diff options
-rw-r--r-- | application/Updater.php | 23 | ||||
-rw-r--r-- | application/config/ConfigManager.php | 64 | ||||
-rw-r--r-- | index.php | 33 |
3 files changed, 42 insertions, 78 deletions
diff --git a/application/Updater.php b/application/Updater.php index 31630ff5..db2144fe 100644 --- a/application/Updater.php +++ b/application/Updater.php | |||
@@ -191,6 +191,29 @@ class Updater | |||
191 | return false; | 191 | return false; |
192 | } | 192 | } |
193 | } | 193 | } |
194 | |||
195 | /** | ||
196 | * Escape settings which have been manually escaped in every request in previous versions: | ||
197 | * - general.title | ||
198 | * - general.header_link | ||
199 | * - extras.redirector | ||
200 | * | ||
201 | * @return bool true if the update is successful, false otherwise. | ||
202 | */ | ||
203 | public function escapeUnescapedConfig() | ||
204 | { | ||
205 | $conf = ConfigManager::getInstance(); | ||
206 | try { | ||
207 | $conf->set('general.title', escape($conf->get('general.title'))); | ||
208 | $conf->set('general.header_link', escape($conf->get('general.header_link'))); | ||
209 | $conf->set('extras.redirector', escape($conf->get('extras.redirector'))); | ||
210 | $conf->write($this->isLoggedIn); | ||
211 | } catch (Exception $e) { | ||
212 | error_log($e->getMessage()); | ||
213 | return false; | ||
214 | } | ||
215 | return true; | ||
216 | } | ||
194 | } | 217 | } |
195 | 218 | ||
196 | /** | 219 | /** |
diff --git a/application/config/ConfigManager.php b/application/config/ConfigManager.php index a663a071..c0482cf3 100644 --- a/application/config/ConfigManager.php +++ b/application/config/ConfigManager.php | |||
@@ -9,6 +9,9 @@ require_once 'ConfigJson.php'; | |||
9 | * Class ConfigManager | 9 | * Class ConfigManager |
10 | * | 10 | * |
11 | * Singleton, manages all Shaarli's settings. | 11 | * Singleton, manages all Shaarli's settings. |
12 | * See the documentation for more information on settings: | ||
13 | * - doc/Shaarli-configuration.html | ||
14 | * - https://github.com/shaarli/Shaarli/wiki/Shaarli-configuration | ||
12 | */ | 15 | */ |
13 | class ConfigManager | 16 | class ConfigManager |
14 | { | 17 | { |
@@ -286,81 +289,40 @@ class ConfigManager | |||
286 | */ | 289 | */ |
287 | protected function setDefaultValues() | 290 | protected function setDefaultValues() |
288 | { | 291 | { |
289 | // Data subdirectory | ||
290 | $this->setEmpty('path.data_dir', 'data'); | 292 | $this->setEmpty('path.data_dir', 'data'); |
291 | |||
292 | // Main configuration file | ||
293 | $this->setEmpty('path.config', 'data/config.php'); | 293 | $this->setEmpty('path.config', 'data/config.php'); |
294 | |||
295 | // Link datastore | ||
296 | $this->setEmpty('path.datastore', 'data/datastore.php'); | 294 | $this->setEmpty('path.datastore', 'data/datastore.php'); |
297 | |||
298 | // Banned IPs | ||
299 | $this->setEmpty('path.ban_file', 'data/ipbans.php'); | 295 | $this->setEmpty('path.ban_file', 'data/ipbans.php'); |
300 | |||
301 | // Processed updates file. | ||
302 | $this->setEmpty('path.updates', 'data/updates.txt'); | 296 | $this->setEmpty('path.updates', 'data/updates.txt'); |
303 | |||
304 | // Access log | ||
305 | $this->setEmpty('path.log', 'data/log.txt'); | 297 | $this->setEmpty('path.log', 'data/log.txt'); |
306 | |||
307 | // For updates check of Shaarli | ||
308 | $this->setEmpty('path.update_check', 'data/lastupdatecheck.txt'); | 298 | $this->setEmpty('path.update_check', 'data/lastupdatecheck.txt'); |
309 | |||
310 | // Set ENABLE_UPDATECHECK to disabled by default. | ||
311 | $this->setEmpty('general.check_updates', false); | ||
312 | |||
313 | // RainTPL cache directory (keep the trailing slash!) | ||
314 | $this->setEmpty('path.raintpl_tmp', 'tmp/'); | ||
315 | // Raintpl template directory (keep the trailing slash!) | ||
316 | $this->setEmpty('path.raintpl_tpl', 'tpl/'); | 299 | $this->setEmpty('path.raintpl_tpl', 'tpl/'); |
317 | 300 | $this->setEmpty('path.raintpl_tmp', 'tmp/'); | |
318 | // Thumbnail cache directory | ||
319 | $this->setEmpty('path.thumbnails_cache', 'cache'); | 301 | $this->setEmpty('path.thumbnails_cache', 'cache'); |
320 | |||
321 | // Atom & RSS feed cache directory | ||
322 | $this->setEmpty('path.page_cache', 'pagecache'); | 302 | $this->setEmpty('path.page_cache', 'pagecache'); |
323 | 303 | ||
