aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--application/Updater.php23
-rw-r--r--application/config/ConfigManager.php64
-rw-r--r--index.php33
3 files changed, 42 insertions, 78 deletions
diff --git a/application/Updater.php b/application/Updater.php
index 31630ff5..db2144fe 100644
--- a/application/Updater.php
+++ b/application/Updater.php
@@ -191,6 +191,29 @@ class Updater
191 return false; 191 return false;
192 } 192 }
193 } 193 }
194
195 /**
196 * Escape settings which have been manually escaped in every request in previous versions:
197 * - general.title
198 * - general.header_link
199 * - extras.redirector
200 *
201 * @return bool true if the update is successful, false otherwise.
202 */
203 public function escapeUnescapedConfig()
204 {
205 $conf = ConfigManager::getInstance();
206 try {
207 $conf->set('general.title', escape($conf->get('general.title')));
208 $conf->set('general.header_link', escape($conf->get('general.header_link')));
209 $conf->set('extras.redirector', escape($conf->get('extras.redirector')));
210 $conf->write($this->isLoggedIn);
211 } catch (Exception $e) {
212 error_log($e->getMessage());
213 return false;
214 }
215 return true;
216 }
194} 217}
195 218
196/** 219/**
diff --git a/application/config/ConfigManager.php b/application/config/ConfigManager.php
index a663a071..c0482cf3 100644
--- a/application/config/ConfigManager.php
+++ b/application/config/ConfigManager.php
@@ -9,6 +9,9 @@ require_once 'ConfigJson.php';
9 * Class ConfigManager 9 * Class ConfigManager
10 * 10 *
11 * Singleton, manages all Shaarli's settings. 11 * Singleton, manages all Shaarli's settings.
12 * See the documentation for more information on settings:
13 * - doc/Shaarli-configuration.html
14 * - https://github.com/shaarli/Shaarli/wiki/Shaarli-configuration
12 */ 15 */
13class ConfigManager 16class ConfigManager
14{ 17{
@@ -286,81 +289,40 @@ class ConfigManager
286 */ 289 */
287 protected function setDefaultValues() 290 protected function setDefaultValues()
288 { 291 {
289 // Data subdirectory
290 $this->setEmpty('path.data_dir', 'data'); 292 $this->setEmpty('path.data_dir', 'data');
291
292 // Main configuration file
293 $this->setEmpty('path.config', 'data/config.php'); 293 $this->setEmpty('path.config', 'data/config.php');
294
295 // Link datastore
296 $this->setEmpty('path.datastore', 'data/datastore.php'); 294 $this->setEmpty('path.datastore', 'data/datastore.php');
297
298 // Banned IPs
299 $this->setEmpty('path.ban_file', 'data/ipbans.php'); 295 $this->setEmpty('path.ban_file', 'data/ipbans.php');
300
301 // Processed updates file.
302 $this->setEmpty('path.updates', 'data/updates.txt'); 296 $this->setEmpty('path.updates', 'data/updates.txt');
303
304 // Access log
305 $this->setEmpty('path.log', 'data/log.txt'); 297 $this->setEmpty('path.log', 'data/log.txt');
306
307 // For updates check of Shaarli
308 $this->setEmpty('path.update_check', 'data/lastupdatecheck.txt'); 298 $this->setEmpty('path.update_check', 'data/lastupdatecheck.txt');
309
310 // Set ENABLE_UPDATECHECK to disabled by default.
311 $this->setEmpty('general.check_updates', false);
312
313 // RainTPL cache directory (keep the trailing slash!)
314 $this->setEmpty('path.raintpl_tmp', 'tmp/');
315 // Raintpl template directory (keep the trailing slash!)
