shaarli / shaarli Goto Github PK

View Code? Open in Web Editor NEW

This project forked from sebsauvage/shaarli

3.4K 3.4K 290.0 9 MB

The personal, minimalist, super-fast, database free, bookmarking service - community repo

Home Page: https://shaarli.readthedocs.io/

License: Other

CSS 1.52% JavaScript 4.78% PHP 82.51% HTML 9.06% Makefile 0.37% Shell 0.01% Dockerfile 0.25% SCSS 1.50%

bookmarking bookmarks bookmarks-manager self-hosted

shaarli's Introduction

The personal, minimalist, super fast, database-free, bookmarking service.

Do you want to share the links you discover? Shaarli is a minimalist link sharing service that you can install on your own server. It is designed to be personal (single-user), fast and handy.

Quickstart

Demo

You can use this public demo instance of Shaarli. It runs the latest development version of Shaarli and is updated/reset daily.

License

Shaarli is Free Software. See COPYING for a detail of the contributors and licenses for each individual component.

shaarli's People

Stargazers

Watchers

Forkers

virtualtam jenkin arthurhoaro richtungspfeil dper parotheparrot mrjovanovic nicolasdanelon ohax dimtion rubykat creafrog joubu dmeloni fbartels float-mode jcsaaddupuy eragos doc75 qretan stymaar krayon roidelapluie alexisju snroki erwanleroux joedemo42 bpardo portailpro riduidel cloudxtreme nullkaos kalvn marcoskirsch bradparks stasonhub franzp vanhagar5150 daniellowtw nicefirework c0mputerking linuxnico2 mickael-martin cgnkev kkfong phazeonphoenix teotikalki juliencxx cosmoo88 matool13 digideskio orinocoz programmingtips neuroradiology yanlinaung bharath1097 shabuthomas rosco5 vince06fr kevintcoughlin raj347 teromene pips- kotnik c-duv mariasab pmmarq kublaj ericjuden laynee alisarioglu emuh1 tcitworld maniacs-oss mohammed90 bbarnwell lucas-c lestx smuth4 wrestrtdr razzy7 vantablack thewilli ariia-git jensomato mark-gerarts dotmpe richardjpope syncdata zebolino chrisweiss shawnpconroy tarekjor tonxxd vmgforks uniteddiversity tobru rinze n-richaud torstenschlicht

shaarli's Issues

Do not lose POST data when token expires ("Wrong token")

(imported from sebsauvage#215 -- I did not explicitly test this with this fork but I was both told it wasn't fixed and checking the log supports this)

I just tried to post a link with a lengthy description, and it took me some time to write it, plus I did a few other things in-between. When I wanted to save the link, I got a "Wrong token" error. Fair enough, but all my data was lost!

So, please do not lose the POST data (at least not lf_url, lf_title and lf_description). Ideally the form would be re-shown with only a (big) warning on top, so all it would require would be to re-hit save in such a case.

Alternatively, a relatively simple solution could be to try and submit the form via XHR if available, and embed the error (if any). While not allowing to re-sumbit right away (and only working for JS-enabled users), it would at least allow the user see the error before losing his data, back it up and retry.

If this happens to anyone else in the meantime and you didn't close the page, you can quickly hack to recover your data: just edit shaarli's index.php and add var_dump($_POST); at the very end, just before renderPage();. Then, force your browser to re-submit the page (e.g. just reload it with Firefox, it will ask whether to resubmit, and you say yes): it will still not save your data but you will be able to back it up (check out the page's source so you also have proper newlines).
Don't forget to remove the added line when you backed up your data!

Move all configuration settings to data/config.php

~~Once #40 is solved we can think about moving options.php out of data/. It is not program data and should not be writeable by the server.~~

We can also provide a options.example.php presenting all switches from https://github.com/shaarli/Shaarli/blob/master/index.php and https://github.com/shaarli/Shaarli/wiki#configuration and have evrything in one place.

See below

Daily page: possible column loop factorization

The daily page displays each day's links over 3 columns; within tpl/daily.html, the code generating a column is triplicated, the only difference being the column's ID:

<div id="daily_col1">
{loop="col1"}
[...]
{/loop}
</div>

<div id="daily_col2">
{loop="col2"}
[...]
{/loop}
</div>

<div id="daily_col3">
{loop="col3"}
[...]
{/loop}
</div>

Add themes management

Hello !
It's possible to add a themes managment e.g a folder by theme ? And a variable show the theme.
A other suggestion it's the possibility to translate shaarli.
Regards

'span class="linkurl"' URLs should be clickable

Reported at sebsauvage#142

The class=linkurl elements (URLs in blue/green under the link title) should be clickable.

Comma separated tags

Hi there
Shaarli is a great work thanks for that!

Just a suggestion
Why not making the tags comma-separated, so anyone can use tags with more than one word ?
I think it will be more convenient.

regards

don't add same tag twice in the searchtags list

This was reported at sebsauvage#140

When I'm filtering the posts by a tag, and then, I click on the same tag in the page, it's appended to the searchtags list. Which makes that on this page:
http://cladmi.eu/shaarli/?searchtags=Recettes
I click on the 'Recettes' tag, I get
http://cladmi.eu/shaarli/?searchtags=Recettes+Recettes
and "Nothing found."
I think it would be better to don't add the tag if it's already in the searchtags list.

