X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=b4d9395f8cce11cbb961e0e987358c9d517e7535;hb=1e57f90200c14d0143cd17529cbc0e7dc29f8061;hp=0a64ca2188aa544ee6389c47a1131bf3d7225967;hpb=c07e166aa265184db16e8c82ce18a98596cfb3c9;p=github%2Fshaarli%2FShaarli.git
diff --git a/index.php b/index.php
index 0a64ca21..b4d9395f 100644
--- a/index.php
+++ b/index.php
@@ -44,6 +44,9 @@ $GLOBALS['config']['DATASTORE'] = $GLOBALS['config']['DATADIR'].'/datastore.php'
// Banned IPs
$GLOBALS['config']['IPBANS_FILENAME'] = $GLOBALS['config']['DATADIR'].'/ipbans.php';
+// Access log
+$GLOBALS['config']['LOG_FILE'] = $GLOBALS['config']['DATADIR'].'/log.txt';
+
// For updates check of Shaarli
$GLOBALS['config']['UPDATECHECK_FILENAME'] = $GLOBALS['config']['DATADIR'].'/lastupdatecheck.txt';
@@ -52,7 +55,7 @@ $GLOBALS['config']['RAINTPL_TMP'] = 'tmp/';
// Raintpl template directory (keep the trailing slash!)
$GLOBALS['config']['RAINTPL_TPL'] = 'tpl/';
-// Thuumbnail cache directory
+// Thumbnail cache directory
$GLOBALS['config']['CACHEDIR'] = 'cache';
// Atom & RSS feed cache directory
@@ -141,8 +144,10 @@ if (is_file($GLOBALS['config']['CONFIG_FILE'])) {
}
// Shaarli library
+require_once 'application/ApplicationUtils.php';
require_once 'application/Cache.php';
require_once 'application/CachedPage.php';
+require_once 'application/FileUtils.php';
require_once 'application/HttpUtils.php';
require_once 'application/LinkDB.php';
require_once 'application/TimeZone.php';
@@ -154,10 +159,10 @@ require_once 'application/Router.php';
// Ensure the PHP version is supported
try {
- checkPHPVersion('5.3', PHP_VERSION);
-} catch(Exception $e) {
+ ApplicationUtils::checkPHPVersion('5.3', PHP_VERSION);
+} catch(Exception $exc) {
header('Content-Type: text/plain; charset=utf-8');
- echo $e->getMessage();
+ echo $exc->getMessage();
exit;
}
@@ -216,9 +221,6 @@ header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
-// Directories creations (Note that your web host may require different rights than 705.)
-if (!is_writable(realpath(dirname(__FILE__)))) die('
ERROR: Shaarli does not have the right to write in its own directory.
');
-
// Handling of old config file which do not have the new parameters.
if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.escape(index_url($_SERVER));
if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get();
@@ -228,8 +230,24 @@ if (empty($GLOBALS['privateLinkByDefault'])) $GLOBALS['privateLinkByDefault']=fa
if (empty($GLOBALS['titleLink'])) $GLOBALS['titleLink']='?';
// I really need to rewrite Shaarli with a proper configuation manager.
-// Run config screen if first run:
if (! is_file($GLOBALS['config']['CONFIG_FILE'])) {
+ // Ensure Shaarli has proper access to its resources
+ $errors = ApplicationUtils::checkResourcePermissions($GLOBALS['config']);
+
+ if ($errors != array()) {
+ $message = 'Insufficient permissions:
';
+
+ foreach ($errors as $error) {
+ $message .= '- '.$error.'
';
+ }
+ $message .= '
';
+
+ header('Content-Type: text/html; charset=utf-8');
+ echo $message;
+ exit;
+ }
+
+ // Display the installation form if no existing config is found
install();
}
@@ -248,11 +266,11 @@ header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper int
//==================================================================================================
function setup_login_state() {
- $userIsLoggedIn = false; // By default, we do not consider the user as logged in;
- $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met.
if ($GLOBALS['config']['OPEN_SHAARLI']) {
- $userIsLoggedIn = true;
+ return true;
}
+ $userIsLoggedIn = false; // By default, we do not consider the user as logged in;
+ $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met.
if (!isset($GLOBALS['login'])) {
$userIsLoggedIn = false; // Shaarli is not configured yet.
$loginFailure = true;
@@ -319,7 +337,7 @@ function checkUpdate()
function logm($message)
{
$t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n";
- file_put_contents($GLOBALS['config']['DATADIR'].'/log.txt',$t,FILE_APPEND);
+ file_put_contents($GLOBAL['config']['LOG_FILE'], $t, FILE_APPEND);
}
// In a string, converts URLs to clickable links.
