5 files changed, 755 insertions, 0 deletions

diff --git a/application/config/ConfigIO.php b/application/config/ConfigIO.php
new file mode 100644
index 00000000..2b68fe6a
--- /dev/null
+++ b/application/config/ConfigIO.php
@@ -0,0 +1,33 @@
+<?php
+
+/**
+ * Interface ConfigIO
+ *
+ * This describes how Config types should store their configuration.
+ */
+interface ConfigIO
+{
+    /**
+     * Read configuration.
+     *
+     * @param string $filepath Config file absolute path.
+     *
+     * @return array All configuration in an array.
+     */
+    function read($filepath);
+
+    /**
+     * Write configuration.
+     *
+     * @param string $filepath Config file absolute path.
+     * @param array  $conf   All configuration in an array.
+     */
+    function write($filepath, $conf);
+
+    /**
+     * Get config file extension according to config type.
+     *
+     * @return string Config file extension.
+     */
+    function getExtension();
+}
diff --git a/application/config/ConfigJson.php b/application/config/ConfigJson.php
new file mode 100644
index 00000000..d07fefee
--- /dev/null
+++ b/application/config/ConfigJson.php
@@ -0,0 +1,78 @@
+<?php
+
+/**
+ * Class ConfigJson (ConfigIO implementation)
+ *
+ * Handle Shaarli's JSON configuration file.
+ */
+class ConfigJson implements ConfigIO
+{
+    /**
+     * @inheritdoc
+     */
+    function read($filepath)
+    {
+        if (! is_readable($filepath)) {
+            return array();
+        }
+        $data = file_get_contents($filepath);
+        $data = str_replace(self::getPhpHeaders(), '', $data);
+        $data = str_replace(self::getPhpSuffix(), '', $data);
+        $data = json_decode($data, true);
+        if ($data === null) {
+            $error = json_last_error();
+            throw new Exception('An error occured while parsing JSON file: error code #'. $error);
+        }
+        return $data;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    function write($filepath, $conf)
+    {
+        // JSON_PRETTY_PRINT is available from PHP 5.4.
+        $print = defined('JSON_PRETTY_PRINT') ? JSON_PRETTY_PRINT : 0;
+        $data = self::getPhpHeaders() . json_encode($conf, $print) . self::getPhpSuffix();
+        if (!file_put_contents($filepath, $data)) {
+            throw new IOException(
+                $filepath,
+                'Shaarli could not create the config file.
+                Please make sure Shaarli has the right to write in the folder is it installed in.'
+            );
+        }
+    }
+
+    /**
+     * @inheritdoc
+     */
+    function getExtension()
+    {
+        return '.json.php';
+    }
+
+    /**
+     * The JSON data is wrapped in a PHP file for security purpose.
+     * This way, even if the file is accessible, credentials and configuration won't be exposed.
+     *
+     * Note: this isn't a static field because concatenation isn't supported in field declaration before PHP 5.6.
+     *
+     * @return string PHP start tag and comment tag.
+     */
+    public static function getPhpHeaders()
+    {
+        return '<?php /*'. PHP_EOL;
+    }
+
+    /**
+     * Get PHP comment closing tags.
+     *
+     * Static method for consistency with getPhpHeaders.
+     *
+     * @return string PHP comment closing.
+     */
+    public static function getPhpSuffix()
+    {
+        return PHP_EOL . '*/ ?>';
+    }
+}
diff --git a/application/config/ConfigManager.php b/application/config/ConfigManager.php
new file mode 100644
index 00000000..ff41772a
--- /dev/null
+++ b/application/config/ConfigManager.php
@@ -0,0 +1,392 @@
+<?php
+
+// FIXME! Namespaces...
+require_once 'ConfigIO.php';
+require_once 'ConfigJson.php';
+require_once 'ConfigPhp.php';
+
+/**
+ * Class ConfigManager
+ *
+ * Manages all Shaarli's settings.
+ * See the documentation for more information on settings:
+ *   - doc/Shaarli-configuration.html
+ *   - https://github.com/shaarli/Shaarli/wiki/Shaarli-configuration
+ */
+class ConfigManager
+{
+    /**
+     * @var string Flag telling a setting is not found.
