Commit graph

3031 commits

Author SHA1 Message Date
Adam Tauber
17b6faa4c3 [fix] pep8 2020-01-02 22:38:12 +01:00
Adam Tauber
ad5bb994b1 [fix] add py3 compatibility 2020-01-02 22:30:18 +01:00
Adam Tauber
1e6253ce16 [fix] handle empty response 2020-01-02 22:29:55 +01:00
Adam Tauber
86a378bd01 [fix] handle missing thumbnail 2020-01-02 22:29:28 +01:00
Adam Tauber
2dc2e1e8f9 [fix] skip invalid encoded attributes 2020-01-02 22:29:10 +01:00
Adam Tauber
2292e6e130 [fix] handle missing result size 2020-01-02 22:28:47 +01:00
Adam Tauber
a1b85571a2 [fix] tmp suspend insecure engines 2020-01-02 22:28:18 +01:00
Markus Heiser
2a7855854b
Merge pull request #1623 from ypid/fix/nginx-subdir-hosting
Fix Nginx subdir URL install docs which allowed download of settings.yml
2019-12-31 16:26:21 +01:00
Robin Schneider
3e5a3ee4e4
Let Nginx deliver static files directory in all examples 2019-12-31 14:43:14 +01:00
Robin Schneider
088337295a
Simply Nginx example by using alias directive for subdirectory URL
We explicitly specific the static directory here using alias to allow to
host from a other subdirectory than "searx" which just so happens to
match the source code directory.
2019-12-31 14:41:27 +01:00
Robin Schneider
a1d9c81915
Fix Nginx subdir URL install docs which allowed download of settings.yml
Closes: #1617

There is an issue with the setup example in https://asciimoo.github.io/searx/dev/install/installation.html#installation for subdirectory URL deployments:

```nginx
root /usr/local/searx;

location = /searx { rewrite ^ /searx/; }
        try_files $uri @searx;
}
location @searx {
        uwsgi_param SCRIPT_NAME /searx;
        include uwsgi_params;
        uwsgi_modifier1 30;
        uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
```

`try_files` causes Nginx to search for files in the server root first. If it matches a file, it is returned. Only if no file matched, the request is passed to uwsgi. The worst consequence I can think of is that  `settings.yml` can be downloaded without authentication (where secrets and configuration details are stored).

To fix this, I propose:

```nginx
location = /searx {
        rewrite ^ /searx/;
}

location /searx/static {
}

location /searx {
        uwsgi_param SCRIPT_NAME /searx;
        include uwsgi_params;
        uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
```

And add

```
route-run = fixpathinfo:
```

to `/etc/uwsgi/apps-available/searx.ini` because `uwsgi_modifier1 30` is apparently deprecated. Ref: https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.11.html#fixpathinfo-routing-action

I assume this issue exists because some uwsgi upstream docs also use the `try_files` construct (at least I have seen this somewhere in the docs or somewhere else on the Internet but cannot find it right now again).

https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html#hosting-multiple-apps-in-the-same-process-aka-managing-script-name-and-path-info also warns about this:

> If used incorrectly a configuration like this may cause security problems. For your sanity’s sake, double-triple-quadruple check that your application files, configuration files and any other sensitive files are outside of the root of the static files.
2019-12-31 14:24:27 +01:00
Markus Heiser
f602cb8e4d docs(admin): moved settings description from wiki to docs
Move wiki entry https://github.com/asciimoo/searx/wiki/settings.yml
into admin section of the docs (#1785).

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-30 21:56:09 +01:00
Markus Heiser
f9be534b2a docs(dev): fix minor markup typos
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-30 21:55:15 +01:00
Markus Heiser
10997a01e0 docs(admin): add weight & disabled cols to engine table
BTW: remove internal suspend_end_time

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-30 20:29:37 +01:00
Markus Heiser
754a10c1c1
Merge pull request #1661 from 0xhtml/fix-engine-spotify
Fix engine spotify

As you can read here https://developer.spotify.com/documentation/web-api/#authentication all requests to the spotify api require authentication. You can not test the api without credentials.
2019-12-30 07:44:31 +01:00
Markus Heiser
36e72a4619
Merge branch 'master' into fix-engine-spotify 2019-12-29 09:47:06 +01:00
Markus Heiser
f6d66c0f6f
Merge pull request #1776 from return42/makefile-doc
doc: describe Makefile targets & add reST primer
2019-12-28 13:55:20 +01:00
Markus Heiser
b91e07bbf1 docs(css): render HTML rst-example slightly more discreet
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-28 01:26:24 +01:00
Markus Heiser
d1892b2112 docs(admin): add article 'Buildhosts' with system requirements
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-28 01:25:16 +01:00
Markus Heiser
d6f2802e4b docs(dev): add more markups to reST primer
- Literal blocks
- Unicode substitution
- Horizontal list
- Math equations

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-28 01:01:11 +01:00
Markus Heiser
92afe68d65 doc(dev): reST/sphinx add tabbed views extension (sphinx_tabs.tabs)
See issue #1785:

  idea: in the doc, provide installation instructions with one tab per
  distrubution

preview (don't bookmark):

  https://return42.github.io/searx/dev/reST.html#tabbed-views

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-26 10:26:12 +01:00
Markus Heiser
62505f8982 docs(dev): add refs to to gitmoji and Semantic PR in contrib section
preview (don't bookmark):

  https://return42.github.io/searx/dev/contribution_guide.html#code

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-25 09:57:21 +01:00
Mathieu Brunot
359c18f9e6
Merge branch 'master' into docker/opencontainers 2019-12-24 21:38:07 +01:00
Markus Heiser
4ca8b69c81 doc(dev): add remarks about creating good commits (messages)
preview (don't bookmark):

  https://return42.github.io/searx/dev/contribution_guide.html#code

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-24 18:48:23 +01:00
Markus Heiser
5eb8cf4ebb Merge branch 'master' of https://github.com/asciimoo/searx into makefile-doc 2019-12-24 18:00:24 +01:00
Markus Heiser
a52a638ba8
Merge pull request #1701 from CaffeinatedTech/patch-1
Update README.rst

for the future: please select meaningful commit messages. Here is a good summarize how a useful commit messages looks like: https://www.conventionalcommits.org/en/v1.0.0-beta.2/#summary

