diff options
author | ArthurHoaro <arthur@hoa.ro> | 2016-08-06 14:09:26 +0200 |
---|---|---|
committer | ArthurHoaro <arthur@hoa.ro> | 2016-08-06 14:09:26 +0200 |
commit | fd5ac47ea27353e641a521b5e1867bfd20ff0512 (patch) | |
tree | 9c44157458e9c3de949942ffe82f268113337be7 | |
parent | c7a42ab1d9b21bf53cd30bc57b57789716c8711b (diff) | |
download | Shaarli-fd5ac47ea27353e641a521b5e1867bfd20ff0512.tar.gz Shaarli-fd5ac47ea27353e641a521b5e1867bfd20ff0512.tar.zst Shaarli-fd5ac47ea27353e641a521b5e1867bfd20ff0512.zip |
Generate a token for every pages
-rw-r--r-- | application/PageBuilder.php | 1 | ||||
-rw-r--r-- | index.php | 9 |
2 files changed, 1 insertions, 9 deletions
diff --git a/application/PageBuilder.php b/application/PageBuilder.php index 1ca0260a..42932f32 100644 --- a/application/PageBuilder.php +++ b/application/PageBuilder.php | |||
@@ -80,6 +80,7 @@ class PageBuilder | |||
80 | if (!empty($GLOBALS['plugin_errors'])) { | 80 | if (!empty($GLOBALS['plugin_errors'])) { |
81 | $this->tpl->assign('plugin_errors', $GLOBALS['plugin_errors']); | 81 | $this->tpl->assign('plugin_errors', $GLOBALS['plugin_errors']); |
82 | } | 82 | } |
83 | $this->tpl->assign('token', getToken($this->conf)); | ||
83 | // To be removed with a proper theme configuration. | 84 | // To be removed with a proper theme configuration. |
84 | $this->tpl->assign('conf', $this->conf); | 85 | $this->tpl->assign('conf', $this->conf); |
85 | } | 86 | } |
@@ -783,8 +783,6 @@ function renderPage($conf, $pluginManager) | |||
783 | if ($targetPage == Router::$PAGE_LOGIN) | 783 | if ($targetPage == Router::$PAGE_LOGIN) |
784 | { | 784 | { |
785 | if ($conf->get('security.open_shaarli')) { header('Location: ?'); exit; } // No need to login for open Shaarli | 785 | if ($conf->get('security.open_shaarli')) { header('Location: ?'); exit; } // No need to login for open Shaarli |
786 | $token=''; if (ban_canLogin($conf)) $token=getToken($conf); // Do not waste token generation if not useful. | ||
787 | $PAGE->assign('token',$token); | ||
788 | if (isset($_GET['username'])) { | 786 | if (isset($_GET['username'])) { |
789 | $PAGE->assign('username', escape($_GET['username'])); | 787 | $PAGE->assign('username', escape($_GET['username'])); |
790 | } | 788 | } |
@@ -1105,7 +1103,6 @@ function renderPage($conf, $pluginManager) | |||
1105 | } | 1103 | } |
1106 | else // show the change password form. | 1104 | else // show the change password form. |
1107 | { | 1105 | { |
1108 | $PAGE->assign('token',getToken($conf)); | ||
1109 | $PAGE->renderPage('changepassword'); | 1106 | $PAGE->renderPage('changepassword'); |
1110 | exit; | 1107 | exit; |
1111 | } | 1108 | } |
@@ -1152,7 +1149,6 @@ function renderPage($conf, $pluginManager) | |||
1152 | } | 1149 | } |
1153 | else // Show the configuration form. | 1150 | else // Show the configuration form. |
1154 | { | 1151 | { |
1155 | $PAGE->assign('token',getToken($conf)); | ||
1156 | $PAGE->assign('title', $conf->get('general.title')); | 1152 | $PAGE->assign('title', $conf->get('general.title')); |
1157 | $PAGE->assign('redirector', $conf->get('redirector.url')); | 1153 | $PAGE->assign('redirector', $conf->get('redirector.url')); |
