Permalink
Browse files

Merge remote-tracking branch 'upstream/master'

  • Loading branch information...
kramred committed Jun 7, 2018
2 parents f6b3295 + 17e45b2 commit 0deaedeeaef088040fb015f5be3e270e3bae508e
Showing with 4,212 additions and 1,610 deletions.
  1. 0 { → .dev}/.eslintrc.js
  2. +15 −0 .dev/.sasslintrc
  3. +1 −1 .editorconfig
  4. +1 −0 .gitattributes
  5. +32 −10 .travis.yml
  6. +6 −2 Makefile
  7. +32 −1 application/HttpUtils.php
  8. +1 −0 application/Languages.php
  9. +21 −8 application/LinkDB.php
  10. +13 −4 application/LinkUtils.php
  11. +0 −134 application/LoginManager.php
  12. +7 −2 application/PageBuilder.php
  13. +0 −83 application/SessionManager.php
  14. +265 −0 application/security/LoginManager.php
  15. +199 −0 application/security/SessionManager.php
  16. +1,117 −929 assets/default/scss/shaarli.scss
  17. +2 −1 composer.json
  18. +0 −29 doc/md/Bookmarklet.md
  19. +3 −1 doc/md/Community-&-Related-software.md
  20. +0 −20 doc/md/Firefox-share.md
  21. +88 −0 doc/md/Sharing-content.md
  22. BIN doc/md/images/doc-logo.png
  23. BIN doc/md/images/firefoxshare.png
  24. BIN doc/md/images/install-shaarli.png
  25. BIN doc/md/images/rss-filter-1.png
  26. BIN doc/md/images/rss-filter-2.png
  27. +0 −7 doc/md/index.md
  28. +1,313 −0 inc/languages/de/LC_MESSAGES/shaarli.po
  29. +8 −3 inc/languages/fr/LC_MESSAGES/shaarli.po
  30. +74 −168 index.php
  31. +1 −2 mkdocs.yml
  32. +1 −0 package.json
  33. +8 −0 plugins/markdown/markdown.php
  34. +52 −0 tests/HttpUtils/ClientIpIdTest.php
  35. +100 −0 tests/LinkDBTest.php
  36. +0 −149 tests/SessionManagerTest.php
  37. +55 −0 tests/plugins/PluginMarkdownTest.php
  38. +179 −4 tests/{ → security}/LoginManagerTest.php
  39. +273 −0 tests/security/SessionManagerTest.php
  40. +12 −0 tests/utils/FakeConfigManager.php
  41. +1 −1 tpl/default/404.html
  42. +2 −3 tpl/default/editlink.html
  43. +1 −1 tpl/default/import.html
  44. +5 −5 tpl/default/linklist.html
  45. +2 −2 tpl/default/linklist.paging.html
  46. +1 −1 tpl/default/loginform.html
  47. +2 −2 tpl/default/page.footer.html
  48. +8 −8 tpl/default/page.header.html
  49. +2 −2 tpl/default/picwall.html
  50. +1 −1 tpl/default/pluginsadmin.html
  51. +1 −1 tpl/default/tag.cloud.html
  52. +5 −5 tpl/default/tag.list.html
  53. +8 −2 tpl/default/tools.html
  54. +1 −1 tpl/vintage/daily.html
  55. +2 −2 tpl/vintage/linklist.html
  56. +1 −1 tpl/vintage/linklist.paging.html
  57. +1 −1 tpl/vintage/page.footer.html
  58. +2 −2 tpl/vintage/page.header.html
  59. +287 −11 yarn.lock
File renamed without changes.
View
@@ -0,0 +1,15 @@
options:
max-warnings: 0
rules:
property-sort-order:
- 1
-
order: 'concentric'
no-important:
- 0
no-vendor-prefixes:
- 0 # this will be fixed with v2: see https://github.com/sasstools/sass-lint/pull/1137
nesting-depth:
- 1
-
max-depth: 4
View
@@ -10,7 +10,7 @@ trim_trailing_whitespace = true
indent_style = space
indent_size = 4
[*.{htaccess,html,js,json,xml}]
[*.{htaccess,html,scss,js,json,xml,yml}]
indent_size = 2
[*.php]
View
@@ -26,6 +26,7 @@ Dockerfile text
# Exclude from Git archives
.editorconfig export-ignore
.dev export-ignore
.gitattributes export-ignore
.github export-ignore
.gitignore export-ignore
View
@@ -1,23 +1,45 @@
sudo: false
dist: trusty
language: php
matrix:
include:
- language: php
php: 7.2
- language: php
php: 7.1
- language: php
php: 7.0
- language: php
php: 5.6
- language: node_js
node_js: 8
cache:
yarn: true
directories:
- $HOME/.cache/yarn
install:
- yarn install
before_script:
- PATH=${PATH//:\.\/node_modules\/\.bin/}
script:
- yarn run build # Just to be sure that the build isn't broken
- make eslint
- make sasslint
cache:
yarn: true
directories:
- $HOME/.composer/cache
- $HOME/.cache/yarn
php:
- 7.2
- 7.1
- 7.0
- 5.6
install:
- yarn install
- composer install --prefer-dist
before_script:
- PATH=${PATH//:\.\/node_modules\/\.bin/}
script:
- make clean
- make check_permissions
- make eslint
- make all_tests
View
@@ -218,5 +218,9 @@ translate:
### Run ESLint check against Shaarli's JS files
eslint:
@yarn run eslint assets/vintage/js/
@yarn run eslint assets/default/js/
@yarn run eslint -c .dev/.eslintrc.js assets/vintage/js/
@yarn run eslint -c .dev/.eslintrc.js assets/default/js/
### Run CSSLint check against Shaarli's SCSS files
sasslint:
@yarn run sass-lint -c .dev/.sasslintrc 'assets/default/scss/*.scss' -v -q
View
@@ -1,7 +1,7 @@
<?php
/**
* GET an HTTP URL to retrieve its content
* Uses the cURL library or a fallback method
* Uses the cURL library or a fallback method
*
* @param string $url URL to get (http://...)
