X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=fedad2b93ecd99cd612c4d051f4a72126705b7f8;hb=25f5c59db6ac482ae2dd7996c9dd6794680c2a5b;hp=8a456357610e4f2a3dba61a612db2c34d24ce492;hpb=858c5c2b43ce16f6d4b388725ef2d7a95e4a1986;p=github%2Fshaarli%2FShaarli.git
diff --git a/index.php b/index.php
index 8a456357..fedad2b9 100644
--- a/index.php
+++ b/index.php
@@ -1,9 +1,15 @@
'); // Suffix to encapsulate data in php code.
+// http://server.com/x/shaarli --> /shaarli/
+define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUEST_URI"], '/', 0)));
// Force cookie path (but do not change lifetime)
$cookie=session_get_cookie_params();
$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
-session_set_cookie_params($cookie['lifetime'],$cookiedir); // Set default cookie expiration and path.
+session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['HTTP_HOST']); // Set default cookie expiration and path.
// Set session parameters on server side.
define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired.
@@ -55,9 +65,9 @@ error_reporting(E_ALL^E_WARNING); // See all error except warnings.
//error_reporting(-1); // See all errors (for debugging only)
include "inc/rain.tpl.class.php"; //include Rain TPL
-raintpl::$tpl_dir = "tpl/"; // template directory
-if (!is_dir('tmp')) { mkdir('tmp',0705); chmod('tmp',0705); }
-raintpl::$cache_dir = "tmp/"; // cache directory
+raintpl::$tpl_dir = $GLOBALS['config']['RAINTPL_TPL']; // template directory
+if (!is_dir($GLOBALS['config']['RAINTPL_TMP'])) { mkdir($GLOBALS['config']['RAINTPL_TMP'],0705); chmod($GLOBALS['config']['RAINTPL_TMP'],0705); }
+raintpl::$cache_dir = $GLOBALS['config']['RAINTPL_TMP']; // cache directory
ob_start(); // Output buffering for the page cache.
@@ -78,27 +88,36 @@ header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
// Directories creations (Note that your web host may require differents rights than 705.)
+if (!is_writable(realpath(dirname(__FILE__)))) die('
ERROR: Shaarli does not have the right to write in its own directory ('.realpath(dirname(__FILE__)).').
');
if (!is_dir($GLOBALS['config']['DATADIR'])) { mkdir($GLOBALS['config']['DATADIR'],0705); chmod($GLOBALS['config']['DATADIR'],0705); }
-if (!is_dir('tmp')) { mkdir('tmp',0705); chmod('tmp',0705); } // For RainTPL temporary files.
+if (!is_dir($GLOBALS['config']['RAINTPL_TMP'])) { mkdir($GLOBALS['config']['RAINTPL_TMP'],0705);chmod($GLOBALS['config']['RAINTPL_TMP'],0705); } // For RainTPL temporary files.
if (!is_file($GLOBALS['config']['DATADIR'].'/.htaccess')) { file_put_contents($GLOBALS['config']['DATADIR'].'/.htaccess',"Allow from none\nDeny from all\n"); } // Protect data files.
+// Second check to see if Shaarli can write in its directory, because on some hosts is_writable() is not reliable.
+if (!is_file($GLOBALS['config']['DATADIR'].'/.htaccess')) die('
ERROR: Shaarli does not have the right to write in its data directory ('.realpath($GLOBALS['config']['DATADIR']).').
');
if ($GLOBALS['config']['ENABLE_LOCALCACHE'])
{
if (!is_dir($GLOBALS['config']['CACHEDIR'])) { mkdir($GLOBALS['config']['CACHEDIR'],0705); chmod($GLOBALS['config']['CACHEDIR'],0705); }
if (!is_file($GLOBALS['config']['CACHEDIR'].'/.htaccess')) { file_put_contents($GLOBALS['config']['CACHEDIR'].'/.htaccess',"Allow from none\nDeny from all\n"); } // Protect data files.
}
-// Run config screen if first run:
-if (!is_file($GLOBALS['config']['CONFIG_FILE'])) install();
-
-require $GLOBALS['config']['CONFIG_FILE']; // Read login/password hash into $GLOBALS.
-
// Handling of old config file which do not have the new parameters.
if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.htmlspecialchars(indexUrl());
if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get();
+if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']='';
if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false;
if (empty($GLOBALS['disablejquery'])) $GLOBALS['disablejquery']=false;
+if (empty($GLOBALS['privateLinkByDefault'])) $GLOBALS['privateLinkByDefault']=false;
+if (empty($GLOBALS['titleLink'])) $GLOBALS['titleLink']='?';
// I really need to rewrite Shaarli with a proper configuation manager.
