<?php
-// Shaarli 0.0.40 beta - Shaare your links...
+// Shaarli 0.0.42 beta - Shaare your links...
// The personal, minimalist, super-fast, no-database delicious clone. By sebsauvage.net
// http://sebsauvage.net/wiki/doku.php?id=php:shaarli
// Licence: http://www.opensource.org/licenses/zlib-license.php
// Requires: php 5.1.x (but autocomplete fields will only work if you have php 5.2.x)
+// -----------------------------------------------------------------------------------------------
+// NEVER TRUST IN PHP.INI
+// Some hosts do not define a default timezone in php.ini,
+// so we have to do this for avoid the strict standard error.
+date_default_timezone_set('UTC');
+
// -----------------------------------------------------------------------------------------------
// Hardcoded parameter (These parameters can be overwritten by creating the file /config/options.php)
$GLOBALS['config']['DATADIR'] = 'data'; // Data subdirectory
// Optionnal config file.
if (is_file($GLOBALS['config']['DATADIR'].'/options.php')) require($GLOBALS['config']['DATADIR'].'/options.php');
-define('shaarli_version','0.0.40 beta');
+define('shaarli_version','0.0.42 beta');
define('PHPPREFIX','<?php /* '); // Prefix to encapsulate data in php code.
define('PHPSUFFIX',' */ ?>'); // Suffix to encapsulate data in php code.
+// http://server.com/x/shaarli --> /shaarli/
+define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUEST_URI"], '/', 0)));
// Force cookie path (but do not change lifetime)
$cookie=session_get_cookie_params();
$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
-session_set_cookie_params($cookie['lifetime'],$cookiedir); // Set default cookie expiration and path.
+session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['HTTP_HOST']); // Set default cookie expiration and path.
// Set session parameters on server side.
define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired.
header("Pragma: no-cache");
// Directories creations (Note that your web host may require differents rights than 705.)
+if (!is_writable(realpath(dirname(__FILE__)))) die('<pre>ERROR: Shaarli does not have the right to write in its own directory ('.realpath(dirname(__FILE__)).').</pre>');
if (!is_dir($GLOBALS['config']['DATADIR'])) { mkdir($GLOBALS['config']['DATADIR'],0705); chmod($GLOBALS['config']['DATADIR'],0705); }
if (!is_dir('tmp')) { mkdir('tmp',0705); chmod('tmp',0705); } // For RainTPL temporary files.
if (!is_file($GLOBALS['config']['DATADIR'].'/.htaccess')) { file_put_contents($GLOBALS['config']['DATADIR'].'/.htaccess',"Allow from none\nDeny from all\n"); } // Protect data files.
+// Second check to see if Shaarli can write in its directory, because on some hosts is_writable() is not reliable.
+if (!is_file($GLOBALS['config']['DATADIR'].'/.htaccess')) die('<pre>ERROR: Shaarli does not have the right to write in its data directory ('.realpath($GLOBALS['config']['DATADIR']).').</pre>');
if ($GLOBALS['config']['ENABLE_LOCALCACHE'])
{
if (!is_dir($GLOBALS['config']['CACHEDIR'])) { mkdir($GLOBALS['config']['CACHEDIR'],0705); chmod($GLOBALS['config']['CACHEDIR'],0705); }
if (!is_file($GLOBALS['config']['CACHEDIR'].'/.htaccess')) { file_put_contents($GLOBALS['config']['CACHEDIR'].'/.htaccess',"Allow from none\nDeny from all\n"); } // Protect data files.
}
+// Handling of old config file which do not have the new parameters.
+if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.htmlspecialchars(indexUrl());
+if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get();
+if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']='';
+if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false;
+if (empty($GLOBALS['disablejquery'])) $GLOBALS['disablejquery']=false;
+if (empty($GLOBALS['privateLinkByDefault'])) $GLOBALS['privateLinkByDefault']=false;
+// I really need to rewrite Shaarli with a proper configuation manager.
+
// Run config screen if first run:
if (!is_file($GLOBALS['config']['CONFIG_FILE'])) install();
require $GLOBALS['config']['CONFIG_FILE']; // Read login/password hash into $GLOBALS.
-// Handling of old config file which do not have the new parameters.
-if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.htmlspecialchars(indexUrl());
-if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get();
-if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false;
+// a token depending of deployment salt, user password, and the current ip
+define('STAY_SIGNED_IN_TOKEN', sha1($GLOBALS['hash'].$_SERVER["REMOTE_ADDR"].$GLOBALS['salt']));
autoLocale(); // Sniff browser language and set date format accordingly.
header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling.
private $shouldBeCached; // boolean: Should this url be cached ?
private $filename; // Name of the cache file for this url
- /*
+ /*
$url = url (typically the value returned by pageUrl())
$shouldBeCached = boolean. If false, the cache will be disabled.
*/
$this->url = $url;
$this->filename = $GLOBALS['config']['PAGECACHE'].'/'.sha1($url).'.cache';
$this->shouldBeCached = $shouldBeCached;
- }
+ }
// If the page should be cached and a cached version exists,
// returns the cached version (otherwise, return null).
