X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=77857d27d942affb0d2849b82ecce86573a5b936;hb=6c7d68645409cfad3858b5f252f5a49b148e3b53;hp=a970e29fe86b06d55601bde083b1debacb5263b5;hpb=465b1c4090c4a83f11b2bb30405037fb0aa4cf8c;p=github%2Fshaarli%2FShaarli.git
diff --git a/index.php b/index.php
index a970e29f..77857d27 100644
--- a/index.php
+++ b/index.php
@@ -1,6 +1,6 @@
/shaarli/
define('WEB_PATH', substr($_SERVER['REQUEST_URI'], 0, 1+strrpos($_SERVER['REQUEST_URI'], '/', 0)));
@@ -62,8 +62,6 @@ require_once __DIR__ . '/vendor/autoload.php';
require_once 'application/ApplicationUtils.php';
require_once 'application/Cache.php';
require_once 'application/CachedPage.php';
-require_once 'application/config/ConfigManager.php';
-require_once 'application/config/ConfigPlugin.php';
require_once 'application/FeedBuilder.php';
require_once 'application/FileUtils.php';
require_once 'application/HttpUtils.php';
@@ -79,10 +77,12 @@ require_once 'application/Utils.php';
require_once 'application/PluginManager.php';
require_once 'application/Router.php';
require_once 'application/Updater.php';
+use \Shaarli\ThemeUtils;
+use \Shaarli\Config\ConfigManager;
// Ensure the PHP version is supported
try {
- ApplicationUtils::checkPHPVersion('5.3', PHP_VERSION);
+ ApplicationUtils::checkPHPVersion('5.5', PHP_VERSION);
} catch(Exception $exc) {
header('Content-Type: text/plain; charset=utf-8');
echo $exc->getMessage();
@@ -122,7 +122,7 @@ if (isset($_COOKIE['shaarli']) && !is_session_id_valid($_COOKIE['shaarli'])) {
$conf = new ConfigManager();
$conf->setEmpty('general.timezone', date_default_timezone_get());
$conf->setEmpty('general.title', 'Shared links on '. escape(index_url($_SERVER)));
-RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl'); // template directory
+RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory
RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory
$pluginManager = new PluginManager($conf);
@@ -203,7 +203,7 @@ function setup_login_state($conf)
}
// If session does not exist on server side, or IP address has changed, or session has expired, logout.
if (empty($_SESSION['uid'])
- || ($conf->get('security.session_protection_disabled') == false && $_SESSION['ip'] != allIPs())
+ || ($conf->get('security.session_protection_disabled') === false && $_SESSION['ip'] != allIPs())
|| time() >= $_SESSION['expires_on'])
{
logout();
@@ -617,7 +617,7 @@ function showDailyRSS($conf) {
$tpl->assign('links', $links);
$tpl->assign('rssdate', escape($dayDate->format(DateTime::RSS)));
$tpl->assign('hide_timestamps', $conf->get('privacy.hide_timestamps', false));
- $html = $tpl->draw('dailyrss', $return_string=true);
+ $html = $tpl->draw('dailyrss', true);
echo $html . PHP_EOL;
}
@@ -1011,7 +1011,12 @@ function renderPage($conf, $pluginManager, $LINKSDB)
$_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage']));
}
- header('Location: '. generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('linksperpage')));
+ if (! empty($_SERVER['HTTP_REFERER'])) {
+ $location = generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('linksperpage'));
+ } else {
+ $location = '?';
+ }
+ header('Location: '. $location);
exit;
}
@@ -1023,7 +1028,12 @@ function renderPage($conf, $pluginManager, $LINKSDB)
unset($_SESSION['privateonly']); // See all links
}
- header('Location: '. generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('privateonly')));
+ if (! empty($_SERVER['HTTP_REFERER'])) {
+ $location = generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('privateonly'));
+ } else {
+ $location = '?';
+ }
+ header('Location: '. $location);
exit;
}
@@ -1124,6 +1134,7 @@ function renderPage($conf, $pluginManager, $LINKSDB)
$conf->set('general.timezone', $tz);
$conf->set('general.title', escape($_POST['title']));
$conf->set('general.header_link', escape($_POST['titleLink']));
+ $conf->set('resource.theme', escape($_POST['theme']));
$conf->set('redirector.url', escape($_POST['redirector']));
$conf->set('security.session_protection_disabled', !empty($_POST['disablesessionprotection']));
$conf->set('privacy.default_private_links', !empty($_POST['privateLinkByDefault']));
@@ -1134,6 +1145,7 @@ function renderPage($conf, $pluginManager, $LINKSDB)
$conf->set('api.secret', escape($_POST['apiSecret']));
try {
$conf->write(isLoggedIn());
+ invalidateCaches($conf->get('resource.page_cache'));
}
catch(Exception $e) {
error_log(
@@ -1151,6 +1163,8 @@ function renderPage($conf, $pluginManager, $LINKSDB)
else // Show the configuration form.