+// Run config screen if first run:
+if (!is_file($GLOBALS['config']['CONFIG_FILE'])) install();
+
+require $GLOBALS['config']['CONFIG_FILE']; // Read login/password hash into $GLOBALS.
+
+// a token depending of deployment salt, user password, and the current ip
+define('STAY_SIGNED_IN_TOKEN', sha1($GLOBALS['hash'].$_SERVER["REMOTE_ADDR"].$GLOBALS['salt']));
+
autoLocale(); // Sniff browser language and set date format accordingly.
header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling.
@@ -146,7 +165,7 @@ class pageCache
private $shouldBeCached; // boolean: Should this url be cached ?
private $filename; // Name of the cache file for this url
- /*
+ /*
$url = url (typically the value returned by pageUrl())
$shouldBeCached = boolean. If false, the cache will be disabled.
*/
@@ -155,7 +174,7 @@ class pageCache
$this->url = $url;
$this->filename = $GLOBALS['config']['PAGECACHE'].'/'.sha1($url).'.cache';
$this->shouldBeCached = $shouldBeCached;
- }
+ }
// If the page should be cached and a cached version exists,
// returns the cached version (otherwise, return null).
@@ -183,7 +202,7 @@ class pageCache
$handler = opendir($GLOBALS['config']['PAGECACHE']);
if ($handler!==false)
{
- while (($filename = readdir($handler))!==false)
+ while (($filename = readdir($handler))!==false)
{
if (endsWith($filename,'.cache')) { unlink($GLOBALS['config']['PAGECACHE'].'/'.$filename); }
}
@@ -209,7 +228,7 @@ function nl2br_escaped($html)
return str_replace('>','>',str_replace('<','<',nl2br($html)));
}
-/* Returns the small hash of a string
+/* Returns the small hash of a string, using RFC 4648 base64url format
eg. smallHash('20111006_131924') --> yZH23w
Small hashes:
- are unique (well, as unique as crc32, at last)
@@ -221,10 +240,7 @@ function nl2br_escaped($html)
function smallHash($text)
{
$t = rtrim(base64_encode(hash('crc32',$text,true)),'=');
- $t = str_replace('+','-',$t); // Get rid of characters which need encoding in URLs.
- $t = str_replace('/','_',$t);
- $t = str_replace('=','@',$t);
- return $t;
+ return strtr($t, '+/', '-_');
}
// In a string, converts urls to clickable links.
@@ -240,7 +256,7 @@ function text2clickable($url)
function keepMultipleSpaces($text)
{
return str_replace(' ',' ',$text);
-
+
}
// ------------------------------------------------------------------------------------------
// Sniff browser language to display dates in the right format automatically.
@@ -285,16 +301,20 @@ function allIPs()
return $ip;
}
+function fillSessionInfo() {
+ $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // generate unique random number (different than phpsessionid)
+ $_SESSION['ip']=allIPs(); // We store IP address(es) of the client to make sure session is not hijacked.
+ $_SESSION['username']=$GLOBALS['login'];
+ $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Set session expiration.
+}
+
// Check that user/password is correct.
function check_auth($login,$password)
{
$hash = sha1($password.$login.$GLOBALS['salt']);
if ($login==$GLOBALS['login'] && $hash==$GLOBALS['hash'])
{ // Login/password is correct.
- $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // generate unique random number (different than phpsessionid)
- $_SESSION['ip']=allIPs(); // We store IP address(es) of the client to make sure session is not hijacked.
- $_SESSION['username']=$login;
- $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Set session expiration.
+ fillSessionInfo();
logm('Login successful');
return True;
}
@@ -306,9 +326,14 @@ function check_auth($login,$password)
function isLoggedIn()
{
if ($GLOBALS['config']['OPEN_SHAARLI']) return true;
-
+
if (!isset($GLOBALS['login'])) return false; // Shaarli is not configured yet.
+ if (@$_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN)
+ {
+ fillSessionInfo();
+ return true;
+ }
// If session does not exist on server side, or IP address has changed, or session has expired, logout.
if (empty($_SESSION['uid']) || ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || time()>=$_SESSION['expires_on'])
{
@@ -322,7 +347,9 @@ function isLoggedIn()
}
// Force logout.
-function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']); unset($_SESSION['privateonly']); } }
+function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']); unset($_SESSION['privateonly']); }
+setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH);
+}
// ------------------------------------------------------------------------------------------
@@ -384,18 +411,19 @@ if (isset($_POST['login']))
// If user wants to keep the session cookie even after the browser closes:
if (!empty($_POST['longlastingsession']))
{
+ setcookie('shaarli_staySignedIn', STAY_SIGNED_IN_TOKEN, time()+31536000, WEB_PATH);
$_SESSION['longlastingsession']=31536000; // (31536000 seconds = 1 year)
$_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // Set session expiration on server-side.
