<?php
/**
- * Shaarli v0.7.0 - Shaare your links...
+ * Shaarli v0.8.7 - Shaare your links...
*
* The personal, minimalist, super-fast, database free, bookmarking service.
*
/*
* PHP configuration
*/
-define('shaarli_version', '0.7.0');
+define('shaarli_version', '0.8.7');
// http://server.com/x/shaarli --> /shaarli/
define('WEB_PATH', substr($_SERVER['REQUEST_URI'], 0, 1+strrpos($_SERVER['REQUEST_URI'], '/', 0)));
//error_reporting(-1);
+// 3rd-party libraries
+if (! file_exists(__DIR__ . '/vendor/autoload.php')) {
+ header('Content-Type: text/plain; charset=utf-8');
+ echo "Error: missing Composer configuration\n\n"
+ ."If you installed Shaarli through Git or using the development branch,\n"
+ ."please refer to the installation documentation to install PHP"
+ ." dependencies using Composer:\n"
+ ."- https://github.com/shaarli/Shaarli/wiki/Server-requirements\n"
+ ."- https://github.com/shaarli/Shaarli/wiki/Download-and-Installation";
+ exit;
+}
+require_once 'inc/rain.tpl.class.php';
+require_once __DIR__ . '/vendor/autoload.php';
+
// Shaarli library
require_once 'application/ApplicationUtils.php';
require_once 'application/Cache.php';
require_once 'application/PluginManager.php';
require_once 'application/Router.php';
require_once 'application/Updater.php';
-require_once 'inc/rain.tpl.class.php';
// Ensure the PHP version is supported
try {
function ban_loginFailed($conf)
{
$ip = $_SERVER['REMOTE_ADDR'];
+ $trusted = $conf->get('security.trusted_proxies', array());
+ if (in_array($ip, $trusted)) {
+ $ip = getIpAddressFromProxy($_SERVER, $trusted);
+ if (!$ip) {
+ return;
+ }
+ }
$gb = $GLOBALS['IPBANS'];
- if (!isset($gb['FAILURES'][$ip])) $gb['FAILURES'][$ip]=0;
+ if (! isset($gb['FAILURES'][$ip])) {
+ $gb['FAILURES'][$ip]=0;
+ }
$gb['FAILURES'][$ip]++;
if ($gb['FAILURES'][$ip] > ($conf->get('security.ban_after') - 1))
{
else
{
ban_loginFailed($conf);
- $redir = '&username='. $_POST['login'];
+ $redir = '&username='. urlencode($_POST['login']);
if (isset($_GET['post'])) {
$redir .= '&post=' . urlencode($_GET['post']);
foreach (array('description', 'source', 'title') as $param) {
);
/* Some Shaarlies may have very few links, so we need to look
- back in time (rsort()) until we have enough days ($nb_of_days).
+ back in time until we have enough days ($nb_of_days).
*/
- $linkdates = array();
- foreach ($LINKSDB as $linkdate => $value) {
- $linkdates[] = $linkdate;
- }
- rsort($linkdates);
$nb_of_days = 7; // We take 7 days.
$today = date('Ymd');
$days = array();
- foreach ($linkdates as $linkdate) {
- $day = substr($linkdate, 0, 8); // Extract day (without time)
- if (strcmp($day,$today) < 0) {
+ foreach ($LINKSDB as $link) {
+ $day = $link['created']->format('Ymd'); // Extract day (without time)
+ if (strcmp($day, $today) < 0) {
if (empty($days[$day])) {
$days[$day] = array();
}
- $days[$day][] = $linkdate;
+ $days[$day][] = $link;
}
if (count($days) > $nb_of_days) {
echo '<copyright>'. $pageaddr .'</copyright>'. PHP_EOL;
// For each day.
- foreach ($days as $day => $linkdates) {
+ foreach ($days as $day => $links) {
$dayDate = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $day.'_000000');
$absurl = escape(index_url($_SERVER).'?do=daily&day='.$day); // Absolute URL of the corresponding "Daily" page.
- // Build the HTML body of this RSS entry.
- $html = '';
- $href = '';
- $links = array();
-
// We pre-format some fields for proper output.
