X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=04288ace5676fc5b98c202c05256bb2b3c73d381;hb=3057373a250648a081107eb3eab530b628a576f1;hp=0253c19fd0ee8d50409a30caf5b5d7f9fc0d8684;hpb=2d9fab88be93b2aed635eab987cd3716a1bdb579;p=github%2Fshaarli%2FShaarli.git
diff --git a/index.php b/index.php
index 0253c19f..04288ace 100644
--- a/index.php
+++ b/index.php
@@ -1,9 +1,15 @@
'); // Suffix to encapsulate data in php code.
// Force cookie path (but do not change lifetime)
$cookie=session_get_cookie_params();
$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
-session_set_cookie_params($cookie['lifetime'],$cookiedir); // Set default cookie expiration and path.
+session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['HTTP_HOST']); // Set default cookie expiration and path.
+
+// Set session parameters on server side.
+define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired.
+ini_set('session.use_cookies', 1); // Use cookies to store session.
+ini_set('session.use_only_cookies', 1); // Force cookies for session (phpsessionID forbidden in URL)
+ini_set('session.use_trans_sid', false); // Prevent php to use sessionID in URL if cookies are disabled.
+session_name('shaarli');
+if (session_id() == '') session_start(); // Start session if needed (Some server auto-start sessions).
// PHP Settings
ini_set('max_input_time','60'); // High execution time in case of problematic imports/exports.
@@ -70,24 +84,31 @@ header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
// Directories creations (Note that your web host may require differents rights than 705.)
+if (!is_writable(realpath(dirname(__FILE__)))) die('
ERROR: Shaarli does not have the right to write in its own directory ('.realpath(dirname(__FILE__)).').
');
if (!is_dir($GLOBALS['config']['DATADIR'])) { mkdir($GLOBALS['config']['DATADIR'],0705); chmod($GLOBALS['config']['DATADIR'],0705); }
if (!is_dir('tmp')) { mkdir('tmp',0705); chmod('tmp',0705); } // For RainTPL temporary files.
if (!is_file($GLOBALS['config']['DATADIR'].'/.htaccess')) { file_put_contents($GLOBALS['config']['DATADIR'].'/.htaccess',"Allow from none\nDeny from all\n"); } // Protect data files.
+// Second check to see if Shaarli can write in its directory, because on some hosts is_writable() is not reliable.
+if (!is_file($GLOBALS['config']['DATADIR'].'/.htaccess')) die('
ERROR: Shaarli does not have the right to write in its own directory ('.realpath(dirname(__FILE__)).').
');
if ($GLOBALS['config']['ENABLE_LOCALCACHE'])
{
if (!is_dir($GLOBALS['config']['CACHEDIR'])) { mkdir($GLOBALS['config']['CACHEDIR'],0705); chmod($GLOBALS['config']['CACHEDIR'],0705); }
if (!is_file($GLOBALS['config']['CACHEDIR'].'/.htaccess')) { file_put_contents($GLOBALS['config']['CACHEDIR'].'/.htaccess',"Allow from none\nDeny from all\n"); } // Protect data files.
}
-// Run config screen if first run:
-if (!is_file($GLOBALS['config']['CONFIG_FILE'])) install();
-
-require $GLOBALS['config']['CONFIG_FILE']; // Read login/password hash into $GLOBALS.
-
// Handling of old config file which do not have the new parameters.
if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.htmlspecialchars(indexUrl());
if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get();
+if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']='';
if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false;
+if (empty($GLOBALS['disablejquery'])) $GLOBALS['disablejquery']=false;
+if (empty($GLOBALS['privateLinkByDefault'])) $GLOBALS['privateLinkByDefault']=false;
+// I really need to rewrite Shaarli with a proper configuation manager.
+
+// Run config screen if first run:
+if (!is_file($GLOBALS['config']['CONFIG_FILE'])) install();
+
+require $GLOBALS['config']['CONFIG_FILE']; // Read login/password hash into $GLOBALS.
autoLocale(); // Sniff browser language and set date format accordingly.