$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
- session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir); // Set session cookie expiration on client side
+ session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['HTTP_HOST']); // Set session cookie expiration on client side
// Note: Never forget the trailing slash on the cookie path !
session_regenerate_id(true); // Send cookie with new expiration date to browser.
}
else // Standard session expiration (=when browser closes)
{
$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
- session_set_cookie_params(0,$cookiedir); // 0 means "When browser closes"
+ session_set_cookie_params(0,$cookiedir,$_SERVER['HTTP_HOST']); // 0 means "When browser closes"
session_regenerate_id(true);
}
// Optional redirect after login:
@@ -410,7 +438,9 @@ if (isset($_POST['login']))
else
{
ban_loginFailed();
- echo ''; // Redirect to login screen.
+ $redir = '';
+ if (isset($_GET['post'])) { $redir = '&post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):''); }
+ echo ''; // Redirect to login screen.
exit;
}
}
@@ -425,7 +455,7 @@ function serverUrl()
{
$https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443'; // HTTPS detection.
$serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]);
- return 'http'.($https?'s':'').'://'.$_SERVER["SERVER_NAME"].$serverport;
+ return 'http'.($https?'s':'').'://'.$_SERVER['HTTP_HOST'].$serverport;
}
// Returns the absolute URL of current script, without the query.
@@ -552,7 +582,7 @@ function getHTTP($url,$timeout=30)
{
try
{
- $options = array('http'=>array('method'=>'GET','timeout' => $timeout)); // Force network timeout
+ $options = array('http'=>array('method'=>'GET','timeout' => $timeout, 'user_agent' => 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0')); // Force network timeout
$context = stream_context_create($options);
$data=file_get_contents($url,false,$context,-1, 4000000); // We download at most 4 Mb from source.
if (!$data) { return array('HTTP Error',array(),''); }
@@ -604,7 +634,7 @@ function tokenOk($token)
p = new pageBuilder;
p.assign('myfield','myvalue');
p.renderPage('mytemplate');
-
+
*/
class pageBuilder
{
@@ -613,11 +643,11 @@ class pageBuilder
function __construct()
{
$this->tpl=false;
- }
+ }
private function initialize()
- {
- $this->tpl = new RainTPL;
+ {
+ $this->tpl = new RainTPL;
$this->tpl->assign('newversion',checkUpdate());
$this->tpl->assign('feedurl',htmlspecialchars(indexUrl()));
$searchcrits=''; // Search criteria
@@ -630,18 +660,19 @@ class pageBuilder
$this->tpl->assign('pagetitle','Shaarli');
$this->tpl->assign('privateonly',!empty($_SESSION['privateonly'])); // Show only private links ?
if (!empty($GLOBALS['title'])) $this->tpl->assign('pagetitle',$GLOBALS['title']);
+ if (!empty($GLOBALS['titleLink'])) $this->tpl->assign('titleLink',$GLOBALS['titleLink']);
if (!empty($GLOBALS['pagetitle'])) $this->tpl->assign('pagetitle',$GLOBALS['pagetitle']);
$this->tpl->assign('shaarlititle',empty($GLOBALS['title']) ? 'Shaarli': $GLOBALS['title'] );
- return;
+ return;
}
-
+
// The following assign() method is basically the same as RainTPL (except that it's lazy)
public function assign($what,$where)
{
if ($this->tpl===false) $this->initialize(); // Lazy initialization
$this->tpl->assign($what,$where);
}
-
+
// Render a specific page (using a template).
// eg. pb.renderPage('picwall')
public function renderPage($page)
@@ -659,14 +690,14 @@ class pageBuilder
echo $mylinks['20110826_161819']['title'];
foreach($mylinks as $link)
echo $link['title'].' at url '.$link['url'].' ; description:'.$link['description'];
-
+
Available keys:
title : Title of the link
url : URL of the link. Can be absolute or relative. Relative URLs are permalinks (eg.'?m-ukcw')
description : description of the entry
private : Is this link private ? 0=no, other value=yes
linkdate : date of the creation of this entry, in the form YYYYMMDD_HHMMSS (eg.'20110914_192317')
- tags : tags attached to this entry (separated by spaces)
+ tags : tags attached to this entry (separated by spaces)
We implement 3 interfaces:
- ArrayAccess so that this object behaves like an associative array.
