<?php
/**
- * Shaarli v0.8.0 - Shaare your links...
+ * Shaarli v0.8.3 - Shaare your links...
*
* The personal, minimalist, super-fast, database free, bookmarking service.
*
*
* Licence: http://www.opensource.org/licenses/zlib-license.php
*
- * Requires: PHP 5.3.x
+ * Requires: PHP 5.5.x
*/
// Set 'UTC' as the default timezone if it is not defined in php.ini
/*
* PHP configuration
*/
-define('shaarli_version', '0.8.0');
+define('shaarli_version', '0.8.2');
// http://server.com/x/shaarli --> /shaarli/
define('WEB_PATH', substr($_SERVER['REQUEST_URI'], 0, 1+strrpos($_SERVER['REQUEST_URI'], '/', 0)));
require_once 'application/ApplicationUtils.php';
require_once 'application/Cache.php';
require_once 'application/CachedPage.php';
-require_once 'application/config/ConfigManager.php';
-require_once 'application/config/ConfigPlugin.php';
require_once 'application/FeedBuilder.php';
require_once 'application/FileUtils.php';
require_once 'application/HttpUtils.php';
require_once 'application/PluginManager.php';
require_once 'application/Router.php';
require_once 'application/Updater.php';
+use \Shaarli\ThemeUtils;
+use \Shaarli\Config\ConfigManager;
// Ensure the PHP version is supported
try {
- ApplicationUtils::checkPHPVersion('5.3', PHP_VERSION);
+ ApplicationUtils::checkPHPVersion('5.5', PHP_VERSION);
} catch(Exception $exc) {
header('Content-Type: text/plain; charset=utf-8');
echo $exc->getMessage();
$conf = new ConfigManager();
$conf->setEmpty('general.timezone', date_default_timezone_get());
$conf->setEmpty('general.title', 'Shared links on '. escape(index_url($_SERVER)));
-RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl'); // template directory
+RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory
RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory
$pluginManager = new PluginManager($conf);
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']);
}
-header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling.
/**
* Checking session state (i.e. is the user still logged in)
}
// If session does not exist on server side, or IP address has changed, or session has expired, logout.
if (empty($_SESSION['uid'])
- || ($conf->get('security.session_protection_disabled') == false && $_SESSION['ip'] != allIPs())
+ || ($conf->get('security.session_protection_disabled') === false && $_SESSION['ip'] != allIPs())
|| time() >= $_SESSION['expires_on'])
{
logout();
$tpl->assign('links', $links);
$tpl->assign('rssdate', escape($dayDate->format(DateTime::RSS)));
$tpl->assign('hide_timestamps', $conf->get('privacy.hide_timestamps', false));
- $html = $tpl->draw('dailyrss', $return_string=true);
+ $html = $tpl->draw('dailyrss', true);
echo $html . PHP_EOL;
}
*
* @param ConfigManager $conf Configuration Manager instance.
* @param PluginManager $pluginManager Plugin Manager instance,
+ * @param LinkDB $LINKSDB
*/
-function renderPage($conf, $pluginManager)
+function renderPage($conf, $pluginManager, $LINKSDB)
{
- $LINKSDB = new LinkDB(
- $conf->get('resource.datastore'),
- isLoggedIn(),
- $conf->get('privacy.hide_public_links'),
- $conf->get('redirector.url'),
- $conf->get('redirector.encode_url')
- );
-
$updater = new Updater(
read_updates_file($conf->get('resource.updates')),
$LINKSDB,
$feedGenerator->setLocale(strtolower(setlocale(LC_COLLATE, 0)));
$feedGenerator->setHideDates($conf->get('privacy.hide_timestamps') && !isLoggedIn());
$feedGenerator->setUsePermalinks(isset($_GET['permalinks']) || !$conf->get('feed.rss_permalinks'));
- $pshUrl = $conf->get('config.PUBSUBHUB_URL');
- if (!empty($pshUrl)) {
- $feedGenerator->setPubsubhubUrl($pshUrl);
- }
$data = $feedGenerator->buildData();
// Process plugin hook.
exit;
}
- // Display openseach plugin (XML)
+ // Display opensearch plugin (XML)
if ($targetPage == Router::$PAGE_OPENSEARCH) {
header('Content-Type: application/xml; charset=utf-8');
$PAGE->assign('serverurl', index_url($_SERVER));
$_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage']));
}
- header('Location: '. generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('linksperpage')));
+ if (! empty($_SERVER['HTTP_REFERER'])) {
+ $location = generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('linksperpage'));
+ } else {
+ $location = '?';
+ }
+ header('Location: '. $location);
exit;
}
unset($_SESSION['privateonly']); // See all links
}
- header('Location: '. generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('privateonly')));
+ if (! empty($_SERVER['HTTP_REFERER'])) {
+ $location = generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('privateonly'));
+ } else {
+ $location = '?';
+ }
+ header('Location: '. $location);
exit;
}
$conf->set('general.timezone', $tz);
$conf->set('general.title', escape($_POST['title']));
$conf->set('general.header_link', escape($_POST['titleLink']));
+ $conf->set('resource.theme', escape($_POST['theme']));
$conf->set('redirector.url', escape($_POST['redirector']));
$conf->set('security.session_protection_disabled', !empty($_POST['disablesessionprotection']));
$conf->set('privacy.default_private_links', !empty($_POST['privateLinkByDefault']));
$conf->set('feed.rss_permalinks', !empty($_POST['enableRssPermalinks']));
$conf->set('updates.check_updates', !empty($_POST['updateCheck']));
$conf->set('privacy.hide_public_links', !empty($_POST['hidePublicLinks']));
+ $conf->set('api.enabled', !empty($_POST['apiEnabled']));
+ $conf->set('api.secret', escape($_POST['apiSecret']));
try {
$conf->write(isLoggedIn());
+ invalidateCaches($conf->get('resource.page_cache'));
}
catch(Exception $e) {
error_log(
else // Show the configuration form.
