diff options
Diffstat (limited to 'application')
-rw-r--r-- | application/front/controllers/SessionFilterController.php | 81 | ||||
-rw-r--r-- | application/front/controllers/ShaarliController.php | 43 | ||||
-rw-r--r-- | application/security/SessionManager.php | 33 |
3 files changed, 157 insertions, 0 deletions
diff --git a/application/front/controllers/SessionFilterController.php b/application/front/controllers/SessionFilterController.php new file mode 100644 index 00000000..a021dc37 --- /dev/null +++ b/application/front/controllers/SessionFilterController.php | |||
@@ -0,0 +1,81 @@ | |||
1 | <?php | ||
2 | |||
3 | declare(strict_types=1); | ||
4 | |||
5 | namespace Shaarli\Front\Controller; | ||
6 | |||
7 | use Shaarli\Bookmark\BookmarkFilter; | ||
8 | use Shaarli\Security\SessionManager; | ||
9 | use Slim\Http\Request; | ||
10 | use Slim\Http\Response; | ||
11 | |||
12 | /** | ||
13 | * Class SessionFilterController | ||
14 | * | ||
15 | * Slim controller used to handle filters stored in the user session, such as visibility, links per page, etc. | ||
16 | * | ||
17 | * @package Shaarli\Front\Controller | ||
18 | */ | ||
19 | class SessionFilterController extends ShaarliController | ||
20 | { | ||
21 | /** | ||
22 | * GET /links-per-page: set the number of bookmarks to display per page in homepage | ||
23 | */ | ||
24 | public function linksPerPage(Request $request, Response $response): Response | ||
25 | { | ||
26 | $linksPerPage = $request->getParam('nb') ?? null; | ||
27 | if (null === $linksPerPage || false === is_numeric($linksPerPage)) { | ||
28 | $linksPerPage = $this->container->conf->get('general.links_per_page', 20); | ||
29 | } | ||
30 | |||
31 | $this->container->sessionManager->setSessionParameter( | ||
32 | SessionManager::KEY_LINKS_PER_PAGE, | ||
33 | abs(intval($linksPerPage)) | ||
34 | ); | ||
35 | |||
36 | return $this->redirectFromReferer($response, ['linksperpage'], ['nb']); | ||
37 | } | ||
38 | |||
39 | /** | ||
40 | * GET /visibility: allows to display only public or only private bookmarks in linklist | ||
41 | */ | ||
42 | public function visibility(Request $request, Response $response, array $args): Response | ||
43 | { | ||
44 | if (false === $this->container->loginManager->isLoggedIn()) { | ||
45 | return $this->redirectFromReferer($response, ['visibility']); | ||
46 | } | ||
47 | |||
48 | $newVisibility = $args['visibility'] ?? null; | ||
49 | if (false === in_array($newVisibility, [BookmarkFilter::$PRIVATE, BookmarkFilter::$PUBLIC], true)) { | ||
50 | $newVisibility = null; | ||
51 | } | ||
52 | |||
53 | $currentVisibility = $this->container->sessionManager->getSessionParameter(SessionManager::KEY_VISIBILITY); | ||
54 | |||
55 | // Visibility not set or not already expected value, set expected value, otherwise reset it | ||
56 | if ($newVisibility !== null && (null === $currentVisibility || $currentVisibility !== $newVisibility)) { | ||
57 | // See only public bookmarks | ||
58 | $this->container->sessionManager->setSessionParameter( | ||
59 | SessionManager::KEY_VISIBILITY, | ||
60 | $newVisibility | ||
61 | ); | ||
62 | } else { | ||
63 | $this->container->sessionManager->deleteSessionParameter(SessionManager::KEY_VISIBILITY); | ||
64 | } | ||
65 | |||
66 | return $this->redirectFromReferer($response, ['visibility']); | ||
67 | } | ||
68 | |||
69 | /** | ||
70 | * GET /untagged-only: allows to display only bookmarks without any tag | ||
71 | */ | ||
72 | public function untaggedOnly(Request $request, Response $response): Response | ||
73 | { | ||
74 | $this->container->sessionManager->setSessionParameter( | ||
75 | SessionManager::KEY_UNTAGGED_ONLY, | ||
76 | empty($this->container->sessionManager->getSessionParameter(SessionManager::KEY_UNTAGGED_ONLY)) | ||
77 | ); | ||
78 | |||
79 | return $this->redirectFromReferer($response, ['untaggedonly', 'untagged-only']); | ||
80 | } | ||
81 | } | ||
diff --git a/application/front/controllers/ShaarliController.php b/application/front/controllers/ShaarliController.php index 0c5d363e..bfff5fcf 100644 --- a/application/front/controllers/ShaarliController.php +++ b/application/front/controllers/ShaarliController.php | |||
