aboutsummaryrefslogtreecommitdiffhomepage
path: root/application
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2017-10-01 11:02:48 +0200
committerArthurHoaro <arthur@hoa.ro>2017-10-01 11:10:37 +0200
commitbfe4f536bbfe03f38e0c801bfbd26587a2b64a7f (patch)
tree5d5341cb7c72e32b655eca243cc1c33824199b33 /application
parenta59bbf50d7530d7e82a91896a210b9da49cb1568 (diff)
downloadShaarli-bfe4f536bbfe03f38e0c801bfbd26587a2b64a7f.tar.gz
Shaarli-bfe4f536bbfe03f38e0c801bfbd26587a2b64a7f.tar.zst
Shaarli-bfe4f536bbfe03f38e0c801bfbd26587a2b64a7f.zip
Add a version hash for asset loading to prevent browser's cache issue
The hash is generated using the same salt as the one used for credentials (1 salt per instance) in order to avoid exposing the instance version. Fixes #965
Diffstat (limited to 'application')
-rw-r--r--application/ApplicationUtils.php15
-rw-r--r--application/PageBuilder.php5
2 files changed, 20 insertions, 0 deletions
diff --git a/application/ApplicationUtils.php b/application/ApplicationUtils.php
index 85dcbeeb..20fec376 100644
--- a/application/ApplicationUtils.php
+++ b/application/ApplicationUtils.php
@@ -220,4 +220,19 @@ class ApplicationUtils
220 220
221 return $errors; 221 return $errors;
222 } 222 }
223
224 /**
225 * Returns a salted hash representing the current Shaarli version.
226 *
227 * Useful for assets browser cache.
228 *
229 * @param string $currentVersion of Shaarli
230 * @param string $salt User personal salt, also used for the authentication
231 *
232 * @return string version hash
233 */
234 public static function getVersionHash($currentVersion, $salt)
235 {
236 return hash_hmac('sha256', $currentVersion, $salt);
237 }
223} 238}
diff --git a/application/PageBuilder.php b/application/PageBuilder.php
index 7a42400d..c91b662c 100644
--- a/application/PageBuilder.php
+++ b/application/PageBuilder.php
@@ -76,6 +76,10 @@ class PageBuilder
76 $this->tpl->assign('searchcrits', $searchcrits); 76 $this->tpl->assign('searchcrits', $searchcrits);
77 $this->tpl->assign('source', index_url($_SERVER)); 77 $this->tpl->assign('source', index_url($_SERVER));
78 $this->tpl->assign('version', shaarli_version); 78 $this->tpl->assign('version', shaarli_version);
79 $this->tpl->assign(
80 'version_hash',
81 ApplicationUtils::getVersionHash(SHAARLI_VERSION, $this->conf->get('credentials.salt'))
82 );
79 $this->tpl->assign('scripturl', index_url($_SERVER)); 83 $this->tpl->assign('scripturl', index_url($_SERVER));
80 $this->tpl->assign('privateonly', !empty($_SESSION['privateonly'])); // Show only private links? 84 $this->tpl->assign('privateonly', !empty($_SESSION['privateonly'])); // Show only private links?
81 $this->tpl->assign('untaggedonly', !empty($_SESSION['untaggedonly'])); 85 $this->tpl->assign('untaggedonly', !empty($_SESSION['untaggedonly']));
@@ -89,6 +93,7 @@ class PageBuilder
89 $this->tpl->assign('feed_type', $this->conf->get('feed.show_atom', true) !== false ? 'atom' : 'rss'); 93 $this->tpl->assign('feed_type', $this->conf->get('feed.show_atom', true) !== false ? 'atom' : 'rss');
90 $this->tpl->assign('hide_timestamps', $this->conf->get('privacy.hide_timestamps', false)); 94 $this->tpl->assign('hide_timestamps', $this->conf->get('privacy.hide_timestamps', false));
91 $this->tpl->assign('token', getToken($this->conf)); 95 $this->tpl->assign('token', getToken($this->conf));
96
92 if ($this->linkDB !== null) { 97 if ($this->linkDB !== null) {
93 $this->tpl->assign('tags', $this->linkDB->linksCountPerTag()); 98 $this->tpl->assign('tags', $this->linkDB->linksCountPerTag());
94 } 99 }