1 files changed, 47 insertions, 20 deletions
diff --git a/index.php b/index.php
index 34f0e381..2ed14d4f 100644
--- a/index.php
+++ b/index.php
@@ -175,7 +175,6 @@ define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['R
 if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
    autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']);
 }
-header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling.
 /**
 * Checking session state (i.e. is the user still logged in)
@@ -731,17 +730,10 @@ function showLinkList($PAGE, $LINKSDB, $conf, $pluginManager) {
 *
 * @param ConfigManager $conf          Configuration Manager instance.
 * @param PluginManager $pluginManager Plugin Manager instance,
+ * @param LinkDB        $LINKSDB
 */
-function renderPage($conf, $pluginManager)
+function renderPage($conf, $pluginManager, $LINKSDB)
 {
-    $LINKSDB = new LinkDB(
-        $conf->get('resource.datastore'),
-        isLoggedIn(),
-        $conf->get('privacy.hide_public_links'),
-        $conf->get('redirector.url'),
-        $conf->get('redirector.encode_url')
-    );
    $updater = new Updater(
        read_updates_file($conf->get('resource.updates')),
        $LINKSDB,
@@ -918,10 +910,6 @@ function renderPage($conf, $pluginManager)
        $feedGenerator->setLocale(strtolower(setlocale(LC_COLLATE, 0)));
        $feedGenerator->setHideDates($conf->get('privacy.hide_timestamps') && !isLoggedIn());
        $feedGenerator->setUsePermalinks(isset($_GET['permalinks']) || !$conf->get('feed.rss_permalinks'));
-        $pshUrl = $conf->get('config.PUBSUBHUB_URL');
-        if (!empty($pshUrl)) {
-            $feedGenerator->setPubsubhubUrl($pshUrl);
-        }
        $data = $feedGenerator->buildData();
        // Process plugin hook.
@@ -938,7 +926,7 @@ function renderPage($conf, $pluginManager)
        exit;
    }
-    // Display openseach plugin (XML)
+    // Display opensearch plugin (XML)
    if ($targetPage == Router::$PAGE_OPENSEARCH) {
        header('Content-Type: application/xml; charset=utf-8');
        $PAGE->assign('serverurl', index_url($_SERVER));
@@ -1142,6 +1130,8 @@ function renderPage($conf, $pluginManager)
            $conf->set('feed.rss_permalinks', !empty($_POST['enableRssPermalinks']));
            $conf->set('updates.check_updates', !empty($_POST['updateCheck']));
            $conf->set('privacy.hide_public_links', !empty($_POST['hidePublicLinks']));
+            $conf->set('api.enabled', !empty($_POST['apiEnabled']));
+            $conf->set('api.secret', escape($_POST['apiSecret']));
            try {
                $conf->write(isLoggedIn());
            }
@@ -1170,6 +1160,8 @@ function renderPage($conf, $pluginManager)
            $PAGE->assign('enable_rss_permalinks', $conf->get('feed.rss_permalinks', false));
            $PAGE->assign('enable_update_check', $conf->get('updates.check_updates', true));
            $PAGE->assign('hide_public_links', $conf->get('privacy.hide_public_links', false));
+            $PAGE->assign('api_enabled', $conf->get('api.enabled', true));
+            $PAGE->assign('api_secret', $conf->get('api.secret'));
            $PAGE->renderPage('configure');
            exit;
        }
@@ -1293,7 +1285,6 @@ function renderPage($conf, $pluginManager)
        $LINKSDB[$id] = $link;
        $LINKSDB->save($conf->get('resource.page_cache'));
-        pubsubhub($conf);
        // If we are called from the bookmarklet, we must close the popup:
        if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) {
@@ -1610,8 +1601,8 @@ function renderPage($conf, $pluginManager)
 function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
 {
    // Used in templates
-    $searchtags = !empty($_GET['searchtags']) ? escape($_GET['searchtags']) : '';
+    $searchtags = !empty($_GET['searchtags']) ? escape(normalize_spaces($_GET['searchtags'])) : '';
-    $searchterm = !empty($_GET['searchterm']) ? escape($_GET['searchterm']) : '';
+    $searchterm = !empty($_GET['searchterm']) ? escape(normalize_spaces($_GET['searchterm'])) : '';
    // Smallhash filter
    if (! empty($_SERVER['QUERY_STRING'])
@@ -1658,7 +1649,7 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
        } else {
            $link['updated_timestamp'] = '';
        }
-        $taglist = explode(' ', $link['tags']);
+        $taglist = preg_split('/\s+/', $link['tags'], -1, PREG_SPLIT_NO_EMPTY);
        uasort($taglist, 'strcasecmp');
        $link['taglist'] = $taglist;
        // Check for both signs of a note: starting with ? and 7 chars long.
