X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=index.php;h=f4c7e7815cfe05e8d54dcf9f56aabc5ab5b134d1;hb=6211c498f6e0bdc6d86152e9777bcc75955a5ec4;hp=ba70b29c966a0221a657aac2f5f5cdde1765b355;hpb=9e1724f1922bf9e38299eecedfce2dcdbd416749;p=github%2Fshaarli%2FShaarli.git diff --git a/index.php b/index.php index ba70b29c..f4c7e781 100755 --- a/index.php +++ b/index.php @@ -43,19 +43,6 @@ define('shaarli_version','0.5.1'); // http://server.com/x/shaarli --> /shaarli/ define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUEST_URI"], '/', 0))); -// Force cookie path (but do not change lifetime) -$cookie=session_get_cookie_params(); -$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; -session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['SERVER_NAME']); // Set default cookie expiration and path. - -// Set session parameters on server side. -define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired. -ini_set('session.use_cookies', 1); // Use cookies to store session. -ini_set('session.use_only_cookies', 1); // Force cookies for session (phpsessionID forbidden in URL). -ini_set('session.use_trans_sid', false); // Prevent PHP form using sessionID in URL if cookies are disabled. -session_name('shaarli'); -if (session_id() == '') session_start(); // Start session if needed (Some server auto-start sessions). - // PHP Settings ini_set('max_input_time','60'); // High execution time in case of problematic imports/exports. ini_set('memory_limit', '128M'); // Try to set max upload file size and read (May not work on some hosts). @@ -87,6 +74,34 @@ try { exit; } +// Force cookie path (but do not change lifetime) +$cookie = session_get_cookie_params(); +$cookiedir = ''; +if (dirname($_SERVER['SCRIPT_NAME']) != '/') { + $cookiedir = dirname($_SERVER["SCRIPT_NAME"]).'/'; +} +// Set default cookie expiration and path. +session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['SERVER_NAME']); +// Set session parameters on server side. +// If the user does not access any page within this time, his/her session is considered expired. +define('INACTIVITY_TIMEOUT', 3600); // in seconds. +// Use cookies to store session. +ini_set('session.use_cookies', 1); +// Force cookies for session (phpsessionID forbidden in URL). +ini_set('session.use_only_cookies', 1); +// Prevent PHP form using sessionID in URL if cookies are disabled. +ini_set('session.use_trans_sid', false); + +// Regenerate session id if invalid or not defined in cookie. +if (isset($_COOKIE['shaarli']) && !is_session_id_valid($_COOKIE['shaarli'])) { + $_COOKIE['shaarli'] = uniqid(); +} +session_name('shaarli'); +// Start session if needed (Some server auto-start sessions). +if (session_id() == '') { + session_start(); +} + include "inc/rain.tpl.class.php"; //include Rain TPL raintpl::$tpl_dir = $GLOBALS['config']['RAINTPL_TPL']; // template directory raintpl::$cache_dir = $GLOBALS['config']['RAINTPL_TMP']; // cache directory @@ -1497,8 +1512,8 @@ function renderPage() $description = (empty($_GET['description']) ? '' : $_GET['description']); $tags = (empty($_GET['tags']) ? '' : $_GET['tags'] ); $private = (!empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0); - // If this is an HTTP link, we try go get the page to extract the title (otherwise we will to straight to the edit form.) - if (empty($title) && $url->getScheme() == 'http') { + // If this is an HTTP(S) link, we try go get the page to extract the title (otherwise we will to straight to the edit form.) + if (empty($title) && strpos($url->getScheme(), 'http') !== false) { list($status,$headers,$data) = getHTTP($url,4); // Short timeout to keep the application responsive. // FIXME: Decode charset according to specified in either 1) HTTP response headers or 2) in html if (strpos($status,'200 OK')!==false) {