- foreach ($linkdates as $linkdate) {
- $l = $LINKSDB[$linkdate];
- $l['formatedDescription'] = format_description($l['description'], $conf->get('redirector.url'));
- $l['thumbnail'] = thumbnail($conf, $l['url']);
- $l_date = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $l['linkdate']);
- $l['timestamp'] = $l_date->getTimestamp();
- if (startsWith($l['url'], '?')) {
- $l['url'] = index_url($_SERVER) . $l['url']; // make permalink URL absolute
+ foreach ($links as &$link) {
+ $link['formatedDescription'] = format_description($link['description'], $conf->get('redirector.url'));
+ $link['thumbnail'] = thumbnail($conf, $link['url']);
+ $link['timestamp'] = $link['created']->getTimestamp();
+ if (startsWith($link['url'], '?')) {
+ $link['url'] = index_url($_SERVER) . $link['url']; // make permalink URL absolute
}
- $links[$linkdate] = $l;
}
// Then build the HTML for this day:
$linksToDisplay[$key]['taglist']=$taglist;
$linksToDisplay[$key]['formatedDescription'] = format_description($link['description'], $conf->get('redirector.url'));
$linksToDisplay[$key]['thumbnail'] = thumbnail($conf, $link['url']);
- $date = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $link['linkdate']);
- $linksToDisplay[$key]['timestamp'] = $date->getTimestamp();
+ $linksToDisplay[$key]['timestamp'] = $link['created']->getTimestamp();
}
/* We need to spread the articles on 3 columns.
$PAGE = new PageBuilder($conf);
$PAGE->assign('linkcount', count($LINKSDB));
$PAGE->assign('privateLinkcount', count_private($LINKSDB));
+ $PAGE->assign('plugin_errors', $pluginManager->getErrors());
// Determine which page will be rendered.
$query = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : '';
// Get only links which have a thumbnail.
foreach($links as $link)
{
- $permalink='?'.escape(smallhash($link['linkdate']));
+ $permalink='?'.$link['shorturl'];
$thumb=lazyThumbnail($conf, $link['url'],$permalink);
if ($thumb!='') // Only output links which have a thumbnail.
{
$maxcount = max($maxcount, $value);
}
- // Sort tags alphabetically: case insensitive, support locale if avalaible.
+ // Sort tags alphabetically: case insensitive, support locale if available.
uksort($tags, function($a, $b) {
// Collator is part of PHP intl.
if (class_exists('Collator')) {
{
$data = array(
'pageabsaddr' => index_url($_SERVER),
+ 'sslenabled' => !empty($_SERVER['HTTPS'])
);
$pluginManager->executeHooks('render_tools', $data);
$value['tags']=trim(implode(' ',$tags));
$LINKSDB[$key]=$value;
}
- $LINKSDB->savedb($conf->get('resource.page_cache'));
+ $LINKSDB->save($conf->get('resource.page_cache'));
echo '<script>alert("Tag was removed from '.count($linksToAlter).' links.");document.location=\'?\';</script>';
exit;
}
$value['tags']=trim(implode(' ',$tags));
$LINKSDB[$key]=$value;
}
- $LINKSDB->savedb($conf->get('resource.page_cache')); // Save to disk.
+ $LINKSDB->save($conf->get('resource.page_cache')); // Save to disk.
echo '<script>alert("Tag was renamed in '.count($linksToAlter).' links.");document.location=\'?searchtags='.urlencode($_POST['totag']).'\';</script>';
exit;
}
if (! tokenOk($_POST['token'])) {
die('Wrong token.');
}
+
+ // lf_id should only be present if the link exists.
+ $id = !empty($_POST['lf_id']) ? intval(escape($_POST['lf_id'])) : $LINKSDB->getNextId();
+ // Linkdate is kept here to:
+ // - use the same permalink for notes as they're displayed when creating them
+ // - let users hack creation date of their posts
+ // See: https://github.com/shaarli/Shaarli/wiki/Datastore-hacks#changing-the-timestamp-for-a-link
+ $linkdate = escape($_POST['lf_linkdate']);
+ if (isset($LINKSDB[$id])) {
+ // Edit
+ $created = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $linkdate);
+ $updated = new DateTime();
+ $shortUrl = $LINKSDB[$id]['shorturl'];
+ } else {
+ // New link
+ $created = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $linkdate);
+ $updated = null;
+ $shortUrl = link_small_hash($created, $id);
+ }
+
// Remove multiple spaces.
$tags = trim(preg_replace('/\s\s+/', ' ', $_POST['lf_tags']));
// Remove first '-' char in tags.
