1 files changed, 38 insertions, 11 deletions
diff --git a/index.php b/index.php
index 2e350fcf..acfcc660 100644
--- a/index.php
+++ b/index.php
@@ -806,7 +806,10 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
            $params['searchtags'] = trim($params['searchtags']).' '.trim($_GET['addtag']);
        }
-        unset($params['page']); // We also remove page (keeping the same page has no sense, since the results are different)
+        // We also remove page (keeping the same page has no sense, since the
+        // results are different)
+        unset($params['page']);
        header('Location: ?'.http_build_query($params));
        exit;
    }
@@ -837,7 +840,9 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
                unset($params['searchtags']);
            }
-            unset($params['page']); // We also remove page (keeping the same page has no sense, since the results are different)
+            // We also remove page (keeping the same page has no sense, since
+            // the results are different)
+            unset($params['page']);
        }
        header('Location: ?'.http_build_query($params));
        exit;
@@ -954,15 +959,26 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
            }
            // Make sure old password is correct.
-            $oldhash = sha1($_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt'));
+            $oldhash = sha1(
-            if ($oldhash!= $conf->get('credentials.hash')) {
+                $_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt')
-                echo '<script>alert("'. t('The old password is not correct.') .'");document.location=\'?do=changepasswd\';</script>';
+            );
+            if ($oldhash != $conf->get('credentials.hash')) {
+                echo '<script>alert("'
+                    . t('The old password is not correct.')
+                    .'");document.location=\'?do=changepasswd\';</script>';
                exit;
            }
            // Save new password
            // Salt renders rainbow-tables attacks useless.
            $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand()));
-            $conf->set('credentials.hash', sha1($_POST['setpassword'] . $conf->get('credentials.login') . $conf->get('credentials.salt')));
+            $conf->set(
+                'credentials.hash',
+                sha1(
+                    $_POST['setpassword']
+                    . $conf->get('credentials.login')
+                    . $conf->get('credentials.salt')
+                )
+            );
            try {
                $conf->write($loginManager->isLoggedIn());
            } catch (Exception $e) {
@@ -1015,7 +1031,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
                && $thumbnailsMode !== $conf->get('thumbnails.mode', Thumbnailer::MODE_NONE)
            ) {
                $_SESSION['warnings'][] = t(
-                    'You have enabled or changed thumbnails mode. <a href="?do=thumbs_update">Please synchronize them</a>.'
+                    'You have enabled or changed thumbnails mode. '
+                    .'<a href="?do=thumbs_update">Please synchronize them</a>.'
                );
            }
            $conf->set('thumbnails.mode', $thumbnailsMode);
@@ -1296,7 +1313,9 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
            $description = empty($_GET['description']) ? '' : escape($_GET['description']);
            $tags = empty($_GET['tags']) ? '' : escape($_GET['tags']);
            $private = !empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0;
-            // If this is an HTTP(S) link, we try go get the page to extract the title (otherwise we will to straight to the edit form.)
+            // If this is an HTTP(S) link, we try go get the page to extract
+            // the title (otherwise we will to straight to the edit form.)
            if (empty($title) && strpos(get_url_scheme($url), 'http') !== false) {
                // Short timeout to keep the application responsive
                // The callback will fill $charset and $title with data from the downloaded page.
@@ -1514,7 +1533,11 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
            );
            // TODO: do not handle exceptions/errors in JS.
-            echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do='. Router::$PAGE_PLUGINSADMIN .'\';</script>';
+            echo '<script>alert("'
+                . $e->getMessage()
+                .'");document.location=\'?do='
+                . Router::$PAGE_PLUGINSADMIN
+                .'\';</script>';
            exit;
        }
        header('Location: ?do='. Router::$PAGE_PLUGINSADMIN);
@@ -1749,7 +1772,8 @@ function install($conf, $sessionManager, $loginManager)
    // This part makes sure sessions works correctly.
    // (Because on some hosts, session.save_path may not be set correctly,
    // or we may not have write access to it.)
