X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=c26f50d110d4a680b215052269f3ca509aad4293;hb=refs%2Ftags%2Fv0.9.3;hp=7210c71fe7811a733b3dde3e851d3eece024febe;hpb=c5f5365ae6d57f6ca49b9ed6b6be05c52a05c3bb;p=github%2Fshaarli%2FShaarli.git diff --git a/index.php b/index.php index 7210c71f..c26f50d1 100644 --- a/index.php +++ b/index.php @@ -88,7 +88,7 @@ try { exit; } -define('shaarli_version', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE)); +define('SHAARLI_VERSION', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE)); // Force cookie path (but do not change lifetime) $cookie = session_get_cookie_params(); @@ -431,7 +431,7 @@ if (isset($_POST['login'])) else { ban_loginFailed($conf); - $redir = '&username='. $_POST['login']; + $redir = '&username='. urlencode($_POST['login']); if (isset($_GET['post'])) { $redir .= '&post=' . urlencode($_GET['post']); foreach (array('description', 'source', 'title', 'tags') as $param) { @@ -718,6 +718,23 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) $query = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : ''; $targetPage = Router::findPage($query, $_GET, isLoggedIn()); + if ( + // if the user isn't logged in + !isLoggedIn() && + // and Shaarli doesn't have public content... + $conf->get('privacy.hide_public_links') && + // and is configured to enforce the login + $conf->get('privacy.force_login') && + // and the current page isn't already the login page + $targetPage !== Router::$PAGE_LOGIN && + // and the user is not requesting a feed (which would lead to a different content-type as expected) + $targetPage !== Router::$PAGE_FEED_ATOM && + $targetPage !== Router::$PAGE_FEED_RSS + ) { + // force current page to be the login page + $targetPage = Router::$PAGE_LOGIN; + } + // Call plugin hooks for header, footer and includes, specifying which page will be rendered. // Then assign generated data to RainTPL. $common_hooks = array( @@ -823,7 +840,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) } $data = array( - 'search_tags' => implode(' ', $filteringTags), + 'search_tags' => implode(' ', escape($filteringTags)), 'tags' => $tagList, ); $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn())); @@ -853,7 +870,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) } $data = [ - 'search_tags' => implode(' ', $filteringTags), + 'search_tags' => implode(' ', escape($filteringTags)), 'tags' => $tags, ]; $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]); @@ -1065,10 +1082,10 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) // -------- Display the Tools menu if requested (import/export/bookmarklet...) if ($targetPage == Router::$PAGE_TOOLS) { - $data = array( + $data = [ 'pageabsaddr' => index_url($_SERVER), - 'sslenabled' => !empty($_SERVER['HTTPS']) - ); + 'sslenabled' => is_https($_SERVER), + ]; $pluginManager->executeHooks('render_tools', $data); foreach ($data as $key => $value) { @@ -1330,10 +1347,17 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) die('Wrong token.'); } - if (strpos($_GET['lf_linkdate'], ' ') !== false) { - $ids = array_values(array_filter(preg_split('/\s+/', escape($_GET['lf_linkdate'])))); + $ids = trim($_GET['lf_linkdate']); + if (strpos($ids, ' ') !== false) { + // multiple, space-separated ids provided + $ids = array_values(array_filter(preg_split('/\s+/', escape($ids)))); } else { - $ids = [$_GET['lf_linkdate']]; + // only a single id provided + $ids = [$ids]; + } + // assert at least one id is given + if(!count($ids)){ + die('no id provided'); } foreach ($ids as $id) { $id = (int) escape($id); @@ -1419,7 +1443,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) if ($url == '') { $url = '?' . smallHash($linkdate . $LINKSDB->getNextId()); - $title = 'Note: '; + $title = $conf->get('general.default_note_title', 'Note: '); } $url = escape($url); $title = escape($title);