aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2016-08-06 14:09:26 +0200
committerArthurHoaro <arthur@hoa.ro>2016-08-06 14:09:26 +0200
commitfd5ac47ea27353e641a521b5e1867bfd20ff0512 (patch)
tree9c44157458e9c3de949942ffe82f268113337be7
parentc7a42ab1d9b21bf53cd30bc57b57789716c8711b (diff)
downloadShaarli-fd5ac47ea27353e641a521b5e1867bfd20ff0512.tar.gz
Shaarli-fd5ac47ea27353e641a521b5e1867bfd20ff0512.tar.zst
Shaarli-fd5ac47ea27353e641a521b5e1867bfd20ff0512.zip
Generate a token for every pages
-rw-r--r--application/PageBuilder.php1
-rw-r--r--index.php9
2 files changed, 1 insertions, 9 deletions
diff --git a/application/PageBuilder.php b/application/PageBuilder.php
index 1ca0260a..42932f32 100644
--- a/application/PageBuilder.php
+++ b/application/PageBuilder.php
@@ -80,6 +80,7 @@ class PageBuilder
80 if (!empty($GLOBALS['plugin_errors'])) { 80 if (!empty($GLOBALS['plugin_errors'])) {
81 $this->tpl->assign('plugin_errors', $GLOBALS['plugin_errors']); 81 $this->tpl->assign('plugin_errors', $GLOBALS['plugin_errors']);
82 } 82 }
83 $this->tpl->assign('token', getToken($this->conf));
83 // To be removed with a proper theme configuration. 84 // To be removed with a proper theme configuration.
84 $this->tpl->assign('conf', $this->conf); 85 $this->tpl->assign('conf', $this->conf);
85 } 86 }
diff --git a/index.php b/index.php
index 55b12adc..f7a62c5e 100644
--- a/index.php
+++ b/index.php
@@ -783,8 +783,6 @@ function renderPage($conf, $pluginManager)
783 if ($targetPage == Router::$PAGE_LOGIN) 783 if ($targetPage == Router::$PAGE_LOGIN)
784 { 784 {
785 if ($conf->get('security.open_shaarli')) { header('Location: ?'); exit; } // No need to login for open Shaarli 785 if ($conf->get('security.open_shaarli')) { header('Location: ?'); exit; } // No need to login for open Shaarli
786 $token=''; if (ban_canLogin($conf)) $token=getToken($conf); // Do not waste token generation if not useful.
787 $PAGE->assign('token',$token);
788 if (isset($_GET['username'])) { 786 if (isset($_GET['username'])) {
789 $PAGE->assign('username', escape($_GET['username'])); 787 $PAGE->assign('username', escape($_GET['username']));
790 } 788 }
@@ -1105,7 +1103,6 @@ function renderPage($conf, $pluginManager)
1105 } 1103 }
1106 else // show the change password form. 1104 else // show the change password form.
1107 { 1105 {
1108 $PAGE->assign('token',getToken($conf));
1109 $PAGE->renderPage('changepassword'); 1106 $PAGE->renderPage('changepassword');
1110 exit; 1107 exit;
1111 } 1108 }
@@ -1152,7 +1149,6 @@ function renderPage($conf, $pluginManager)
1152 } 1149 }
1153 else // Show the configuration form. 1150 else // Show the configuration form.
1154 { 1151 {
1155 $PAGE->assign('token',getToken($conf));
1156 $PAGE->assign('title', $conf->get('general.title')); 1152 $PAGE->assign('title', $conf->get('general.title'));
1157 $PAGE->assign('redirector', $conf->get('redirector.url')); 1153 $PAGE->assign('redirector', $conf->get('redirector.url'));
1158 list($timezone_form, $timezone_js) = generateTimeZoneForm($conf->get('general.timezone')); 1154 list($timezone_form, $timezone_js) = generateTimeZoneForm($conf->get('general.timezone'));
@@ -1172,7 +1168,6 @@ function renderPage($conf, $pluginManager)
1172 if ($targetPage == Router::$PAGE_CHANGETAG) 1168 if ($targetPage == Router::$PAGE_CHANGETAG)
1173 { 1169 {
1174 if (empty($_POST['fromtag']) || (empty($_POST['totag']) && isset($_POST['renametag']))) { 1170 if (empty($_POST['fromtag']) || (empty($_POST['totag']) && isset($_POST['renametag']))) {
1175 $PAGE->assign('token', getToken($conf));
1176 $PAGE->assign('tags', $LINKSDB->allTags()); 1171 $PAGE->assign('tags', $LINKSDB->allTags());
1177 $PAGE->renderPage('changetag'); 1172 $PAGE->renderPage('changetag');
1178 exit; 1173 exit;
@@ -1347,7 +1342,6 @@ function renderPage($conf, $pluginManager)
1347 $data = array( 1342 $data = array(
1348 'link' => $link, 1343 'link' => $link,
1349 'link_is_new' => false, 1344 'link_is_new' => false,
1350 'token' => getToken($conf),
1351 'http_referer' => (isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : ''), 1345 'http_referer' => (isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : ''),
1352 'tags' => $LINKSDB->allTags(), 1346 'tags' => $LINKSDB->allTags(),
1353 ); 1347 );
@@ -1414,7 +1408,6 @@ function renderPage($conf, $pluginManager)
1414 $data = array( 1408 $data = array(
1415 'link' => $link, 1409 'link' => $link,
1416 'link_is_new' => $link_is_new, 1410 'link_is_new' => $link_is_new,
1417 'token' => getToken($conf), // XSRF protection.
1418 'http_referer' => (isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : ''), 1411 'http_referer' => (isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : ''),
1419 'source' => (isset($_GET['source']) ? $_GET['source'] : ''), 1412 'source' => (isset($_GET['source']) ? $_GET['source'] : ''),
1420 'tags' => $LINKSDB->allTags(), 1413 'tags' => $LINKSDB->allTags(),
@@ -1492,7 +1485,6 @@ function renderPage($conf, $pluginManager)
1492 // -------- Show upload/import dialog: 1485 // -------- Show upload/import dialog:
1493 if ($targetPage == Router::$PAGE_IMPORT) 1486 if ($targetPage == Router::$PAGE_IMPORT)
1494 { 1487 {
1495 $PAGE->assign('token',getToken($conf));
1496 $PAGE->assign('maxfilesize',getMaxFileSize()); 1488 $PAGE->assign('maxfilesize',getMaxFileSize());
1497 $PAGE->renderPage('import'); 1489 $PAGE->renderPage('import');
1498 exit; 1490 exit;
@@ -1734,7 +1726,6 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
1734 'search_term' => $searchterm, 1726 'search_term' => $searchterm,
1735 'search_tags' => $searchtags, 1727 'search_tags' => $searchtags,
1736 'redirector' => $conf->get('redirector.url'), // Optional redirector URL. 1728 'redirector' => $conf->get('redirector.url'), // Optional redirector URL.
1737 'token' => $token,
1738 'links' => $linkDisp, 1729 'links' => $linkDisp,
1739 'tags' => $LINKSDB->allTags(), 1730 'tags' => $LINKSDB->allTags(),
1740 ); 1731 );