aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rw-r--r--index.php178
1 files changed, 96 insertions, 82 deletions
diff --git a/index.php b/index.php
index 4068a828..9d5f25ea 100644
--- a/index.php
+++ b/index.php
@@ -64,7 +64,6 @@ require_once 'application/FeedBuilder.php';
64require_once 'application/FileUtils.php'; 64require_once 'application/FileUtils.php';
65require_once 'application/History.php'; 65require_once 'application/History.php';
66require_once 'application/HttpUtils.php'; 66require_once 'application/HttpUtils.php';
67require_once 'application/Languages.php';
68require_once 'application/LinkDB.php'; 67require_once 'application/LinkDB.php';
69require_once 'application/LinkFilter.php'; 68require_once 'application/LinkFilter.php';
70require_once 'application/LinkUtils.php'; 69require_once 'application/LinkUtils.php';
@@ -76,8 +75,10 @@ require_once 'application/Utils.php';
76require_once 'application/PluginManager.php'; 75require_once 'application/PluginManager.php';
77require_once 'application/Router.php'; 76require_once 'application/Router.php';
78require_once 'application/Updater.php'; 77require_once 'application/Updater.php';
78use \Shaarli\Languages;
79use \Shaarli\ThemeUtils; 79use \Shaarli\ThemeUtils;
80use \Shaarli\Config\ConfigManager; 80use \Shaarli\Config\ConfigManager;
81use \Shaarli\SessionManager;
81 82
82// Ensure the PHP version is supported 83// Ensure the PHP version is supported
83try { 84try {
@@ -115,14 +116,23 @@ if (session_id() == '') {
115} 116}
116 117
117// Regenerate session ID if invalid or not defined in cookie. 118// Regenerate session ID if invalid or not defined in cookie.
118if (isset($_COOKIE['shaarli']) && !is_session_id_valid($_COOKIE['shaarli'])) { 119if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) {
119 session_regenerate_id(true); 120 session_regenerate_id(true);
120 $_COOKIE['shaarli'] = session_id(); 121 $_COOKIE['shaarli'] = session_id();
121} 122}
122 123
123$conf = new ConfigManager(); 124$conf = new ConfigManager();
125$sessionManager = new SessionManager($_SESSION, $conf);
126
127// Sniff browser language and set date format accordingly.
128if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
129 autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']);
130}
131
132new Languages(setlocale(LC_MESSAGES, 0), $conf);
133
124$conf->setEmpty('general.timezone', date_default_timezone_get()); 134$conf->setEmpty('general.timezone', date_default_timezone_get());
125$conf->setEmpty('general.title', 'Shared links on '. escape(index_url($_SERVER))); 135$conf->setEmpty('general.title', t('Shared links on '). escape(index_url($_SERVER)));
126RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory 136RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory
127RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory 137RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory
128 138
@@ -144,7 +154,7 @@ if (! is_file($conf->getConfigFileExt())) {
144 $errors = ApplicationUtils::checkResourcePermissions($conf); 154 $errors = ApplicationUtils::checkResourcePermissions($conf);
145 155
146 if ($errors != array()) { 156 if ($errors != array()) {
147 $message = '<p>Insufficient permissions:</p><ul>'; 157 $message = '<p>'. t('Insufficient permissions:') .'</p><ul>';
148 158
149 foreach ($errors as $error) { 159 foreach ($errors as $error) {
150 $message .= '<li>'.$error.'</li>'; 160 $message .= '<li>'.$error.'</li>';
@@ -157,17 +167,12 @@ if (! is_file($conf->getConfigFileExt())) {
157 } 167 }
158 168
159 // Display the installation form if no existing config is found 169 // Display the installation form if no existing config is found
160 install($conf); 170 install($conf, $sessionManager);
161} 171}
162 172
163// a token depending of deployment salt, user password, and the current ip 173// a token depending of deployment salt, user password, and the current ip
164define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); 174define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
165 175
166// Sniff browser language and set date format accordingly.
167if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
168 autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']);
169}
170
171/** 176/**
172 * Checking session state (i.e. is the user still logged in) 177 * Checking session state (i.e. is the user still logged in)
173 * 178 *
@@ -376,9 +381,9 @@ function ban_canLogin($conf)
376// Process login form: Check if login/password is correct. 381// Process login form: Check if login/password is correct.