@@ -726,7 +757,7 @@ class linkdb implements Iterator, Countable, ArrayAccess
$this->links = array();
$link = array('title'=>'Shaarli - sebsauvage.net','url'=>'http://sebsauvage.net/wiki/doku.php?id=php:shaarli','description'=>'Welcome to Shaarli ! This is a bookmark. To edit or delete me, you must first login.','private'=>0,'linkdate'=>'20110914_190000','tags'=>'opensource software');
$this->links[$link['linkdate']] = $link;
- $link = array('title'=>'My secret stuff... - Pastebin.com','url'=>'http://pastebin.com/smCEEeSn','description'=>'SShhhh!! I\'m a private link only YOU can see. You can delete me too.','private'=>1,'linkdate'=>'20110914_074522','tags'=>'secretstuff');
+ $link = array('title'=>'My secret stuff... - Pastebin.com','url'=>'http://sebsauvage.net/paste/?8434b27936c09649#bR7XsXhoTiLcqCpQbmOpBi3rq2zzQUC5hBI7ZT1O3x8=','description'=>'SShhhh!! I\'m a private link only YOU can see. You can delete me too.','private'=>1,'linkdate'=>'20110914_074522','tags'=>'secretstuff');
$this->links[$link['linkdate']] = $link;
file_put_contents($GLOBALS['config']['DATASTORE'], PHPPREFIX.base64_encode(gzdeflate(serialize($this->links))).PHPSUFFIX); // Write database to disk
}
@@ -845,7 +876,7 @@ class linkdb implements Iterator, Countable, ArrayAccess
arsort($tags); // Sort tags by usage (most used tag first)
return $tags;
}
-
+
// Returns the list of days containing articles (oldest first)
// Output: An array containing days (in format YYYYMMDD).
public function days()
@@ -862,7 +893,7 @@ class linkdb implements Iterator, Countable, ArrayAccess
}
// ------------------------------------------------------------------------------------------
-// Ouput the last 50 links in RSS 2.0 format.
+// Ouput the last N links in RSS 2.0 format.
function showRSS()
{
header('Content-Type: application/rss+xml; charset=utf-8');
@@ -884,6 +915,11 @@ function showRSS()
if (!empty($_GET['searchterm'])) $linksToDisplay = $LINKSDB->filterFulltext($_GET['searchterm']);
elseif (!empty($_GET['searchtags'])) $linksToDisplay = $LINKSDB->filterTags(trim($_GET['searchtags']));
else $linksToDisplay = $LINKSDB;
+ $nblinksToDisplay = 50; // Number of links to display.
+ if (!empty($_GET['nb'])) // In URL, you can specificy the number of links. Example: nb=200 or nb=all for all links.
+ {
+ $nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ;
+ }
$pageaddr=htmlspecialchars(indexUrl());
echo '';
@@ -898,7 +934,7 @@ function showRSS()
}
$i=0;
$keys=array(); foreach($linksToDisplay as $key=>$value) { $keys[]=$key; } // No, I can't use array_keys().
- while ($i<50 && $i'."\n\n";
$i++;
}
- echo '';
+ echo '';
$cache->cache(ob_get_contents());
ob_end_flush();
@@ -931,7 +967,7 @@ function showRSS()
}
// ------------------------------------------------------------------------------------------
-// Ouput the last 50 links in ATOM format.
+// Ouput the last N links in ATOM format.
function showATOM()
{
header('Content-Type: application/atom+xml; charset=utf-8');
@@ -954,13 +990,18 @@ function showATOM()
if (!empty($_GET['searchterm'])) $linksToDisplay = $LINKSDB->filterFulltext($_GET['searchterm']);
elseif (!empty($_GET['searchtags'])) $linksToDisplay = $LINKSDB->filterTags(trim($_GET['searchtags']));
else $linksToDisplay = $LINKSDB;
+ $nblinksToDisplay = 50; // Number of links to display.
+ if (!empty($_GET['nb'])) // In URL, you can specificy the number of links. Example: nb=200 or nb=all for all links.
+ {
+ $nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ;
+ }
$pageaddr=htmlspecialchars(indexUrl());
$latestDate = '';
$entries='';
$i=0;
$keys=array(); foreach($linksToDisplay as $key=>$value) { $keys[]=$key; } // No, I can't use array_keys().
- while ($i<50 && $i'.htmlspecialchars($pageaddr).''.htmlspecialchars($pageaddr).'';
$feed.=''.htmlspecialchars($pageaddr).''."\n\n"; // Yes, I know I should use a real IRI (RFC3987), but the site URL will do.
$feed.=$entries;
- $feed.='';
+ $feed.='';
echo $feed;
-
+
$cache->cache(ob_get_contents());
ob_end_flush();
exit;
@@ -1023,11 +1064,11 @@ function showDailyRSS()
$cached = $cache->cachedVersion(); if (!empty($cached)) { echo $cached; exit; }
// If cached was not found (or not usable), then read the database and build the response:
$LINKSDB=new linkdb(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI']); // Read links from database (and filter private links if used it not logged in).
-
+
/* Some Shaarlies may have very few links, so we need to look
back in time (rsort()) until we have enough days ($nb_of_days).
