versioned API endpoints:
- `/api/v1/info`: get general information on the Shaarli instance
- `/api/v1/links`: get a list of shaared links
- `/api/v1/history`: get a list of latest actions
Theming:
- Introduce a new theme
- Allow selecting themes/templates from the configuration page
- New/Edit link form can be submitted using CTRL+Enter in the textarea
- Shaarli version is displayed in the footer when logged in
- Add plugin placeholders to Atom/RSS feed templates
- Add OpenSearch to feed templates
- Add `campaign_` to the URL cleanup pattern list
- Add an AUTHORS file and Makefile target to list authors from Git commit data
- Link imports are now logged in `data/` folder, and can be debug using `dev.debug=true` setting.
- `composer.lock` is now included in git file to allow proper `composer install`
- History mechanism which logs link addition/modification/deletion
### Changed
- Docker: enable nginx URL rewriting for the REST API
- Theming:
- Move `user.css` to the `data` folder
- Move default template files to a subfolder (`default`)
- Rename the legacy theme to `vintage`
- Private only filter is now displayed as a search parameter
- Autocomplete: pre-select the first element
- Display daily date in the page title (browser title)
- Timezone lists are now passed as an array instead of raw HTML
- Move PubSubHub to a dedicated plugin
- Coding style:
- explicit method visibility
- safe boolean comparisons
- remove unused variables
- The updater now keeps custom theme preferences
- Simplify the COPYING information
- Improved client locale detection
- Improved date time display depending on the locale
- Partial namespace support for Shaarli classes
- Shaarli version is now only present in `shaarli_version.php`
- Human readable maximum file size upload
### Removed
- PHP < 5.5 compatibility
- ReadItYourself plugin
### Fixed
- Ignore generated release tarballs
- Hide default port when behind a reverse proxy
- Fix a typo in the Markdown plugin description
- Fix the presence of empty tags for private tags and in search results
- Fix a fatal error during the install
- Fix permalink image alignment in daily page
- Fix the delete button in `editlink`
- Fix redirection after link deletion
- Do not access LinkDB links by ID before the Updater applies migrations
- Remove extra spaces in the bookmarklet's name
- Piwik plugin: Piwik URL protocol can now be set (http or https)
- All inline JS has been moved to dedicated JS files
- Keep tags after login redirection
### Security
- Markdown plugin: escape HTML entities by default
## [v0.8.5](https://github.com/shaarli/Shaarli/releases/tag/v0.8.5) - 2018-01-04
**XSS vulnerability fixed. Please update.**
## Security
- Fix an XSS (cross-site-scripting) vulnerability in `index.php` -
[CVE-2018-5249](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5249)
## [v0.8.4](https://github.com/shaarli/Shaarli/releases/tag/v0.8.4) - 2017-03-04
### Security
- Markdown plugin: escape HTML entities by default
## [v0.8.3](https://github.com/shaarli/Shaarli/releases/tag/v0.8.3) - 2017-01-20
### Fixed
- PHP 7.1 compatibility: add ConfigManager parameter to anti-bruteforce function call in login template.
## [v0.8.2](https://github.com/shaarli/Shaarli/releases/tag/v0.8.2) - 2016-12-15
### Fixed
- Editing a link created before the new ID system would change its permalink.
## [v0.8.1](https://github.com/shaarli/Shaarli/releases/tag/v0.8.1) - 2016-12-12
> Note: this version will create an automatic backup of your database if anything goes wrong.
### Added
- Add CHANGELOG.md to track the whole project's history
- Enable Composer cache for Travis builds
- Save the last edition date for shaares and use it in Atom/RSS feeds
- Plugins:
- Add an [Isso](https://posativ.org/isso/) plugin to enable user comments on permalinks
- Allow defining init functions, e.g. for performing checks and error processing
- Add a Piwik plugin for analytics.
- Markdown: add warning notice regarding HTML rendering
- Meta tag to *not* send the referrer to external resources.
### Changed
- Link ID complete refactoring:
- Links now have a numeric ID instead of dates
- Short URLs are now created once and can't change over time (previous URL are kept)
- Templates:
- Changed placeholder behaviour for: `buttons_toolbar`, `fields_toolbar` and `action_plugin`
- Cleanup `{loop}` declarations in templates
- Tools: hide Firefox Social button when not in HTTPS
- Firefox Social: show Shaarli's title when shaaring using Firefox Social
- Release archives now have the same structure as GitHub-generated archives:
- archives contain a `Shaarli` directory, itself containing sources + dependencies
- the tarball is now gzipped
- Plugins:
- Markdown: Parsedown library is now imported through Composer
- Minor code cleanup: PHPDoc, spelling, unused variables, etc.