377if (isset($_POST['login'])) 382if (isset($_POST['login']))
378{ 383{
379 if (!ban_canLogin($conf)) die('I said: NO. You are banned for the moment. Go away.'); 384 if (!ban_canLogin($conf)) die(t('I said: NO. You are banned for the moment. Go away.'));
380 if (isset($_POST['password']) 385 if (isset($_POST['password'])
381 && tokenOk($_POST['token']) 386 && $sessionManager->checkToken($_POST['token'])
382 && (check_auth($_POST['login'], $_POST['password'], $conf)) 387 && (check_auth($_POST['login'], $_POST['password'], $conf))
383 ) { // Login/password is OK. 388 ) { // Login/password is OK.
384 ban_loginOk($conf); 389 ban_loginOk($conf);
@@ -440,7 +445,8 @@ if (isset($_POST['login']))
440 } 445 }
441 } 446 }
442 } 447 }
443 echo '<script>alert("Wrong login/password.");document.location=\'?do=login'.$redir.'\';</script>'; // Redirect to login screen. 448 // Redirect to login screen.
449 echo '<script>alert("'. t("Wrong login/password.") .'");document.location=\'?do=login'.$redir.'\';</script>';
444 exit; 450 exit;
445 } 451 }
446} 452}
@@ -451,32 +457,6 @@ if (isset($_POST['login']))
451if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are attached to the session. 457if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are attached to the session.
452 458
453/** 459/**
454 * Returns a token.
455 *
456 * @param ConfigManager $conf Configuration Manager instance.
457 *
458 * @return string token.
459 */
460function getToken($conf)
461{
462 $rnd = sha1(uniqid('', true) .'_'. mt_rand() . $conf->get('credentials.salt')); // We generate a random string.
463 $_SESSION['tokens'][$rnd]=1; // Store it on the server side.
464 return $rnd;
465}
466
467// Tells if a token is OK. Using this function will destroy the token.
468// true=token is OK.
469function tokenOk($token)
470{
471 if (isset($_SESSION['tokens'][$token]))
472 {
473 unset($_SESSION['tokens'][$token]); // Token is used: destroy it.
474 return true; // Token is OK.
475 }
476 return false; // Wrong token, or already used.
477}
478
479/**
480 * Daily RSS feed: 1 RSS entry per day giving all the links on that day. 460 * Daily RSS feed: 1 RSS entry per day giving all the links on that day.
481 * Gives the last 7 days (which have links). 461 * Gives the last 7 days (which have links).
482 * This RSS feed cannot be filtered. 462 * This RSS feed cannot be filtered.
@@ -546,7 +526,11 @@ function showDailyRSS($conf) {
546 526
547 // We pre-format some fields for proper output. 527 // We pre-format some fields for proper output.
548 foreach ($links as &$link) { 528 foreach ($links as &$link) {
549 $link['formatedDescription'] = format_description($link['description'], $conf->get('redirector.url')); 529 $link['formatedDescription'] = format_description(
530 $link['description'],
531 $conf->get('redirector.url'),
532 $conf->get('redirector.encode_url')
533 );
550 $link['thumbnail'] = thumbnail($conf, $link['url']); 534 $link['thumbnail'] = thumbnail($conf, $link['url']);
551 $link['timestamp'] = $link['created']->getTimestamp(); 535 $link['timestamp'] = $link['created']->getTimestamp();
552 if (startsWith($link['url'], '?')) { 536 if (startsWith($link['url'], '?')) {
@@ -618,7 +602,11 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager)
618 $taglist = explode(' ',$link['tags']); 602 $taglist = explode(' ',$link['tags']);
619 uasort($taglist, 'strcasecmp'); 603 uasort($taglist, 'strcasecmp');
620 $linksToDisplay[$key]['taglist']=$taglist; 604 $linksToDisplay[$key]['taglist']=$taglist;
621 $linksToDisplay[$key]['formatedDescription'] = format_description($link['description'], $conf->get('redirector.url')); 605 $linksToDisplay[$key]['formatedDescription'] = format_description(
606 $link['description'],
607 $conf->get('redirector.url'),
608 $conf->get('redirector.encode_url')
609 );
622 $linksToDisplay[$key]['thumbnail'] = thumbnail($conf, $link['url']); 610 $linksToDisplay[$key]['thumbnail'] = thumbnail($conf, $link['url']);
623 $linksToDisplay[$key]['timestamp'] = $link['created']->getTimestamp(); 611 $linksToDisplay[$key]['timestamp'] = $link['created']->getTimestamp();
624 } 612 }
@@ -683,12 +671,13 @@ function showLinkList($PAGE, $LINKSDB, $conf, $pluginManager) {
683/** 671/**
684 * Render HTML page (according to URL parameters and user rights) 672 * Render HTML page (according to URL parameters and user rights)
685 * 673 *
686 * @param ConfigManager $conf Configuration Manager instance. 674 * @param ConfigManager $conf Configuration Manager instance.
