diff options
Diffstat (limited to 'index.php')
| -rw-r--r-- | index.php | 78 |
1 files changed, 39 insertions, 39 deletions
| @@ -432,7 +432,7 @@ if (isset($_POST['login'])) | |||
| 432 | // Optional redirect after login: | 432 | // Optional redirect after login: |
| 433 | if (isset($_GET['post'])) { | 433 | if (isset($_GET['post'])) { |
| 434 | $uri = '?post='. urlencode($_GET['post']); | 434 | $uri = '?post='. urlencode($_GET['post']); |
| 435 | foreach (array('description', 'source', 'title') as $param) { | 435 | foreach (array('description', 'source', 'title', 'tags') as $param) { |
| 436 | if (!empty($_GET[$param])) { | 436 | if (!empty($_GET[$param])) { |
| 437 | $uri .= '&'.$param.'='.urlencode($_GET[$param]); | 437 | $uri .= '&'.$param.'='.urlencode($_GET[$param]); |
| 438 | } | 438 | } |
| @@ -461,7 +461,7 @@ if (isset($_POST['login'])) | |||
| 461 | $redir = '&username='. $_POST['login']; | 461 | $redir = '&username='. $_POST['login']; |
| 462 | if (isset($_GET['post'])) { | 462 | if (isset($_GET['post'])) { |
| 463 | $redir .= '&post=' . urlencode($_GET['post']); | 463 | $redir .= '&post=' . urlencode($_GET['post']); |
| 464 | foreach (array('description', 'source', 'title') as $param) { | 464 | foreach (array('description', 'source', 'title', 'tags') as $param) { |
| 465 | if (!empty($_GET[$param])) { | 465 | if (!empty($_GET[$param])) { |
| 466 | $redir .= '&' . $param . '=' . urlencode($_GET[$param]); | 466 | $redir .= '&' . $param . '=' . urlencode($_GET[$param]); |
| 467 | } | 467 | } |
| @@ -473,34 +473,6 @@ if (isset($_POST['login'])) | |||
| 473 | } | 473 | } |
| 474 | 474 | ||
| 475 | // ------------------------------------------------------------------------------------------ | 475 | // ------------------------------------------------------------------------------------------ |
| 476 | // Misc utility functions: | ||
| 477 | |||
| 478 | // Convert post_max_size/upload_max_filesize (e.g. '16M') parameters to bytes. | ||
| 479 | function return_bytes($val) | ||
| 480 | { | ||
| 481 | $val = trim($val); $last=strtolower($val[strlen($val)-1]); | ||
| 482 | switch($last) | ||
| 483 | { | ||
| 484 | case 'g': $val *= 1024; | ||
| 485 | case 'm': $val *= 1024; | ||
| 486 | case 'k': $val *= 1024; | ||
| 487 | } | ||
| 488 | return $val; | ||
| 489 | } | ||
| 490 | |||
| 491 | // Try to determine max file size for uploads (POST). | ||
| 492 | // Returns an integer (in bytes) | ||
| 493 | function getMaxFileSize() | ||
| 494 | { | ||
| 495 | $size1 = return_bytes(ini_get('post_max_size')); | ||
| 496 | $size2 = return_bytes(ini_get('upload_max_filesize')); | ||
| 497 | // Return the smaller of two: | ||
| 498 | $maxsize = min($size1,$size2); | ||
| 499 | // FIXME: Then convert back to readable notations ? (e.g. 2M instead of 2000000) | ||
| 500 | return $maxsize; | ||
| 501 | } | ||
| 502 | |||
| 503 | // ------------------------------------------------------------------------------------------ | ||
| 504 | // Token management for XSRF protection | 476 | // Token management for XSRF protection |
| 505 | // Token should be used in any form which acts on data (create,update,delete,import...). | 477 | // Token should be used in any form which acts on data (create,update,delete,import...). |
| 506 | if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are attached to the session. | 478 | if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are attached to the session. |
| @@ -695,9 +667,11 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager) | |||
| 695 | 667 | ||
| 696 | $dayDate = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $day.'_000000'); | 668 | $dayDate = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $day.'_000000'); |
| 697 | $data = array( | 669 | $data = array( |