$handler = opendir($GLOBALS['config']['PAGECACHE']);
if ($handler!==false)
{
- while (($filename = readdir($handler))!==false)
+ while (($filename = readdir($handler))!==false)
{
if (endsWith($filename,'.cache')) { unlink($GLOBALS['config']['PAGECACHE'].'/'.$filename); }
}
return str_replace('>','>',str_replace('<','<',nl2br($html)));
}
-/* Returns the small hash of a string
+/* Returns the small hash of a string, using RFC 4648 base64url format
eg. smallHash('20111006_131924') --> yZH23w
Small hashes:
- are unique (well, as unique as crc32, at last)
function smallHash($text)
{
$t = rtrim(base64_encode(hash('crc32',$text,true)),'=');
- $t = str_replace('+','-',$t); // Get rid of characters which need encoding in URLs.
- $t = str_replace('/','_',$t);
- $t = str_replace('=','@',$t);
- return $t;
+ return strtr($t, '+/', '-_');
}
// In a string, converts urls to clickable links.
function keepMultipleSpaces($text)
{
return str_replace(' ',' ',$text);
-
+
}
// ------------------------------------------------------------------------------------------
// Sniff browser language to display dates in the right format automatically.
return $ip;
}
+function fillSessionInfo() {
+ $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // generate unique random number (different than phpsessionid)
+ $_SESSION['ip']=allIPs(); // We store IP address(es) of the client to make sure session is not hijacked.
+ $_SESSION['username']=$GLOBALS['login'];
+ $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Set session expiration.
+}
+
// Check that user/password is correct.
function check_auth($login,$password)
{
$hash = sha1($password.$login.$GLOBALS['salt']);
if ($login==$GLOBALS['login'] && $hash==$GLOBALS['hash'])
{ // Login/password is correct.
- $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // generate unique random number (different than phpsessionid)
- $_SESSION['ip']=allIPs(); // We store IP address(es) of the client to make sure session is not hijacked.
- $_SESSION['username']=$login;
- $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Set session expiration.
+ fillSessionInfo();
logm('Login successful');
return True;
}
function isLoggedIn()
{
if ($GLOBALS['config']['OPEN_SHAARLI']) return true;
-
+
if (!isset($GLOBALS['login'])) return false; // Shaarli is not configured yet.
+ if (@$_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN)
+ {
+ fillSessionInfo();
+ return true;
+ }
// If session does not exist on server side, or IP address has changed, or session has expired, logout.
if (empty($_SESSION['uid']) || ($GLOBALS['disablesessionprotection']==false && $_SESSION['ip']!=allIPs()) || time()>=$_SESSION['expires_on'])
{
}
// Force logout.
-function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']);} }
+function logout() { if (isset($_SESSION)) { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']); unset($_SESSION['privateonly']); }
+setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH);
+}
// ------------------------------------------------------------------------------------------
// If user wants to keep the session cookie even after the browser closes:
if (!empty($_POST['longlastingsession']))
{
+ setcookie('shaarli_staySignedIn', STAY_SIGNED_IN_TOKEN, time()+31536000, WEB_PATH);
$_SESSION['longlastingsession']=31536000; // (31536000 seconds = 1 year)
$_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // Set session expiration on server-side.
$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
- session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir); // Set session cookie expiration on client side
+ session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['HTTP_HOST']); // Set session cookie expiration on client side
// Note: Never forget the trailing slash on the cookie path !
session_regenerate_id(true); // Send cookie with new expiration date to browser.
}
else // Standard session expiration (=when browser closes)
{
$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
- session_set_cookie_params(0,$cookiedir); // 0 means "When browser closes"
+ session_set_cookie_params(0,$cookiedir,$_SERVER['HTTP_HOST']); // 0 means "When browser closes"
session_regenerate_id(true);
}
// Optional redirect after login:
else
{
ban_loginFailed();
- echo '<script language="JavaScript">alert("Wrong login/password.");document.location=\'?do=login\';</script>'; // Redirect to login screen.
+ $redir = '';
+ if (isset($_GET['post'])) { $redir = '&post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):''); }
+ echo '<script language="JavaScript">alert("Wrong login/password.");document.location=\'?do=login'.$redir.'\';</script>'; // Redirect to login screen.
exit;
}
}
{
$https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443'; // HTTPS detection.
$serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]);
- return 'http'.($https?'s':'').'://'.$_SERVER["SERVER_NAME"].$serverport;
+ return 'http'.($https?'s':'').'://'.$_SERVER['HTTP_HOST'].$serverport;
}
// Returns the absolute URL of current script, without the query.