Handle storage of javascript: URIs

Copied from sebsauvage#174

At https://github.com/shaarli/Shaarli/blob/master/index.php#L1479, add && !startsWith($url,'javascript:')

This allows to pervent bookmarklets' URL to be prepended with http:// prefix.
That keeps the bookmarklet link functional and dragable "as is" to the browser's bookmarks bar.

There should be only one "Subscribe" button

Followup to sebsauvage#28:

It would be more "accessible" to only have one feed button at the top (instead of two, RSS and ATOM). Maybe we could settle on a default feed format (RSS is very common) and make the other available through a checkbox in the prefs.

Most visitors are not familiar with RSS, so changing the button label to something like "Subscribe" would be good.

Should we remove one of these buttons or make it optional? The concern is valid IMHO

Question: Change versioning schema?

The current versioning scheme is:

an increasing integer (at the moment 41)
prepended by "0.0"
appended by "beta" (lower case, with space when displayed, without space in the release zipfiles' filenames)

The latest version is currently "0.0.41 beta".

In an email discussion with @sebsauvage in 2011 (actual version then was 0.0.30beta), when I asked if the version number might get changed in the future Seb's answer was:

Sinon pour le numéro de version, je n'ai aucune stratégie marketting :-)
Je garde le beta pour bien signaler que ça peut casser...

That things might break, I think 3 years further down the line we see it's reasonably stable, and we could drop the "beta" part.

The double 0 in the beginning doesn't have much sense either, to my opinion.

I would suggest we move to something a bit more conventional, either 0.43 (with the idea we would go to v 1.0 some time, and then rediscuss a new versioning scheme from there on), or just keep it simple and call the next version v43.

I would like to have @sebsauvage's input before we change anything, hence my proposition to release 0.0.42beta in #3. Let's wait for him to be back from vacation to weigh-in on this question.

Install form: invalid HTML generated for timezone options

To reproduce:

rename or delete your data folder,
access to Shaarli's home page,
look at the webpage's source (Ctrl+U on most browsers).

Here's the sample code generated by templateTZform():

Continent: <select name="continent" id="continent" onChange="onChangecontinent();"><option  value="Africa"selected>Africa</option><option  value="America">America</option><option  value="Antarctica">Antarctica</option><option  value="Arctic">Arctic</option><option  value="Asia">Asia</option><option  value="Atlantic">Atlantic</option><option  value="Australia">Australia</option><option  value="Europe">Europe</option><option  value="Indian">Indian</option><option  value="Pacific">Pacific</option><option  value="UTC">UTC</option></select>&nbsp;&nbsp;&nbsp;&nbsp;City: <select name="city" id="city"><option value="Abidjan"selected>Abidjan</option><option value="Accra">Accra</option><option value="Addis_Ababa">Addis_Ababa</option><option value="Algiers">Algiers</option><option value="Asmara">Asmara</option><option value="Bamako">Bamako</option><option value="Bangui">Bangui</option><option value="Banjul">Banjul</option><option value="Bissau">Bissau</option><option value="Blantyre">Blantyre</option><option value="Brazzaville">Brazzaville</option><option value="Bujumbura">Bujumbura</option><option value="Cairo">Cairo</option><option value="Casablanca">Casablanca</option><option value="Ceuta">Ceuta</option><option value="Conakry">Conakry</option><option value="Dakar">Dakar</option><option value="Dar_es_Salaam">Dar_es_Salaam</option><option value="Djibouti">Djibouti</option><option value="Douala">Douala</option><option value="El_Aaiun">El_Aaiun</option><option value="Freetown">Freetown</option><option value="Gaborone">Gaborone</option><option value="Harare">Harare</option><option value="Johannesburg">Johannesburg</option><option value="Juba">Juba</option><option value="Kampala">Kampala</option><option value="Khartoum">Khartoum</option><option value="Kigali">Kigali</option><option value="Kinshasa">Kinshasa</option><option value="Lagos">Lagos</option><option value="Libreville">Libreville</option><option value="Lome">Lome</option><option value="Luanda">Luanda</option><option value="Lubumbashi">Lubumbashi</option><option value="Lusaka">Lusaka</option><option value="Malabo">Malabo</option><option value="Maputo">Maputo</option><option value="Maseru">Maseru</option><option value="Mbabane">Mbabane</option><option value="Mogadishu">Mogadishu</option><option value="Monrovia">Monrovia</option><option value="Nairobi">Nairobi</option><option value="Ndjamena">Ndjamena</option><option value="Niamey">Niamey</option><option value="Nouakchott">Nouakchott</option><option value="Ouagadougou">Ouagadougou</option><option value="Porto-Novo">Porto-Novo</option><option value="Sao_Tome">Sao_Tome</option><option value="Tripoli">Tripoli</option><option value="Tunis">Tunis</option><option value="Windhoek">Windhoek</option></select>

More specifically, there is one whitespace missing between the value="<value>" and selected attributes:

<select name="continent" id="continent" onChange="onChangecontinent();"><option  value="Africa"selected>Africa</option>

and

<select name="city" id="city"><option value="Abidjan"selected>Abidjan</option>

empty page when clicking on a tag (tag cloud)

Hi all
I had shaarli 0.0.41 installed and was everything alright
I upgraded to version 0.0.42, but then I see an empty page whenever I click Tag Cloud > some_tag (and not the list of the links with the specific tag!)

