else
{
ban_loginFailed();
- $redir = '';
+ $redir = '&username='. $_POST['login'];
if (isset($_GET['post'])) {
- $redir = '?post=' . urlencode($_GET['post']);
+ $redir .= '&post=' . urlencode($_GET['post']);
foreach (array('description', 'source', 'title') as $param) {
if (!empty($_GET[$param])) {
$redir .= '&' . $param . '=' . urlencode($_GET[$param]);
if ($GLOBALS['config']['OPEN_SHAARLI']) { header('Location: ?'); exit; } // No need to login for open Shaarli
$token=''; if (ban_canLogin()) $token=getToken(); // Do not waste token generation if not useful.
$PAGE->assign('token',$token);
+ if (isset($_GET['username'])) {
+ $PAGE->assign('username', escape($_GET['username']));
+ }
$PAGE->assign('returnurl',(isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']):''));
$PAGE->renderPage('loginform');
exit;
{
if (!empty($_POST['title']) )
{
- if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away!
+ if (!tokenOk($_POST['token'])) {
+ die('Wrong token.'); // Go away!
+ }
$tz = 'UTC';
- if (!empty($_POST['continent']) && !empty($_POST['city']))
- if (isTimeZoneValid($_POST['continent'],$_POST['city']))
- $tz = $_POST['continent'].'/'.$_POST['city'];
+ if (!empty($_POST['continent']) && !empty($_POST['city'])
+ && isTimeZoneValid($_POST['continent'], $_POST['city'])
+ ) {
+ $tz = $_POST['continent'] . '/' . $_POST['city'];
+ }
$GLOBALS['timezone'] = $tz;
$GLOBALS['title']=$_POST['title'];
$GLOBALS['titleLink']=$_POST['titleLink'];
// -------- User want to post a new link: Display link edit form.
if (isset($_GET['post'])) {
- $url = cleanup_url(escape($_GET['post']));
+ $url = cleanup_url($_GET['post']);
$link_is_new = false;
// Check if URL is not already in database (in this case, we will edit the existing link)
// Extract title.
$title = html_extract_title($content);
// Re-encode title in utf-8 if necessary.
- if (! empty($title) && $charset != 'utf-8') {
- $title = mb_convert_encoding($title, $charset, 'utf-8');
+ if (! empty($title) && strtolower($charset) != 'utf-8') {
+ $title = mb_convert_encoding($title, 'utf-8', $charset);
}
}
}
$url = '?' . smallHash($linkdate);
$title = 'Note: ';
}
+ $url = escape($url);
+ $title = escape($title);
$link = array(
'linkdate' => $linkdate,
if (!empty($_POST['setlogin']) && !empty($_POST['setpassword']))
{
$tz = 'UTC';
- if (!empty($_POST['continent']) && !empty($_POST['city'])) {
- if (isTimeZoneValid($_POST['continent'], $_POST['city'])) {
- $tz = $_POST['continent'].'/'.$_POST['city'];
- }
+ if (!empty($_POST['continent']) && !empty($_POST['city'])
+ && isTimeZoneValid($_POST['continent'], $_POST['city'])
+ ) {
+ $tz = $_POST['continent'].'/'.$_POST['city'];
}
$GLOBALS['timezone'] = $tz;
// Everything is ok, let's create config file.