{
try
{
- $options = array('http'=>array('method'=>'GET','timeout' => $timeout)); // Force network timeout
+ $options = array('http'=>array('method'=>'GET','timeout' => $timeout, 'user_agent' => 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0')); // Force network timeout
$context = stream_context_create($options);
$data=file_get_contents($url,false,$context,-1, 4000000); // We download at most 4 Mb from source.
if (!$data) { return array('HTTP Error',array(),''); }
p = new pageBuilder;
p.assign('myfield','myvalue');
p.renderPage('mytemplate');
-
+
*/
class pageBuilder
{
function __construct()
{
$this->tpl=false;
- }
+ }
private function initialize()
- {
- $this->tpl = new RainTPL;
+ {
+ $this->tpl = new RainTPL;
$this->tpl->assign('newversion',checkUpdate());
$this->tpl->assign('feedurl',htmlspecialchars(indexUrl()));
$searchcrits=''; // Search criteria
if (!empty($GLOBALS['title'])) $this->tpl->assign('pagetitle',$GLOBALS['title']);
if (!empty($GLOBALS['pagetitle'])) $this->tpl->assign('pagetitle',$GLOBALS['pagetitle']);
$this->tpl->assign('shaarlititle',empty($GLOBALS['title']) ? 'Shaarli': $GLOBALS['title'] );
- return;
+ return;
}
-
+
// The following assign() method is basically the same as RainTPL (except that it's lazy)
public function assign($what,$where)
{
if ($this->tpl===false) $this->initialize(); // Lazy initialization
$this->tpl->assign($what,$where);
}
-
+
// Render a specific page (using a template).
// eg. pb.renderPage('picwall')
public function renderPage($page)
echo $mylinks['20110826_161819']['title'];
foreach($mylinks as $link)
echo $link['title'].' at url '.$link['url'].' ; description:'.$link['description'];
-
+
Available keys:
title : Title of the link
url : URL of the link. Can be absolute or relative. Relative URLs are permalinks (eg.'?m-ukcw')
description : description of the entry
private : Is this link private ? 0=no, other value=yes
linkdate : date of the creation of this entry, in the form YYYYMMDD_HHMMSS (eg.'20110914_192317')
- tags : tags attached to this entry (separated by spaces)
+ tags : tags attached to this entry (separated by spaces)
We implement 3 interfaces:
- ArrayAccess so that this object behaves like an associative array.
$this->links = array();
$link = array('title'=>'Shaarli - sebsauvage.net','url'=>'http://sebsauvage.net/wiki/doku.php?id=php:shaarli','description'=>'Welcome to Shaarli ! This is a bookmark. To edit or delete me, you must first login.','private'=>0,'linkdate'=>'20110914_190000','tags'=>'opensource software');
$this->links[$link['linkdate']] = $link;
- $link = array('title'=>'My secret stuff... - Pastebin.com','url'=>'http://pastebin.com/smCEEeSn','description'=>'SShhhh!! I\'m a private link only YOU can see. You can delete me too.','private'=>1,'linkdate'=>'20110914_074522','tags'=>'secretstuff');
+ $link = array('title'=>'My secret stuff... - Pastebin.com','url'=>'http://sebsauvage.net/paste/?8434b27936c09649#bR7XsXhoTiLcqCpQbmOpBi3rq2zzQUC5hBI7ZT1O3x8=','description'=>'SShhhh!! I\'m a private link only YOU can see. You can delete me too.','private'=>1,'linkdate'=>'20110914_074522','tags'=>'secretstuff');
$this->links[$link['linkdate']] = $link;
file_put_contents($GLOBALS['config']['DATASTORE'], PHPPREFIX.base64_encode(gzdeflate(serialize($this->links))).PHPSUFFIX); // Write database to disk
}
arsort($tags); // Sort tags by usage (most used tag first)
return $tags;
}
-
+
// Returns the list of days containing articles (oldest first)
// Output: An array containing days (in format YYYYMMDD).
public function days()
}
// ------------------------------------------------------------------------------------------
-// Ouput the last 50 links in RSS 2.0 format.
+// Ouput the last N links in RSS 2.0 format.
function showRSS()
{
header('Content-Type: application/rss+xml; charset=utf-8');
if (!empty($_GET['searchterm'])) $linksToDisplay = $LINKSDB->filterFulltext($_GET['searchterm']);
elseif (!empty($_GET['searchtags'])) $linksToDisplay = $LINKSDB->filterTags(trim($_GET['searchtags']));
else $linksToDisplay = $LINKSDB;
+ $nblinksToDisplay = 50; // Number of links to display.
+ if (!empty($_GET['nb'])) // In URL, you can specificy the number of links. Example: nb=200 or nb=all for all links.
+ {
+ $nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ;
+ }
$pageaddr=htmlspecialchars(indexUrl());
echo '<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/">';
}
$i=0;
$keys=array(); foreach($linksToDisplay as $key=>$value) { $keys[]=$key; } // No, I can't use array_keys().
- while ($i<50 && $i<count($keys))
+ while ($i<$nblinksToDisplay && $i<count($keys))
{
$link = $linksToDisplay[$keys[$i]];
$guid = $pageaddr.'?'.smallHash($link['linkdate']);
$absurl = htmlspecialchars($link['url']);
if (startsWith($absurl,'?')) $absurl=$pageaddr.$absurl; // make permalink URL absolute
if ($usepermalinks===true)
- echo '<item><title>'.htmlspecialchars($link['title']).'</title><guid>'.$guid.'</guid><link>'.$guid.'</link>';
+ echo '<item><title>'.htmlspecialchars($link['title']).'</title><guid isPermaLink="false">'.$guid.'</guid><link>'.$guid.'</link>';
else
- echo '<item><title>'.htmlspecialchars($link['title']).'</title><guid>'.$guid.'</guid><link>'.$absurl.'</link>';
+ echo '<item><title>'.htmlspecialchars($link['title']).'</title><guid isPermaLink="false">'.$guid.'</guid><link>'.$absurl.'</link>';
if (!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()) echo '<pubDate>'.htmlspecialchars($rfc822date)."</pubDate>\n";
if ($link['tags']!='') // Adding tags to each RSS entry (as mentioned in RSS specification)
{
echo '<description><![CDATA['.nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description'])))).$descriptionlink.']]></description>'."\n</item>\n";
$i++;
}
- echo '</channel></rss>';
+ echo '</channel></rss><!-- Cached version of '.htmlspecialchars(pageUrl()).' -->';
$cache->cache(ob_get_contents());
ob_end_flush();
}
// ------------------------------------------------------------------------------------------
-// Ouput the last 50 links in ATOM format.