1158 | list($timezone_form, $timezone_js) = generateTimeZoneForm($conf->get('general.timezone')); | 1154 | list($timezone_form, $timezone_js) = generateTimeZoneForm($conf->get('general.timezone')); |
@@ -1172,7 +1168,6 @@ function renderPage($conf, $pluginManager) | |||
1172 | if ($targetPage == Router::$PAGE_CHANGETAG) | 1168 | if ($targetPage == Router::$PAGE_CHANGETAG) |
1173 | { | 1169 | { |
1174 | if (empty($_POST['fromtag']) || (empty($_POST['totag']) && isset($_POST['renametag']))) { | 1170 | if (empty($_POST['fromtag']) || (empty($_POST['totag']) && isset($_POST['renametag']))) { |
1175 | $PAGE->assign('token', getToken($conf)); | ||
1176 | $PAGE->assign('tags', $LINKSDB->allTags()); | 1171 | $PAGE->assign('tags', $LINKSDB->allTags()); |
1177 | $PAGE->renderPage('changetag'); | 1172 | $PAGE->renderPage('changetag'); |
1178 | exit; | 1173 | exit; |
@@ -1347,7 +1342,6 @@ function renderPage($conf, $pluginManager) | |||
1347 | $data = array( | 1342 | $data = array( |
1348 | 'link' => $link, | 1343 | 'link' => $link, |
1349 | 'link_is_new' => false, | 1344 | 'link_is_new' => false, |
1350 | 'token' => getToken($conf), | ||
1351 | 'http_referer' => (isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : ''), | 1345 | 'http_referer' => (isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : ''), |
1352 | 'tags' => $LINKSDB->allTags(), | 1346 | 'tags' => $LINKSDB->allTags(), |
1353 | ); | 1347 | ); |
@@ -1414,7 +1408,6 @@ function renderPage($conf, $pluginManager) | |||
1414 | $data = array( | 1408 | $data = array( |
1415 | 'link' => $link, | 1409 | 'link' => $link, |
1416 | 'link_is_new' => $link_is_new, | 1410 | 'link_is_new' => $link_is_new, |
1417 | 'token' => getToken($conf), // XSRF protection. | ||
1418 | 'http_referer' => (isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : ''), | 1411 | 'http_referer' => (isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : ''), |
1419 | 'source' => (isset($_GET['source']) ? $_GET['source'] : ''), | 1412 | 'source' => (isset($_GET['source']) ? $_GET['source'] : ''), |
1420 | 'tags' => $LINKSDB->allTags(), | 1413 | 'tags' => $LINKSDB->allTags(), |
@@ -1492,7 +1485,6 @@ function renderPage($conf, $pluginManager) | |||
1492 | // -------- Show upload/import dialog: | 1485 | // -------- Show upload/import dialog: |
1493 | if ($targetPage == Router::$PAGE_IMPORT) | 1486 | if ($targetPage == Router::$PAGE_IMPORT) |
1494 | { | 1487 | { |
1495 | $PAGE->assign('token',getToken($conf)); | ||
1496 | $PAGE->assign('maxfilesize',getMaxFileSize()); | 1488 | $PAGE->assign('maxfilesize',getMaxFileSize()); |
1497 | $PAGE->renderPage('import'); | 1489 | $PAGE->renderPage('import'); |
1498 | exit; | 1490 | exit; |
@@ -1734,7 +1726,6 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager) | |||
1734 | 'search_term' => $searchterm, | 1726 | 'search_term' => $searchterm, |
1735 | 'search_tags' => $searchtags, | 1727 | 'search_tags' => $searchtags, |
1736 | 'redirector' => $conf->get('redirector.url'), // Optional redirector URL. | 1728 | 'redirector' => $conf->get('redirector.url'), // Optional redirector URL. |
1737 | 'token' => $token, | ||
1738 | 'links' => $linkDisp, | 1729 | 'links' => $linkDisp, |
1739 | 'tags' => $LINKSDB->allTags(), | 1730 | 'tags' => $LINKSDB->allTags(), |
1740 | ); | 1731 | ); |