-    if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working')) {
+    if (isset($_GET['test_session'])
+        && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working')) {
        // Step 2: Check if data in session is correct.
        $msg = t(
            '<pre>Sessions do not seem to work correctly on your server.<br>'.
@@ -1817,7 +1841,10 @@ function install($conf, $sessionManager, $loginManager)
            echo '<script>alert("'. $e->getMessage() .'");document.location=\'?\';</script>';
            exit;
        }
-        echo '<script>alert("Shaarli is now configured. Please enter your login/password and start shaaring your links!");document.location=\'?do=login\';</script>';
+        echo '<script>alert('
+            .'"Shaarli is now configured. '
+            .'Please enter your login/password and start shaaring your links!"'
+            .');document.location=\'?do=login\';</script>';
        exit;
    }

diff --git a/index.php b/index.php index 2e350fcf..acfcc660 100644 --- a/index.php +++ b/index.php
@@ -806,7 +806,10 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
806	$params['searchtags'] = trim($params['searchtags']).' '.trim($_GET['addtag']);	806	$params['searchtags'] = trim($params['searchtags']).' '.trim($_GET['addtag']);
807	}	807	}
808		808
809	unset($params['page']); // We also remove page (keeping the same page has no sense, since the results are different)	809	// We also remove page (keeping the same page has no sense, since the
		810	// results are different)
		811	unset($params['page']);
		812
810	header('Location: ?'.http_build_query($params));	813	header('Location: ?'.http_build_query($params));
811	exit;	814	exit;
812	}	815	}
@@ -837,7 +840,9 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
837	unset($params['searchtags']);	840	unset($params['searchtags']);
838	}	841	}
839		842
840	unset($params['page']); // We also remove page (keeping the same page has no sense, since the results are different)	843	// We also remove page (keeping the same page has no sense, since
		844	// the results are different)
		845	unset($params['page']);
841	}	846	}
842	header('Location: ?'.http_build_query($params));	847	header('Location: ?'.http_build_query($params));
843	exit;	848	exit;
@@ -954,15 +959,26 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
954	}	959	}
955		960
956	// Make sure old password is correct.	961	// Make sure old password is correct.
957	$oldhash = sha1($_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt'));	962	$oldhash = sha1(
958	if ($oldhash!= $conf->get('credentials.hash')) {	963	$_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt')
959	echo '<script>alert("'. t('The old password is not correct.') .'");document.location=\'?do=changepasswd\';</script>';	964	);
		965	if ($oldhash != $conf->get('credentials.hash')) {
		966	echo '<script>alert("'
		967	. t('The old password is not correct.')
		968	.'");document.location=\'?do=changepasswd\';</script>';
960	exit;	969	exit;
961	}	970	}
962	// Save new password	971	// Save new password
963	// Salt renders rainbow-tables attacks useless.	972	// Salt renders rainbow-tables attacks useless.
964	$conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand()));	973	$conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand()));
965	$conf->set('credentials.hash', sha1($_POST['setpassword'] . $conf->get('credentials.login') . $conf->get('credentials.salt')));	974	$conf->set(
		975	'credentials.hash',
		976	sha1(
		977	$_POST['setpassword']
		978	. $conf->get('credentials.login')
		979	. $conf->get('credentials.salt')
		980	)
		981	);
966	try {	982	try {
967	$conf->write($loginManager->isLoggedIn());	983	$conf->write($loginManager->isLoggedIn());
968	} catch (Exception $e) {	984	} catch (Exception $e) {
@@ -1015,7 +1031,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
1015	&& $thumbnailsMode !== $conf->get('thumbnails.mode', Thumbnailer::MODE_NONE)	1031	&& $thumbnailsMode !== $conf->get('thumbnails.mode', Thumbnailer::MODE_NONE)
1016	) {	1032	) {
1017	$_SESSION['warnings'][] = t(	1033	$_SESSION['warnings'][] = t(
1018	'You have enabled or changed thumbnails mode. <a href="?do=thumbs_update">Please synchronize them</a>.'	1034	'You have enabled or changed thumbnails mode. '
		1035	.'<a href="?do=thumbs_update">Please synchronize them</a>.'