| 670 | 'pagetitle' => $conf->get('general.title') .' - '. format_date($dayDate, false), | ||
| 698 | 'linksToDisplay' => $linksToDisplay, | 671 | 'linksToDisplay' => $linksToDisplay, |
| 699 | 'cols' => $columns, | 672 | 'cols' => $columns, |
| 700 | 'day' => $dayDate->getTimestamp(), | 673 | 'day' => $dayDate->getTimestamp(), |
| 674 | 'dayDate' => $dayDate, | ||
| 701 | 'previousday' => $previousday, | 675 | 'previousday' => $previousday, |
| 702 | 'nextday' => $nextday, | 676 | 'nextday' => $nextday, |
| 703 | ); | 677 | ); |
| @@ -1044,7 +1018,13 @@ function renderPage($conf, $pluginManager, $LINKSDB) | |||
| 1044 | // Show login screen, then redirect to ?post=... | 1018 | // Show login screen, then redirect to ?post=... |
| 1045 | if (isset($_GET['post'])) | 1019 | if (isset($_GET['post'])) |
| 1046 | { | 1020 | { |
| 1047 | header('Location: ?do=login&post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):'')); // Redirect to login page, then back to post link. | 1021 | header( // Redirect to login page, then back to post link. |
| 1022 | 'Location: ?do=login&post='.urlencode($_GET['post']). | ||
| 1023 | (!empty($_GET['title'])?'&title='.urlencode($_GET['title']):''). | ||
| 1024 | (!empty($_GET['description'])?'&description='.urlencode($_GET['description']):''). | ||
| 1025 | (!empty($_GET['tags'])?'&tags='.urlencode($_GET['tags']):''). | ||
| 1026 | (!empty($_GET['source'])?'&source='.urlencode($_GET['source']):'') | ||
| 1027 | ); | ||
| 1048 | exit; | 1028 | exit; |
| 1049 | } | 1029 | } |
| 1050 | 1030 | ||
| @@ -1141,7 +1121,7 @@ function renderPage($conf, $pluginManager, $LINKSDB) | |||
| 1141 | $conf->set('feed.rss_permalinks', !empty($_POST['enableRssPermalinks'])); | 1121 | $conf->set('feed.rss_permalinks', !empty($_POST['enableRssPermalinks'])); |
| 1142 | $conf->set('updates.check_updates', !empty($_POST['updateCheck'])); | 1122 | $conf->set('updates.check_updates', !empty($_POST['updateCheck'])); |
| 1143 | $conf->set('privacy.hide_public_links', !empty($_POST['hidePublicLinks'])); | 1123 | $conf->set('privacy.hide_public_links', !empty($_POST['hidePublicLinks'])); |
| 1144 | $conf->set('api.enabled', !empty($_POST['apiEnabled'])); | 1124 | $conf->set('api.enabled', !empty($_POST['enableApi'])); |
| 1145 | $conf->set('api.secret', escape($_POST['apiSecret'])); | 1125 | $conf->set('api.secret', escape($_POST['apiSecret'])); |
| 1146 | try { | 1126 | try { |
| 1147 | $conf->write(isLoggedIn()); | 1127 | $conf->write(isLoggedIn()); |
| @@ -1248,7 +1228,7 @@ function renderPage($conf, $pluginManager, $LINKSDB) | |||
| 1248 | } | 1228 | } |
| 1249 | 1229 | ||
| 1250 | // lf_id should only be present if the link exists. | 1230 | // lf_id should only be present if the link exists. |
| 1251 | $id = !empty($_POST['lf_id']) ? intval(escape($_POST['lf_id'])) : $LINKSDB->getNextId(); | 1231 | $id = isset($_POST['lf_id']) ? intval(escape($_POST['lf_id'])) : $LINKSDB->getNextId(); |
| 1252 | // Linkdate is kept here to: | 1232 | // Linkdate is kept here to: |
| 1253 | // - use the same permalink for notes as they're displayed when creating them | 1233 | // - use the same permalink for notes as they're displayed when creating them |
| 1254 | // - let users hack creation date of their posts | 1234 | // - let users hack creation date of their posts |
| @@ -1321,9 +1301,13 @@ function renderPage($conf, $pluginManager, $LINKSDB) | |||
| 1321 | // -------- User clicked the "Cancel" button when editing a link. | 1301 | // -------- User clicked the "Cancel" button when editing a link. |
| 1322 | if (isset($_POST['cancel_edit'])) | 1302 | if (isset($_POST['cancel_edit'])) |
| 1323 | { | 1303 | { |
| 1304 | $id = isset($_POST['lf_id']) ? (int) escape($_POST['lf_id']) : false; | ||
