aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rw-r--r--index.php183
1 files changed, 101 insertions, 82 deletions
diff --git a/index.php b/index.php
index 218d317d..e1516d37 100644
--- a/index.php
+++ b/index.php
@@ -64,7 +64,6 @@ require_once 'application/FeedBuilder.php';
64require_once 'application/FileUtils.php'; 64require_once 'application/FileUtils.php';
65require_once 'application/History.php'; 65require_once 'application/History.php';
66require_once 'application/HttpUtils.php'; 66require_once 'application/HttpUtils.php';
67require_once 'application/Languages.php';
68require_once 'application/LinkDB.php'; 67require_once 'application/LinkDB.php';
69require_once 'application/LinkFilter.php'; 68require_once 'application/LinkFilter.php';
70require_once 'application/LinkUtils.php'; 69require_once 'application/LinkUtils.php';
@@ -76,8 +75,10 @@ require_once 'application/Utils.php';
76require_once 'application/PluginManager.php'; 75require_once 'application/PluginManager.php';
77require_once 'application/Router.php'; 76require_once 'application/Router.php';
78require_once 'application/Updater.php'; 77require_once 'application/Updater.php';
78use \Shaarli\Languages;
79use \Shaarli\ThemeUtils; 79use \Shaarli\ThemeUtils;
80use \Shaarli\Config\ConfigManager; 80use \Shaarli\Config\ConfigManager;
81use \Shaarli\SessionManager;
81 82
82// Ensure the PHP version is supported 83// Ensure the PHP version is supported
83try { 84try {
@@ -88,7 +89,7 @@ try {
88 exit; 89 exit;
89} 90}
90 91
91define('shaarli_version', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE)); 92define('SHAARLI_VERSION', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE));
92 93
93// Force cookie path (but do not change lifetime) 94// Force cookie path (but do not change lifetime)
94$cookie = session_get_cookie_params(); 95$cookie = session_get_cookie_params();
@@ -115,14 +116,23 @@ if (session_id() == '') {
115} 116}
116 117
117// Regenerate session ID if invalid or not defined in cookie. 118// Regenerate session ID if invalid or not defined in cookie.
118if (isset($_COOKIE['shaarli']) && !is_session_id_valid($_COOKIE['shaarli'])) { 119if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) {
119 session_regenerate_id(true); 120 session_regenerate_id(true);
120 $_COOKIE['shaarli'] = session_id(); 121 $_COOKIE['shaarli'] = session_id();
121} 122}
122 123
123$conf = new ConfigManager(); 124$conf = new ConfigManager();
125$sessionManager = new SessionManager($_SESSION, $conf);
126
127// Sniff browser language and set date format accordingly.
128if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
129 autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']);
130}
131
132new Languages(setlocale(LC_MESSAGES, 0), $conf);
133
124$conf->setEmpty('general.timezone', date_default_timezone_get()); 134$conf->setEmpty('general.timezone', date_default_timezone_get());
125$conf->setEmpty('general.title', 'Shared links on '. escape(index_url($_SERVER))); 135$conf->setEmpty('general.title', t('Shared links on '). escape(index_url($_SERVER)));
126RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory 136RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory
127RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory 137RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory
128 138
@@ -144,7 +154,7 @@ if (! is_file($conf->getConfigFileExt())) {
144 $errors = ApplicationUtils::checkResourcePermissions($conf); 154 $errors = ApplicationUtils::checkResourcePermissions($conf);
145 155
146 if ($errors != array()) { 156 if ($errors != array()) {
147 $message = '<p>Insufficient permissions:</p><ul>'; 157 $message = '<p>'. t('Insufficient permissions:') .'</p><ul>';
148 158
149 foreach ($errors as $error) { 159 foreach ($errors as $error) {
150 $message .= '<li>'.$error.'</li>'; 160 $message .= '<li>'.$error.'</li>';
@@ -157,17 +167,12 @@ if (! is_file($conf->getConfigFileExt())) {
157 } 167 }
158 168
159 // Display the installation form if no existing config is found 169 // Display the installation form if no existing config is found
160 install($conf); 170 install($conf, $sessionManager);
161} 171}
162 172
163// a token depending of deployment salt, user password, and the current ip 173// a token depending of deployment salt, user password, and the current ip
164define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); 174define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
165 175
166// Sniff browser language and set date format accordingly.