@@ -1954,6 +1945,14 @@ function install($conf)
            $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER)));
        }
        $conf->set('updates.check_updates', !empty($_POST['updateCheck']));
+        $conf->set('api.enabled', !empty($_POST['enableApi']));
+        $conf->set(
+            'api.secret',
+            generate_api_secret(
+                $conf->get('credentials.login'),
+                $conf->get('credentials.salt')
+            )
+        );
        try {
            // Everything is ok, let's create config file.
            $conf->write(isLoggedIn());
@@ -2216,4 +2215,32 @@ if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=
 if (!isset($_SESSION['LINKS_PER_PAGE'])) {
    $_SESSION['LINKS_PER_PAGE'] = $conf->get('general.links_per_page', 20);
 }
-renderPage($conf, $pluginManager);
+$linkDb = new LinkDB(
+    $conf->get('resource.datastore'),
+    isLoggedIn(),
+    $conf->get('privacy.hide_public_links'),
+    $conf->get('redirector.url'),
+    $conf->get('redirector.encode_url')
+);
+$container = new \Slim\Container();
+$container['conf'] = $conf;
+$container['plugins'] = $pluginManager;
+$app = new \Slim\App($container);
+// REST API routes
+$app->group('/api/v1', function() {
+    $this->get('/info', '\Shaarli\Api\Controllers\Info:getInfo');
+})->add('\Shaarli\Api\ApiMiddleware');
+$response = $app->run(true);
+// Hack to make Slim and Shaarli router work together:
+// If a Slim route isn't found, we call renderPage().
+if ($response->getStatusCode() == 404) {
+    // We use UTF-8 for proper international characters handling.
+    header('Content-Type: text/html; charset=utf-8');
+    renderPage($conf, $pluginManager, $linkDb);
+} else {
+    $app->respond($response);
+}

diff --git a/index.php b/index.php index 34f0e381..2ed14d4f 100644 --- a/index.php +++ b/index.php
@@ -175,7 +175,6 @@ define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['R
175	if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {	175	if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
176	autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']);	176	autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']);
177	}	177	}
178	header('Content-Type: text/html; charset=utf-8'); // We use UTF-8 for proper international characters handling.
179		178
180	/**	179	/**
181	* Checking session state (i.e. is the user still logged in)	180	* Checking session state (i.e. is the user still logged in)
@@ -731,17 +730,10 @@ function showLinkList($PAGE, $LINKSDB, $conf, $pluginManager) {
731	*	730	*
732	* @param ConfigManager $conf Configuration Manager instance.	731	* @param ConfigManager $conf Configuration Manager instance.
733	* @param PluginManager $pluginManager Plugin Manager instance,	732	* @param PluginManager $pluginManager Plugin Manager instance,
		733	* @param LinkDB $LINKSDB
734	*/	734	*/
735	function renderPage($conf, $pluginManager)	735	function renderPage($conf, $pluginManager, $LINKSDB)
736	{	736	{
737	$LINKSDB = new LinkDB(
738	$conf->get('resource.datastore'),
739	isLoggedIn(),
740	$conf->get('privacy.hide_public_links'),
741	$conf->get('redirector.url'),
742	$conf->get('redirector.encode_url')
743	);
744
745	$updater = new Updater(	737	$updater = new Updater(
746	read_updates_file($conf->get('resource.updates')),	738	read_updates_file($conf->get('resource.updates')),
747	$LINKSDB,	739	$LINKSDB,
@@ -918,10 +910,6 @@ function renderPage($conf, $pluginManager)
918	$feedGenerator->setLocale(strtolower(setlocale(LC_COLLATE, 0)));	910	$feedGenerator->setLocale(strtolower(setlocale(LC_COLLATE, 0)));
919	$feedGenerator->setHideDates($conf->get('privacy.hide_timestamps') && !isLoggedIn());	911	$feedGenerator->setHideDates($conf->get('privacy.hide_timestamps') && !isLoggedIn());
920	$feedGenerator->setUsePermalinks(isset($_GET['permalinks']) \|\| !$conf->get('feed.rss_permalinks'));	912	$feedGenerator->setUsePermalinks(isset($_GET['permalinks']) \|\| !$conf->get('feed.rss_permalinks'));
921	$pshUrl = $conf->get('config.PUBSUBHUB_URL');
922	if (!empty($pshUrl)) {
923	$feedGenerator->setPubsubhubUrl($pshUrl);
924	}
925	$data = $feedGenerator->buildData();	913	$data = $feedGenerator->buildData();
926		914
927	// Process plugin hook.	915	// Process plugin hook.