Further read: https://wiki.openstack.org/wiki/GitCommitMessages#Information_in_commit_messages
2019-12-24 17:56:24 +01:00
Markus Heiser
ecb054a7a0
Merge branch 'master' into patch-1 2019-12-24 17:45:13 +01:00
Markus Heiser
5a0a66e9bc
Merge pull request #1615 from Nachtalb/ne/fix-infinite_scroll-with-vim_bindings
Fix not jumping to results loaded by infinite scroll
2019-12-24 17:34:33 +01:00
Markus Heiser
38dad2e8e3
Merge branch 'master' into ne/fix-infinite_scroll-with-vim_bindings 2019-12-24 15:42:05 +01:00
Markus Heiser
a395fb4a8d
Merge pull request #1694 from finn0/libgen
Fix broken Library Gensis Engine
2019-12-24 13:37:29 +01:00
Markus Heiser
fb668e2075
Merge branch 'master' into libgen 2019-12-24 13:33:07 +01:00
Markus Heiser
46dd51afad
Merge branch 'master' into makefile-doc 2019-12-24 12:27:36 +01:00
Markus Heiser
6d232e9b69
Merge pull request #1787 from finn0/fix/infobox
[Fix] oscar: no HTML escaping prior to output
2019-12-24 11:37:33 +01:00
Vipul
8bea927bb0 [Fix] oscar: no HTML escaping prior to output
When results are fetched from any programming related documentation site
(like git-scm.com, docs.python.org etc), content in Info box is shown as
raw HTML code.

This change addresses the issue by using "safe" filter feature provided by
Django. See,
  - https://docs.djangoproject.com/en/3.0/ref/templates/builtins/#safe
  - Searx issue tracker (issue #1649), for more information.

Resolves: #1649
2019-12-24 15:11:48 +05:30
Markus Heiser
70f7142824
Merge branch 'master' into bug/oscar-theme 2019-12-23 18:47:23 +01:00
Markus Heiser
07c8ca87e6
Merge branch 'master' into makefile-doc 2019-12-23 13:58:53 +00:00
Markus Heiser
3e14bf4d27
Merge pull request #1686 from MarcAbonce/wiki_infobox_fixes
Infobox fixes
2019-12-23 12:31:31 +00:00
Markus Heiser
c8645d6e37 doc: reST-primer -- imrpove desription of definition lists
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-23 09:37:51 +01:00
Markus Heiser
d3e4e81faf makefile.sphinx: fix gh-pages / pull before add commits
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 23:28:07 +01:00
Markus Heiser
90174e215c doc: add plugin section to admin section (template)
- Plugins configured at built time (defaults)

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 23:26:06 +01:00
Vipul
f407dd8ef4
Switch to https for some domains 2019-12-22 13:39:00 +00:00
Markus Heiser
31db843c9c doc: CSS - fix alignment of code block in figure blocks
BTW: minor profread of reST.rst

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 14:08:57 +01:00
Markus Heiser
aa3b0265e7 doc: add 'Architecture' article to admin section
Herein we add some hints and suggestions about typical architectures of
searx infrastructures.  We start with a contribution from @dalf

- https://github.com/asciimoo/searx/pull/1776#issuecomment-567917320

thanks @dalf !!

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 14:05:33 +01:00
Vipul
ee6781d777
[Fix] Libgen engine
Libgen has switched to new domain (i.e https://libgen.is) with TLS
support and older domain (i.e. http://libgen.io) is no longer
accessible. See, https://en.wikipedia.org/wiki/Library_Genesis, for more
information.

Resolves: #1693
2019-12-22 13:04:46 +00:00
Markus Heiser
5bdca1a5bf doc: improved HTML table layout (CSS)
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 11:46:03 +01:00
Markus Heiser
aea4667fbc Merge branch 'master' of https://github.com/asciimoo/searx into makefile-doc 2019-12-22 10:12:33 +01:00
Marc Abonce Seguin
495ae59b31 hide suggestions box if empty
This bug happens only in python3
because map returns an iterator.
2019-12-21 22:47:08 -06:00
Marc Abonce Seguin
5706c12fba remove empty parenthesis in wikipedia's summary
They're usually IPA pronunciations which are removed
by the API.
2019-12-21 22:47:08 -06:00
Marc Abonce Seguin
c18048e045 exclude disambiguation pages from wikipedia infobox 2019-12-21 22:47:08 -06:00
Vipul
6a5aae6530
[Fix] oscar: no HTML escaping prior to output
When results are fetched from any programming related documentation site
(like git-scm.com, docs.python.org etc), content in Info box is shown as
raw HTML code.

This change addresses the issue by using "safe" filter feature provided by
Django. See,
  - https://docs.djangoproject.com/en/3.0/ref/templates/builtins/#safe
  - Searx issue tracker (issue #1649), for more information.

Resolves: #1649
2019-12-22 02:27:45 +00:00