X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=d9fe5bc2d9cac9ad917bde90032e9df758ac9444;hb=3a38c95d4232aed4a40f70eb11d26cafc9188bac;hp=600b2f5540242d24b81a8fb48e5c5e0574c7830a;hpb=1557cefbd76257ceb830f65806831b490faf0acc;p=github%2Fshaarli%2FShaarli.git

diff --git a/index.php b/index.php
index 600b2f55..d9fe5bc2 100644
--- a/index.php
+++ b/index.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * Shaarli v0.6.2 - Shaare your links...
+ * Shaarli v0.6.3 - Shaare your links...
  *
  * The personal, minimalist, super-fast, no-database Delicious clone.
  *
@@ -44,12 +44,18 @@ $GLOBALS['config']['DATASTORE'] = $GLOBALS['config']['DATADIR'].'/datastore.php'
 // Banned IPs
 $GLOBALS['config']['IPBANS_FILENAME'] = $GLOBALS['config']['DATADIR'].'/ipbans.php';
 
+// Processed updates file.
+$GLOBALS['config']['UPDATES_FILE'] = $GLOBALS['config']['DATADIR'].'/updates.txt';
+
 // Access log
 $GLOBALS['config']['LOG_FILE'] = $GLOBALS['config']['DATADIR'].'/log.txt';
 
 // For updates check of Shaarli
 $GLOBALS['config']['UPDATECHECK_FILENAME'] = $GLOBALS['config']['DATADIR'].'/lastupdatecheck.txt';
 
+// Set ENABLE_UPDATECHECK to disabled by default.
+$GLOBALS['config']['ENABLE_UPDATECHECK'] = false;
+
 // RainTPL cache directory (keep the trailing slash!)
 $GLOBALS['config']['RAINTPL_TMP'] = 'tmp/';
 // Raintpl template directory (keep the trailing slash!)
@@ -61,7 +67,6 @@ $GLOBALS['config']['CACHEDIR'] = 'cache';
 // Atom & RSS feed cache directory
 $GLOBALS['config']['PAGECACHE'] = 'pagecache';
 
-
 /*
  * Global configuration
  */
@@ -111,7 +116,8 @@ $GLOBALS['config']['UPDATECHECK_INTERVAL'] = 86400;
 //);
 $GLOBALS['config']['ENABLED_PLUGINS'] = array('qrcode');
 
-//$GLOBALS['plugins']['WALLABAG_URL'] = 'https://demo.wallabag.org/';
+// Initialize plugin parameters array.
+$GLOBALS['plugins'] = array();
 
 // PubSubHubbub support. Put an empty string to disable, or put your hub url here to enable.
 $GLOBALS['config']['PUBSUBHUB_URL'] = '';
@@ -119,7 +125,7 @@ $GLOBALS['config']['PUBSUBHUB_URL'] = '';
 /*
  * PHP configuration
  */
-define('shaarli_version', '0.6.2');
+define('shaarli_version', '0.6.3');
 
 // http://server.com/x/shaarli --> /shaarli/
 define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUEST_URI"], '/', 0)));
@@ -159,6 +165,7 @@ require_once 'application/Utils.php';
 require_once 'application/Config.php';
 require_once 'application/PluginManager.php';
 require_once 'application/Router.php';
+require_once 'application/Updater.php';
 
 // Ensure the PHP version is supported
 try {
@@ -309,14 +316,6 @@ function setup_login_state() {
 $userIsLoggedIn = setup_login_state();
 
 
-// -----------------------------------------------------------------------------------------------
-// Log to text file
-function logm($message)
-{
-    $t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n";
-    file_put_contents($GLOBALS['config']['LOG_FILE'], $t, FILE_APPEND);
-}
-
 // ------------------------------------------------------------------------------------------
 // Sniff browser language to display dates in the right format automatically.
 // (Note that is may not work on your server if the corresponding local is not installed.)
@@ -380,10 +379,10 @@ function check_auth($login,$password)
     if ($login==$GLOBALS['login'] && $hash==$GLOBALS['hash'])
     {   // Login/password is correct.
 		fillSessionInfo();
-        logm('Login successful');
+        logm($GLOBALS['config']['LOG_FILE'], $_SERVER['REMOTE_ADDR'], 'Login successful');
         return True;
     }
-    logm('Login failed for user '.$login);
+    logm($GLOBALS['config']['LOG_FILE'], $_SERVER['REMOTE_ADDR'], 'Login failed for user '.$login);
     return False;
 }
 