+// Ouput the last N links in ATOM format.
function showATOM()
{
header('Content-Type: application/atom+xml; charset=utf-8');
if (!empty($_GET['searchterm'])) $linksToDisplay = $LINKSDB->filterFulltext($_GET['searchterm']);
elseif (!empty($_GET['searchtags'])) $linksToDisplay = $LINKSDB->filterTags(trim($_GET['searchtags']));
else $linksToDisplay = $LINKSDB;
+ $nblinksToDisplay = 50; // Number of links to display.
+ if (!empty($_GET['nb'])) // In URL, you can specificy the number of links. Example: nb=200 or nb=all for all links.
+ {
+ $nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ;
+ }
$pageaddr=htmlspecialchars(indexUrl());
$latestDate = '';
$entries='';
$i=0;
$keys=array(); foreach($linksToDisplay as $key=>$value) { $keys[]=$key; } // No, I can't use array_keys().
- while ($i<50 && $i<count($keys))
+ while ($i<$nblinksToDisplay && $i<count($keys))
{
$link = $linksToDisplay[$keys[$i]];
$guid = $pageaddr.'?'.smallHash($link['linkdate']);
$feed.='<author><name>'.htmlspecialchars($pageaddr).'</name><uri>'.htmlspecialchars($pageaddr).'</uri></author>';
$feed.='<id>'.htmlspecialchars($pageaddr).'</id>'."\n\n"; // Yes, I know I should use a real IRI (RFC3987), but the site URL will do.
$feed.=$entries;
- $feed.='</feed>';
+ $feed.='</feed><!-- Cached version of '.htmlspecialchars(pageUrl()).' -->';
echo $feed;
-
+
$cache->cache(ob_get_contents());
ob_end_flush();
exit;
$cached = $cache->cachedVersion(); if (!empty($cached)) { echo $cached; exit; }
// If cached was not found (or not usable), then read the database and build the response:
$LINKSDB=new linkdb(isLoggedIn() || $GLOBALS['config']['OPEN_SHAARLI']); // Read links from database (and filter private links if used it not logged in).
-
+
/* Some Shaarlies may have very few links, so we need to look
back in time (rsort()) until we have enough days ($nb_of_days).
*/
- $linkdates=array(); foreach($LINKSDB as $linkdate=>$value) { $linkdates[]=$linkdate; }
+ $linkdates=array(); foreach($LINKSDB as $linkdate=>$value) { $linkdates[]=$linkdate; }
rsort($linkdates);
$nb_of_days=7; // We take 7 days.
$today=Date('Ymd');
}
if (count($days)>$nb_of_days) break; // Have we collected enough days ?
}
-
+
// Build the RSS feed.
header('Content-Type: application/rss+xml; charset=utf-8');
$pageaddr=htmlspecialchars(indexUrl());
echo '<?xml version="1.0" encoding="UTF-8"?><rss version="2.0">';
echo '<channel><title>Daily - '.htmlspecialchars($GLOBALS['title']).'</title><link>'.$pageaddr.'</link>';
echo '<description>Daily shared links</description><language>en-en</language><copyright>'.$pageaddr.'</copyright>'."\n";
-
+
foreach($days as $day=>$linkdates) // For each day.
{
$daydate = utf8_encode(strftime('%A %d, %B %Y',linkdate2timestamp($day.'_000000'))); // Full text date
$absurl=htmlspecialchars(indexUrl().'?do=daily&day='.$day); // Absolute URL of the corresponding "Daily" page.
echo '<item><title>'.htmlspecialchars($GLOBALS['title'].' - '.$daydate).'</title><guid>'.$absurl.'</guid><link>'.$absurl.'</link>';
echo '<pubDate>'.htmlspecialchars($rfc822date)."</pubDate>";
-
+
// Build the HTML body of this RSS entry.