$tags = preg_replace('/(^| )\-/', '$1', $tags);
// Remove duplicates.
$tags = implode(' ', array_unique(explode(' ', $tags)));
- $linkdate = $_POST['lf_linkdate'];
+
$url = trim($_POST['lf_url']);
if (! startsWith($url, 'http:') && ! startsWith($url, 'https:')
&& ! startsWith($url, 'ftp:') && ! startsWith($url, 'magnet:')
}
$link = array(
+ 'id' => $id,
'title' => trim($_POST['lf_title']),
'url' => $url,
'description' => $_POST['lf_description'],
'private' => (isset($_POST['lf_private']) ? 1 : 0),
- 'linkdate' => $linkdate,
- 'tags' => str_replace(',', ' ', $tags)
+ 'created' => $created,
+ 'updated' => $updated,
+ 'tags' => str_replace(',', ' ', $tags),
+ 'shorturl' => $shortUrl,
);
+
// If title is empty, use the URL as title.
if ($link['title'] == '') {
$link['title'] = $link['url'];
$pluginManager->executeHooks('save_link', $link);
- $LINKSDB[$linkdate] = $link;
- $LINKSDB->savedb($conf->get('resource.page_cache'));
+ $LINKSDB[$id] = $link;
+ $LINKSDB->save($conf->get('resource.page_cache'));
pubsubhub($conf);
// If we are called from the bookmarklet, we must close the popup:
$returnurl = !empty($_POST['returnurl']) ? $_POST['returnurl'] : '?';
$location = generateLocation($returnurl, $_SERVER['HTTP_HOST'], array('addlink', 'post', 'edit_link'));
// Scroll to the link which has been edited.
- $location .= '#' . smallHash($_POST['lf_linkdate']);
+ $location .= '#' . $link['shorturl'];
// After saving the link, redirect to the page the user was on.
header('Location: '. $location);
exit;
{
// If we are called from the bookmarklet, we must close the popup:
if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; }
+ $link = $LINKSDB[(int) escape($_POST['lf_id'])];
$returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' );
- $returnurl .= '#'.smallHash($_POST['lf_linkdate']); // Scroll to the link which has been edited.
+ // Scroll to the link which has been edited.
+ $returnurl .= '#'. $link['shorturl'];
$returnurl = generateLocation($returnurl, $_SERVER['HTTP_HOST'], array('addlink', 'post', 'edit_link'));
header('Location: '.$returnurl); // After canceling, redirect to the page the user was on.
exit;
if (isset($_POST['delete_link']))
{
if (!tokenOk($_POST['token'])) die('Wrong token.');
+
// We do not need to ask for confirmation:
// - confirmation is handled by JavaScript
// - we are protected from XSRF by the token.
- $linkdate=$_POST['lf_linkdate'];
- $pluginManager->executeHooks('delete_link', $LINKSDB[$linkdate]);
+ // FIXME! We keep `lf_linkdate` for consistency before a proper API. To be removed.
+ $id = isset($_POST['lf_id']) ? intval(escape($_POST['lf_id'])) : intval(escape($_POST['lf_linkdate']));
+
+ $pluginManager->executeHooks('delete_link', $LINKSDB[$id]);
- unset($LINKSDB[$linkdate]);
- $LINKSDB->savedb('resource.page_cache'); // save to disk
+ unset($LINKSDB[$id]);
+ $LINKSDB->save('resource.page_cache'); // save to disk
// If we are called from the bookmarklet, we must close the popup:
if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; }
// -------- User clicked the "EDIT" button on a link: Display link edit form.
if (isset($_GET['edit_link']))
{
- $link = $LINKSDB[$_GET['edit_link']]; // Read database
+ $id = (int) escape($_GET['edit_link']);
+ $link = $LINKSDB[$id]; // Read database
if (!$link) { header('Location: ?'); exit; } // Link not found in database.
+ $link['linkdate'] = $link['created']->format(LinkDB::LINK_DATE_FORMAT);
$data = array(
'link' => $link,
'link_is_new' => false,
$link_is_new = false;
// Check if URL is not already in database (in this case, we will edit the existing link)
$link = $LINKSDB->getLinkFromUrl($url);
- if (!$link)
+ if (! $link)
{
$link_is_new = true;
- $linkdate = strval(date('Ymd_His'));
+ $linkdate = strval(date(LinkDB::LINK_DATE_FORMAT));
// Get title if it was provided in URL (by the bookmarklet).
