X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=b4d9395f8cce11cbb961e0e987358c9d517e7535;hb=1e57f90200c14d0143cd17529cbc0e7dc29f8061;hp=c82735ca4e8f3147789d2fc816db0fc677b4c501;hpb=6fc14d530369740d27d6bd641369d4f5f5f04080;p=github%2Fshaarli%2FShaarli.git
diff --git a/index.php b/index.php
old mode 100755
new mode 100644
index c82735ca..b4d9395f
--- a/index.php
+++ b/index.php
@@ -1,6 +1,6 @@
/shaarli/
define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUEST_URI"], '/', 0)));
-// PHP Settings
-ini_set('max_input_time','60'); // High execution time in case of problematic imports/exports.
-ini_set('memory_limit', '128M'); // Try to set max upload file size and read (May not work on some hosts).
+// High execution time in case of problematic imports/exports.
+ini_set('max_input_time','60');
+
+// Try to set max upload file size and read
+ini_set('memory_limit', '128M');
ini_set('post_max_size', '16M');
ini_set('upload_max_filesize', '16M');
-error_reporting(E_ALL^E_WARNING); // See all error except warnings.
-//error_reporting(-1); // See all errors (for debugging only)
-// User configuration
+// See all error except warnings
+error_reporting(E_ALL^E_WARNING);
+// See all errors (for debugging only)
+//error_reporting(-1);
+
+/*
+ * User configuration
+ */
if (is_file($GLOBALS['config']['CONFIG_FILE'])) {
require_once $GLOBALS['config']['CONFIG_FILE'];
}
// Shaarli library
+require_once 'application/ApplicationUtils.php';
require_once 'application/Cache.php';
require_once 'application/CachedPage.php';
+require_once 'application/FileUtils.php';
require_once 'application/HttpUtils.php';
require_once 'application/LinkDB.php';
require_once 'application/TimeZone.php';
@@ -89,10 +159,10 @@ require_once 'application/Router.php';
// Ensure the PHP version is supported
try {
- checkPHPVersion('5.3', PHP_VERSION);
-} catch(Exception $e) {
+ ApplicationUtils::checkPHPVersion('5.3', PHP_VERSION);
+} catch(Exception $exc) {
header('Content-Type: text/plain; charset=utf-8');
- echo $e->getMessage();
+ echo $exc->getMessage();
exit;
}
@@ -151,9 +221,6 @@ header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
-// Directories creations (Note that your web host may require different rights than 705.)
-if (!is_writable(realpath(dirname(__FILE__)))) die('
ERROR: Shaarli does not have the right to write in its own directory.
');
-
// Handling of old config file which do not have the new parameters.
if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.escape(index_url($_SERVER));
if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get();
@@ -163,8 +230,24 @@ if (empty($GLOBALS['privateLinkByDefault'])) $GLOBALS['privateLinkByDefault']=fa
if (empty($GLOBALS['titleLink'])) $GLOBALS['titleLink']='?';
// I really need to rewrite Shaarli with a proper configuation manager.
-// Run config screen if first run:
if (! is_file($GLOBALS['config']['CONFIG_FILE'])) {
+ // Ensure Shaarli has proper access to its resources
+ $errors = ApplicationUtils::checkResourcePermissions($GLOBALS['config']);
+
+ if ($errors != array()) {
+ $message = 'Insufficient permissions:
';
+
+ foreach ($errors as $error) {
+ $message .= '- '.$error.'
';
+ }
+ $message .= '
';
+
+ header('Content-Type: text/html; charset=utf-8');
+ echo $message;
+ exit;
+ }
+
+ // Display the installation form if no existing config is found
install();
}
@@ -183,11 +266,11 @@ header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper int
//==================================================================================================
function setup_login_state() {
- $userIsLoggedIn = false; // By default, we do not consider the user as logged in;
- $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met.
if ($GLOBALS['config']['OPEN_SHAARLI']) {
- $userIsLoggedIn = true;
+ return true;
}
+ $userIsLoggedIn = false; // By default, we do not consider the user as logged in;
+ $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met.
if (!isset($GLOBALS['login'])) {
$userIsLoggedIn = false; // Shaarli is not configured yet.
$loginFailure = true;
@@ -254,7 +337,7 @@ function checkUpdate()
function logm($message)
{
$t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n";
- file_put_contents($GLOBALS['config']['DATADIR'].'/log.txt',$t,FILE_APPEND);
+ file_put_contents($GLOBAL['config']['LOG_FILE'], $t, FILE_APPEND);
}
// In a string, converts URLs to clickable links.
@@ -580,28 +663,43 @@ class pageBuilder
function __construct()
{
- $this->tpl=false;
+ $this->tpl = false;
}
+ /**
+ * Initialize all default tpl tags.
