X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=61d92f04d8fd1bc61dde6167bd56096a9efc318e;hb=refs%2Fpull%2F337%2Fhead;hp=e3b612c89ff92d6037d6f70d0385d253af2a4a23;hpb=afd7b77b4c79a0450a6ef0489ca383c156111173;p=github%2Fshaarli%2FShaarli.git diff --git a/index.php b/index.php old mode 100644 new mode 100755 index e3b612c8..61d92f04 --- a/index.php +++ b/index.php @@ -1,5 +1,5 @@ /shaarli/ define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUEST_URI"], '/', 0))); -// Force cookie path (but do not change lifetime) -$cookie=session_get_cookie_params(); -$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; -session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['SERVER_NAME']); // Set default cookie expiration and path. - -// Set session parameters on server side. -define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired. -ini_set('session.use_cookies', 1); // Use cookies to store session. -ini_set('session.use_only_cookies', 1); // Force cookies for session (phpsessionID forbidden in URL). -ini_set('session.use_trans_sid', false); // Prevent PHP form using sessionID in URL if cookies are disabled. -session_name('shaarli'); -if (session_id() == '') session_start(); // Start session if needed (Some server auto-start sessions). - // PHP Settings ini_set('max_input_time','60'); // High execution time in case of problematic imports/exports. ini_set('memory_limit', '128M'); // Try to set max upload file size and read (May not work on some hosts). @@ -70,8 +57,12 @@ if (is_file($GLOBALS['config']['CONFIG_FILE'])) { } // Shaarli library +require_once 'application/Cache.php'; +require_once 'application/CachedPage.php'; +require_once 'application/HttpUtils.php'; require_once 'application/LinkDB.php'; require_once 'application/TimeZone.php'; +require_once 'application/Url.php'; require_once 'application/Utils.php'; require_once 'application/Config.php'; @@ -84,6 +75,36 @@ try { exit; } +// Force cookie path (but do not change lifetime) +$cookie = session_get_cookie_params(); +$cookiedir = ''; +if (dirname($_SERVER['SCRIPT_NAME']) != '/') { + $cookiedir = dirname($_SERVER["SCRIPT_NAME"]).'/'; +} +// Set default cookie expiration and path. +session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['SERVER_NAME']); +// Set session parameters on server side. +// If the user does not access any page within this time, his/her session is considered expired. +define('INACTIVITY_TIMEOUT', 3600); // in seconds. +// Use cookies to store session. +ini_set('session.use_cookies', 1); +// Force cookies for session (phpsessionID forbidden in URL). +ini_set('session.use_only_cookies', 1); +// Prevent PHP form using sessionID in URL if cookies are disabled. +ini_set('session.use_trans_sid', false); + +session_name('shaarli'); +// Start session if needed (Some server auto-start sessions). +if (session_id() == '') { + session_start(); +} + +// Regenerate session ID if invalid or not defined in cookie. +if (isset($_COOKIE['shaarli']) && !is_session_id_valid($_COOKIE['shaarli'])) { + session_regenerate_id(true); + $_COOKIE['shaarli'] = session_id(); +} + include "inc/rain.tpl.class.php"; //include Rain TPL raintpl::$tpl_dir = $GLOBALS['config']['RAINTPL_TPL']; // template directory raintpl::$cache_dir = $GLOBALS['config']['RAINTPL_TMP']; // cache directory @@ -189,9 +210,11 @@ function checkUpdate() // Get latest version number at most once a day. if (!is_file($GLOBALS['config']['UPDATECHECK_FILENAME']) || (filemtime($GLOBALS['config']['UPDATECHECK_FILENAME'])','',str_replace('', '', str_replace('url = $url; - $this->filename = $GLOBALS['config']['PAGECACHE'].'/'.sha1($url).'.cache'; - $this->shouldBeCached = $shouldBeCached; - } - - // If the page should be cached and a cached version exists, - // returns the cached version (otherwise, return null). - public function cachedVersion() - { - if (!