X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=6d3fbd39616926a7c9a48659399ff3ce908d67f9;hb=d1e2f8e52c931f84c11d4f54f32959710d528182;hp=2b1426e90ed15086563eed486c1639f135062de0;hpb=f3b8f9f0f80a05739756fb05cbec403011c46607;p=github%2Fshaarli%2FShaarli.git diff --git a/index.php b/index.php index 2b1426e9..6d3fbd39 100644 --- a/index.php +++ b/index.php @@ -3,7 +3,7 @@ // The personal, minimalist, super-fast, no-database Delicious clone. By sebsauvage.net // http://sebsauvage.net/wiki/doku.php?id=php:shaarli // Licence: http://www.opensource.org/licenses/zlib-license.php -// Requires: PHP 5.1.x (but autocomplete fields will only work if you have PHP 5.2.x) +// Requires: PHP 5.3.x // ----------------------------------------------------------------------------------------------- // NEVER TRUST IN PHP.INI // Some hosts do not define a default timezone in php.ini, @@ -59,15 +59,29 @@ ini_set('max_input_time','60'); // High execution time in case of problematic i ini_set('memory_limit', '128M'); // Try to set max upload file size and read (May not work on some hosts). ini_set('post_max_size', '16M'); ini_set('upload_max_filesize', '16M'); -checkphpversion(); error_reporting(E_ALL^E_WARNING); // See all error except warnings. //error_reporting(-1); // See all errors (for debugging only) +// User configuration +if (is_file($GLOBALS['config']['CONFIG_FILE'])) { + require_once $GLOBALS['config']['CONFIG_FILE']; +} + // Shaarli library require_once 'application/LinkDB.php'; +require_once 'application/TimeZone.php'; require_once 'application/Utils.php'; require_once 'application/Config.php'; +// Ensure the PHP version is supported +try { + checkPHPVersion('5.3', PHP_VERSION); +} catch(Exception $e) { + header('Content-Type: text/plain; charset=utf-8'); + echo $e->getMessage(); + exit; +} + include "inc/rain.tpl.class.php"; //include Rain TPL raintpl::$tpl_dir = $GLOBALS['config']['RAINTPL_TPL']; // template directory raintpl::$cache_dir = $GLOBALS['config']['RAINTPL_TMP']; // cache directory @@ -103,9 +117,10 @@ if (empty($GLOBALS['titleLink'])) $GLOBALS['titleLink']='?'; // I really need to rewrite Shaarli with a proper configuation manager. // Run config screen if first run: -if (!is_file($GLOBALS['config']['CONFIG_FILE'])) install(); +if (! is_file($GLOBALS['config']['CONFIG_FILE'])) { + install(); +} -require $GLOBALS['config']['CONFIG_FILE']; // Read login/password hash into $GLOBALS. $GLOBALS['title'] = !empty($GLOBALS['title']) ? escape($GLOBALS['title']) : ''; $GLOBALS['titleLink'] = !empty($GLOBALS['titleLink']) ? escape($GLOBALS['titleLink']) : ''; $GLOBALS['redirector'] = !empty($GLOBALS['redirector']) ? escape($GLOBALS['redirector']) : ''; @@ -158,21 +173,7 @@ function setup_login_state() { return $userIsLoggedIn; } -//================================================================================================== $userIsLoggedIn = setup_login_state(); -//================================================================================================== -//================================================================================================== - -// Check PHP version -function checkphpversion() -{ - if (version_compare(PHP_VERSION, '5.1.0') < 0) - { - header('Content-Type: text/plain; charset=utf-8'); - echo 'Your PHP version is obsolete! Shaarli requires at least php 5.1.0, and thus cannot run. Sorry. Your PHP version has known security vulnerabilities and should be updated as soon as possible.'; - exit; - } -} // Checks if an update is available for Shaarli. // (at most once a day, and only for registered user.) @@ -976,7 +977,7 @@ function showDaily() $linksToDisplay = $LINKSDB->filterDay($day); } catch (Exception $exc) { error_log($exc); - $linksToDisplay = []; + $linksToDisplay = array(); } // We pre-format some fields for proper output. @@ -1114,9 +1115,18 @@ function renderPage() if (empty($_SERVER['HTTP_REFERER'])) { header('Location: ?searchtags='.urlencode($_GET['addtag'])); exit; } // In case browser does not send HTTP_REFERER parse_str(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_QUERY), $params); + // Prevent redirection loop + if (isset($params['addtag'])) { + unset($params['addtag']); + } + // Check if this tag is already in the search query and ignore it if it is. // Each tag is always separated by a space - $current_tags = explode(' ', $params['searchtags']); + if (isset($params['searchtags'])) { + $current_tags = explode(' ', $params['searchtags']); + } else { + $current_tags = array(); + } $addtag = true; foreach ($current_tags as $value) { if ($value === $_GET['addtag']) { @@ -1138,16 +1148,29 @@ function renderPage() } // -------- User clicks on a tag in result count: Remove the tag from the list of searched tags (searchtags=...) - if (isset($_GET['removetag'])) - { + if (isset($_GET['removetag'])) { // Get previous URL (http_referer) and remove the tag from the searchtags parameters in query. - if (empty($_SERVER['HTTP_REFERER'])) { header('Location: ?'); exit; } // In case browser does not send HTTP_REFERER - parse_str(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_QUERY), $params); - if (isset($params['searchtags'])) - { + if (empty($_SERVER['HTTP_REFERER'])) { + header('Location: ?'); + exit; + } + + // In case browser does not send HTTP_REFERER + parse_str(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY), $params); + + // Prevent redirection loop + if (isset($params['removetag'])) { + unset($params['removetag']); + } + + if (isset($params['searchtags'])) { $tags = explode(' ',$params['searchtags']); $tags=array_diff($tags, array($_GET['removetag'])); // Remove value from array $tags. - if (count($tags)==0) unset($params['searchtags']); else $params['searchtags'] = implode(' ',$tags); + if (count($tags)==0) { + unset($params['searchtags']); + } else { + $params['searchtags'] = implode(' ',$tags); + } unset($params['page']); // We also remove page (keeping the same page has no sense, since the results are different) } header('Location: ?'