X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=b702bd133bc7023c7f9c5d63396754a80f272d51;hb=d37348efe280f0b72807ea6f62fca63e2ad28991;hp=1480bbc5aeaa80456c2f84f89d7ebaad426f59f7;hpb=ad5f47adbaee1eef85e90950ab8a45fe82959924;p=github%2Fshaarli%2FShaarli.git

diff --git a/index.php b/index.php
index 1480bbc5..b702bd13 100644
--- a/index.php
+++ b/index.php
@@ -356,7 +356,6 @@ function showDailyRSS($conf, $loginManager) {
                 $conf->get('redirector.url'),
                 $conf->get('redirector.encode_url')
             );
-            $link['thumbnail'] = thumbnail($conf, $link['url']);
             $link['timestamp'] = $link['created']->getTimestamp();
             if (startsWith($link['url'], '?')) {
                 $link['url'] = index_url($_SERVER) . $link['url'];  // make permalink URL absolute
@@ -371,6 +370,7 @@ function showDailyRSS($conf, $loginManager) {
         $tpl->assign('links', $links);
         $tpl->assign('rssdate', escape($dayDate->format(DateTime::RSS)));
         $tpl->assign('hide_timestamps', $conf->get('privacy.hide_timestamps', false));
+        $tpl->assign('index_url', $pageaddr);
         $html = $tpl->draw('dailyrss', true);
 
         echo $html . PHP_EOL;
@@ -433,7 +433,6 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager, $loginManager)
             $conf->get('redirector.url'),
             $conf->get('redirector.encode_url')
         );
-        $linksToDisplay[$key]['thumbnail'] = thumbnail($conf, $link['url']);
         $linksToDisplay[$key]['timestamp'] =  $link['created']->getTimestamp();
     }
 
@@ -1085,7 +1084,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
             die(t('Wrong token.'));
         }
 
-        $alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), escape($_POST['totag']));
+        $toTag = isset($_POST['totag']) ? escape($_POST['totag']) : null;
+        $alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), $toTag);
         $LINKSDB->save($conf->get('resource.page_cache'));
         foreach ($alteredLinks as $link) {
             $history->updateLink($link);
@@ -1237,10 +1237,10 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
             $id = (int) escape($id);
             $link = $LINKSDB[$id];
             $pluginManager->executeHooks('delete_link', $link);
+            $history->deleteLink($link);
             unset($LINKSDB[$id]);
         }
         $LINKSDB->save($conf->get('resource.page_cache')); // save to disk
-        $history->deleteLink($link);
 
         // If we are called from the bookmarklet, we must close the popup:
         if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; }
@@ -1353,6 +1353,25 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
         exit;
     }
 
+    if ($targetPage == Router::$PAGE_PINLINK) {
+        if (! isset($_GET['id']) || empty($LINKSDB[$_GET['id']])) {
+            // FIXME! Use a proper error system.
+            $msg = t('Invalid link ID provided');
+            echo '<script>alert("'. $msg .'");document.location=\''. index_url($_SERVER) .'\';</script>';
+            exit;
+        }
+        if (! $sessionManager->checkToken($_GET['token'])) {
+            die('Wrong token.');
+        }
+
+        $link = $LINKSDB[$_GET['id']];
+        $link['sticky'] = ! $link['sticky'];
+        $LINKSDB[(int) $_GET['id']] = $link;
+        $LINKSDB->save($conf->get('resource.page_cache'));
+        header('Location: '.index_url($_SERVER));
+        exit;
+    }
+
     if ($targetPage == Router::$PAGE_EXPORT) {
         // Export links as a Netscape Bookmarks file
 
@@ -1636,9 +1655,9 @@ function buildLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager)
         uasort($taglist, 'strcasecmp');
         $link['taglist'] = $taglist;
 
-        // Thumbnails enabled, not a note,
+        // Logged in, thumbnails enabled, not a note,
         // and (never retrieved yet or no valid cache file)
-        if ($thumbnailsEnabled && $link['url'][0] != '?'
+        if ($loginManager->isLoggedIn() && $thumbnailsEnabled && $link['url'][0] != '?'
             && (! isset($link['thumbnail']) || ($link['thumbnail'] !== false && ! is_file($link['thumbnail'])))
         ) {
             $elem = $LINKSDB[$keys[$i]];
@@ -1812,7 +1831,11 @@ function install($conf, $sessionManager, $loginManager) {
     exit;
 }
 
-if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=dailyrss')) { showDailyRSS($conf); exit; }
+if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=dailyrss')) {
+    showDailyRSS($conf, $loginManager);
+    exit;
+}
+
 if (!isset($_SESSION['LINKS_PER_PAGE'])) {
     $_SESSION['LINKS_PER_PAGE'] = $conf->get('general.links_per_page', 20);
 }
@@ -1855,6 +1878,7 @@ $app->group('/api/v1', function() {
 })->add('\Shaarli\Api\ApiMiddleware');
 
 $response = $app->run(true);
+
 // Hack to make Slim and Shaarli router work together:
 // If a Slim route isn't found and NOT API call, we call renderPage().
 if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) {
@@ -1862,5 +1886,12 @@ if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v
     header('Content-Type: text/html; charset=utf-8');
     renderPage($conf, $pluginManager, $linkDb, $history, $sessionManager, $loginManager);
 } else {
+    $response = $response
+        ->withHeader('Access-Control-Allow-Origin', '*')
+        ->withHeader(
+            'Access-Control-Allow-Headers',
+            'X-Requested-With, Content-Type, Accept, Origin, Authorization'
+        )
+        ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
     $app->respond($response);
 }