Merge pull request #1273 from ArthurHoaro/feature/ban-manager

[github/shaarli/Shaarli.git] / index.php

diff --git a/index.php b/index.php
index 5447823713d3f658b786e87803a2fe11630ba6c3..ff42114c3bb9ef3b365d99ce6a83635f592b558c 100644 (file)
--- a/index.php
+++ b/index.php
@@ -125,7 +125,7 @@ if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli']))
 
 $conf = new ConfigManager();
 $sessionManager = new SessionManager($_SESSION, $conf);
-$loginManager = new LoginManager($GLOBALS, $conf, $sessionManager);
+$loginManager = new LoginManager($conf, $sessionManager);
 $loginManager->generateStaySignedInToken($_SERVER['REMOTE_ADDR']);
 $clientIpId = client_ip_id($_SERVER);
 
@@ -1266,6 +1266,51 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
         exit;
     }
 
+    // -------- User clicked either "Set public" or "Set private" bulk operation
+    if ($targetPage == Router::$PAGE_CHANGE_VISIBILITY) {
+        if (! $sessionManager->checkToken($_GET['token'])) {
+            die(t('Wrong token.'));
+        }
+
+        $ids = trim($_GET['ids']);
+        if (strpos($ids, ' ') !== false) {
+            // multiple, space-separated ids provided
+            $ids = array_values(array_filter(preg_split('/\s+/', escape($ids))));
+        } else {
+            // only a single id provided
+            $ids = [$ids];
+        }
+
+        // assert at least one id is given
+        if (!count($ids)) {
+            die('no id provided');
+        }
+        // assert that the visibility is valid
+        if (!isset($_GET['newVisibility']) || !in_array($_GET['newVisibility'], ['public', 'private'])) {
+            die('invalid visibility');
+        } else {
+            $private = $_GET['newVisibility'] === 'private';
+        }
+        foreach ($ids as $id) {
+            $id = (int) escape($id);
+            $link = $LINKSDB[$id];
+            $link['private'] = $private;
+            $pluginManager->executeHooks('save_link', $link);
+            $LINKSDB[$id] = $link;
+        }
+        $LINKSDB->save($conf->get('resource.page_cache')); // save to disk
+
+        $location = '?';
+        if (isset($_SERVER['HTTP_REFERER'])) {
+            $location = generateLocation(
+                $_SERVER['HTTP_REFERER'],
+                $_SERVER['HTTP_HOST']
+            );
+        }
+        header('Location: ' . $location); // After deleting the link, redirect to appropriate location
+        exit;
+    }
+
     // -------- User clicked the "EDIT" button on a link: Display link edit form.
     if (isset($_GET['edit_link'])) {
         $id = (int) escape($_GET['edit_link']);