X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=3136193f179e33533107384c33939658f36f82eb;hb=3bb684f59f04511ed157833d3d9552ee0e65d980;hp=553c2c9b54d2849cdedf3106e79f43c3c4fe5477;hpb=fbd9e52716d2309437dd39760b45d6fa0026cf71;p=github%2Fshaarli%2FShaarli.git
diff --git a/index.php b/index.php
index 553c2c9b..3136193f 100644
--- a/index.php
+++ b/index.php
@@ -1,5 +1,5 @@
'); // Suffix to encapsulate data in php code.
+// http://server.com/x/shaarli --> /shaarli/
+define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUEST_URI"], '/', 0)));
// Force cookie path (but do not change lifetime)
$cookie=session_get_cookie_params();
$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
-session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['SERVER_NAME']); // Set default cookie expiration and path.
+session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['HTTP_HOST']); // Set default cookie expiration and path.
// Set session parameters on server side.
define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired.
@@ -61,9 +65,8 @@ error_reporting(E_ALL^E_WARNING); // See all error except warnings.
//error_reporting(-1); // See all errors (for debugging only)
include "inc/rain.tpl.class.php"; //include Rain TPL
-raintpl::$tpl_dir = "tpl/"; // template directory
-if (!is_dir('tmp')) { mkdir('tmp',0705); chmod('tmp',0705); }
-raintpl::$cache_dir = "tmp/"; // cache directory
+raintpl::$tpl_dir = $GLOBALS['config']['RAINTPL_TPL']; // template directory
+raintpl::$cache_dir = $GLOBALS['config']['RAINTPL_TMP']; // cache directory
ob_start(); // Output buffering for the page cache.
@@ -85,16 +88,6 @@ header("Pragma: no-cache");
// Directories creations (Note that your web host may require differents rights than 705.)
if (!is_writable(realpath(dirname(__FILE__)))) die('ERROR: Shaarli does not have the right to write in its own directory ('.realpath(dirname(__FILE__)).').');
-if (!is_dir($GLOBALS['config']['DATADIR'])) { mkdir($GLOBALS['config']['DATADIR'],0705); chmod($GLOBALS['config']['DATADIR'],0705); }
-if (!is_dir('tmp')) { mkdir('tmp',0705); chmod('tmp',0705); } // For RainTPL temporary files.
-if (!is_file($GLOBALS['config']['DATADIR'].'/.htaccess')) { file_put_contents($GLOBALS['config']['DATADIR'].'/.htaccess',"Allow from none\nDeny from all\n"); } // Protect data files.
-// Second check to see if Shaarli can write in its directory, because on some hosts is_writable() is not reliable.
-if (!is_file($GLOBALS['config']['DATADIR'].'/.htaccess')) die('ERROR: Shaarli does not have the right to write in its own directory ('.realpath(dirname(__FILE__)).').');
-if ($GLOBALS['config']['ENABLE_LOCALCACHE'])
-{
- if (!is_dir($GLOBALS['config']['CACHEDIR'])) { mkdir($GLOBALS['config']['CACHEDIR'],0705); chmod($GLOBALS['config']['CACHEDIR'],0705); }
- if (!is_file($GLOBALS['config']['CACHEDIR'].'/.htaccess')) { file_put_contents($GLOBALS['config']['CACHEDIR'].'/.htaccess',"Allow from none\nDeny from all\n"); } // Protect data files.
-}
// Handling of old config file which do not have the new parameters.
if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.htmlspecialchars(indexUrl());
@@ -103,6 +96,7 @@ if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']='';
if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false;
if (empty($GLOBALS['disablejquery'])) $GLOBALS['disablejquery']=false;
if (empty($GLOBALS['privateLinkByDefault'])) $GLOBALS['privateLinkByDefault']=false;
+if (empty($GLOBALS['titleLink'])) $GLOBALS['titleLink']='?';
// I really need to rewrite Shaarli with a proper configuation manager.
// Run config screen if first run:
@@ -110,6 +104,8 @@ if (!is_file($GLOBALS['config']['CONFIG_FILE'])) install();
require $GLOBALS['config']['CONFIG_FILE']; // Read login/password hash into $GLOBALS.