| 1305 | if (! isset($LINKSDB[$id])) { | ||
| 1306 | header('Location: ?'); | ||
| 1307 | } | ||
| 1324 | // If we are called from the bookmarklet, we must close the popup: | 1308 | // If we are called from the bookmarklet, we must close the popup: |
| 1325 | if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; } | 1309 | if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; } |
| 1326 | $link = $LINKSDB[(int) escape($_POST['lf_id'])]; | 1310 | $link = $LINKSDB[$id]; |
| 1327 | $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' ); | 1311 | $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' ); |
| 1328 | // Scroll to the link which has been edited. | 1312 | // Scroll to the link which has been edited. |
| 1329 | $returnurl .= '#'. $link['shorturl']; | 1313 | $returnurl .= '#'. $link['shorturl']; |
| @@ -1508,7 +1492,22 @@ function renderPage($conf, $pluginManager, $LINKSDB) | |||
| 1508 | 1492 | ||
| 1509 | if (! isset($_POST['token']) || ! isset($_FILES['filetoupload'])) { | 1493 | if (! isset($_POST['token']) || ! isset($_FILES['filetoupload'])) { |
| 1510 | // Show import dialog | 1494 | // Show import dialog |
| 1511 | $PAGE->assign('maxfilesize', getMaxFileSize()); | 1495 | $PAGE->assign( |
| 1496 | 'maxfilesize', | ||
| 1497 | get_max_upload_size( | ||
| 1498 | ini_get('post_max_size'), | ||
| 1499 | ini_get('upload_max_filesize'), | ||
| 1500 | false | ||
| 1501 | ) | ||
| 1502 | ); | ||
| 1503 | $PAGE->assign( | ||
| 1504 | 'maxfilesizeHuman', | ||
| 1505 | get_max_upload_size( | ||
| 1506 | ini_get('post_max_size'), | ||
| 1507 | ini_get('upload_max_filesize'), | ||
| 1508 | true | ||
| 1509 | ) | ||
| 1510 | ); | ||
| 1512 | $PAGE->renderPage('import'); | 1511 | $PAGE->renderPage('import'); |
| 1513 | exit; | 1512 | exit; |
| 1514 | } | 1513 | } |
| @@ -1518,7 +1517,7 @@ function renderPage($conf, $pluginManager, $LINKSDB) | |||
| 1518 | // The file is too big or some form field may be missing. | 1517 | // The file is too big or some form field may be missing. |
| 1519 | echo '<script>alert("The file you are trying to upload is probably' | 1518 | echo '<script>alert("The file you are trying to upload is probably' |
| 1520 | .' bigger than what this webserver can accept (' | 1519 | .' bigger than what this webserver can accept (' |
| 1521 | .getMaxFileSize().' bytes).' | 1520 | .get_max_upload_size(ini_get('post_max_size'), ini_get('upload_max_filesize')).').' |
| 1522 | .' Please upload in smaller chunks.");document.location=\'?do=' | 1521 | .' Please upload in smaller chunks.");document.location=\'?do=' |
| 1523 | .Router::$PAGE_IMPORT .'\';</script>'; | 1522 | .Router::$PAGE_IMPORT .'\';</script>'; |
| 1524 | exit; | 1523 | exit; |
| @@ -2227,9 +2226,10 @@ $app = new \Slim\App($container); | |||
| 2227 | 2226 | ||
| 2228 | // REST API routes | 2227 | // REST API routes |
| 2229 | $app->group('/api/v1', function() { | 2228 | $app->group('/api/v1', function() { |
| 2230 | $this->get('/info', '\Shaarli\Api\Controllers\Info:getInfo'); | 2229 | $this->get('/info', '\Shaarli\Api\Controllers\Info:getInfo')->setName('getInfo'); |
| 2231 | $this->get('/links', '\Shaarli\Api\Controllers\Links:getLinks'); | 2230 | $this->get('/links', '\Shaarli\Api\Controllers\Links:getLinks')->setName('getLinks'); |
| 2232 | $this->get('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:getLink'); | 2231 | $this->get('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:getLink')->setName('getLink'); |
| 2232 | $this->post('/links', '\Shaarli\Api\Controllers\Links:postLink')->setName('postLink'); | ||
| 2233 | })->add('\Shaarli\Api\ApiMiddleware'); | 2233 | })->add('\Shaarli\Api\ApiMiddleware'); |
| 2234 | 2234 | ||
| 2235 | $response = $app->run(true); | 2235 | $response = $app->run(true); |