167if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
168 autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']);
169}
170
171/** 176/**
172 * Checking session state (i.e. is the user still logged in) 177 * Checking session state (i.e. is the user still logged in)
173 * 178 *
@@ -376,9 +381,9 @@ function ban_canLogin($conf)
376// Process login form: Check if login/password is correct. 381// Process login form: Check if login/password is correct.
377if (isset($_POST['login'])) 382if (isset($_POST['login']))
378{ 383{
379 if (!ban_canLogin($conf)) die('I said: NO. You are banned for the moment. Go away.'); 384 if (!ban_canLogin($conf)) die(t('I said: NO. You are banned for the moment. Go away.'));
380 if (isset($_POST['password']) 385 if (isset($_POST['password'])
381 && tokenOk($_POST['token']) 386 && $sessionManager->checkToken($_POST['token'])
382 && (check_auth($_POST['login'], $_POST['password'], $conf)) 387 && (check_auth($_POST['login'], $_POST['password'], $conf))
383 ) { // Login/password is OK. 388 ) { // Login/password is OK.
384 ban_loginOk($conf); 389 ban_loginOk($conf);
@@ -440,7 +445,8 @@ if (isset($_POST['login']))
440 } 445 }
441 } 446 }
442 } 447 }
443 echo '<script>alert("Wrong login/password.");document.location=\'?do=login'.$redir.'\';</script>'; // Redirect to login screen. 448 // Redirect to login screen.
449 echo '<script>alert("'. t("Wrong login/password.") .'");document.location=\'?do=login'.$redir.'\';</script>';
444 exit; 450 exit;
445 } 451 }
446} 452}
@@ -451,32 +457,6 @@ if (isset($_POST['login']))
451if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are attached to the session. 457if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are attached to the session.
452 458
453/** 459/**
454 * Returns a token.
455 *
456 * @param ConfigManager $conf Configuration Manager instance.
457 *
458 * @return string token.
459 */
460function getToken($conf)
461{
462 $rnd = sha1(uniqid('', true) .'_'. mt_rand() . $conf->get('credentials.salt')); // We generate a random string.
463 $_SESSION['tokens'][$rnd]=1; // Store it on the server side.
464 return $rnd;
465}
466
467// Tells if a token is OK. Using this function will destroy the token.
468// true=token is OK.
469function tokenOk($token)
470{
471 if (isset($_SESSION['tokens'][$token]))
472 {
473 unset($_SESSION['tokens'][$token]); // Token is used: destroy it.
474 return true; // Token is OK.
475 }
476 return false; // Wrong token, or already used.
477}
478
479/**
480 * Daily RSS feed: 1 RSS entry per day giving all the links on that day. 460 * Daily RSS feed: 1 RSS entry per day giving all the links on that day.
481 * Gives the last 7 days (which have links). 461 * Gives the last 7 days (which have links).
482 * This RSS feed cannot be filtered. 462 * This RSS feed cannot be filtered.
@@ -683,12 +663,13 @@ function showLinkList($PAGE, $LINKSDB, $conf, $pluginManager) {
683/** 663/**
684 * Render HTML page (according to URL parameters and user rights) 664 * Render HTML page (according to URL parameters and user rights)
685 * 665 *
686 * @param ConfigManager $conf Configuration Manager instance. 666 * @param ConfigManager $conf Configuration Manager instance.
687 * @param PluginManager $pluginManager Plugin Manager instance, 667 * @param PluginManager $pluginManager Plugin Manager instance,
688 * @param LinkDB $LINKSDB 668 * @param LinkDB $LINKSDB
689 * @param History $history instance 669 * @param History $history instance
670 * @param SessionManager $sessionManager SessionManager instance
690 */ 671 */
691function renderPage($conf, $pluginManager, $LINKSDB, $history) 672function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager)
692{ 673{
693 $updater = new Updater( 674 $updater = new Updater(
694 read_updates_file($conf->get('resource.updates')), 675 read_updates_file($conf->get('resource.updates')),
@@ -709,7 +690,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
709 die($e->getMessage()); 690 die($e->getMessage());
710 } 691 }
711 692
712 $PAGE = new PageBuilder($conf, $LINKSDB); 693 $PAGE = new PageBuilder($conf, $LINKSDB, $sessionManager->generateToken());
713 $PAGE->assign('linkcount', count($LINKSDB)); 694 $PAGE->assign('linkcount', count($LINKSDB));
714 $PAGE->assign('privateLinkcount', count_private($LINKSDB)); 695 $PAGE->assign('privateLinkcount', count_private($LINKSDB));
715 $PAGE->assign('plugin_errors', $pluginManager->getErrors()); 696 $PAGE->assign('plugin_errors', $pluginManager->getErrors());
@@ -718,6 +699,23 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
718 $query = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : ''; 699 $query = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : '';
719 $targetPage = Router::findPage($query, $_GET, isLoggedIn()); 700 $targetPage = Router::findPage($query, $_GET, isLoggedIn());
720 701
702 if (
703 // if the user isn't logged in
704 !isLoggedIn() &&
705 // and Shaarli doesn't have public content...