+     */
+    protected static $NOT_FOUND = 'NOT_FOUND';
+
+    /**
+     * @var string Config folder.
+     */
+    protected $configFile;
+
+    /**
+     * @var array Loaded config array.
+     */
+    protected $loadedConfig;
+
+    /**
+     * @var ConfigIO implementation instance.
+     */
+    protected $configIO;
+
+    /**
+     * Constructor.
+     */
+    public function __construct($configFile = 'data/config')
+    {
+        $this->configFile = $configFile;
+        $this->initialize();
+    }
+
+    /**
+     * Reset the ConfigManager instance.
+     */
+    public function reset()
+    {
+        $this->initialize();
+    }
+
+    /**
+     * Rebuild the loaded config array from config files.
+     */
+    public function reload()
+    {
+        $this->load();
+    }
+
+    /**
+     * Initialize the ConfigIO and loaded the conf.
+     */
+    protected function initialize()
+    {
+        if (file_exists($this->configFile . '.php')) {
+            $this->configIO = new ConfigPhp();
+        } else {
+            $this->configIO = new ConfigJson();
+        }
+        $this->load();
+    }
+
+    /**
+     * Load configuration in the ConfigurationManager.
+     */
+    protected function load()
+    {
+        $this->loadedConfig = $this->configIO->read($this->getConfigFileExt());
+        $this->setDefaultValues();
+    }
+
+    /**
+     * Get a setting.
+     *
+     * Supports nested settings with dot separated keys.
+     * Eg. 'config.stuff.option' will find $conf[config][stuff][option],
+     * or in JSON:
+     *   { "config": { "stuff": {"option": "mysetting" } } } }
+     *
+     * @param string $setting Asked setting, keys separated with dots.
+     * @param string $default Default value if not found.
+     *
+     * @return mixed Found setting, or the default value.
+     */
+    public function get($setting, $default = '')
+    {
+        // During the ConfigIO transition, map legacy settings to the new ones.
+        if ($this->configIO instanceof ConfigPhp && isset(ConfigPhp::$LEGACY_KEYS_MAPPING[$setting])) {
+            $setting = ConfigPhp::$LEGACY_KEYS_MAPPING[$setting];
+        }
+
+        $settings = explode('.', $setting);
+        $value = self::getConfig($settings, $this->loadedConfig);
+        if ($value === self::$NOT_FOUND) {
+            return $default;
+        }
+        return $value;
+    }
+
+    /**
+     * Set a setting, and eventually write it.
+     *
+     * Supports nested settings with dot separated keys.
+     *
+     * @param string $setting    Asked setting, keys separated with dots.
+     * @param string $value      Value to set.
+     * @param bool   $write      Write the new setting in the config file, default false.
+     * @param bool   $isLoggedIn User login state, default false.
+     *
+     * @throws Exception Invalid
+     */
+    public function set($setting, $value, $write = false, $isLoggedIn = false)
+    {
+        if (empty($setting) || ! is_string($setting)) {
+            throw new Exception('Invalid setting key parameter. String expected, got: '. gettype($setting));
+        }
+
+        // During the ConfigIO transition, map legacy settings to the new ones.
+        if ($this->configIO instanceof ConfigPhp && isset(ConfigPhp::$LEGACY_KEYS_MAPPING[$setting])) {
+            $setting = ConfigPhp::$LEGACY_KEYS_MAPPING[$setting];
+        }
+
+        $settings = explode('.', $setting);
+        self::setConfig($settings, $value, $this->loadedConfig);
+        if ($write) {
+            $this->write($isLoggedIn);
+        }
+    }
+
+    /**
+     * Check if a settings exists.
+     *
+     * Supports nested settings with dot separated keys.
+     *
+     * @param string $setting    Asked setting, keys separated with dots.
+     *
+     * @return bool true if the setting exists, false otherwise.
+     */
+    public function exists($setting)
+    {
+        // During the ConfigIO transition, map legacy settings to the new ones.
