aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rw-r--r--index.php106
1 files changed, 51 insertions, 55 deletions
diff --git a/index.php b/index.php
index 7f357c69..76aa1ae0 100644
--- a/index.php
+++ b/index.php
@@ -1,8 +1,6 @@
1<?php 1<?php
2/** 2/**
3 * Shaarli v0.8.3 - Shaare your links... 3 * Shaarli - The personal, minimalist, super-fast, database free, bookmarking service.
4 *
5 * The personal, minimalist, super-fast, database free, bookmarking service.
6 * 4 *
7 * Friendly fork by the Shaarli community: 5 * Friendly fork by the Shaarli community:
8 * - https://github.com/shaarli/Shaarli 6 * - https://github.com/shaarli/Shaarli
@@ -25,7 +23,6 @@ if (date_default_timezone_get() == '') {
25/* 23/*
26 * PHP configuration 24 * PHP configuration
27 */ 25 */
28define('shaarli_version', '0.8.2');
29 26
30// http://server.com/x/shaarli --> /shaarli/ 27// http://server.com/x/shaarli --> /shaarli/
31define('WEB_PATH', substr($_SERVER['REQUEST_URI'], 0, 1+strrpos($_SERVER['REQUEST_URI'], '/', 0))); 28define('WEB_PATH', substr($_SERVER['REQUEST_URI'], 0, 1+strrpos($_SERVER['REQUEST_URI'], '/', 0)));
@@ -91,6 +88,8 @@ try {
91 exit; 88 exit;
92} 89}
93 90
91define('shaarli_version', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE));
92
94// Force cookie path (but do not change lifetime) 93// Force cookie path (but do not change lifetime)
95$cookie = session_get_cookie_params(); 94$cookie = session_get_cookie_params();
96$cookiedir = ''; 95$cookiedir = '';
@@ -434,7 +433,7 @@ if (isset($_POST['login']))
434 // Optional redirect after login: 433 // Optional redirect after login:
435 if (isset($_GET['post'])) { 434 if (isset($_GET['post'])) {
436 $uri = '?post='. urlencode($_GET['post']); 435 $uri = '?post='. urlencode($_GET['post']);
437 foreach (array('description', 'source', 'title') as $param) { 436 foreach (array('description', 'source', 'title', 'tags') as $param) {
438 if (!empty($_GET[$param])) { 437 if (!empty($_GET[$param])) {
439 $uri .= '&'.$param.'='.urlencode($_GET[$param]); 438 $uri .= '&'.$param.'='.urlencode($_GET[$param]);
440 } 439 }
@@ -463,7 +462,7 @@ if (isset($_POST['login']))
463 $redir = '&username='. $_POST['login']; 462 $redir = '&username='. $_POST['login'];
464 if (isset($_GET['post'])) { 463 if (isset($_GET['post'])) {
465 $redir .= '&post=' . urlencode($_GET['post']); 464 $redir .= '&post=' . urlencode($_GET['post']);
466 foreach (array('description', 'source', 'title') as $param) { 465 foreach (array('description', 'source', 'title', 'tags') as $param) {
467 if (!empty($_GET[$param])) { 466 if (!empty($_GET[$param])) {
468 $redir .= '&' . $param . '=' . urlencode($_GET[$param]); 467 $redir .= '&' . $param . '=' . urlencode($_GET[$param]);
469 } 468 }
@@ -475,34 +474,6 @@ if (isset($_POST['login']))
475} 474}
476 475
477// ------------------------------------------------------------------------------------------ 476// ------------------------------------------------------------------------------------------
478// Misc utility functions:
479
480// Convert post_max_size/upload_max_filesize (e.g. '16M') parameters to bytes.
481function return_bytes($val)
482{
483 $val = trim($val); $last=strtolower($val[strlen($val)-1]);
484 switch($last)
485 {
486 case 'g': $val *= 1024;
487 case 'm': $val *= 1024;
488 case 'k': $val *= 1024;
489 }
490 return $val;
491}
492
493// Try to determine max file size for uploads (POST).
494// Returns an integer (in bytes)
495function getMaxFileSize()
496{
497 $size1 = return_bytes(ini_get('post_max_size'));
498 $size2 = return_bytes(ini_get('upload_max_filesize'));
499 // Return the smaller of two:
500 $maxsize = min($size1,$size2);
501 // FIXME: Then convert back to readable notations ? (e.g. 2M instead of 2000000)
502 return $maxsize;
503}
504
505// ------------------------------------------------------------------------------------------
506// Token management for XSRF protection 477// Token management for XSRF protection
507// Token should be used in any form which acts on data (create,update,delete,import...). 478// Token should be used in any form which acts on data (create,update,delete,import...).
508if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are attached to the session. 479if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are attached to the session.