{
$PAGE->assign('title', $conf->get('general.title'));
+ $PAGE->assign('theme', $conf->get('resource.theme'));
+ $PAGE->assign('theme_available', ThemeUtils::getThemes($conf->get('resource.raintpl_tpl')));
$PAGE->assign('redirector', $conf->get('redirector.url'));
list($timezone_form, $timezone_js) = generateTimeZoneForm($conf->get('general.timezone'));
$PAGE->assign('timezone_form', $timezone_form);
@@ -1193,7 +1207,7 @@ function renderPage($conf, $pluginManager, $LINKSDB)
$LINKSDB[$key]=$value;
}
$LINKSDB->save($conf->get('resource.page_cache'));
- echo '';
+ echo '';
exit;
}
@@ -1202,15 +1216,15 @@ function renderPage($conf, $pluginManager, $LINKSDB)
$needle = trim($_POST['fromtag']);
// True for case-sensitive tag search.
$linksToAlter = $LINKSDB->filterSearch(array('searchtags' => $needle), true);
- foreach($linksToAlter as $key=>$value)
- {
- $tags = explode(' ',trim($value['tags']));
- $tags[array_search($needle,$tags)] = trim($_POST['totag']); // Replace tags value.
- $value['tags']=trim(implode(' ',$tags));
- $LINKSDB[$key]=$value;
+ foreach($linksToAlter as $key=>$value) {
+ $tags = preg_split('/\s+/', trim($value['tags']));
+ // Replace tags value.
+ $tags[array_search($needle, $tags)] = trim($_POST['totag']);
+ $value['tags'] = implode(' ', array_unique($tags));
+ $LINKSDB[$key] = $value;
}
$LINKSDB->save($conf->get('resource.page_cache')); // Save to disk.
- echo '';
+ echo '';
exit;
}
}
@@ -1316,49 +1330,33 @@ function renderPage($conf, $pluginManager, $LINKSDB)
}
// -------- User clicked the "Delete" button when editing a link: Delete link from database.
- if (isset($_POST['delete_link']))
+ if ($targetPage == Router::$PAGE_DELETELINK)
{
- if (!tokenOk($_POST['token'])) die('Wrong token.');
-
// We do not need to ask for confirmation:
// - confirmation is handled by JavaScript
// - we are protected from XSRF by the token.
- // FIXME! We keep `lf_linkdate` for consistency before a proper API. To be removed.
- $id = isset($_POST['lf_id']) ? intval(escape($_POST['lf_id'])) : intval(escape($_POST['lf_linkdate']));
-
- $pluginManager->executeHooks('delete_link', $LINKSDB[$id]);
+ if (! tokenOk($_GET['token'])) {
+ die('Wrong token.');
+ }
+ $id = intval(escape($_GET['lf_linkdate']));
+ $link = $LINKSDB[$id];
+ $pluginManager->executeHooks('delete_link', $link);
unset($LINKSDB[$id]);
- $LINKSDB->save('resource.page_cache'); // save to disk
+ $LINKSDB->save($conf->get('resource.page_cache')); // save to disk
// If we are called from the bookmarklet, we must close the popup:
if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo ''; exit; }
- // Pick where we're going to redirect
- // =============================================================
- // Basically, we can't redirect to where we were previously if it was a permalink
- // or an edit_link, because it would 404.