+        if ($this->configIO instanceof ConfigPhp && isset(ConfigPhp::$LEGACY_KEYS_MAPPING[$setting])) {
+            $setting = ConfigPhp::$LEGACY_KEYS_MAPPING[$setting];
+        }
+
+        $settings = explode('.', $setting);
+        $value = self::getConfig($settings, $this->loadedConfig);
+        if ($value === self::$NOT_FOUND) {
+            return false;
+        }
+        return true;
+    }
+
+    /**
+     * Call the config writer.
+     *
+     * @param bool $isLoggedIn User login state.
+     *
+     * @return bool True if the configuration has been successfully written, false otherwise.
+     *
+     * @throws MissingFieldConfigException: a mandatory field has not been provided in $conf.
+     * @throws UnauthorizedConfigException: user is not authorize to change configuration.
+     * @throws IOException: an error occurred while writing the new config file.
+     */
+    public function write($isLoggedIn)
+    {
+        // These fields are required in configuration.
+        $mandatoryFields = array(
+            'credentials.login',
+            'credentials.hash',
+            'credentials.salt',
+            'security.session_protection_disabled',
+            'general.timezone',
+            'general.title',
+            'general.header_link',
+            'privacy.default_private_links',
+            'redirector.url',
+        );
+
+        // Only logged in user can alter config.
+        if (is_file($this->getConfigFileExt()) && !$isLoggedIn) {
+            throw new UnauthorizedConfigException();
+        }
+
+        // Check that all mandatory fields are provided in $conf.
+        foreach ($mandatoryFields as $field) {
+            if (! $this->exists($field)) {
+                throw new MissingFieldConfigException($field);
+            }
+        }
+
+        return $this->configIO->write($this->getConfigFileExt(), $this->loadedConfig);
+    }
+
+    /**
+     * Set the config file path (without extension).
+     *
+     * @param string $configFile File path.
+     */
+    public function setConfigFile($configFile)
+    {
+        $this->configFile = $configFile;
+    }
+
+    /**
+     * Return the configuration file path (without extension).
+     *
+     * @return string Config path.
+     */
+    public function getConfigFile()
+    {
+        return $this->configFile;
+    }
+
+    /**
+     * Get the configuration file path with its extension.
+     *
+     * @return string Config file path.
+     */
+    public function getConfigFileExt()
+    {
+        return $this->configFile . $this->configIO->getExtension();
+    }
+
+    /**
+     * Recursive function which find asked setting in the loaded config.
+     *
+     * @param array $settings Ordered array which contains keys to find.
+     * @param array $conf   Loaded settings, then sub-array.
+     *
+     * @return mixed Found setting or NOT_FOUND flag.
+     */
+    protected static function getConfig($settings, $conf)
+    {
+        if (!is_array($settings) || count($settings) == 0) {
+            return self::$NOT_FOUND;
+        }
+
+        $setting = array_shift($settings);
+        if (!isset($conf[$setting])) {
+            return self::$NOT_FOUND;
+        }
+
+        if (count($settings) > 0) {
+            return self::getConfig($settings, $conf[$setting]);
+        }
+        return $conf[$setting];
+    }
+
+    /**
+     * Recursive function which find asked setting in the loaded config.
+     *
+     * @param array $settings Ordered array which contains keys to find.
+     * @param mixed $value
+     * @param array $conf   Loaded settings, then sub-array.
+     *
+     * @return mixed Found setting or NOT_FOUND flag.
+     */
+    protected static function setConfig($settings, $value, &$conf)
+    {
+        if (!is_array($settings) || count($settings) == 0) {
+            return self::$NOT_FOUND;
+        }
+
+        $setting = array_shift($settings);
+        if (count($settings) > 0) {
+            return self::setConfig($settings, $value, $conf[$setting]);
+        }
+        $conf[$setting] = $value;
+    }
+
+    /**
+     * Set a bunch of default values allowing Shaarli to start without a config file.