$html='';
$href='';
{
$l = $LINKSDB[$linkdate];
$l['formatedDescription']=nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($l['description']))));
- $l['thumbnail'] = thumbnail($l['url']);
- $l['localdate']=linkdate2locale($l['linkdate']);
+ $l['thumbnail'] = thumbnail($l['url']);
+ $l['localdate']=linkdate2locale($l['linkdate']);
if (startsWith($l['url'],'?')) $l['url']=indexUrl().$l['url']; // make permalink URL absolute
- $links[$linkdate]=$l;
+ $links[$linkdate]=$l;
}
// Then build the HTML for this day:
- $tpl = new RainTPL;
+ $tpl = new RainTPL;
$tpl->assign('links',$links);
$html = $tpl->draw('dailyrss',$return_string=true);
echo "\n";
echo '<description><![CDATA['.$html.']]></description>'."\n</item>\n\n";
- }
- echo '</channel></rss>';
-
+ }
+ echo '</channel></rss><!-- Cached version of '.htmlspecialchars(pageUrl()).' -->';
+
$cache->cache(ob_get_contents());
ob_end_flush();
exit;
$day=Date('Ymd',strtotime('-1 day')); // Yesterday, in format YYYYMMDD.
if (isset($_GET['day'])) $day=$_GET['day'];
-
+
$days = $LINKSDB->days();
$i = array_search($day,$days);
if ($i==false) { $i=count($days)-1; $day=$days[$i]; }
- $previousday='';
- $nextday='';
+ $previousday='';
+ $nextday='';
if ($i!==false)
{
if ($i>1) $previousday=$days[$i-1];
// We pre-format some fields for proper output.
foreach($linksToDisplay as $key=>$link)
{
- $linksToDisplay[$key]['taglist']=explode(' ',$link['tags']);
+ $taglist = explode(' ',$link['tags']);
+ uasort($taglist, 'strcasecmp');
+ $linksToDisplay[$key]['taglist']=$taglist;
$linksToDisplay[$key]['formatedDescription']=nl2br(keepMultipleSpaces(text2clickable(htmlspecialchars($link['description']))));
- $linksToDisplay[$key]['thumbnail'] = thumbnail($link['url']);
+ $linksToDisplay[$key]['thumbnail'] = thumbnail($link['url']);
}
-
+
/* We need to spread the articles on 3 columns.
I did not want to use a javascript lib like http://masonry.desandro.com/
- so I manually spread entries with a simple method: I roughly evaluate the
+ so I manually spread entries with a simple method: I roughly evaluate the
height of a div according to title and description length.
*/
$columns=array(array(),array(),array()); // Entries to display, for each column.
$PAGE->assign('col3',$columns[2]);
$PAGE->assign('day',utf8_encode(strftime('%A %d, %B %Y',linkdate2timestamp($day.'_000000'))));
$PAGE->assign('previousday',$previousday);
- $PAGE->assign('nextday',$nextday);
+ $PAGE->assign('nextday',$nextday);
$PAGE->renderPage('daily');
exit;
}
$PAGE->assign('linkcount',count($LINKSDB));
$PAGE->assign('tags',$tagList);
$PAGE->renderPage('tagcloud');
- exit;
+ exit;
}
// -------- User clicks on a tag in a link: The tag is added to the list of searched tags (searchtags=...)
if (isset($_GET['linksperpage']))
{
if (is_numeric($_GET['linksperpage'])) { $_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage'])); }
- header('Location: '.(empty($_SERVER['HTTP_REFERER'])?'?':$_SERVER['HTTP_REFERER']));
+ // Make sure the referer is from Shaarli itself.
+ $referer = '?';
+ if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0)
+ $referer = $_SERVER['HTTP_REFERER'];
+ header('Location: '.$referer);
exit;
}
-
+
// -------- User wants to see only private links (toggle)
if (isset($_GET['privateonly']))
{
{
unset($_SESSION['privateonly']); // See all links
}
- header('Location: '.(empty($_SERVER['HTTP_REFERER'])?'?':$_SERVER['HTTP_REFERER']));
+ // Make sure the referer is from Shaarli itself.
+ $referer = '?';
+ if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0)
+ $referer = $_SERVER['HTTP_REFERER'];
+ header('Location: '.$referer);
exit;
}
$GLOBALS['title']=$_POST['title'];
$GLOBALS['redirector']=$_POST['redirector'];
$GLOBALS['disablesessionprotection']=!empty($_POST['disablesessionprotection']);
+ $GLOBALS['disablejquery']=!empty($_POST['disablejquery']);
+ $GLOBALS['privateLinkByDefault']=!empty($_POST['privateLinkByDefault']);
writeConfig();
echo '<script language="JavaScript">alert("Configuration was saved.");document.location=\'?do=tools\';</script>';
exit;
if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away !
$tags = trim(preg_replace('/\s\s+/',' ', $_POST['lf_tags'])); // Remove multiple spaces.
$linkdate=$_POST['lf_linkdate'];
- $link = array('title'=>trim($_POST['lf_title']),'url'=>trim($_POST['lf_url']),'description'=>trim($_POST['lf_description']),'private'=>(isset($_POST['lf_private']) ? 1 : 0),
+ $url = trim($_POST['lf_url']);
+ if (!startsWith($url,'http:') && !startsWith($url,'https:') && !startsWith($url,'ftp:') && !startsWith($url,'magnet:') && !startsWith($url,'?'))
+ $url = 'http://'.$url;
+ $link = array('title'=>trim($_POST['lf_title']),'url'=>$url,'description'=>trim($_POST['lf_description']),'private'=>(isset($_POST['lf_private']) ? 1 : 0),
'linkdate'=>$linkdate,'tags'=>str_replace(',',' ',$tags));
if ($link['title']=='') $link['title']=$link['url']; // If title is empty, use the URL as title.