I used both suggested upgrade methods (copy-pasting datastore.php file and also import-exporting .html file from the older to the newest version of Shaarli)

any suggestions on this ?
regards

it also happens when viewing the shaarli's list (home page) and clicking on a tag...

Proposition: lier avec web archive

Hello !
J'ai fait 2 modif pour avoir une version "web archivé" d'un lien : https://github.com/qwertygc/Shaarli/commit/dd8b4cb0af6b428cc89a81ee4ff36068e769efa5
https://github.com/qwertygc/Shaarli/commit/da5f2510540a76c3185a8b7238588ea1065fcc8f
Si ça intéresse des gens.

[archived] General discussion

General discussion about Shaarli, this fork, sharing interesting resources, whatever. Offtopic allowed.

https://github.com/shaarli/Shaarli/wiki

file sharing/upload service integration

Hi ! It's possible to add a field for upload a file (e.g a PDF) ?
I have a little snippet :

if(isset($_POST['upload'])) {
                $files = array();
                $fdata = $_FILES['fichier'];
                $count = count($fdata['name']);
                if(is_array($fdata['name'])){
                    for($i=0;$i<$count;++$i){
                        $files[]=array(
                            'name'     => $fdata['name'][$i],
                            'tmp_name' => $fdata['tmp_name'][$i],
                            'type' => $fdata['type'][$i],
                        );
                    }
                }
                else {$files[]=$fdata;}
                foreach ($files as $file) {
                    if(!is_uploaded_file($file['tmp_name'])) {exit();}
                    $nb_img = file_get_contents('/upload.txt');
                    $file['name']=$nb_img.$file['name'];
                    $nb_img++;
                    file_put_contents('upload.txt', $nb_img);
                    if(!move_uploaded_file($file['tmp_name'], 'data/upload/'. $file['name']) ) {exit();}
                }
            }``
``<input type="file" name="fichier[]" multiple/>

Update footer

What if we add a changelog file like this one here in the repo?

And a new link in the footer with the subversion date or number like this:

Shaarli 0.0.41 beta - The personal, minimalist, super-fast, no-database delicious clone. By sebsauvage.net. Theme by idleman.fr.
Comminuty version 0.1.6

And maybe we can create a history page in the wiki to tell to the people why this fork :)

remove inline javascript

It would be great to move inline javascript (for example https://github.com/shaarli/Shaarli/blob/master/tpl/linklist.html#L70 ) to their own .js files. Inline javascript does not run when the server has strict Content Security Policy (CSP) settings (good practice).

Firefox console returns:

Content Security Policy: Les paramètres de la page ont empêché le chargement d'une ressource à self (« script-src https://my.shaarli.url »)

Eg. for apache2 Header set Content-Security-Policy "script-src 'self'" prevents qr code/tag autocomplete/... from running. Header set Content-Security-Policy "script-src 'self' 'unsafe-inline'" allows it, but is less safe.

Port/server config problems

Here is a summary of problems related to specific server/network configs:

sebsauvage#101: RSS feed has an incorrect url -- waiting for info fixed
sebsauvage#108: next and the previous day of my shaarli dont work -- waiting for info no reply, closed
sebsauvage#110: ~~Lost oasis bug~~ closed, added to the wiki
sebsauvage#132: Shaarli behind an apache proxy -- waiting for info no reply, closed, fixed
~~sebsauvage#164: Add log of last 10 logins~~ done. login attempts are stored in data/log.txt
~~sebsauvage#172: https redirect with htaccess~~ likely not a Shaarli bug. waiting for info
~~sebsauvage#181: Shaarli not able to write in its folder~~ moved to #40
~~sebsauvage#180: ATOM does not work on reverse proxy~~ Fixed
~~sebsauvage#183: No login possible while using port forwarding (no standard-port~~ no reply, closed
sebsauvage#186: Strange login behaviour -- waiting for info no reply, closed
~~sebsauvage#196: Cookies not working on localhost: redirect to 127.0.0.1~~ fixed

Make update check optional

#5 (comment):

About the update check, imho it should follow such guidelines:
The user is fully aware of it existence.
The user must enable it himself
The user must be aware of the privacy concern (privacy vs. function)

Totally agree. Maybe a checkbox at setup and in the configure dialog:
[ ] Automatically check for updates. This will periodically check the author's code repository for new versions. Your current version is $shaarli_version. You can also stay informed of latest updates by subscribing to the releases feed

We can already add a ENABLE_UPDATECHECK config option and checkUpdate() should only run if set to 1. What should be the default value?

Is this ok?

Move QR code as a plugin

The QR code should be optional (as well as archive.org and readityourself integration), even if it's enabled by default (should it?).