@@ -938,7 +926,7 @@ function renderPage($conf, $pluginManager)
938	exit;	926	exit;
939	}	927	}
940		928
941	// Display openseach plugin (XML)	929	// Display opensearch plugin (XML)
942	if ($targetPage == Router::$PAGE_OPENSEARCH) {	930	if ($targetPage == Router::$PAGE_OPENSEARCH) {
943	header('Content-Type: application/xml; charset=utf-8');	931	header('Content-Type: application/xml; charset=utf-8');
944	$PAGE->assign('serverurl', index_url($_SERVER));	932	$PAGE->assign('serverurl', index_url($_SERVER));
@@ -1142,6 +1130,8 @@ function renderPage($conf, $pluginManager)
1142	$conf->set('feed.rss_permalinks', !empty($_POST['enableRssPermalinks']));	1130	$conf->set('feed.rss_permalinks', !empty($_POST['enableRssPermalinks']));
1143	$conf->set('updates.check_updates', !empty($_POST['updateCheck']));	1131	$conf->set('updates.check_updates', !empty($_POST['updateCheck']));
1144	$conf->set('privacy.hide_public_links', !empty($_POST['hidePublicLinks']));	1132	$conf->set('privacy.hide_public_links', !empty($_POST['hidePublicLinks']));
		1133	$conf->set('api.enabled', !empty($_POST['apiEnabled']));
		1134	$conf->set('api.secret', escape($_POST['apiSecret']));
1145	try {	1135	try {
1146	$conf->write(isLoggedIn());	1136	$conf->write(isLoggedIn());
1147	}	1137	}
@@ -1170,6 +1160,8 @@ function renderPage($conf, $pluginManager)
1170	$PAGE->assign('enable_rss_permalinks', $conf->get('feed.rss_permalinks', false));	1160	$PAGE->assign('enable_rss_permalinks', $conf->get('feed.rss_permalinks', false));
1171	$PAGE->assign('enable_update_check', $conf->get('updates.check_updates', true));	1161	$PAGE->assign('enable_update_check', $conf->get('updates.check_updates', true));
1172	$PAGE->assign('hide_public_links', $conf->get('privacy.hide_public_links', false));	1162	$PAGE->assign('hide_public_links', $conf->get('privacy.hide_public_links', false));
		1163	$PAGE->assign('api_enabled', $conf->get('api.enabled', true));
		1164	$PAGE->assign('api_secret', $conf->get('api.secret'));
1173	$PAGE->renderPage('configure');	1165	$PAGE->renderPage('configure');
1174	exit;	1166	exit;
1175	}	1167	}
@@ -1293,7 +1285,6 @@ function renderPage($conf, $pluginManager)
1293		1285
1294	$LINKSDB[$id] = $link;	1286	$LINKSDB[$id] = $link;
1295	$LINKSDB->save($conf->get('resource.page_cache'));	1287	$LINKSDB->save($conf->get('resource.page_cache'));
1296	pubsubhub($conf);
1297		1288
1298	// If we are called from the bookmarklet, we must close the popup:	1289	// If we are called from the bookmarklet, we must close the popup:
1299	if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' \|\| $_GET['source']=='firefoxsocialapi')) {	1290	if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' \|\| $_GET['source']=='firefoxsocialapi')) {
@@ -1610,8 +1601,8 @@ function renderPage($conf, $pluginManager)
1610	function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)	1601	function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
1611	{	1602	{
1612	// Used in templates	1603	// Used in templates
1613	$searchtags = !empty($_GET['searchtags']) ? escape($_GET['searchtags']) : '';	1604	$searchtags = !empty($_GET['searchtags']) ? escape(normalize_spaces($_GET['searchtags'])) : '';