@@ -99,7 +120,7 @@ function checkphpversion()
if (version_compare(PHP_VERSION, '5.1.0') < 0)
{
header('Content-Type: text/plain; charset=utf-8');
- echo 'Your server supports php '.PHP_VERSION.'. Shaarli requires at last php 5.1.0, and thus cannot run. Sorry.';
+ echo 'Your server supports php '.PHP_VERSION.'. Shaarli requires at least php 5.1.0, and thus cannot run. Sorry.';
exit;
}
}
@@ -137,7 +158,7 @@ class pageCache
private $shouldBeCached; // boolean: Should this url be cached ?
private $filename; // Name of the cache file for this url
- /*
+ /*
$url = url (typically the value returned by pageUrl())
$shouldBeCached = boolean. If false, the cache will be disabled.
*/
@@ -146,7 +167,7 @@ class pageCache
$this->url = $url;
$this->filename = $GLOBALS['config']['PAGECACHE'].'/'.sha1($url).'.cache';
$this->shouldBeCached = $shouldBeCached;
- }
+ }
// If the page should be cached and a cached version exists,
// returns the cached version (otherwise, return null).
@@ -172,9 +193,9 @@ class pageCache
if (is_dir($GLOBALS['config']['PAGECACHE']))
{
$handler = opendir($GLOBALS['config']['PAGECACHE']);
- if ($handle!==false)
+ if ($handler!==false)
{
- while (($filename = readdir($handler))!==false)
+ while (($filename = readdir($handler))!==false)
{
if (endsWith($filename,'.cache')) { unlink($GLOBALS['config']['PAGECACHE'].'/'.$filename); }
}
@@ -223,7 +244,7 @@ function smallHash($text)
function text2clickable($url)
{
$redir = empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector'];
- return preg_replace('!(((?:https?|ftp|file)://|apt:)\S+[[:alnum:]]/?)!si','$1',$url);
+ return preg_replace('!(((?:https?|ftp|file)://|apt:|magnet:)\S+[[:alnum:]]/?)!si','$1',$url);
}
// This function inserts where relevant so that multiple spaces are properly displayed in HTML
@@ -231,7 +252,7 @@ function text2clickable($url)
function keepMultipleSpaces($text)
{
return str_replace(' ',' ',$text);
-
+
}
// ------------------------------------------------------------------------------------------
// Sniff browser language to display dates in the right format automatically.
@@ -265,12 +286,6 @@ function pubsubhub()
// ------------------------------------------------------------------------------------------
// Session management
-define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired.
-ini_set('session.use_cookies', 1); // Use cookies to store session.
-ini_set('session.use_only_cookies', 1); // Force cookies for session (phpsessionID forbidden in URL)
-ini_set('session.use_trans_sid', false); // Prevent php to use sessionID in URL if cookies are disabled.
-session_name('shaarli');
-session_start();
// Returns the IP address of the client (Used to prevent session cookie hijacking.)
function allIPs()
@@ -304,6 +319,8 @@ function isLoggedIn()
{
if ($GLOBALS['config']['OPEN_SHAARLI']) return true;
+ if (!isset($GLOBALS['login'])) return false; // Shaarli is not configured yet.
+
// If session does not exist on server side, or IP address has changed, or session has expired, logout.
if (empty($_SESSION['uid']) || ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || time()>=$_SESSION['expires_on'])
{
@@ -317,7 +334,7 @@ function isLoggedIn()
}
// Force logout.
-function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']);} }
+function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']); unset($_SESSION['privateonly']); } }
// ------------------------------------------------------------------------------------------
@@ -383,14 +400,14 @@ if (isset($_POST['login']))
$_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // Set session expiration on server-side.
$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
- session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir); // Set session cookie expiration on client side
+ session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['HTTP_HOST']); // Set session cookie expiration on client side
// Note: Never forget the trailing slash on the cookie path !
session_regenerate_id(true); // Send cookie with new expiration date to browser.
}
else // Standard session expiration (=when browser closes)
{
$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
- session_set_cookie_params(0,$cookiedir); // 0 means "When browser closes"
+ session_set_cookie_params(0,$cookiedir,$_SERVER['HTTP_HOST']); // 0 means "When browser closes"
session_regenerate_id(true);
}
// Optional redirect after login:
@@ -405,7 +422,9 @@ if (isset($_POST['login']))
else
{
ban_loginFailed();
- echo ''; // Redirect to login screen.