687 * @param PluginManager $pluginManager Plugin Manager instance, 675 * @param PluginManager $pluginManager Plugin Manager instance,
688 * @param LinkDB $LINKSDB 676 * @param LinkDB $LINKSDB
689 * @param History $history instance 677 * @param History $history instance
678 * @param SessionManager $sessionManager SessionManager instance
690 */ 679 */
691function renderPage($conf, $pluginManager, $LINKSDB, $history) 680function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager)
692{ 681{
693 $updater = new Updater( 682 $updater = new Updater(
694 read_updates_file($conf->get('resource.updates')), 683 read_updates_file($conf->get('resource.updates')),
@@ -709,7 +698,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
709 die($e->getMessage()); 698 die($e->getMessage());
710 } 699 }
711 700
712 $PAGE = new PageBuilder($conf, $LINKSDB); 701 $PAGE = new PageBuilder($conf, $LINKSDB, $sessionManager->generateToken());
713 $PAGE->assign('linkcount', count($LINKSDB)); 702 $PAGE->assign('linkcount', count($LINKSDB));
714 $PAGE->assign('privateLinkcount', count_private($LINKSDB)); 703 $PAGE->assign('privateLinkcount', count_private($LINKSDB));
715 $PAGE->assign('plugin_errors', $pluginManager->getErrors()); 704 $PAGE->assign('plugin_errors', $pluginManager->getErrors());
@@ -1100,16 +1089,19 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1100 if ($targetPage == Router::$PAGE_CHANGEPASSWORD) 1089 if ($targetPage == Router::$PAGE_CHANGEPASSWORD)
1101 { 1090 {
1102 if ($conf->get('security.open_shaarli')) { 1091 if ($conf->get('security.open_shaarli')) {
1103 die('You are not supposed to change a password on an Open Shaarli.'); 1092 die(t('You are not supposed to change a password on an Open Shaarli.'));
1104 } 1093 }
1105 1094
1106 if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword'])) 1095 if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword']))
1107 { 1096 {
1108 if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away! 1097 if (!$sessionManager->checkToken($_POST['token'])) die(t('Wrong token.')); // Go away!
1109 1098
1110 // Make sure old password is correct. 1099 // Make sure old password is correct.
1111 $oldhash = sha1($_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt')); 1100 $oldhash = sha1($_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt'));
1112 if ($oldhash!= $conf->get('credentials.hash')) { echo '<script>alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>'; exit; } 1101 if ($oldhash!= $conf->get('credentials.hash')) {
1102 echo '<script>alert("'. t('The old password is not correct.') .'");document.location=\'?do=changepasswd\';</script>';
1103 exit;
1104 }
1113 // Save new password 1105 // Save new password
1114 // Salt renders rainbow-tables attacks useless. 1106 // Salt renders rainbow-tables attacks useless.
1115 $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand())); 1107 $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand()));
@@ -1127,7 +1119,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1127 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=tools\';</script>'; 1119 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=tools\';</script>';
1128 exit; 1120 exit;
1129 } 1121 }
1130 echo '<script>alert("Your password has been changed.");document.location=\'?do=tools\';</script>'; 1122 echo '<script>alert("'. t('Your password has been changed') .'");document.location=\'?do=tools\';</script>';
1131 exit; 1123 exit;
1132 } 1124 }
1133 else // show the change password form. 1125 else // show the change password form.
@@ -1142,8 +1134,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1142 { 1134 {
1143 if (!empty($_POST['title']) ) 1135 if (!empty($_POST['title']) )
1144 { 1136 {
1145 if (!tokenOk($_POST['token'])) { 1137 if (!$sessionManager->checkToken($_POST['token'])) {
1146 die('Wrong token.'); // Go away! 1138 die(t('Wrong token.')); // Go away!