316 $this->setEmpty('path.raintpl_tpl', 'tpl/'); 299 $this->setEmpty('path.raintpl_tpl', 'tpl/');
317 300 $this->setEmpty('path.raintpl_tmp', 'tmp/');
318 // Thumbnail cache directory
319 $this->setEmpty('path.thumbnails_cache', 'cache'); 301 $this->setEmpty('path.thumbnails_cache', 'cache');
320
321 // Atom & RSS feed cache directory
322 $this->setEmpty('path.page_cache', 'pagecache'); 302 $this->setEmpty('path.page_cache', 'pagecache');
323 303
324 // Ban IP after this many failures
325 $this->setEmpty('security.ban_after', 4); 304 $this->setEmpty('security.ban_after', 4);
326 // Ban duration for IP address after login failures (in seconds)
327 $this->setEmpty('security.ban_after', 1800); 305 $this->setEmpty('security.ban_after', 1800);
306 $this->setEmpty('security.session_protection_disabled', false);
328 307
329 // Feed options 308 $this->setEmpty('general.check_updates', false);
330 // Enable RSS permalinks by default.
331 // This corresponds to the default behavior of shaarli before this was added as an option.
332 $this->setEmpty('general.rss_permalinks', true); 309 $this->setEmpty('general.rss_permalinks', true);
333 // If true, an extra "ATOM feed" button will be displayed in the toolbar
334 $this->setEmpty('extras.show_atom', false);
335
336 // Link display options
337 $this->setEmpty('extras.hide_public_links', false);
338 $this->setEmpty('extras.hide_timestamps', false);
339 $this->setEmpty('general.links_per_page', 20); 310 $this->setEmpty('general.links_per_page', 20);
340
341 // Private checkbox is checked by default
342 $this->setEmpty('general.default_private_links', false); 311 $this->setEmpty('general.default_private_links', false);
343
344 // Open Shaarli (true): anyone can add/edit/delete links without having to login
345 $this->setEmpty('extras.open_shaarli', false);
346
347 // Thumbnails
348 // Display thumbnails in links
349 $this->setEmpty('general.enable_thumbnails', true); 312 $this->setEmpty('general.enable_thumbnails', true);
350 // Store thumbnails in a local cache
351 $this->setEmpty('general.enable_localcache', true); 313 $this->setEmpty('general.enable_localcache', true);
352
353 // Update check frequency for Shaarli. 86400 seconds=24 hours
354 $this->setEmpty('general.check_updates_branch', 'stable'); 314 $this->setEmpty('general.check_updates_branch', 'stable');
355 $this->setEmpty('general.check_updates_interval', 86400); 315 $this->setEmpty('general.check_updates_interval', 86400);
316 $this->setEmpty('general.header_link', '?');
317 $this->setEmpty('general.enabled_plugins', array('qrcode'));
356 318
319 $this->setEmpty('extras.show_atom', false);
320 $this->setEmpty('extras.hide_public_links', false);
321 $this->setEmpty('extras.hide_timestamps', false);
322 $this->setEmpty('extras.open_shaarli', false);
357 $this->setEmpty('extras.redirector', ''); 323 $this->setEmpty('extras.redirector', '');
358 $this->setEmpty('extras.redirector_encode_url', true); 324 $this->setEmpty('extras.redirector_encode_url', true);
359 325
360 // Enabled plugins.
361 $this->setEmpty('general.enabled_plugins', array('qrcode'));
362
363 // Initialize plugin parameters array.
364 $this->setEmpty('plugins', array()); 326 $this->setEmpty('plugins', array());
365 } 327 }
366 328
@@ -370,7 +332,7 @@ class ConfigManager
370 * @param string $key Setting key. 332 * @param string $key Setting key.
371 * @param mixed $value Setting value. 333 * @param mixed $value Setting value.
372 */ 334 */
373 protected function setEmpty($key, $value) 335 public function setEmpty($key, $value)
374 { 336 {
375 if (! $this->exists($key)) { 337 if (! $this->exists($key)) {
376 $this->set($key, $value); 338 $this->set($key, $value);
diff --git a/index.php b/index.php
index 9546ee15..ac4a680d 100644
--- a/index.php
+++ b/index.php
@@ -106,7 +106,8 @@ if (isset($_COOKIE['shaarli']) && !is_session_id_valid($_COOKIE['shaarli'])) {
106} 106}
107 107
108$conf = ConfigManager::getInstance(); 108$conf = ConfigManager::getInstance();
109 109$conf->setEmpty('general.timezone', date_default_timezone_get());
110$conf->setEmpty('general.title', 'Shared links on '. escape(index_url($_SERVER)));
110RainTPL::$tpl_dir = $conf->get('path.raintpl_tpl'); // template directory 111RainTPL::$tpl_dir = $conf->get('path.raintpl_tpl'); // template directory
111RainTPL::$cache_dir = $conf->get('path.raintpl_tmp'); // cache directory 112RainTPL::$cache_dir = $conf->get('path.raintpl_tmp'); // cache directory
112 113
@@ -132,23 +133,6 @@ header("Cache-Control: no-store, no-cache, must-revalidate");
132header("Cache-Control: post-check=0, pre-check=0", false); 133header("Cache-Control: post-check=0, pre-check=0", false);
133header("Pragma: no-cache"); 134header("Pragma: no-cache");
134 135
135// Handling of old config file which do not have the new parameters.