- Docker: explicitly set the maximum file upload size to 10 MiB
### Fixed
- Fix the server `<self>` value in Atom/RSS feeds
- Plugins:
- Tools: only display parameter description when it exists
- archive.org: do not propose archival of private notes
- Markdown:
- render links properly in code blocks
- bug regarding the `nomarkdown` tag
- W3C compliance
- Use absolute URL for hashtags in RSS and ATOM feeds
- Docker: specify the location of the favicon
- ATOM feed: remove new line between content tag and data
### Security
- Allow whitelisting trusted IPs, else continue banning clients upon login failure
## [v0.8.0](https://github.com/shaarli/Shaarli/releases/tag/v0.8.0) - 2016-10-12
Shaarli now uses [Composer](https://getcomposer.org/) to handle its dependencies.
Please use our release archives, or follow the
[installation documentation](https://github.com/shaarli/Shaarli/wiki/Download-and-Installation).
### Added
- Composer is required to resolve Shaarli's PHP dependencies
- Shaarli now supports `#hashtags`
- Firefox social share now uses selected text as a description
- Plugin parameters can have a description in each plugin's `.meta` file
### Changed
- Configuration is now stored as a JSON file
- Previous configuration format will be automatically updated (PHP -> JSON)
- Shaarli now defaults to cURL to fetch shaare titles
- URL cleanup: remove `PHPSESSID` parameter
- `nomarkdown` tag is no longer private, and now affects visitors
- Cleanup template indentation
- Rewrite bookmark import using a generic Netscape parser
### Removed
- Shaarli no longer references Delicious in its description
### Deprecated
- Shaarli configuration is not held as PHP globals anymore
### Fixed
- Ignore case for tags in autocompletion and cloud tag
- Avoid generating empty tags
- Fix a Dockerfile syntax error
### Security
- Fixed a bug preventing to change password
- XSRF token now generated each time a page is rendered
## [v0.7.1](https://github.com/shaarli/Shaarli/releases/tag/v0.7.1) - 2017-03-08
### Security
- Markdown plugin: escape HTML entities by default
## [v0.7.0](https://github.com/shaarli/Shaarli/releases/tag/v0.7.0) - 2016-05-14
### Added
- Adds an option to encode redirector URL parameter
- Atom/RSS feeds now support Markdown formatting, and plugins in general
- Markdown: use the tag `.nomarkdown` to avoid markdown processing
- Prefill the login field when the authentication has failed
- Show a private links counter
### Changed
- Allow to use the bookmarklet in Firefox reader view (URL clean up)
- Improve tagcloud font size
- Improve title retrieving
- Markdown: inline code background color
- Refactor Netscape bookmark export
- Refactor Atom/RSS feed generation
### Removed
- Remove delicious from Shaarli description
### Fixed
- Fix bad login redirections causing a 404 in a few cases
- Fix tagcloud font-size with French locale
- Don't display empty tags in tag search
- Fix Awesomeplete conflicts with jQuery
- Fix UTC timezone selection
- Fix a bug preventing to import notes in browsers from bookmarks export
- Don't redirect to ?post if ?addlink is reached while logged out
## [v0.6.5](https://github.com/shaarli/Shaarli/releases/tag/v0.6.5) - 2016-03-02
### Fixed
- Fixes a regression generating an unnecessary warning (language in HTTP request)
- Fixes a bug where going through multiple reverse proxy could generate malformed URL
- Markdown: Fixes a bug where empty description blocks were displayed
## [v0.6.4](https://github.com/shaarli/Shaarli/releases/tag/v0.6.4) - 2016-02-28
### Added
- Add an updater class to automate user data upgrades
- Plugin admin page: adds a label for checkboxes and improve name display
- Plugin Wallabag: API version can be specified in plugin admin page
### Changed
- Better tag cloud sorting, including special chars (`a > E > é > z`)
- Autolocale now sets all locale categories, not just time
- Use PHP's DateTime object instead of custom functions
- Plugin hooks: process includes before header/footer
- Markdown plugin: better styles for `<code>` and `<pre>` tags
- Improve searching:
- search terms are now considered separated and won't only return exact results anymore
- exact search can be done with quotes `"this exact sentence"`
- search supports excluded terms starting a dash `-exclude`
- implement crossed search: terms + tags
- all of them combined across all shaare fields
- New tag behaviour:
- tags starting with a dash will be renamed without it
- tags starting with a dot `.` will be hidden unless the user is logged in
### Fixed
- Fix Markdown plugin escape issues (code/quote blocks, etc.)