*/
- $linkdates=array(); foreach($LINKSDB as $linkdate=>$value) { $linkdates[]=$linkdate; }
+ $linkdates=array(); foreach($LINKSDB as $linkdate=>$value) { $linkdates[]=$linkdate; }
rsort($linkdates);
$nb_of_days=7; // We take 7 days.
$today=Date('Ymd');
@@ -1042,14 +1083,14 @@ function showDailyRSS()
}
if (count($days)>$nb_of_days) break; // Have we collected enough days ?
}
-
+
// Build the RSS feed.
header('Content-Type: application/rss+xml; charset=utf-8');
$pageaddr=htmlspecialchars(indexUrl());
echo '';
echo 'Daily - '.htmlspecialchars($GLOBALS['title']).''.$pageaddr.'';
echo 'Daily shared linksen-en'.$pageaddr.''."\n";
-
+
foreach($days as $day=>$linkdates) // For each day.
{
$daydate = utf8_encode(strftime('%A %d, %B %Y',linkdate2timestamp($day.'_000000'))); // Full text date
@@ -1057,7 +1098,7 @@ function showDailyRSS()
$absurl=htmlspecialchars(indexUrl().'?do=daily&day='.$day); // Absolute URL of the corresponding "Daily" page.
echo ''.htmlspecialchars($GLOBALS['title'].' - '.$daydate).''.$absurl.''.$absurl.'';
echo ''.htmlspecialchars($rfc822date)."";
-
+
// Build the HTML body of this RSS entry.
$html='';
$href='';
@@ -1067,21 +1108,21 @@ function showDailyRSS()
{
$l = $LINKSDB[$linkdate];
$l['formatedDescription']=nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($l['description']))));
- $l['thumbnail'] = thumbnail($l['url']);
- $l['localdate']=linkdate2locale($l['linkdate']);
+ $l['thumbnail'] = thumbnail($l['url']);
+ $l['localdate']=linkdate2locale($l['linkdate']);
if (startsWith($l['url'],'?')) $l['url']=indexUrl().$l['url']; // make permalink URL absolute
- $links[$linkdate]=$l;
+ $links[$linkdate]=$l;
}
// Then build the HTML for this day:
- $tpl = new RainTPL;
+ $tpl = new RainTPL;
$tpl->assign('links',$links);
$html = $tpl->draw('dailyrss',$return_string=true);
echo "\n";
echo ''."\n\n\n";
- }
- echo '';
-
+ }
+ echo '';
+
$cache->cache(ob_get_contents());
ob_end_flush();
exit;
@@ -1095,12 +1136,12 @@ function showDaily()
$day=Date('Ymd',strtotime('-1 day')); // Yesterday, in format YYYYMMDD.
if (isset($_GET['day'])) $day=$_GET['day'];
-
+
$days = $LINKSDB->days();
$i = array_search($day,$days);
if ($i==false) { $i=count($days)-1; $day=$days[$i]; }
- $previousday='';
- $nextday='';
+ $previousday='';
+ $nextday='';
if ($i!==false)
{
if ($i>1) $previousday=$days[$i-1];
@@ -1115,12 +1156,12 @@ function showDaily()
uasort($taglist, 'strcasecmp');
$linksToDisplay[$key]['taglist']=$taglist;
$linksToDisplay[$key]['formatedDescription']=nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description']))));
- $linksToDisplay[$key]['thumbnail'] = thumbnail($link['url']);
+ $linksToDisplay[$key]['thumbnail'] = thumbnail($link['url']);
}
-
+
/* We need to spread the articles on 3 columns.
I did not want to use a javascript lib like http://masonry.desandro.com/
- so I manually spread entries with a simple method: I roughly evaluate the
+ so I manually spread entries with a simple method: I roughly evaluate the
height of a div according to title and description length.
*/
$columns=array(array(),array(),array()); // Entries to display, for each column.
@@ -1148,7 +1189,7 @@ function showDaily()
$PAGE->assign('col3',$columns[2]);
$PAGE->assign('day',utf8_encode(strftime('%A %d, %B %Y',linkdate2timestamp($day.'_000000'))));
$PAGE->assign('previousday',$previousday);
- $PAGE->assign('nextday',$nextday);
+ $PAGE->assign('nextday',$nextday);
$PAGE->renderPage('daily');
exit;
}
@@ -1227,7 +1268,7 @@ function renderPage()
$PAGE->assign('linkcount',count($LINKSDB));
$PAGE->assign('tags',$tagList);
$PAGE->renderPage('tagcloud');
- exit;
+ exit;
}
// -------- User clicks on a tag in a link: The tag is added to the list of searched tags (searchtags=...)
@@ -1263,10 +1304,14 @@ function renderPage()
if (isset($_GET['linksperpage']))
{
if (is_numeric($_GET['linksperpage'])) { $_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage'])); }
- header('Location: '.(empty($_SERVER['HTTP_REFERER'])?'?':$_SERVER['HTTP_REFERER']));
+ // Make sure the referer is from Shaarli itself.
