aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2015-01-08 15:09:46 +0100
committerArthurHoaro <arthur@hoa.ro>2015-01-09 09:47:48 +0100
commitfe16b01edb80ac2f2212125fadba8358dff91b95 (patch)
treec19fbb34904a1c5148202d01fa723d29b0e1557d /index.php
parenta2d5ef2127881561bf359390fac2d8d336a37335 (diff)
downloadShaarli-fe16b01edb80ac2f2212125fadba8358dff91b95.tar.gz
Shaarli-fe16b01edb80ac2f2212125fadba8358dff91b95.tar.zst
Shaarli-fe16b01edb80ac2f2212125fadba8358dff91b95.zip
* removed the language attribute on the script element since it is obsolete and we can safely omit it.
* make QRCode JS works with IE : * behave as a normal link if canvas aren't supported (<=IE8) * default parameter values in JS aren't widely supported (see: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions/Default_parameters ), use this method instead: http://stackoverflow.com/a/148918/1484919 * dataset isn't supported in IE9 use getAttribute instead * addEventListener works with IE9+ and other browsers
Diffstat (limited to 'index.php')
-rw-r--r--index.php30
1 files changed, 15 insertions, 15 deletions
diff --git a/index.php b/index.php
index e50c0181..4cb25ab7 100644
--- a/index.php
+++ b/index.php
@@ -430,7 +430,7 @@ if (isset($_POST['login']))
430 ban_loginFailed(); 430 ban_loginFailed();
431 $redir = ''; 431 $redir = '';
432 if (isset($_GET['post'])) { $redir = '&post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):''); } 432 if (isset($_GET['post'])) { $redir = '&post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):''); }
433 echo '<script language="JavaScript">alert("Wrong login/password.");document.location=\'?do=login'.$redir.'\';</script>'; // Redirect to login screen. 433 echo '<script>alert("Wrong login/password.");document.location=\'?do=login'.$redir.'\';</script>'; // Redirect to login screen.
434 exit; 434 exit;
435 } 435 }
436} 436}
@@ -1387,12 +1387,12 @@ function renderPage()
1387 1387
1388 // Make sure old password is correct. 1388 // Make sure old password is correct.
1389 $oldhash = sha1($_POST['oldpassword'].$GLOBALS['login'].$GLOBALS['salt']); 1389 $oldhash = sha1($_POST['oldpassword'].$GLOBALS['login'].$GLOBALS['salt']);
1390 if ($oldhash!=$GLOBALS['hash']) { echo '<script language="JavaScript">alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>'; exit; } 1390 if ($oldhash!=$GLOBALS['hash']) { echo '<script>alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>'; exit; }
1391 // Save new password 1391 // Save new password
1392 $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless. 1392 $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless.
1393 $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); 1393 $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']);
1394 writeConfig(); 1394 writeConfig();
1395 echo '<script language="JavaScript">alert("Your password has been changed.");document.location=\'?do=tools\';</script>'; 1395 echo '<script>alert("Your password has been changed.");document.location=\'?do=tools\';</script>';
1396 exit; 1396 exit;
1397 } 1397 }
1398 else // show the change password form. 1398 else // show the change password form.
@@ -1423,7 +1423,7 @@ function renderPage()
1423 $GLOBALS['disablejquery']=!empty($_POST['disablejquery']); 1423 $GLOBALS['disablejquery']=!empty($_POST['disablejquery']);
1424 $GLOBALS['privateLinkByDefault']=!empty($_POST['privateLinkByDefault']); 1424 $GLOBALS['privateLinkByDefault']=!empty($_POST['privateLinkByDefault']);
1425 writeConfig(); 1425 writeConfig();
1426 echo '<script language="JavaScript">alert("Configuration was saved.");document.location=\'?do=tools\';</script>'; 1426 echo '<script>alert("Configuration was saved.");document.location=\'?do=tools\';</script>';
1427 exit; 1427 exit;
1428 } 1428 }
1429 else // Show the configuration form. 1429 else // Show the configuration form.
@@ -1467,7 +1467,7 @@ function renderPage()
1467 $LINKSDB[$key]=$value; 1467 $LINKSDB[$key]=$value;
1468 } 1468 }
1469 $LINKSDB->savedb(); // Save to disk. 1469 $LINKSDB->savedb(); // Save to disk.
