X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=application%2FLinkDB.php;h=a673b086b056d45231d3a41e565eb2b6dc026192;hb=refs%2Fpull%2F254%2Fhead;hp=137f42e5d5cde66aa1fb1d3eb9dc116e796ddfb9;hpb=e88368518dc35beac203c26d5e8ed1411d6f926c;p=github%2Fshaarli%2FShaarli.git diff --git a/application/LinkDB.php b/application/LinkDB.php index 137f42e5..a673b086 100644 --- a/application/LinkDB.php +++ b/application/LinkDB.php @@ -27,6 +27,15 @@ */ class LinkDB implements Iterator, Countable, ArrayAccess { + // Links are stored as a PHP serialized string + private $datastore; + + // Datastore PHP prefix + protected static $phpPrefix = ''; + // List of links (associative array) // - key: link date (e.g. "20110823_124546"), // - value: associative array (keys: title, description...) @@ -45,6 +54,9 @@ class LinkDB implements Iterator, Countable, ArrayAccess // Is the user logged in? (used to filter private links) private $loggedIn; + // Hide public links + private $hidePublicLinks; + /** * Creates a new LinkDB * @@ -52,10 +64,11 @@ class LinkDB implements Iterator, Countable, ArrayAccess * * @param $isLoggedIn is the user logged in? */ - function __construct($isLoggedIn) + function __construct($datastore, $isLoggedIn, $hidePublicLinks) { - // FIXME: do not access $GLOBALS, pass the datastore instead + $this->datastore = $datastore; $this->loggedIn = $isLoggedIn; + $this->hidePublicLinks = $hidePublicLinks; $this->checkDB(); $this->readdb(); } @@ -168,18 +181,22 @@ class LinkDB implements Iterator, Countable, ArrayAccess */ private function checkDB() { - if (file_exists($GLOBALS['config']['DATASTORE'])) { + if (file_exists($this->datastore)) { return; } // Create a dummy database for example $this->links = array(); $link = array( - 'title'=>'Shaarli - sebsauvage.net', - 'url'=>'http://sebsauvage.net/wiki/doku.php?id=php:shaarli', - 'description'=>'Welcome to Shaarli! This is a bookmark. To edit or delete me, you must first login.', + 'title'=>' Shaarli: the personal, minimalist, super-fast, no-database delicious clone', + 'url'=>'https://github.com/shaarli/Shaarli/wiki', + 'description'=>'Welcome to Shaarli! This is your first public bookmark. To edit or delete me, you must first login. + +To learn how to use Shaarli, consult the link "Help/documentation" at the bottom of this page. + +You use the community supported version of the original Shaarli project, by Sebastien Sauvage.', 'private'=>0, - 'linkdate'=>'20110914_190000', + 'linkdate'=> date('Ymd_His'), 'tags'=>'opensource software' ); $this->links[$link['linkdate']] = $link; @@ -187,9 +204,9 @@ class LinkDB implements Iterator, Countable, ArrayAccess $link = array( 'title'=>'My secret stuff... - Pastebin.com', 'url'=>'http://sebsauvage.net/paste/?8434b27936c09649#bR7XsXhoTiLcqCpQbmOpBi3rq2zzQUC5hBI7ZT1O3x8=', - 'description'=>'SShhhh!! I\'m a private link only YOU can see. You can delete me too.', + 'description'=>'Shhhh! I\'m a private link only YOU can see. You can delete me too.', 'private'=>1, - 'linkdate'=>'20110914_074522', + 'linkdate'=> date('Ymd_His', strtotime('-1 minute')), 'tags'=>'secretstuff' ); $this->links[$link['linkdate']] = $link; @@ -197,9 +214,8 @@ class LinkDB implements Iterator, Countable, ArrayAccess // Write database to disk // TODO: raise an exception if the file is not write-able file_put_contents( - // FIXME: do not use $GLOBALS - $GLOBALS['config']['DATASTORE'], - PHPPREFIX.base64_encode(gzdeflate(serialize($this->links))).PHPSUFFIX + $this->datastore, + self::$phpPrefix.base64_encode(gzdeflate(serialize($this->links))).self::$phpSuffix ); } @@ -210,7 +226,7 @@ class LinkDB implements Iterator, Countable, ArrayAccess { // Public links are hidden and user not logged in => nothing to show - if ($GLOBALS['config']['HIDE_PUBLIC_LINKS'] && !isLoggedIn()) { + if ($this->hidePublicLinks && !$this->loggedIn) { $this->links = array(); return; } @@ -218,13 +234,12 @@ class LinkDB implements Iterator, Countable, ArrayAccess // Read data // Note that gzinflate is faster than gzuncompress. // See: http://www.php.net/manual/en/function.gzdeflate.php#96439 - // FIXME: do not use $GLOBALS $this->links = array(); - if (file_exists($GLOBALS['config']['DATASTORE'])) { + if (file_exists($this->datastore)) { $this->links = unserialize(gzinflate(base64_decode( - substr(file_get_contents($GLOBALS['config']['DATASTORE']), - strlen(PHPPREFIX), -strlen(PHPSUFFIX))))); + substr(file_get_contents($this->datastore), + strlen(self::$phpPrefix), -strlen(self::$phpSuffix))))); } // If user is not logged in, filter private links. @@ -245,6 +260,11 @@ class LinkDB implements Iterator, Countable, ArrayAccess foreach ($this->links as $link) { $this->urls[$link['url']] = $link['linkdate']; } + + // Escape links data + foreach($this->links as &$link) { + sanitizeLink($link); + } } /** @@ -257,8 +277,8 @@ class LinkDB implements Iterator, Countable, ArrayAccess die('You are not authorized to change the database.'); } file_put_contents( - $GLOBALS['config']['DATASTORE'], - PHPPREFIX.base64_encode(gzdeflate(serialize($this->links))).PHPSUFFIX + $this->datastore, + self::$phpPrefix.base64_encode(gzdeflate(serialize($this->links))).self::$phpSuffix ); invalidateCaches(); } @@ -294,7 +314,7 @@ class LinkDB implements Iterator, Countable, ArrayAccess // FIXME: accept double-quotes to search for a string "as is"? $filtered = array(); $search = mb_convert_case($searchterms, MB_CASE_LOWER, 'UTF-8'); - $keys = ['title', 'description', 'url', 'tags']; + $keys = array('title', 'description', 'url', 'tags'); foreach ($this->links as $link) { $found = false;