diff options
| author | nodiscc <nodiscc@gmail.com> | 2015-01-11 14:56:22 +0100 |
|---|---|---|
| committer | nodiscc <nodiscc@gmail.com> | 2015-01-11 14:56:22 +0100 |
| commit | 486f25a5f4ab2a9191618edcb89ebb61350ff600 (patch) | |
| tree | c19fbb34904a1c5148202d01fa723d29b0e1557d /index.php | |
| parent | a2d5ef2127881561bf359390fac2d8d336a37335 (diff) | |
| parent | fe16b01edb80ac2f2212125fadba8358dff91b95 (diff) | |
| download | Shaarli-486f25a5f4ab2a9191618edcb89ebb61350ff600.tar.gz Shaarli-486f25a5f4ab2a9191618edcb89ebb61350ff600.tar.zst Shaarli-486f25a5f4ab2a9191618edcb89ebb61350ff600.zip | |
Merge pull request #93 from ArthurHoaro/scripttag
Remove language attribute on script tag and improve QRCode JS
Diffstat (limited to 'index.php')
| -rw-r--r-- | index.php | 30 |
1 files changed, 15 insertions, 15 deletions
| @@ -430,7 +430,7 @@ if (isset($_POST['login'])) | |||
| 430 | ban_loginFailed(); | 430 | ban_loginFailed(); |
| 431 | $redir = ''; | 431 | $redir = ''; |
| 432 | if (isset($_GET['post'])) { $redir = '&post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):''); } | 432 | if (isset($_GET['post'])) { $redir = '&post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):''); } |
| 433 | echo '<script language="JavaScript">alert("Wrong login/password.");document.location=\'?do=login'.$redir.'\';</script>'; // Redirect to login screen. | 433 | echo '<script>alert("Wrong login/password.");document.location=\'?do=login'.$redir.'\';</script>'; // Redirect to login screen. |
| 434 | exit; | 434 | exit; |
| 435 | } | 435 | } |
| 436 | } | 436 | } |
| @@ -1387,12 +1387,12 @@ function renderPage() | |||
| 1387 | 1387 | ||
| 1388 | // Make sure old password is correct. | 1388 | // Make sure old password is correct. |
| 1389 | $oldhash = sha1($_POST['oldpassword'].$GLOBALS['login'].$GLOBALS['salt']); | 1389 | $oldhash = sha1($_POST['oldpassword'].$GLOBALS['login'].$GLOBALS['salt']); |
| 1390 | if ($oldhash!=$GLOBALS['hash']) { echo '<script language="JavaScript">alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>'; exit; } | 1390 | if ($oldhash!=$GLOBALS['hash']) { echo '<script>alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>'; exit; } |
| 1391 | // Save new password | 1391 | // Save new password |
| 1392 | $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless. | 1392 | $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless. |
| 1393 | $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); | 1393 | $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); |
| 1394 | writeConfig(); | 1394 | writeConfig(); |
| 1395 | echo '<script language="JavaScript">alert("Your password has been changed.");document.location=\'?do=tools\';</script>'; | 1395 | echo '<script>alert("Your password has been changed.");document.location=\'?do=tools\';</script>'; |
| 1396 | exit; | 1396 | exit; |
| 1397 | } | 1397 | } |
| 1398 | else // show the change password form. | 1398 | else // show the change password form. |
| @@ -1423,7 +1423,7 @@ function renderPage() | |||
| 1423 | $GLOBALS['disablejquery']=!empty($_POST['disablejquery']); | 1423 | $GLOBALS['disablejquery']=!empty($_POST['disablejquery']); |
| 1424 | $GLOBALS['privateLinkByDefault']=!empty($_POST['privateLinkByDefault']); | 1424 | $GLOBALS['privateLinkByDefault']=!empty($_POST['privateLinkByDefault']); |
| 1425 | writeConfig(); | 1425 | writeConfig(); |
| 1426 | echo '<script language="JavaScript">alert("Configuration was saved.");document.location=\'?do=tools\';</script>'; | 1426 | echo '<script>alert("Configuration was saved.");document.location=\'?do=tools\';</script>'; |
| 1427 | exit; | 1427 | exit; |
| 1428 | } | 1428 | } |
| 1429 | else // Show the configuration form. | 1429 | else // Show the configuration form. |
| @@ -1467,7 +1467,7 @@ function renderPage() | |||
| 1467 | $LINKSDB[$key]=$value; | 1467 | $LINKSDB[$key]=$value; |
| 1468 | } | 1468 | } |
| 1469 | $LINKSDB->savedb(); // Save to disk. | 1469 | $LINKSDB->savedb(); // Save to disk. |
| 1470 | echo '<script language="JavaScript">alert("Tag was removed from '.count($linksToAlter).' links.");document.location=\'?\';</script>'; | 1470 | echo '<script>alert("Tag was removed from '.count($linksToAlter).' links.");document.location=\'?\';</script>'; |
| 1471 | exit; | 1471 | exit; |
| 1472 | } | 1472 | } |
| 1473 | 1473 | ||
| @@ -1484,7 +1484,7 @@ function renderPage() | |||
| 1484 | $LINKSDB[$key]=$value; | 1484 | $LINKSDB[$key]=$value; |