Once #52 is tested and merged, we can use the plugin system to move the QR code to tpl/plugins/qrcode/. This plugin will require 2 parts:

The HTML elment <div style="position:relative;display:inline;"><a href="http://qrfree.kaywa.com/?l=1&s=8&d=urlencodedlink" onclick="showQrCode(this); return false;" class="qrcode" data-permalink="url of link"><img src="images/qrcode.png" width="13" height="13" title="QR-Code"></a></div> - can be injected in the linklist using LINKLIST_PLUGINS
The script itself <script language="JavaScript"> // Remove any displayed QR-Code function remove_qrcode() [...] can be injected in the page footer using a new FOOTER_PLUGINS option

Optional QR code requested at sebsauvage#171

Provide an option to disable rss publication for a shaarlink while adding it

Hi,

Shaarli is very convenient to store bookmarks for our personal use, but it is also more and more used as a µblogging tool.
Do you think it would be possible to add a tick box in "addlink" page to disable the publication of a shaarlink that we don't want our atom/rss "followers" to bother with?

Thanks
J.

permalinks should start with a letter

Reported at sebsauvage#131, sebsauvage#190.

Permalinks beginning with - cause 500 errors on some servers.
Moreover, permalinks are used in name and id HTML attributes for each link (eg.<a name="GkE3WQ" id="GkE3WQ"></a>) and are invalid values there. http://www.w3.org/TR/html4/types.html#h-6.2:

ID and NAME tokens must begin with a letter ([A-Za-z]) and may be followed by any number of letters, digits ([0-9]), hyphens ("-"), underscores ("_"), colons (":"), and periods (".").

Solution?

We could update the smallHash() function. index.php, line 230

function smallHash($text)
{
    $t = rtrim(base64_encode(hash('crc32',$text,true)),'=');
    return strtr($t, '+/', '-_');
}

But this would change all previously generated permalinks once the user upgrades, and people who have saved them/follow links to them will get a 404 error. So this will cause a massive link rot problem.

What should we do? I'm fine with wontfix if noone can think of a reasonable solution (I can't :/)

Autocompletion in the 'search by tag' field?

Reported at sebsauvage#104. The 'search by tag' field has no autocompletion feature (the 'tags' field in the "Edit link" dialog still has it)

The proposed fix doesn't merge anymore (it relies on an old Shaarli version that still had jQuery on the main page). We may not want to re-add jQuery so another solution would be welcome.

Is this really wanted, or should we mark this as wontfix?

Plugin system

update: See https://github.com/shaarli/Shaarli/wiki/Ideas-for-plugins

Hey, I did a roundup of issues on https://github.com/sebsauvage/Shaarli/issues and tried to list requests/bugs that would fit as plugins. Then see what we have:

Add/remove page elements

~~sebsauvage#51: Make timestamps optional~~ implemented
~~sebsauvage#113: RSS/Atom: make permalinks optional~~ FIXED in #63
sebsauvage#100: redirect permalink to the linked page (instead of the shaarli entry) (use shaarli as URL shortener)
~~sebsauvage#81: piwik support (custom HTML head)~~ closed by requester
~~sebsauvage#168: Remove annoying URL parameters (facebook, utm-source...)~~ fixed in 01b8f52
sebsauvage#11: Add weekly and monthly pages (like the daily page).
sebsauvage#105: Adds landmarks (geo-tags) to posts (implemented) no reply, please open a new issue if interested
~~sebsauvage#95: Adds a stylesheet selector~~ moved to #22
sebsauvage#154: Add custom page feature
~~sebsauvage#59: New bookmarklet for note taking~~ moved to #142
~~sebsauvage#7: add a Read later button~~ moved to #143
~~sebsauvage#162: add "Play videos" button in toolbar~~ implemented, waiting in new-plugin-system branch
~~sebsauvage#28: There should be only one "feed" button (make buttons optional)~~ fixed
sebsauvage#153: RSS/ATOM: append tags to the feed item description
~~sebsauvage#187: pubsubhubbub wrongly supported~~ fixed
sebsauvage#144: Support coloration syntaxique et balise de code (implémenté, ajoute Geshi et un include dans index.php) please open a new issue if interested
sebsauvage#128: Option for enable HTML in descriptions, including WYSIWYG (implémenté, ajoute TinyMCE et un script dans page.footer.html)
- sebsauvage#177: Mise en forme de la description / Customization of description (duplicate?)
~~sebsauvage#158: Add origin/via field~~ -> WONTFIX, not in core, maybe as a plugin, documented in wiki
~~sebsauvage#71: Video playback support in picture wall~~ implemented, , waiting in new-plugin-system branch
sebsauvage#129: Add get parameters 'description' and 'tags' on new entries creation
~~sebsauvage#152: (Tag autocompletion based on description)~~ corner case, wontfix
sebsauvage#83: Tag suggestion based on content of the link
sebsauvage#157: signaler un Lien mort
sebsauvage#189: Daily tag cloud
sebsauvage#184: Tree style display (filterable tag cloud?)
sebsauvage#75: Pingback support (partially implemented) please open a new issue if interested
~~sebsauvage#203: Display timestamps on daily page~~ FIXED in 38a2d03

Sharing tools

~~sebsauvage#70: Publish to Twitter (with bit.ly) and Facebook~~ please open a new issue if interested, should be a generic social service sharing plugin, without user tracking
~~sebsauvage#171: Make QR code optional~~ moved to #57
~~sebsauvage#14: Use local QR-Code generation instead of external service~~ fixed