1147 } 1139 }
1148 $tz = 'UTC'; 1140 $tz = 'UTC';
1149 if (!empty($_POST['continent']) && !empty($_POST['city']) 1141 if (!empty($_POST['continent']) && !empty($_POST['city'])
@@ -1163,6 +1155,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1163 $conf->set('privacy.hide_public_links', !empty($_POST['hidePublicLinks'])); 1155 $conf->set('privacy.hide_public_links', !empty($_POST['hidePublicLinks']));
1164 $conf->set('api.enabled', !empty($_POST['enableApi'])); 1156 $conf->set('api.enabled', !empty($_POST['enableApi']));
1165 $conf->set('api.secret', escape($_POST['apiSecret'])); 1157 $conf->set('api.secret', escape($_POST['apiSecret']));
1158 $conf->set('translation.language', escape($_POST['language']));
1159
1166 try { 1160 try {
1167 $conf->write(isLoggedIn()); 1161 $conf->write(isLoggedIn());
1168 $history->updateSettings(); 1162 $history->updateSettings();
@@ -1178,7 +1172,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1178 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=configure\';</script>'; 1172 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=configure\';</script>';
1179 exit; 1173 exit;
1180 } 1174 }
1181 echo '<script>alert("Configuration was saved.");document.location=\'?do=configure\';</script>'; 1175 echo '<script>alert("'. t('Configuration was saved.') .'");document.location=\'?do=configure\';</script>';
1182 exit; 1176 exit;
1183 } 1177 }
1184 else // Show the configuration form. 1178 else // Show the configuration form.
@@ -1200,6 +1194,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1200 $PAGE->assign('hide_public_links', $conf->get('privacy.hide_public_links', false)); 1194 $PAGE->assign('hide_public_links', $conf->get('privacy.hide_public_links', false));
1201 $PAGE->assign('api_enabled', $conf->get('api.enabled', true)); 1195 $PAGE->assign('api_enabled', $conf->get('api.enabled', true));
1202 $PAGE->assign('api_secret', $conf->get('api.secret')); 1196 $PAGE->assign('api_secret', $conf->get('api.secret'));
1197 $PAGE->assign('languages', Languages::getAvailableLanguages());
1198 $PAGE->assign('language', $conf->get('translation.language'));
1203 $PAGE->renderPage('configure'); 1199 $PAGE->renderPage('configure');
1204 exit; 1200 exit;
1205 } 1201 }
@@ -1214,8 +1210,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1214 exit; 1210 exit;
1215 } 1211 }
1216 1212
1217 if (!tokenOk($_POST['token'])) { 1213 if (!$sessionManager->checkToken($_POST['token'])) {
1218 die('Wrong token.'); 1214 die(t('Wrong token.'));
1219 } 1215 }
1220 1216
1221 $alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), escape($_POST['totag'])); 1217 $alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), escape($_POST['totag']));
@@ -1225,9 +1221,10 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1225 } 1221 }
1226 $delete = empty($_POST['totag']); 1222 $delete = empty($_POST['totag']);
1227 $redirect = $delete ? 'do=changetag' : 'searchtags='. urlencode(escape($_POST['totag'])); 1223 $redirect = $delete ? 'do=changetag' : 'searchtags='. urlencode(escape($_POST['totag']));
1224 $count = count($alteredLinks);
1228 $alert = $delete 1225 $alert = $delete
1229 ? sprintf(t('The tag was removed from %d links.'), count($alteredLinks)) 1226 ? sprintf(t('The tag was removed from %d link.', 'The tag was removed from %d links.', $count), $count)
1230 : sprintf(t('The tag was renamed in %d links.'), count($alteredLinks)); 1227 : sprintf(t('The tag was renamed in %d link.', 'The tag was renamed in %d links.', $count), $count);
1231 echo '<script>alert("'. $alert .'");document.location=\'?'. $redirect .'\';</script>'; 1228 echo '<script>alert("'. $alert .'");document.location=\'?'. $redirect .'\';</script>';
1232 exit; 1229 exit;
1233 } 1230 }
@@ -1243,8 +1240,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1243 if (isset($_POST['save_edit'])) 1240 if (isset($_POST['save_edit']))
1244 { 1241 {
1245 // Go away! 1242 // Go away!
1246 if (! tokenOk($_POST['token'])) { 1243 if (! $sessionManager->checkToken($_POST['token'])) {
1247 die('Wrong token.'); 1244 die(t('Wrong token.'));
1248 } 1245 }
1249 1246
1250 // lf_id should only be present if the link exists. 1247 // lf_id should only be present if the link exists.
@@ -1343,8 +1340,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1343 // -------- User clicked the "Delete" button when editing a link: Delete link from database. 1340 // -------- User clicked the "Delete" button when editing a link: Delete link from database.