324 | // Ban IP after this many failures | ||
325 | $this->setEmpty('security.ban_after', 4); | 304 | $this->setEmpty('security.ban_after', 4); |
326 | // Ban duration for IP address after login failures (in seconds) | ||
327 | $this->setEmpty('security.ban_after', 1800); | 305 | $this->setEmpty('security.ban_after', 1800); |
306 | $this->setEmpty('security.session_protection_disabled', false); | ||
328 | 307 | ||
329 | // Feed options | 308 | $this->setEmpty('general.check_updates', false); |
330 | // Enable RSS permalinks by default. | ||
331 | // This corresponds to the default behavior of shaarli before this was added as an option. | ||
332 | $this->setEmpty('general.rss_permalinks', true); | 309 | $this->setEmpty('general.rss_permalinks', true); |
333 | // If true, an extra "ATOM feed" button will be displayed in the toolbar | ||
334 | $this->setEmpty('extras.show_atom', false); | ||
335 | |||
336 | // Link display options | ||
337 | $this->setEmpty('extras.hide_public_links', false); | ||
338 | $this->setEmpty('extras.hide_timestamps', false); | ||
339 | $this->setEmpty('general.links_per_page', 20); | 310 | $this->setEmpty('general.links_per_page', 20); |
340 | |||
341 | // Private checkbox is checked by default | ||
342 | $this->setEmpty('general.default_private_links', false); | 311 | $this->setEmpty('general.default_private_links', false); |
343 | |||
344 | // Open Shaarli (true): anyone can add/edit/delete links without having to login | ||
345 | $this->setEmpty('extras.open_shaarli', false); | ||
346 | |||
347 | // Thumbnails | ||
348 | // Display thumbnails in links | ||
349 | $this->setEmpty('general.enable_thumbnails', true); | 312 | $this->setEmpty('general.enable_thumbnails', true); |
350 | // Store thumbnails in a local cache | ||
351 | $this->setEmpty('general.enable_localcache', true); | 313 | $this->setEmpty('general.enable_localcache', true); |
352 | |||
353 | // Update check frequency for Shaarli. 86400 seconds=24 hours | ||
354 | $this->setEmpty('general.check_updates_branch', 'stable'); | 314 | $this->setEmpty('general.check_updates_branch', 'stable'); |
355 | $this->setEmpty('general.check_updates_interval', 86400); | 315 | $this->setEmpty('general.check_updates_interval', 86400); |
316 | $this->setEmpty('general.header_link', '?'); | ||
317 | $this->setEmpty('general.enabled_plugins', array('qrcode')); | ||
356 | 318 | ||
319 | $this->setEmpty('extras.show_atom', false); | ||
320 | $this->setEmpty('extras.hide_public_links', false); | ||
321 | $this->setEmpty('extras.hide_timestamps', false); | ||
322 | $this->setEmpty('extras.open_shaarli', false); | ||
357 | $this->setEmpty('extras.redirector', ''); | 323 | $this->setEmpty('extras.redirector', ''); |
358 | $this->setEmpty('extras.redirector_encode_url', true); | 324 | $this->setEmpty('extras.redirector_encode_url', true); |
359 | 325 | ||
360 | // Enabled plugins. | ||
361 | $this->setEmpty('general.enabled_plugins', array('qrcode')); | ||
362 | |||
363 | // Initialize plugin parameters array. | ||
364 | $this->setEmpty('plugins', array()); | 326 | $this->setEmpty('plugins', array()); |
365 | } | 327 | } |
366 | 328 | ||
@@ -370,7 +332,7 @@ class ConfigManager | |||
370 | * @param string $key Setting key. | 332 | * @param string $key Setting key. |
371 | * @param mixed $value Setting value. | 333 | * @param mixed $value Setting value. |
372 | */ | 334 | */ |
373 | protected function setEmpty($key, $value) | 335 | public function setEmpty($key, $value) |
374 | { | 336 | { |
375 | if (! $this->exists($key)) { | 337 | if (! $this->exists($key)) { |
376 | $this->set($key, $value); | 338 | $this->set($key, $value); |
@@ -106,7 +106,8 @@ if (isset($_COOKIE['shaarli']) && !is_session_id_valid($_COOKIE['shaarli'])) { | |||
106 | } | 106 | } |
107 | 107 | ||
108 | $conf = ConfigManager::getInstance(); | 108 | $conf = ConfigManager::getInstance(); |
109 | 109 | $conf->setEmpty('general.timezone', date_default_timezone_get()); | |
110 | $conf->setEmpty('general.title', 'Shared links on '. escape(index_url($_SERVER))); | ||
110 | RainTPL::$tpl_dir = $conf->get('path.raintpl_tpl'); // template directory | 111 | RainTPL::$tpl_dir = $conf->get('path.raintpl_tpl'); // template directory |
111 | RainTPL::$cache_dir = $conf->get('path.raintpl_tmp'); // cache directory | 112 | RainTPL::$cache_dir = $conf->get('path.raintpl_tmp'); // cache directory |