@@ -420,7 +419,7 @@ function ban_loginFailed()
     if ($gb['FAILURES'][$ip]>($GLOBALS['config']['BAN_AFTER']-1))
     {
         $gb['BANS'][$ip]=time()+$GLOBALS['config']['BAN_DURATION'];
-        logm('IP address banned from login');
+        logm($GLOBALS['config']['LOG_FILE'], $_SERVER['REMOTE_ADDR'], 'IP address banned from login');
     }
     $GLOBALS['IPBANS'] = $gb;
     file_put_contents($GLOBALS['config']['IPBANS_FILENAME'], "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>");
@@ -444,7 +443,7 @@ function ban_canLogin()
         // User is banned. Check if the ban has expired:
         if ($gb['BANS'][$ip]<=time())
         {   // Ban expired, user can try to login again.
-            logm('Ban lifted.');
+            logm($GLOBALS['config']['LOG_FILE'], $_SERVER['REMOTE_ADDR'], 'Ban lifted.');
             unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]);
             file_put_contents($GLOBALS['config']['IPBANS_FILENAME'], "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>");
             return true; // Ban has expired, user can login.
@@ -480,7 +479,7 @@ if (isset($_POST['login']))
             session_set_cookie_params(0,$cookiedir,$_SERVER['SERVER_NAME']); // 0 means "When browser closes"
             session_regenerate_id(true);
         }
-        
+
         // Optional redirect after login:
         if (isset($_GET['post'])) {
             $uri = '?post='. urlencode($_GET['post']);
@@ -641,7 +640,7 @@ class pageBuilder
             $this->tpl->assign('versionError', '');
 
         } catch (Exception $exc) {
-            logm($exc->getMessage());
+            logm($GLOBALS['config']['LOG_FILE'], $_SERVER['REMOTE_ADDR'], $exc->getMessage());
             $this->tpl->assign('newVersion', '');
             $this->tpl->assign('versionError', escape($exc->getMessage()));
         }
@@ -689,6 +688,18 @@ class pageBuilder
         if ($this->tpl===false) $this->initialize(); // Lazy initialization
         $this->tpl->draw($page);
     }
+
+    /**
+    * Render a 404 page (uses the template : tpl/404.tpl)
+    *
+    * usage : $PAGE->render404('The link was deleted')
+    * @param string $message A messate to display what is not found
+    */
+    public function render404($message='The page you are trying to reach does not exist or has been deleted.') {
+        header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found');
+        $this->tpl->assign('error_message', $message);
+        $this->renderPage('404');
+    }
 }
 
 // ------------------------------------------------------------------------------------------
@@ -1106,6 +1117,25 @@ function renderPage()
         $GLOBALS['redirector']
     );
 
+    $updater = new Updater(
+        read_updates_file($GLOBALS['config']['UPDATES_FILE']),
+        $GLOBALS,
+        $LINKSDB,
+        isLoggedIn()
+    );
+    try {
+        $newUpdates = $updater->update();
+        if (! empty($newUpdates)) {
+            write_updates_file(
+                $GLOBALS['config']['UPDATES_FILE'],
+                $updater->getDoneUpdates()
+            );
+        }
+    }
+    catch(Exception $e) {
+        die($e->getMessage());
+    }
+
     $PAGE = new pageBuilder;
 
     // Determine which page will be rendered.
@@ -1115,9 +1145,9 @@ function renderPage()
     // Call plugin hooks for header, footer and includes, specifying which page will be rendered.
     // Then assign generated data to RainTPL.
     $common_hooks = array(
+        'includes',
         'header',
         'footer',
-        'includes',
     );
     $pluginManager = PluginManager::getInstance();
     foreach($common_hooks as $name) {
@@ -1522,21 +1552,42 @@ function renderPage()
     // -------- User clicked the "Save" button when editing a link: Save link to database.
     if (isset($_POST['save_edit']))
     {
-        if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away!
-        $tags = trim(preg_replace('/\s\s+/',' ', $_POST['lf_tags'])); // Remove multiple spaces.
-        $tags = implode(' ', array_unique(explode(' ', $tags))); // Remove duplicates.
-        $linkdate=$_POST['lf_linkdate'];
+        // Go away!
+        if (! tokenOk($_POST['token'])) {
+            die('Wrong token.');
+        }
+        // Remove multiple spaces.
+        $tags = trim(preg_replace('/\s\s+/', ' ', $_POST['lf_tags']));
+        // Remove first '-' char in tags.
+        $tags = preg_replace('/(^| )\-/', '$1', $tags);
+        // Remove duplicates.
+        $tags = implode(' ', array_unique(explode(' ', $tags)));
+        $linkdate = $_POST['lf_linkdate'];
         $url = trim($_POST['lf_url']);
-        if (!startsWith($url,'http:') && !startsWith($url,'https:') && !startsWith($url,'ftp:') && !startsWith($url,'magnet:') && !startsWith($url,'?') && !startsWith($url,'javascript:'))
-            $url = 'http://'.$url;
-        $link = array('title'=>trim($_POST['lf_title']),'url'=>$url,'description'=>trim($_POST['lf_description']),'private'=>(isset($_POST['lf_private']) ? 1 : 0),
-                      'linkdate'=>$linkdate,'tags'=>str_replace(',',' ',$tags));
-        if ($link['title']=='') $link['title']=$link['url']; // If title is empty, use the URL as title.
+        if (! startsWith($url, 'http:') && ! startsWith($url, 'https:')
+            && ! startsWith($url, 'ftp:') && ! startsWith($url, 'magnet:')
+            && ! startsWith($url, '?') && ! startsWith($url, 'javascript:')
+        ) {
+            $url = 'http://' . $url;
+        }
+
+        $link = array(
+            'title' => trim($_POST['lf_title']),
+            'url' => $url,
+            'description' => trim($_POST['lf_description']),
+            'private' => (isset($_POST['lf_private']) ? 1 : 0),
+            'linkdate' => $linkdate,
+            'tags' => str_replace(',', ' ', $tags)
+        );
+        // If title is empty, use the URL as title.
+        if ($link['title'] == '') {
+            $link['title'] = $link['url'];
+        }
 
