X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=b4d9395f8cce11cbb961e0e987358c9d517e7535;hb=986afb752bc57271e76935da9ed2df6ef8713cb7;hp=b06dd50ce0a1e957cc530affeaf5ac041287f6c3;hpb=44d60adc5e2fa547bc49620f7e647794f0cad631;p=github%2Fshaarli%2FShaarli.git
diff --git a/index.php b/index.php
index b06dd50c..b4d9395f 100644
--- a/index.php
+++ b/index.php
@@ -1,6 +1,6 @@
/shaarli/
define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUEST_URI"], '/', 0)));
@@ -141,8 +144,10 @@ if (is_file($GLOBALS['config']['CONFIG_FILE'])) {
}
// Shaarli library
+require_once 'application/ApplicationUtils.php';
require_once 'application/Cache.php';
require_once 'application/CachedPage.php';
+require_once 'application/FileUtils.php';
require_once 'application/HttpUtils.php';
require_once 'application/LinkDB.php';
require_once 'application/TimeZone.php';
@@ -154,10 +159,10 @@ require_once 'application/Router.php';
// Ensure the PHP version is supported
try {
- checkPHPVersion('5.3', PHP_VERSION);
-} catch(Exception $e) {
+ ApplicationUtils::checkPHPVersion('5.3', PHP_VERSION);
+} catch(Exception $exc) {
header('Content-Type: text/plain; charset=utf-8');
- echo $e->getMessage();
+ echo $exc->getMessage();
exit;
}
@@ -216,9 +221,6 @@ header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
-// Directories creations (Note that your web host may require different rights than 705.)
-if (!is_writable(realpath(dirname(__FILE__)))) die('
ERROR: Shaarli does not have the right to write in its own directory.
');
-
// Handling of old config file which do not have the new parameters.
if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.escape(index_url($_SERVER));
if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get();
@@ -228,8 +230,24 @@ if (empty($GLOBALS['privateLinkByDefault'])) $GLOBALS['privateLinkByDefault']=fa
if (empty($GLOBALS['titleLink'])) $GLOBALS['titleLink']='?';
// I really need to rewrite Shaarli with a proper configuation manager.
-// Run config screen if first run:
if (! is_file($GLOBALS['config']['CONFIG_FILE'])) {
+ // Ensure Shaarli has proper access to its resources
+ $errors = ApplicationUtils::checkResourcePermissions($GLOBALS['config']);
+
+ if ($errors != array()) {
+ $message = 'Insufficient permissions:
';
+
+ foreach ($errors as $error) {
+ $message .= '- '.$error.'
';
+ }
+ $message .= '
';
+
+ header('Content-Type: text/html; charset=utf-8');
+ echo $message;
+ exit;
+ }
+
+ // Display the installation form if no existing config is found
install();
}
@@ -248,11 +266,11 @@ header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper int
//==================================================================================================
function setup_login_state() {
- $userIsLoggedIn = false; // By default, we do not consider the user as logged in;
- $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met.
if ($GLOBALS['config']['OPEN_SHAARLI']) {
- $userIsLoggedIn = true;
+ return true;
}
+ $userIsLoggedIn = false; // By default, we do not consider the user as logged in;
+ $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met.
if (!isset($GLOBALS['login'])) {
$userIsLoggedIn = false; // Shaarli is not configured yet.
$loginFailure = true;
@@ -319,7 +337,7 @@ function checkUpdate()
function logm($message)
{
$t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n";
- file_put_contents($GLOBALS['config']['DATADIR'].'/log.txt',$t,FILE_APPEND);
+ file_put_contents($GLOBAL['config']['LOG_FILE'], $t, FILE_APPEND);
}
// In a string, converts URLs to clickable links.
@@ -679,8 +697,8 @@ class pageBuilder
$this->tpl->assign('pagetitle', $GLOBALS['pagetitle']);
}
$this->tpl->assign('shaarlititle', empty($GLOBALS['title']) ? 'Shaarli': $GLOBALS['title']);
- if (!empty($GLOBALS['plugins']['errors'])) {
- $this->tpl->assign('plugin_errors', $GLOBALS['plugins']['errors']);
+ if (!empty($GLOBALS['plugin_errors'])) {
+ $this->tpl->assign('plugin_errors', $GLOBALS['plugin_errors']);
}
}
@@ -727,7 +745,7 @@ function showRSS()
// If cached was not found (or not usable), then read the database and build the response:
$LINKSDB = new LinkDB(
$GLOBALS['config']['DATASTORE'],
- isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'],
+ isLoggedIn(),
$GLOBALS['config']['HIDE_PUBLIC_LINKS']
);
// Read links from database (and filter private links if user it not logged in).
@@ -816,7 +834,7 @@ function showATOM()
// Read links from database (and filter private links if used it not logged in).