@@ -727,7 +745,7 @@ function showRSS()
// If cached was not found (or not usable), then read the database and build the response:
$LINKSDB = new LinkDB(
$GLOBALS['config']['DATASTORE'],
- isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'],
+ isLoggedIn(),
$GLOBALS['config']['HIDE_PUBLIC_LINKS']
);
// Read links from database (and filter private links if user it not logged in).
@@ -816,7 +834,7 @@ function showATOM()
// Read links from database (and filter private links if used it not logged in).
$LINKSDB = new LinkDB(
$GLOBALS['config']['DATASTORE'],
- isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'],
+ isLoggedIn(),
$GLOBALS['config']['HIDE_PUBLIC_LINKS']
);
@@ -910,7 +928,7 @@ function showDailyRSS() {
// Read links from database (and filter private links if used it not logged in).
$LINKSDB = new LinkDB(
$GLOBALS['config']['DATASTORE'],
- isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'],
+ isLoggedIn(),
$GLOBALS['config']['HIDE_PUBLIC_LINKS']
);
@@ -997,7 +1015,7 @@ function showDaily()
{
$LINKSDB = new LinkDB(
$GLOBALS['config']['DATASTORE'],
- isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'],
+ isLoggedIn(),
$GLOBALS['config']['HIDE_PUBLIC_LINKS']
);
@@ -1088,7 +1106,7 @@ function renderPage()
{
$LINKSDB = new LinkDB(
$GLOBALS['config']['DATASTORE'],
- isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'],
+ isLoggedIn(),
$GLOBALS['config']['HIDE_PUBLIC_LINKS']
);
@@ -1461,7 +1479,7 @@ function renderPage()
$value['tags']=trim(implode(' ',$tags));
$LINKSDB[$key]=$value;
}
- $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']); // Save to disk.
+ $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']);
echo '';
exit;
}
@@ -1619,11 +1637,11 @@ function renderPage()
$link_is_new = true;
$linkdate = strval(date('Ymd_His'));
// Get title if it was provided in URL (by the bookmarklet).
- $title = (empty($_GET['title']) ? '' : $_GET['title'] );
+ $title = empty($_GET['title']) ? '' : escape($_GET['title']);
// Get description if it was provided in URL (by the bookmarklet). [Bronco added that]
- $description = (empty($_GET['description']) ? '' : $_GET['description']);
- $tags = (empty($_GET['tags']) ? '' : $_GET['tags'] );
- $private = (!empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0);
+ $description = empty($_GET['description']) ? '' : escape($_GET['description']);
+ $tags = empty($_GET['tags']) ? '' : escape($_GET['tags']);
+ $private = !empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0;
// If this is an HTTP(S) link, we try go get the page to extract the title (otherwise we will to straight to the edit form.)
if (empty($title) && strpos(get_url_scheme($url), 'http') !== false) {
// Short timeout to keep the application responsive
@@ -1759,10 +1777,10 @@ HTML;
// Process the import file form.
function importFile()
{
- if (!(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'])) { die('Not allowed.'); }
+ if (!isLoggedIn()) { die('Not allowed.'); }
$LINKSDB = new LinkDB(
$GLOBALS['config']['DATASTORE'],
- isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'],
+ isLoggedIn(),
$GLOBALS['config']['HIDE_PUBLIC_LINKS']
);
$filename=$_FILES['filetoupload']['name'];
@@ -2221,45 +2239,6 @@ function install()
exit;
}
-if (!function_exists('json_encode')) {
- function json_encode($data) {
- switch ($type = gettype($data)) {
- case 'NULL':
- return 'null';
- case 'boolean':
- return ($data ? 'true' : 'false');
- case 'integer':
- case 'double':
- case 'float':
- return $data;
- case 'string':
- return '"' . addslashes($data) . '"';
- case 'object':
- $data = get_object_vars($data);
- case 'array':
- $output_index_count = 0;
- $output_indexed = array();
- $output_associative = array();
- foreach ($data as $key => $value) {
- $output_indexed[] = json_encode($value);
- $output_associative[] = json_encode($key) . ':' . json_encode($value);
- if ($output_index_count !== NULL && $output_index_count++ !== $key) {
- $output_index_count = NULL;
- }
- }
- if ($output_index_count !== NULL) {
- return '[' . implode(',', $output_indexed) . ']';
- } else {
- return '{' . implode(',', $output_associative) . '}';
- }
- default:
- return ''; // Not supported
- }
- }
-}
-
-
-
/* Because some f*cking services like flickr require an extra HTTP request to get the thumbnail URL,
I have deported the thumbnail URL code generation here, otherwise this would slow down page generation.
The following function takes the URL a link (e.g. a flickr page) and return the proper thumbnail.