706 $conf->get('privacy.hide_public_links') &&
707 // and is configured to enforce the login
708 $conf->get('privacy.force_login') &&
709 // and the current page isn't already the login page
710 $targetPage !== Router::$PAGE_LOGIN &&
711 // and the user is not requesting a feed (which would lead to a different content-type as expected)
712 $targetPage !== Router::$PAGE_FEED_ATOM &&
713 $targetPage !== Router::$PAGE_FEED_RSS
714 ) {
715 // force current page to be the login page
716 $targetPage = Router::$PAGE_LOGIN;
717 }
718
721 // Call plugin hooks for header, footer and includes, specifying which page will be rendered. 719 // Call plugin hooks for header, footer and includes, specifying which page will be rendered.
722 // Then assign generated data to RainTPL. 720 // Then assign generated data to RainTPL.
723 $common_hooks = array( 721 $common_hooks = array(
@@ -823,7 +821,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
823 } 821 }
824 822
825 $data = array( 823 $data = array(
826 'search_tags' => implode(' ', $filteringTags), 824 'search_tags' => implode(' ', escape($filteringTags)),
827 'tags' => $tagList, 825 'tags' => $tagList,
828 ); 826 );
829 $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn())); 827 $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn()));
@@ -853,7 +851,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
853 } 851 }
854 852
855 $data = [ 853 $data = [
856 'search_tags' => implode(' ', $filteringTags), 854 'search_tags' => implode(' ', escape($filteringTags)),
857 'tags' => $tags, 855 'tags' => $tags,
858 ]; 856 ];
859 $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]); 857 $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]);
@@ -1083,16 +1081,19 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1083 if ($targetPage == Router::$PAGE_CHANGEPASSWORD) 1081 if ($targetPage == Router::$PAGE_CHANGEPASSWORD)
1084 { 1082 {
1085 if ($conf->get('security.open_shaarli')) { 1083 if ($conf->get('security.open_shaarli')) {
1086 die('You are not supposed to change a password on an Open Shaarli.'); 1084 die(t('You are not supposed to change a password on an Open Shaarli.'));
1087 } 1085 }
1088 1086
1089 if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword'])) 1087 if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword']))
1090 { 1088 {
1091 if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away! 1089 if (!$sessionManager->checkToken($_POST['token'])) die(t('Wrong token.')); // Go away!
1092 1090
1093 // Make sure old password is correct. 1091 // Make sure old password is correct.
1094 $oldhash = sha1($_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt')); 1092 $oldhash = sha1($_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt'));
1095 if ($oldhash!= $conf->get('credentials.hash')) { echo '<script>alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>'; exit; } 1093 if ($oldhash!= $conf->get('credentials.hash')) {
1094 echo '<script>alert("'. t('The old password is not correct.') .'");document.location=\'?do=changepasswd\';</script>';
1095 exit;
1096 }
1096 // Save new password 1097 // Save new password
1097 // Salt renders rainbow-tables attacks useless. 1098 // Salt renders rainbow-tables attacks useless.
1098 $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand())); 1099 $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand()));
@@ -1110,7 +1111,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1110 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=tools\';</script>'; 1111 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=tools\';</script>';
1111 exit; 1112 exit;
1112 } 1113 }
1113 echo '<script>alert("Your password has been changed.");document.location=\'?do=tools\';</script>'; 1114 echo '<script>alert("'. t('Your password has been changed') .'");document.location=\'?do=tools\';</script>';
1114 exit; 1115 exit;
1115 } 1116 }
1116 else // show the change password form. 1117 else // show the change password form.