+ $referer = '?';
+ if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0)
+ $referer = $_SERVER['HTTP_REFERER'];
+ header('Location: '.$referer);
exit;
}
-
+
// -------- User wants to see only private links (toggle)
if (isset($_GET['privateonly']))
{
@@ -1278,7 +1323,11 @@ function renderPage()
{
unset($_SESSION['privateonly']); // See all links
}
- header('Location: '.(empty($_SERVER['HTTP_REFERER'])?'?':$_SERVER['HTTP_REFERER']));
+ // Make sure the referer is from Shaarli itself.
+ $referer = '?';
+ if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0)
+ $referer = $_SERVER['HTTP_REFERER'];
+ header('Location: '.$referer);
exit;
}
@@ -1350,9 +1399,11 @@ function renderPage()
$tz = $_POST['continent'].'/'.$_POST['city'];
$GLOBALS['timezone'] = $tz;
$GLOBALS['title']=$_POST['title'];
+ $GLOBALS['titleLink']=$_POST['titleLink'];
$GLOBALS['redirector']=$_POST['redirector'];
$GLOBALS['disablesessionprotection']=!empty($_POST['disablesessionprotection']);
$GLOBALS['disablejquery']=!empty($_POST['disablejquery']);
+ $GLOBALS['privateLinkByDefault']=!empty($_POST['privateLinkByDefault']);
writeConfig();
echo '';
exit;
@@ -1435,7 +1486,10 @@ function renderPage()
if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away !
$tags = trim(preg_replace('/\s\s+/',' ', $_POST['lf_tags'])); // Remove multiple spaces.
$linkdate=$_POST['lf_linkdate'];
- $link = array('title'=>trim($_POST['lf_title']),'url'=>trim($_POST['lf_url']),'description'=>trim($_POST['lf_description']),'private'=>(isset($_POST['lf_private']) ? 1 : 0),
+ $url = trim($_POST['lf_url']);
+ if (!startsWith($url,'http:') && !startsWith($url,'https:') && !startsWith($url,'ftp:') && !startsWith($url,'magnet:') && !startsWith($url,'?'))
+ $url = 'http://'.$url;
+ $link = array('title'=>trim($_POST['lf_title']),'url'=>$url,'description'=>trim($_POST['lf_description']),'private'=>(isset($_POST['lf_private']) ? 1 : 0),
'linkdate'=>$linkdate,'tags'=>str_replace(',',' ',$tags));
if ($link['title']=='') $link['title']=$link['url']; // If title is empty, use the URL as title.
$LINKSDB[$linkdate] = $link;
@@ -1512,18 +1566,41 @@ function renderPage()
$link_is_new = true; // This is a new link
$linkdate = strval(date('Ymd_His'));
$title = (empty($_GET['title']) ? '' : $_GET['title'] ); // Get title if it was provided in URL (by the bookmarklet).
- $description=''; $tags=''; $private=0;
+ $description = (empty($_GET['description']) ? '' : $_GET['description']); // Get description if it was provided in URL (by the bookmarklet). [Bronco added that]
+ $tags = (empty($_GET['tags']) ? '' : $_GET['tags'] ); // Get tags if it was provided in URL
+ $private = (!empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0); // Get private if it was provided in URL
if (($url!='') && parse_url($url,PHP_URL_SCHEME)=='') $url = 'http://'.$url;
// If this is an HTTP link, we try go get the page to extact the title (otherwise we will to straight to the edit form.)
if (empty($title) && parse_url($url,PHP_URL_SCHEME)=='http')
{
list($status,$headers,$data) = getHTTP($url,4); // Short timeout to keep the application responsive.
// FIXME: Decode charset according to specified in either 1) HTTP response headers or 2) in html
- if (strpos($status,'200 OK')!==false) $title=html_entity_decode(html_extract_title($data),ENT_QUOTES,'UTF-8');
-
+ if (strpos($status,'200 OK')!==false)
+ {
+ // Look for charset in html header.
+ preg_match('##Usi', $data, $meta);
+
+ // If found, extract encoding.
+ if (!empty($meta[0]))
+ {
+ // Get encoding specified in header.
+ preg_match('#charset="?(.*)"#si', $meta[0], $enc);
+ // If charset not found, use utf-8.
+ $html_charset = (!empty($enc[1])) ? strtolower($enc[1]) : 'utf-8';
+ }
+ else { $html_charset = 'utf-8'; }
+
+ // Extract title
+ $title = html_extract_title($data);
+ if (!empty($title))
+ {
+ // Re-encode title in utf-8 if necessary.
