Merge branch 'master' into remove-version-check-branch

.docker/nginx.conf

@@ -18,6 +18,7 @@ http {
 
     server {
         listen      80;
+        listen      [::]:80;
         root        /var/www/shaarli;
 
         access_log  /var/log/nginx/shaarli.access.log;

.gitattributes

@@ -40,6 +40,8 @@ Dockerfile*       export-ignore
 Doxyfile          export-ignore
 Makefile          export-ignore
 node_modules/     export-ignore
-mkdocs.yml        export-ignore
+doc/conf.py       export-ignore
+doc/requirements.txt export-ignore
+doc/html/.doctrees/  export-ignore
 phpunit.xml       export-ignore
 tests/            export-ignore

.github/workflows/ci.yml

@@ -93,8 +93,14 @@ jobs:
         with:
           python-version: 3.8
 
-      - name: Install dependencies
-        run: pip install mkdocs
-
       - name: Build documentation
-        run: mkdocs build --clean
+        run: make htmldoc
+
+  trivy-repo:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Run trivy scanner on repository (non-blocking)
+        run: make test_trivy_repo TRIVY_EXIT_CODE=0

.github/workflows/docker-latest.yml

@@ -41,3 +41,5 @@ jobs:
             ghcr.io/${{ secrets.DOCKER_IMAGE }}:latest
       - name: Image digest
         run: echo ${{ steps.docker_build.outputs.digest }}
+      - name: Run trivy scanner on latest docker image
+        run: make test_trivy_docker TRIVY_TARGET_DOCKER_IMAGE=ghcr.io/${{ secrets.DOCKER_IMAGE }}:latest

.github/workflows/docker-pr.yml

@@ -0,0 +1,21 @@
+name: Build Docker image (Pull Request)
+on:
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  docker-build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Build Docker image
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          push: false
+          tags: shaarli/shaarli:pr-${{ github.event.number }}
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}

.gitignore

@@ -26,6 +26,7 @@ sandbox
 phpmd.html
 phpdoc.xml
 .phpunit.result.cache
+trivy
 
 # User plugin configuration
 plugins/*

.readthedocs.yml

@@ -5,11 +5,19 @@
 # Required
 version: 2
 
-# Build documentation with MkDocs
-mkdocs:
-  configuration: mkdocs.yml
+# Build documentation in the "docs/" directory with Sphinx
+sphinx:
+  configuration: doc/conf.py
+  builder: html
+
+build:
+  os: ubuntu-22.04
+  tools:
+    python: "3.11"
+  commands:
+    - pip install sphinx==7.1.0 furo==2023.7.26 myst-parser sphinx-design
+    - sphinx-build -b html -c doc/ doc/md/ _readthedocs/html/
 
-# Optionally set the version of Python and requirements required to build your docs
-# https://github.com/rtfd/readthedocs.org/issues/5250
 python:
-  version: 3.5
+  install:
+    - requirements: doc/requirements.txt