- Link description aren't trimmed anymore to allow markdown format at the beginning of a shaare
- Fixes plugin admin redirection page on error
### Security
- Fix a bug where non initialized variables were causing a warning
- Fix a bug where saving a link after edit could cause a 404 error
## [v0.6.3](https://github.com/shaarli/Shaarli/releases/tag/v0.6.3) - 2016-01-31
### Added
- Plugins administration page
- Markdown plugin added for shaares description
- Docker: Dockerfile is now in the main git repository and improved
- Add a `.gitattributes` to ease repository management
- Travis: include file permission checks
### Changed
- Auto retrieve of title know works with websites (HTTPS, follow redirections, etc.)
- 404 page is now handled in a template
- Date in log files updated to work with fail2ban
- Wallabag: support of Wallabag v2 and minor fixes
- Link search refactoring
- Logging function refactoring
### Fixed
- Fix a bug where renaming a tag was causing a 404
- Fix a bug allowing to search blank terms
- Fix a bug preventing to remove a tag with special chars when searching
## [v0.6.2](https://github.com/shaarli/Shaarli/releases/tag/v0.6.2) - 2015-12-23
### Changed
- Plugins: new footer hook
- Plugins: improve QR code
- Cleanup templates
### Fixed
- Plugins: use the actual link URL to generate QR codes
- Templates: missing/erroneous page titles
- Templates: missing variables resulting in PHP errors
### Security
- Fix invalid file permissions (remove executable bit)
## [v0.6.1](https://github.com/shaarli/Shaarli/releases/tag/v0.6.1) - 2015-12-01
### Added
- Add OpenSearch support
- Add a Doxygen makefile target
- Tools: add fine-grained file/directory permission checks (installation)
### Changed
- Tools: check the 'stable' branch for new versions (updates)
- Cleanup: introduce an `ApplicationUtils` class
### Removed
- Cleanup: remove `json_encode()` function (built-in since PHP 5.2)
### Fixed
- Auto-complete more than one tag
- Bookmarklet: support titles containing quotes
- URL encode links when setting a redirector
## [v0.6.0](https://github.com/shaarli/Shaarli/releases/tag/v0.6.0) - 2015-11-18
### Added
- Introduce a plugin system
- Add a demo_plugin
- Add plugins:
- addlink_toolbar
- archiveorg
- playvideos
- qrcode
- readityourself
- wallabag
### Changed
- Coding style
### Fixed
- Adding a new link now returns the correct anchor in the URL
- Set default file permissions
## [v0.5.4](https://github.com/shaarli/Shaarli/releases/tag/v0.5.4) - 2015-09-15
### Added
- HTTPS: support being served behing an SSL-enabled proxy
### Changed
- HTTP/Server utilities: refactor & add test coverage
- Project & documentation:
- improve/rewrite `README.md`
- update contributor list
- update `index.php` header
### Fixed
- PHP session IDs: handle hash algorithms and bits per char representations
## [v0.5.3](https://github.com/shaarli/Shaarli/releases/tag/v0.5.3) - 2015-09-02
### Fixed
- Fix a bug that could prevent user to login
## [0.5.3](https://github.com/shaarli/Shaarli/releases/tag/0.5.3) - 2015-09-02
This release has been YANKED as it points to a tag that does not follow our naming convention. Please use `v0.5.3` instead
### Fixed
- Allow uppercase letters in PHP sessionid format
## [v0.5.2](https://github.com/shaarli/Shaarli/releases/tag/v0.5.2) - 2015-08-31
### Added
- Add PHP 7 to Travis platforms
### Changed
- Also extract HTTPS page metadata (title)
### Fixed
- Fix regression preventing to load LinkDB info when adding an existing link
### Security
- Fix Full Path Disclosure upon cookie forgery
## [v0.5.1](https://github.com/shaarli/Shaarli/releases/tag/v0.5.1) - 2015-08-17
### Added
- Add a link to the shaarli/shaarli DockerHub repository
### Changed
- Update local documentation
- Improve timezone detection at installation
- Improve feed cache handling
- Improve URL cleanup for new links
### Fixed
- Fix 404 after editing a link while being logged out
## [v0.5.0](https://github.com/shaarli/Shaarli/releases/tag/v0.5.0) - 2015-07-31
### Added
- Add Firefox Social API
- Start code refactoring:
- add unit test coverage
- add Travis integration
### Changed
- Search/Filter by tag fieds can now be accessed quickly with the `Tab` key
- Update documentation
- Remove duplicate tags in links
- Remove annoying URL patterns
- Start code refactoring:
- move all settings to `data/config.php`
- refactor Config, LinkDB, TimeZone, Utils
### Fixed
- Fix locale handling
- Fix note URLs
- Fix page redirections
- Fix daily RSS browsing
- Fix title display
- Restore compatibility with PHP 5.3
### Security
- Fix links not being hidden when `HIDE_PUBLIC_LINKS` is set
## [v0.0.45beta](https://github.com/shaarli/Shaarli/releases/tag/v0.0.45beta) - 2015-03-16
### Fixed
- Fix improperly displayed Unicode character
- Fix incorrect font size for "Add link" input field
## [v0.0.44beta](https://github.com/shaarli/Shaarli/releases/tag/v0.0.44beta) - 2015-03-15
### Added
- Add a Makefile to run static code checkers
- Add local documentation (help link in page footer)
- Use awesomplete library for autocompletion
- Use bLazy.js library for images lazy loading
- New 'Add Note' bookmarklet to immediatly open a note (text post) compose window
### Changed
- Theme improvements and cleanup (menu, search fields, icons, linklist...)
- Allow 'javascript:' links sharing (bookmarklets)
- Make update check optional
- Redirect to homepage after adding a link via "Add Link" dialog
- Remove more annoying URL parameters for shared links
- Code cleanup
### Removed
- Remove jQuery
### Security
- Don't disclose version to visitors (shaarli-version.txt)
## [v0.0.43beta](https://github.com/shaarli/Shaarli/releases/tag/v0.0.43beta) - 2015-02-20
### Added
- Title button link URL is now configurable
- RainTPL's TMP and TPL directories path are now configurable
- Displayed URLs for each link are now clickable links
- Show links timestamps in Daily view
### Changed
- Automatically prepend "Note:" to title of self-posts (posts not pointing to an URL)
- Make ATOM toolbar button optional (`SHOW_ATOM` configuration variable)
- Optional archive.org links for each Shaarli link (`ARCHIVE_ORG` option)
- Thumbnails: force HTTPS when possible
- Improve tag cloud font scaling
- Allow pointing RSS items to the permalink instead of the direct URL (`ENABLE_RSS_PERMALINKS` option)
- Update JS libraries and add version numbers in filenames
- Updates to README and footer
### Fixed
- Fix problems when running Shaarli behind a reverse proxy (invalid RSS feed URL)
- Update check now checks against the community fork version
- Include `cache/`, `data/`, `pagecache/` and `tmp/` directories in the repository
- Fix duplicate tag search returning no results
- Fix unnecessary 404 error on "Add link" when the user is logged out
- Fixes to copyright/licensing information and unlicensed media
- Fixes for tag cloud invalid links
- Coding style fixes/cleanup
- Fix redirection after deleteing a link leading to a 404 error
- Shaarli's HTML is now W3C-compliant
- Search now works with Unicode characters
### Security
- Do not leak server's PHP version and Shaarli's full path on errors
- Prevent Shaarli from sending a lot of duplicate cookies
## [v0.0.42beta](https://github.com/shaarli/Shaarli/releases/tag/v0.0.42beta) - 2014-07-27
### Added
- Add QRCode Javascript library
- Allow importing bookmarks with the same timestamp (hack)
- Allow putting a description in the bookmarklet URL
- Add `json_encode()` implementation for PHP<5.2
- Highlight search results
### Changed
- Improve 'Stay signed in' behaviour
- Improve `smallHash()`
- Refactor QRCode generation
- Update Javascript lazyloading
- Update CSS
### Removed
- Remove jQuery from almost all pages
### Fixed
- Fix overlapping tags
- Fix field foxus in the bookmarklet
- Fix error message when `data/` is not writable
- Fix HTML generation
### Security
- Fix XSS flaw
## [v0.0.41beta](https://github.com/shaarli/Shaarli/releases/tag/v0.0.41beta) - 2013-03-08
### Added
- Add HTTPS to the allowed protocols
- Add support for magnet links in link descriptions
- Allow creating new links as private by default
- Allow disabling jQuery
- Check write permissions
- Check session support before installation
### Changed
- Improve token security
- RSS feed: allow inverting links/permalinks
### Fixed
- Fix display issues during installation
- Fix popup redirection after login failure
- Fix RSS formatting for Thunderbird
- Fix thumbnail creation
- Fix cache purge
### Security
- Fix login issue with WebKit browsers
## [v0.0.40beta](https://github.com/shaarli/Shaarli/releases/tag/v0.0.40beta) - 2013-02-26
Initial release on GitHub.