| 1485 | } | 1485 | } |
| 1486 | $LINKSDB->savedb(); // Save to disk. | 1486 | $LINKSDB->savedb(); // Save to disk. |
| 1487 | echo '<script language="JavaScript">alert("Tag was renamed in '.count($linksToAlter).' links.");document.location=\'?searchtags='.urlencode($_POST['totag']).'\';</script>'; | 1487 | echo '<script>alert("Tag was renamed in '.count($linksToAlter).' links.");document.location=\'?searchtags='.urlencode($_POST['totag']).'\';</script>'; |
| 1488 | exit; | 1488 | exit; |
| 1489 | } | 1489 | } |
| 1490 | } | 1490 | } |
| @@ -1515,7 +1515,7 @@ function renderPage() | |||
| 1515 | pubsubhub(); | 1515 | pubsubhub(); |
| 1516 | 1516 | ||
| 1517 | // If we are called from the bookmarklet, we must close the popup: | 1517 | // If we are called from the bookmarklet, we must close the popup: |
| 1518 | if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo '<script language="JavaScript">self.close();</script>'; exit; } | 1518 | if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo '<script>self.close();</script>'; exit; } |
| 1519 | $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' ); | 1519 | $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' ); |
| 1520 | $returnurl .= '#'.smallHash($linkdate); // Scroll to the link which has been edited. | 1520 | $returnurl .= '#'.smallHash($linkdate); // Scroll to the link which has been edited. |
| 1521 | header('Location: '.$returnurl); // After saving the link, redirect to the page the user was on. | 1521 | header('Location: '.$returnurl); // After saving the link, redirect to the page the user was on. |
| @@ -1526,7 +1526,7 @@ function renderPage() | |||
| 1526 | if (isset($_POST['cancel_edit'])) | 1526 | if (isset($_POST['cancel_edit'])) |
| 1527 | { | 1527 | { |
| 1528 | // If we are called from the bookmarklet, we must close the popup: | 1528 | // If we are called from the bookmarklet, we must close the popup: |
| 1529 | if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo '<script language="JavaScript">self.close();</script>'; exit; } | 1529 | if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo '<script>self.close();</script>'; exit; } |
| 1530 | $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' ); | 1530 | $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' ); |
| 1531 | $returnurl .= '#'.smallHash($_POST['lf_linkdate']); // Scroll to the link which has been edited. | 1531 | $returnurl .= '#'.smallHash($_POST['lf_linkdate']); // Scroll to the link which has been edited. |
| 1532 | header('Location: '.$returnurl); // After canceling, redirect to the page the user was on. | 1532 | header('Location: '.$returnurl); // After canceling, redirect to the page the user was on. |
| @@ -1545,7 +1545,7 @@ function renderPage() | |||
| 1545 | $LINKSDB->savedb(); // save to disk | 1545 | $LINKSDB->savedb(); // save to disk |
| 1546 | 1546 | ||
| 1547 | // If we are called from the bookmarklet, we must close the popup: | 1547 | // If we are called from the bookmarklet, we must close the popup: |
| 1548 | if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo '<script language="JavaScript">self.close();</script>'; exit; } | 1548 | if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo '<script>self.close();</script>'; exit; } |
| 1549 | header('Location: ?'); // After deleting the link, redirect to the home page. | 1549 | header('Location: ?'); // After deleting the link, redirect to the home page. |
| 1550 | exit; | 1550 | exit; |
| 1551 | } | 1551 | } |
| @@ -1681,7 +1681,7 @@ HTML; | |||
| 1681 | if (!isset($_POST['token']) || (!isset($_FILES)) || (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size']==0)) | 1681 | if (!isset($_POST['token']) || (!isset($_FILES)) || (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size']==0)) |
| 1682 | { | 1682 | { |
| 1683 | $returnurl = ( empty($_SERVER['HTTP_REFERER']) ? '?' : $_SERVER['HTTP_REFERER'] ); | 1683 | $returnurl = ( empty($_SERVER['HTTP_REFERER']) ? '?' : $_SERVER['HTTP_REFERER'] ); |
| 1684 | echo '<script language="JavaScript">alert("The file you are trying to upload is probably bigger than what this webserver can accept ('.getMaxFileSize().' bytes). Please upload in smaller chunks.");document.location=\''.htmlspecialchars($returnurl).'\';</script>'; | 1684 | echo '<script>alert("The file you are trying to upload is probably bigger than what this webserver can accept ('.getMaxFileSize().' bytes). Please upload in smaller chunks.");document.location=\''.htmlspecialchars($returnurl).'\';</script>'; |