AUTHORS

@@ -1,8 +1,8 @@
-  1206	ArthurHoaro <arthur@hoa.ro>
+  1216	ArthurHoaro <arthur@hoa.ro>
+   456	nodiscc <nodiscc@gmail.com>
    405	VirtualTam <virtualtam@flibidi.net>
-   384	nodiscc <nodiscc@gmail.com>
     56	Sébastien Sauvage <sebsauvage@sebsauvage.net>
-    23	dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
+    27	dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
     19	Keith Carangelo <mail@kcaran.com>
     16	Luce Carević <lcarevic@access42.net>
     15	Florian Eula <eula.florian@gmail.com>
@@ -11,53 +11,49 @@
      9	Lucas Cimon <lucas.cimon@gmail.com>
      9	Willi Eggeling <thewilli@gmail.com>
      8	Christophe HENRY <christophe.henry@sbgodin.fr>
+     6	B. van Berkum <dev@dotmpe.com>
      6	Immánuel Fodor <immanuelfactor+github@gmail.com>
      6	YFdyh000 <yfdyh000@gmail.com>
      6	kalvn <kalvnthereal@gmail.com>
-     6	B. van Berkum <dev@dotmpe.com>
      6	llune <llune@users.noreply.github.com>
      5	Mark Schmitz <kramred@gmail.com>
      5	Sébastien NOBILI <code@pipoprods.org>
      4	Alexandre Alapetite <alexandre@alapetite.fr>
-     4	yude <yudesleepy@gmail.com>
      4	David Sferruzza <david.sferruzza@gmail.com>
-     3	Teromene <teromene@teromene.fr>
-     3	yudete <yu@yude.moe>
+     4	yude <yudesleepy@gmail.com>
      3	Agurato <mail.vmonot@gmail.com>
-     3	Olivier <bourreauolivier@gmail.com>
      3	Christoph Stoettner <christoph.stoettner@stoeps.de>
+     3	Olivier <bourreauolivier@gmail.com>
+     3	Teromene <teromene@teromene.fr>
+     3	yudete <yu@yude.moe>
+     2	Alexander Railean <alexandr.railean@arculus.de>
+     2	Alexandre G.-Raymond <alex@ndre.gr>
+     2	Chris Kuethe <chris.kuethe@gmail.com>
+     2	Doug Breaux <25640850+dougbreaux@users.noreply.github.com>
      2	Felix Bartels <felix@host-consultants.de>
+     2	Ganesh Kandu <kanduganesh@gmail.com>
+     2	Gregory <gregory@nosheep.fr>
+     2	Guillaume Virlet <github@virlet.org>
+     2	Knah Tsaeb <Knah-Tsaeb@knah-tsaeb.org>
      2	Mathieu Chabanon <git@matchab.fr>
      2	Miloš Jovanović <mjovanovic@gmail.com>
      2	Neros <contact@neros.fr>
-     2	Alexandre G.-Raymond <alex@ndre.gr>
      2	Qwerty <champlywood@free.fr>
-     2	Guillaume Virlet <github@virlet.org>
      2	Sebastien Wains <sebw@users.noreply.github.com>
      2	Stephen Muth <smuth4@gmail.com>
      2	Timo Van Neerden <fire@lehollandaisvolant.net>
-     2	Alexander Railean <alexandr.railean@arculus.de>
-     2	Doug Breaux <25640850+dougbreaux@users.noreply.github.com>
      2	flow.gunso <flow.gunso@gmail.com>
-     2	Chris Kuethe <chris.kuethe@gmail.com>
-     2	Ganesh Kandu <kanduganesh@gmail.com>
      2	julienCXX <software@chmodplusx.eu>
-     2	Knah Tsaeb <Knah-Tsaeb@knah-tsaeb.org>
      2	philipp-r <philipp-r@users.noreply.github.com>
      2	pips <pips@e5150.fr>