{
$PAGE->assign('title', $conf->get('general.title'));
+ $PAGE->assign('theme', $conf->get('resource.theme'));
+ $PAGE->assign('theme_available', ThemeUtils::getThemes($conf->get('resource.raintpl_tpl')));
$PAGE->assign('redirector', $conf->get('redirector.url'));
list($timezone_form, $timezone_js) = generateTimeZoneForm($conf->get('general.timezone'));
$PAGE->assign('timezone_form', $timezone_form);
$PAGE->assign('enable_rss_permalinks', $conf->get('feed.rss_permalinks', false));
$PAGE->assign('enable_update_check', $conf->get('updates.check_updates', true));
$PAGE->assign('hide_public_links', $conf->get('privacy.hide_public_links', false));
+ $PAGE->assign('api_enabled', $conf->get('api.enabled', true));
+ $PAGE->assign('api_secret', $conf->get('api.secret'));
$PAGE->renderPage('configure');
exit;
}
$LINKSDB[$key]=$value;
}
$LINKSDB->save($conf->get('resource.page_cache'));
- echo '<script>alert("Tag was removed from '.count($linksToAlter).' links.");document.location=\'?\';</script>';
+ echo '<script>alert("Tag was removed from '.count($linksToAlter).' links.");document.location=\'?do=changetag\';</script>';
exit;
}
$needle = trim($_POST['fromtag']);
// True for case-sensitive tag search.
$linksToAlter = $LINKSDB->filterSearch(array('searchtags' => $needle), true);
- foreach($linksToAlter as $key=>$value)
- {
- $tags = explode(' ',trim($value['tags']));
- $tags[array_search($needle,$tags)] = trim($_POST['totag']); // Replace tags value.
- $value['tags']=trim(implode(' ',$tags));
- $LINKSDB[$key]=$value;
+ foreach($linksToAlter as $key=>$value) {
+ $tags = preg_split('/\s+/', trim($value['tags']));
+ // Replace tags value.
+ $tags[array_search($needle, $tags)] = trim($_POST['totag']);
+ $value['tags'] = implode(' ', array_unique($tags));
+ $LINKSDB[$key] = $value;
}
$LINKSDB->save($conf->get('resource.page_cache')); // Save to disk.
- echo '<script>alert("Tag was renamed in '.count($linksToAlter).' links.");document.location=\'?searchtags='.urlencode($_POST['totag']).'\';</script>';
+ echo '<script>alert("Tag was renamed in '.count($linksToAlter).' links.");document.location=\'?searchtags='.urlencode(escape($_POST['totag'])).'\';</script>';
exit;
}
}
// Edit
$created = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $linkdate);
$updated = new DateTime();
+ $shortUrl = $LINKSDB[$id]['shorturl'];
} else {
// New link
$created = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $linkdate);
$updated = null;
+ $shortUrl = link_small_hash($created, $id);
}
// Remove multiple spaces.
'created' => $created,
'updated' => $updated,
'tags' => str_replace(',', ' ', $tags),
- 'shorturl' => link_small_hash($created, $id),
+ 'shorturl' => $shortUrl,
);
// If title is empty, use the URL as title.
$LINKSDB[$id] = $link;
$LINKSDB->save($conf->get('resource.page_cache'));
- pubsubhub($conf);
// If we are called from the bookmarklet, we must close the popup:
if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) {
}
// -------- User clicked the "Delete" button when editing a link: Delete link from database.
- if (isset($_POST['delete_link']))
+ if ($targetPage == Router::$PAGE_DELETELINK)
{
- if (!tokenOk($_POST['token'])) die('Wrong token.');
-
// We do not need to ask for confirmation:
// - confirmation is handled by JavaScript
// - we are protected from XSRF by the token.
- // FIXME! We keep `lf_linkdate` for consistency before a proper API. To be removed.