         $pluginManager->executeHooks('save_link', $link);
 
         $LINKSDB[$linkdate] = $link;
-        $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']); // Save to disk.
+        $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']);
         pubsubhub();
 
         // If we are called from the bookmarklet, we must close the popup:
@@ -1545,10 +1596,12 @@ function renderPage()
             exit;
         }
 
-        $returnurl = !empty($_POST['returnurl']) ? escape($_POST['returnurl']): '?';
+        $returnurl = !empty($_POST['returnurl']) ? $_POST['returnurl'] : '?';
         $location = generateLocation($returnurl, $_SERVER['HTTP_HOST'], array('addlink', 'post', 'edit_link'));
-        $location .= '#'.smallHash($_POST['lf_linkdate']);  // Scroll to the link which has been edited.
-        header('Location: '. $location); // After saving the link, redirect to the page the user was on.
+        // Scroll to the link which has been edited.
+        $location .= '#' . smallHash($_POST['lf_linkdate']);
+        // After saving the link, redirect to the page the user was on.
+        header('Location: '. $location);
         exit;
     }
 
@@ -1766,6 +1819,54 @@ HTML;
         exit;
     }
 
+    // Plugin administration page
+    if ($targetPage == Router::$PAGE_PLUGINSADMIN) {
+        $pluginMeta = $pluginManager->getPluginsMeta();
+
+        // Split plugins into 2 arrays: ordered enabled plugins and disabled.
+        $enabledPlugins = array_filter($pluginMeta, function($v) { return $v['order'] !== false; });
+        // Load parameters.
+        $enabledPlugins = load_plugin_parameter_values($enabledPlugins, $GLOBALS['plugins']);
+        uasort(
+            $enabledPlugins,
+            function($a, $b) { return $a['order'] - $b['order']; }
+        );
+        $disabledPlugins = array_filter($pluginMeta, function($v) { return $v['order'] === false; });
+
+        $PAGE->assign('enabledPlugins', $enabledPlugins);
+        $PAGE->assign('disabledPlugins', $disabledPlugins);
+        $PAGE->renderPage('pluginsadmin');
+        exit;
+    }
+
+    // Plugin administration form action
+    if ($targetPage == Router::$PAGE_SAVE_PLUGINSADMIN) {
+        try {
+            if (isset($_POST['parameters_form'])) {
+                unset($_POST['parameters_form']);
+                foreach ($_POST as $param => $value) {
+                    $GLOBALS['plugins'][$param] = escape($value);
+                }
+            }
+            else {
+                $GLOBALS['config']['ENABLED_PLUGINS'] = save_plugin_config($_POST);
+            }
+            writeConfig($GLOBALS, isLoggedIn());
+        }
+        catch (Exception $e) {
+            error_log(
+                'ERROR while saving plugin configuration:.' . PHP_EOL .
+                $e->getMessage()
+            );
+
+            // TODO: do not handle exceptions/errors in JS.
+            echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do='. Router::$PAGE_PLUGINSADMIN .'\';</script>';
+            exit;
+        }
+        header('Location: ?do='. Router::$PAGE_PLUGINSADMIN);
+        exit;
+    }
+
     // -------- Otherwise, simply display search form and links:
     showLinkList($PAGE, $LINKSDB);
     exit;
@@ -1891,10 +1992,7 @@ function buildLinkList($PAGE,$LINKSDB)
         $linksToDisplay = $LINKSDB->filter($search_type, $search_crits);
 
         if (count($linksToDisplay) == 0) {
-            header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found');
-            echo '<h1>404 Not found.</h1>Oh crap.
-                  The link you are trying to reach does not exist or has been deleted.';
-            echo '<br>Would you mind <a href="?">clicking here</a>?';
+            $PAGE->render404('The link you are trying to reach does not exist or has been deleted.');
             exit;
         }
     }
@@ -2466,15 +2564,6 @@ function resizeImage($filepath)
     return true;
 }
 
-try {
-    mergeDeprecatedConfig($GLOBALS, isLoggedIn());
-} catch(Exception $e) {
-    error_log(
-        'ERROR while merging deprecated options.php file.' . PHP_EOL .
-        $e->getMessage()
-    );
-}
-
 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=genthumbnail')) { genThumbnail(); exit; }  // Thumbnail generation/cache does not need the link database.
 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=rss')) { showRSS(); exit; }
 if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=atom')) { showATOM(); exit; }