      2	prog-it <pash.vld@gmail.com>
      2	trailjeep <trailjeep@gmail.com>
-     1	leyrer <gitlab@leyrer.priv.at>
-     1	locness3 <37651007+locness3@users.noreply.github.com>
-     1	owen bell <66233223+xfnw@users.noreply.github.com>
-     1	philipp <philipp@philipp.PC.Ubuntu>
-     1	rfolo9li <50079896+rfolo9li@users.noreply.github.com>
-     1	sprak3000 <sprak3000+github@gmail.com>
-     1	yudejp <i@yude.jp>
-     1	Rajat Hans <rajathans9@gmail.com>
+     1	Adrien Oliva <adrien.oliva@yapbreak.fr>
      1	Adrien le Maire <adrien@alemaire.be>
      1	Ajabep <ajabep@users.noreply.github.com>
      1	Alexis J <alexis@effingo.be>
+     1	Alistair Young <avatar@arkane-systems.net>
+     1	Amadeous <amadeous@users.noreply.github.com>
      1	Angristan <angristan@users.noreply.github.com>
      1	Bish Erbas <42714627+bisherbas@users.noreply.github.com>
      1	BoboTiG <bobotig@gmail.com>
@@ -66,6 +62,7 @@
      1	Buster One <37770318+buster-one@users.noreply.github.com>
      1	D Low <daniellowtw@gmail.com>
      1	Daniel Jakots <vigdis@chown.me>
+     1	David <dajare@gmail.com>
      1	David Foucher <dev@tyjak.net>
      1	Denis Renning <denis@devtty.de>
      1	Dennis Verspuij <dennisverspuij@users.noreply.github.com>
@@ -75,7 +72,6 @@
      1	Florian Voigt <flvoigt@me.com>
      1	Franck Kerbiriou <FranckKe@users.noreply.github.com>
      1	Gary Marigliano <gmarigliano93@gmail.com>
-     1	Gregory <gregory@nosheep.fr>
      1	Hazhar Galeh <78073762+hazhargaleh@users.noreply.github.com>
      1	Hg <dev@indigo.re>
      1	Jens Kubieziel <github@kubieziel.de>
@@ -90,16 +86,26 @@
      1	Mark Gerarts <mark.gerarts@gmail.com>
      1	Marsup <marsup@gmail.com>
      1	Nicolas Friedli <nicolas@theologique.ch>
+     1	Nicolas Le Gaillart <nicolas@legaillart.fr>
      1	Paul van den Burg <github@paulvandenburg.nl>
-     1	Adrien Oliva <adrien.oliva@yapbreak.fr>
+     1	Rajat Hans <rajathans9@gmail.com>
      1	Sbgodin <Sbgodin@users.noreply.github.com>
      1	ToM <tom@leloop.org>
      1	TsT <tst2005@gmail.com>
      1	agentcobra <agentcobra@free.fr>
      1	aguy <aguytech@users.noreply.github.com>
+     1	bschwede <bschwede@users.noreply.github.com>
      1	bschwede <gummibando@gmx.net>
+     1	clach04 <clach04@gmail.com>
      1	dimtion <zizou.xena@gmail.com>
      1	durcheinandr <jochen@durcheinandr.de>
      1	heimpogo <hypertexthome@googlemail.com>
      1	jalr <mail@jalr.de>
      1	lapineige <lapineige@users.noreply.github.com>
+     1	leyrer <gitlab@leyrer.priv.at>
+     1	locness3 <37651007+locness3@users.noreply.github.com>
+     1	owen bell <66233223+xfnw@users.noreply.github.com>
+     1	philipp <philipp@philipp.PC.Ubuntu>
+     1	rfolo9li <50079896+rfolo9li@users.noreply.github.com>
+     1	sprak3000 <sprak3000+github@gmail.com>
+     1	yudejp <i@yude.jp>