- $id = isset($_POST['lf_id']) ? intval(escape($_POST['lf_id'])) : intval(escape($_POST['lf_linkdate']));
-
- $pluginManager->executeHooks('delete_link', $LINKSDB[$id]);
+ if (! tokenOk($_GET['token'])) {
+ die('Wrong token.');
+ }
+ $id = intval(escape($_GET['lf_linkdate']));
+ $link = $LINKSDB[$id];
+ $pluginManager->executeHooks('delete_link', $link);
unset($LINKSDB[$id]);
- $LINKSDB->save('resource.page_cache'); // save to disk
+ $LINKSDB->save($conf->get('resource.page_cache')); // save to disk
// If we are called from the bookmarklet, we must close the popup:
if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; }
- // Pick where we're going to redirect
- // =============================================================
- // Basically, we can't redirect to where we were previously if it was a permalink
- // or an edit_link, because it would 404.
- // Cases:
- // - / : nothing in $_GET, redirect to self
- // - /?page : redirect to self
- // - /?searchterm : redirect to self (there might be other links)
- // - /?searchtags : redirect to self
- // - /permalink : redirect to / (the link does not exist anymore)
- // - /?edit_link : redirect to / (the link does not exist anymore)
- // PHP treats the permalink as a $_GET variable, so we need to check if every condition for self
- // redirect is not satisfied, and only then redirect to /
- $location = "?";
- // Self redirection
- if (count($_GET) == 0
- || isset($_GET['page'])
- || isset($_GET['searchterm'])
- || isset($_GET['searchtags'])
- ) {
- if (isset($_POST['returnurl'])) {
- $location = $_POST['returnurl']; // Handle redirects given by the form
- } else {
- $location = generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('delete_link'));
- }
+
+ $location = '?';
+ if (isset($_SERVER['HTTP_REFERER'])) {
+ // Don't redirect to where we were previously if it was a permalink or an edit_link, because it would 404.
+ $location = generateLocation(
+ $_SERVER['HTTP_REFERER'],
+ $_SERVER['HTTP_HOST'],
+ ['delete_link', 'edit_link', $link['shorturl']]
+ );
}
header('Location: ' . $location); // After deleting the link, redirect to appropriate location
function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
{
// Used in templates
- $searchtags = !empty($_GET['searchtags']) ? escape($_GET['searchtags']) : '';
- $searchterm = !empty($_GET['searchterm']) ? escape($_GET['searchterm']) : '';
+ $searchtags = !empty($_GET['searchtags']) ? escape(normalize_spaces($_GET['searchtags'])) : '';
+ $searchterm = !empty($_GET['searchterm']) ? escape(normalize_spaces($_GET['searchterm'])) : '';
// Smallhash filter
if (! empty($_SERVER['QUERY_STRING'])
}
} else {
// Filter links according search parameters.
- $privateonly = !empty($_SESSION['privateonly']);
- $linksToDisplay = $LINKSDB->filterSearch($_GET, false, $privateonly);
+ $visibility = ! empty($_SESSION['privateonly']) ? 'private' : 'all';
+ $linksToDisplay = $LINKSDB->filterSearch($_GET, false, $visibility);
}
// ---- Handle paging.
} else {
$link['updated_timestamp'] = '';
}
- $taglist = explode(' ', $link['tags']);
+ $taglist = preg_split('/\s+/', $link['tags'], -1, PREG_SPLIT_NO_EMPTY);
uasort($taglist, 'strcasecmp');
$link['taglist'] = $taglist;
// Check for both signs of a note: starting with ? and 7 chars long.
$conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER)));
}
$conf->set('updates.check_updates', !empty($_POST['updateCheck']));
+ $conf->set('api.enabled', !empty($_POST['enableApi']));
+ $conf->set(
+ 'api.secret',
+ generate_api_secret(
+ $conf->get('credentials.login'),
+ $conf->get('credentials.salt')
+ )
+ );
try {
// Everything is ok, let's create config file.
$conf->write(isLoggedIn());
if (!isset($_SESSION['LINKS_PER_PAGE'])) {
$_SESSION['LINKS_PER_PAGE'] = $conf->get('general.links_per_page', 20);
}
-renderPage($conf, $pluginManager);
+
+$linkDb = new LinkDB(
+ $conf->get('resource.datastore'),
+ isLoggedIn(),
+ $conf->get('privacy.hide_public_links'),
+ $conf->get('redirector.url'),
+ $conf->get('redirector.encode_url')
+);
+
+$container = new \Slim\Container();
+$container['conf'] = $conf;
+$container['plugins'] = $pluginManager;
+$app = new \Slim\App($container);
+
+// REST API routes
+$app->group('/api/v1', function() {
+ $this->get('/info', '\Shaarli\Api\Controllers\Info:getInfo');
+ $this->get('/links', '\Shaarli\Api\Controllers\Links:getLinks');
+ $this->get('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:getLink');
+})->add('\Shaarli\Api\ApiMiddleware');
+
+$response = $app->run(true);
+// Hack to make Slim and Shaarli router work together:
+// If a Slim route isn't found and NOT API call, we call renderPage().
+if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) {
+ // We use UTF-8 for proper international characters handling.
+ header('Content-Type: text/html; charset=utf-8');
+ renderPage($conf, $pluginManager, $linkDb);
+} else {
+ $app->respond($response);
+}