@@ -1125,8 +1126,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1125 { 1126 {
1126 if (!empty($_POST['title']) ) 1127 if (!empty($_POST['title']) )
1127 { 1128 {
1128 if (!tokenOk($_POST['token'])) { 1129 if (!$sessionManager->checkToken($_POST['token'])) {
1129 die('Wrong token.'); // Go away! 1130 die(t('Wrong token.')); // Go away!
1130 } 1131 }
1131 $tz = 'UTC'; 1132 $tz = 'UTC';
1132 if (!empty($_POST['continent']) && !empty($_POST['city']) 1133 if (!empty($_POST['continent']) && !empty($_POST['city'])
@@ -1146,6 +1147,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1146 $conf->set('privacy.hide_public_links', !empty($_POST['hidePublicLinks'])); 1147 $conf->set('privacy.hide_public_links', !empty($_POST['hidePublicLinks']));
1147 $conf->set('api.enabled', !empty($_POST['enableApi'])); 1148 $conf->set('api.enabled', !empty($_POST['enableApi']));
1148 $conf->set('api.secret', escape($_POST['apiSecret'])); 1149 $conf->set('api.secret', escape($_POST['apiSecret']));
1150 $conf->set('translation.language', escape($_POST['language']));
1151
1149 try { 1152 try {
1150 $conf->write(isLoggedIn()); 1153 $conf->write(isLoggedIn());
1151 $history->updateSettings(); 1154 $history->updateSettings();
@@ -1161,7 +1164,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1161 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=configure\';</script>'; 1164 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=configure\';</script>';
1162 exit; 1165 exit;
1163 } 1166 }
1164 echo '<script>alert("Configuration was saved.");document.location=\'?do=configure\';</script>'; 1167 echo '<script>alert("'. t('Configuration was saved.') .'");document.location=\'?do=configure\';</script>';
1165 exit; 1168 exit;
1166 } 1169 }
1167 else // Show the configuration form. 1170 else // Show the configuration form.
@@ -1183,6 +1186,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1183 $PAGE->assign('hide_public_links', $conf->get('privacy.hide_public_links', false)); 1186 $PAGE->assign('hide_public_links', $conf->get('privacy.hide_public_links', false));
1184 $PAGE->assign('api_enabled', $conf->get('api.enabled', true)); 1187 $PAGE->assign('api_enabled', $conf->get('api.enabled', true));
1185 $PAGE->assign('api_secret', $conf->get('api.secret')); 1188 $PAGE->assign('api_secret', $conf->get('api.secret'));
1189 $PAGE->assign('languages', Languages::getAvailableLanguages());
1190 $PAGE->assign('language', $conf->get('translation.language'));
1186 $PAGE->renderPage('configure'); 1191 $PAGE->renderPage('configure');
1187 exit; 1192 exit;
1188 } 1193 }
@@ -1197,8 +1202,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1197 exit; 1202 exit;
1198 } 1203 }
1199 1204
1200 if (!tokenOk($_POST['token'])) { 1205 if (!$sessionManager->checkToken($_POST['token'])) {
1201 die('Wrong token.'); 1206 die(t('Wrong token.'));
1202 } 1207 }
1203 1208
1204 $alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), escape($_POST['totag'])); 1209 $alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), escape($_POST['totag']));
@@ -1208,9 +1213,10 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1208 } 1213 }
1209 $delete = empty($_POST['totag']); 1214 $delete = empty($_POST['totag']);
1210 $redirect = $delete ? 'do=changetag' : 'searchtags='. urlencode(escape($_POST['totag'])); 1215 $redirect = $delete ? 'do=changetag' : 'searchtags='. urlencode(escape($_POST['totag']));
1216 $count = count($alteredLinks);
1211 $alert = $delete 1217 $alert = $delete
1212 ? sprintf(t('The tag was removed from %d links.'), count($alteredLinks)) 1218 ? sprintf(t('The tag was removed from %d link.', 'The tag was removed from %d links.', $count), $count)
1213 : sprintf(t('The tag was renamed in %d links.'), count($alteredLinks)); 1219 : sprintf(t('The tag was renamed in %d link.', 'The tag was renamed in %d links.', $count), $count);
1214 echo '<script>alert("'. $alert .'");document.location=\'?'. $redirect .'\';</script>'; 1220 echo '<script>alert("'. $alert .'");document.location=\'?'. $redirect .'\';</script>';
1215 exit; 1221 exit;
1216 } 1222 }
@@ -1226,8 +1232,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1226 if (isset($_POST['save_edit'])) 1232 if (isset($_POST['save_edit']))
1227 { 1233 {
1228 // Go away! 1234 // Go away!