+// a token depending of deployment salt, user password, and the current ip
+define('STAY_SIGNED_IN_TOKEN', sha1($GLOBALS['hash'].$_SERVER["REMOTE_ADDR"].$GLOBALS['salt']));
autoLocale(); // Sniff browser language and set date format accordingly.
header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling.
@@ -182,7 +178,6 @@ class pageCache
public function cache($page)
{
if (!$this->shouldBeCached) return;
- if (!is_dir($GLOBALS['config']['PAGECACHE'])) { mkdir($GLOBALS['config']['PAGECACHE'],0705); chmod($GLOBALS['config']['PAGECACHE'],0705); }
file_put_contents($this->filename,$page);
}
@@ -221,7 +216,7 @@ function nl2br_escaped($html)
return str_replace('>','>',str_replace('<','<',nl2br($html)));
}
-/* Returns the small hash of a string
+/* Returns the small hash of a string, using RFC 4648 base64url format
eg. smallHash('20111006_131924') --> yZH23w
Small hashes:
- are unique (well, as unique as crc32, at last)
@@ -233,10 +228,7 @@ function nl2br_escaped($html)
function smallHash($text)
{
$t = rtrim(base64_encode(hash('crc32',$text,true)),'=');
- $t = str_replace('+','-',$t); // Get rid of characters which need encoding in URLs.
- $t = str_replace('/','_',$t);
- $t = str_replace('=','@',$t);
- return $t;
+ return strtr($t, '+/', '-_');
}
// In a string, converts urls to clickable links.
@@ -297,16 +289,20 @@ function allIPs()
return $ip;
}
+function fillSessionInfo() {
+ $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // generate unique random number (different than phpsessionid)
+ $_SESSION['ip']=allIPs(); // We store IP address(es) of the client to make sure session is not hijacked.
+ $_SESSION['username']=$GLOBALS['login'];
+ $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Set session expiration.
+}
+
// Check that user/password is correct.
function check_auth($login,$password)
{
$hash = sha1($password.$login.$GLOBALS['salt']);
if ($login==$GLOBALS['login'] && $hash==$GLOBALS['hash'])
{ // Login/password is correct.
- $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // generate unique random number (different than phpsessionid)
- $_SESSION['ip']=allIPs(); // We store IP address(es) of the client to make sure session is not hijacked.
- $_SESSION['username']=$login;
- $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Set session expiration.
+ fillSessionInfo();
logm('Login successful');
return True;
}
@@ -321,6 +317,11 @@ function isLoggedIn()
if (!isset($GLOBALS['login'])) return false; // Shaarli is not configured yet.
+ if (@$_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN)
+ {
+ fillSessionInfo();
+ return true;
+ }
// If session does not exist on server side, or IP address has changed, or session has expired, logout.
if (empty($_SESSION['uid']) || ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || time()>=$_SESSION['expires_on'])
{
@@ -334,7 +335,9 @@ function isLoggedIn()
}
// Force logout.
-function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']); unset($_SESSION['privateonly']); } }
+function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']); unset($_SESSION['privateonly']); }
+setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH);
+}
// ------------------------------------------------------------------------------------------
@@ -396,18 +399,19 @@ if (isset($_POST['login']))
// If user wants to keep the session cookie even after the browser closes:
if (!empty($_POST['longlastingsession']))
{
+ setcookie('shaarli_staySignedIn', STAY_SIGNED_IN_TOKEN, time()+31536000, WEB_PATH);
$_SESSION['longlastingsession']=31536000; // (31536000 seconds = 1 year)
$_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // Set session expiration on server-side.
$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
- session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['SERVER_NAME']); // Set session cookie expiration on client side
+ session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['HTTP_HOST']); // Set session cookie expiration on client side
// Note: Never forget the trailing slash on the cookie path !
session_regenerate_id(true); // Send cookie with new expiration date to browser.