Thumbnailers

~~sebsauvage#91: Reduce size of big thumbnails~~ INVALID, server configuration problem, worksforme
~~sebsauvage#127: Miniature Deviantart~~ FIXED once #128 is merged
~~sebsauvage#169: thumbnails or favicons~~ FIXED once #128 is merged

Themes

~~sebsauvage#93: Create a list of some remarkable CSS for shaarli~~ FIXED in https://github.com/shaarli/Shaarli-themes
~~sebsauvage#82:~~ no reply, https://github.com/shaarli/shaarli-themes
~~sebsauvage#159: Would like to submit a theme~~ FIXED at https://github.com/shaarli/shaarli-themes/pull/2

Comment systems

~~sebsauvage#170:~~ Ajout d'un système de commentaires Latest discussion at #181.
~~sebsauvage#185: Discussion about a link~~ closed/ghost

Search is casesensitive

Hello!
Now search in title and description works as casesensitive, when its contents is in russian.
For me replacing strtolower($string) by mb_convert_case($string, MB_CASE_LOWER, 'UTF-8') works well.
It would be fine if it was implemented.

How to reproduce

Make bookmark (url does not matter):
url: https://github.com/shaarli/Shaarli/wiki
title: ТестШаарли
desc: ТестШаарли
Make search with 'тестшаарли'. Search results: 0.
Make search with 'ТестШаарли'. Search results: our item found.

Shaarli sends an absurdly high amount of shaarli_staySignedIn cookies

Note: this issue only exists when not logged in. The shaarli_staySignedIn cookie isn't even sent when logged in, which makes me think it's only sustaining through the session, but that's another issue.

On my local Shaarli installation with 12 links, Shaarli sends back a Set-Cookie header consisting of 20 times shaarli_staySignedIn, with the value as deleted and the expiration at timestamp 0 (January 1970)
. (This screenshot is taken right after the offending commit, see below)

With only one link displayed, 9 of these cookies are sent.
Having tested on a remote server (in case using localhost would be the cause), the same problem arises.

The amount of cookies sent seems to be depending on the amount of links. (12 links => 20 cookies, 1 link => 9 cookies, 30 links => 67 cookies). I couldn't find a formula to explain why, but you can be pretty sure that somewhere Shaarli is concatenating stuff it shouldn't, and repeatedly.

This bug has appeared after commit ae00595 (A real "stay signed in": keep the connection) by @Sbgodin . Which makes it a bug that is over a year old 👏 🎇
This is the network tab before the patch:

tl;dr: it broke

EDIT: The complete Set-Cookie for a 30-link page. Wall of text.

"shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/shaarli_staySignedIn=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/links/"

Add Unit Tests to improve stability and avoid code regressions

The core of Shaarli is a big chunk of PHP: index.php.
It contains all the methods, which doesn't make editing and debugging convenient (lack of modularity). A good way to avoid bugs and regressions would be to implement unit testing, starting with sensitive features:

data storage (read/write),
authentication,
import / export.

This could be done with a unit test framework like PHPUnit; see the awesome Kanboard project for an example implementation.

Some readings about the pros of unit testing everything:

Is Unit Testing worth the effort? (Stack Overflow).

New branch 'dev' for developpement

Hi all!

I integrated my patch titleLink in a new branch dev. I suggest that we make all developments in the branch dev. The stable would remain in master. Before releasing a new stable, we may discuss/vote before merging to master and then tag the new release.

Please let me now if all this fits to you.

Require write permissions only for relevant directories

It is recommended to not give write access to all files to the webserver process (see https://wiki.debian.org/Apache/Hardening#File_permissions). The dirs for which write permissions are required are cache, data, pagecache and tmp, so we should only check these.

This allows to install shaarli with user/group someuser:www-data and permissions 640 (750 for dirs), except for these read/write dirs. The permissions can be stored in the git repository (so no extra chmod/chown commands required at install)

This was requested at sebsauvage#181, and discussed at #11 (comment)

Concerns about the licensing of the qr.js library

As I've reported upstream on neocotic/qrious#23 I am not sure that the qr.js license is valid.

qr.js is licensed under the MIT license.
The license section at the top of the qr.js file mentions that qr.js is based on jsqrencode, which is GPL-licensed.
Part of the GPL license is that derivatives must be licensed under the same license.

I have asked upstream if they have received explicit permission from upstream jsqrencode to change the licence from GPL to MIT. In the meantime, I am not sure we should include qr.js in Shaarli, as we might be distributing license-infringing software.

Let's wait for about a week if a reaction is filed on that bug report, otherwise I'll proceed with the removal of that library from Shaarli.

Invalid syntax in javascript function showQrCode

When going to the index page, I see the following in the Console:
Uncaught SyntaxError: Unexpected token = localhost/:115

Line 115 is the following:

function showQrCode(caller,loading=false)

I assume the goal is to pass "false" to the loading parameter, that is valid Python syntax but not JavaScript.

This results in the JavaScript QR code not to be run, but instead the QR code from http://qrfree.kaywa.com/ to be opened.

I have opened bug #7 questioning our use of the qr.js library, based on potential license infrigement. I suggest we wait for that situation to be clarified before making any changes for this issue.