$LINKSDB[$linkdate] = $link;
$link_is_new = true; // This is a new link
$linkdate = strval(date('Ymd_His'));
$title = (empty($_GET['title']) ? '' : $_GET['title'] ); // Get title if it was provided in URL (by the bookmarklet).
- $description=''; $tags=''; $private=0;
+ $description = (empty($_GET['description']) ? '' : $_GET['description']); // Get description if it was provided in URL (by the bookmarklet). [Bronco added that]
+ $tags = (empty($_GET['tags']) ? '' : $_GET['tags'] ); // Get tags if it was provided in URL
+ $private = (!empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0); // Get private if it was provided in URL
if (($url!='') && parse_url($url,PHP_URL_SCHEME)=='') $url = 'http://'.$url;
// If this is an HTTP link, we try go get the page to extact the title (otherwise we will to straight to the edit form.)
if (empty($title) && parse_url($url,PHP_URL_SCHEME)=='http')
{
list($status,$headers,$data) = getHTTP($url,4); // Short timeout to keep the application responsive.
// FIXME: Decode charset according to specified in either 1) HTTP response headers or 2) <head> in html
- if (strpos($status,'200 OK')!==false) $title=html_entity_decode(html_extract_title($data),ENT_QUOTES,'UTF-8');
-
+ if (strpos($status,'200 OK')!==false)
+ {
+ // Look for charset in html header.
+ preg_match('#<meta .*charset=.*>#Usi', $data, $meta);
+
+ // If found, extract encoding.
+ if (!empty($meta[0]))
+ {
+ // Get encoding specified in header.
+ preg_match('#charset="?(.*)"#si', $meta[0], $enc);
+ // If charset not found, use utf-8.
+ $html_charset = (!empty($enc[1])) ? strtolower($enc[1]) : 'utf-8';
+ }
+ else { $html_charset = 'utf-8'; }
+
+ // Extract title
+ $title = html_extract_title($data);
+ if (!empty($title))
+ {
+ // Re-encode title in utf-8 if necessary.
+ $title = ($html_charset == 'iso-8859-1') ? utf8_encode($title) : $title;
+ }
+ }
}
if ($url=='') $url='?'.smallHash($linkdate); // In case of empty URL, this is just a text (with a link that point to itself)
- $link = array('linkdate'=>$linkdate,'title'=>$title,'url'=>$url,'description'=>$description,'tags'=>$tags,'private'=>0);
+ $link = array('linkdate'=>$linkdate,'title'=>$title,'url'=>$url,'description'=>$description,'tags'=>$tags,'private'=>$private);
}
$PAGE = new pageBuilder;
{
$attr=$m[1]; $value=$m[2];
if ($attr=='HREF') $link['url']=html_entity_decode($value,ENT_QUOTES,'UTF-8');
- elseif ($attr=='ADD_DATE') $raw_add_date=intval($value);
+ elseif ($attr=='ADD_DATE')
+ {
+ $raw_add_date=intval($value);
+ if ($raw_add_date>30000000000) $raw_add_date/=1000; //If larger than year 2920, then was likely stored in milliseconds instead of seconds
+ }
elseif ($attr=='PRIVATE') $link['private']=($value=='0'?0:1);
elseif ($attr=='TAGS') $link['tags']=html_entity_decode(str_replace(',',' ',$value),ENT_QUOTES,'UTF-8');
}
}
$LINKSDB->savedb();
- echo '<script language="JavaScript">alert("File '.$filename.' ('.$filesize.' bytes) was successfully processed: '.$import_count.' links imported.");document.location=\'?\';</script>';
+ echo '<script language="JavaScript">alert("File '.json_encode($filename).' ('.$filesize.' bytes) was successfully processed: '.$import_count.' links imported.");document.location=\'?\';</script>';
}
else
{
- echo '<script language="JavaScript">alert("File '.$filename.' ('.$filesize.' bytes) has an unknown file format. Nothing was imported.");document.location=\'?\';</script>';
+ echo '<script language="JavaScript">alert("File '.json_encode($filename).' ('.$filesize.' bytes) has an unknown file format. Nothing was imported.");document.location=\'?\';</script>';
}
}
}
else
$linksToDisplay = $LINKSDB; // otherwise, display without filtering.
-
+
// Option: Show only private links
if (!empty($_SESSION['privateonly']))
{
$classLi = $i%2!=0 ? '' : 'publicLinkHightLight';
$link['class'] = ($link['private']==0 ? $classLi : 'private');
$link['localdate']=linkdate2locale($link['linkdate']);
- $link['taglist']=explode(' ',$link['tags']);
+ $taglist = explode(' ',$link['tags']);
+ uasort($taglist, 'strcasecmp');
+ $link['taglist']=$taglist;
$linkDisp[$keys[$i]] = $link;
$i++;
}
-
+
// Compute paging navigation
$searchterm= ( empty($_GET['searchterm']) ? '' : '&searchterm='.$_GET['searchterm'] );
$searchtags= ( empty($_GET['searchtags']) ? '' : '&searchtags='.$_GET['searchtags'] );
$previous_page_url=''; if ($i!=count($keys)) $previous_page_url='?page='.($page+1).$searchterm.$searchtags;
$next_page_url='';if ($page>1) $next_page_url='?page='.($page-1).$searchterm.$searchtags;
- $token = ''; if (isLoggedIn()) $token=getToken();
-
+ $token = ''; if (isLoggedIn()) $token=getToken();
+
// Fill all template fields.