}
else // Standard session expiration (=when browser closes)
{
$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
- session_set_cookie_params(0,$cookiedir,$_SERVER['SERVER_NAME']); // 0 means "When browser closes"
+ session_set_cookie_params(0,$cookiedir,$_SERVER['HTTP_HOST']); // 0 means "When browser closes"
session_regenerate_id(true);
}
// Optional redirect after login:
@@ -439,7 +443,7 @@ function serverUrl()
{
$https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443'; // HTTPS detection.
$serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]);
- return 'http'.($https?'s':'').'://'.$_SERVER["SERVER_NAME"].$serverport;
+ return 'http'.($https?'s':'').'://'.$_SERVER['HTTP_HOST'].$serverport;
}
// Returns the absolute URL of current script, without the query.
@@ -566,7 +570,7 @@ function getHTTP($url,$timeout=30)
{
try
{
- $options = array('http'=>array('method'=>'GET','timeout' => $timeout)); // Force network timeout
+ $options = array('http'=>array('method'=>'GET','timeout' => $timeout, 'user_agent' => 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0')); // Force network timeout
$context = stream_context_create($options);
$data=file_get_contents($url,false,$context,-1, 4000000); // We download at most 4 Mb from source.
if (!$data) { return array('HTTP Error',array(),''); }
@@ -644,6 +648,7 @@ class pageBuilder
$this->tpl->assign('pagetitle','Shaarli');
$this->tpl->assign('privateonly',!empty($_SESSION['privateonly'])); // Show only private links ?
if (!empty($GLOBALS['title'])) $this->tpl->assign('pagetitle',$GLOBALS['title']);
+ if (!empty($GLOBALS['titleLink'])) $this->tpl->assign('titleLink',$GLOBALS['titleLink']);
if (!empty($GLOBALS['pagetitle'])) $this->tpl->assign('pagetitle',$GLOBALS['pagetitle']);
$this->tpl->assign('shaarlititle',empty($GLOBALS['title']) ? 'Shaarli': $GLOBALS['title'] );
return;
@@ -740,7 +745,7 @@ class linkdb implements Iterator, Countable, ArrayAccess
$this->links = array();
$link = array('title'=>'Shaarli - sebsauvage.net','url'=>'http://sebsauvage.net/wiki/doku.php?id=php:shaarli','description'=>'Welcome to Shaarli ! This is a bookmark. To edit or delete me, you must first login.','private'=>0,'linkdate'=>'20110914_190000','tags'=>'opensource software');
$this->links[$link['linkdate']] = $link;
- $link = array('title'=>'My secret stuff... - Pastebin.com','url'=>'http://pastebin.com/smCEEeSn','description'=>'SShhhh!! I\'m a private link only YOU can see. You can delete me too.','private'=>1,'linkdate'=>'20110914_074522','tags'=>'secretstuff');
+ $link = array('title'=>'My secret stuff... - Pastebin.com','url'=>'http://sebsauvage.net/paste/?8434b27936c09649#bR7XsXhoTiLcqCpQbmOpBi3rq2zzQUC5hBI7ZT1O3x8=','description'=>'SShhhh!! I\'m a private link only YOU can see. You can delete me too.','private'=>1,'linkdate'=>'20110914_074522','tags'=>'secretstuff');
$this->links[$link['linkdate']] = $link;
file_put_contents($GLOBALS['config']['DATASTORE'], PHPPREFIX.base64_encode(gzdeflate(serialize($this->links))).PHPSUFFIX); // Write database to disk
}
@@ -898,7 +903,11 @@ function showRSS()
if (!empty($_GET['searchterm'])) $linksToDisplay = $LINKSDB->filterFulltext($_GET['searchterm']);
elseif (!empty($_GET['searchtags'])) $linksToDisplay = $LINKSDB->filterTags(trim($_GET['searchtags']));
else $linksToDisplay = $LINKSDB;
- $nblinksToDisplay = !empty($_GET['nb']) ? max($_GET['nb'] + 0, 1) : 50;
+ $nblinksToDisplay = 50; // Number of links to display.
+ if (!empty($_GET['nb'])) // In URL, you can specificy the number of links. Example: nb=200 or nb=all for all links.