$LINKSDB = new LinkDB(
$GLOBALS['config']['DATASTORE'],
- isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'],
+ isLoggedIn(),
$GLOBALS['config']['HIDE_PUBLIC_LINKS']
);
@@ -910,7 +928,7 @@ function showDailyRSS() {
// Read links from database (and filter private links if used it not logged in).
$LINKSDB = new LinkDB(
$GLOBALS['config']['DATASTORE'],
- isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'],
+ isLoggedIn(),
$GLOBALS['config']['HIDE_PUBLIC_LINKS']
);
@@ -997,7 +1015,7 @@ function showDaily()
{
$LINKSDB = new LinkDB(
$GLOBALS['config']['DATASTORE'],
- isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'],
+ isLoggedIn(),
$GLOBALS['config']['HIDE_PUBLIC_LINKS']
);
@@ -1088,7 +1106,7 @@ function renderPage()
{
$LINKSDB = new LinkDB(
$GLOBALS['config']['DATASTORE'],
- isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'],
+ isLoggedIn(),
$GLOBALS['config']['HIDE_PUBLIC_LINKS']
);
@@ -1204,6 +1222,14 @@ function renderPage()
exit;
}
+ // Display openseach plugin (XML)
+ if ($targetPage == Router::$PAGE_OPENSEARCH) {
+ header('Content-Type: application/xml; charset=utf-8');
+ $PAGE->assign('serverurl', index_url($_SERVER));
+ $PAGE->renderPage('opensearch');
+ exit;
+ }
+
// -------- User clicks on a tag in a link: The tag is added to the list of searched tags (searchtags=...)
if (isset($_GET['addtag']))
{
@@ -1453,7 +1479,7 @@ function renderPage()
$value['tags']=trim(implode(' ',$tags));
$LINKSDB[$key]=$value;
}
- $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']); // Save to disk.
+ $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']);
echo '';
exit;
}
@@ -1611,11 +1637,11 @@ function renderPage()
$link_is_new = true;
$linkdate = strval(date('Ymd_His'));
// Get title if it was provided in URL (by the bookmarklet).
- $title = (empty($_GET['title']) ? '' : $_GET['title'] );
+ $title = empty($_GET['title']) ? '' : escape($_GET['title']);
// Get description if it was provided in URL (by the bookmarklet). [Bronco added that]
- $description = (empty($_GET['description']) ? '' : $_GET['description']);
- $tags = (empty($_GET['tags']) ? '' : $_GET['tags'] );
- $private = (!empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0);
+ $description = empty($_GET['description']) ? '' : escape($_GET['description']);
+ $tags = empty($_GET['tags']) ? '' : escape($_GET['tags']);
+ $private = !empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0;
// If this is an HTTP(S) link, we try go get the page to extract the title (otherwise we will to straight to the edit form.)
if (empty($title) && strpos(get_url_scheme($url), 'http') !== false) {
// Short timeout to keep the application responsive
@@ -1751,10 +1777,10 @@ HTML;
// Process the import file form.
function importFile()
{
- if (!(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'])) { die('Not allowed.'); }
+ if (!isLoggedIn()) { die('Not allowed.'); }
$LINKSDB = new LinkDB(
$GLOBALS['config']['DATASTORE'],
- isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI'],
+ isLoggedIn(),
$GLOBALS['config']['HIDE_PUBLIC_LINKS']
);
$filename=$_FILES['filetoupload']['name'];
@@ -2213,45 +2239,6 @@ function install()
exit;
}
-if (!function_exists('json_encode')) {
- function json_encode($data) {
- switch ($type = gettype($data)) {
- case 'NULL':
- return 'null';
- case 'boolean':
- return ($data ? 'true' : 'false');
- case 'integer':
- case 'double':
- case 'float':
- return $data;
- case 'string':
- return '"' . addslashes($data) . '"';
- case 'object':
- $data = get_object_vars($data);
- case 'array':
- $output_index_count = 0;
- $output_indexed = array();
- $output_associative = array();
- foreach ($data as $key => $value) {
- $output_indexed[] = json_encode($value);
- $output_associative[] = json_encode($key) . ':' . json_encode($value);
- if ($output_index_count !== NULL && $output_index_count++ !== $key) {
- $output_index_count = NULL;
- }
- }
- if ($output_index_count !== NULL) {
- return '[' . implode(',', $output_indexed) . ']';
- } else {
- return '{' . implode(',', $output_associative) . '}';
- }
- default:
- return ''; // Not supported
- }
- }
-}
-
-
-
/* Because some f*cking services like flickr require an extra HTTP request to get the thumbnail URL,
I have deported the thumbnail URL code generation here, otherwise this would slow down page generation.
The following function takes the URL a link (e.g. a flickr page) and return the proper thumbnail.