1470 echo '<script language="JavaScript">alert("Tag was removed from '.count($linksToAlter).' links.");document.location=\'?\';</script>'; 1470 echo '<script>alert("Tag was removed from '.count($linksToAlter).' links.");document.location=\'?\';</script>';
1471 exit; 1471 exit;
1472 } 1472 }
1473 1473
@@ -1484,7 +1484,7 @@ function renderPage()
1484 $LINKSDB[$key]=$value; 1484 $LINKSDB[$key]=$value;
1485 } 1485 }
1486 $LINKSDB->savedb(); // Save to disk. 1486 $LINKSDB->savedb(); // Save to disk.
1487 echo '<script language="JavaScript">alert("Tag was renamed in '.count($linksToAlter).' links.");document.location=\'?searchtags='.urlencode($_POST['totag']).'\';</script>'; 1487 echo '<script>alert("Tag was renamed in '.count($linksToAlter).' links.");document.location=\'?searchtags='.urlencode($_POST['totag']).'\';</script>';
1488 exit; 1488 exit;
1489 } 1489 }
1490 } 1490 }
@@ -1515,7 +1515,7 @@ function renderPage()
1515 pubsubhub(); 1515 pubsubhub();
1516 1516
1517 // If we are called from the bookmarklet, we must close the popup: 1517 // If we are called from the bookmarklet, we must close the popup:
1518 if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo '<script language="JavaScript">self.close();</script>'; exit; } 1518 if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo '<script>self.close();</script>'; exit; }
1519 $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' ); 1519 $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' );
1520 $returnurl .= '#'.smallHash($linkdate); // Scroll to the link which has been edited. 1520 $returnurl .= '#'.smallHash($linkdate); // Scroll to the link which has been edited.
1521 header('Location: '.$returnurl); // After saving the link, redirect to the page the user was on. 1521 header('Location: '.$returnurl); // After saving the link, redirect to the page the user was on.
@@ -1526,7 +1526,7 @@ function renderPage()
1526 if (isset($_POST['cancel_edit'])) 1526 if (isset($_POST['cancel_edit']))
1527 { 1527 {
1528 // If we are called from the bookmarklet, we must close the popup: 1528 // If we are called from the bookmarklet, we must close the popup:
1529 if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo '<script language="JavaScript">self.close();</script>'; exit; } 1529 if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo '<script>self.close();</script>'; exit; }
1530 $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' ); 1530 $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' );
1531 $returnurl .= '#'.smallHash($_POST['lf_linkdate']); // Scroll to the link which has been edited. 1531 $returnurl .= '#'.smallHash($_POST['lf_linkdate']); // Scroll to the link which has been edited.
1532 header('Location: '.$returnurl); // After canceling, redirect to the page the user was on. 1532 header('Location: '.$returnurl); // After canceling, redirect to the page the user was on.
@@ -1545,7 +1545,7 @@ function renderPage()
1545 $LINKSDB->savedb(); // save to disk 1545 $LINKSDB->savedb(); // save to disk
1546 1546
1547 // If we are called from the bookmarklet, we must close the popup: 1547 // If we are called from the bookmarklet, we must close the popup:
1548 if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo '<script language="JavaScript">self.close();</script>'; exit; } 1548 if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo '<script>self.close();</script>'; exit; }
1549 header('Location: ?'); // After deleting the link, redirect to the home page. 1549 header('Location: ?'); // After deleting the link, redirect to the home page.