+ $title = ($html_charset == 'iso-8859-1') ? utf8_encode($title) : $title;
+ }
+ }
}
if ($url=='') $url='?'.smallHash($linkdate); // In case of empty URL, this is just a text (with a link that point to itself)
- $link = array('linkdate'=>$linkdate,'title'=>$title,'url'=>$url,'description'=>$description,'tags'=>$tags,'private'=>0);
+ $link = array('linkdate'=>$linkdate,'title'=>$title,'url'=>$url,'description'=>$description,'tags'=>$tags,'private'=>$private);
}
$PAGE = new pageBuilder;
@@ -1648,7 +1725,11 @@ function importFile()
{
$attr=$m[1]; $value=$m[2];
if ($attr=='HREF') $link['url']=html_entity_decode($value,ENT_QUOTES,'UTF-8');
- elseif ($attr=='ADD_DATE') $raw_add_date=intval($value);
+ elseif ($attr=='ADD_DATE')
+ {
+ $raw_add_date=intval($value);
+ if ($raw_add_date>30000000000) $raw_add_date/=1000; //If larger than year 2920, then was likely stored in milliseconds instead of seconds
+ }
elseif ($attr=='PRIVATE') $link['private']=($value=='0'?0:1);
elseif ($attr=='TAGS') $link['tags']=html_entity_decode(str_replace(',',' ',$value),ENT_QUOTES,'UTF-8');
}
@@ -1684,11 +1765,11 @@ function importFile()
}
$LINKSDB->savedb();
- echo '';
+ echo '';
}
else
{
- echo '';
+ echo '';
}
}
@@ -1727,7 +1808,7 @@ function buildLinkList($PAGE,$LINKSDB)
}
else
$linksToDisplay = $LINKSDB; // otherwise, display without filtering.
-
+
// Option: Show only private links
if (!empty($_SESSION['privateonly']))
{
@@ -1772,7 +1853,7 @@ function buildLinkList($PAGE,$LINKSDB)
$linkDisp[$keys[$i]] = $link;
$i++;
}
-
+
// Compute paging navigation
$searchterm= ( empty($_GET['searchterm']) ? '' : '&searchterm='.$_GET['searchterm'] );
$searchtags= ( empty($_GET['searchtags']) ? '' : '&searchtags='.$_GET['searchtags'] );
@@ -1780,8 +1861,8 @@ function buildLinkList($PAGE,$LINKSDB)
$previous_page_url=''; if ($i!=count($keys)) $previous_page_url='?page='.($page+1).$searchterm.$searchtags;
$next_page_url='';if ($page>1) $next_page_url='?page='.($page-1).$searchterm.$searchtags;
- $token = ''; if (isLoggedIn()) $token=getToken();
-
+ $token = ''; if (isLoggedIn()) $token=getToken();
+
// Fill all template fields.
$PAGE->assign('linkcount',count($LINKSDB));
$PAGE->assign('previous_page_url',$previous_page_url);
@@ -1790,7 +1871,7 @@ function buildLinkList($PAGE,$LINKSDB)
$PAGE->assign('page_max',$pagecount);
$PAGE->assign('result_count',count($linksToDisplay));
$PAGE->assign('search_type',$search_type);
- $PAGE->assign('search_crits',$search_crits);
+ $PAGE->assign('search_crits',$search_crits);
$PAGE->assign('redirector',empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector']); // optional redirector URL
$PAGE->assign('token',$token);
$PAGE->assign('links',$linkDisp);
@@ -1798,7 +1879,7 @@ function buildLinkList($PAGE,$LINKSDB)
}
// Compute the thumbnail for a link.
-//
+//
// with a link to the original URL.
// Understands various services (youtube.com...)
// Input: $url = url for which the thumbnail must be found.
@@ -1825,15 +1906,15 @@ function computeThumbnail($url,$href=false)
{
$path = parse_url($url,PHP_URL_PATH);
return array('src'=>'http://img.youtube.com/vi'.$path.'/default.jpg',
- 'href'=>$href,'width'=>'120','height'=>'90','alt'=>'YouTube thumbnail');
+ 'href'=>$href,'width'=>'120','height'=>'90','alt'=>'YouTube thumbnail');
}
if ($domain=='pix.toile-libre.org') // pix.toile-libre.org image hosting
{
parse_str(parse_url($url,PHP_URL_QUERY), $params); // Extract image filename.
if (!empty($params) && !empty($params['img'])) return array('src'=>'http://pix.toile-libre.org/upload/thumb/'.urlencode($params['img']),
- 'href'=>$href,'style'=>'max-width:120px; max-height:150px','alt'=>'pix.toile-libre.org thumbnail');
- }
-
+ 'href'=>$href,'style'=>'max-width:120px; max-height:150px','alt'=>'pix.toile-libre.org thumbnail');
+ }
+
if ($domain=='imgur.com')
{
$path = parse_url($url,PHP_URL_PATH);
@@ -1912,7 +1993,7 @@ function computeThumbnail($url,$href=false)
{
$sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation)
return array('src'=>indexUrl().'?do=genthumbnail&hmac='.htmlspecialchars($sign).'&url='.urlencode($url),
- 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail');
+ 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail');
}
return array(); // No thumbnail.
