diff options
| author | ArthurHoaro <arthur@hoa.ro> | 2017-10-01 11:02:48 +0200 |
|---|---|---|
| committer | ArthurHoaro <arthur@hoa.ro> | 2017-10-01 11:10:37 +0200 |
| commit | bfe4f536bbfe03f38e0c801bfbd26587a2b64a7f (patch) | |
| tree | 5d5341cb7c72e32b655eca243cc1c33824199b33 | |
| parent | a59bbf50d7530d7e82a91896a210b9da49cb1568 (diff) | |
| download | Shaarli-bfe4f536bbfe03f38e0c801bfbd26587a2b64a7f.tar.gz Shaarli-bfe4f536bbfe03f38e0c801bfbd26587a2b64a7f.tar.zst Shaarli-bfe4f536bbfe03f38e0c801bfbd26587a2b64a7f.zip | |
Add a version hash for asset loading to prevent browser's cache issue
The hash is generated using the same salt as the one used for credentials (1 salt per instance) in order to avoid exposing the instance version.
Fixes #965
| -rw-r--r-- | application/ApplicationUtils.php | 15 | ||||
| -rw-r--r-- | application/PageBuilder.php | 5 | ||||
| -rw-r--r-- | tpl/default/includes.html | 14 | ||||
| -rw-r--r-- | tpl/default/page.footer.html | 6 |
4 files changed, 30 insertions, 10 deletions
diff --git a/application/ApplicationUtils.php b/application/ApplicationUtils.php index 85dcbeeb..20fec376 100644 --- a/application/ApplicationUtils.php +++ b/application/ApplicationUtils.php | |||
| @@ -220,4 +220,19 @@ class ApplicationUtils | |||
| 220 | 220 | ||
| 221 | return $errors; | 221 | return $errors; |
| 222 | } | 222 | } |
| 223 | |||
| 224 | /** | ||
| 225 | * Returns a salted hash representing the current Shaarli version. | ||
| 226 | * | ||
| 227 | * Useful for assets browser cache. | ||
| 228 | * | ||
| 229 | * @param string $currentVersion of Shaarli | ||
| 230 | * @param string $salt User personal salt, also used for the authentication | ||
| 231 | * | ||
| 232 | * @return string version hash | ||
| 233 | */ | ||
| 234 | public static function getVersionHash($currentVersion, $salt) | ||
| 235 | { | ||
| 236 | return hash_hmac('sha256', $currentVersion, $salt); | ||
| 237 | } | ||
| 223 | } | 238 | } |
diff --git a/application/PageBuilder.php b/application/PageBuilder.php index 7a42400d..c91b662c 100644 --- a/application/PageBuilder.php +++ b/application/PageBuilder.php | |||
| @@ -76,6 +76,10 @@ class PageBuilder | |||
| 76 | $this->tpl->assign('searchcrits', $searchcrits); | 76 | $this->tpl->assign('searchcrits', $searchcrits); |
| 77 | $this->tpl->assign('source', index_url($_SERVER)); | 77 | $this->tpl->assign('source', index_url($_SERVER)); |
| 78 | $this->tpl->assign('version', shaarli_version); | 78 | $this->tpl->assign('version', shaarli_version); |
| 79 | $this->tpl->assign( | ||
| 80 | 'version_hash', | ||
| 81 | ApplicationUtils::getVersionHash(SHAARLI_VERSION, $this->conf->get('credentials.salt')) | ||
| 82 | ); | ||
| 79 | $this->tpl->assign('scripturl', index_url($_SERVER)); | 83 | $this->tpl->assign('scripturl', index_url($_SERVER)); |
| 80 | $this->tpl->assign('privateonly', !empty($_SESSION['privateonly'])); // Show only private links? | 84 | $this->tpl->assign('privateonly', !empty($_SESSION['privateonly'])); // Show only private links? |
| 81 | $this->tpl->assign('untaggedonly', !empty($_SESSION['untaggedonly'])); | 85 | $this->tpl->assign('untaggedonly', !empty($_SESSION['untaggedonly'])); |
| @@ -89,6 +93,7 @@ class PageBuilder | |||
| 89 | $this->tpl->assign('feed_type', $this->conf->get('feed.show_atom', true) !== false ? 'atom' : 'rss'); | 93 | $this->tpl->assign('feed_type', $this->conf->get('feed.show_atom', true) !== false ? 'atom' : 'rss'); |
| 90 | $this->tpl->assign('hide_timestamps', $this->conf->get('privacy.hide_timestamps', false)); | 94 | $this->tpl->assign('hide_timestamps', $this->conf->get('privacy.hide_timestamps', false)); |
| 91 | $this->tpl->assign('token', getToken($this->conf)); | 95 | $this->tpl->assign('token', getToken($this->conf)); |
