1 files changed, 29 insertions, 1 deletions
diff --git a/index.php b/index.php
index 8f6ee50a..b702bd13 100644
--- a/index.php
+++ b/index.php
@@ -1084,7 +1084,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
            die(t('Wrong token.'));
        }
-        $alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), escape($_POST['totag']));
+        $toTag = isset($_POST['totag']) ? escape($_POST['totag']) : null;
+        $alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), $toTag);
        $LINKSDB->save($conf->get('resource.page_cache'));
        foreach ($alteredLinks as $link) {
            $history->updateLink($link);
@@ -1352,6 +1353,25 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
        exit;
    }
+    if ($targetPage == Router::$PAGE_PINLINK) {
+        if (! isset($_GET['id']) || empty($LINKSDB[$_GET['id']])) {
+            // FIXME! Use a proper error system.
+            $msg = t('Invalid link ID provided');
+            echo '<script>alert("'. $msg .'");document.location=\''. index_url($_SERVER) .'\';</script>';
+            exit;
+        }
+        if (! $sessionManager->checkToken($_GET['token'])) {
+            die('Wrong token.');
+        }
+        $link = $LINKSDB[$_GET['id']];
+        $link['sticky'] = ! $link['sticky'];
+        $LINKSDB[(int) $_GET['id']] = $link;
+        $LINKSDB->save($conf->get('resource.page_cache'));
+        header('Location: '.index_url($_SERVER));
+        exit;
+    }
    if ($targetPage == Router::$PAGE_EXPORT) {
        // Export links as a Netscape Bookmarks file
@@ -1858,6 +1878,7 @@ $app->group('/api/v1', function() {
 })->add('\Shaarli\Api\ApiMiddleware');
 $response = $app->run(true);
 // Hack to make Slim and Shaarli router work together:
 // If a Slim route isn't found and NOT API call, we call renderPage().
 if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) {
@@ -1865,5 +1886,12 @@ if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v
    header('Content-Type: text/html; charset=utf-8');
    renderPage($conf, $pluginManager, $linkDb, $history, $sessionManager, $loginManager);
 } else {
+    $response = $response
+        ->withHeader('Access-Control-Allow-Origin', '*')
+        ->withHeader(
+            'Access-Control-Allow-Headers',
+            'X-Requested-With, Content-Type, Accept, Origin, Authorization'
+        )
+        ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
    $app->respond($response);
 }

diff --git a/index.php b/index.php index 8f6ee50a..b702bd13 100644 --- a/index.php +++ b/index.php
@@ -1084,7 +1084,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
1084	die(t('Wrong token.'));	1084	die(t('Wrong token.'));
1085	}	1085	}
1086		1086
1087	$alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), escape($_POST['totag']));	1087	$toTag = isset($_POST['totag']) ? escape($_POST['totag']) : null;
		1088	$alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), $toTag);
1088	$LINKSDB->save($conf->get('resource.page_cache'));	1089	$LINKSDB->save($conf->get('resource.page_cache'));
1089	foreach ($alteredLinks as $link) {	1090	foreach ($alteredLinks as $link) {
1090	$history->updateLink($link);	1091	$history->updateLink($link);
@@ -1352,6 +1353,25 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
1352	exit;	1353	exit;
1353	}	1354	}
1354		1355
		1356	if ($targetPage == Router::$PAGE_PINLINK) {
		1357	if (! isset($_GET['id']) \|\| empty($LINKSDB[$_GET['id']])) {
		1358	// FIXME! Use a proper error system.
		1359	$msg = t('Invalid link ID provided');
		1360	echo '<script>alert("'. $msg .'");document.location=\''. index_url($_SERVER) .'\';</script>';
		1361	exit;
		1362	}
		1363	if (! $sessionManager->checkToken($_GET['token'])) {
		1364	die('Wrong token.');
		1365	}
		1366
		1367	$link = $LINKSDB[$_GET['id']];
		1368	$link['sticky'] = ! $link['sticky'];
		1369	$LINKSDB[(int) $_GET['id']] = $link;
		1370	$LINKSDB->save($conf->get('resource.page_cache'));
		1371	header('Location: '.index_url($_SERVER));
		1372	exit;
		1373	}
		1374
1355	if ($targetPage == Router::$PAGE_EXPORT) {	1375	if ($targetPage == Router::$PAGE_EXPORT) {
1356	// Export links as a Netscape Bookmarks file	1376	// Export links as a Netscape Bookmarks file
1357		1377
@@ -1858,6 +1878,7 @@ $app->group('/api/v1', function() {
1858	})->add('\Shaarli\Api\ApiMiddleware');	1878	})->add('\Shaarli\Api\ApiMiddleware');
1859		1879
1860	$response = $app->run(true);	1880	$response = $app->run(true);
		1881
1861	// Hack to make Slim and Shaarli router work together:	1882	// Hack to make Slim and Shaarli router work together:
1862	// If a Slim route isn't found and NOT API call, we call renderPage().	1883	// If a Slim route isn't found and NOT API call, we call renderPage().
1863	if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) {	1884	if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) {
@@ -1865,5 +1886,12 @@ if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v
1865	header('Content-Type: text/html; charset=utf-8');	1886	header('Content-Type: text/html; charset=utf-8');
1866	renderPage($conf, $pluginManager, $linkDb, $history, $sessionManager, $loginManager);	1887	renderPage($conf, $pluginManager, $linkDb, $history, $sessionManager, $loginManager);
1867	} else {	1888	} else {
		1889	$response = $response
		1890	->withHeader('Access-Control-Allow-Origin', '*')
		1891	->withHeader(
		1892	'Access-Control-Allow-Headers',
		1893	'X-Requested-With, Content-Type, Accept, Origin, Authorization'
		1894	)
		1895	->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
1868	$app->respond($response);	1896	$app->respond($response);
1869	}	1897	}