(note: I'm working from the Debian package, which has a few patches applied. It might be that line 115 is different directly upstream)

Change tag suggestions behavior?

In my workflow I open a new browser window per subject of interest and I open as many tabs as needed during my searching session. The result is I often end this search session with dozen of interesting links I would like to bookmark . As all links could be tagged with almost the same 'keywords' , it would be great to press e.g. the down arrow in the tags field and have a scroll down list of the X last tag sequences chosen (X could be set as a parameter) and select the convenient tag sequence for all the links of the same window I want to bookmark. Of course I could add /remove one tag of the sequence If needed.

This way it would be quicker to save a bunch of links that deal with the same subject (keywords).

404 error after deleting a link from it's own page

How to reproduce:

Go to a link's own page (permalink)
Delete the link
You are returned to same page, but this time with a 404 error (as the link doesn't exist anymore)

Suggested fix:
If the url to be returned to is going to be a permalink, redirect instead to the home page.

Migrating from official to fork ?

Hi,

That's probably obvious like keep the data folder and replace everything else, but is there any guidance out there to go from sebsauvage to this fork ?

Thanks.

Discover back Shaarli's past history

Before Shaarli was published on Github, development was done primarily by @sebsauvage, with from time to time a patch sent by somebody else by email. Seb started using git in 2013, starting with version 0.0.40 beta.

I used to maintain a Bazaar repository containing one commit for each released version dating back from 0.0.7 beta (the first publicly released version), which I did by unzipping each released zipfile and committing it to the repository. At some point I had converted that to a Git repository which I had sent to Seb, should he one day want to start using Github ;)

Unfortunately Seb didn't use the offer, and we miss part of the history of the project in the Git repository. I will try to see if I can push those commits to a separate branch, so that we can go back in time, should we need to. I don't think it'll be possible to put those history commits in the master branch though, let me know if you have any idea how to do so...

If someone wants to try to merge that to the master branch, I can email you the .tar.gz containing the git repo and you can play with it.

It goes from 0.0.7 beta to 0.0.38 beta, we'd just need to add 0.0.39 beta (still downloadable from Seb's website)

API / programmable access

~~sebsauvage#58: Page storage~~ -> external tool, https://github.com/nodiscc/shaarchiver is WIP
~~sebsauvage#57: Export features~~ closed/ghost
~~sebsauvage#66: readityourself~~ implemented in #52
~~sebsauvage#69: Command-line authentication~~ closed
sebsauvage#74: Allow import from Firefox's JSON backup files -> write a separate converter
sebsauvage#92: Unable to login using links browser
~~sebsauvage#96: Functionnality to give crawlers possibility to know some options~~ not a Shaarli bug, plugin if needed
~~sebsauvage#146: Mister Wong Import tweaks~~ -> added to https://github.com/shaarli/Shaarli/wiki#importing-from-mister-wong
~~sebsauvage#167: Add sharing support for Wallabag~~ -> implemented in #52

We already have RSS and ATOM available as a read-only API.
This can be used for many things (I have a python script that fetches my RSS feed, locally saves pages tagged readlater, downloads media for music and video tags, images matching some URLs (*.jpg, imgur.com)...). The only missing features for my point of view are:

~~Authenticated access (access to private links, HTML export functionality)~~
Write access (HTML import, add/edit/remove links, tags...)

?do=addlink when logged out should redirect to login page

Copied from sebsauvage#141

When accessing the do=addlink page as logged-out it generates a 404 error.

This is confusing. It should redirect to the login page.

Multi user shaarli

sebsauvage#98: (Attempt at a multi-user setup)
sebsauvage#107: Shaarli Multi Utilisateurs

Note: work started in #11 to have configurable data/, tmp/, tpl/.... paths. Going further, we could (for shaarlis that have optional multiuser enabled), have https://my.shaarli.url/u/georges and https://my.shaarli.url/u/john be shorthands for https://my.shaarli.url/?user=georges, let shaarli detect the user param, and serve shaarli with different data paths (eg. $SHAARLI_DATA_DIR/$user, $SHAARLI_TPL_DIR/$user...)

Add credits for icons

Copied from sebsauvage#8

License and copyright information is missing for most icons. This may render the package unsuitable for upload in debian :/ (https://www.debian.org/doc/debian-policy/ch-archive.html)

@respencer started gathering some info but it may be easier to replace all icons altogether.

Remove hardcoded CSS from html templates

Some style info is hardcoded in the RainTPL templates, which:

adds some undesired, duplicate style information to the generated pages
reduces the theming possibilities for those elements (daily, picture wall, tag list...)