## [v0.0.40beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) - 2012-08-24
### Added
- Flickr thumbnail now also support albums, galleries and users
- Add a configuration option to disable session cookie protection
Check this if your get disconnected often or your IP address changes often
### Removed
- Removed the xml comment in cached RSS/ATOM feed
(although W3C-compliant, this may cause problems in some feed readers)
### Fixed
- A bug in the RSS cache would present old items as new in some cases
- A small bug (non-initialized variable) in page cache cleaning
- Proper "Nothing found" message when search returns no results
- No more 404 error when searching with empty input
- Flickr thumbnails are back (Flickr has made some changes to their domains)
## [v0.0.39beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) - 2012-08-10
### Added
- A cache for RSS feed, ATOM feed and Daily RSS feed, because these URLs
are massively hammered. Cache is automatically purged whenever the database
is changed. This will reduce server load. I may add cache to other pages later.
### Changed
- No more global `$LINKSDB` (Yuk)
- Background color was removed when hovering a link
### Fixed
- Small bug corrected in config screen on timezones
- Calling a non-existing permalink now returns a crude 404 error instead of 200 (OK)
This is done on purpose
- The `shaarli` session cookie now has a proper path
Thus you can now install several Shaarlis on the same server in different paths,
and each will have its session
- Now when you delete a link, you go back the same page/search parameters you were on
- Restore previously removed `error_get_last()`, to ensure PHP 5.1 compatibility
(Yes, now it works on free.fr hosting)
- Added `dialog=1` in bookmarklet code for some browsers
## [v0.0.38beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) - 2012-02-06
### Added
- Automatic creation of the `tmp` directory with proper rights (for RainTPL)
- When you click the key to see only private links, it turns yellow
### Changed
- The "Daily" page now automatically skips empty days.
### Fixed
- Corrected the tag encoding (there was a bug when selecting a second tag which contains accented characters)
## [v0.0.37beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) - 2012-02-01
### Added
- Basic CSS for mobiles, which makes Shaarli //much// more usable on mobile devices
- Picture wall no more instantly kills your browser. Now it uses
[lazy image loading](http://www.appelsiini.net/projects/lazyload);
the pictures are loaded only as you scroll the page.
This will reduce browser memory usage (especially on mobile devices),
as well as server load.
If you have javascript disabled, the page will still work as before
(all images loaded at once)
- RSS feed for the "Daily" page. 1 RSS entry per day, with all links of that day.
RSS feed provides the last 7 days (only non-empty days are returned).
- In link list, added an icon to see only private links. Click to toggle (only private / all)
## [v0.0.36beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) - 2012-01-25
### Added
- Shaarli licence in COPYING
### Changed
- Display adjustments in "Daily" page
### Fixed
- Improper text color in install form
- Error in QRCode url (missing '?')
## [v0.0.35beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) - 2012-01-25
### Fixed
- Corrected a bug introduced in 0.0.34 which would improperly preprend data to URLs
## [v0.0.34beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) - 2012-01-25
### Added
- There is now a QR-Code of each permalink to easily open a link on your smartphone
- Protocols `file:` and `apt:` are now also converted to clickable links (patch by Francis Chavanon)
- Thumbnail support for http://xkcd.com/ (patch by Emilien Klein)
- Thumbnail support for http://pix.toile-libre.org/
- Well I had _some_ mercy for users with antique browsers (IE) which do not have
support for gradients: I added a few `background-color`
- First version of the "Shaarli Daily", a page showing all links of a specific day.