| 1685 | exit; | 1685 | exit; |
| 1686 | } | 1686 | } |
| 1687 | if (!tokenOk($_POST['token'])) die('Wrong token.'); | 1687 | if (!tokenOk($_POST['token'])) die('Wrong token.'); |
| @@ -1785,11 +1785,11 @@ function importFile() | |||
| 1785 | } | 1785 | } |
| 1786 | $LINKSDB->savedb(); | 1786 | $LINKSDB->savedb(); |
| 1787 | 1787 | ||
| 1788 | echo '<script language="JavaScript">alert("File '.json_encode($filename).' ('.$filesize.' bytes) was successfully processed: '.$import_count.' links imported.");document.location=\'?\';</script>'; | 1788 | echo '<script>alert("File '.json_encode($filename).' ('.$filesize.' bytes) was successfully processed: '.$import_count.' links imported.");document.location=\'?\';</script>'; |
| 1789 | } | 1789 | } |
| 1790 | else | 1790 | else |
| 1791 | { | 1791 | { |
| 1792 | echo '<script language="JavaScript">alert("File '.json_encode($filename).' ('.$filesize.' bytes) has an unknown file format. Nothing was imported.");document.location=\'?\';</script>'; | 1792 | echo '<script>alert("File '.json_encode($filename).' ('.$filesize.' bytes) has an unknown file format. Nothing was imported.");document.location=\'?\';</script>'; |
| 1793 | } | 1793 | } |
| 1794 | } | 1794 | } |
| 1795 | 1795 | ||
| @@ -2123,7 +2123,7 @@ function install() | |||
| 2123 | $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); | 2123 | $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); |
| 2124 | $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.htmlspecialchars(indexUrl()) : $_POST['title'] ); | 2124 | $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.htmlspecialchars(indexUrl()) : $_POST['title'] ); |
| 2125 | writeConfig(); | 2125 | writeConfig(); |
| 2126 | echo '<script language="JavaScript">alert("Shaarli is now configured. Please enter your login/password and start shaaring your links!");document.location=\'?do=login\';</script>'; | 2126 | echo '<script>alert("Shaarli is now configured. Please enter your login/password and start shaaring your links!");document.location=\'?do=login\';</script>'; |
| 2127 | exit; | 2127 | exit; |
| 2128 | } | 2128 | } |
| 2129 | 2129 | ||
| @@ -2177,7 +2177,7 @@ function templateTZform($ptz=false) | |||
| 2177 | $cities_html = $cities[$pcontinent]; | 2177 | $cities_html = $cities[$pcontinent]; |
| 2178 | $timezone_form = "Continent: <select name=\"continent\" id=\"continent\" onChange=\"onChangecontinent();\">${continents_html}</select>"; | 2178 | $timezone_form = "Continent: <select name=\"continent\" id=\"continent\" onChange=\"onChangecontinent();\">${continents_html}</select>"; |
| 2179 | $timezone_form .= " City: <select name=\"city\" id=\"city\">${cities[$pcontinent]}</select><br />"; | 2179 | $timezone_form .= " City: <select name=\"city\" id=\"city\">${cities[$pcontinent]}</select><br />"; |
| 2180 | $timezone_js = "<script language=\"JavaScript\">"; | 2180 | $timezone_js = "<script>"; |
| 2181 | $timezone_js .= "function onChangecontinent(){document.getElementById(\"city\").innerHTML = citiescontinent[document.getElementById(\"continent\").value];}"; | 2181 | $timezone_js .= "function onChangecontinent(){document.getElementById(\"city\").innerHTML = citiescontinent[document.getElementById(\"continent\").value];}"; |
| 2182 | $timezone_js .= "var citiescontinent = ".json_encode($cities).";" ; | 2182 | $timezone_js .= "var citiescontinent = ".json_encode($cities).";" ; |
| 2183 | $timezone_js .= "</script>" ; | 2183 | $timezone_js .= "</script>" ; |
| @@ -2292,7 +2292,7 @@ function writeConfig() | |||
| 2292 | $config .= ' ?>'; | 2292 | $config .= ' ?>'; |
| 2293 | if (!file_put_contents($GLOBALS['config']['CONFIG_FILE'],$config) || strcmp(file_get_contents($GLOBALS['config']['CONFIG_FILE']),$config)!=0) | 2293 | if (!file_put_contents($GLOBALS['config']['CONFIG_FILE'],$config) || strcmp(file_get_contents($GLOBALS['config']['CONFIG_FILE']),$config)!=0) |
| 2294 | { | 2294 | { |
| 2295 | echo '<script language="JavaScript">alert("Shaarli could not create the config file. Please make sure Shaarli has the right to write in the folder is it installed in.");document.location=\'?\';</script>'; | 2295 | echo '<script>alert("Shaarli could not create the config file. Please make sure Shaarli has the right to write in the folder is it installed in.");document.location=\'?\';</script>'; |
| 2296 | exit; | 2296 | exit; |
| 2297 | } | 2297 | } |
| 2298 | } | 2298 | } |