+ {
+ $nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ;
+ }
$pageaddr=htmlspecialchars(indexUrl());
echo '';
@@ -938,7 +947,7 @@ function showRSS()
echo ''."\n\n";
$i++;
}
- echo '';
+ echo '';
$cache->cache(ob_get_contents());
ob_end_flush();
@@ -969,7 +978,11 @@ function showATOM()
if (!empty($_GET['searchterm'])) $linksToDisplay = $LINKSDB->filterFulltext($_GET['searchterm']);
elseif (!empty($_GET['searchtags'])) $linksToDisplay = $LINKSDB->filterTags(trim($_GET['searchtags']));
else $linksToDisplay = $LINKSDB;
- $nblinksToDisplay = !empty($_GET['nb']) ? max($_GET['nb'] + 0, 1) : 50;
+ $nblinksToDisplay = 50; // Number of links to display.
+ if (!empty($_GET['nb'])) // In URL, you can specificy the number of links. Example: nb=200 or nb=all for all links.
+ {
+ $nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ;
+ }
$pageaddr=htmlspecialchars(indexUrl());
$latestDate = '';
@@ -1019,7 +1032,7 @@ function showATOM()
$feed.=''.htmlspecialchars($pageaddr).''.htmlspecialchars($pageaddr).'';
$feed.=''.htmlspecialchars($pageaddr).''."\n\n"; // Yes, I know I should use a real IRI (RFC3987), but the site URL will do.
$feed.=$entries;
- $feed.='';
+ $feed.='';
echo $feed;
$cache->cache(ob_get_contents());
@@ -1096,7 +1109,7 @@ function showDailyRSS()
echo ''."\n\n\n";
}
- echo '';
+ echo '';
$cache->cache(ob_get_contents());
ob_end_flush();
@@ -1281,7 +1294,7 @@ function renderPage()
if (is_numeric($_GET['linksperpage'])) { $_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage'])); }
// Make sure the referer is from Shaarli itself.
$referer = '?';
- if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['SERVER_NAME'])==0)
+ if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0)
$referer = $_SERVER['HTTP_REFERER'];
header('Location: '.$referer);
exit;
@@ -1300,7 +1313,7 @@ function renderPage()
}
// Make sure the referer is from Shaarli itself.
$referer = '?';
- if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['SERVER_NAME'])==0)
+ if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0)
$referer = $_SERVER['HTTP_REFERER'];
header('Location: '.$referer);
exit;
@@ -1374,6 +1387,7 @@ function renderPage()
$tz = $_POST['continent'].'/'.$_POST['city'];
$GLOBALS['timezone'] = $tz;
$GLOBALS['title']=$_POST['title'];
+ $GLOBALS['titleLink']=$_POST['titleLink'];
$GLOBALS['redirector']=$_POST['redirector'];
$GLOBALS['disablesessionprotection']=!empty($_POST['disablesessionprotection']);
$GLOBALS['disablejquery']=!empty($_POST['disablejquery']);
@@ -1540,18 +1554,41 @@ function renderPage()
$link_is_new = true; // This is a new link
$linkdate = strval(date('Ymd_His'));
$title = (empty($_GET['title']) ? '' : $_GET['title'] ); // Get title if it was provided in URL (by the bookmarklet).
- $description=''; $tags=''; $private=0;
+ $description = (empty($_GET['description']) ? '' : $_GET['description']); // Get description if it was provided in URL (by the bookmarklet). [Bronco added that]
+ $tags = (empty($_GET['tags']) ? '' : $_GET['tags'] ); // Get tags if it was provided in URL
+ $private = (!empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0); // Get private if it was provided in URL
if (($url!='') && parse_url($url,PHP_URL_SCHEME)=='') $url = 'http://'.$url;
// If this is an HTTP link, we try go get the page to extact the title (otherwise we will to straight to the edit form.)
if (empty($title) && parse_url($url,PHP_URL_SCHEME)=='http')
{
list($status,$headers,$data) = getHTTP($url,4); // Short timeout to keep the application responsive.
// FIXME: Decode charset according to specified in either 1) HTTP response headers or 2) in html
- if (strpos($status,'200 OK')!==false) $title=html_entity_decode(html_extract_title($data),ENT_QUOTES,'UTF-8');
-
+ if (strpos($status,'200 OK')!==false)
+ {
+ // Look for charset in html header.
