exit;
}
-define('shaarli_version', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE));
+define('SHAARLI_VERSION', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE));
// Force cookie path (but do not change lifetime)
$cookie = session_get_cookie_params();
$query = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : '';
$targetPage = Router::findPage($query, $_GET, isLoggedIn());
+ if (
+ // if the user isn't logged in
+ !isLoggedIn() &&
+ // and Shaarli doesn't have public content...
+ $conf->get('privacy.hide_public_links') &&
+ // and is configured to enforce the login
+ $conf->get('privacy.force_login') &&
+ // and the current page isn't already the login page
+ $targetPage !== Router::$PAGE_LOGIN &&
+ // and the user is not requesting a feed (which would lead to a different content-type as expected)
+ $targetPage !== Router::$PAGE_FEED_ATOM &&
+ $targetPage !== Router::$PAGE_FEED_RSS
+ ) {
+ // force current page to be the login page
+ $targetPage = Router::$PAGE_LOGIN;
+ }
+
// Call plugin hooks for header, footer and includes, specifying which page will be rendered.
// Then assign generated data to RainTPL.
$common_hooks = array(
$PAGE->assign('username', escape($_GET['username']));
}
$PAGE->assign('returnurl',(isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']):''));
+ // add default state of the 'remember me' checkbox
+ $PAGE->assign('remember_user_default', $conf->get('privacy.remember_user_default'));
$PAGE->renderPage('loginform');
exit;
}
}
$data = array(
- 'search_tags' => implode(' ', $filteringTags),
+ 'search_tags' => implode(' ', escape($filteringTags)),
'tags' => $tagList,
);
$pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn()));
}
$data = [
- 'search_tags' => implode(' ', $filteringTags),
+ 'search_tags' => implode(' ', escape($filteringTags)),
'tags' => $tags,
];
$pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]);
// -------- Display the Tools menu if requested (import/export/bookmarklet...)
if ($targetPage == Router::$PAGE_TOOLS)
{
- $data = array(
+ $data = [
'pageabsaddr' => index_url($_SERVER),
- 'sslenabled' => !empty($_SERVER['HTTPS'])
- );
+ 'sslenabled' => is_https($_SERVER),
+ ];
$pluginManager->executeHooks('render_tools', $data);
foreach ($data as $key => $value) {
die('Wrong token.');
}
- if (strpos($_GET['lf_linkdate'], ' ') !== false) {
- $ids = array_values(array_filter(preg_split('/\s+/', escape($_GET['lf_linkdate']))));
+ $ids = trim($_GET['lf_linkdate']);
+ if (strpos($ids, ' ') !== false) {
+ // multiple, space-separated ids provided
+ $ids = array_values(array_filter(preg_split('/\s+/', escape($ids))));
} else {
- $ids = [$_GET['lf_linkdate']];
+ // only a single id provided
+ $ids = [$ids];
+ }
+ // assert at least one id is given
+ if(!count($ids)){
+ die('no id provided');
}
foreach ($ids as $id) {
$id = (int) escape($id);
if ($url == '') {
$url = '?' . smallHash($linkdate . $LINKSDB->getNextId());
- $title = 'Note: ';
+ $title = $conf->get('general.default_note_title', 'Note: ');
}
$url = escape($url);
$title = escape($title);