+     */
+    protected function setDefaultValues()
+    {
+        $this->setEmpty('resource.data_dir', 'data');
+        $this->setEmpty('resource.config', 'data/config.php');
+        $this->setEmpty('resource.datastore', 'data/datastore.php');
+        $this->setEmpty('resource.ban_file', 'data/ipbans.php');
+        $this->setEmpty('resource.updates', 'data/updates.txt');
+        $this->setEmpty('resource.log', 'data/log.txt');
+        $this->setEmpty('resource.update_check', 'data/lastupdatecheck.txt');
+        $this->setEmpty('resource.raintpl_tpl', 'tpl/');
+        $this->setEmpty('resource.raintpl_tmp', 'tmp/');
+        $this->setEmpty('resource.thumbnails_cache', 'cache');
+        $this->setEmpty('resource.page_cache', 'pagecache');
+
+        $this->setEmpty('security.ban_after', 4);
+        $this->setEmpty('security.ban_duration', 1800);
+        $this->setEmpty('security.session_protection_disabled', false);
+        $this->setEmpty('security.open_shaarli', false);
+
+        $this->setEmpty('general.header_link', '?');
+        $this->setEmpty('general.links_per_page', 20);
+        $this->setEmpty('general.enabled_plugins', array('qrcode'));
+
+        $this->setEmpty('updates.check_updates', false);
+        $this->setEmpty('updates.check_updates_branch', 'stable');
+        $this->setEmpty('updates.check_updates_interval', 86400);
+
+        $this->setEmpty('feed.rss_permalinks', true);
+        $this->setEmpty('feed.show_atom', false);
+
+        $this->setEmpty('privacy.default_private_links', false);
+        $this->setEmpty('privacy.hide_public_links', false);
+        $this->setEmpty('privacy.hide_timestamps', false);
+
+        $this->setEmpty('thumbnail.enable_thumbnails', true);
+        $this->setEmpty('thumbnail.enable_localcache', true);
+
+        $this->setEmpty('redirector.url', '');
+        $this->setEmpty('redirector.encode_url', true);
+
+        $this->setEmpty('plugins', array());
+    }
+
+    /**
+     * Set only if the setting does not exists.
+     *
+     * @param string $key   Setting key.
+     * @param mixed  $value Setting value.
+     */
+    public function setEmpty($key, $value)
+    {
+        if (! $this->exists($key)) {
+            $this->set($key, $value);
+        }
+    }
+
+    /**
+     * @return ConfigIO
+     */
+    public function getConfigIO()
+    {
+        return $this->configIO;
+    }
+
+    /**
+     * @param ConfigIO $configIO
+     */
+    public function setConfigIO($configIO)
+    {
+        $this->configIO = $configIO;
+    }
+}
+
+/**
+ * Exception used if a mandatory field is missing in given configuration.
+ */
+class MissingFieldConfigException extends Exception
+{
+    public $field;
+
+    /**
+     * Construct exception.
+     *
+     * @param string $field field name missing.
+     */
+    public function __construct($field)
+    {
+        $this->field = $field;
+        $this->message = 'Configuration value is required for '. $this->field;
+    }
+}
+
+/**
+ * Exception used if an unauthorized attempt to edit configuration has been made.
+ */
+class UnauthorizedConfigException extends Exception
+{
+    /**
+     * Construct exception.
+     */
+    public function __construct()
+    {
+        $this->message = 'You are not authorized to alter config.';
+    }
+}
diff --git a/application/config/ConfigPhp.php b/application/config/ConfigPhp.php
new file mode 100644
index 00000000..27187b66
--- /dev/null
+++ b/application/config/ConfigPhp.php
@@ -0,0 +1,132 @@
+<?php
+
+/**
+ * Class ConfigPhp (ConfigIO implementation)
+ *
+ * Handle Shaarli's legacy PHP configuration file.
+ * Note: this is only designed to support the transition to JSON configuration.
+ */
+class ConfigPhp implements ConfigIO
+{
+    /**
+     * @var array List of config key without group.
+     */
+    public static $ROOT_KEYS = array(
+        'login',
+        'hash',
+        'salt',
+        'timezone',
+        'title',
+        'titleLink',
+        'redirector',
+        'disablesessionprotection',
+        'privateLinkByDefault',
+    );
+
+    /**
+     * Map legacy config keys with the new ones.