+ $redir = '';
+ if (isset($_GET['post'])) { $redir = '&post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):''); }
+ echo ''; // Redirect to login screen.
exit;
}
}
@@ -420,14 +439,18 @@ function serverUrl()
{
$https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443'; // HTTPS detection.
$serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]);
- return 'http'.($https?'s':'').'://'.$_SERVER["SERVER_NAME"].$serverport;
+ return 'http'.($https?'s':'').'://'.$_SERVER['HTTP_HOST'].$serverport;
}
// Returns the absolute URL of current script, without the query.
// (eg. http://sebsauvage.net/links/)
function indexUrl()
{
- return serverUrl() . ($_SERVER["SCRIPT_NAME"] == '/index.php' ? '/' : $_SERVER["SCRIPT_NAME"]);
+ $scriptname = $_SERVER["SCRIPT_NAME"];
+ // If the script is named 'index.php', we remove it (for better looking URLs,
+ // eg. http://mysite.com/shaarli/?abcde instead of http://mysite.com/shaarli/index.php?abcde)
+ if (endswith($scriptname,'index.php')) $scriptname = substr($scriptname,0,strlen($scriptname)-9);
+ return serverUrl() . $scriptname;
}
// Returns the absolute URL of current script, WITH the query.
@@ -572,7 +595,7 @@ if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are atta
// Returns a token.
function getToken()
{
- $rnd = sha1(uniqid('',true).'_'.mt_rand()); // We generate a random string.
+ $rnd = sha1(uniqid('',true).'_'.mt_rand().$GLOBALS['salt']); // We generate a random string.
$_SESSION['tokens'][$rnd]=1; // Store it on the server side.
return $rnd;
}
@@ -595,7 +618,7 @@ function tokenOk($token)
p = new pageBuilder;
p.assign('myfield','myvalue');
p.renderPage('mytemplate');
-
+
*/
class pageBuilder
{
@@ -604,11 +627,11 @@ class pageBuilder
function __construct()
{
$this->tpl=false;
- }
+ }
private function initialize()
- {
- $this->tpl = new RainTPL;
+ {
+ $this->tpl = new RainTPL;
$this->tpl->assign('newversion',checkUpdate());
$this->tpl->assign('feedurl',htmlspecialchars(indexUrl()));
$searchcrits=''; // Search criteria
@@ -623,16 +646,16 @@ class pageBuilder
if (!empty($GLOBALS['title'])) $this->tpl->assign('pagetitle',$GLOBALS['title']);
if (!empty($GLOBALS['pagetitle'])) $this->tpl->assign('pagetitle',$GLOBALS['pagetitle']);
$this->tpl->assign('shaarlititle',empty($GLOBALS['title']) ? 'Shaarli': $GLOBALS['title'] );
- return;
+ return;
}
-
+
// The following assign() method is basically the same as RainTPL (except that it's lazy)
public function assign($what,$where)
{
if ($this->tpl===false) $this->initialize(); // Lazy initialization
$this->tpl->assign($what,$where);
}
-
+
// Render a specific page (using a template).
// eg. pb.renderPage('picwall')
public function renderPage($page)
@@ -650,14 +673,14 @@ class pageBuilder
echo $mylinks['20110826_161819']['title'];
foreach($mylinks as $link)
echo $link['title'].' at url '.$link['url'].' ; description:'.$link['description'];
-
+
Available keys:
title : Title of the link
url : URL of the link. Can be absolute or relative. Relative URLs are permalinks (eg.'?m-ukcw')
description : description of the entry
private : Is this link private ? 0=no, other value=yes
linkdate : date of the creation of this entry, in the form YYYYMMDD_HHMMSS (eg.'20110914_192317')
- tags : tags attached to this entry (separated by spaces)
+ tags : tags attached to this entry (separated by spaces)
We implement 3 interfaces:
- ArrayAccess so that this object behaves like an associative array.
@@ -836,7 +859,7 @@ class linkdb implements Iterator, Countable, ArrayAccess
arsort($tags); // Sort tags by usage (most used tag first)
return $tags;
}
-
+
// Returns the list of days containing articles (oldest first)
// Output: An array containing days (in format YYYYMMDD).
public function days()
@@ -858,6 +881,10 @@ function showRSS()
{
header('Content-Type: application/rss+xml; charset=utf-8');
+ // $usepermalink : If true, use permalink instead of final link.