$this->shouldBeCached) return null; - if (is_file($this->filename)) { return file_get_contents($this->filename); exit; } - return null; - } - - // Put a page in the cache. - public function cache($page) - { - if (!$this->shouldBeCached) return; - file_put_contents($this->filename,$page); - } - - // Purge the whole cache. - // (call with pageCache::purgeCache()) - public static function purgeCache() - { - if (is_dir($GLOBALS['config']['PAGECACHE'])) - { - $handler = opendir($GLOBALS['config']['PAGECACHE']); - if ($handler!==false) - { - while (($filename = readdir($handler))!==false) - { - if (endsWith($filename,'.cache')) { unlink($GLOBALS['config']['PAGECACHE'].'/'.$filename); } - } - closedir($handler); - } - } - } - -} - - // ----------------------------------------------------------------------------------------------- // Log to text file function logm($message) @@ -445,12 +411,30 @@ if (isset($_POST['login'])) session_set_cookie_params(0,$cookiedir,$_SERVER['SERVER_NAME']); // 0 means "When browser closes" session_regenerate_id(true); } + // Optional redirect after login: - if (isset($_GET['post'])) { header('Location: ?post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):'')); exit; } - if (isset($_POST['returnurl'])) - { - if (endsWith($_POST['returnurl'],'?do=login')) { header('Location: ?'); exit; } // Prevent loops over login screen. - header('Location: '.$_POST['returnurl']); exit; + if (isset($_GET['post'])) { + $uri = '?post='. urlencode($_GET['post']); + foreach (array('description', 'source', 'title') as $param) { + if (!empty($_GET[$param])) { + $uri .= '&'.$param.'='.urlencode($_GET[$param]); + } + } + header('Location: '. $uri); + exit; + } + + if (isset($_GET['edit_link'])) { + header('Location: ?edit_link='. escape($_GET['edit_link'])); + exit; + } + + if (isset($_POST['returnurl'])) { + // Prevent loops over login screen. + if (strpos($_POST['returnurl'], 'do=login') === false) { + header('Location: '. escape($_POST['returnurl'])); + exit; + } } header('Location: ?'); exit; } @@ -458,7 +442,14 @@ if (isset($_POST['login'])) { ban_loginFailed(); $redir = ''; - if (isset($_GET['post'])) { $redir = '&post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):''); } + if (isset($_GET['post'])) { + $redir = '?post=' . urlencode($_GET['post']); + foreach (array('description', 'source', 'title') as $param) { + if (!empty($_GET[$param])) { + $redir .= '&' . $param . '=' . urlencode($_GET[$param]); + } + } + } echo ''; // Redirect to login screen. exit; } @@ -547,53 +538,6 @@ function linkdate2iso8601($linkdate) return date('c',linkdate2timestamp($linkdate)); // 'c' is for ISO 8601 date format. } -// Parse HTTP response headers and return an associative array. -function http_parse_headers_shaarli( $headers ) -{ - $res=array(); - foreach($headers as $header) - { - $i = strpos($header,': '); - if ($i!==false) - { - $key=substr($header,0,$i); - $value=substr($header,$i+2,strlen($header)-$i-2); - $res[$key]=$value; - } - } - return $res; -} - -/* GET an URL. - Input: $url : URL to get (http://...) - $timeout : Network timeout (will wait this many seconds for an anwser before giving up). - Output: An array. [0] = HTTP status message (e.g. "HTTP/1.1 200 OK") or error message - [1] = associative array containing HTTP response headers (e.g. echo getHTTP($url)[1]['Content-Type']) - [2] = data - Example: list($httpstatus,$headers,$data) = getHTTP('http://sebauvage.net/'); - if (strpos($httpstatus,'200 OK')!