1344 if ($targetPage == Router::$PAGE_DELETELINK) 1341 if ($targetPage == Router::$PAGE_DELETELINK)
1345 { 1342 {
1346 if (! tokenOk($_GET['token'])) { 1343 if (! $sessionManager->checkToken($_GET['token'])) {
1347 die('Wrong token.'); 1344 die(t('Wrong token.'));
1348 } 1345 }
1349 1346
1350 $ids = trim($_GET['lf_linkdate']); 1347 $ids = trim($_GET['lf_linkdate']);
@@ -1443,7 +1440,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1443 1440
1444 if ($url == '') { 1441 if ($url == '') {
1445 $url = '?' . smallHash($linkdate . $LINKSDB->getNextId()); 1442 $url = '?' . smallHash($linkdate . $LINKSDB->getNextId());
1446 $title = $conf->get('general.default_note_title', 'Note: '); 1443 $title = $conf->get('general.default_note_title', t('Note: '));
1447 } 1444 }
1448 $url = escape($url); 1445 $url = escape($url);
1449 $title = escape($title); 1446 $title = escape($title);
@@ -1550,14 +1547,17 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1550 // Import bookmarks from an uploaded file 1547 // Import bookmarks from an uploaded file
1551 if (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size'] == 0) { 1548 if (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size'] == 0) {
1552 // The file is too big or some form field may be missing. 1549 // The file is too big or some form field may be missing.
1553 echo '<script>alert("The file you are trying to upload is probably' 1550 $msg = sprintf(
1554 .' bigger than what this webserver can accept (' 1551 t(
1555 .get_max_upload_size(ini_get('post_max_size'), ini_get('upload_max_filesize')).').' 1552 'The file you are trying to upload is probably bigger than what this webserver can accept'
1556 .' Please upload in smaller chunks.");document.location=\'?do=' 1553 .' (%s). Please upload in smaller chunks.'
1557 .Router::$PAGE_IMPORT .'\';</script>'; 1554 ),
1555 get_max_upload_size(ini_get('post_max_size'), ini_get('upload_max_filesize'))
1556 );
1557 echo '<script>alert("'. $msg .'");document.location=\'?do='.Router::$PAGE_IMPORT .'\';</script>';
1558 exit; 1558 exit;
1559 } 1559 }
1560 if (! tokenOk($_POST['token'])) { 1560 if (! $sessionManager->checkToken($_POST['token'])) {
1561 die('Wrong token.'); 1561 die('Wrong token.');
1562 } 1562 }
1563 $status = NetscapeBookmarkUtils::import( 1563 $status = NetscapeBookmarkUtils::import(
@@ -1624,7 +1624,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1624 // Get a fresh token 1624 // Get a fresh token
1625 if ($targetPage == Router::$GET_TOKEN) { 1625 if ($targetPage == Router::$GET_TOKEN) {
1626 header('Content-Type:text/plain'); 1626 header('Content-Type:text/plain');
1627 echo getToken($conf); 1627 echo $sessionManager->generateToken($conf);
1628 exit; 1628 exit;
1629 } 1629 }
1630 1630
@@ -1696,7 +1696,11 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
1696 while ($i<$end && $i<count($keys)) 1696 while ($i<$end && $i<count($keys))
1697 { 1697 {
1698 $link = $linksToDisplay[$keys[$i]]; 1698 $link = $linksToDisplay[$keys[$i]];
1699 $link['description'] = format_description($link['description'], $conf->get('redirector.url')); 1699 $link['description'] = format_description(
1700 $link['description'],
1701 $conf->get('redirector.url'),
1702 $conf->get('redirector.encode_url')
1703 );
1700 $classLi = ($i % 2) != 0 ? '' : 'publicLinkHightLight'; 1704 $classLi = ($i % 2) != 0 ? '' : 'publicLinkHightLight';
1701 $link['class'] = $link['private'] == 0 ? $classLi : 'private'; 1705 $link['class'] = $link['private'] == 0 ? $classLi : 'private';
1702 $link['timestamp'] = $link['created']->getTimestamp(); 1706 $link['timestamp'] = $link['created']->getTimestamp();
@@ -1950,10 +1954,10 @@ function lazyThumbnail($conf, $url,$href=false)
1950 * Installation 1954 * Installation
1951 * This function should NEVER be called if the file data/config.php exists. 1955 * This function should NEVER be called if the file data/config.php exists.