+ // User just has to add 'permalink' in URL parameters. eg. http://mysite.com/shaarli/?do=rss&permalinks
+ $usepermalinks = isset($_GET['permalinks']);
+
// Cache system
$query = $_SERVER["QUERY_STRING"];
$cache = new pageCache(pageUrl(),startsWith($query,'do=rss') && !isLoggedIn());
@@ -892,16 +919,25 @@ function showRSS()
$rfc822date = linkdate2rfc822($link['linkdate']);
$absurl = htmlspecialchars($link['url']);
if (startsWith($absurl,'?')) $absurl=$pageaddr.$absurl; // make permalink URL absolute
- echo ''.htmlspecialchars($link['title']).''.$guid.''.$absurl.'';
+ if ($usepermalinks===true)
+ echo ''.htmlspecialchars($link['title']).''.$guid.''.$guid.'';
+ else
+ echo ''.htmlspecialchars($link['title']).''.$guid.''.$absurl.'';
if (!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()) echo ''.htmlspecialchars($rfc822date)."\n";
if ($link['tags']!='') // Adding tags to each RSS entry (as mentioned in RSS specification)
{
foreach(explode(' ',$link['tags']) as $tag) { echo ''.htmlspecialchars($tag).''."\n"; }
}
- echo ''."\n\n";
+
+ // Add permalink in description
+ $descriptionlink = '(Permalink)';
+ // If user wants permalinks first, put the final link in description
+ if ($usepermalinks===true) $descriptionlink = '(Link)';
+ if (strlen($link['description'])>0) $descriptionlink = ' '.$descriptionlink;
+ echo ''."\n\n";
$i++;
}
- echo '';
+ echo '';
$cache->cache(ob_get_contents());
ob_end_flush();
@@ -914,6 +950,10 @@ function showATOM()
{
header('Content-Type: application/atom+xml; charset=utf-8');
+ // $usepermalink : If true, use permalink instead of final link.
+ // User just has to add 'permalink' in URL parameters. eg. http://mysite.com/shaarli/?do=atom&permalinks
+ $usepermalinks = isset($_GET['permalinks']);
+
// Cache system
$query = $_SERVER["QUERY_STRING"];
$cache = new pageCache(pageUrl(),startsWith($query,'do=atom') && !isLoggedIn());
@@ -942,9 +982,20 @@ function showATOM()
$latestDate = max($latestDate,$iso8601date);
$absurl = htmlspecialchars($link['url']);
if (startsWith($absurl,'?')) $absurl=$pageaddr.$absurl; // make permalink URL absolute
- $entries.=''.htmlspecialchars($link['title']).''.$guid.'';
+ $entries.=''.htmlspecialchars($link['title']).'';
+ if ($usepermalinks===true)
+ $entries.=''.$guid.'';
+ else
+ $entries.=''.$guid.'';
if (!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()) $entries.=''.htmlspecialchars($iso8601date).'';
- $entries.=''.htmlspecialchars(nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description'])))))."\n";
+
+ // Add permalink in description
+ $descriptionlink = htmlspecialchars('(Permalink)');
+ // If user wants permalinks first, put the final link in description
+ if ($usepermalinks===true) $descriptionlink = htmlspecialchars('(Link)');
+ if (strlen($link['description'])>0) $descriptionlink = '<br>'.$descriptionlink;
+
+ $entries.=''.htmlspecialchars(nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description']))))).$descriptionlink."\n";
if ($link['tags']!='') // Adding tags to each ATOM entry (as mentioned in ATOM specification)
{
foreach(explode(' ',$link['tags']) as $tag)
@@ -966,9 +1017,9 @@ function showATOM()
$feed.=''.htmlspecialchars($pageaddr).''.htmlspecialchars($pageaddr).'';
$feed.=''.htmlspecialchars($pageaddr).''."\n\n"; // Yes, I know I should use a real IRI (RFC3987), but the site URL will do.
$feed.=$entries;
- $feed.='';
+ $feed.='';
echo $feed;
-
+
$cache->cache(ob_get_contents());
ob_end_flush();
exit;
@@ -986,11 +1037,11 @@ function showDailyRSS()
$cached = $cache->cachedVersion(); if (!empty($cached)) { echo $cached; exit; }
// If cached was not found (or not usable), then read the database and build the response:
$LINKSDB=new linkdb(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI']); // Read links from database (and filter private links if used it not logged in).