@@ -697,9 +668,11 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager)
697 668
698 $dayDate = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $day.'_000000'); 669 $dayDate = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $day.'_000000');
699 $data = array( 670 $data = array(
671 'pagetitle' => $conf->get('general.title') .' - '. format_date($dayDate, false),
700 'linksToDisplay' => $linksToDisplay, 672 'linksToDisplay' => $linksToDisplay,
701 'cols' => $columns, 673 'cols' => $columns,
702 'day' => $dayDate->getTimestamp(), 674 'day' => $dayDate->getTimestamp(),
675 'dayDate' => $dayDate,
703 'previousday' => $previousday, 676 'previousday' => $previousday,
704 'nextday' => $nextday, 677 'nextday' => $nextday,
705 ); 678 );
@@ -1052,7 +1025,13 @@ function renderPage($conf, $pluginManager, $LINKSDB)
1052 // Show login screen, then redirect to ?post=... 1025 // Show login screen, then redirect to ?post=...
1053 if (isset($_GET['post'])) 1026 if (isset($_GET['post']))
1054 { 1027 {
1055 header('Location: ?do=login&post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):'')); // Redirect to login page, then back to post link. 1028 header( // Redirect to login page, then back to post link.
1029 'Location: ?do=login&post='.urlencode($_GET['post']).
1030 (!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').
1031 (!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').
1032 (!empty($_GET['tags'])?'&tags='.urlencode($_GET['tags']):'').
1033 (!empty($_GET['source'])?'&source='.urlencode($_GET['source']):'')
1034 );
1056 exit; 1035 exit;
1057 } 1036 }
1058 1037
@@ -1149,7 +1128,7 @@ function renderPage($conf, $pluginManager, $LINKSDB)
1149 $conf->set('feed.rss_permalinks', !empty($_POST['enableRssPermalinks'])); 1128 $conf->set('feed.rss_permalinks', !empty($_POST['enableRssPermalinks']));
1150 $conf->set('updates.check_updates', !empty($_POST['updateCheck'])); 1129 $conf->set('updates.check_updates', !empty($_POST['updateCheck']));
1151 $conf->set('privacy.hide_public_links', !empty($_POST['hidePublicLinks'])); 1130 $conf->set('privacy.hide_public_links', !empty($_POST['hidePublicLinks']));
1152 $conf->set('api.enabled', !empty($_POST['apiEnabled'])); 1131 $conf->set('api.enabled', !empty($_POST['enableApi']));
1153 $conf->set('api.secret', escape($_POST['apiSecret'])); 1132 $conf->set('api.secret', escape($_POST['apiSecret']));
1154 try { 1133 try {
1155 $conf->write(isLoggedIn()); 1134 $conf->write(isLoggedIn());
@@ -1175,9 +1154,12 @@ function renderPage($conf, $pluginManager, $LINKSDB)
1175 $PAGE->assign('theme', $conf->get('resource.theme')); 1154 $PAGE->assign('theme', $conf->get('resource.theme'));
1176 $PAGE->assign('theme_available', ThemeUtils::getThemes($conf->get('resource.raintpl_tpl'))); 1155 $PAGE->assign('theme_available', ThemeUtils::getThemes($conf->get('resource.raintpl_tpl')));
1177 $PAGE->assign('redirector', $conf->get('redirector.url')); 1156 $PAGE->assign('redirector', $conf->get('redirector.url'));
1178 list($timezone_form, $timezone_js) = generateTimeZoneForm($conf->get('general.timezone')); 1157 list($continents, $cities) = generateTimeZoneData(
1179 $PAGE->assign('timezone_form', $timezone_form); 1158 timezone_identifiers_list(),
1180 $PAGE->assign('timezone_js',$timezone_js); 1159 $conf->get('general.timezone')
1160 );
1161 $PAGE->assign('continents', $continents);
1162 $PAGE->assign('cities', $cities);
1181 $PAGE->assign('private_links_default', $conf->get('privacy.default_private_links', false)); 1163 $PAGE->assign('private_links_default', $conf->get('privacy.default_private_links', false));
1182 $PAGE->assign('session_protection_disabled', $conf->get('security.session_protection_disabled', false)); 1164 $PAGE->assign('session_protection_disabled', $conf->get('security.session_protection_disabled', false));
1183 $PAGE->assign('enable_rss_permalinks', $conf->get('feed.rss_permalinks', false)); 1165 $PAGE->assign('enable_rss_permalinks', $conf->get('feed.rss_permalinks', false));
@@ -1257,7 +1239,7 @@ function renderPage($conf, $pluginManager, $LINKSDB)
1257 } 1239 }
1258 1240
1259 // lf_id should only be present if the link exists. 1241 // lf_id should only be present if the link exists.
1260 $id = !empty($_POST['lf_id']) ? intval(escape($_POST['lf_id'])) : $LINKSDB->getNextId(); 1242 $id = isset($_POST['lf_id']) ? intval(escape($_POST['lf_id'])) : $LINKSDB->getNextId();
1261 // Linkdate is kept here to: 1243 // Linkdate is kept here to:
1262 // - use the same permalink for notes as they're displayed when creating them 1244 // - use the same permalink for notes as they're displayed when creating them
1263 // - let users hack creation date of their posts 1245 // - let users hack creation date of their posts
@@ -1337,9 +1319,13 @@ function renderPage($conf, $pluginManager, $LINKSDB)
1337 // -------- User clicked the "Cancel" button when editing a link. 1319 // -------- User clicked the "Cancel" button when editing a link.