==false) - echo 'Data type: '.htmlspecialchars($headers['Content-Type']); - else - echo 'There was an error: '.htmlspecialchars($httpstatus) -*/ -function getHTTP($url,$timeout=30) -{ - try - { - $options = array('http'=>array('method'=>'GET','timeout' => $timeout, 'user_agent' => 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0')); // Force network timeout - $context = stream_context_create($options); - $data=file_get_contents($url,false,$context,-1, 4000000); // We download at most 4 Mb from source. - if (!$data) { return array('HTTP Error',array(),''); } - $httpStatus=$http_response_header[0]; // e.g. "HTTP/1.1 200 OK" - $responseHeaders=http_parse_headers_shaarli($http_response_header); - return array($httpStatus,$responseHeaders,$data); - } - catch (Exception $e) // getHTTP *can* fail silently (we don't care if the title cannot be fetched) - { - return array($e->getMessage(),'',''); - } -} - // Extract title from an HTML document. // (Returns an empty string if not found.) function html_extract_title($html) @@ -693,8 +637,16 @@ function showRSS() // Cache system $query = $_SERVER["QUERY_STRING"]; - $cache = new pageCache(pageUrl(),startsWith($query,'do=rss') && !isLoggedIn()); - $cached = $cache->cachedVersion(); if (!empty($cached)) { echo $cached; exit; } + $cache = new CachedPage( + $GLOBALS['config']['PAGECACHE'], + pageUrl(), + startsWith($query,'do=rss') && !isLoggedIn() + ); + $cached = $cache->cachedVersion(); + if (! empty($cached)) { + echo $cached; + exit; + } // If cached was not found (or not usable), then read the database and build the response: $LINKSDB = new LinkDB( @@ -773,11 +725,19 @@ function showATOM() // Cache system $query = $_SERVER["QUERY_STRING"]; - $cache = new pageCache(pageUrl(),startsWith($query,'do=atom') && !isLoggedIn()); - $cached = $cache->cachedVersion(); if (!empty($cached)) { echo $cached; exit; } - // If cached was not found (or not usable), then read the database and build the response: + $cache = new CachedPage( + $GLOBALS['config']['PAGECACHE'], + pageUrl(), + startsWith($query,'do=atom') && !isLoggedIn() + ); + $cached = $cache->cachedVersion(); + if (!empty($cached)) { + echo $cached; + exit; + } -// Read links from database (and filter private links if used it not logged in). + // If cached was not found (or not usable), then read the database and build the response: + // Read links from database (and filter private links if used it not logged in). $LINKSDB = new LinkDB( $GLOBALS['config']['DATASTORE'], isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'], @@ -859,7 +819,11 @@ function showATOM() function showDailyRSS() { // Cache system $query = $_SERVER["QUERY_STRING"]; - $cache = new pageCache(pageUrl(), startsWith($query, 'do=dailyrss') && !isLoggedIn()); + $cache = new CachedPage( + $GLOBALS['config']['PAGECACHE'], + pageUrl(), + startsWith($query,'do=dailyrss') && !isLoggedIn() + ); $cached = $cache->cachedVersion(); if (!empty($cached)) { echo $cached; @@ -1051,7 +1015,7 @@ function renderPage() // -------- User wants to logout. if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=logout')) { - invalidateCaches(); + invalidateCaches($GLOBALS['config']['PAGECACHE']); logout(); header('Location: ?'); exit; @@ -1219,6 +1183,11 @@ function renderPage() exit; } + if (isset($_GET['edit_link'])) { + header('Location: ?do=login&edit_link='. escape($_GET['edit_link'])); + exit; + } + $PAGE = new pageBuilder; buildLinkList($PAGE,$LINKSDB); // Compute list of links to display $PAGE->renderPage('linklist'); @@ -1353,7 +1322,7 @@ function renderPage() $value['tags']=trim(implode(' ',$tags)); $LINKSDB[$key]=$value; } - $LINKSDB->savedb(); // Save to disk. + $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']); // Save to disk. echo ''; exit; } @@ -1370,7 +1339,7 @@ function renderPage() $value['tags']=trim(implode(' ',$tags)); $LINKSDB[$key]=$value; } - $LINKSDB->savedb(); // Save to disk. + $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']); // Save to