By default, you see the links of the previous day.
There is still work to do on this page (error checking, better navigation (calendar?),
RSS feed, CSS for mobile and printing...)
### Changed
- Upgraded bundled versions of jQuery (1.7.1) and jQuery UI (1.8.17)
- Upgraded bundled version of RainTPL (2.7)
- Changed HTTPS detection code
### Fixed
- In link edition, you can now click the word "Private" to check the box
- Clicking a tag would not work properly if the tag contained special characters (like +)
- Added proper jQuery licence (shame on me)
## [v0.0.33beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) - 2012-01-17
### Added
- Shaarli packaged to ease Linux distributions integration
As a simple user, you do not need to cope with these versions
Future releases of Shaarli will also be customized and published in these directories
Differences with the standard Shaarli version:
- deb:
- .tar.gz instead of .zip
- COPYING licence file added
- jQuery/jQuery-UI libraries removed to cope with Debian rules
This version links to the libs hosted at http://code.jquery.com
- rpm:
- sources located in a subdirectory with the same name as the zip file
- COPYING licence file added
- WARNING: When downloading the .tar.gz, always use wget (and not your browser),
otherwise the .tar.gz will be corrupted
### Fixed
- ATOM feed validates again
### Security
- XSS vulnerability patched (thanks to Stanislas D.!)
## [v0.0.32beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) - 2011-12-16
### Added
- Better check on URL parameters (patch by gege2061)
- Add `max-height` and `overflow:auto` attributes so that content can be scrolled if too large
### Changed
- HTML generation moved to RainTPL templates (in the `tpl/` directory)
- Better detection of HTTPS (patch by gege2061)
- In RSS/ATOM feeds, the GUID is now the permalink instead of the final URL (patch by gege2061)
- Jerrywham CSS patch included
- Multiple spaces are now respected in description.
Thus you can use Shaarli as a personal pastebin (for posting source code, for example).
### Removed
- Page time generation was removed
### Fixed
- Tab order changed in login screen
- Permalinks now work even if additional parameters have been added
(e.g. `/?E8Yj2Q&utm_source=blablabla...`)
- user.css is included only if the file is present
(This prevents a useless CSS include which makes a harmless but useless 404 error.)
## [v0.0.31beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) - 2011-11-29
### Added
- Support for TED Talks (ted.com/talks) thumbnails (patch by Emilien K.)
- partial [patch](http://www.idleman.fr/blog/?p=508) by Idleman: Better design consistency, icon on private links. In-page popup was not included because it causes problem on some websites
- Support for bookmark files without ADD_DATE attributes
- Logo is clickable
- `user.css` can be added to overload Shaarli base CSS.(patch by Jerrywham).
Just put `user.css` in the same directory as shaarli.css.
Example: `<code css>#pageheader { background: blue; }</code>`
Please note that Shaarli CSS are not stable and may completely change on each version
### Changed
- Edit and Delete buttons in link list were replaced with icons. (patch by Jerrywham)
### Fixed
- Better error handling in thumbnail generation (patch by Emilien K.)
- The top menu is no longer displayed in bookmarklet popup
- Bookmark which have the exact same date/time are now correctly imported.
Most remaining import problems should be solved now
- Comment in Shaarli export moved to beginning of file to prevent clash with last link description
## [v0.0.30beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) - 2011-11-18
### Added
- Add a small `delete` button in link list (after the `edit` button)
### Fixed
- Moved the call to PubSubHub
## [v0.0.29beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) - 2011-11-18
### Fixed
- Corrected a bug introduced in v0.0.28beta
(there was an error if you use the bookmarklet and you're not logged in)
## [v0.0.28beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) - 2011-11-17
### Added
- Thumbnail support for youtu.be URLs (YouTube short url service)
- PubSubHub protocol support (from http://aldarone.fr/les-flux-rss-shaarli-et-pubsubhubbub/).
Warning: This was not tested. You need to set your hub url in
`$GLOBALS['config']['PUBSUBHUB_URL']` and put the official client (`publisher.php`)
in the same directory as Shaarli's `index.php`
- RSS and ATOM feeds now also contain tags (in `category` tags, as per their
respective specifications)
### Changed
- New Shaarli theme and logo by Idle (http://www.idleman.fr/blog/?p=469)
- In picture wall, pictures point to Shaarli permalink instead of final URL.