Why not just declare the style in, well, the stylesheet? ;-)

$ grep style tpl/*.html

tpl/addlink.html:           <input type="text" name="post" style="width:50%;"> 
tpl/changetag.html: <input type="text" name="totag" style="margin-left:40px;"><input type="submit" name="renametag" value="Rename tag" class="bigbutton">
tpl/daily.html:   <a href="?do=dailyrss" title="1 RSS entry per day"><img src="images/feed-icon-14x14.png#" width="14" height="14" style="position:relative;top:3px; margin-right:4px;">Daily RSS Feed</a>
tpl/daily.html:    <div style="clear:both;"></div>
tpl/daily.html:            <div style="float:right;position:relative;top:-1px;"><a href="?{$value.linkdate|smallHash}"><img src="../images/squiggle2.png" width="25" height="26" title="permalink" alt="permalink"></a></div>
tpl/daily.html:            <div style="float:right;position:relative;top:-1px;"><a href="?{$value.linkdate|smallHash}"><img src="../images/squiggle2.png" width="25" height="26" title="permalink" alt="permalink"></a></div>
tpl/daily.html:            <div style="float:right;position:relative;top:-1px;"><a href="?{$value.linkdate|smallHash}"><img src="../images/squiggle2.png" width="25" height="26" title="permalink" alt="permalink"></a></div>
tpl/daily.html:         <div style="text-align:center; padding:40px 0px 90px 0px;">No articles on this day.</div>
tpl/daily.html:    <div style="clear:both;"></div>
tpl/daily.html:    <div style="text-align:center; padding-bottom:20px;"><img src="../images/squiggle_closing.png" width="66" height="61" alt="-"></div>
tpl/editlink.html:          <i>URL</i><br><input type="text" name="lf_url" value="{$link.url|htmlspecialchars}" style="width:100%"><br>
tpl/editlink.html:          <i>Title</i><br><input type="text" name="lf_title" value="{$link.title|htmlspecialchars}" style="width:100%"><br>
tpl/editlink.html:          <i>Description</i><br><textarea name="lf_description" rows="4" cols="25" style="width:100%">{$link.description|htmlspecialchars}</textarea><br>
tpl/editlink.html:          <i>Tags</i><br><input type="text" id="lf_tags" name="lf_tags" value="{$link.tags|htmlspecialchars}" style="width:100%"><br>
tpl/editlink.html:          <input type="submit" value="Save" name="save_edit" class="bigbutton" style="margin-left:40px;">
tpl/editlink.html:          <input type="submit" value="Cancel" name="cancel_edit" class="bigbutton" style="margin-left:40px;">
tpl/editlink.html:          {if condition="!$link_is_new"}<input type="submit" value="Delete" name="delete_link" class="bigbutton" style="margin-left:180px;" onClick="return confirmDeleteLink();">{/if}
tpl/export.html:        <a href="?do=export&what=private"><b>Export private</b> <span>: Export private links only</a><br><br style="clear:both;">
tpl/includes.html:<link type="text/css" rel="stylesheet" href="inc/shaarli.css?version={$version|urlencode}#" />
tpl/includes.html:{if condition="is_file('inc/user.css')"}<link type="text/css" rel="stylesheet" href="inc/user.css?version={$version}#" />{/if}
tpl/install.html:<div style="margin-left:20px;">
tpl/install.html:<div style="color:white !important;">
tpl/install.html:<form method="POST" action="" name="installform" id="installform" style="border:1px solid black; padding:10 10 10 10;">
tpl/linklist.html:    <div id="headerform" style="width:100%; white-space:nowrap;">
tpl/linklist.html:        <form method="GET" class="searchform" name="searchform" style="display:inline;"><input type="text" id="searchform_value" name="searchterm" style="width:30%" value=""> <input type="submit" value="Search" class="bigbutton"></form>
tpl/linklist.html:        <form method="GET" class="tagfilter" name="tagfilter" style="display:inline;margin-left:24px;"><input type="text" name="searchtags" id="tagfilter_value" style="width:10%" value=""> <input type="submit" value="Filter by tag" class="bigbutton"></form>
tpl/linklist.html:                <span class="linktag" title="Remove tag"><a href="?removetag={$value|htmlspecialchars}">{$value|htmlspecialchars} <span style="border-left:1px solid #aaa; padding-left:5px; color:#6767A7;">x</span></a></span>
tpl/linklist.html:                {if="$value.description"}<div class="linkdescription"{if condition="$search_type=='permalink'"} style="max-height:none !important;"{/if}>{$value.description}</div>{/if}
tpl/linklist.html:                <div style="position:relative;display:inline;"><a href="http://qrfree.kaywa.com/?l=1&s=8&d={$scripturl|urlencode}%3F{$value.linkdate|smallHash}" 
tpl/linklist.paging.html:        <form method="GET" style="display:inline;" class="linksperpage"><input type="text" name="linksperpage" size="2" style="height:15px;"></form>
tpl/loginform.html:    <input style="margin:10 0 0 40;" type="checkbox" name="longlastingsession" id="longlastingsession"  tabindex="3"><label for="longlastingsession">&nbsp;Stay signed in (Do not check on public computers)</label>
tpl/page.footer.html:    <div id="newversion"><span style="text-decoration:blink;">&#x25CF;</span> Shaarli {$newversion|htmlspecialchars} is <a href="http://sebsauvage.net/wiki/doku.php?id=php:shaarli#download">available</a>.</div>
tpl/page.header.html:    <div style="float:right; font-style:italic; color:#bbb; text-align:right; padding:0 5 0 0;" class="nomobile">Shaare your links...<br>
tpl/page.header.html:    <a href="{$feedurl}?do=atom{$searchcrits}" style="padding-left:10px;" class="nomobile">ATOM Feed</a>
tpl/picwall2.html:<div style="background-color:#003;">
tpl/picwall2.html:    <div style="float:left;width:48%;border-right:2px solid white;height:120px;overflow:hide;">
tpl/picwall2.html:      <div style="float:left;width:120px;text-align:center">{$value.thumbnail}</div>
tpl/picwall2.html:      <a href="{$value.permalink}" style="color:yellow;font-weight:bold;text-decoration:none;">{$value.title|htmlspecialchars}</a><br>
tpl/picwall2.html:      <span style="font-size:8pt;color:#eee;">{$value.description|htmlspecialchars}</span>
tpl/picwall2.html:      <div style="clear:both;"></div>
tpl/tagcloud.html:    <span style="color:#99f; font-size:9pt; padding-left:5px; padding-right:2px;">{$value.count}</span><a href="?searchtags={$key|htmlspecialchars}" style="font-size:{$value.size}pt; font-weight:bold; color:black; text-decoration:none">{$key|htmlspecialchars}</a>
tpl/tools.html: <a class="smallbutton" onclick="alert('Drag this link to your bookmarks toolbar, or right-click it and choose Bookmark This Link...');return false;" href="javascript:javascript:(function(){var%20url%20=%20location.href;var%20title%20=%20document.title%20||%20url;window.open('{$pageabsaddr}?post='%20+%20encodeURIComponent(url)+'&amp;title='%20+%20encodeURIComponent(title)+'&amp;description='%20+%20encodeURIComponent(document.getSelection())+'&amp;source=bookmarklet','_blank','menubar=no,height=390,width=600,toolbar=no,scrollbars=no,status=no,dialog=1');})();"><b>Shaare link</b></a> <a href="#" style="clear:none;"><span>&#x21D0; Drag this link to your bookmarks toolbar (or right-click it and choose Bookmark This Link....).<br>&nbsp;&nbsp;&nbsp;&nbsp;Then click "Shaare link" button in any page you want to share.</span></a><br><br>

