X-Git-Url: https://git.immae.eu/?p=github%2Fshaarli%2FShaarli.git;a=blobdiff_plain;f=index.php;h=5bc13d49fd812f88d662c1d21bc53e3ae02c2a10;hp=d425afda8014b5495b86a2db116e451e11463388;hb=03542572665bae57705a2f57b0737ed43f4f1415;hpb=c6d876bb2afe7e9ec1a64c74e766360e2fa441e0
diff --git a/index.php b/index.php
index d425afda..5bc13d49 100644
--- a/index.php
+++ b/index.php
@@ -1,6 +1,6 @@
/shaarli/
define('WEB_PATH', substr($_SERVER['REQUEST_URI'], 0, 1+strrpos($_SERVER['REQUEST_URI'], '/', 0)));
@@ -44,6 +44,20 @@ error_reporting(E_ALL^E_WARNING);
//error_reporting(-1);
+// 3rd-party libraries
+if (! file_exists(__DIR__ . '/vendor/autoload.php')) {
+ header('Content-Type: text/plain; charset=utf-8');
+ echo "Error: missing Composer configuration\n\n"
+ ."If you installed Shaarli through Git or using the development branch,\n"
+ ."please refer to the installation documentation to install PHP"
+ ." dependencies using Composer:\n"
+ ."- https://github.com/shaarli/Shaarli/wiki/Server-requirements\n"
+ ."- https://github.com/shaarli/Shaarli/wiki/Download-and-Installation";
+ exit;
+}
+require_once 'inc/rain.tpl.class.php';
+require_once __DIR__ . '/vendor/autoload.php';
+
// Shaarli library
require_once 'application/ApplicationUtils.php';
require_once 'application/Cache.php';
@@ -53,6 +67,7 @@ require_once 'application/config/ConfigPlugin.php';
require_once 'application/FeedBuilder.php';
require_once 'application/FileUtils.php';
require_once 'application/HttpUtils.php';
+require_once 'application/Languages.php';
require_once 'application/LinkDB.php';
require_once 'application/LinkFilter.php';
require_once 'application/LinkUtils.php';
@@ -64,7 +79,6 @@ require_once 'application/Utils.php';
require_once 'application/PluginManager.php';
require_once 'application/Router.php';
require_once 'application/Updater.php';
-require_once 'inc/rain.tpl.class.php';
// Ensure the PHP version is supported
try {
@@ -318,8 +332,17 @@ include $conf->get('resource.ban_file', 'data/ipbans.php');
function ban_loginFailed($conf)
{
$ip = $_SERVER['REMOTE_ADDR'];
+ $trusted = $conf->get('security.trusted_proxies', array());
+ if (in_array($ip, $trusted)) {
+ $ip = getIpAddressFromProxy($_SERVER, $trusted);
+ if (!$ip) {
+ return;
+ }
+ }
$gb = $GLOBALS['IPBANS'];
- if (!isset($gb['FAILURES'][$ip])) $gb['FAILURES'][$ip]=0;
+ if (! isset($gb['FAILURES'][$ip])) {
+ $gb['FAILURES'][$ip]=0;
+ }
$gb['FAILURES'][$ip]++;
if ($gb['FAILURES'][$ip] > ($conf->get('security.ban_after') - 1))
{
@@ -783,8 +806,6 @@ function renderPage($conf, $pluginManager)
if ($targetPage == Router::$PAGE_LOGIN)
{
if ($conf->get('security.open_shaarli')) { header('Location: ?'); exit; } // No need to login for open Shaarli
- $token=''; if (ban_canLogin($conf)) $token=getToken($conf); // Do not waste token generation if not useful.
- $PAGE->assign('token',$token);
if (isset($_GET['username'])) {
$PAGE->assign('username', escape($_GET['username']));
}
@@ -1105,7 +1126,6 @@ function renderPage($conf, $pluginManager)
}
else // show the change password form.
