X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=8eb36d81a766831ca9e189a53f83267feee72eb3;hb=b848615c52660f9e3173ab7eedab29af0c49a4fc;hp=25e37b32bed95d270260aa76ac7c9b4dcfadafc3;hpb=cbfdcff2615e901bdc434d06f38a3da8eecbdf8b;p=github%2Fshaarli%2FShaarli.git
diff --git a/index.php b/index.php
index 25e37b32..8eb36d81 100644
--- a/index.php
+++ b/index.php
@@ -1,6 +1,6 @@
/shaarli/
define('WEB_PATH', substr($_SERVER['REQUEST_URI'], 0, 1+strrpos($_SERVER['REQUEST_URI'], '/', 0)));
@@ -79,10 +79,11 @@ require_once 'application/Utils.php';
require_once 'application/PluginManager.php';
require_once 'application/Router.php';
require_once 'application/Updater.php';
+use \Shaarli\ThemeUtils;
// Ensure the PHP version is supported
try {
- ApplicationUtils::checkPHPVersion('5.3', PHP_VERSION);
+ ApplicationUtils::checkPHPVersion('5.5', PHP_VERSION);
} catch(Exception $exc) {
header('Content-Type: text/plain; charset=utf-8');
echo $exc->getMessage();
@@ -122,7 +123,7 @@ if (isset($_COOKIE['shaarli']) && !is_session_id_valid($_COOKIE['shaarli'])) {
$conf = new ConfigManager();
$conf->setEmpty('general.timezone', date_default_timezone_get());
$conf->setEmpty('general.title', 'Shared links on '. escape(index_url($_SERVER)));
-RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl'); // template directory
+RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory
RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory
$pluginManager = new PluginManager($conf);
@@ -175,7 +176,6 @@ define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['R
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']);
}
-header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling.
/**
* Checking session state (i.e. is the user still logged in)
@@ -204,7 +204,7 @@ function setup_login_state($conf)
}
// If session does not exist on server side, or IP address has changed, or session has expired, logout.
if (empty($_SESSION['uid'])
- || ($conf->get('security.session_protection_disabled') == false && $_SESSION['ip'] != allIPs())
+ || ($conf->get('security.session_protection_disabled') === false && $_SESSION['ip'] != allIPs())
|| time() >= $_SESSION['expires_on'])
{
logout();
@@ -618,7 +618,7 @@ function showDailyRSS($conf) {
$tpl->assign('links', $links);
$tpl->assign('rssdate', escape($dayDate->format(DateTime::RSS)));
$tpl->assign('hide_timestamps', $conf->get('privacy.hide_timestamps', false));
- $html = $tpl->draw('dailyrss', $return_string=true);
+ $html = $tpl->draw('dailyrss', true);
echo $html . PHP_EOL;
}
@@ -731,17 +731,10 @@ function showLinkList($PAGE, $LINKSDB, $conf, $pluginManager) {
*
* @param ConfigManager $conf Configuration Manager instance.
* @param PluginManager $pluginManager Plugin Manager instance,
+ * @param LinkDB $LINKSDB
*/
-function renderPage($conf, $pluginManager)
+function renderPage($conf, $pluginManager, $LINKSDB)
{
- $LINKSDB = new LinkDB(
- $conf->get('resource.datastore'),
- isLoggedIn(),
- $conf->get('privacy.hide_public_links'),
- $conf->get('redirector.url'),
- $conf->get('redirector.encode_url')
- );
-
$updater = new Updater(
read_updates_file($conf->get('resource.updates')),
$LINKSDB,
@@ -918,10 +911,6 @@ function renderPage($conf, $pluginManager)
$feedGenerator->setLocale(strtolower(setlocale(LC_COLLATE, 0)));
$feedGenerator->setHideDates($conf->get('privacy.hide_timestamps') && !isLoggedIn());
$feedGenerator->setUsePermalinks(isset($_GET['permalinks']) || !$conf->get('feed.rss_permalinks'));
- $pshUrl = $conf->get('config.PUBSUBHUB_URL');
- if (!empty($pshUrl)) {
- $feedGenerator->setPubsubhubUrl($pshUrl);
- }
$data = $feedGenerator->buildData();
// Process plugin hook.
