if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.htmlspecialchars(indexUrl());
if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get();
if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false;
+if (empty($GLOBALS['disablejquery'])) $GLOBALS['disablejquery']=false;
+// I really need to rewrite Shaarli with a proper configuation manager.
autoLocale(); // Sniff browser language and set date format accordingly.
header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling.
}
// Force logout.
-function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']);} }
+function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']); unset($_SESSION['privateonly']); } }
// ------------------------------------------------------------------------------------------
else
{
ban_loginFailed();
- echo '<script language="JavaScript">alert("Wrong login/password.");document.location=\'?do=login\';</script>'; // Redirect to login screen.
+ $redir = '';
+ if (isset($_GET['post'])) { $redir = '&post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):''); }
+ echo '<script language="JavaScript">alert("Wrong login/password.");document.location=\'?do=login'.$redir.'\';</script>'; // Redirect to login screen.
exit;
}
}
echo '<description><![CDATA['.nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description'])))).$descriptionlink.']]></description>'."\n</item>\n";
$i++;
}
- echo '</channel></rss>';
+ echo '</channel></rss><!-- Cached version of '.pageUrl().' -->';
$cache->cache(ob_get_contents());
ob_end_flush();
$feed.='<author><name>'.htmlspecialchars($pageaddr).'</name><uri>'.htmlspecialchars($pageaddr).'</uri></author>';
$feed.='<id>'.htmlspecialchars($pageaddr).'</id>'."\n\n"; // Yes, I know I should use a real IRI (RFC3987), but the site URL will do.
$feed.=$entries;
- $feed.='</feed>';
+ $feed.='</feed><!-- Cached version of '.pageUrl().' -->';
echo $feed;
$cache->cache(ob_get_contents());
echo '<description><![CDATA['.$html.']]></description>'."\n</item>\n\n";
}
- echo '</channel></rss>';
+ echo '</channel></rss><!-- Cached version of '.pageUrl().' -->';
$cache->cache(ob_get_contents());
ob_end_flush();
// We pre-format some fields for proper output.
foreach($linksToDisplay as $key=>$link)
{
- $linksToDisplay[$key]['taglist']=explode(' ',$link['tags']);
+ $taglist = explode(' ',$link['tags']);
+ uasort($taglist, 'strcasecmp');
+ $linksToDisplay[$key]['taglist']=$taglist;
$linksToDisplay[$key]['formatedDescription']=nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description']))));
$linksToDisplay[$key]['thumbnail'] = thumbnail($link['url']);
}
if (isset($_GET['linksperpage']))
{
if (is_numeric($_GET['linksperpage'])) { $_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage'])); }
- header('Location: '.(empty($_SERVER['HTTP_REFERER'])?'?':$_SERVER['HTTP_REFERER']));
+ // Make sure the referer is from Shaarli itself.
+ $referer = '?';
+ if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['SERVER_NAME'])==0)
+ $referer = $_SERVER['HTTP_REFERER'];
+ header('Location: '.$referer);
exit;
}
{
unset($_SESSION['privateonly']); // See all links
}
- header('Location: '.(empty($_SERVER['HTTP_REFERER'])?'?':$_SERVER['HTTP_REFERER']));
+ // Make sure the referer is from Shaarli itself.
+ $referer = '?';
+ if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['SERVER_NAME'])==0)
+ $referer = $_SERVER['HTTP_REFERER'];
+ header('Location: '.$referer);
exit;
}
$GLOBALS['title']=$_POST['title'];
$GLOBALS['redirector']=$_POST['redirector'];
$GLOBALS['disablesessionprotection']=!empty($_POST['disablesessionprotection']);
+ $GLOBALS['disablejquery']=!empty($_POST['disablejquery']);
writeConfig();
echo '<script language="JavaScript">alert("Configuration was saved.");document.location=\'?do=tools\';</script>';
exit;
if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away !
$tags = trim(preg_replace('/\s\s+/',' ', $_POST['lf_tags'])); // Remove multiple spaces.
$linkdate=$_POST['lf_linkdate'];
- $link = array('title'=>trim($_POST['lf_title']),'url'=>trim($_POST['lf_url']),'description'=>trim($_POST['lf_description']),'private'=>(isset($_POST['lf_private']) ? 1 : 0),
+ $url = trim($_POST['lf_url']);
+ if (!startsWith($url,'http:') && !startsWith($url,'https:') && !startsWith($url,'ftp:') && !startsWith($url,'magnet:') && !startsWith($url,'?'))