| 96 | |||
| 92 | if ($this->linkDB !== null) { | 97 | if ($this->linkDB !== null) { |
| 93 | $this->tpl->assign('tags', $this->linkDB->linksCountPerTag()); | 98 | $this->tpl->assign('tags', $this->linkDB->linksCountPerTag()); |
| 94 | } | 99 | } |
diff --git a/tpl/default/includes.html b/tpl/default/includes.html index 0350ef66..80c08333 100644 --- a/tpl/default/includes.html +++ b/tpl/default/includes.html | |||
| @@ -5,16 +5,16 @@ | |||
| 5 | <link rel="alternate" type="application/atom+xml" href="{$feedurl}?do=atom{$searchcrits}#" title="ATOM Feed" /> | 5 | <link rel="alternate" type="application/atom+xml" href="{$feedurl}?do=atom{$searchcrits}#" title="ATOM Feed" /> |
| 6 | <link rel="alternate" type="application/rss+xml" href="{$feedurl}?do=rss{$searchcrits}#" title="RSS Feed" /> | 6 | <link rel="alternate" type="application/rss+xml" href="{$feedurl}?do=rss{$searchcrits}#" title="RSS Feed" /> |
| 7 | <link href="img/favicon.png" rel="shortcut icon" type="image/png" /> | 7 | <link href="img/favicon.png" rel="shortcut icon" type="image/png" /> |
| 8 | <link type="text/css" rel="stylesheet" href="css/pure.min.css" /> | 8 | <link type="text/css" rel="stylesheet" href="css/pure.min.css?v={$version_hash}" /> |
| 9 | <link type="text/css" rel="stylesheet" href="css/grids-responsive.min.css"> | 9 | <link type="text/css" rel="stylesheet" href="css/grids-responsive.min.css?v={$version_hash}"> |
| 10 | <link type="text/css" rel="stylesheet" href="css/pure-extras.css"> | 10 | <link type="text/css" rel="stylesheet" href="css/pure-extras.css?v={$version_hash}"> |
| 11 | <link type="text/css" rel="stylesheet" href="css/font-awesome.min.css" /> | 11 | <link type="text/css" rel="stylesheet" href="css/font-awesome.min.css?v={$version_hash}" /> |
| 12 | <link type="text/css" rel="stylesheet" href="inc/awesomplete.css#" /> | 12 | <link type="text/css" rel="stylesheet" href="inc/awesomplete.css?v={$version_hash}#" /> |
| 13 | <link type="text/css" rel="stylesheet" href="css/shaarli.css" /> | 13 | <link type="text/css" rel="stylesheet" href="css/shaarli.css?v={$version_hash}" /> |
| 14 | {if="is_file('data/user.css')"} | 14 | {if="is_file('data/user.css')"} |
| 15 | <link type="text/css" rel="stylesheet" href="data/user.css#" /> | 15 | <link type="text/css" rel="stylesheet" href="data/user.css#" /> |
| 16 | {/if} | 16 | {/if} |
| 17 | {loop="$plugins_includes.css_files"} | 17 | {loop="$plugins_includes.css_files"} |
| 18 | <link type="text/css" rel="stylesheet" href="{$value}#"/> | 18 | <link type="text/css" rel="stylesheet" href="{$value}?v={$version_hash}#"/> |
| 19 | {/loop} | 19 | {/loop} |
| 20 | <link rel="search" type="application/opensearchdescription+xml" href="?do=opensearch#" title="Shaarli search - {$shaarlititle}"/> \ No newline at end of file | 20 | <link rel="search" type="application/opensearchdescription+xml" href="?do=opensearch#" title="Shaarli search - {$shaarlititle}"/> \ No newline at end of file |
diff --git a/tpl/default/page.footer.html b/tpl/default/page.footer.html index 94f771a2..54b16e8a 100644 --- a/tpl/default/page.footer.html +++ b/tpl/default/page.footer.html | |||
| @@ -27,6 +27,6 @@ | |||
| 27 | <script src="{$value}#"></script> | 27 | <script src="{$value}#"></script> |
| 28 | {/loop} | 28 | {/loop} |
| 29 | 29 | ||
| 30 | <script src="js/shaarli.js"></script> | 30 | <script src="js/shaarli.js?v={$version_hash}"></script> |
| 31 | <script src="inc/awesomplete.js#"></script> | 31 | <script src="inc/awesomplete.js?v={$version_hash}#"></script> |
| 32 | <script src="inc/awesomplete-multiple-tags.js#"></script> | 32 | <script src="inc/awesomplete-multiple-tags.js?v={$version_hash}#"></script> |