diff options
| author | ArthurHoaro <arthur@hoa.ro> | 2017-10-01 11:02:48 +0200 |
|---|---|---|
| committer | ArthurHoaro <arthur@hoa.ro> | 2017-10-01 11:10:37 +0200 |
| commit | bfe4f536bbfe03f38e0c801bfbd26587a2b64a7f (patch) | |
| tree | 5d5341cb7c72e32b655eca243cc1c33824199b33 /application | |
| parent | a59bbf50d7530d7e82a91896a210b9da49cb1568 (diff) | |
| download | Shaarli-bfe4f536bbfe03f38e0c801bfbd26587a2b64a7f.tar.gz Shaarli-bfe4f536bbfe03f38e0c801bfbd26587a2b64a7f.tar.zst Shaarli-bfe4f536bbfe03f38e0c801bfbd26587a2b64a7f.zip | |
Add a version hash for asset loading to prevent browser's cache issue
The hash is generated using the same salt as the one used for credentials (1 salt per instance) in order to avoid exposing the instance version.
Fixes #965
Diffstat (limited to 'application')
| -rw-r--r-- | application/ApplicationUtils.php | 15 | ||||
| -rw-r--r-- | application/PageBuilder.php | 5 |
2 files changed, 20 insertions, 0 deletions
diff --git a/application/ApplicationUtils.php b/application/ApplicationUtils.php index 85dcbeeb..20fec376 100644 --- a/application/ApplicationUtils.php +++ b/application/ApplicationUtils.php | |||
| @@ -220,4 +220,19 @@ class ApplicationUtils | |||
| 220 | 220 | ||
| 221 | return $errors; | 221 | return $errors; |
| 222 | } | 222 | } |
| 223 | |||
| 224 | /** | ||
| 225 | * Returns a salted hash representing the current Shaarli version. | ||
| 226 | * | ||
| 227 | * Useful for assets browser cache. | ||
| 228 | * | ||
| 229 | * @param string $currentVersion of Shaarli | ||
| 230 | * @param string $salt User personal salt, also used for the authentication | ||
| 231 | * | ||
| 232 | * @return string version hash | ||
| 233 | */ | ||
| 234 | public static function getVersionHash($currentVersion, $salt) | ||
| 235 | { | ||
| 236 | return hash_hmac('sha256', $currentVersion, $salt); | ||
| 237 | } | ||
| 223 | } | 238 | } |
diff --git a/application/PageBuilder.php b/application/PageBuilder.php index 7a42400d..c91b662c 100644 --- a/application/PageBuilder.php +++ b/application/PageBuilder.php | |||
| @@ -76,6 +76,10 @@ class PageBuilder | |||
| 76 | $this->tpl->assign('searchcrits', $searchcrits); | 76 | $this->tpl->assign('searchcrits', $searchcrits); |
| 77 | $this->tpl->assign('source', index_url($_SERVER)); | 77 | $this->tpl->assign('source', index_url($_SERVER)); |
| 78 | $this->tpl->assign('version', shaarli_version); | 78 | $this->tpl->assign('version', shaarli_version); |
| 79 | $this->tpl->assign( | ||
| 80 | 'version_hash', | ||
| 81 | ApplicationUtils::getVersionHash(SHAARLI_VERSION, $this->conf->get('credentials.salt')) | ||
| 82 | ); | ||
| 79 | $this->tpl->assign('scripturl', index_url($_SERVER)); | 83 | $this->tpl->assign('scripturl', index_url($_SERVER)); |
| 80 | $this->tpl->assign('privateonly', !empty($_SESSION['privateonly'])); // Show only private links? | 84 | $this->tpl->assign('privateonly', !empty($_SESSION['privateonly'])); // Show only private links? |
| 81 | $this->tpl->assign('untaggedonly', !empty($_SESSION['untaggedonly'])); | 85 | $this->tpl->assign('untaggedonly', !empty($_SESSION['untaggedonly'])); |
| @@ -89,6 +93,7 @@ class PageBuilder | |||
| 89 | $this->tpl->assign('feed_type', $this->conf->get('feed.show_atom', true) !== false ? 'atom' : 'rss'); | 93 | $this->tpl->assign('feed_type', $this->conf->get('feed.show_atom', true) !== false ? 'atom' : 'rss'); |
| 90 | $this->tpl->assign('hide_timestamps', $this->conf->get('privacy.hide_timestamps', false)); | 94 | $this->tpl->assign('hide_timestamps', $this->conf->get('privacy.hide_timestamps', false)); |
| 91 | $this->tpl->assign('token', getToken($this->conf)); | 95 | $this->tpl->assign('token', getToken($this->conf)); |
| 96 | |||
| 92 | if ($this->linkDB !== null) { | 97 | if ($this->linkDB !== null) { |
| 93 | $this->tpl->assign('tags', $this->linkDB->linksCountPerTag()); | 98 | $this->tpl->assign('tags', $this->linkDB->linksCountPerTag()); |
| 94 | } | 99 | } |