1338 if (isset($_POST['cancel_edit'])) 1320 if (isset($_POST['cancel_edit']))
1339 { 1321 {
1322 $id = isset($_POST['lf_id']) ? (int) escape($_POST['lf_id']) : false;
1323 if (! isset($LINKSDB[$id])) {
1324 header('Location: ?');
1325 }
1340 // If we are called from the bookmarklet, we must close the popup: 1326 // If we are called from the bookmarklet, we must close the popup:
1341 if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; } 1327 if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; }
1342 $link = $LINKSDB[(int) escape($_POST['lf_id'])]; 1328 $link = $LINKSDB[$id];
1343 $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' ); 1329 $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' );
1344 // Scroll to the link which has been edited. 1330 // Scroll to the link which has been edited.
1345 $returnurl .= '#'. $link['shorturl']; 1331 $returnurl .= '#'. $link['shorturl'];
@@ -1525,7 +1511,22 @@ function renderPage($conf, $pluginManager, $LINKSDB)
1525 1511
1526 if (! isset($_POST['token']) || ! isset($_FILES['filetoupload'])) { 1512 if (! isset($_POST['token']) || ! isset($_FILES['filetoupload'])) {
1527 // Show import dialog 1513 // Show import dialog
1528 $PAGE->assign('maxfilesize', getMaxFileSize()); 1514 $PAGE->assign(
1515 'maxfilesize',
1516 get_max_upload_size(
1517 ini_get('post_max_size'),
1518 ini_get('upload_max_filesize'),
1519 false
1520 )
1521 );
1522 $PAGE->assign(
1523 'maxfilesizeHuman',
1524 get_max_upload_size(
1525 ini_get('post_max_size'),
1526 ini_get('upload_max_filesize'),
1527 true
1528 )
1529 );
1529 $PAGE->renderPage('import'); 1530 $PAGE->renderPage('import');
1530 exit; 1531 exit;
1531 } 1532 }
@@ -1535,7 +1536,7 @@ function renderPage($conf, $pluginManager, $LINKSDB)
1535 // The file is too big or some form field may be missing. 1536 // The file is too big or some form field may be missing.
1536 echo '<script>alert("The file you are trying to upload is probably' 1537 echo '<script>alert("The file you are trying to upload is probably'
1537 .' bigger than what this webserver can accept (' 1538 .' bigger than what this webserver can accept ('
1538 .getMaxFileSize().' bytes).' 1539 .get_max_upload_size(ini_get('post_max_size'), ini_get('upload_max_filesize')).').'
1539 .' Please upload in smaller chunks.");document.location=\'?do=' 1540 .' Please upload in smaller chunks.");document.location=\'?do='
1540 .Router::$PAGE_IMPORT .'\';</script>'; 1541 .Router::$PAGE_IMPORT .'\';</script>';
1541 exit; 1542 exit;
@@ -1992,16 +1993,10 @@ function install($conf)
1992 exit; 1993 exit;
1993 } 1994 }
1994 1995
1995 // Display config form:
1996 list($timezone_form, $timezone_js) = generateTimeZoneForm();
1997 $timezone_html = '';
1998 if ($timezone_form != '') {
1999 $timezone_html = '<tr><td><b>Timezone:</b></td><td>'.$timezone_form.'</td></tr>';
2000 }
2001
2002 $PAGE = new PageBuilder($conf); 1996 $PAGE = new PageBuilder($conf);
2003 $PAGE->assign('timezone_html',$timezone_html); 1997 list($continents, $cities) = generateTimeZoneData(timezone_identifiers_list(), date_default_timezone_get());
2004 $PAGE->assign('timezone_js',$timezone_js); 1998 $PAGE->assign('continents', $continents);
1999 $PAGE->assign('cities', $cities);
2005 $PAGE->renderPage('install'); 2000 $PAGE->renderPage('install');
2006 exit; 2001 exit;
2007} 2002}
@@ -2252,9 +2247,10 @@ $app = new \Slim\App($container);
2252 2247
2253// REST API routes 2248// REST API routes
2254$app->group('/api/v1', function() { 2249$app->group('/api/v1', function() {
2255 $this->get('/info', '\Shaarli\Api\Controllers\Info:getInfo'); 2250 $this->get('/info', '\Shaarli\Api\Controllers\Info:getInfo')->setName('getInfo');
2256 $this->get('/links', '\Shaarli\Api\Controllers\Links:getLinks'); 2251 $this->get('/links', '\Shaarli\Api\Controllers\Links:getLinks')->setName('getLinks');
2257 $this->get('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:getLink'); 2252 $this->get('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:getLink')->setName('getLink');
2253 $this->post('/links', '\Shaarli\Api\Controllers\Links:postLink')->setName('postLink');
2258})->add('\Shaarli\Api\ApiMiddleware'); 2254})->add('\Shaarli\Api\ApiMiddleware');
2259 2255
2260$response = $app->run(true); 2256$response = $app->run(true);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-25 14:21:49 +0000