1614	$searchterm = !empty($_GET['searchterm']) ? escape($_GET['searchterm']) : '';	1605	$searchterm = !empty($_GET['searchterm']) ? escape(normalize_spaces($_GET['searchterm'])) : '';
1615		1606
1616	// Smallhash filter	1607	// Smallhash filter
1617	if (! empty($_SERVER['QUERY_STRING'])	1608	if (! empty($_SERVER['QUERY_STRING'])
@@ -1658,7 +1649,7 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
1658	} else {	1649	} else {
1659	$link['updated_timestamp'] = '';	1650	$link['updated_timestamp'] = '';
1660	}	1651	}
1661	$taglist = explode(' ', $link['tags']);	1652	$taglist = preg_split('/\s+/', $link['tags'], -1, PREG_SPLIT_NO_EMPTY);
1662	uasort($taglist, 'strcasecmp');	1653	uasort($taglist, 'strcasecmp');
1663	$link['taglist'] = $taglist;	1654	$link['taglist'] = $taglist;
1664	// Check for both signs of a note: starting with ? and 7 chars long.	1655	// Check for both signs of a note: starting with ? and 7 chars long.
@@ -1954,6 +1945,14 @@ function install($conf)
1954	$conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER)));	1945	$conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER)));
1955	}	1946	}
1956	$conf->set('updates.check_updates', !empty($_POST['updateCheck']));	1947	$conf->set('updates.check_updates', !empty($_POST['updateCheck']));
		1948	$conf->set('api.enabled', !empty($_POST['enableApi']));
		1949	$conf->set(
		1950	'api.secret',
		1951	generate_api_secret(
		1952	$conf->get('credentials.login'),
		1953	$conf->get('credentials.salt')
		1954	)
		1955	);
1957	try {	1956	try {
1958	// Everything is ok, let's create config file.	1957	// Everything is ok, let's create config file.
1959	$conf->write(isLoggedIn());	1958	$conf->write(isLoggedIn());
@@ -2216,4 +2215,32 @@ if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=
2216	if (!isset($_SESSION['LINKS_PER_PAGE'])) {	2215	if (!isset($_SESSION['LINKS_PER_PAGE'])) {
2217	$_SESSION['LINKS_PER_PAGE'] = $conf->get('general.links_per_page', 20);	2216	$_SESSION['LINKS_PER_PAGE'] = $conf->get('general.links_per_page', 20);
2218	}	2217	}
2219	renderPage($conf, $pluginManager);	2218
		2219	$linkDb = new LinkDB(
		2220	$conf->get('resource.datastore'),
		2221	isLoggedIn(),
		2222	$conf->get('privacy.hide_public_links'),
		2223	$conf->get('redirector.url'),
		2224	$conf->get('redirector.encode_url')
		2225	);
		2226
		2227	$container = new \Slim\Container();
		2228	$container['conf'] = $conf;
		2229	$container['plugins'] = $pluginManager;
		2230	$app = new \Slim\App($container);
		2231
		2232	// REST API routes
		2233	$app->group('/api/v1', function() {
		2234	$this->get('/info', '\Shaarli\Api\Controllers\Info:getInfo');
		2235	})->add('\Shaarli\Api\ApiMiddleware');
		2236
		2237	$response = $app->run(true);
		2238	// Hack to make Slim and Shaarli router work together:
		2239	// If a Slim route isn't found, we call renderPage().
		2240	if ($response->getStatusCode() == 404) {
		2241	// We use UTF-8 for proper international characters handling.
		2242	header('Content-Type: text/html; charset=utf-8');
		2243	renderPage($conf, $pluginManager, $linkDb);
		2244	} else {
		2245	$app->respond($response);
		2246	}