+ */
private function initialize()
{
$this->tpl = new RainTPL;
- $this->tpl->assign('newversion',escape(checkUpdate()));
- $this->tpl->assign('feedurl',escape(index_url($_SERVER)));
- $searchcrits=''; // Search criteria
- if (!empty($_GET['searchtags'])) $searchcrits.='&searchtags='.urlencode($_GET['searchtags']);
- elseif (!empty($_GET['searchterm'])) $searchcrits.='&searchterm='.urlencode($_GET['searchterm']);
- $this->tpl->assign('searchcrits',$searchcrits);
- $this->tpl->assign('source',index_url($_SERVER));
- $this->tpl->assign('version',shaarli_version);
- $this->tpl->assign('scripturl',index_url($_SERVER));
- $this->tpl->assign('pagetitle','Shaarli');
- $this->tpl->assign('privateonly',!empty($_SESSION['privateonly'])); // Show only private links?
- if (!empty($GLOBALS['title'])) $this->tpl->assign('pagetitle',$GLOBALS['title']);
- if (!empty($GLOBALS['titleLink'])) $this->tpl->assign('titleLink',$GLOBALS['titleLink']);
- if (!empty($GLOBALS['pagetitle'])) $this->tpl->assign('pagetitle',$GLOBALS['pagetitle']);
- $this->tpl->assign('shaarlititle',empty($GLOBALS['title']) ? 'Shaarli': $GLOBALS['title'] );
- return;
+ $this->tpl->assign('newversion', escape(checkUpdate()));
+ $this->tpl->assign('feedurl', escape(index_url($_SERVER)));
+ $searchcrits = ''; // Search criteria
+ if (!empty($_GET['searchtags'])) {
+ $searchcrits .= '&searchtags=' . urlencode($_GET['searchtags']);
+ }
+ elseif (!empty($_GET['searchterm'])) {
+ $searchcrits .= '&searchterm=' . urlencode($_GET['searchterm']);
+ }
+ $this->tpl->assign('searchcrits', $searchcrits);
+ $this->tpl->assign('source', index_url($_SERVER));
+ $this->tpl->assign('version', shaarli_version);
+ $this->tpl->assign('scripturl', index_url($_SERVER));
+ $this->tpl->assign('pagetitle', 'Shaarli');
+ $this->tpl->assign('privateonly', !empty($_SESSION['privateonly'])); // Show only private links?
+ if (!empty($GLOBALS['title'])) {
+ $this->tpl->assign('pagetitle', $GLOBALS['title']);
+ }
+ if (!empty($GLOBALS['titleLink'])) {
+ $this->tpl->assign('titleLink', $GLOBALS['titleLink']);
+ }
+ if (!empty($GLOBALS['pagetitle'])) {
+ $this->tpl->assign('pagetitle', $GLOBALS['pagetitle']);
+ }
+ $this->tpl->assign('shaarlititle', empty($GLOBALS['title']) ? 'Shaarli': $GLOBALS['title']);
+ if (!empty($GLOBALS['plugin_errors'])) {
+ $this->tpl->assign('plugin_errors', $GLOBALS['plugin_errors']);
+ }
}
// The following assign() method is basically the same as RainTPL (except that it's lazy)
@@ -647,7 +745,7 @@ function showRSS()
// If cached was not found (or not usable), then read the database and build the response:
$LINKSDB = new LinkDB(
$GLOBALS['config']['DATASTORE'],
- isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'],
+ isLoggedIn(),
$GLOBALS['config']['HIDE_PUBLIC_LINKS']
);
// Read links from database (and filter private links if user it not logged in).
@@ -736,7 +834,7 @@ function showATOM()
// Read links from database (and filter private links if used it not logged in).
$LINKSDB = new LinkDB(
$GLOBALS['config']['DATASTORE'],
- isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'],
+ isLoggedIn(),
$GLOBALS['config']['HIDE_PUBLIC_LINKS']
);
@@ -830,7 +928,7 @@ function showDailyRSS() {
// Read links from database (and filter private links if used it not logged in).