@@ -938,7 +927,7 @@ function renderPage($conf, $pluginManager)
exit;
}
- // Display openseach plugin (XML)
+ // Display opensearch plugin (XML)
if ($targetPage == Router::$PAGE_OPENSEARCH) {
header('Content-Type: application/xml; charset=utf-8');
$PAGE->assign('serverurl', index_url($_SERVER));
@@ -1023,7 +1012,12 @@ function renderPage($conf, $pluginManager)
$_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage']));
}
- header('Location: '. generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('linksperpage')));
+ if (! empty($_SERVER['HTTP_REFERER'])) {
+ $location = generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('linksperpage'));
+ } else {
+ $location = '?';
+ }
+ header('Location: '. $location);
exit;
}
@@ -1035,7 +1029,12 @@ function renderPage($conf, $pluginManager)
unset($_SESSION['privateonly']); // See all links
}
- header('Location: '. generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('privateonly')));
+ if (! empty($_SERVER['HTTP_REFERER'])) {
+ $location = generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('privateonly'));
+ } else {
+ $location = '?';
+ }
+ header('Location: '. $location);
exit;
}
@@ -1136,6 +1135,7 @@ function renderPage($conf, $pluginManager)
$conf->set('general.timezone', $tz);
$conf->set('general.title', escape($_POST['title']));
$conf->set('general.header_link', escape($_POST['titleLink']));
+ $conf->set('resource.theme', escape($_POST['theme']));
$conf->set('redirector.url', escape($_POST['redirector']));
$conf->set('security.session_protection_disabled', !empty($_POST['disablesessionprotection']));
$conf->set('privacy.default_private_links', !empty($_POST['privateLinkByDefault']));
@@ -1146,6 +1146,7 @@ function renderPage($conf, $pluginManager)
$conf->set('api.secret', escape($_POST['apiSecret']));
try {
$conf->write(isLoggedIn());
+ invalidateCaches($conf->get('resource.page_cache'));
}
catch(Exception $e) {
error_log(
@@ -1163,6 +1164,8 @@ function renderPage($conf, $pluginManager)
else // Show the configuration form.
{
$PAGE->assign('title', $conf->get('general.title'));
+ $PAGE->assign('theme', $conf->get('resource.theme'));
+ $PAGE->assign('theme_available', ThemeUtils::getThemes($conf->get('resource.raintpl_tpl')));
$PAGE->assign('redirector', $conf->get('redirector.url'));
list($timezone_form, $timezone_js) = generateTimeZoneForm($conf->get('general.timezone'));
$PAGE->assign('timezone_form', $timezone_form);
@@ -1205,7 +1208,7 @@ function renderPage($conf, $pluginManager)
$LINKSDB[$key]=$value;
}
$LINKSDB->save($conf->get('resource.page_cache'));
- echo '';
+ echo '';
exit;
}
@@ -1214,15 +1217,15 @@ function renderPage($conf, $pluginManager)
$needle = trim($_POST['fromtag']);
// True for case-sensitive tag search.
$linksToAlter = $LINKSDB->filterSearch(array('searchtags' => $needle), true);
- foreach($linksToAlter as $key=>$value)
- {
- $tags = explode(' ',trim($value['tags']));
- $tags[array_search($needle,$tags)] = trim($_POST['totag']); // Replace tags value.
- $value['tags']=trim(implode(' ',$tags));
- $LINKSDB[$key]=$value;
+ foreach($linksToAlter as $key=>$value) {
+ $tags = preg_split('/\s+/', trim($value['tags']));
+ // Replace tags value.
+ $tags[array_search($needle, $tags)] = trim($_POST['totag']);
+ $value['tags'] = implode(' ', array_unique($tags));
+ $LINKSDB[$key] = $value;
}
$LINKSDB->save($conf->get('resource.page_cache')); // Save to disk.
- echo '';
+ echo '';
exit;
}
}
@@ -1253,10 +1256,12 @@ function renderPage($conf, $pluginManager)
// Edit
$created = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $linkdate);
$updated = new DateTime();
+ $shortUrl = $LINKSDB[$id]['shorturl'];
} else {
// New link
$created = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $linkdate);
$updated = null;
+ $shortUrl = link_small_hash($created, $id);
}
// Remove multiple spaces.
@@ -1283,7 +1288,7 @@ function renderPage($conf, $pluginManager)
'created' => $created,
'updated' => $updated,
'tags' => str_replace(',', ' ', $tags),
- 'shorturl' => link_small_hash($created, $id),
+ 'shorturl' => $shortUrl,
);
// If title is empty, use the URL as title.
@@ -1295,7 +1300,6 @@ function renderPage($conf, $pluginManager)
$LINKSDB[$id] = $link;
$LINKSDB->save($conf->get('resource.page_cache'));
- pubsubhub($conf);
// If we are called from the bookmarklet, we must close the popup:
if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) {
@@ -1327,49 +1331,33 @@ function renderPage($conf, $pluginManager)
}
// -------- User clicked the "Delete" button when editing a link: Delete link from database.
- if (isset($_POST['delete_link']))
+ if ($targetPage == Router::$PAGE_DELETELINK)
{
- if (!tokenOk($_POST['token'])) die('Wrong token.');
-
// We do not need to ask for confirmation:
// - confirmation is handled by JavaScript
// - we are protected from XSRF by the token.
- // FIXME! We keep `lf_linkdate` for consistency before a proper API. To be removed.