disk. echo ''; exit; } @@ -1399,7 +1368,7 @@ function renderPage() 'linkdate'=>$linkdate,'tags'=>str_replace(',',' ',$tags)); if ($link['title']=='') $link['title']=$link['url']; // If title is empty, use the URL as title. $LINKSDB[$linkdate] = $link; - $LINKSDB->savedb(); // Save to disk. + $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']); // Save to disk. pubsubhub(); // If we are called from the bookmarklet, we must close the popup: @@ -1432,7 +1401,7 @@ function renderPage() // - we are protected from XSRF by the token. $linkdate=$_POST['lf_linkdate']; unset($LINKSDB[$linkdate]); - $LINKSDB->savedb(); // save to disk + $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']); // save to disk // If we are called from the bookmarklet, we must close the popup: if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo ''; exit; } @@ -1484,77 +1453,62 @@ function renderPage() } // -------- User want to post a new link: Display link edit form. - if (isset($_GET['post'])) - { - $url=$_GET['post']; - - - // We remove the annoying parameters added by FeedBurner, GoogleFeedProxy, Facebook... - $annoyingpatterns = array('/[\?&]utm_source=[^&]*/', - '/[\?&]utm_campaign=[^&]*/', - '/[\?&]utm_medium=[^&]*/', - '/#xtor=RSS-[^&]*/', - '/[\?&]fb_[^&]*/', - '/[\?&]__scoop[^&]*/', - '/#tk\.rss_all\?/', - '/[\?&]action_ref_map=[^&]*/', - '/[\?&]action_type_map=[^&]*/', - '/[\?&]action_object_map=[^&]*/', - '/[\?&]utm_content=[^&]*/', - '/[\?&]fb=[^&]*/', - '/[\?&]xtor=[^&]*/' - ); - foreach($annoyingpatterns as $pattern) - { - $url = preg_replace($pattern, "", $url); - } + if (isset($_GET['post'])) { + $url = cleanup_url($_GET['post']); $link_is_new = false; - $link = $LINKSDB->getLinkFromUrl($url); // Check if URL is not already in database (in this case, we will edit the existing link) + // Check if URL is not already in database (in this case, we will edit the existing link) + $link = $LINKSDB->getLinkFromUrl($url); if (!$link) { - $link_is_new = true; // This is a new link + $link_is_new = true; $linkdate = strval(date('Ymd_His')); - $title = (empty($_GET['title']) ? '' : $_GET['title'] ); // Get title if it was provided in URL (by the bookmarklet). - $description = (empty($_GET['description']) ? '' : $_GET['description']); // Get description if it was provided in URL (by the bookmarklet). [Bronco added that] - $tags = (empty($_GET['tags']) ? '' : $_GET['tags'] ); // Get tags if it was provided in URL - $private = (!empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0); // Get private if it was provided in URL - if (($url!='') && parse_url($url,PHP_URL_SCHEME)=='') $url = 'http://'.$url; - // If this is an HTTP link, we try go get the page to extract the title (otherwise we will to straight to the edit form.) - if (empty($title) && parse_url($url,PHP_URL_SCHEME)=='http') - { - list($status,$headers,$data) = getHTTP($url,4); // Short timeout to keep the application responsive. + // Get title if it was provided in URL (by the bookmarklet). + $title = (empty($_GET['title']) ? '' : $_GET['title'] ); + // Get description if it was provided in URL (by the bookmarklet). [Bronco added that] + $description = (empty($_GET['description']) ? '' : $_GET['description']); + $tags = (empty($_GET['tags']) ? '' : $_GET['tags'] ); + $private = (!empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0); + // If this is an HTTP(S) link, we try go get the page to extract the title (otherwise we will to straight to the edit form.) + if (empty($title) && strpos(get_url_scheme($url), 'http') !== false) { + // Short timeout to keep the application responsive + list($headers, $data) = get_http_url($url, 4); // FIXME: Decode charset according to specified in either 1) HTTP response headers or 2) in html - if (strpos($status,'200 OK')!