{
- $PAGE->assign('token',getToken($conf));
$PAGE->renderPage('changepassword');
exit;
}
@@ -1152,7 +1172,6 @@ function renderPage($conf, $pluginManager)
}
else // Show the configuration form.
{
- $PAGE->assign('token',getToken($conf));
$PAGE->assign('title', $conf->get('general.title'));
$PAGE->assign('redirector', $conf->get('redirector.url'));
list($timezone_form, $timezone_js) = generateTimeZoneForm($conf->get('general.timezone'));
@@ -1172,7 +1191,6 @@ function renderPage($conf, $pluginManager)
if ($targetPage == Router::$PAGE_CHANGETAG)
{
if (empty($_POST['fromtag']) || (empty($_POST['totag']) && isset($_POST['renametag']))) {
- $PAGE->assign('token', getToken($conf));
$PAGE->assign('tags', $LINKSDB->allTags());
$PAGE->renderPage('changetag');
exit;
@@ -1351,7 +1369,6 @@ function renderPage($conf, $pluginManager)
$data = array(
'link' => $link,
'link_is_new' => false,
- 'token' => getToken($conf),
'http_referer' => (isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : ''),
'tags' => $LINKSDB->allTags(),
);
@@ -1418,11 +1435,10 @@ function renderPage($conf, $pluginManager)
$data = array(
'link' => $link,
'link_is_new' => $link_is_new,
- 'token' => getToken($conf), // XSRF protection.
'http_referer' => (isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : ''),
'source' => (isset($_GET['source']) ? $_GET['source'] : ''),
'tags' => $LINKSDB->allTags(),
- 'default_private_links' => $conf->get('default_private_links', false),
+ 'default_private_links' => $conf->get('privacy.default_private_links', false),
);
$pluginManager->executeHooks('render_editlink', $data);
@@ -1478,27 +1494,37 @@ function renderPage($conf, $pluginManager)
exit;
}
- // -------- User is uploading a file for import
- if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=upload'))
- {
- // If file is too big, some form field may be missing.
- if (!isset($_POST['token']) || (!isset($_FILES)) || (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size']==0))
- {
- $returnurl = ( empty($_SERVER['HTTP_REFERER']) ? '?' : $_SERVER['HTTP_REFERER'] );
- echo '';
+ if ($targetPage == Router::$PAGE_IMPORT) {
+ // Upload a Netscape bookmark dump to import its contents
+
+ if (! isset($_POST['token']) || ! isset($_FILES['filetoupload'])) {
+ // Show import dialog
+ $PAGE->assign('maxfilesize', getMaxFileSize());
+ $PAGE->renderPage('import');
exit;
}
- if (!tokenOk($_POST['token'])) die('Wrong token.');
- importFile($LINKSDB);
- exit;
- }
- // -------- Show upload/import dialog:
- if ($targetPage == Router::$PAGE_IMPORT)
- {
- $PAGE->assign('token',getToken($conf));
- $PAGE->assign('maxfilesize',getMaxFileSize());
- $PAGE->renderPage('import');
+ // Import bookmarks from an uploaded file
+ if (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size'] == 0) {
+ // The file is too big or some form field may be missing.
+ echo '';
+ exit;
+ }
+ if (! tokenOk($_POST['token'])) {
+ die('Wrong token.');
+ }
+ $status = NetscapeBookmarkUtils::import(
+ $_POST,
+ $_FILES,
+ $LINKSDB,
+ $conf->get('resource.page_cache')
+ );
+ echo '';
exit;
}
@@ -1555,95 +1581,6 @@ function renderPage($conf, $pluginManager)
exit;
}
-/**
- * Process the import file form.
- *
- * @param LinkDB $LINKSDB Loaded LinkDB instance.
- * @param ConfigManager $conf Configuration Manager instance.
