diff --git a/CHANGELOG.md b/CHANGELOG.md index 6431e67..b897b67 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ * CHANGED: Upgrading libraries to: zlib 1.2.13 * FIXED: Revert to CREATE INDEX without IF NOT EXISTS clauses, to support MySQL (#943) * FIXED: Apply table prefix to indexes as well, to support multiple instances sharing a single database (#943) + * FIXED: YOURLS integration via new proxy, storing signature in configuration (#725) * **1.4 (2022-04-09)** * ADDED: Translations for Corsican, Estonian, Finnish and Lojban * ADDED: new HTTP headers improving security (#765) diff --git a/CREDITS.md b/CREDITS.md index d003507..97c1125 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -30,6 +30,7 @@ * Mark van Holsteijn - Google Cloud Storage backend * Austin Huang - Oracle database support * Felix J. Ogris - S3 Storage backend +* Mounir Idrassi & J. Mozdzen - secure YOURLS integration ## Translations * Hexalyse - French diff --git a/cfg/conf.sample.php b/cfg/conf.sample.php index 487a20a..7afe7aa 100644 --- a/cfg/conf.sample.php +++ b/cfg/conf.sample.php @@ -230,9 +230,14 @@ dir = PATH "data" [yourls] ; don't mix this up with "urlshortener" config item: -; - when using a standard configuration, "urlshortener" will point to the YOURLS API, including access credentials, and will be part of the PrivateBin public web page (insecure!) -; - when using the parameters in this section ("signature" and "apiurl"), "urlshortener" will point to a fixed PrivateBin page ("$basepath/shortenviayourls.php") and -; that PHP will in turn call YOURLS server-side, using the URL from "apiurl" and using the "access signature" from "signature" parameter. +; - when using a standard configuration, "urlshortener" will point to the YOURLS +; API, including access credentials, and will be part of the PrivateBin public +; web page (insecure!) +; - when using the parameters in this section ("signature" and "apiurl"), +; "urlshortener" will point to a fixed PrivateBin page +; ("$basepath/shortenviayourls?link=") and that URL will in turn call YOURLS +; server-side, using the URL from "apiurl" and the "access signature" from the +; "signature" parameters below. ; (optional) the "signature" (access key) issued by YOURLS for the using account ; signature = ""