+ $url = 'http://'.$url;
+ $link = array('title'=>trim($_POST['lf_title']),'url'=>$url,'description'=>trim($_POST['lf_description']),'private'=>(isset($_POST['lf_private']) ? 1 : 0),
'linkdate'=>$linkdate,'tags'=>str_replace(',',' ',$tags));
if ($link['title']=='') $link['title']=$link['url']; // If title is empty, use the URL as title.
$LINKSDB[$linkdate] = $link;
$classLi = $i%2!=0 ? '' : 'publicLinkHightLight';
$link['class'] = ($link['private']==0 ? $classLi : 'private');
$link['localdate']=linkdate2locale($link['linkdate']);
- $link['taglist']=explode(' ',$link['tags']);
+ $taglist = explode(' ',$link['tags']);
+ uasort($taglist, 'strcasecmp');
+ $link['taglist']=$taglist;
$linkDisp[$keys[$i]] = $link;
$i++;
}
$html='<a href="'.htmlspecialchars($t['href']).'">';
// Lazy image (only loaded by javascript when in the viewport).
+ if (!empty($GLOBALS['disablejquery'])) // (except if jQuery is disabled)
+ $html.='<img class="lazyimage" src="'.htmlspecialchars($t['src']).'"';
+ else
+ $html.='<img class="lazyimage" src="#" data-original="'.htmlspecialchars($t['src']).'"';
+
$html.='<img class="lazyimage" src="#" data-original="'.htmlspecialchars($t['src']).'"';
if (!empty($t['width'])) $html.=' width="'.htmlspecialchars($t['width']).'"';
if (!empty($t['height'])) $html.=' height="'.htmlspecialchars($t['height']).'"';
if (!empty($t['alt'])) $html.=' alt="'.htmlspecialchars($t['alt']).'"';
$html.='>';
- // No-javascript fallback:
+ // No-javascript fallback.
$html.='<noscript><img src="'.htmlspecialchars($t['src']).'"';
if (!empty($t['width'])) $html.=' width="'.htmlspecialchars($t['width']).'"';
if (!empty($t['height'])) $html.=' height="'.htmlspecialchars($t['height']).'"';
foreach($continents as $continent)
$continents_html.='<option value="'.$continent.'"'.($pcontinent==$continent?'selected':'').'>'.$continent.'</option>';
$cities_html = $cities[$pcontinent];
- $timezone_form = "Continent: <select name=\"continent\" id=\"continent\" onChange=\"onChangecontinent();\">${continents_html}</select><br /><br />";
- $timezone_form .= "City: <select name=\"city\" id=\"city\">${cities[$pcontinent]}</select><br /><br />";
+ $timezone_form = "Continent: <select name=\"continent\" id=\"continent\" onChange=\"onChangecontinent();\">${continents_html}</select>";
+ $timezone_form .= " City: <select name=\"city\" id=\"city\">${cities[$pcontinent]}</select><br />";
$timezone_js = "<script language=\"JavaScript\">";
$timezone_js .= "function onChangecontinent(){document.getElementById(\"city\").innerHTML = citiescontinent[document.getElementById(\"continent\").value];}";
$timezone_js .= "var citiescontinent = ".json_encode($cities).";" ;
function writeConfig()
{
if (is_file($GLOBALS['config']['CONFIG_FILE']) && !isLoggedIn()) die('You are not authorized to alter config.'); // Only logged in user can alter config.
- if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']='';
- if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false;
$config='<?php $GLOBALS[\'login\']='.var_export($GLOBALS['login'],true).'; $GLOBALS[\'hash\']='.var_export($GLOBALS['hash'],true).'; $GLOBALS[\'salt\']='.var_export($GLOBALS['salt'],true).'; ';
$config .='$GLOBALS[\'timezone\']='.var_export($GLOBALS['timezone'],true).'; date_default_timezone_set('.var_export($GLOBALS['timezone'],true).'); $GLOBALS[\'title\']='.var_export($GLOBALS['title'],true).';';
$config .= '$GLOBALS[\'redirector\']='.var_export($GLOBALS['redirector'],true).'; ';
$config .= '$GLOBALS[\'disablesessionprotection\']='.var_export($GLOBALS['disablesessionprotection'],true).'; ';
+ $config .= '$GLOBALS[\'disablejquery\']='.var_export($GLOBALS['disablejquery'],true).'; ';
$config .= ' ?>';
if (!file_put_contents($GLOBALS['config']['CONFIG_FILE'],$config) || strcmp(file_get_contents($GLOBALS['config']['CONFIG_FILE']),$config)!=0)
{
projects / github / shaarli / Shaarli.git / blobdiff