136if (! $conf->exists('general.title')) {
137 $conf->set('general.title', 'Shared links on '. escape(index_url($_SERVER)));
138}
139if (! $conf->exists('general.timezone')) {
140 $conf->set('general.timezone', date_default_timezone_get());
141}
142if (! $conf->exists('security.session_protection_disabled')) {
143 $conf->set('security.session_protection_disabled', false);
144}
145if (! $conf->exists('general.default_private_links')) {
146 $conf->set('general.default_private_links', false);
147}
148if (! $conf->exists('general.header_link')) {
149 $conf->set('general.header_link', '?');
150}
151
152if (! is_file($conf->getConfigFile())) { 136if (! is_file($conf->getConfigFile())) {
153 // Ensure Shaarli has proper access to its resources 137 // Ensure Shaarli has proper access to its resources
154 $errors = ApplicationUtils::checkResourcePermissions(); 138 $errors = ApplicationUtils::checkResourcePermissions();
@@ -170,11 +154,6 @@ if (! is_file($conf->getConfigFile())) {
170 install(); 154 install();
171} 155}
172 156
173// FIXME! Update these value with Updater and escpae it during the install/config save.
174$conf->set('general.title', escape($conf->get('general.title')));
175$conf->set('general.header_link', escape($conf->get('general.header_link')));
176$conf->set('extras.redirector', escape($conf->get('extras.redirector')));
177
178// a token depending of deployment salt, user password, and the current ip 157// a token depending of deployment salt, user password, and the current ip
179define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); 158define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
180 159
@@ -1101,9 +1080,9 @@ function renderPage()
1101 $tz = $_POST['continent'] . '/' . $_POST['city']; 1080 $tz = $_POST['continent'] . '/' . $_POST['city'];
1102 } 1081 }
1103 $conf->set('general.timezone', $tz); 1082 $conf->set('general.timezone', $tz);
1104 $conf->set('general.title', $_POST['title']); 1083 $conf->set('general.title', escape($_POST['title']));
1105 $conf->set('general.header_link', $_POST['titleLink']); 1084 $conf->set('general.header_link', escape($_POST['titleLink']));
1106 $conf->set('extras.redirector', $_POST['redirector']); 1085 $conf->set('extras.redirector', escape($_POST['redirector']));
1107 $conf->set('security.session_protection_disabled', !empty($_POST['disablesessionprotection'])); 1086 $conf->set('security.session_protection_disabled', !empty($_POST['disablesessionprotection']));
1108 $conf->set('general.default_private_links', !empty($_POST['privateLinkByDefault'])); 1087 $conf->set('general.default_private_links', !empty($_POST['privateLinkByDefault']));
1109 $conf->set('general.rss_permalinks', !empty($_POST['enableRssPermalinks'])); 1088 $conf->set('general.rss_permalinks', !empty($_POST['enableRssPermalinks']));
@@ -1951,7 +1930,7 @@ function install()
1951 $conf->set('credentials.salt', $salt); 1930 $conf->set('credentials.salt', $salt);
1952 $conf->set('credentials.hash', sha1($_POST['setpassword'] . $login . $salt)); 1931 $conf->set('credentials.hash', sha1($_POST['setpassword'] . $login . $salt));
1953 if (!empty($_POST['title'])) { 1932 if (!empty($_POST['title'])) {
1954 $conf->set('general.title', $_POST['title']); 1933 $conf->set('general.title', escape($_POST['title']));
1955 } else { 1934 } else {
1956 $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER))); 1935 $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER)));
1957 } 1936 }