1019	);	1036	);
1020	}	1037	}
1021	$conf->set('thumbnails.mode', $thumbnailsMode);	1038	$conf->set('thumbnails.mode', $thumbnailsMode);
@@ -1296,7 +1313,9 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
1296	$description = empty($_GET['description']) ? '' : escape($_GET['description']);	1313	$description = empty($_GET['description']) ? '' : escape($_GET['description']);
1297	$tags = empty($_GET['tags']) ? '' : escape($_GET['tags']);	1314	$tags = empty($_GET['tags']) ? '' : escape($_GET['tags']);
1298	$private = !empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0;	1315	$private = !empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0;
1299	// If this is an HTTP(S) link, we try go get the page to extract the title (otherwise we will to straight to the edit form.)	1316
		1317	// If this is an HTTP(S) link, we try go get the page to extract
		1318	// the title (otherwise we will to straight to the edit form.)
1300	if (empty($title) && strpos(get_url_scheme($url), 'http') !== false) {	1319	if (empty($title) && strpos(get_url_scheme($url), 'http') !== false) {
1301	// Short timeout to keep the application responsive	1320	// Short timeout to keep the application responsive
1302	// The callback will fill $charset and $title with data from the downloaded page.	1321	// The callback will fill $charset and $title with data from the downloaded page.
@@ -1514,7 +1533,11 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
1514	);	1533	);
1515		1534
1516	// TODO: do not handle exceptions/errors in JS.	1535	// TODO: do not handle exceptions/errors in JS.
1517	echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do='. Router::$PAGE_PLUGINSADMIN .'\';</script>';	1536	echo '<script>alert("'
		1537	. $e->getMessage()
		1538	.'");document.location=\'?do='
		1539	. Router::$PAGE_PLUGINSADMIN
		1540	.'\';</script>';
1518	exit;	1541	exit;
1519	}	1542	}
1520	header('Location: ?do='. Router::$PAGE_PLUGINSADMIN);	1543	header('Location: ?do='. Router::$PAGE_PLUGINSADMIN);
@@ -1749,7 +1772,8 @@ function install($conf, $sessionManager, $loginManager)
1749	// This part makes sure sessions works correctly.	1772	// This part makes sure sessions works correctly.
1750	// (Because on some hosts, session.save_path may not be set correctly,	1773	// (Because on some hosts, session.save_path may not be set correctly,
1751	// or we may not have write access to it.)	1774	// or we may not have write access to it.)
1752	if (isset($_GET['test_session']) && ( !isset($_SESSION) \|\| !isset($_SESSION['session_tested']) \|\| $_SESSION['session_tested']!='Working')) {	1775	if (isset($_GET['test_session'])
		1776	&& ( !isset($_SESSION) \|\| !isset($_SESSION['session_tested']) \|\| $_SESSION['session_tested']!='Working')) {
1753	// Step 2: Check if data in session is correct.	1777	// Step 2: Check if data in session is correct.
1754	$msg = t(	1778	$msg = t(
1755	'<pre>Sessions do not seem to work correctly on your server.<br>'.	1779	'<pre>Sessions do not seem to work correctly on your server.<br>'.
@@ -1817,7 +1841,10 @@ function install($conf, $sessionManager, $loginManager)
1817	echo '<script>alert("'. $e->getMessage() .'");document.location=\'?\';</script>';	1841	echo '<script>alert("'. $e->getMessage() .'");document.location=\'?\';</script>';
1818	exit;	1842	exit;
1819	}	1843	}
1820	echo '<script>alert("Shaarli is now configured. Please enter your login/password and start shaaring your links!");document.location=\'?do=login\';</script>';	1844	echo '<script>alert('
		1845	.'"Shaarli is now configured. '
		1846	.'Please enter your login/password and start shaaring your links!"'
		1847	.');document.location=\'?do=login\';</script>';
1821	exit;	1848	exit;
1822	}	1849	}
1823		1850