* @param int $timeout network timeout (in seconds)
@@ -415,6 +415,37 @@ function getIpAddressFromProxy($server, $trustedIps)
return array_pop($ips);
}
/**
* Return an identifier based on the advertised client IP address(es)
*
* This aims at preventing session hijacking from users behind the same proxy
* by relying on HTTP headers.
*
* See:
* - https://secure.php.net/manual/en/reserved.variables.server.php
* - https://stackoverflow.com/questions/3003145/how-to-get-the-client-ip-address-in-php
* - https://stackoverflow.com/questions/12233406/preventing-session-hijacking
* - https://stackoverflow.com/questions/21354859/trusting-x-forwarded-for-to-identify-a-visitor
*
* @param array $server The $_SERVER array
*
* @return string An identifier based on client IP address information
*/
function client_ip_id($server)
{
$ip = $server['REMOTE_ADDR'];
if (isset($server['HTTP_X_FORWARDED_FOR'])) {
$ip = $ip . '_' . $server['HTTP_X_FORWARDED_FOR'];
}
if (isset($server['HTTP_CLIENT_IP'])) {
$ip = $ip . '_' . $server['HTTP_CLIENT_IP'];
}
return $ip;
}
/**
* Returns true if Shaarli's currently browsed in HTTPS.
* Supports reverse proxies (if the headers are correctly set).
@@ -177,6 +177,7 @@ public static function getAvailableLanguages()
'auto' => t('Automatic'),
'en' => t('English'),
'fr' => t('French'),
'de' => t('German'),
];
}
}
View
@@ -436,15 +436,17 @@ public function filterSearch($filterRequest = array(), $casesensitive = false, $
/**
* Returns the list tags appearing in the links with the given tags
* @param $filteringTags: tags selecting the links to consider
* @param $visibility: process only all/private/public links
* @return: a tag=>linksCount array
*
* @param array $filteringTags tags selecting the links to consider
* @param string $visibility process only all/private/public links
*
* @return array tag => linksCount
*/
public function linksCountPerTag($filteringTags = [], $visibility = 'all')
{
$links = empty($filteringTags) ? $this->links : $this->filterSearch(['searchtags' => $filteringTags], false, $visibility);
$tags = array();
$caseMapping = array();
$links = $this->filterSearch(['searchtags' => $filteringTags], false, $visibility);
$tags = [];
$caseMapping = [];
foreach ($links as $link) {
foreach (preg_split('/\s+/', $link['tags'], 0, PREG_SPLIT_NO_EMPTY) as $tag) {
if (empty($tag)) {
@@ -458,8 +460,19 @@ public function linksCountPerTag($filteringTags = [], $visibility = 'all')
$tags[$caseMapping[strtolower($tag)]]++;
}
}
// Sort tags by usage (most used tag first)
arsort($tags);
/*
* Formerly used arsort(), which doesn't define the sort behaviour for equal values.
* Also, this function doesn't produce the same result between PHP 5.6 and 7.
*
* So we now use array_multisort() to sort tags by DESC occurrences,
* then ASC alphabetically for equal values.
*
* @see https://github.com/shaarli/Shaarli/issues/1142
*/
$keys = array_keys($tags);
$tmpTags = array_combine($keys, $keys);
array_multisort($tags, SORT_DESC, $tmpTags, SORT_ASC, $tags);
return $tags;
}
View
@@ -11,6 +11,7 @@
*/
function get_curl_download_callback(&$charset, &$title, $curlGetInfo = 'curl_getinfo')
{
$isRedirected = false;
/**
* cURL callback function for CURLOPT_WRITEFUNCTION (called during the download).
*
@@ -22,16 +23,24 @@ function get_curl_download_callback(&$charset, &$title, $curlGetInfo = 'curl_get
*
* @return int|bool length of $data or false if we need to stop the download
*/
return function(&$ch, $data) use ($curlGetInfo, &$charset, &$title) {
return function(&$ch, $data) use ($curlGetInfo, &$charset, &$title, &$isRedirected) {
$responseCode = $curlGetInfo($ch, CURLINFO_RESPONSE_CODE);
if (!empty($responseCode) && $responseCode != 200) {
if (!empty($responseCode) && in_array($responseCode, [301, 302])) {
$isRedirected = true;
return strlen($data);
}
if (!empty($responseCode) && $responseCode !== 200) {
return false;
}
$contentType = $curlGetInfo($ch, CURLINFO_CONTENT_TYPE);
// After a redirection, the content type will keep the previous request value
// until it finds the next content-type header.
if (! $isRedirected || strpos(strtolower($data), 'content-type') !== false) {
$contentType = $curlGetInfo($ch, CURLINFO_CONTENT_TYPE);
}
if (!empty($contentType) && strpos($contentType, 'text/html') === false) {
return false;
}
if (empty($charset)) {
if (!empty($contentType) && empty($charset)) {
$charset = header_extract_charset($contentType);
}
if (empty($charset)) {

This file was deleted.

Oops, something went wrong.
Oops, something went wrong.

0 comments on commit 0deaede

Please sign in to comment.