==false) - { - // Look for charset in html header. - preg_match('##Usi', $data, $meta); - - // If found, extract encoding. - if (!empty($meta[0])) - { - // Get encoding specified in header. - preg_match('#charset="?(.*)"#si', $meta[0], $enc); - // If charset not found, use utf-8. - $html_charset = (!empty($enc[1])) ? strtolower($enc[1]) : 'utf-8'; - } - else { $html_charset = 'utf-8'; } - - // Extract title - $title = html_extract_title($data); - if (!empty($title)) - { - // Re-encode title in utf-8 if necessary. - $title = ($html_charset == 'iso-8859-1') ? utf8_encode($title) : $title; - } - } + if (strpos($headers[0], '200 OK') !== false) { + // Look for charset in html header. + preg_match('##Usi', $data, $meta); + + // If found, extract encoding. + if (!empty($meta[0])) { + // Get encoding specified in header. + preg_match('#charset="?(.*)"#si', $meta[0], $enc); + // If charset not found, use utf-8. + $html_charset = (!empty($enc[1])) ? strtolower($enc[1]) : 'utf-8'; + } + else { + $html_charset = 'utf-8'; + } + + // Extract title + $title = html_extract_title($data); + if (!empty($title)) { + // Re-encode title in utf-8 if necessary. + $title = ($html_charset == 'iso-8859-1') ? utf8_encode($title) : $title; + } + } } - if ($url=='') // In case of empty URL, this is just a text (with a link that points to itself) - { - $url='?'.smallHash($linkdate); - $title='Note: '; + if ($url == '') { + $url = '?' . smallHash($linkdate); + $title = 'Note: '; } - $link = array('linkdate'=>$linkdate,'title'=>$title,'url'=>$url,'description'=>$description,'tags'=>$tags,'private'=>$private); + $link = array( + 'linkdate' => $linkdate, + 'title' => $title, + 'url' => $url, + 'description' => $description, + 'tags' => $tags, + 'private' => $private + ); } $PAGE = new pageBuilder; @@ -1722,7 +1676,7 @@ function importFile() } } } - $LINKSDB->savedb(); + $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']); echo ''; } @@ -2188,8 +2142,9 @@ function genThumbnail() } else // This is a flickr page (html) { - list($httpstatus,$headers,$data) = getHTTP($url,20); // Get the flickr html page. - if (strpos($httpstatus,'200 OK')!==false) + // Get the flickr html page. + list($headers, $data) = get_http_url($url, 20); + if (strpos($headers[0], '200 OK') !== false) { // flickr now nicely provides the URL of the thumbnail in each flickr page. preg_match('! tag on that page // http://www.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net.html // - list($httpstatus,$headers,$data) = getHTTP($url,5); - if (strpos($httpstatus,'200 OK')!==false) - { + list($headers, $data) = get_http_url($url, 5); + if (strpos($headers[0], '200 OK') !== false) { // Extract the link to the thumbnail preg_match('!link rel="image_src" href="(http://images.ted.com/images/ted/.+_\d+x\d+\.jpg)"!',$data,$matches); if (!empty($matches[1])) { // Let's download the image. $imageurl=$matches[1]; - list($httpstatus,$headers,$data) = getHTTP($imageurl,20); // No control on image size, so wait long enough. - if (strpos($httpstatus,'200 OK')!==false) - { + // No control on image size, so wait long enough + list($headers, $data) = get_http_url($imageurl, 20); + if (strpos($headers[0], '200 OK') !== false) { $filepath=$GLOBALS['config']['CACHEDIR'].'/'.$thumbname; file_put_contents($filepath,$data); // Save image to cache. if (resizeImage($filepath)) @@ -2275,17 +2227,16 @@ function genThumbnail() // There is no thumbnail available for xkcd comics, so download the whole image and resize it. // http://xkcd.com/327/ // <BLABLA> - list($httpstatus,$headers,$data) = getHTTP($url,5); - if (strpos($httpstatus,'200 OK')!==false) - { + list($headers, $data) = get_http_url($url, 5); + if (strpos($headers[0], '200 OK') !== false) { // Extract the link to the thumbnail preg_match('!