112 | 113 | ||
@@ -132,23 +133,6 @@ header("Cache-Control: no-store, no-cache, must-revalidate"); | |||
132 | header("Cache-Control: post-check=0, pre-check=0", false); | 133 | header("Cache-Control: post-check=0, pre-check=0", false); |
133 | header("Pragma: no-cache"); | 134 | header("Pragma: no-cache"); |
134 | 135 | ||
135 | // Handling of old config file which do not have the new parameters. | ||
136 | if (! $conf->exists('general.title')) { | ||
137 | $conf->set('general.title', 'Shared links on '. escape(index_url($_SERVER))); | ||
138 | } | ||
139 | if (! $conf->exists('general.timezone')) { | ||
140 | $conf->set('general.timezone', date_default_timezone_get()); | ||
141 | } | ||
142 | if (! $conf->exists('security.session_protection_disabled')) { | ||
143 | $conf->set('security.session_protection_disabled', false); | ||
144 | } | ||
145 | if (! $conf->exists('general.default_private_links')) { | ||
146 | $conf->set('general.default_private_links', false); | ||
147 | } | ||
148 | if (! $conf->exists('general.header_link')) { | ||
149 | $conf->set('general.header_link', '?'); | ||
150 | } | ||
151 | |||
152 | if (! is_file($conf->getConfigFile())) { | 136 | if (! is_file($conf->getConfigFile())) { |
153 | // Ensure Shaarli has proper access to its resources | 137 | // Ensure Shaarli has proper access to its resources |
154 | $errors = ApplicationUtils::checkResourcePermissions(); | 138 | $errors = ApplicationUtils::checkResourcePermissions(); |
@@ -170,11 +154,6 @@ if (! is_file($conf->getConfigFile())) { | |||
170 | install(); | 154 | install(); |
171 | } | 155 | } |
172 | 156 | ||
173 | // FIXME! Update these value with Updater and escpae it during the install/config save. | ||
174 | $conf->set('general.title', escape($conf->get('general.title'))); | ||
175 | $conf->set('general.header_link', escape($conf->get('general.header_link'))); | ||
176 | $conf->set('extras.redirector', escape($conf->get('extras.redirector'))); | ||
177 | |||
178 | // a token depending of deployment salt, user password, and the current ip | 157 | // a token depending of deployment salt, user password, and the current ip |
179 | define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); | 158 | define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); |
180 | 159 | ||
@@ -1101,9 +1080,9 @@ function renderPage() | |||
1101 | $tz = $_POST['continent'] . '/' . $_POST['city']; | 1080 | $tz = $_POST['continent'] . '/' . $_POST['city']; |
1102 | } | 1081 | } |
1103 | $conf->set('general.timezone', $tz); | 1082 | $conf->set('general.timezone', $tz); |
1104 | $conf->set('general.title', $_POST['title']); | 1083 | $conf->set('general.title', escape($_POST['title'])); |
1105 | $conf->set('general.header_link', $_POST['titleLink']); | 1084 | $conf->set('general.header_link', escape($_POST['titleLink'])); |
1106 | $conf->set('extras.redirector', $_POST['redirector']); | 1085 | $conf->set('extras.redirector', escape($_POST['redirector'])); |
1107 | $conf->set('security.session_protection_disabled', !empty($_POST['disablesessionprotection'])); | 1086 | $conf->set('security.session_protection_disabled', !empty($_POST['disablesessionprotection'])); |
1108 | $conf->set('general.default_private_links', !empty($_POST['privateLinkByDefault'])); | 1087 | $conf->set('general.default_private_links', !empty($_POST['privateLinkByDefault'])); |
1109 | $conf->set('general.rss_permalinks', !empty($_POST['enableRssPermalinks'])); | 1088 | $conf->set('general.rss_permalinks', !empty($_POST['enableRssPermalinks'])); |
@@ -1951,7 +1930,7 @@ function install() | |||
1951 | $conf->set('credentials.salt', $salt); | 1930 | $conf->set('credentials.salt', $salt); |
1952 | $conf->set('credentials.hash', sha1($_POST['setpassword'] . $login . $salt)); | 1931 | $conf->set('credentials.hash', sha1($_POST['setpassword'] . $login . $salt)); |
1953 | if (!empty($_POST['title'])) { | 1932 | if (!empty($_POST['title'])) { |
1954 | $conf->set('general.title', $_POST['title']); | 1933 | $conf->set('general.title', escape($_POST['title'])); |
1955 | } else { | 1934 | } else { |
1956 | $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER))); | 1935 | $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER))); |
1957 | } | 1936 | } |