@@ -1929,7 +2010,7 @@ function thumbnail($url,$href=false)
{
$t = computeThumbnail($url,$href);
if (count($t)==0) return ''; // Empty array = no thumbnail for this URL.
-
+
$html='';
-
+
// Lazy image (only loaded by javascript when in the viewport).
if (!empty($GLOBALS['disablejquery'])) // (except if jQuery is disabled)
$html.='';
-
+
// No-javascript fallback.
$html.='';
-
+
return $html;
}
@@ -1984,7 +2064,7 @@ function lazyThumbnail($url,$href=false)
function install()
{
// On free.fr host, make sure the /sessions directory exists, otherwise login will not work.
- if (endsWith($_SERVER['SERVER_NAME'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705);
+ if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705);
// This part makes sure sessions works correctly.
@@ -2028,7 +2108,7 @@ function install()
// Display config form:
list($timezone_form,$timezone_js) = templateTZform();
$timezone_html=''; if ($timezone_form!='') $timezone_html='
Timezone:
'.$timezone_form.'
';
-
+
$PAGE = new pageBuilder;
$PAGE->assign('timezone_html',$timezone_html);
$PAGE->assign('timezone_js',$timezone_js);
@@ -2097,7 +2177,42 @@ function isTZvalid($continent,$city)
}
return false;
}
-
+if (!function_exists('json_encode')) {
+ function json_encode($data) {
+ switch ($type = gettype($data)) {
+ case 'NULL':
+ return 'null';
+ case 'boolean':
+ return ($data ? 'true' : 'false');
+ case 'integer':
+ case 'double':
+ case 'float':
+ return $data;
+ case 'string':
+ return '"' . addslashes($data) . '"';
+ case 'object':
+ $data = get_object_vars($data);
+ case 'array':
+ $output_index_count = 0;
+ $output_indexed = array();
+ $output_associative = array();
+ foreach ($data as $key => $value) {
+ $output_indexed[] = json_encode($value);
+ $output_associative[] = json_encode($key) . ':' . json_encode($value);
+ if ($output_index_count !== NULL && $output_index_count++ !== $key) {
+ $output_index_count = NULL;
+ }
+ }
+ if ($output_index_count !== NULL) {
+ return '[' . implode(',', $output_indexed) . ']';
+ } else {
+ return '{' . implode(',', $output_associative) . '}';
+ }
+ default:
+ return ''; // Not supported
+ }
+ }
+}
// Webservices (for use with jQuery/jQueryUI)
// eg. index.php?ws=tags&term=minecr
@@ -2147,9 +2262,11 @@ function writeConfig()
if (is_file($GLOBALS['config']['CONFIG_FILE']) && !isLoggedIn()) die('You are not authorized to alter config.'); // Only logged in user can alter config.
$config='';
if (!file_put_contents($GLOBALS['config']['CONFIG_FILE'],$config) || strcmp(file_get_contents($GLOBALS['config']['CONFIG_FILE']),$config)!=0)
{
@@ -2266,7 +2383,7 @@ function genThumbnail()
// The thumbnail for TED talks is located in the tag on that page
// http://www.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net.html
//
- list($httpstatus,$headers,$data) = getHTTP($url,5);
+ list($httpstatus,$headers,$data) = getHTTP($url,5);
if (strpos($httpstatus,'200 OK')!==false)
{
// Extract the link to the thumbnail
@@ -2289,7 +2406,7 @@ function genThumbnail()
}
}
}
-
+
elseif ($domain=='xkcd.com' || endsWith($domain,'.xkcd.com'))
{
// There is no thumbnail available for xkcd comics, so download the whole image and resize it.
@@ -2317,7 +2434,7 @@ function genThumbnail()
}
}
}
- }
+ }
else
{
@@ -2389,8 +2506,8 @@ if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=g
if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=rss')) { showRSS(); exit; }
if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=atom')) { showATOM(); exit; }
if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=dailyrss')) { showDailyRSS(); exit; }
-if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=daily')) { showDaily(); exit; }
+if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=daily')) { showDaily(); exit; }
if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'ws=')) { processWS(); exit; } // Webservices (for jQuery/jQueryUI)
if (!isset($_SESSION['LINKS_PER_PAGE'])) $_SESSION['LINKS_PER_PAGE']=$GLOBALS['config']['LINKS_PER_PAGE'];
renderPage();
-?>
\ No newline at end of file
+?>