+     * If ConfigPhp is used, getting <newkey> will actually look for <legacykey>.
+     * The Updater will use this array to transform keys when switching to JSON.
+     *
+     * @var array current key => legacy key.
+     */
+    public static $LEGACY_KEYS_MAPPING = array(
+        'credentials.login' => 'login',
+        'credentials.hash' => 'hash',
+        'credentials.salt' => 'salt',
+        'resource.data_dir' => 'config.DATADIR',
+        'resource.config' => 'config.CONFIG_FILE',
+        'resource.datastore' => 'config.DATASTORE',
+        'resource.updates' => 'config.UPDATES_FILE',
+        'resource.log' => 'config.LOG_FILE',
+        'resource.update_check' => 'config.UPDATECHECK_FILENAME',
+        'resource.raintpl_tpl' => 'config.RAINTPL_TPL',
+        'resource.raintpl_tmp' => 'config.RAINTPL_TMP',
+        'resource.thumbnails_cache' => 'config.CACHEDIR',
+        'resource.page_cache' => 'config.PAGECACHE',
+        'resource.ban_file' => 'config.IPBANS_FILENAME',
+        'security.session_protection_disabled' => 'disablesessionprotection',
+        'security.ban_after' => 'config.BAN_AFTER',
+        'security.ban_duration' => 'config.BAN_DURATION',
+        'general.title' => 'title',
+        'general.timezone' => 'timezone',
+        'general.header_link' => 'titleLink',
+        'updates.check_updates' => 'config.ENABLE_UPDATECHECK',
+        'updates.check_updates_branch' => 'config.UPDATECHECK_BRANCH',
+        'updates.check_updates_interval' => 'config.UPDATECHECK_INTERVAL',
+        'privacy.default_private_links' => 'privateLinkByDefault',
+        'feed.rss_permalinks' => 'config.ENABLE_RSS_PERMALINKS',
+        'general.links_per_page' => 'config.LINKS_PER_PAGE',
+        'thumbnail.enable_thumbnails' => 'config.ENABLE_THUMBNAILS',
+        'thumbnail.enable_localcache' => 'config.ENABLE_LOCALCACHE',
+        'general.enabled_plugins' => 'config.ENABLED_PLUGINS',
+        'redirector.url' => 'redirector',
+        'redirector.encode_url' => 'config.REDIRECTOR_URLENCODE',
+        'feed.show_atom' => 'config.SHOW_ATOM',
+        'privacy.hide_public_links' => 'config.HIDE_PUBLIC_LINKS',
+        'privacy.hide_timestamps' => 'config.HIDE_TIMESTAMPS',
+        'security.open_shaarli' => 'config.OPEN_SHAARLI',
+    );
+
+    /**
+     * @inheritdoc
+     */
+    function read($filepath)
+    {
+        if (! file_exists($filepath) || ! is_readable($filepath)) {
+            return array();
+        }
+
+        include $filepath;
+
+        $out = array();
+        foreach (self::$ROOT_KEYS as $key) {
+            $out[$key] = $GLOBALS[$key];
+        }
+        $out['config'] = $GLOBALS['config'];
+        $out['plugins'] = !empty($GLOBALS['plugins']) ? $GLOBALS['plugins'] : array();
+        return $out;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    function write($filepath, $conf)
+    {
+        $configStr = '<?php '. PHP_EOL;
+        foreach (self::$ROOT_KEYS as $key) {
+            if (isset($conf[$key])) {
+                $configStr .= '$GLOBALS[\'' . $key . '\'] = ' . var_export($conf[$key], true) . ';' . PHP_EOL;
+            }
+        }
+        
+        // Store all $conf['config']
+        foreach ($conf['config'] as $key => $value) {
+            $configStr .= '$GLOBALS[\'config\'][\''. $key .'\'] = '.var_export($conf['config'][$key], true).';'. PHP_EOL;
+        }
+
+        if (isset($conf['plugins'])) {
+            foreach ($conf['plugins'] as $key => $value) {
+                $configStr .= '$GLOBALS[\'plugins\'][\''. $key .'\'] = '.var_export($conf['plugins'][$key], true).';'. PHP_EOL;
+            }
+        }
+
+        if (!file_put_contents($filepath, $configStr)
+            || strcmp(file_get_contents($filepath), $configStr) != 0
+        ) {
+            throw new IOException(
+                $filepath,
+                'Shaarli could not create the config file.