- // Cases:
- // - / : nothing in $_GET, redirect to self
- // - /?page : redirect to self
- // - /?searchterm : redirect to self (there might be other links)
- // - /?searchtags : redirect to self
- // - /permalink : redirect to / (the link does not exist anymore)
- // - /?edit_link : redirect to / (the link does not exist anymore)
- // PHP treats the permalink as a $_GET variable, so we need to check if every condition for self
- // redirect is not satisfied, and only then redirect to /
- $location = "?";
- // Self redirection
- if (count($_GET) == 0
- || isset($_GET['page'])
- || isset($_GET['searchterm'])
- || isset($_GET['searchtags'])
- ) {
- if (isset($_POST['returnurl'])) {
- $location = $_POST['returnurl']; // Handle redirects given by the form
- } else {
- $location = generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('delete_link'));
- }
+
+ $location = '?';
+ if (isset($_SERVER['HTTP_REFERER'])) {
+ // Don't redirect to where we were previously if it was a permalink or an edit_link, because it would 404.
+ $location = generateLocation(
+ $_SERVER['HTTP_REFERER'],
+ $_SERVER['HTTP_HOST'],
+ ['delete_link', 'edit_link', $link['shorturl']]
+ );
}
header('Location: ' . $location); // After deleting the link, redirect to appropriate location
@@ -1601,8 +1599,8 @@ function renderPage($conf, $pluginManager, $LINKSDB)
function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
{
// Used in templates
- $searchtags = !empty($_GET['searchtags']) ? escape($_GET['searchtags']) : '';
- $searchterm = !empty($_GET['searchterm']) ? escape($_GET['searchterm']) : '';
+ $searchtags = !empty($_GET['searchtags']) ? escape(normalize_spaces($_GET['searchtags'])) : '';
+ $searchterm = !empty($_GET['searchterm']) ? escape(normalize_spaces($_GET['searchterm'])) : '';
// Smallhash filter
if (! empty($_SERVER['QUERY_STRING'])
@@ -1615,8 +1613,8 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
}
} else {
// Filter links according search parameters.
- $privateonly = !empty($_SESSION['privateonly']);
- $linksToDisplay = $LINKSDB->filterSearch($_GET, false, $privateonly);
+ $visibility = ! empty($_SESSION['privateonly']) ? 'private' : 'all';
+ $linksToDisplay = $LINKSDB->filterSearch($_GET, false, $visibility);
}
// ---- Handle paging.
@@ -1649,7 +1647,7 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
} else {
$link['updated_timestamp'] = '';
}
- $taglist = explode(' ', $link['tags']);
+ $taglist = preg_split('/\s+/', $link['tags'], -1, PREG_SPLIT_NO_EMPTY);
uasort($taglist, 'strcasecmp');
$link['taglist'] = $taglist;
// Check for both signs of a note: starting with ? and 7 chars long.
@@ -1949,8 +1947,8 @@ function install($conf)
$conf->set(
'api.secret',
generate_api_secret(
- $this->conf->get('credentials.login'),
- $this->conf->get('credentials.salt')
+ $conf->get('credentials.login'),
+ $conf->get('credentials.salt')
)
);
try {
@@ -2232,12 +2230,14 @@ $app = new \Slim\App($container);
// REST API routes
$app->group('/api/v1', function() {
$this->get('/info', '\Shaarli\Api\Controllers\Info:getInfo');
+ $this->get('/links', '\Shaarli\Api\Controllers\Links:getLinks');
+ $this->get('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:getLink');
})->add('\Shaarli\Api\ApiMiddleware');
$response = $app->run(true);
// Hack to make Slim and Shaarli router work together:
-// If a Slim route isn't found, we call renderPage().
-if ($response->getStatusCode() == 404) {
+// If a Slim route isn't found and NOT API call, we call renderPage().
+if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) {
// We use UTF-8 for proper international characters handling.
header('Content-Type: text/html; charset=utf-8');
renderPage($conf, $pluginManager, $linkDb);