Information disclosure on error messages

Continuation of discussion started on unmaintained repository.

As said in the issue above: Shaarli have a problem with its error logging process. It discloses too much information:

The correct way to report errors on a website is not to use die, it is to return a HTTP 500 response with a generic error message. You can display a generic message and add a line in a log file. The message could suggest the user to check its log for more information.

Sort the link list alphabetically

How is it possible to adjust the sorting? I would like to sort alphabetical instead of according to the modification date.
See: sebsauvage#210

Display timestamps on daily page

Followup to sebsauvage#203

We should display timestamps on the daily page, for consistency (and because they are useful). This should obviously respect the HIDE_TIMESTAMPS setting.

serverUrl fails on non-standard port

On non standard port, the server url is

<protocol>://host(:<port>)?

Despite the example given, the actual way can't handle such requests. A request from http://localhost:8000 will return a server url as http://localhost:8000:8000 resulting on a browser error since the Location header is incorrect.

Drop CookieDomain branch

What about dropping CookieDomain branch? git diff sebsauvage/master...sebsauvage/CookieDomain tells me that it's only about adding an error_reporting and setting up the timezone. It's already done, slightly differently, in the master branch.

Let's say I do this with at least 50% of yes...

bookmarklet: pre-fill description field using selected text

Should the bookmarklet pre-fill the description field in the "Add link" dialog with the selected text?

There are 2 related commits in this pull request sebsauvage#104:

https://github.com/romnGit/Shaarli/commit/66a386d5bd9655b0b92adeea8f0233650106b2c9
https://github.com/romnGit/Shaarli/commit/ee3fafa68d0c7725c93bd8c51798b0b94461e690

Should we add this feature?

Use Github's tagged versions to detect if new version is available

Up until v0.0.42beta, the function checkUpdate got it's latest version from @sebsauvage's website:
http://sebsauvage.net/files/shaarli_version.txt

Now that tagged versions will be available in GitHub (after #3 is merged and v0.0.42beta is released), the availability of a new version should be checked from https://github.com/shaarli/Shaarli/releases directly, which avoids having to update the version number on Seb's website (which has to be a manual action by himself)

That Github page will list all available versions, so we need to detect the most recent (à la Debian watch files, if I may say so ;) ).

The updated function should be future-proof, in case the versioning scheme changes from "0.0.Xbeta" to something a bit more conventional (see #4)

Make RSS "permalink" mode available through an option

I just discovered adding the permalink parameter to the RSS feed URL switches the main URL for feed items between full URL (the address the link points to) and permalink (short URL that points to the shaarli item.

index.html, line 891:

    // $usepermalink : If true, use permalink instead of final link.
    // User just has to add 'permalink' in URL parameters. e.g. http://mysite.com/shaarli/?do=rss&permalinks
    $usepermalinks = isset($_GET['permalinks']);

Check the difference between https://telecom.dmz.se/links/?do=rss and https://telecom.dmz.se/links/?do=rss&permalinks

I think this should be toggleable via a config option (some people will prefer just sharing links, whereas other use Shaarli in a blog-like mode and will want the RSS links to point to their article). It should also be documented like other options.

Make Shaarli W3C compliant

Originally reported at sebsauvage#192

http://validator.w3.org/ reports 141 errors and 34 warnings on my Shaarli.