$PAGE->assign('linkcount',count($LINKSDB));
$PAGE->assign('previous_page_url',$previous_page_url);
$PAGE->assign('page_max',$pagecount);
$PAGE->assign('result_count',count($linksToDisplay));
$PAGE->assign('search_type',$search_type);
- $PAGE->assign('search_crits',$search_crits);
+ $PAGE->assign('search_crits',$search_crits);
$PAGE->assign('redirector',empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector']); // optional redirector URL
$PAGE->assign('token',$token);
$PAGE->assign('links',$linkDisp);
}
// Compute the thumbnail for a link.
-//
+//
// with a link to the original URL.
// Understands various services (youtube.com...)
// Input: $url = url for which the thumbnail must be found.
{
$path = parse_url($url,PHP_URL_PATH);
return array('src'=>'http://img.youtube.com/vi'.$path.'/default.jpg',
- 'href'=>$href,'width'=>'120','height'=>'90','alt'=>'YouTube thumbnail');
+ 'href'=>$href,'width'=>'120','height'=>'90','alt'=>'YouTube thumbnail');
}
if ($domain=='pix.toile-libre.org') // pix.toile-libre.org image hosting
{
parse_str(parse_url($url,PHP_URL_QUERY), $params); // Extract image filename.
if (!empty($params) && !empty($params['img'])) return array('src'=>'http://pix.toile-libre.org/upload/thumb/'.urlencode($params['img']),
- 'href'=>$href,'style'=>'max-width:120px; max-height:150px','alt'=>'pix.toile-libre.org thumbnail');
- }
-
+ 'href'=>$href,'style'=>'max-width:120px; max-height:150px','alt'=>'pix.toile-libre.org thumbnail');
+ }
+
if ($domain=='imgur.com')
{
$path = parse_url($url,PHP_URL_PATH);
{
$sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation)
return array('src'=>indexUrl().'?do=genthumbnail&hmac='.htmlspecialchars($sign).'&url='.urlencode($url),
- 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail');
+ 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail');
}
return array(); // No thumbnail.
{
$t = computeThumbnail($url,$href);
if (count($t)==0) return ''; // Empty array = no thumbnail for this URL.
-
+
$html='<a href="'.htmlspecialchars($t['href']).'"><img src="'.htmlspecialchars($t['src']).'"';
if (!empty($t['width'])) $html.=' width="'.htmlspecialchars($t['width']).'"';
if (!empty($t['height'])) $html.=' height="'.htmlspecialchars($t['height']).'"';
// Returns '' if no thumbnail available.
function lazyThumbnail($url,$href=false)
{
- $t = computeThumbnail($url,$href);
+ $t = computeThumbnail($url,$href);
if (count($t)==0) return ''; // Empty array = no thumbnail for this URL.
$html='<a href="'.htmlspecialchars($t['href']).'">';
-
+
// Lazy image (only loaded by javascript when in the viewport).
- $html.='<img class="lazyimage" src="#" data-original="'.htmlspecialchars($t['src']).'"';
+ if (!empty($GLOBALS['disablejquery'])) // (except if jQuery is disabled)
+ $html.='<img class="lazyimage" src="'.htmlspecialchars($t['src']).'"';
+ else
+ $html.='<img class="lazyimage" src="#" data-original="'.htmlspecialchars($t['src']).'"';
+
if (!empty($t['width'])) $html.=' width="'.htmlspecialchars($t['width']).'"';
if (!empty($t['height'])) $html.=' height="'.htmlspecialchars($t['height']).'"';
if (!empty($t['style'])) $html.=' style="'.htmlspecialchars($t['style']).'"';
if (!empty($t['alt'])) $html.=' alt="'.htmlspecialchars($t['alt']).'"';
$html.='>';
-
- // No-javascript fallback:
+
+ // No-javascript fallback.
$html.='<noscript><img src="'.htmlspecialchars($t['src']).'"';
if (!empty($t['width'])) $html.=' width="'.htmlspecialchars($t['width']).'"';
if (!empty($t['height'])) $html.=' height="'.htmlspecialchars($t['height']).'"';
if (!empty($t['style'])) $html.=' style="'.htmlspecialchars($t['style']).'"';
if (!empty($t['alt'])) $html.=' alt="'.htmlspecialchars($t['alt']).'"';
$html.='></noscript></a>';
-
+
return $html;
}
function install()
{
// On free.fr host, make sure the /sessions directory exists, otherwise login will not work.
- if (endsWith($_SERVER['SERVER_NAME'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705);
+ if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705);
// This part makes sure sessions works correctly.
