aboutsummaryrefslogtreecommitdiffhomepage
path: root/application
diff options
context:
space:
mode:
Diffstat (limited to 'application')
-rw-r--r--application/HttpUtils.php2
-rw-r--r--application/LinkUtils.php4
-rw-r--r--application/Updater.php18
-rw-r--r--application/api/ApiMiddleware.php11
4 files changed, 29 insertions, 6 deletions
diff --git a/application/HttpUtils.php b/application/HttpUtils.php
index e8fc1f5d..a81f9056 100644
--- a/application/HttpUtils.php
+++ b/application/HttpUtils.php
@@ -122,7 +122,7 @@ function get_http_response($url, $timeout = 30, $maxBytes = 4194304)
122 $content = substr($response, $headSize); 122 $content = substr($response, $headSize);
123 $headers = array(); 123 $headers = array();
124 foreach (preg_split('~[\r\n]+~', $rawHeadersLastRedir) as $line) { 124 foreach (preg_split('~[\r\n]+~', $rawHeadersLastRedir) as $line) {
125 if (empty($line) or ctype_space($line)) { 125 if (empty($line) || ctype_space($line)) {
126 continue; 126 continue;
127 } 127 }
128 $splitLine = explode(': ', $line, 2); 128 $splitLine = explode(': ', $line, 2);
diff --git a/application/LinkUtils.php b/application/LinkUtils.php
index cf58f808..976474de 100644
--- a/application/LinkUtils.php
+++ b/application/LinkUtils.php
@@ -89,7 +89,9 @@ function count_private($links)
89{ 89{
90 $cpt = 0; 90 $cpt = 0;
91 foreach ($links as $link) { 91 foreach ($links as $link) {
92 $cpt = $link['private'] == true ? $cpt + 1 : $cpt; 92 if ($link['private']) {
93 $cpt += 1;
94 }
93 } 95 }
94 96
95 return $cpt; 97 return $cpt;
diff --git a/application/Updater.php b/application/Updater.php
index 621c7238..eb03c6d3 100644
--- a/application/Updater.php
+++ b/application/Updater.php
@@ -69,7 +69,7 @@ class Updater
69 return $updatesRan; 69 return $updatesRan;
70 } 70 }
71 71
72 if ($this->methods == null) { 72 if ($this->methods === null) {
73 throw new UpdaterException('Couldn\'t retrieve Updater class methods.'); 73 throw new UpdaterException('Couldn\'t retrieve Updater class methods.');
74 } 74 }
75 75
@@ -308,6 +308,22 @@ class Updater
308 308
309 return true; 309 return true;
310 } 310 }
311
312 /**
313 * Move the file to inc/user.css to data/user.css.
314 *
315 * Note: Due to hardcoded paths, it's not unit testable. But one line of code should be fine.
316 *
317 * @return bool true if the update is successful, false otherwise.
318 */
319 public function updateMethodMoveUserCss()
320 {
321 if (! is_file('inc/user.css')) {
322 return true;
323 }
324
325 return rename('inc/user.css', 'data/user.css');
326 }
311} 327}
312 328
313/** 329/**
diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php
index 162e88e0..522091ca 100644
--- a/application/api/ApiMiddleware.php
+++ b/application/api/ApiMiddleware.php
@@ -98,8 +98,7 @@ class ApiMiddleware
98 * @throws ApiAuthorizationException The token couldn't be validated. 98 * @throws ApiAuthorizationException The token couldn't be validated.
99 */ 99 */
100 protected function checkToken($request) { 100 protected function checkToken($request) {
101 $jwt = $request->getHeaderLine('jwt'); 101 if (! $request->hasHeader('Authorization')) {
102 if (empty($jwt)) {
103 throw new ApiAuthorizationException('JWT token not provided'); 102 throw new ApiAuthorizationException('JWT token not provided');
104 } 103 }
105 104
@@ -107,7 +106,13 @@ class ApiMiddleware
107 throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration'); 106 throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration');
108 } 107 }
109 108
110 ApiUtils::validateJwtToken($jwt, $this->conf->get('api.secret')); 109 $authorization = $request->getHeaderLine('Authorization');
110
111 if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) {
112 throw new ApiAuthorizationException('Invalid JWT header');
113 }
114
115 ApiUtils::validateJwtToken($matches[1], $this->conf->get('api.secret'));
111 } 116 }
112 117
113 /** 118 /**
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-10 15:06:48 +0000