@@ -6,6 +6,7 @@ namespace Shaarli\Front\Controller; | |||
6 | 6 | ||
7 | use Shaarli\Bookmark\BookmarkFilter; | 7 | use Shaarli\Bookmark\BookmarkFilter; |
8 | use Shaarli\Container\ShaarliContainer; | 8 | use Shaarli\Container\ShaarliContainer; |
9 | use Slim\Http\Response; | ||
9 | 10 | ||
10 | abstract class ShaarliController | 11 | abstract class ShaarliController |
11 | { | 12 | { |
@@ -80,4 +81,46 @@ abstract class ShaarliController | |||
80 | $this->assignView('plugins_' . $name, $plugin_data); | 81 | $this->assignView('plugins_' . $name, $plugin_data); |
81 | } | 82 | } |
82 | } | 83 | } |
84 | |||
85 | /** | ||
86 | * Generates a redirection to the previous page, based on the HTTP_REFERER. | ||
87 | * It fails back to the home page. | ||
88 | * | ||
89 | * @param array $loopTerms Terms to remove from path and query string to prevent direction loop. | ||
90 | * @param array $clearParams List of parameter to remove from the query string of the referrer. | ||
91 | */ | ||
92 | protected function redirectFromReferer(Response $response, array $loopTerms = [], array $clearParams = []): Response | ||
93 | { | ||
94 | $defaultPath = './'; | ||
95 | $referer = $this->container->environment['HTTP_REFERER'] ?? null; | ||
96 | |||
97 | if (null !== $referer) { | ||
98 | $currentUrl = parse_url($referer); | ||
99 | parse_str($currentUrl['query'] ?? '', $params); | ||
100 | $path = $currentUrl['path'] ?? $defaultPath; | ||
101 | } else { | ||
102 | $params = []; | ||
103 | $path = $defaultPath; | ||
104 | } | ||
105 | |||
106 | // Prevent redirection loop | ||
107 | if (isset($currentUrl)) { | ||
108 | foreach ($clearParams as $value) { | ||
109 | unset($params[$value]); | ||
110 | } | ||
111 | |||
112 | $checkQuery = implode('', array_keys($params)); | ||
113 | foreach ($loopTerms as $value) { | ||
114 | if (strpos($path . $checkQuery, $value) !== false) { | ||
115 | $params = []; | ||
116 | $path = $defaultPath; | ||
117 | break; | ||
118 | } | ||
119 | } | ||
120 | } | ||
121 | |||
122 | $queryString = count($params) > 0 ? '?'. http_build_query($params) : ''; | ||
123 | |||
124 | return $response->withRedirect($path . $queryString); | ||
125 | } | ||
83 | } | 126 | } |
diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php index 4ae99168..8b77d362 100644 --- a/application/security/SessionManager.php +++ b/application/security/SessionManager.php | |||
@@ -8,6 +8,10 @@ use Shaarli\Config\ConfigManager; | |||
8 | */ | 8 | */ |
9 | class SessionManager | 9 | class SessionManager |
10 | { | 10 | { |
11 | public const KEY_LINKS_PER_PAGE = 'LINKS_PER_PAGE'; | ||
12 | public const KEY_VISIBILITY = 'visibility'; | ||
13 | public const KEY_UNTAGGED_ONLY = 'untaggedonly'; | ||
14 | |||
11 | /** @var int Session expiration timeout, in seconds */ | 15 | /** @var int Session expiration timeout, in seconds */ |
12 | public static $SHORT_TIMEOUT = 3600; // 1 hour | 16 | public static $SHORT_TIMEOUT = 3600; // 1 hour |
13 | 17 | ||
@@ -212,4 +216,33 @@ class SessionManager | |||
212 | { | 216 | { |
213 | return $this->session[$key] ?? $default; | 217 | return $this->session[$key] ?? $default; |
214 | } | 218 | } |
219 | |||
220 | /** | ||
221 | * Store a variable in user session. | ||
222 | * | ||
223 | * @param string $key Session key | ||
224 | * @param mixed $value Session value to store | ||
225 | * | ||
226 | * @return $this | ||
227 | */ | ||
228 | public function setSessionParameter(string $key, $value): self | ||
229 | { | ||
230 | $this->session[$key] = $value; | ||
231 | |||
232 | return $this; | ||
233 | } | ||
234 | |||
235 | /** | ||
236 | * Store a variable in user session. | ||
237 | * | ||
238 | * @param string $key Session key | ||
239 | * | ||
240 | * @return $this | ||
241 | */ | ||
242 | public function deleteSessionParameter(string $key): self | ||
243 | { | ||
244 | unset($this->session[$key]); | ||
245 | |||
246 | return $this; | ||
247 | } | ||
215 | } | 248 | } |