// Display config form:
list($timezone_form,$timezone_js) = templateTZform();
$timezone_html=''; if ($timezone_form!='') $timezone_html='<tr><td valign="top"><b>Timezone:</b></td><td>'.$timezone_form.'</td></tr>';
-
+
$PAGE = new pageBuilder;
$PAGE->assign('timezone_html',$timezone_html);
$PAGE->assign('timezone_js',$timezone_js);
foreach($continents as $continent)
$continents_html.='<option value="'.$continent.'"'.($pcontinent==$continent?'selected':'').'>'.$continent.'</option>';
$cities_html = $cities[$pcontinent];
- $timezone_form = "Continent: <select name=\"continent\" id=\"continent\" onChange=\"onChangecontinent();\">${continents_html}</select><br /><br />";
- $timezone_form .= "City: <select name=\"city\" id=\"city\">${cities[$pcontinent]}</select><br /><br />";
+ $timezone_form = "Continent: <select name=\"continent\" id=\"continent\" onChange=\"onChangecontinent();\">${continents_html}</select>";
+ $timezone_form .= " City: <select name=\"city\" id=\"city\">${cities[$pcontinent]}</select><br />";
$timezone_js = "<script language=\"JavaScript\">";
$timezone_js .= "function onChangecontinent(){document.getElementById(\"city\").innerHTML = citiescontinent[document.getElementById(\"continent\").value];}";
$timezone_js .= "var citiescontinent = ".json_encode($cities).";" ;
}
return false;
}
-
+if (!function_exists('json_encode')) {
+ function json_encode($data) {
+ switch ($type = gettype($data)) {
+ case 'NULL':
+ return 'null';
+ case 'boolean':
+ return ($data ? 'true' : 'false');
+ case 'integer':
+ case 'double':
+ case 'float':
+ return $data;
+ case 'string':
+ return '"' . addslashes($data) . '"';
+ case 'object':
+ $data = get_object_vars($data);
+ case 'array':
+ $output_index_count = 0;
+ $output_indexed = array();
+ $output_associative = array();
+ foreach ($data as $key => $value) {
+ $output_indexed[] = json_encode($value);
+ $output_associative[] = json_encode($key) . ':' . json_encode($value);
+ if ($output_index_count !== NULL && $output_index_count++ !== $key) {
+ $output_index_count = NULL;
+ }
+ }
+ if ($output_index_count !== NULL) {
+ return '[' . implode(',', $output_indexed) . ']';
+ } else {
+ return '{' . implode(',', $output_associative) . '}';
+ }
+ default:
+ return ''; // Not supported
+ }
+ }
+}
// Webservices (for use with jQuery/jQueryUI)
// eg. index.php?ws=tags&term=minecr
function writeConfig()
{
if (is_file($GLOBALS['config']['CONFIG_FILE']) && !isLoggedIn()) die('You are not authorized to alter config.'); // Only logged in user can alter config.
- if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']='';
- if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false;
$config='<?php $GLOBALS[\'login\']='.var_export($GLOBALS['login'],true).'; $GLOBALS[\'hash\']='.var_export($GLOBALS['hash'],true).'; $GLOBALS[\'salt\']='.var_export($GLOBALS['salt'],true).'; ';
$config .='$GLOBALS[\'timezone\']='.var_export($GLOBALS['timezone'],true).'; date_default_timezone_set('.var_export($GLOBALS['timezone'],true).'); $GLOBALS[\'title\']='.var_export($GLOBALS['title'],true).';';
$config .= '$GLOBALS[\'redirector\']='.var_export($GLOBALS['redirector'],true).'; ';
$config .= '$GLOBALS[\'disablesessionprotection\']='.var_export($GLOBALS['disablesessionprotection'],true).'; ';
+ $config .= '$GLOBALS[\'disablejquery\']='.var_export($GLOBALS['disablejquery'],true).'; ';
+ $config .= '$GLOBALS[\'privateLinkByDefault\']='.var_export($GLOBALS['privateLinkByDefault'],true).'; ';
$config .= ' ?>';
if (!file_put_contents($GLOBALS['config']['CONFIG_FILE'],$config) || strcmp(file_get_contents($GLOBALS['config']['CONFIG_FILE']),$config)!=0)
{
// The thumbnail for TED talks is located in the <link rel="image_src" [...]> tag on that page
// http://www.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net.html
// <link rel="image_src" href="http://images.ted.com/images/ted/28bced335898ba54d4441809c5b1112ffaf36781_389x292.jpg" />
- list($httpstatus,$headers,$data) = getHTTP($url,5);
+ list($httpstatus,$headers,$data) = getHTTP($url,5);
if (strpos($httpstatus,'200 OK')!==false)
{
// Extract the link to the thumbnail
}
}
}
-
+
elseif ($domain=='xkcd.com' || endsWith($domain,'.xkcd.com'))
{
// There is no thumbnail available for xkcd comics, so download the whole image and resize it.
}
}
}
- }
+ }
else
{
if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=rss')) { showRSS(); exit; }
if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=atom')) { showATOM(); exit; }
if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=dailyrss')) { showDailyRSS(); exit; }
-if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=daily')) { showDaily(); exit; }
+if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'do=daily')) { showDaily(); exit; }
if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"],'ws=')) { processWS(); exit; } // Webservices (for jQuery/jQueryUI)
if (!isset($_SESSION['LINKS_PER_PAGE'])) $_SESSION['LINKS_PER_PAGE']=$GLOBALS['config']['LINKS_PER_PAGE'];
renderPage();
-?>
\ No newline at end of file
+?>
projects / github / shaarli / Shaarli.git / blobdiff