This way, users can read the description.
- In RSS/ATOM feeds, guid and link URL of permalinks are now proper absolute URLs
- In RSS/ATOM feeds, URLs are now clickable
- Rename `http_parse_headers()` to `http_parse_headers_shaarli()` to prevent
name collision with some PHP extensions
### Fixed
- Thumbnails removed for imgur.com/a/ URLs (Thumbnails are not available for albums on imgur)
- Shaarli now correctly only tries to get thumbnails for vimeo video URLs
- Fix a bug in imgur.com URLs handling that would cause some thumbnails not to appear
- The search engine would not return a result if the word to search was the first in description
- Extracted title is now correct if the page has two `title` html tags
## [v0.0.27beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) - 2011-10-18
### Added
- Add a picture wall, which can be filtered too: it will use the same filters
(tags,text search) as current page when clicked.
## [v0.0.26beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) - 2011-10-17
### Changed
- Made permalink more visible (smallHash)
### Fixed
- Removed extras space in description when URLs are converted to clickable links
- Thumbnail for subreddit imgur urls (/r/...) were corrected (thanks to Accent Grave)
## [v0.0.25beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) - 2011-10-13
### Added
- Better CSS for printing (thanks to jerrywham suggestion)
- Allow using a redirector or anonymizing proxy for links
(such as `http://anonym.to/?` to mask you `HTTP_REFERER`).
Just go to `Tools > Configure > Redirector`
(thanks to Accent Grave for the suggestion).
- The `ENABLE_LOCALCACHE` option can be set to `false` for those who have
a limited quota on their host.
This will disable the local thumbnail cache.
Services which require the use of the cache will have no thumbnails
(vimeo, flickr, direct link to image).
Other services will still have a thumbnail (youtube,imgur.com,dailymotion,imageshack.us)
### Changed
- Now thumbnails generated by Shaarli are croped to a height of 120 pixels
- YouTube thumbnails now use `default.jpg` instead of `2.jpg` (This is usually more pertinent)
- Configuration options (such as `HIDE_TIMESTAMPS`, `ENABLE_THUMBNAILS`, etc.)
can now be put in a an external file so that you do not have to tweak them again
when you upgrade Shaarli.
Just add the file `data/options.php`.
- If a single link is displayed, the page title contains the title of the link
- Shaarli page title is clickable (and has the same link as "Home")
- A few CSS tweaks (thanks to maethor for suggestion)
### Fixed
- Shaarli now supports newlines in titles (thanks to dixy)
- The link to the RSS feed in page header was not correct
## [v0.0.24beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
### Added
- Allow posting an entry without a link. (You can use Shaarli as a kind of "personal twitter")
- Each Shaarli entry now has a short link (just click on the date of a link).
Now you can send a link that points to a single entry in your Shaarli
- In descriptions, URLs are now clickable
- Thumbnails will be generated for all link pointing to .jpg/png/gif
(as long as the images are less than 4 Mb and take less than 30 seconds to download)
### Fixed
- Now thumbnails also work for imgur gallery links (/gallery/...)
(Thanks to Accent Grave for the correction)
- Removed useless debugging information in log
- The filter in RSS/ATOM feed now works again properly (it was broken in 0.0.17beta)
## [v0.0.23beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
### Added
- Added thumbnail support for imageshack.us
### Changed
- Now you can clic the sentence "Stay signed in" to tick the checkbox (patch by Emilien)
- In tag editing, comma (,) are now automatically converted to spaces
- In tag editing, autocomplete no longuer suggests a tag you have already entered in the same line
## [v0.0.22beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
### Added
- Support for thumbnails for flickr.com
- Allow staying signed in:
Your session will be kept open even if you close the browser.
This is available through a checkbox in the login screen.
### Changed
- Some hosts (flickr, vimeo) are slow as hell for the thumbnails,
or require an extra HTTP request.
For these hosts the thumbnail generation has been deported outside the generation
of the page to keep Shaarli snappy.
For these slow services, the thumbnails are also cached.
### Fixed
- Title was not properly passed if you had to login when using the bookmarklet (patch by shenshei)
## [v0.0.21beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
### Added
- Thumbnails for some services
Currently supports: YouTube.com, dailymotion.com, vimeo.com (slow!) and imgur.com.
Thumbnails are enabled by default, but you can turn them off
(set `define('ENABLE_THUMBNAILS',true);` to `false`).