1952 * 1956 *
1953 * @param ConfigManager $conf Configuration Manager instance. 1957 * @param ConfigManager $conf Configuration Manager instance.
1958 * @param SessionManager $sessionManager SessionManager instance
1954 */ 1959 */
1955function install($conf) 1960function install($conf, $sessionManager) {
1956{
1957 // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. 1961 // On free.fr host, make sure the /sessions directory exists, otherwise login will not work.
1958 if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705); 1962 if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705);
1959 1963
@@ -1962,12 +1966,20 @@ function install($conf)
1962 // (Because on some hosts, session.save_path may not be set correctly, 1966 // (Because on some hosts, session.save_path may not be set correctly,
1963 // or we may not have write access to it.) 1967 // or we may not have write access to it.)
1964 if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working')) 1968 if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working'))
1965 { // Step 2: Check if data in session is correct. 1969 {
1966 echo '<pre>Sessions do not seem to work correctly on your server.<br>'; 1970 // Step 2: Check if data in session is correct.
1967 echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it.<br>'; 1971 $msg = t(
1968 echo 'It currently points to '.session_save_path().'<br>'; 1972 '<pre>Sessions do not seem to work correctly on your server.<br>'.
1969 echo 'Check that the hostname used to access Shaarli contains a dot. On some browsers, accessing your server via a hostname like \'localhost\' or any custom hostname without a dot causes cookie storage to fail. We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.<br>'; 1973 'Make sure the variable "session.save_path" is set correctly in your PHP config, '.
1970 echo '<br><a href="?">Click to try again.</a></pre>'; 1974 'and that you have write access to it.<br>'.
1975 'It currently points to %s.<br>'.
1976 'On some browsers, accessing your server via a hostname like \'localhost\' '.
1977 'or any custom hostname without a dot causes cookie storage to fail. '.
1978 'We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.<br>'
1979 );
1980 $msg = sprintf($msg, session_save_path());
1981 echo $msg;
1982 echo '<br><a href="?">'. t('Click to try again.') .'</a></pre>';
1971 die; 1983 die;
1972 } 1984 }
1973 if (!isset($_SESSION['session_tested'])) 1985 if (!isset($_SESSION['session_tested']))
@@ -2000,6 +2012,7 @@ function install($conf)
2000 } else { 2012 } else {
2001 $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER))); 2013 $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER)));
2002 } 2014 }
2015 $conf->set('translation.language', escape($_POST['language']));
2003 $conf->set('updates.check_updates', !empty($_POST['updateCheck'])); 2016 $conf->set('updates.check_updates', !empty($_POST['updateCheck']));
2004 $conf->set('api.enabled', !empty($_POST['enableApi'])); 2017 $conf->set('api.enabled', !empty($_POST['enableApi']));
2005 $conf->set( 2018 $conf->set(
@@ -2027,10 +2040,11 @@ function install($conf)
2027 exit; 2040 exit;
2028 } 2041 }
2029 2042
2030 $PAGE = new PageBuilder($conf); 2043 $PAGE = new PageBuilder($conf, null, $sessionManager->generateToken());
2031 list($continents, $cities) = generateTimeZoneData(timezone_identifiers_list(), date_default_timezone_get()); 2044 list($continents, $cities) = generateTimeZoneData(timezone_identifiers_list(), date_default_timezone_get());
2032 $PAGE->assign('continents', $continents); 2045 $PAGE->assign('continents', $continents);
2033 $PAGE->assign('cities', $cities); 2046 $PAGE->assign('cities', $cities);
2047 $PAGE->assign('languages', Languages::getAvailableLanguages());
2034 $PAGE->renderPage('install'); 2048 $PAGE->renderPage('install');
2035 exit; 2049 exit;
2036} 2050}
@@ -2303,7 +2317,7 @@ $response = $app->run(true);
2303if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) { 2317if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) {
2304 // We use UTF-8 for proper international characters handling. 2318 // We use UTF-8 for proper international characters handling.
2305 header('Content-Type: text/html; charset=utf-8'); 2319 header('Content-Type: text/html; charset=utf-8');
2306 renderPage($conf, $pluginManager, $linkDb, $history); 2320 renderPage($conf, $pluginManager, $linkDb, $history, $sessionManager);
2307} else { 2321} else {
2308 $app->respond($response); 2322 $app->respond($response);
2309} 2323}
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-06 21:07:43 +0000