1229 if (! tokenOk($_POST['token'])) { 1235 if (! $sessionManager->checkToken($_POST['token'])) {
1230 die('Wrong token.'); 1236 die(t('Wrong token.'));
1231 } 1237 }
1232 1238
1233 // lf_id should only be present if the link exists. 1239 // lf_id should only be present if the link exists.
@@ -1326,8 +1332,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1326 // -------- User clicked the "Delete" button when editing a link: Delete link from database. 1332 // -------- User clicked the "Delete" button when editing a link: Delete link from database.
1327 if ($targetPage == Router::$PAGE_DELETELINK) 1333 if ($targetPage == Router::$PAGE_DELETELINK)
1328 { 1334 {
1329 if (! tokenOk($_GET['token'])) { 1335 if (! $sessionManager->checkToken($_GET['token'])) {
1330 die('Wrong token.'); 1336 die(t('Wrong token.'));
1331 } 1337 }
1332 1338
1333 $ids = trim($_GET['lf_linkdate']); 1339 $ids = trim($_GET['lf_linkdate']);
@@ -1426,7 +1432,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1426 1432
1427 if ($url == '') { 1433 if ($url == '') {
1428 $url = '?' . smallHash($linkdate . $LINKSDB->getNextId()); 1434 $url = '?' . smallHash($linkdate . $LINKSDB->getNextId());
1429 $title = 'Note: '; 1435 $title = $conf->get('general.default_note_title', t('Note: '));
1430 } 1436 }
1431 $url = escape($url); 1437 $url = escape($url);
1432 $title = escape($title); 1438 $title = escape($title);
@@ -1533,14 +1539,17 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1533 // Import bookmarks from an uploaded file 1539 // Import bookmarks from an uploaded file
1534 if (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size'] == 0) { 1540 if (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size'] == 0) {
1535 // The file is too big or some form field may be missing. 1541 // The file is too big or some form field may be missing.
1536 echo '<script>alert("The file you are trying to upload is probably' 1542 $msg = sprintf(
1537 .' bigger than what this webserver can accept (' 1543 t(
1538 .get_max_upload_size(ini_get('post_max_size'), ini_get('upload_max_filesize')).').' 1544 'The file you are trying to upload is probably bigger than what this webserver can accept'
1539 .' Please upload in smaller chunks.");document.location=\'?do=' 1545 .' (%s). Please upload in smaller chunks.'
1540 .Router::$PAGE_IMPORT .'\';</script>'; 1546 ),
1547 get_max_upload_size(ini_get('post_max_size'), ini_get('upload_max_filesize'))
1548 );
1549 echo '<script>alert("'. $msg .'");document.location=\'?do='.Router::$PAGE_IMPORT .'\';</script>';
1541 exit; 1550 exit;
1542 } 1551 }
1543 if (! tokenOk($_POST['token'])) { 1552 if (! $sessionManager->checkToken($_POST['token'])) {
1544 die('Wrong token.'); 1553 die('Wrong token.');
1545 } 1554 }
1546 $status = NetscapeBookmarkUtils::import( 1555 $status = NetscapeBookmarkUtils::import(
@@ -1607,7 +1616,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1607 // Get a fresh token 1616 // Get a fresh token
1608 if ($targetPage == Router::$GET_TOKEN) { 1617 if ($targetPage == Router::$GET_TOKEN) {
1609 header('Content-Type:text/plain'); 1618 header('Content-Type:text/plain');
1610 echo getToken($conf); 1619 echo $sessionManager->generateToken($conf);
1611 exit; 1620 exit;
1612 } 1621 }
1613 1622
@@ -1933,10 +1942,10 @@ function lazyThumbnail($conf, $url,$href=false)
1933 * Installation 1942 * Installation
1934 * This function should NEVER be called if the file data/config.php exists. 1943 * This function should NEVER be called if the file data/config.php exists.