-
+
/* Some Shaarlies may have very few links, so we need to look
back in time (rsort()) until we have enough days ($nb_of_days).
*/
- $linkdates=array(); foreach($LINKSDB as $linkdate=>$value) { $linkdates[]=$linkdate; }
+ $linkdates=array(); foreach($LINKSDB as $linkdate=>$value) { $linkdates[]=$linkdate; }
rsort($linkdates);
$nb_of_days=7; // We take 7 days.
$today=Date('Ymd');
@@ -1005,14 +1056,14 @@ function showDailyRSS()
}
if (count($days)>$nb_of_days) break; // Have we collected enough days ?
}
-
+
// Build the RSS feed.
header('Content-Type: application/rss+xml; charset=utf-8');
$pageaddr=htmlspecialchars(indexUrl());
echo '';
echo 'Daily - '.htmlspecialchars($GLOBALS['title']).''.$pageaddr.'';
echo 'Daily shared linksen-en'.$pageaddr.''."\n";
-
+
foreach($days as $day=>$linkdates) // For each day.
{
$daydate = utf8_encode(strftime('%A %d, %B %Y',linkdate2timestamp($day.'_000000'))); // Full text date
@@ -1020,7 +1071,7 @@ function showDailyRSS()
$absurl=htmlspecialchars(indexUrl().'?do=daily&day='.$day); // Absolute URL of the corresponding "Daily" page.
echo ''.htmlspecialchars($GLOBALS['title'].' - '.$daydate).''.$absurl.''.$absurl.'';
echo ''.htmlspecialchars($rfc822date)."";
-
+
// Build the HTML body of this RSS entry.
$html='';
$href='';
@@ -1030,21 +1081,21 @@ function showDailyRSS()
{
$l = $LINKSDB[$linkdate];
$l['formatedDescription']=nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($l['description']))));
- $l['thumbnail'] = thumbnail($l['url']);
- $l['localdate']=linkdate2locale($l['linkdate']);
+ $l['thumbnail'] = thumbnail($l['url']);
+ $l['localdate']=linkdate2locale($l['linkdate']);
if (startsWith($l['url'],'?')) $l['url']=indexUrl().$l['url']; // make permalink URL absolute
- $links[$linkdate]=$l;
+ $links[$linkdate]=$l;
}
// Then build the HTML for this day:
- $tpl = new RainTPL;
+ $tpl = new RainTPL;
$tpl->assign('links',$links);
$html = $tpl->draw('dailyrss',$return_string=true);
echo "\n";
echo ''."\n\n\n";
- }
- echo '';
-
+ }
+ echo '';
+
$cache->cache(ob_get_contents());
ob_end_flush();
exit;
@@ -1058,12 +1109,12 @@ function showDaily()
$day=Date('Ymd',strtotime('-1 day')); // Yesterday, in format YYYYMMDD.
if (isset($_GET['day'])) $day=$_GET['day'];
-
+
$days = $LINKSDB->days();
$i = array_search($day,$days);
if ($i==false) { $i=count($days)-1; $day=$days[$i]; }
- $previousday='';
- $nextday='';
+ $previousday='';
+ $nextday='';
if ($i!==false)
{
if ($i>1) $previousday=$days[$i-1];
@@ -1074,14 +1125,16 @@ function showDaily()
// We pre-format some fields for proper output.
foreach($linksToDisplay as $key=>$link)
{
- $linksToDisplay[$key]['taglist']=explode(' ',$link['tags']);
+ $taglist = explode(' ',$link['tags']);
+ uasort($taglist, 'strcasecmp');
+ $linksToDisplay[$key]['taglist']=$taglist;
$linksToDisplay[$key]['formatedDescription']=nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description']))));
- $linksToDisplay[$key]['thumbnail'] = thumbnail($link['url']);
+ $linksToDisplay[$key]['thumbnail'] = thumbnail($link['url']);
}
-
+
/* We need to spread the articles on 3 columns.
I did not want to use a javascript lib like http://masonry.desandro.com/
- so I manually spread entries with a simple method: I roughly evaluate the
+ so I manually spread entries with a simple method: I roughly evaluate the
height of a div according to title and description length.
*/
$columns=array(array(),array(),array()); // Entries to display, for each column.