$title = empty($_GET['title']) ? '' : escape($_GET['title']);
// Get description if it was provided in URL (by the bookmarklet). [Bronco added that]
}
if ($url == '') {
- $url = '?' . smallHash($linkdate);
+ $url = '?' . smallHash($linkdate . $LINKSDB->getNextId());
$title = 'Note: ';
}
$url = escape($url);
'tags' => $tags,
'private' => $private
);
+ } else {
+ $link['linkdate'] = $link['created']->format(LinkDB::LINK_DATE_FORMAT);
}
$data = array(
exit;
}
- // -------- User is uploading a file for import
- if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=upload'))
- {
- // If file is too big, some form field may be missing.
- if (!isset($_POST['token']) || (!isset($_FILES)) || (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size']==0))
- {
- $returnurl = ( empty($_SERVER['HTTP_REFERER']) ? '?' : $_SERVER['HTTP_REFERER'] );
- echo '<script>alert("The file you are trying to upload is probably bigger than what this webserver can accept ('.getMaxFileSize().' bytes). Please upload in smaller chunks.");document.location=\''.escape($returnurl).'\';</script>';
+ if ($targetPage == Router::$PAGE_IMPORT) {
+ // Upload a Netscape bookmark dump to import its contents
+
+ if (! isset($_POST['token']) || ! isset($_FILES['filetoupload'])) {
+ // Show import dialog
+ $PAGE->assign('maxfilesize', getMaxFileSize());
+ $PAGE->renderPage('import');
exit;
}
- if (!tokenOk($_POST['token'])) die('Wrong token.');
- importFile($LINKSDB);
- exit;
- }
- // -------- Show upload/import dialog:
- if ($targetPage == Router::$PAGE_IMPORT)
- {
- $PAGE->assign('maxfilesize',getMaxFileSize());
- $PAGE->renderPage('import');
+ // Import bookmarks from an uploaded file
+ if (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size'] == 0) {
+ // The file is too big or some form field may be missing.
+ echo '<script>alert("The file you are trying to upload is probably'
+ .' bigger than what this webserver can accept ('
+ .getMaxFileSize().' bytes).'
+ .' Please upload in smaller chunks.");document.location=\'?do='
+ .Router::$PAGE_IMPORT .'\';</script>';
+ exit;
+ }
+ if (! tokenOk($_POST['token'])) {
+ die('Wrong token.');
+ }
+ $status = NetscapeBookmarkUtils::import(
+ $_POST,
+ $_FILES,
+ $LINKSDB,
+ $conf->get('resource.page_cache')
+ );
+ echo '<script>alert("'.$status.'");document.location=\'?do='
+ .Router::$PAGE_IMPORT .'\';</script>';
exit;
}
exit;
}
-/**
- * Process the import file form.
- *
- * @param LinkDB $LINKSDB Loaded LinkDB instance.
- * @param ConfigManager $conf Configuration Manager instance.
- */
-function importFile($LINKSDB, $conf)
-{
- if (!isLoggedIn()) { die('Not allowed.'); }
-
- $filename=$_FILES['filetoupload']['name'];
- $filesize=$_FILES['filetoupload']['size'];
- $data=file_get_contents($_FILES['filetoupload']['tmp_name']);
- $private = (empty($_POST['private']) ? 0 : 1); // Should the links be imported as private?
- $overwrite = !empty($_POST['overwrite']) ; // Should the imported links overwrite existing ones?
- $import_count=0;
-
- // Sniff file type:
- $type='unknown';
- if (startsWith($data,'<!DOCTYPE NETSCAPE-Bookmark-file-1>')) $type='netscape'; // Netscape bookmark file (aka Firefox).
-
- // Then import the bookmarks.
- if ($type=='netscape')
- {
- // This is a standard Netscape-style bookmark file.
- // This format is supported by all browsers (except IE, of course), also Delicious, Diigo and others.