### Changed
- Removed the focus on the searchbox (this is cumbersome when you want to browse pages
and scroll with the keyboard)
## [v0.0.20beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
### Fixed
- RSS feed is now served as `application/rss+xml` instead of `application/xhtml+xml`
(which was causing problem in //RSS Lounge//)
- ATOM feed is now served as `application/atom+xml` instead of `application/xhtml+xml`
## [v0.0.19beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
### Added
- ATOM feed
### Fixed
- Patch by Emilien to remove the update notification after the update
## [v0.0.18beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
### Added
- You can now configure the title of your page
- New screen to configure title and timezone
### Changed
- Nicer timezone selection patch by killruana
### Fixed
- New lines now appear correctly in the RSS feed descriptions.
## [v0.0.17beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
### Added
- Change password screen added (based on a patch by killruana)
- Autocomplete in the tag search form
- You can rename or delete a tag in all links
(very handy if you misspelled a tag or want to merge tags)
- When you click the RSS feed, the feed will be filtered with the same filters
as the page you were viewing
### Changed
- CSS adjustments by jerrywham
- Minor corrections
## [v0.0.16beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
### Added
- Upgrade notification:
If a new version of Shaarli is available, you will be notified by a discreet
message in top-right corner.
This message will only be visible if you are logged in, and the check will be
performed at most once a day.
- Preliminary tag cloud (ugly for the moment, I need to find something better)
### Changed
- Replaced `preg_match()` with `version_compare()` to check PHP version
- Includes a patch by Emilien K. to mask dates if user is not logged in.
The option can be activated by changing `define('HIDE_TIMESTAMPS',false);` to `true`
## [v0.0.15beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
### Added
- New in import: Option to overwrite existing links when importing
- On free.fr, automatic creation of the `/sessions` directory
### Changed
- CSS Stylesheet is now an external file (shaarli.css).
This reduces page size and eases customization.
### Removed
- Removed some parameters in URL added by some feed proxies (`#xtor=RSS-...`)
### Fixed
- Bug corrected: Prevented loop on login screen upon successful login after a failed login
- Bug corrected in import: HTML entities were not properly decoded.
If you imported your Delicious/Diigo bookmarks, your should import them again
and use the 'overwrite' option of the import feature.
## [v0.0.14beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
### Added
- You no longer need to disable `magic_quotes` on your host.
Shaarli will cope with this option beeing activated.
## [v0.0.13beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
### Added
- Import: New option to import html bookmark file as private links
- Import: Importing a bookmark file will not overwrite existing links anymore
- Export: New options to export only public or private links
### Changed
- In tag autocomplete, tags are presented in use order
(most used tags first, instead of alphabetical order)
- RSS Feed can now be filtered by tags or fulltext search. Just add to the feed url:
- `&searchtags=minecraft+video` for tag filtering
- `&searchterm=portal` for fulltext search to the feed url
## [v0.0.12beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
### Added
- Add a check that the config file was properly created
(in case Shaarli does not have the write rights in its folder)
- Open Shaarli: there is an option to open your Shaarli to anyone.
Anybody will be able to add/edit/delete links without having to login.
In code, change `define('OPEN_SHAARLI',false);` to `true`.
Note: No anti-spam for the moment. You are warned!
- Autocomplete for tags
## [v0.0.11beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
### Added
- Add a check and a warning for some hosts which still have `magic_quotes` activated
## [v0.0.10beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
### Added
- Get rid of `"` in titles
## [v0.0.9beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
### Added
- Now works on hosts `free.fr` and `1and1`
- Now works with PHP 5.1
- PHP version is now checked and an error message is displayed if version is not correct
### Fixed
- No more error messages if the browser does not send `HTTP_REFERER`
- No more error messages if the host has disabled http protocol in PHP config (eg. 1and1)
## [v0.0.8beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
### Changed
- In RSS feed, GUID content replaced with the URL of the link, because some
stupid RSS reader (like Google Reader) use `<guid>` as a link instead of using `<link>`
## [v0.0.7beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) - 2011-09-16
First public release by Sebsauvage, see original article:
[Adieu Delicious, Diigo et StumbleUpon. Salut Shaarli !](http://sebsauvage.net/rhaa/index.php?2011/09/16/09/29/58-adieu-delicious-diigo-et-stumbleupon-salut-shaarli-) (FR)
|