@@ -1109,7 +1162,7 @@ function showDaily()
$PAGE->assign('col3',$columns[2]);
$PAGE->assign('day',utf8_encode(strftime('%A %d, %B %Y',linkdate2timestamp($day.'_000000'))));
$PAGE->assign('previousday',$previousday);
- $PAGE->assign('nextday',$nextday);
+ $PAGE->assign('nextday',$nextday);
$PAGE->renderPage('daily');
exit;
}
@@ -1188,7 +1241,7 @@ function renderPage()
$PAGE->assign('linkcount',count($LINKSDB));
$PAGE->assign('tags',$tagList);
$PAGE->renderPage('tagcloud');
- exit;
+ exit;
}
// -------- User clicks on a tag in a link: The tag is added to the list of searched tags (searchtags=...)
@@ -1224,10 +1277,14 @@ function renderPage()
if (isset($_GET['linksperpage']))
{
if (is_numeric($_GET['linksperpage'])) { $_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage'])); }
- header('Location: '.(empty($_SERVER['HTTP_REFERER'])?'?':$_SERVER['HTTP_REFERER']));
+ // Make sure the referer is from Shaarli itself.
+ $referer = '?';
+ if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0)
+ $referer = $_SERVER['HTTP_REFERER'];
+ header('Location: '.$referer);
exit;
}
-
+
// -------- User wants to see only private links (toggle)
if (isset($_GET['privateonly']))
{
@@ -1239,7 +1296,11 @@ function renderPage()
{
unset($_SESSION['privateonly']); // See all links
}
- header('Location: '.(empty($_SERVER['HTTP_REFERER'])?'?':$_SERVER['HTTP_REFERER']));
+ // Make sure the referer is from Shaarli itself.
+ $referer = '?';
+ if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0)
+ $referer = $_SERVER['HTTP_REFERER'];
+ header('Location: '.$referer);
exit;
}
@@ -1313,6 +1374,8 @@ function renderPage()
$GLOBALS['title']=$_POST['title'];
$GLOBALS['redirector']=$_POST['redirector'];
$GLOBALS['disablesessionprotection']=!empty($_POST['disablesessionprotection']);
+ $GLOBALS['disablejquery']=!empty($_POST['disablejquery']);
+ $GLOBALS['privateLinkByDefault']=!empty($_POST['privateLinkByDefault']);
writeConfig();
echo '';
exit;
@@ -1395,7 +1458,10 @@ function renderPage()
if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away !
$tags = trim(preg_replace('/\s\s+/',' ', $_POST['lf_tags'])); // Remove multiple spaces.
$linkdate=$_POST['lf_linkdate'];
- $link = array('title'=>trim($_POST['lf_title']),'url'=>trim($_POST['lf_url']),'description'=>trim($_POST['lf_description']),'private'=>(isset($_POST['lf_private']) ? 1 : 0),
+ $url = trim($_POST['lf_url']);
+ if (!startsWith($url,'http:') && !startsWith($url,'https:') && !startsWith($url,'ftp:') && !startsWith($url,'magnet:') && !startsWith($url,'?'))
+ $url = 'http://'.$url;
+ $link = array('title'=>trim($_POST['lf_title']),'url'=>$url,'description'=>trim($_POST['lf_description']),'private'=>(isset($_POST['lf_private']) ? 1 : 0),
'linkdate'=>$linkdate,'tags'=>str_replace(',',' ',$tags));
if ($link['title']=='') $link['title']=$link['url']; // If title is empty, use the URL as title.
$LINKSDB[$linkdate] = $link;
@@ -1405,6 +1471,7 @@ function renderPage()
// If we are called from the bookmarklet, we must close the popup:
if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo ''; exit; }
$returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' );
+ $returnurl .= '#'.smallHash($linkdate); // Scroll to the link which has been edited.
header('Location: '.$returnurl); // After saving the link, redirect to the page the user was on.
exit;
}
@@ -1415,6 +1482,7 @@ function renderPage()
// If we are called from the bookmarklet, we must close the popup;
if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo ''; exit; }
$returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' );
+ $returnurl .= '#'.smallHash($_POST['lf_linkdate']); // Scroll to the link which has been edited.
header('Location: '.$returnurl); // After canceling, redirect to the page the user was on.
exit;
}
@@ -1470,15 +1538,37 @@ function renderPage()
$link_is_new = true; // This is a new link
$linkdate = strval(date('Ymd_His'));
$title = (empty($_GET['title']) ? '' : $_GET['title'] ); // Get title if it was provided in URL (by the bookmarklet).