+ preg_match('##Usi', $data, $meta);
+
+ // If found, extract encoding.
+ if (!empty($meta[0]))
+ {
+ // Get encoding specified in header.
+ preg_match('#charset="?(.*)"#si', $meta[0], $enc);
+ // If charset not found, use utf-8.
+ $html_charset = (!empty($enc[1])) ? strtolower($enc[1]) : 'utf-8';
+ }
+ else { $html_charset = 'utf-8'; }
+
+ // Extract title
+ $title = html_extract_title($data);
+ if (!empty($title))
+ {
+ // Re-encode title in utf-8 if necessary.
+ $title = ($html_charset == 'iso-8859-1') ? utf8_encode($title) : $title;
+ }
+ }
}
if ($url=='') $url='?'.smallHash($linkdate); // In case of empty URL, this is just a text (with a link that point to itself)
- $link = array('linkdate'=>$linkdate,'title'=>$title,'url'=>$url,'description'=>$description,'tags'=>$tags,'private'=>0);
+ $link = array('linkdate'=>$linkdate,'title'=>$title,'url'=>$url,'description'=>$description,'tags'=>$tags,'private'=>$private);
}
$PAGE = new pageBuilder;
@@ -1676,7 +1713,11 @@ function importFile()
{
$attr=$m[1]; $value=$m[2];
if ($attr=='HREF') $link['url']=html_entity_decode($value,ENT_QUOTES,'UTF-8');
- elseif ($attr=='ADD_DATE') $raw_add_date=intval($value);
+ elseif ($attr=='ADD_DATE')
+ {
+ $raw_add_date=intval($value);
+ if ($raw_add_date>30000000000) $raw_add_date/=1000; //If larger than year 2920, then was likely stored in milliseconds instead of seconds
+ }
elseif ($attr=='PRIVATE') $link['private']=($value=='0'?0:1);
elseif ($attr=='TAGS') $link['tags']=html_entity_decode(str_replace(',',' ',$value),ENT_QUOTES,'UTF-8');
}
@@ -1712,11 +1753,11 @@ function importFile()
}
$LINKSDB->savedb();
- echo '';
+ echo '';
}
else
{
- echo '';
+ echo '';
}
}
@@ -2011,7 +2052,7 @@ function lazyThumbnail($url,$href=false)
function install()
{
// On free.fr host, make sure the /sessions directory exists, otherwise login will not work.
- if (endsWith($_SERVER['SERVER_NAME'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705);
+ if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705);
// This part makes sure sessions works correctly.
@@ -2124,7 +2165,42 @@ function isTZvalid($continent,$city)
}
return false;
}
-
+if (!function_exists('json_encode')) {
+ function json_encode($data) {
+ switch ($type = gettype($data)) {
+ case 'NULL':
+ return 'null';
+ case 'boolean':
+ return ($data ? 'true' : 'false');
+ case 'integer':
+ case 'double':
+ case 'float':
+ return $data;
+ case 'string':
+ return '"' . addslashes($data) . '"';
+ case 'object':
+ $data = get_object_vars($data);
+ case 'array':
+ $output_index_count = 0;
+ $output_indexed = array();
+ $output_associative = array();
+ foreach ($data as $key => $value) {
+ $output_indexed[] = json_encode($value);
+ $output_associative[] = json_encode($key) . ':' . json_encode($value);
+ if ($output_index_count !== NULL && $output_index_count++ !== $key) {
+ $output_index_count = NULL;
+ }
+ }
+ if ($output_index_count !== NULL) {
+ return '[' . implode(',', $output_indexed) . ']';
+ } else {
+ return '{' . implode(',', $output_associative) . '}';
+ }
+ default:
+ return ''; // Not supported
+ }
+ }
+}
// Webservices (for use with jQuery/jQueryUI)
// eg. index.php?ws=tags&term=minecr
@@ -2174,6 +2250,7 @@ function writeConfig()
if (is_file($GLOBALS['config']['CONFIG_FILE']) && !isLoggedIn()) die('You are not authorized to alter config.'); // Only logged in user can alter config.
$config='