Prevent visitors from reading shaarli version

 * fixes https://github.com/shaarli/Shaarli/issues/122
 * the shaarli version is now in a php comment block, which prevents
   visitors from reading it when it is place on a PHP-enabled server, but
   still allows the update mechanism to read it from the source on github.

diff --git a/index.php b/index.php
index 9d4ce15619b4562dc85004062c055151701d392c..99c37652c78b82be53097f98e0bce2ff1152dddd 100644 (file)
--- a/index.php
+++ b/index.php
@@ -184,8 +184,8 @@ function checkUpdate()
     if (!is_file($GLOBALS['config']['UPDATECHECK_FILENAME']) || (filemtime($GLOBALS['config']['UPDATECHECK_FILENAME'])<time()-($GLOBALS['config']['UPDATECHECK_INTERVAL'])))
     {
         $version=shaarli_version;
-        list($httpstatus,$headers,$data) = getHTTP('https://raw.githubusercontent.com/shaarli/Shaarli/master/shaarli_version.txt',2);
-        if (strpos($httpstatus,'200 OK')!==false) $version=$data;
+        list($httpstatus,$headers,$data) = getHTTP('https://raw.githubusercontent.com/shaarli/Shaarli/master/shaarli_version.php',2);
+        if (strpos($httpstatus,'200 OK')!==false) $version=str_replace(' */ ?>','',str_replace('<?php /* ','',$data));
         // If failed, never mind. We don't want to bother the user with that.
         file_put_contents($GLOBALS['config']['UPDATECHECK_FILENAME'],$version); // touch file date
     }

diff --git a/shaarli_version.php b/shaarli_version.php
new file mode 100644 (file)
index 0000000..d266380
--- /dev/null
+++ b/shaarli_version.php
@@ -0,0 +1 @@
+<?php /* 0.0.43beta */ ?>

diff --git a/shaarli_version.txt b/shaarli_version.txt
deleted file mode 100644 (file)
index b6cffb3..0000000
--- a/shaarli_version.txt
+++ /dev/null
@@ -1 +0,0 @@
-0.0.43beta