- foreach(explode('<DT>',$data) as $html) // explode is very fast
- {
- $link = array('linkdate'=>'','title'=>'','url'=>'','description'=>'','tags'=>'','private'=>0);
- $d = explode('<DD>',$html);
- if (startsWith($d[0], '<A '))
- {
- $link['description'] = (isset($d[1]) ? html_entity_decode(trim($d[1]),ENT_QUOTES,'UTF-8') : ''); // Get description (optional)
- preg_match('!<A .*?>(.*?)</A>!i',$d[0],$matches); $link['title'] = (isset($matches[1]) ? trim($matches[1]) : ''); // Get title
- $link['title'] = html_entity_decode($link['title'],ENT_QUOTES,'UTF-8');
- preg_match_all('! ([A-Z_]+)=\"(.*?)"!i',$html,$matches,PREG_SET_ORDER); // Get all other attributes
- $raw_add_date=0;
- foreach($matches as $m)
- {
- $attr=$m[1]; $value=$m[2];
- if ($attr=='HREF') $link['url']=html_entity_decode($value,ENT_QUOTES,'UTF-8');
- elseif ($attr=='ADD_DATE')
- {
- $raw_add_date=intval($value);
- if ($raw_add_date>30000000000) $raw_add_date/=1000; //If larger than year 2920, then was likely stored in milliseconds instead of seconds
- }
- elseif ($attr=='PRIVATE') $link['private']=($value=='0'?0:1);
- elseif ($attr=='TAGS') $link['tags']=html_entity_decode(str_replace(',',' ',$value),ENT_QUOTES,'UTF-8');
- }
- if ($link['url']!='')
- {
- if ($private==1) $link['private']=1;
- $dblink = $LINKSDB->getLinkFromUrl($link['url']); // See if the link is already in database.
- if ($dblink==false)
- { // Link not in database, let's import it...
- if (empty($raw_add_date)) $raw_add_date=time(); // In case of shitty bookmark file with no ADD_DATE
-
- // Make sure date/time is not already used by another link.
- // (Some bookmark files have several different links with the same ADD_DATE)
- // We increment date by 1 second until we find a date which is not used in DB.
- // (so that links that have the same date/time are more or less kept grouped by date, but do not conflict.)
- while (!empty($LINKSDB[date('Ymd_His',$raw_add_date)])) { $raw_add_date++; }// Yes, I know it's ugly.
- $link['linkdate']=date('Ymd_His',$raw_add_date);
- $LINKSDB[$link['linkdate']] = $link;
- $import_count++;
- }
- else // Link already present in database.
- {
- if ($overwrite)
- { // If overwrite is required, we import link data, except date/time.
- $link['linkdate']=$dblink['linkdate'];
- $LINKSDB[$link['linkdate']] = $link;
- $import_count++;
- }
- }
-
- }
- }
- }
- $LINKSDB->savedb($conf->get('resource.page_cache'));
-
- echo '<script>alert("File '.json_encode($filename).' ('.$filesize.' bytes) was successfully processed: '.$import_count.' links imported.");document.location=\'?\';</script>';
- }
- else
- {
- echo '<script>alert("File '.json_encode($filename).' ('.$filesize.' bytes) has an unknown file format. Nothing was imported.");document.location=\'?\';</script>';
- }
-}
-
/**
* Template for the list of links (<div id="linklist">)
* This function fills all the necessary fields in the $PAGE for the template 'linklist.html'
$link['description'] = format_description($link['description'], $conf->get('redirector.url'));
$classLi = ($i % 2) != 0 ? '' : 'publicLinkHightLight';
$link['class'] = $link['private'] == 0 ? $classLi : 'private';
- $date = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $link['linkdate']);
- $link['timestamp'] = $date->getTimestamp();
+ $link['timestamp'] = $link['created']->getTimestamp();
+ if (! empty($link['updated'])) {
+ $link['updated_timestamp'] = $link['updated']->getTimestamp();
+ } else {
+ $link['updated_timestamp'] = '';
+ }
$taglist = explode(' ', $link['tags']);
uasort($taglist, 'strcasecmp');
$link['taglist'] = $taglist;
- $link['shorturl'] = smallHash($link['linkdate']);
// Check for both signs of a note: starting with ? and 7 chars long.
if ($link['url'][0] === '?' &&
strlen($link['url']) === 7) {
$next_page_url = '?page=' . ($page-1) . $searchtermUrl . $searchtagsUrl;
}
- $token = isLoggedIn() ? getToken($conf) : '';
-
// Fill all template fields.
$data = array(
'previous_page_url' => $previous_page_url,
projects / github / shaarli / Shaarli.git / blobdiff