$LINKSDB = new LinkDB(
$GLOBALS['config']['DATASTORE'],
- isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'],
+ isLoggedIn(),
$GLOBALS['config']['HIDE_PUBLIC_LINKS']
);
@@ -917,7 +1015,7 @@ function showDaily()
{
$LINKSDB = new LinkDB(
$GLOBALS['config']['DATASTORE'],
- isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'],
+ isLoggedIn(),
$GLOBALS['config']['HIDE_PUBLIC_LINKS']
);
@@ -1008,7 +1106,7 @@ function renderPage()
{
$LINKSDB = new LinkDB(
$GLOBALS['config']['DATASTORE'],
- isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'],
+ isLoggedIn(),
$GLOBALS['config']['HIDE_PUBLIC_LINKS']
);
@@ -1124,6 +1222,14 @@ function renderPage()
exit;
}
+ // Display openseach plugin (XML)
+ if ($targetPage == Router::$PAGE_OPENSEARCH) {
+ header('Content-Type: application/xml; charset=utf-8');
+ $PAGE->assign('serverurl', index_url($_SERVER));
+ $PAGE->renderPage('opensearch');
+ exit;
+ }
+
// -------- User clicks on a tag in a link: The tag is added to the list of searched tags (searchtags=...)
if (isset($_GET['addtag']))
{
@@ -1373,7 +1479,7 @@ function renderPage()
$value['tags']=trim(implode(' ',$tags));
$LINKSDB[$key]=$value;
}
- $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']); // Save to disk.
+ $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']);
echo '';
exit;
}
@@ -1425,10 +1531,14 @@ function renderPage()
pubsubhub();
// If we are called from the bookmarklet, we must close the popup:
- if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo ''; exit; }
- $returnurl = ( !empty($_POST['returnurl']) ? escape($_POST['returnurl']) : '?' );
- $returnurl .= '#'.smallHash($_POST['lf_linkdate']); // Scroll to the link which has been edited.
+ if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) {
+ echo '';
+ exit;
+ }
+
+ $returnurl = !empty($_POST['returnurl']) ? escape($_POST['returnurl']): '?';
$location = generateLocation($returnurl, $_SERVER['HTTP_HOST'], array('addlink', 'post', 'edit_link'));
+ $location .= '#'.smallHash($_POST['lf_linkdate']); // Scroll to the link which has been edited.
header('Location: '. $location); // After saving the link, redirect to the page the user was on.
exit;
}
@@ -1527,11 +1637,11 @@ function renderPage()
$link_is_new = true;
$linkdate = strval(date('Ymd_His'));
// Get title if it was provided in URL (by the bookmarklet).
- $title = (empty($_GET['title']) ? '' : $_GET['title'] );
+ $title = empty($_GET['title']) ? '' : escape($_GET['title']);
// Get description if it was provided in URL (by the bookmarklet). [Bronco added that]
- $description = (empty($_GET['description']) ? '' : $_GET['description']);
- $tags = (empty($_GET['tags']) ? '' : $_GET['tags'] );
- $private = (!empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0);
+ $description = empty($_GET['description']) ? '' : escape($_GET['description']);
+ $tags = empty($_GET['tags']) ? '' : escape($_GET['tags']);
+ $private = !empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0;
// If this is an HTTP(S) link, we try go get the page to extract the title (otherwise we will to straight to the edit form.)
if (empty($title) && strpos(get_url_scheme($url), 'http') !== false) {
// Short timeout to keep the application responsive
@@ -1667,10 +1777,10 @@ HTML;
// Process the import file form.
function importFile()
{
- if (!(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'])) { die('Not allowed.'); }
+ if (!isLoggedIn()) { die('Not allowed.'); }
$LINKSDB = new LinkDB(
$GLOBALS['config']['DATASTORE'],
- isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'],
+ isLoggedIn(),
$GLOBALS['config']['HIDE_PUBLIC_LINKS']
);
$filename=$_FILES['filetoupload']['name'];
@@ -2129,45 +2239,6 @@ function install()
exit;
}
-if (!function_exists('json_encode')) {
- function json_encode($data) {
- switch ($type = gettype($data)) {
- case 'NULL':
- return 'null';
- case 'boolean':
- return ($data ? 'true' : 'false');
- case 'integer':
- case 'double':
- case 'float':
- return $data;
- case 'string':
- return '"' . addslashes($data) . '"';
- case 'object':
- $data = get_object_vars($data);
- case 'array':
- $output_index_count = 0;
- $output_indexed = array();
- $output_associative = array();
- foreach ($data as $key => $value) {
- $output_indexed[] = json_encode($value);
- $output_associative[] = json_encode($key) . ':' . json_encode($value);
- if ($output_index_count !== NULL && $output_index_count++ !== $key) {
- $output_index_count = NULL;
- }
- }
- if ($output_index_count !== NULL) {
- return '[' . implode(',', $output_indexed) . ']';
- } else {
- return '{' . implode(',', $output_associative) . '}';
- }
- default:
- return ''; // Not supported
- }
- }
-}
-
-
-
/* Because some f*cking services like flickr require an extra HTTP request to get the thumbnail URL,
I have deported the thumbnail URL code generation here, otherwise this would slow down page generation.
The following function takes the URL a link (e.g. a flickr page) and return the proper thumbnail.