- */
-function importFile($LINKSDB, $conf)
-{
- if (!isLoggedIn()) { die('Not allowed.'); }
-
- $filename=$_FILES['filetoupload']['name'];
- $filesize=$_FILES['filetoupload']['size'];
- $data=file_get_contents($_FILES['filetoupload']['tmp_name']);
- $private = (empty($_POST['private']) ? 0 : 1); // Should the links be imported as private?
- $overwrite = !empty($_POST['overwrite']) ; // Should the imported links overwrite existing ones?
- $import_count=0;
-
- // Sniff file type:
- $type='unknown';
- if (startsWith($data,'')) $type='netscape'; // Netscape bookmark file (aka Firefox).
-
- // Then import the bookmarks.
- if ($type=='netscape')
- {
- // This is a standard Netscape-style bookmark file.
- // This format is supported by all browsers (except IE, of course), also Delicious, Diigo and others.
- foreach(explode('',$data) as $html) // explode is very fast
- {
- $link = array('linkdate'=>'','title'=>'','url'=>'','description'=>'','tags'=>'','private'=>0);
- $d = explode('',$html);
- if (startsWith($d[0], '(.*?)!i',$d[0],$matches); $link['title'] = (isset($matches[1]) ? trim($matches[1]) : ''); // Get title
- $link['title'] = html_entity_decode($link['title'],ENT_QUOTES,'UTF-8');
- preg_match_all('! ([A-Z_]+)=\"(.*?)"!i',$html,$matches,PREG_SET_ORDER); // Get all other attributes
- $raw_add_date=0;
- foreach($matches as $m)
- {
- $attr=$m[1]; $value=$m[2];
- if ($attr=='HREF') $link['url']=html_entity_decode($value,ENT_QUOTES,'UTF-8');
- elseif ($attr=='ADD_DATE')
- {
- $raw_add_date=intval($value);
- if ($raw_add_date>30000000000) $raw_add_date/=1000; //If larger than year 2920, then was likely stored in milliseconds instead of seconds
- }
- elseif ($attr=='PRIVATE') $link['private']=($value=='0'?0:1);
- elseif ($attr=='TAGS') $link['tags']=html_entity_decode(str_replace(',',' ',$value),ENT_QUOTES,'UTF-8');
- }
- if ($link['url']!='')
- {
- if ($private==1) $link['private']=1;
- $dblink = $LINKSDB->getLinkFromUrl($link['url']); // See if the link is already in database.
- if ($dblink==false)
- { // Link not in database, let's import it...
- if (empty($raw_add_date)) $raw_add_date=time(); // In case of shitty bookmark file with no ADD_DATE
-
- // Make sure date/time is not already used by another link.
- // (Some bookmark files have several different links with the same ADD_DATE)
- // We increment date by 1 second until we find a date which is not used in DB.
- // (so that links that have the same date/time are more or less kept grouped by date, but do not conflict.)
- while (!empty($LINKSDB[date('Ymd_His',$raw_add_date)])) { $raw_add_date++; }// Yes, I know it's ugly.
- $link['linkdate']=date('Ymd_His',$raw_add_date);
- $LINKSDB[$link['linkdate']] = $link;
- $import_count++;
- }
- else // Link already present in database.
- {
- if ($overwrite)
- { // If overwrite is required, we import link data, except date/time.
- $link['linkdate']=$dblink['linkdate'];
- $LINKSDB[$link['linkdate']] = $link;
- $import_count++;
- }
- }
-
- }
- }
- }
- $LINKSDB->savedb($conf->get('resource.page_cache'));
-
- echo '';
- }
- else
- {
- echo '';
- }
-}
-
/**
* Template for the list of links ()
* This function fills all the necessary fields in the $PAGE for the template 'linklist.html'
@@ -1744,7 +1681,6 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
'search_term' => $searchterm,
'search_tags' => $searchtags,
'redirector' => $conf->get('redirector.url'), // Optional redirector URL.
- 'token' => $token,
'links' => $linkDisp,
'tags' => $LINKSDB->allTags(),
);