- $id = isset($_POST['lf_id']) ? intval(escape($_POST['lf_id'])) : intval(escape($_POST['lf_linkdate']));
-
- $pluginManager->executeHooks('delete_link', $LINKSDB[$id]);
+ if (! tokenOk($_GET['token'])) {
+ die('Wrong token.');
+ }
+ $id = intval(escape($_GET['lf_linkdate']));
+ $link = $LINKSDB[$id];
+ $pluginManager->executeHooks('delete_link', $link);
unset($LINKSDB[$id]);
- $LINKSDB->save('resource.page_cache'); // save to disk
+ $LINKSDB->save($conf->get('resource.page_cache')); // save to disk
// If we are called from the bookmarklet, we must close the popup:
if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo ''; exit; }
- // Pick where we're going to redirect
- // =============================================================
- // Basically, we can't redirect to where we were previously if it was a permalink
- // or an edit_link, because it would 404.
- // Cases:
- // - / : nothing in $_GET, redirect to self
- // - /?page : redirect to self
- // - /?searchterm : redirect to self (there might be other links)
- // - /?searchtags : redirect to self
- // - /permalink : redirect to / (the link does not exist anymore)
- // - /?edit_link : redirect to / (the link does not exist anymore)
- // PHP treats the permalink as a $_GET variable, so we need to check if every condition for self
- // redirect is not satisfied, and only then redirect to /
- $location = "?";
- // Self redirection
- if (count($_GET) == 0
- || isset($_GET['page'])
- || isset($_GET['searchterm'])
- || isset($_GET['searchtags'])
- ) {
- if (isset($_POST['returnurl'])) {
- $location = $_POST['returnurl']; // Handle redirects given by the form
- } else {
- $location = generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('delete_link'));
- }
+
+ $location = '?';
+ if (isset($_SERVER['HTTP_REFERER'])) {
+ // Don't redirect to where we were previously if it was a permalink or an edit_link, because it would 404.
+ $location = generateLocation(
+ $_SERVER['HTTP_REFERER'],
+ $_SERVER['HTTP_HOST'],
+ ['delete_link', 'edit_link', $link['shorturl']]
+ );
}
header('Location: ' . $location); // After deleting the link, redirect to appropriate location
@@ -1612,8 +1600,8 @@ function renderPage($conf, $pluginManager)
function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
{
// Used in templates
- $searchtags = !empty($_GET['searchtags']) ? escape($_GET['searchtags']) : '';
- $searchterm = !empty($_GET['searchterm']) ? escape($_GET['searchterm']) : '';
+ $searchtags = !empty($_GET['searchtags']) ? escape(normalize_spaces($_GET['searchtags'])) : '';
+ $searchterm = !empty($_GET['searchterm']) ? escape(normalize_spaces($_GET['searchterm'])) : '';
// Smallhash filter
if (! empty($_SERVER['QUERY_STRING'])
@@ -1626,8 +1614,8 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
}
} else {
// Filter links according search parameters.
- $privateonly = !empty($_SESSION['privateonly']);
- $linksToDisplay = $LINKSDB->filterSearch($_GET, false, $privateonly);
+ $visibility = ! empty($_SESSION['privateonly']) ? 'private' : 'all';
+ $linksToDisplay = $LINKSDB->filterSearch($_GET, false, $visibility);
}
// ---- Handle paging.
@@ -1660,7 +1648,7 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
} else {
$link['updated_timestamp'] = '';
}
- $taglist = explode(' ', $link['tags']);
+ $taglist = preg_split('/\s+/', $link['tags'], -1, PREG_SPLIT_NO_EMPTY);
uasort($taglist, 'strcasecmp');
$link['taglist'] = $taglist;
// Check for both signs of a note: starting with ? and 7 chars long.
@@ -1960,8 +1948,8 @@ function install($conf)
$conf->set(
'api.secret',
generate_api_secret(
- $this->conf->get('credentials.login'),
- $this->conf->get('credentials.salt')
+ $conf->get('credentials.login'),
+ $conf->get('credentials.salt')
)
);
try {
@@ -2226,4 +2214,34 @@ if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=
if (!isset($_SESSION['LINKS_PER_PAGE'])) {
$_SESSION['LINKS_PER_PAGE'] = $conf->get('general.links_per_page', 20);
}
-renderPage($conf, $pluginManager);
+
+$linkDb = new LinkDB(
+ $conf->get('resource.datastore'),
+ isLoggedIn(),
+ $conf->get('privacy.hide_public_links'),
+ $conf->get('redirector.url'),
+ $conf->get('redirector.encode_url')
+);
+
+$container = new \Slim\Container();
+$container['conf'] = $conf;
+$container['plugins'] = $pluginManager;
+$app = new \Slim\App($container);
+
+// REST API routes
+$app->group('/api/v1', function() {
+ $this->get('/info', '\Shaarli\Api\Controllers\Info:getInfo');
+ $this->get('/links', '\Shaarli\Api\Controllers\Links:getLinks');
+ $this->get('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:getLink');
+})->add('\Shaarli\Api\ApiMiddleware');
+
+$response = $app->run(true);
+// Hack to make Slim and Shaarli router work together:
+// If a Slim route isn't found and NOT API call, we call renderPage().
+if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) {
+ // We use UTF-8 for proper international characters handling.
+ header('Content-Type: text/html; charset=utf-8');
+ renderPage($conf, $pluginManager, $linkDb);
+} else {
+ $app->respond($response);
+}