+                Please make sure Shaarli has the right to write in the folder is it installed in.'
+            );
+        }
+    }
+
+    /**
+     * @inheritdoc
+     */
+    function getExtension()
+    {
+        return '.php';
+    }
+}
diff --git a/application/config/ConfigPlugin.php b/application/config/ConfigPlugin.php
new file mode 100644
index 00000000..047d2b03
--- /dev/null
+++ b/application/config/ConfigPlugin.php
@@ -0,0 +1,120 @@
+<?php
+/**
+ * Plugin configuration helper functions.
+ *
+ * Note: no access to configuration files here.
+ */
+
+/**
+ * Process plugin administration form data and save it in an array.
+ *
+ * @param array $formData Data sent by the plugin admin form.
+ *
+ * @return array New list of enabled plugin, ordered.
+ *
+ * @throws PluginConfigOrderException Plugins can't be sorted because their order is invalid.
+ */
+function save_plugin_config($formData)
+{
+    // Make sure there are no duplicates in orders.
+    if (!validate_plugin_order($formData)) {
+        throw new PluginConfigOrderException();
+    }
+
+    $plugins = array();
+    $newEnabledPlugins = array();
+    foreach ($formData as $key => $data) {
+        if (startsWith($key, 'order')) {
+            continue;
+        }
+
+        // If there is no order, it means a disabled plugin has been enabled.
+        if (isset($formData['order_' . $key])) {
+            $plugins[(int) $formData['order_' . $key]] = $key;
+        }
+        else {
+            $newEnabledPlugins[] = $key;
+        }
+    }
+
+    // New enabled plugins will be added at the end of order.
+    $plugins = array_merge($plugins, $newEnabledPlugins);
+
+    // Sort plugins by order.
+    if (!ksort($plugins)) {
+        throw new PluginConfigOrderException();
+    }
+
+    $finalPlugins = array();
+    // Make plugins order continuous.
+    foreach ($plugins as $plugin) {
+        $finalPlugins[] = $plugin;
+    }
+
+    return $finalPlugins;
+}
+
+/**
+ * Validate plugin array submitted.
+ * Will fail if there is duplicate orders value.
+ *
+ * @param array $formData Data from submitted form.
+ *
+ * @return bool true if ok, false otherwise.
+ */
+function validate_plugin_order($formData)
+{
+    $orders = array();
+    foreach ($formData as $key => $value) {
+        // No duplicate order allowed.
+        if (in_array($value, $orders)) {
+            return false;
+        }
+
+        if (startsWith($key, 'order')) {
+            $orders[] = $value;
+        }
+    }
+
+    return true;
+}
+
+/**
+ * Affect plugin parameters values into plugins array.
+ *
+ * @param mixed $plugins Plugins array ($plugins[<plugin_name>]['parameters']['param_name'] = <value>.
+ * @param mixed $conf  Plugins configuration.
+ *
+ * @return mixed Updated $plugins array.
+ */
+function load_plugin_parameter_values($plugins, $conf)
+{
+    $out = $plugins;
+    foreach ($plugins as $name => $plugin) {
+        if (empty($plugin['parameters'])) {
+            continue;
+        }
+
+        foreach ($plugin['parameters'] as $key => $param) {
+            if (!empty($conf[$key])) {
+                $out[$name]['parameters'][$key] = $conf[$key];
+            }
+        }
+    }
+
+    return $out;
+}
+
+/**
+ * Exception used if an error occur while saving plugin configuration.
+ */
+class PluginConfigOrderException extends Exception
+{
+    /**
+     * Construct exception.
+     */
+    public function __construct()
+    {
+        $this->message = 'An error occurred while trying to save plugins loading order.';
+    }
+}