CHANGELOG.md

@@ -4,6 +4,57 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [v0.13.0](https://github.com/shaarli/Shaarli/releases/tag/v0.12.3) - 2023-11-22
+
+> Major changes:
+>  - Security: Fix XSS vulnerability in tag search
+>  - Drop support for PHP 7.1, 7.2 and 7.3
+
+### Added
+* Docker build: add ARM64 platform and bump Github action version by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/1965
+* github actions: build OCI images that contain both amd64 and armv7 by @nodiscc in https://github.com/shaarli/Shaarli/pull/1962
+* Expose tags_separator config through /info API by @amadeous in https://github.com/shaarli/Shaarli/pull/1997
+* tools: github actions: build docker images on pull requests by @nodiscc in https://github.com/shaarli/Shaarli/pull/2014
+* doc: server configuration: add PHP 8.2 to PHP compatibility table by @nodiscc in https://github.com/shaarli/Shaarli/pull/2021
+* Add shaarli-stack theme to Community-and-related-software.md by @dajare in https://github.com/shaarli/Shaarli/pull/2028
+* doc: document general.download_max_size/timeout configuration settings by @nodiscc in https://github.com/shaarli/Shaarli/pull/2036
+* doc: troubleshooting: automatic title retrieval fails when it is set by javascript by @nodiscc in https://github.com/shaarli/Shaarli/pull/2037
+
+### Changed
+* doc: update release procedure (merge the latest release to the release branch) + use the release branch for latest release version detection by @nodiscc in https://github.com/shaarli/Shaarli/pull/1960
+* Update german translation by @bschwede in https://github.com/shaarli/Shaarli/pull/1969
+* Update Server-configuration.md by @reinboldg in https://github.com/shaarli/Shaarli/pull/1973
+* Update Community-and-related-software.md by @nlegaillart in https://github.com/shaarli/Shaarli/pull/1984
+* doc: improve docs on usage of OR operator in tags search by @nodiscc in https://github.com/shaarli/Shaarli/pull/1987
+* docker: nginx: listen on IPv6 in addition to IPv4 by @cerebrate in https://github.com/shaarli/Shaarli/pull/1983
+* Doc update, WebSub (formerly PubSubHubbub) plugin by @clach04 in https://github.com/shaarli/Shaarli/pull/2008
+* doc: community/related software/integration with other platforms: add link to shaarli debian package by @nodiscc in https://github.com/shaarli/Shaarli/pull/2018
+* replace mkdocs with sphinx/myst-parser for HTML documentation generation, documentation improvements by @nodiscc in https://github.com/shaarli/Shaarli/pull/2025
+
+### Fixed
+* Makefile: Use GNU tar if available by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/1957
+* Support: ignore disk_free_space if the function is unavailable by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/1970
+* Documentation: fix broken link to 3rd party plugins by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/1975
+* Fix autofocus: load bulk action input on linklist only by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/1976
+* doc: fix mkdocs build warnings/relative links by @nodiscc in https://github.com/shaarli/Shaarli/pull/2015
+* correct usage of hyphens in all occurences of 'super fast, database-free' by @nodiscc in https://github.com/shaarli/Shaarli/pull/2003
+
+
+### Removed
+* Drop support for PHP 7.1, 7.2 and 7.3 by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/1958
+* doc: themes: remove unmaintained themes by @nodiscc in https://github.com/shaarli/Shaarli/pull/2030
+* doc: remove bountysource badge by @nodiscc in https://github.com/shaarli/Shaarli/pull/2035
+
+### Security
+* Fix XSS vulnerability in tag search by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/2039
+* tools: run trivy vulnerability scanner on the 'latest' docker image by @nodiscc in https://github.com/shaarli/Shaarli/pull/1980
+* github actions: fix value of TRIVY_TARGET_DOCKER_IMAGE by @nodiscc in https://github.com/shaarli/Shaarli/pull/1989
+* tools/CI: scan repository with trivy security scanner (yarn.lock, composer.lock) by @nodiscc in https://github.com/shaarli/Shaarli/pull/1998
+* tools/tests: update trivy to v0.44.0 by @nodiscc in https://github.com/shaarli/Shaarli/pull/2012
+* docker: update base alpine docker image to 3.16.7 by @nodiscc in https://github.com/shaarli/Shaarli/pull/2024
+
+**Full Changelog**: https://github.com/shaarli/Shaarli/compare/v0.12.2...v0.12.3
+
 ## [v0.12.2](https://github.com/shaarli/Shaarli/releases/tag/v0.12.2) - 2023-03-18
 
 > Docker: use `ghcr.io/shaarli/shaarli` as Docker image instead of `shaarli/shaarli`.

Dockerfile

@@ -4,9 +4,8 @@
 FROM python:3-alpine as docs
 ADD . /usr/src/app/shaarli
 RUN cd /usr/src/app/shaarli \
-    && apk add --no-cache gcc musl-dev \
-    && pip install --no-cache-dir mkdocs \
-    && mkdocs build --clean
+    && apk add --no-cache gcc musl-dev make bash \
+    && make htmldoc
 
 # Stage 2:
 # - Resolve PHP dependencies with Composer
@@ -26,7 +25,7 @@ RUN cd shaarli \
 
 # Stage 4:
 # - Shaarli image
-FROM alpine:3.16
+FROM alpine:3.16.7
 LABEL maintainer="Shaarli Community"
 
 RUN apk --update --no-cache add \

Makefile

@@ -1,4 +1,4 @@
-# The personal, minimalist, super-fast, database free, bookmarking service.
+# The personal, minimalist, super fast, database-free, bookmarking service.
 # Makefile for PHP code analysis & testing, documentation and release generation
 
 BIN = vendor/bin
@@ -147,7 +147,7 @@ release_zip: composer_dependencies htmldoc translate build_frontend
 ### remove all unversioned files
 clean:
 	@git clean -df
-	@rm -rf sandbox
+	@rm -rf sandbox trivy*
 