.http_build_query($params)); @@ -1155,33 +1178,24 @@ function renderPage() } // -------- User wants to change the number of links per page (linksperpage=...) - if (isset($_GET['linksperpage'])) - { - if (is_numeric($_GET['linksperpage'])) { $_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage'])); } - // Make sure the referrer is Shaarli itself. - $referer = '?'; - if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0) - $referer = $_SERVER['HTTP_REFERER']; - header('Location: '.$referer); + if (isset($_GET['linksperpage'])) { + if (is_numeric($_GET['linksperpage'])) { + $_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage'])); + } + + header('Location: '. generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('linksperpage'))); exit; } // -------- User wants to see only private links (toggle) - if (isset($_GET['privateonly'])) - { - if (empty($_SESSION['privateonly'])) - { - $_SESSION['privateonly']=1; // See only private links - } - else - { + if (isset($_GET['privateonly'])) { + if (empty($_SESSION['privateonly'])) { + $_SESSION['privateonly'] = 1; // See only private links + } else { unset($_SESSION['privateonly']); // See all links } - // Make sure the referrer is Shaarli itself. - $referer = '?'; - if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0) - $referer = $_SERVER['HTTP_REFERER']; - header('Location: '.$referer); + + header('Location: '. generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('privateonly'))); exit; } @@ -1269,7 +1283,7 @@ function renderPage() if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away! $tz = 'UTC'; if (!empty($_POST['continent']) && !empty($_POST['city'])) - if (isTZvalid($_POST['continent'],$_POST['city'])) + if (isTimeZoneValid($_POST['continent'],$_POST['city'])) $tz = $_POST['continent'].'/'.$_POST['city']; $GLOBALS['timezone'] = $tz; $GLOBALS['title']=$_POST['title']; @@ -1303,8 +1317,8 @@ function renderPage() $PAGE->assign('token',getToken()); $PAGE->assign('title', empty($GLOBALS['title']) ? '' : $GLOBALS['title'] ); $PAGE->assign('redirector', empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector'] ); - list($timezone_form,$timezone_js) = templateTZform($GLOBALS['timezone']); - $PAGE->assign('timezone_form',$timezone_form); // FIXME: Put entire tz form generation in template? + list($timezone_form, $timezone_js) = generateTimeZoneForm($GLOBALS['timezone']); + $PAGE->assign('timezone_form', $timezone_form); $PAGE->assign('timezone_js',$timezone_js); $PAGE->renderPage('configure'); exit; @@ -1374,6 +1388,7 @@ function renderPage() { if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away! $tags = trim(preg_replace('/\s\s+/',' ', $_POST['lf_tags'])); // Remove multiple spaces. + $tags = implode(' ', array_unique(explode(' ', $tags))); // Remove duplicates. $linkdate=$_POST['lf_linkdate']; $url = trim($_POST['lf_url']); if (!startsWith($url,'http:') && !startsWith($url,'https:') && !startsWith($url,'ftp:') && !startsWith($url,'magnet:') && !startsWith($url,'?') && !startsWith($url,'javascript:')) @@ -1387,10 +1402,10 @@ function renderPage() // If we are called from the bookmarklet, we must close the popup: if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo ''; exit; } - $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' ); - $returnurl .= '#'.smallHash($linkdate); // Scroll to the link which has been edited. - if (strstr($returnurl, "do=addlink")) { $returnurl = '?'; } //if we come from ?do=addlink, set returnurl to homepage instead - header('Location: '.$returnurl); // After saving the link, redirect to the page the user was on. + $returnurl = ( !empty($_POST['returnurl']) ? escape($_POST['returnurl']) : '?' ); + $returnurl .= '#'.smallHash($_POST['lf_linkdate']); // Scroll to the link which has been edited. + $location = generateLocation($returnurl, $_SERVER['HTTP_HOST'], array('addlink', 'post', 'edit_link')); + header('Location: '. $location); // After saving the link, redirect to the page the user was on. exit; } @@ -1401,6 +1416,7 @@ function renderPage() if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo ''; exit; } $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' ); $returnurl .= '#'.smallHash($_POST['lf_linkdate']); // Scroll to the link which has been edited. + $returnurl = generateLocation($returnurl, $_SERVER['HTTP_HOST'], array('addlink', 'post', 'edit_link')); header('Location: '.$returnurl); // After canceling, redirect to the page the user was on. exit; } @@ -1433,18 +1449,15 @@ function renderPage() // redirect is not satisfied, and only then redirect to / $location = "?"; // Self redirection - if (count($_GET) == 0 || - isset($_GET['page']) || - isset($_GET['searchterm']) || - isset($_GET['searchtags'])) { - + if (count($_GET) == 0 + || isset($_GET['page']) + || isset($_GET['searchterm']) + || isset($_GET['searchtags']) + ) { if (isset($_POST['returnurl'])) { $location = $_POST['returnurl']; // Handle redirects given by the form - } - - if ($location === "?" && - isset($_SERVER['HTTP_REFERER'])) { // Handle HTTP_REFERER in case we're not coming from the same place. - $location = $_SERVER['HTTP_REFERER']; + } else { + $location = generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('delete_link')); } } @@ -1745,7 +1758,7 @@ function buildLinkList($PAGE,$LINKSDB) { header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found"); echo '