- $description=''; $tags=''; $private=0;
+ $description = (empty($_GET['description']) ? '' : $_GET['description'] )."\n"; // Get description if it was provided in URL (by the bookmarklet). [Bronco added that]
+ $tags=''; $private=0;
if (($url!='') && parse_url($url,PHP_URL_SCHEME)=='') $url = 'http://'.$url;
// If this is an HTTP link, we try go get the page to extact the title (otherwise we will to straight to the edit form.)
if (empty($title) && parse_url($url,PHP_URL_SCHEME)=='http')
{
list($status,$headers,$data) = getHTTP($url,4); // Short timeout to keep the application responsive.
// FIXME: Decode charset according to specified in either 1) HTTP response headers or 2) in html
- if (strpos($status,'200 OK')!==false) $title=html_entity_decode(html_extract_title($data),ENT_QUOTES,'UTF-8');
-
+ if (strpos($status,'200 OK')!==false)
+ {
+ // Look for charset in html header.
+ preg_match('##Usi', $data, $meta);
+
+ // If found, extract encoding.
+ if (!empty($meta[0]))
+ {
+ // Get encoding specified in header.
+ preg_match('#charset="?(.*)"#si', $meta[0], $enc);
+ // If charset not found, use utf-8.
+ $html_charset = (!empty($enc[1])) ? strtolower($enc[1]) : 'utf-8';
+ }
+ else { $html_charset = 'utf-8'; }
+
+ // Extract title
+ $title = html_extract_title($data);
+ if (!empty($title))
+ {
+ // Re-encode title in utf-8 if necessary.
+ $title = ($html_charset == 'iso-8859-1') ? utf8_encode($title) : $title;
+ }
+ }
}
if ($url=='') $url='?'.smallHash($linkdate); // In case of empty URL, this is just a text (with a link that point to itself)
$link = array('linkdate'=>$linkdate,'title'=>$title,'url'=>$url,'description'=>$description,'tags'=>$tags,'private'=>0);
@@ -1685,7 +1775,7 @@ function buildLinkList($PAGE,$LINKSDB)
}
else
$linksToDisplay = $LINKSDB; // otherwise, display without filtering.
-
+
// Option: Show only private links
if (!empty($_SESSION['privateonly']))
{
@@ -1724,11 +1814,13 @@ function buildLinkList($PAGE,$LINKSDB)
$classLi = $i%2!=0 ? '' : 'publicLinkHightLight';
$link['class'] = ($link['private']==0 ? $classLi : 'private');
$link['localdate']=linkdate2locale($link['linkdate']);
- $link['taglist']=explode(' ',$link['tags']);
+ $taglist = explode(' ',$link['tags']);
+ uasort($taglist, 'strcasecmp');
+ $link['taglist']=$taglist;
$linkDisp[$keys[$i]] = $link;
$i++;
}
-
+
// Compute paging navigation
$searchterm= ( empty($_GET['searchterm']) ? '' : '&searchterm='.$_GET['searchterm'] );
$searchtags= ( empty($_GET['searchtags']) ? '' : '&searchtags='.$_GET['searchtags'] );
@@ -1736,8 +1828,8 @@ function buildLinkList($PAGE,$LINKSDB)
$previous_page_url=''; if ($i!=count($keys)) $previous_page_url='?page='.($page+1).$searchterm.$searchtags;
$next_page_url='';if ($page>1) $next_page_url='?page='.($page-1).$searchterm.$searchtags;
- $token = ''; if (isLoggedIn()) $token=getToken();
-
+ $token = ''; if (isLoggedIn()) $token=getToken();
+
// Fill all template fields.
$PAGE->assign('linkcount',count($LINKSDB));
$PAGE->assign('previous_page_url',$previous_page_url);
@@ -1746,7 +1838,7 @@ function buildLinkList($PAGE,$LINKSDB)
$PAGE->assign('page_max',$pagecount);
$PAGE->assign('result_count',count($linksToDisplay));
$PAGE->assign('search_type',$search_type);
- $PAGE->assign('search_crits',$search_crits);
+ $PAGE->assign('search_crits',$search_crits);
$PAGE->assign('redirector',empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector']); // optional redirector URL
$PAGE->assign('token',$token);
$PAGE->assign('links',$linkDisp);
@@ -1754,7 +1846,7 @@ function buildLinkList($PAGE,$LINKSDB)
}
// Compute the thumbnail for a link.