1550 exit; 1550 exit;
1551 } 1551 }
@@ -1681,7 +1681,7 @@ HTML;
1681 if (!isset($_POST['token']) || (!isset($_FILES)) || (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size']==0)) 1681 if (!isset($_POST['token']) || (!isset($_FILES)) || (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size']==0))
1682 { 1682 {
1683 $returnurl = ( empty($_SERVER['HTTP_REFERER']) ? '?' : $_SERVER['HTTP_REFERER'] ); 1683 $returnurl = ( empty($_SERVER['HTTP_REFERER']) ? '?' : $_SERVER['HTTP_REFERER'] );
1684 echo '<script language="JavaScript">alert("The file you are trying to upload is probably bigger than what this webserver can accept ('.getMaxFileSize().' bytes). Please upload in smaller chunks.");document.location=\''.htmlspecialchars($returnurl).'\';</script>'; 1684 echo '<script>alert("The file you are trying to upload is probably bigger than what this webserver can accept ('.getMaxFileSize().' bytes). Please upload in smaller chunks.");document.location=\''.htmlspecialchars($returnurl).'\';</script>';
1685 exit; 1685 exit;
1686 } 1686 }
1687 if (!tokenOk($_POST['token'])) die('Wrong token.'); 1687 if (!tokenOk($_POST['token'])) die('Wrong token.');
@@ -1785,11 +1785,11 @@ function importFile()
1785 } 1785 }
1786 $LINKSDB->savedb(); 1786 $LINKSDB->savedb();
1787 1787
1788 echo '<script language="JavaScript">alert("File '.json_encode($filename).' ('.$filesize.' bytes) was successfully processed: '.$import_count.' links imported.");document.location=\'?\';</script>'; 1788 echo '<script>alert("File '.json_encode($filename).' ('.$filesize.' bytes) was successfully processed: '.$import_count.' links imported.");document.location=\'?\';</script>';
1789 } 1789 }
1790 else 1790 else
1791 { 1791 {
1792 echo '<script language="JavaScript">alert("File '.json_encode($filename).' ('.$filesize.' bytes) has an unknown file format. Nothing was imported.");document.location=\'?\';</script>'; 1792 echo '<script>alert("File '.json_encode($filename).' ('.$filesize.' bytes) has an unknown file format. Nothing was imported.");document.location=\'?\';</script>';
1793 } 1793 }
1794} 1794}
1795 1795
@@ -2123,7 +2123,7 @@ function install()
2123 $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); 2123 $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']);
2124 $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.htmlspecialchars(indexUrl()) : $_POST['title'] ); 2124 $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.htmlspecialchars(indexUrl()) : $_POST['title'] );
2125 writeConfig(); 2125 writeConfig();
2126 echo '<script language="JavaScript">alert("Shaarli is now configured. Please enter your login/password and start shaaring your links!");document.location=\'?do=login\';</script>'; 2126 echo '<script>alert("Shaarli is now configured. Please enter your login/password and start shaaring your links!");document.location=\'?do=login\';</script>';
2127 exit; 2127 exit;
2128 } 2128 }
2129 2129
@@ -2177,7 +2177,7 @@ function templateTZform($ptz=false)
2177 $cities_html = $cities[$pcontinent]; 2177 $cities_html = $cities[$pcontinent];
2178 $timezone_form = "Continent: <select name=\"continent\" id=\"continent\" onChange=\"onChangecontinent();\">${continents_html}</select>"; 2178 $timezone_form = "Continent: <select name=\"continent\" id=\"continent\" onChange=\"onChangecontinent();\">${continents_html}</select>";
2179 $timezone_form .= "&nbsp;&nbsp;&nbsp;&nbsp;City: <select name=\"city\" id=\"city\">${cities[$pcontinent]}</select><br />"; 2179 $timezone_form .= "&nbsp;&nbsp;&nbsp;&nbsp;City: <select name=\"city\" id=\"city\">${cities[$pcontinent]}</select><br />";
2180 $timezone_js = "<script language=\"JavaScript\">"; 2180 $timezone_js = "<script>";
2181 $timezone_js .= "function onChangecontinent(){document.getElementById(\"city\").innerHTML = citiescontinent[document.getElementById(\"continent\").value];}"; 2181 $timezone_js .= "function onChangecontinent(){document.getElementById(\"city\").innerHTML = citiescontinent[document.getElementById(\"continent\").value];}";
2182 $timezone_js .= "var citiescontinent = ".json_encode($cities).";" ; 2182 $timezone_js .= "var citiescontinent = ".json_encode($cities).";" ;
2183 $timezone_js .= "</script>" ; 2183 $timezone_js .= "</script>" ;
@@ -2292,7 +2292,7 @@ function writeConfig()
2292 $config .= ' ?>'; 2292 $config .= ' ?>';
2293 if (!file_put_contents($GLOBALS['config']['CONFIG_FILE'],$config) || strcmp(file_get_contents($GLOBALS['config']['CONFIG_FILE']),$config)!=0) 2293 if (!file_put_contents($GLOBALS['config']['CONFIG_FILE'],$config) || strcmp(file_get_contents($GLOBALS['config']['CONFIG_FILE']),$config)!=0)
2294 { 2294 {
2295 echo '<script language="JavaScript">alert("Shaarli could not create the config file. Please make sure Shaarli has the right to write in the folder is it installed in.");document.location=\'?\';</script>'; 2295 echo '<script>alert("Shaarli could not create the config file. Please make sure Shaarli has the right to write in the folder is it installed in.");document.location=\'?\';</script>';
2296 exit; 2296 exit;
2297 } 2297 }
2298} 2298}