 ### generate the AUTHORS file from Git commit information
 generate_authors:
@@ -159,17 +159,16 @@ generate_authors:
 phpdoc: clean
 	@docker run --rm -v $(PWD):/data -u `id -u`:`id -g` phpdoc/phpdoc
 
-### generate HTML documentation from Markdown pages with MkDocs
+### generate HTML documentation from Markdown pages with Sphinx
 htmldoc:
 	python3 -m venv venv/
 	bash -c 'source venv/bin/activate; \
 	pip install wheel; \
-	pip install mkdocs; \
-	mkdocs build --clean'
+	pip install sphinx==7.1.0 furo==2023.7.26 myst-parser sphinx-design; \
+	sphinx-build -b html -c doc/ doc/md/ doc/html/'
 	find doc/html/ -type f -exec chmod a-x '{}' \;
 	rm -r venv
 
-
 ### Generate Shaarli's translation compiled file (.mo)
 translate:
 	@echo "----------------------"
@@ -189,3 +188,28 @@ eslint:
 ### Run CSSLint check against Shaarli's SCSS files
 sasslint:
 	@yarnpkg run stylelint --config .dev/.stylelintrc.js 'assets/default/scss/*.scss'
+
+##
+# Security scans
+##
+
+# trivy version (https://github.com/aquasecurity/trivy/releases)
+TRIVY_VERSION=0.44.0
+# default trivy exit code when vulnerabilities are found
+TRIVY_EXIT_CODE=1
+# default docker image to scan with trivy
+TRIVY_TARGET_DOCKER_IMAGE=ghcr.io/shaarli/shaarli:latest
+
+### download trivy vulneravbility scanner
+download_trivy:
+	wget --quiet --continue -O trivy_$(TRIVY_VERSION)_Linux-64bit.tar.gz https://github.com/aquasecurity/trivy/releases/download/v$(TRIVY_VERSION)/trivy_$(TRIVY_VERSION)_Linux-64bit.tar.gz
+	tar -z -x trivy -f trivy_$(TRIVY_VERSION)_Linux-64bit.tar.gz
+
+### run trivy vulnerability scanner on docker image
+test_trivy_docker: download_trivy
+	./trivy --exit-code $(TRIVY_EXIT_CODE) image $(TRIVY_TARGET_DOCKER_IMAGE)
+
+### run trivy vulnerability scanner on composer/yarn dependency trees
+test_trivy_repo: download_trivy
+	./trivy --exit-code $(TRIVY_EXIT_CODE) fs composer.lock
+	./trivy --exit-code $(TRIVY_EXIT_CODE) fs yarn.lock

README.md

@@ -1,6 +1,6 @@
 ![Shaarli logo](doc/md/images/doc-logo.png)
 
-The personal, minimalist, super-fast, database free, bookmarking service.
+The personal, minimalist, super fast, database-free, bookmarking service.
 
 _Do you want to share the links you discover?_
 _Shaarli is a minimalist link sharing service that you can install on your own server._
@@ -11,7 +11,6 @@ _It is designed to be personal (single-user), fast and handy._
 [![](https://img.shields.io/badge/master-v0.12.x-blue.svg)](https://github.com/shaarli/Shaarli)
 [![](https://github.com/shaarli/Shaarli/actions/workflows/ci.yml/badge.svg)](https://github.com/shaarli/Shaarli/actions)
 [![Join the chat at https://gitter.im/shaarli/Shaarli](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/shaarli/Shaarli)
-[![Bountysource](https://www.bountysource.com/badge/team?team_id=19583&style=bounties_received)](https://www.bountysource.com/teams/shaarli/issues)
 [![Docker repository](https://img.shields.io/docker/pulls/shaarli/shaarli.svg)](https://github.com/shaarli/Shaarli/pkgs/container/shaarli)
 
 ## Quickstart

application/api/controllers/Info.php

@@ -35,6 +35,7 @@ public function getInfo($request, $response)
                 'timezone' => $this->conf->get('general.timezone', 'UTC'),
                 'enabled_plugins' => $this->conf->get('general.enabled_plugins', []),
                 'default_private_links' => $this->conf->get('privacy.default_private_links', false),
+                'tags_separator' => $this->conf->get('general.tags_separator', ' '),
             ],
         ];