1935 * 1944 *
1936 * @param ConfigManager $conf Configuration Manager instance. 1945 * @param ConfigManager $conf Configuration Manager instance.
1946 * @param SessionManager $sessionManager SessionManager instance
1937 */ 1947 */
1938function install($conf) 1948function install($conf, $sessionManager) {
1939{
1940 // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. 1949 // On free.fr host, make sure the /sessions directory exists, otherwise login will not work.
1941 if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705); 1950 if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705);
1942 1951
@@ -1945,12 +1954,20 @@ function install($conf)
1945 // (Because on some hosts, session.save_path may not be set correctly, 1954 // (Because on some hosts, session.save_path may not be set correctly,
1946 // or we may not have write access to it.) 1955 // or we may not have write access to it.)
1947 if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working')) 1956 if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working'))
1948 { // Step 2: Check if data in session is correct. 1957 {
1949 echo '<pre>Sessions do not seem to work correctly on your server.<br>'; 1958 // Step 2: Check if data in session is correct.
1950 echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it.<br>'; 1959 $msg = t(
1951 echo 'It currently points to '.session_save_path().'<br>'; 1960 '<pre>Sessions do not seem to work correctly on your server.<br>'.
1952 echo 'Check that the hostname used to access Shaarli contains a dot. On some browsers, accessing your server via a hostname like \'localhost\' or any custom hostname without a dot causes cookie storage to fail. We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.<br>'; 1961 'Make sure the variable "session.save_path" is set correctly in your PHP config, '.
1953 echo '<br><a href="?">Click to try again.</a></pre>'; 1962 'and that you have write access to it.<br>'.
1963 'It currently points to %s.<br>'.
1964 'On some browsers, accessing your server via a hostname like \'localhost\' '.
1965 'or any custom hostname without a dot causes cookie storage to fail. '.
1966 'We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.<br>'
1967 );
1968 $msg = sprintf($msg, session_save_path());
1969 echo $msg;
1970 echo '<br><a href="?">'. t('Click to try again.') .'</a></pre>';
1954 die; 1971 die;
1955 } 1972 }
1956 if (!isset($_SESSION['session_tested'])) 1973 if (!isset($_SESSION['session_tested']))
@@ -1983,6 +2000,7 @@ function install($conf)
1983 } else { 2000 } else {
1984 $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER))); 2001 $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER)));
1985 } 2002 }
2003 $conf->set('translation.language', escape($_POST['language']));
1986 $conf->set('updates.check_updates', !empty($_POST['updateCheck'])); 2004 $conf->set('updates.check_updates', !empty($_POST['updateCheck']));
1987 $conf->set('api.enabled', !empty($_POST['enableApi'])); 2005 $conf->set('api.enabled', !empty($_POST['enableApi']));
1988 $conf->set( 2006 $conf->set(
@@ -2010,10 +2028,11 @@ function install($conf)
2010 exit; 2028 exit;
2011 } 2029 }
2012 2030
2013 $PAGE = new PageBuilder($conf); 2031 $PAGE = new PageBuilder($conf, null, $sessionManager->generateToken());
2014 list($continents, $cities) = generateTimeZoneData(timezone_identifiers_list(), date_default_timezone_get()); 2032 list($continents, $cities) = generateTimeZoneData(timezone_identifiers_list(), date_default_timezone_get());
2015 $PAGE->assign('continents', $continents); 2033 $PAGE->assign('continents', $continents);
2016 $PAGE->assign('cities', $cities); 2034 $PAGE->assign('cities', $cities);
2035 $PAGE->assign('languages', Languages::getAvailableLanguages());
2017 $PAGE->renderPage('install'); 2036 $PAGE->renderPage('install');
2018 exit; 2037 exit;
2019} 2038}
@@ -2286,7 +2305,7 @@ $response = $app->run(true);
2286if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) { 2305if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) {
2287 // We use UTF-8 for proper international characters handling. 2306 // We use UTF-8 for proper international characters handling.
2288 header('Content-Type: text/html; charset=utf-8'); 2307 header('Content-Type: text/html; charset=utf-8');
2289 renderPage($conf, $pluginManager, $linkDb, $history); 2308 renderPage($conf, $pluginManager, $linkDb, $history, $sessionManager);
2290} else { 2309} else {
2291 $app->respond($response); 2310 $app->respond($response);
2292} 2311}
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-16 14:08:56 +0000