-//
+//
// with a link to the original URL.
// Understands various services (youtube.com...)
// Input: $url = url for which the thumbnail must be found.
@@ -1781,15 +1873,15 @@ function computeThumbnail($url,$href=false)
{
$path = parse_url($url,PHP_URL_PATH);
return array('src'=>'http://img.youtube.com/vi'.$path.'/default.jpg',
- 'href'=>$href,'width'=>'120','height'=>'90','alt'=>'YouTube thumbnail');
+ 'href'=>$href,'width'=>'120','height'=>'90','alt'=>'YouTube thumbnail');
}
if ($domain=='pix.toile-libre.org') // pix.toile-libre.org image hosting
{
parse_str(parse_url($url,PHP_URL_QUERY), $params); // Extract image filename.
if (!empty($params) && !empty($params['img'])) return array('src'=>'http://pix.toile-libre.org/upload/thumb/'.urlencode($params['img']),
- 'href'=>$href,'style'=>'max-width:120px; max-height:150px','alt'=>'pix.toile-libre.org thumbnail');
- }
-
+ 'href'=>$href,'style'=>'max-width:120px; max-height:150px','alt'=>'pix.toile-libre.org thumbnail');
+ }
+
if ($domain=='imgur.com')
{
$path = parse_url($url,PHP_URL_PATH);
@@ -1868,7 +1960,7 @@ function computeThumbnail($url,$href=false)
{
$sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation)
return array('src'=>indexUrl().'?do=genthumbnail&hmac='.htmlspecialchars($sign).'&url='.urlencode($url),
- 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail');
+ 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail');
}
return array(); // No thumbnail.
@@ -1885,7 +1977,7 @@ function thumbnail($url,$href=false)
{
$t = computeThumbnail($url,$href);
if (count($t)==0) return ''; // Empty array = no thumbnail for this URL.
-
+
$html='';
-
+
// Lazy image (only loaded by javascript when in the viewport).
- $html.='';
-
- // No-javascript fallback:
+
+ // No-javascript fallback.
$html.='';
-
+
return $html;
}
@@ -1935,7 +2031,29 @@ function lazyThumbnail($url,$href=false)
function install()
{
// On free.fr host, make sure the /sessions directory exists, otherwise login will not work.
- if (endsWith($_SERVER['SERVER_NAME'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705);
+ if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705);
+
+
+ // This part makes sure sessions works correctly.
+ // (Because on some hosts, session.save_path may not be set correctly,
+ // or we may not have write access to it.)
+ if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working'))
+ { // Step 2: Check if data in session is correct.
+ echo '
Sessions do not seem to work correctly on your server. ';
+ echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it. ';
+ echo 'It currently points to '.session_save_path().'
';
+ die;
+ }
+ if (!isset($_SESSION['session_tested']))
+ { // Step 1 : Try to store data in session and reload page.
+ $_SESSION['session_tested'] = 'Working'; // Try to set a variable in session.
+ header('Location: '.indexUrl().'?test_session'); // Redirect to check stored data.
+ }
+ if (isset($_GET['test_session']))
+ { // Step 3: Sessions are ok. Remove test parameter from URL.
+ header('Location: '.indexUrl());
+ }
+
if (!empty($_POST['setlogin']) && !empty($_POST['setpassword']))
{
@@ -1957,7 +2075,7 @@ function install()
// Display config form:
list($timezone_form,$timezone_js) = templateTZform();
$timezone_html=''; if ($timezone_form!='') $timezone_html='
Timezone:
'.$timezone_form.'
';
-
+
$PAGE = new pageBuilder;
$PAGE->assign('timezone_html',$timezone_html);
$PAGE->assign('timezone_js',$timezone_js);
@@ -2002,8 +2120,8 @@ function templateTZform($ptz=false)
foreach($continents as $continent)
$continents_html.='';
$cities_html = $cities[$pcontinent];
- $timezone_form = "Continent: